From 253db764b7695af8b82c3c5951abb15959cba1ff Mon Sep 17 00:00:00 2001 From: Chick3nman Date: Thu, 5 Sep 2019 05:27:39 -0500 Subject: [PATCH 001/300] Fixed issue where multiple hashes with the same salt would fail to crack in module/kernel for 9500. Remove unused include in module for 9600. --- OpenCL/m09500-pure.cl | 11 +++++++---- src/modules/module_09500.c | 10 ++++++++-- src/modules/module_09600.c | 1 - 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/OpenCL/m09500-pure.cl b/OpenCL/m09500-pure.cl index b2ebe70d9..77b1d8e55 100644 --- a/OpenCL/m09500-pure.cl +++ b/OpenCL/m09500-pure.cl @@ -271,12 +271,15 @@ KERNEL_FQ void m09500_comp (KERN_ATTR_TMPS_ESALT (office2010_tmp_t, office2010_t AES128_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + const u32 digest_cur = digests_offset + loop_pos; + u32 data[4]; - data[0] = esalt_bufs[digests_offset].encryptedVerifier[0]; - data[1] = esalt_bufs[digests_offset].encryptedVerifier[1]; - data[2] = esalt_bufs[digests_offset].encryptedVerifier[2]; - data[3] = esalt_bufs[digests_offset].encryptedVerifier[3]; + data[0] = esalt_bufs[digest_cur].encryptedVerifier[0]; + data[1] = esalt_bufs[digest_cur].encryptedVerifier[1]; + data[2] = esalt_bufs[digest_cur].encryptedVerifier[2]; + data[3] = esalt_bufs[digest_cur].encryptedVerifier[3]; + u32 out[4]; diff --git a/src/modules/module_09500.c b/src/modules/module_09500.c index 328bdeea4..ee2a7ac9a 100644 --- a/src/modules/module_09500.c +++ b/src/modules/module_09500.c @@ -21,7 +21,8 @@ static const char *HASH_NAME = "MS Office 2010"; static const u64 KERN_TYPE = 9500; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; -static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_DEEP_COMP_KERNEL; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "$office$*2010*100000*128*16*34170046140146368675746031258762*de5bc114991bb3a5679a6e24320bdb09*1b72a4ddffba3dcd5395f6a5ff75b126cb832b733c298e86162028ca47a235a9"; @@ -56,6 +57,11 @@ typedef struct office2010_tmp static const char *SIGNATURE_OFFICE2010 = "$office$"; +u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) +{ + return KERN_RUN_3; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (office2010_t); @@ -265,7 +271,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_benchmark_mask = MODULE_DEFAULT; module_ctx->module_benchmark_salt = MODULE_DEFAULT; module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; - module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; module_ctx->module_dgst_pos0 = module_dgst_pos0; module_ctx->module_dgst_pos1 = module_dgst_pos1; module_ctx->module_dgst_pos2 = module_dgst_pos2; diff --git a/src/modules/module_09600.c b/src/modules/module_09600.c index f9adb9e7f..7fbd4c5da 100644 --- a/src/modules/module_09600.c +++ b/src/modules/module_09600.c @@ -9,7 +9,6 @@ #include "bitops.h" #include "convert.h" #include "shared.h" -#include "memory.h" static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; static const u32 DGST_POS0 = 0; From 3a64325c7e5288319a68f475530ffbc343ee851c Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 9 Sep 2019 16:46:58 -0700 Subject: [PATCH 002/300] Remove inline from functions This breaks C++ semantics. It's also unnecessary. --- src/timer.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/timer.c b/src/timer.c index 415514456..ba9df1889 100644 --- a/src/timer.c +++ b/src/timer.c @@ -9,12 +9,12 @@ #if defined (_WIN) -inline void hc_timer_set (hc_timer_t *a) +void hc_timer_set (hc_timer_t *a) { QueryPerformanceCounter (a); } -inline double hc_timer_get (hc_timer_t a) +double hc_timer_get (hc_timer_t a) { hc_timer_t hr_freq; @@ -31,7 +31,7 @@ inline double hc_timer_get (hc_timer_t a) #else -inline void hc_timer_set (hc_timer_t* a) +void hc_timer_set (hc_timer_t* a) { #if defined(__APPLE__) && defined(MISSING_CLOCK_GETTIME) gettimeofday (a, NULL); @@ -40,7 +40,7 @@ inline void hc_timer_set (hc_timer_t* a) #endif } -inline double hc_timer_get (hc_timer_t a) +double hc_timer_get (hc_timer_t a) { hc_timer_t hr_tmp; From fd8150769d7e0d4aeec443fe5906faf7ce4ddb7f Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Wed, 11 Sep 2019 18:05:01 -0700 Subject: [PATCH 003/300] Add casts where needed in C++ mode Otherwise, -fpermissive must be passed. --- include/filehandling.h | 2 +- src/backend.c | 178 ++++++++++++++++++++--------------------- src/brain.c | 4 +- src/filehandling.c | 2 +- src/folder.c | 6 +- src/hwmon.c | 94 +++++++++++----------- src/outfile_check.c | 2 +- src/potfile.c | 4 +- src/rp.c | 2 +- src/rp_cpu.c | 16 ++-- src/shared.c | 2 +- src/tuningdb.c | 8 +- 12 files changed, 161 insertions(+), 159 deletions(-) diff --git a/include/filehandling.h b/include/filehandling.h index 8b73699d4..88e9dc9d5 100644 --- a/include/filehandling.h +++ b/include/filehandling.h @@ -29,7 +29,7 @@ void hc_fflush (HCFILE *fp); void hc_fclose (HCFILE *fp); int hc_fputc (int c, HCFILE *fp); char *hc_fgets (char *buf, int len, HCFILE *fp); -size_t hc_fwrite (void *ptr, size_t size, size_t nmemb, HCFILE *fp); +size_t hc_fwrite (const void *ptr, size_t size, size_t nmemb, HCFILE *fp); size_t hc_fread (void *ptr, size_t size, size_t nmemb, HCFILE *fp); size_t fgetl (HCFILE *fp, char *line_buf, const size_t line_sz); diff --git a/src/backend.c b/src/backend.c index 832175b8a..fbf38be10 100644 --- a/src/backend.c +++ b/src/backend.c @@ -295,7 +295,7 @@ static bool cuda_test_instruction (hashcat_ctx_t *hashcat_ctx, const int sm_majo backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; const nvrtcResult NVRTC_err = nvrtc->nvrtcCompileProgram (program, 3, (const char * const *) nvrtc_options); @@ -333,7 +333,7 @@ static bool cuda_test_instruction (hashcat_ctx_t *hashcat_ctx, const int sm_majo return false; } - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; CUmodule cuda_module; @@ -363,7 +363,7 @@ static bool opencl_test_instruction (hashcat_ctx_t *hashcat_ctx, cl_context cont backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; // LLVM seems to write an error message (if there's an error) directly to stderr // and not (as supposted to) into buffer for later request using clGetProgramBuildInfo() @@ -667,7 +667,7 @@ int nvrtc_init (hashcat_ctx_t *hashcat_ctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; memset (nvrtc, 0, sizeof (NVRTC_PTR)); @@ -737,7 +737,7 @@ void nvrtc_close (hashcat_ctx_t *hashcat_ctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; if (nvrtc) { @@ -756,7 +756,7 @@ int hc_nvrtcCreateProgram (hashcat_ctx_t *hashcat_ctx, nvrtcProgram *prog, const { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; const nvrtcResult NVRTC_err = nvrtc->nvrtcCreateProgram (prog, src, name, numHeaders, headers, includeNames); @@ -774,7 +774,7 @@ int hc_nvrtcDestroyProgram (hashcat_ctx_t *hashcat_ctx, nvrtcProgram *prog) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; const nvrtcResult NVRTC_err = nvrtc->nvrtcDestroyProgram (prog); @@ -792,7 +792,7 @@ int hc_nvrtcCompileProgram (hashcat_ctx_t *hashcat_ctx, nvrtcProgram prog, int n { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; const nvrtcResult NVRTC_err = nvrtc->nvrtcCompileProgram (prog, numOptions, options); @@ -810,7 +810,7 @@ int hc_nvrtcGetProgramLogSize (hashcat_ctx_t *hashcat_ctx, nvrtcProgram prog, si { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; const nvrtcResult NVRTC_err = nvrtc->nvrtcGetProgramLogSize (prog, logSizeRet); @@ -828,7 +828,7 @@ int hc_nvrtcGetProgramLog (hashcat_ctx_t *hashcat_ctx, nvrtcProgram prog, char * { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; const nvrtcResult NVRTC_err = nvrtc->nvrtcGetProgramLog (prog, log); @@ -846,7 +846,7 @@ int hc_nvrtcGetPTXSize (hashcat_ctx_t *hashcat_ctx, nvrtcProgram prog, size_t *p { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; const nvrtcResult NVRTC_err = nvrtc->nvrtcGetPTXSize (prog, ptxSizeRet); @@ -864,7 +864,7 @@ int hc_nvrtcGetPTX (hashcat_ctx_t *hashcat_ctx, nvrtcProgram prog, char *ptx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; const nvrtcResult NVRTC_err = nvrtc->nvrtcGetPTX (prog, ptx); @@ -882,7 +882,7 @@ int hc_nvrtcVersion (hashcat_ctx_t *hashcat_ctx, int *major, int *minor) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - NVRTC_PTR *nvrtc = backend_ctx->nvrtc; + NVRTC_PTR *nvrtc = (NVRTC_PTR *) backend_ctx->nvrtc; const nvrtcResult NVRTC_err = nvrtc->nvrtcVersion (major, minor); @@ -902,7 +902,7 @@ int cuda_init (hashcat_ctx_t *hashcat_ctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; memset (cuda, 0, sizeof (CUDA_PTR)); @@ -1000,7 +1000,7 @@ void cuda_close (hashcat_ctx_t *hashcat_ctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; if (cuda) { @@ -1019,7 +1019,7 @@ int hc_cuInit (hashcat_ctx_t *hashcat_ctx, unsigned int Flags) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuInit (Flags); @@ -1046,7 +1046,7 @@ int hc_cuDeviceGetAttribute (hashcat_ctx_t *hashcat_ctx, int *pi, CUdevice_attri { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuDeviceGetAttribute (pi, attrib, dev); @@ -1073,7 +1073,7 @@ int hc_cuDeviceGetCount (hashcat_ctx_t *hashcat_ctx, int *count) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuDeviceGetCount (count); @@ -1100,7 +1100,7 @@ int hc_cuDeviceGet (hashcat_ctx_t *hashcat_ctx, CUdevice* device, int ordinal) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuDeviceGet (device, ordinal); @@ -1127,7 +1127,7 @@ int hc_cuDeviceGetName (hashcat_ctx_t *hashcat_ctx, char *name, int len, CUdevic { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuDeviceGetName (name, len, dev); @@ -1154,7 +1154,7 @@ int hc_cuDeviceTotalMem (hashcat_ctx_t *hashcat_ctx, size_t *bytes, CUdevice dev { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuDeviceTotalMem (bytes, dev); @@ -1181,7 +1181,7 @@ int hc_cuDriverGetVersion (hashcat_ctx_t *hashcat_ctx, int *driverVersion) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuDriverGetVersion (driverVersion); @@ -1208,7 +1208,7 @@ int hc_cuCtxCreate (hashcat_ctx_t *hashcat_ctx, CUcontext *pctx, unsigned int fl { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuCtxCreate (pctx, flags, dev); @@ -1235,7 +1235,7 @@ int hc_cuCtxDestroy (hashcat_ctx_t *hashcat_ctx, CUcontext ctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuCtxDestroy (ctx); @@ -1262,7 +1262,7 @@ int hc_cuModuleLoadDataEx (hashcat_ctx_t *hashcat_ctx, CUmodule *module, const v { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuModuleLoadDataEx (module, image, numOptions, options, optionValues); @@ -1289,8 +1289,8 @@ int hc_cuModuleLoadDataExLog (hashcat_ctx_t *hashcat_ctx, CUmodule *module, cons { #define LOG_SIZE 8192 - char *info_log = hcmalloc (LOG_SIZE); - char *error_log = hcmalloc (LOG_SIZE); + char *info_log = (char *) hcmalloc (LOG_SIZE); + char *error_log = (char *) hcmalloc (LOG_SIZE); CUjit_option opts[6]; void *vals[6]; @@ -1336,7 +1336,7 @@ int hc_cuModuleUnload (hashcat_ctx_t *hashcat_ctx, CUmodule hmod) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuModuleUnload (hmod); @@ -1363,7 +1363,7 @@ int hc_cuCtxSetCurrent (hashcat_ctx_t *hashcat_ctx, CUcontext ctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuCtxSetCurrent (ctx); @@ -1390,7 +1390,7 @@ int hc_cuMemAlloc (hashcat_ctx_t *hashcat_ctx, CUdeviceptr *dptr, size_t bytesiz { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuMemAlloc (dptr, bytesize); @@ -1417,7 +1417,7 @@ int hc_cuMemFree (hashcat_ctx_t *hashcat_ctx, CUdeviceptr dptr) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuMemFree (dptr); @@ -1444,7 +1444,7 @@ int hc_cuMemcpyDtoH (hashcat_ctx_t *hashcat_ctx, void *dstHost, CUdeviceptr srcD { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuMemcpyDtoH (dstHost, srcDevice, ByteCount); @@ -1471,7 +1471,7 @@ int hc_cuMemcpyDtoD (hashcat_ctx_t *hashcat_ctx, CUdeviceptr dstDevice, CUdevice { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuMemcpyDtoD (dstDevice, srcDevice, ByteCount); @@ -1498,7 +1498,7 @@ int hc_cuMemcpyHtoD (hashcat_ctx_t *hashcat_ctx, CUdeviceptr dstDevice, const vo { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuMemcpyHtoD (dstDevice, srcHost, ByteCount); @@ -1525,7 +1525,7 @@ int hc_cuModuleGetFunction (hashcat_ctx_t *hashcat_ctx, CUfunction *hfunc, CUmod { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuModuleGetFunction (hfunc, hmod, name); @@ -1552,7 +1552,7 @@ int hc_cuModuleGetGlobal (hashcat_ctx_t *hashcat_ctx, CUdeviceptr *dptr, size_t { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuModuleGetGlobal (dptr, bytes, hmod, name); @@ -1579,7 +1579,7 @@ int hc_cuMemGetInfo (hashcat_ctx_t *hashcat_ctx, size_t *free, size_t *total) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuMemGetInfo (free, total); @@ -1606,7 +1606,7 @@ int hc_cuFuncGetAttribute (hashcat_ctx_t *hashcat_ctx, int *pi, CUfunction_attri { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuFuncGetAttribute (pi, attrib, hfunc); @@ -1633,7 +1633,7 @@ int hc_cuFuncSetAttribute (hashcat_ctx_t *hashcat_ctx, CUfunction hfunc, CUfunct { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuFuncSetAttribute (hfunc, attrib, value); @@ -1660,7 +1660,7 @@ int hc_cuStreamCreate (hashcat_ctx_t *hashcat_ctx, CUstream *phStream, unsigned { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuStreamCreate (phStream, Flags); @@ -1687,7 +1687,7 @@ int hc_cuStreamDestroy (hashcat_ctx_t *hashcat_ctx, CUstream hStream) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuStreamDestroy (hStream); @@ -1714,7 +1714,7 @@ int hc_cuStreamSynchronize (hashcat_ctx_t *hashcat_ctx, CUstream hStream) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuStreamSynchronize (hStream); @@ -1741,7 +1741,7 @@ int hc_cuLaunchKernel (hashcat_ctx_t *hashcat_ctx, CUfunction f, unsigned int gr { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuLaunchKernel (f, gridDimX, gridDimY, gridDimZ, blockDimX, blockDimY, blockDimZ, sharedMemBytes, hStream, kernelParams, extra); @@ -1768,7 +1768,7 @@ int hc_cuCtxSynchronize (hashcat_ctx_t *hashcat_ctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuCtxSynchronize (); @@ -1795,7 +1795,7 @@ int hc_cuEventCreate (hashcat_ctx_t *hashcat_ctx, CUevent *phEvent, unsigned int { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuEventCreate (phEvent, Flags); @@ -1822,7 +1822,7 @@ int hc_cuEventDestroy (hashcat_ctx_t *hashcat_ctx, CUevent hEvent) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuEventDestroy (hEvent); @@ -1849,7 +1849,7 @@ int hc_cuEventElapsedTime (hashcat_ctx_t *hashcat_ctx, float *pMilliseconds, CUe { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuEventElapsedTime (pMilliseconds, hStart, hEnd); @@ -1876,7 +1876,7 @@ int hc_cuEventQuery (hashcat_ctx_t *hashcat_ctx, CUevent hEvent) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuEventQuery (hEvent); @@ -1903,7 +1903,7 @@ int hc_cuEventRecord (hashcat_ctx_t *hashcat_ctx, CUevent hEvent, CUstream hStre { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuEventRecord (hEvent, hStream); @@ -1930,7 +1930,7 @@ int hc_cuEventSynchronize (hashcat_ctx_t *hashcat_ctx, CUevent hEvent) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuEventSynchronize (hEvent); @@ -1957,7 +1957,7 @@ int hc_cuCtxSetCacheConfig (hashcat_ctx_t *hashcat_ctx, CUfunc_cache config) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuCtxSetCacheConfig (config); @@ -1984,7 +1984,7 @@ int hc_cuCtxPushCurrent (hashcat_ctx_t *hashcat_ctx, CUcontext ctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuCtxPushCurrent (ctx); @@ -2011,7 +2011,7 @@ int hc_cuCtxPopCurrent (hashcat_ctx_t *hashcat_ctx, CUcontext *pctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - CUDA_PTR *cuda = backend_ctx->cuda; + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; const CUresult CU_err = cuda->cuCtxPopCurrent (pctx); @@ -2041,7 +2041,7 @@ int ocl_init (hashcat_ctx_t *hashcat_ctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; memset (ocl, 0, sizeof (OCL_PTR)); @@ -2101,7 +2101,7 @@ void ocl_close (hashcat_ctx_t *hashcat_ctx) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; if (ocl) { @@ -2120,7 +2120,7 @@ int hc_clEnqueueNDRangeKernel (hashcat_ctx_t *hashcat_ctx, cl_command_queue comm { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clEnqueueNDRangeKernel (command_queue, kernel, work_dim, global_work_offset, global_work_size, local_work_size, num_events_in_wait_list, event_wait_list, event); @@ -2138,7 +2138,7 @@ int hc_clGetEventInfo (hashcat_ctx_t *hashcat_ctx, cl_event event, cl_event_info { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clGetEventInfo (event, param_name, param_value_size, param_value, param_value_size_ret); @@ -2156,7 +2156,7 @@ int hc_clFlush (hashcat_ctx_t *hashcat_ctx, cl_command_queue command_queue) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clFlush (command_queue); @@ -2174,7 +2174,7 @@ int hc_clFinish (hashcat_ctx_t *hashcat_ctx, cl_command_queue command_queue) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clFinish (command_queue); @@ -2192,7 +2192,7 @@ int hc_clSetKernelArg (hashcat_ctx_t *hashcat_ctx, cl_kernel kernel, cl_uint arg { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clSetKernelArg (kernel, arg_index, arg_size, arg_value); @@ -2210,7 +2210,7 @@ int hc_clEnqueueWriteBuffer (hashcat_ctx_t *hashcat_ctx, cl_command_queue comman { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clEnqueueWriteBuffer (command_queue, buffer, blocking_write, offset, size, ptr, num_events_in_wait_list, event_wait_list, event); @@ -2228,7 +2228,7 @@ int hc_clEnqueueCopyBuffer (hashcat_ctx_t *hashcat_ctx, cl_command_queue command { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clEnqueueCopyBuffer (command_queue, src_buffer, dst_buffer, src_offset, dst_offset, size, num_events_in_wait_list, event_wait_list, event); @@ -2246,7 +2246,7 @@ int hc_clEnqueueReadBuffer (hashcat_ctx_t *hashcat_ctx, cl_command_queue command { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clEnqueueReadBuffer (command_queue, buffer, blocking_read, offset, size, ptr, num_events_in_wait_list, event_wait_list, event); @@ -2264,7 +2264,7 @@ int hc_clGetPlatformIDs (hashcat_ctx_t *hashcat_ctx, cl_uint num_entries, cl_pla { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clGetPlatformIDs (num_entries, platforms, num_platforms); @@ -2282,7 +2282,7 @@ int hc_clGetPlatformInfo (hashcat_ctx_t *hashcat_ctx, cl_platform_id platform, c { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clGetPlatformInfo (platform, param_name, param_value_size, param_value, param_value_size_ret); @@ -2300,7 +2300,7 @@ int hc_clGetDeviceIDs (hashcat_ctx_t *hashcat_ctx, cl_platform_id platform, cl_d { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clGetDeviceIDs (platform, device_type, num_entries, devices, num_devices); @@ -2318,7 +2318,7 @@ int hc_clGetDeviceInfo (hashcat_ctx_t *hashcat_ctx, cl_device_id device, cl_devi { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clGetDeviceInfo (device, param_name, param_value_size, param_value, param_value_size_ret); @@ -2336,7 +2336,7 @@ int hc_clCreateContext (hashcat_ctx_t *hashcat_ctx, const cl_context_properties { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; cl_int CL_err; @@ -2356,7 +2356,7 @@ int hc_clCreateCommandQueue (hashcat_ctx_t *hashcat_ctx, cl_context context, cl_ { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; cl_int CL_err; @@ -2376,7 +2376,7 @@ int hc_clCreateBuffer (hashcat_ctx_t *hashcat_ctx, cl_context context, cl_mem_fl { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; cl_int CL_err; @@ -2396,7 +2396,7 @@ int hc_clCreateProgramWithSource (hashcat_ctx_t *hashcat_ctx, cl_context context { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; cl_int CL_err; @@ -2416,7 +2416,7 @@ int hc_clCreateProgramWithBinary (hashcat_ctx_t *hashcat_ctx, cl_context context { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; cl_int CL_err; @@ -2436,7 +2436,7 @@ int hc_clBuildProgram (hashcat_ctx_t *hashcat_ctx, cl_program program, cl_uint n { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clBuildProgram (program, num_devices, device_list, options, pfn_notify, user_data); @@ -2454,7 +2454,7 @@ int hc_clCreateKernel (hashcat_ctx_t *hashcat_ctx, cl_program program, const cha { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; cl_int CL_err; @@ -2474,7 +2474,7 @@ int hc_clReleaseMemObject (hashcat_ctx_t *hashcat_ctx, cl_mem mem) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clReleaseMemObject (mem); @@ -2492,7 +2492,7 @@ int hc_clReleaseKernel (hashcat_ctx_t *hashcat_ctx, cl_kernel kernel) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clReleaseKernel (kernel); @@ -2510,7 +2510,7 @@ int hc_clReleaseProgram (hashcat_ctx_t *hashcat_ctx, cl_program program) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clReleaseProgram (program); @@ -2528,7 +2528,7 @@ int hc_clReleaseCommandQueue (hashcat_ctx_t *hashcat_ctx, cl_command_queue comma { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clReleaseCommandQueue (command_queue); @@ -2546,7 +2546,7 @@ int hc_clReleaseContext (hashcat_ctx_t *hashcat_ctx, cl_context context) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clReleaseContext (context); @@ -2564,7 +2564,7 @@ int hc_clEnqueueMapBuffer (hashcat_ctx_t *hashcat_ctx, cl_command_queue command_ { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; cl_int CL_err; @@ -2584,7 +2584,7 @@ int hc_clEnqueueUnmapMemObject (hashcat_ctx_t *hashcat_ctx, cl_command_queue com { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clEnqueueUnmapMemObject (command_queue, memobj, mapped_ptr, num_events_in_wait_list, event_wait_list, event); @@ -2602,7 +2602,7 @@ int hc_clGetKernelWorkGroupInfo (hashcat_ctx_t *hashcat_ctx, cl_kernel kernel, c { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clGetKernelWorkGroupInfo (kernel, device, param_name, param_value_size, param_value, param_value_size_ret); @@ -2620,7 +2620,7 @@ int hc_clGetProgramBuildInfo (hashcat_ctx_t *hashcat_ctx, cl_program program, cl { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clGetProgramBuildInfo (program, device, param_name, param_value_size, param_value, param_value_size_ret); @@ -2638,7 +2638,7 @@ int hc_clGetProgramInfo (hashcat_ctx_t *hashcat_ctx, cl_program program, cl_prog { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clGetProgramInfo (program, param_name, param_value_size, param_value, param_value_size_ret); @@ -2656,7 +2656,7 @@ int hc_clWaitForEvents (hashcat_ctx_t *hashcat_ctx, cl_uint num_events, const cl { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clWaitForEvents (num_events, event_list); @@ -2674,7 +2674,7 @@ int hc_clGetEventProfilingInfo (hashcat_ctx_t *hashcat_ctx, cl_event event, cl_p { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clGetEventProfilingInfo (event, param_name, param_value_size, param_value, param_value_size_ret); @@ -2692,7 +2692,7 @@ int hc_clReleaseEvent (hashcat_ctx_t *hashcat_ctx, cl_event event) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; const cl_int CL_err = ocl->clReleaseEvent (event); @@ -5606,7 +5606,7 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) if (hc_clGetDeviceInfo (hashcat_ctx, device_param->opencl_device, CL_DEVICE_EXTENSIONS, 0, NULL, &device_extensions_size) == -1) return -1; - char *device_extensions = hcmalloc (device_extensions_size + 1); + char *device_extensions = (char *) hcmalloc (device_extensions_size + 1); if (hc_clGetDeviceInfo (hashcat_ctx, device_param->opencl_device, CL_DEVICE_EXTENSIONS, device_extensions_size, device_extensions, NULL) == -1) return -1; @@ -6070,7 +6070,7 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) cl_int CL_err; - OCL_PTR *ocl = backend_ctx->ocl; + OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; tmp_device[c] = ocl->clCreateBuffer (context, CL_MEM_READ_WRITE, MAX_ALLOC_CHECKS_SIZE, NULL, &CL_err); diff --git a/src/brain.c b/src/brain.c index d67170cd4..3685d5111 100644 --- a/src/brain.c +++ b/src/brain.c @@ -66,7 +66,7 @@ u32 brain_compute_session (hashcat_ctx_t *hashcat_ctx) // digest u32 digests_cnt = hashes->digests_cnt; - u32 *digests_buf = hashes->digests_buf; + u32 *digests_buf = (u32 *) hashes->digests_buf; XXH64_update (state, digests_buf, digests_cnt * hashconfig->dgst_size); @@ -2306,7 +2306,7 @@ void *brain_server_handle_client (void *p) // short global alloc - brain_server_db_short_t *brain_server_db_short = hcmalloc (sizeof (brain_server_db_short_t)); + brain_server_db_short_t *brain_server_db_short = (brain_server_db_short_t *) hcmalloc (sizeof (brain_server_db_short_t)); brain_server_db_short->short_cnt = 0; brain_server_db_short->short_buf = (brain_server_hash_short_t *) hccalloc (passwords_max, sizeof (brain_server_hash_short_t)); diff --git a/src/filehandling.c b/src/filehandling.c index 9ea564f2a..0ed5fd1ab 100644 --- a/src/filehandling.c +++ b/src/filehandling.c @@ -137,7 +137,7 @@ size_t hc_fread (void *ptr, size_t size, size_t nmemb, HCFILE *fp) return n; } -size_t hc_fwrite (void *ptr, size_t size, size_t nmemb, HCFILE *fp) +size_t hc_fwrite (const void *ptr, size_t size, size_t nmemb, HCFILE *fp) { size_t n = -1; diff --git a/src/folder.c b/src/folder.c index 27b4837cb..db1e495b0 100644 --- a/src/folder.c +++ b/src/folder.c @@ -340,7 +340,7 @@ int folder_config_init (hashcat_ctx_t *hashcat_ctx, MAYBE_UNUSED const char *ins return -1; } - char *install_dir = hcmalloc (HCBUFSIZ_TINY); + char *install_dir = (char *) hcmalloc (HCBUFSIZ_TINY); get_install_dir (install_dir, resolved_exec_path); @@ -359,8 +359,8 @@ int folder_config_init (hashcat_ctx_t *hashcat_ctx, MAYBE_UNUSED const char *ins const char *home_dir = pwp->pw_dir; - profile_dir = hcmalloc (HCBUFSIZ_TINY); - session_dir = hcmalloc (HCBUFSIZ_TINY); + profile_dir = (char *) hcmalloc (HCBUFSIZ_TINY); + session_dir = (char *) hcmalloc (HCBUFSIZ_TINY); get_profile_dir (profile_dir, home_dir); get_session_dir (session_dir, profile_dir); diff --git a/src/hwmon.c b/src/hwmon.c index 905ce6e61..cc1414da5 100644 --- a/src/hwmon.c +++ b/src/hwmon.c @@ -18,7 +18,7 @@ static bool sysfs_init (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - SYSFS_PTR *sysfs = hwmon_ctx->hm_sysfs; + SYSFS_PTR *sysfs = (SYSFS_PTR *) hwmon_ctx->hm_sysfs; memset (sysfs, 0, sizeof (SYSFS_PTR)); @@ -37,7 +37,7 @@ static void sysfs_close (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - SYSFS_PTR *sysfs = hwmon_ctx->hm_sysfs; + SYSFS_PTR *sysfs = (SYSFS_PTR *) hwmon_ctx->hm_sysfs; if (sysfs) { @@ -69,7 +69,7 @@ static char *hm_SYSFS_get_syspath_hwmon (hashcat_ctx_t *hashcat_ctx, const int b return NULL; } - char *hwmon = hcmalloc (HCBUFSIZ_TINY); + char *hwmon = (char *) hcmalloc (HCBUFSIZ_TINY); snprintf (hwmon, HCBUFSIZ_TINY, "%s/hwmon", syspath); @@ -405,7 +405,7 @@ static int nvml_init (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; memset (nvml, 0, sizeof (NVML_PTR)); @@ -542,7 +542,7 @@ static void nvml_close (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; if (nvml) { @@ -562,9 +562,9 @@ static int hm_NVML_nvmlInit (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; - const nvmlReturn_t nvml_rc = nvml->nvmlInit (); + const nvmlReturn_t nvml_rc = (nvmlReturn_t) nvml->nvmlInit (); if (nvml_rc != NVML_SUCCESS) { @@ -582,9 +582,9 @@ static int hm_NVML_nvmlShutdown (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; - const nvmlReturn_t nvml_rc = nvml->nvmlShutdown (); + const nvmlReturn_t nvml_rc = (nvmlReturn_t) nvml->nvmlShutdown (); if (nvml_rc != NVML_SUCCESS) { @@ -602,7 +602,7 @@ static int hm_NVML_nvmlDeviceGetCount (hashcat_ctx_t *hashcat_ctx, unsigned int { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; const nvmlReturn_t nvml_rc = nvml->nvmlDeviceGetCount (deviceCount); @@ -622,7 +622,7 @@ static int hm_NVML_nvmlDeviceGetHandleByIndex (hashcat_ctx_t *hashcat_ctx, unsig { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; const nvmlReturn_t nvml_rc = nvml->nvmlDeviceGetHandleByIndex (device_index, device); @@ -642,7 +642,7 @@ static int hm_NVML_nvmlDeviceGetTemperature (hashcat_ctx_t *hashcat_ctx, nvmlDev { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; const nvmlReturn_t nvml_rc = nvml->nvmlDeviceGetTemperature (device, sensorType, temp); @@ -662,7 +662,7 @@ static int hm_NVML_nvmlDeviceGetFanSpeed (hashcat_ctx_t *hashcat_ctx, nvmlDevice { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; const nvmlReturn_t nvml_rc = nvml->nvmlDeviceGetFanSpeed (device, speed); @@ -682,7 +682,7 @@ static int hm_NVML_nvmlDeviceGetUtilizationRates (hashcat_ctx_t *hashcat_ctx, nv { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; const nvmlReturn_t nvml_rc = nvml->nvmlDeviceGetUtilizationRates (device, utilization); @@ -702,7 +702,7 @@ static int hm_NVML_nvmlDeviceGetClockInfo (hashcat_ctx_t *hashcat_ctx, nvmlDevic { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; const nvmlReturn_t nvml_rc = nvml->nvmlDeviceGetClockInfo (device, type, clockfreq); @@ -722,7 +722,7 @@ static int hm_NVML_nvmlDeviceGetTemperatureThreshold (hashcat_ctx_t *hashcat_ctx { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; const nvmlReturn_t nvml_rc = nvml->nvmlDeviceGetTemperatureThreshold (device, thresholdType, temp); @@ -742,7 +742,7 @@ static int hm_NVML_nvmlDeviceGetCurrPcieLinkWidth (hashcat_ctx_t *hashcat_ctx, n { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; const nvmlReturn_t nvml_rc = nvml->nvmlDeviceGetCurrPcieLinkWidth (device, currLinkWidth); @@ -762,7 +762,7 @@ static int hm_NVML_nvmlDeviceGetPciInfo (hashcat_ctx_t *hashcat_ctx, nvmlDevice_ { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVML_PTR *nvml = hwmon_ctx->hm_nvml; + NVML_PTR *nvml = (NVML_PTR *) hwmon_ctx->hm_nvml; const nvmlReturn_t nvml_rc = nvml->nvmlDeviceGetPciInfo (device, pci); @@ -784,7 +784,7 @@ static int nvapi_init (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVAPI_PTR *nvapi = hwmon_ctx->hm_nvapi; + NVAPI_PTR *nvapi = (NVAPI_PTR *) hwmon_ctx->hm_nvapi; memset (nvapi, 0, sizeof (NVAPI_PTR)); @@ -837,7 +837,7 @@ static void nvapi_close (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVAPI_PTR *nvapi = hwmon_ctx->hm_nvapi; + NVAPI_PTR *nvapi = (NVAPI_PTR *) hwmon_ctx->hm_nvapi; if (nvapi) { @@ -857,9 +857,9 @@ static int hm_NvAPI_Initialize (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVAPI_PTR *nvapi = hwmon_ctx->hm_nvapi; + NVAPI_PTR *nvapi = (NVAPI_PTR *) hwmon_ctx->hm_nvapi; - const NvAPI_Status NvAPI_rc = nvapi->NvAPI_Initialize (); + const NvAPI_Status NvAPI_rc = (NvAPI_Status) nvapi->NvAPI_Initialize (); if (NvAPI_rc == NVAPI_LIBRARY_NOT_FOUND) return -1; @@ -881,9 +881,9 @@ static int hm_NvAPI_Unload (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVAPI_PTR *nvapi = hwmon_ctx->hm_nvapi; + NVAPI_PTR *nvapi = (NVAPI_PTR *) hwmon_ctx->hm_nvapi; - const NvAPI_Status NvAPI_rc = nvapi->NvAPI_Unload (); + const NvAPI_Status NvAPI_rc = (NvAPI_Status) nvapi->NvAPI_Unload (); if (NvAPI_rc != NVAPI_OK) { @@ -903,9 +903,9 @@ static int hm_NvAPI_EnumPhysicalGPUs (hashcat_ctx_t *hashcat_ctx, NvPhysicalGpuH { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVAPI_PTR *nvapi = hwmon_ctx->hm_nvapi; + NVAPI_PTR *nvapi = (NVAPI_PTR *) hwmon_ctx->hm_nvapi; - const NvAPI_Status NvAPI_rc = nvapi->NvAPI_EnumPhysicalGPUs (nvGPUHandle, pGpuCount); + const NvAPI_Status NvAPI_rc = (NvAPI_Status) nvapi->NvAPI_EnumPhysicalGPUs (nvGPUHandle, pGpuCount); if (NvAPI_rc != NVAPI_OK) { @@ -925,9 +925,9 @@ static int hm_NvAPI_GPU_GetPerfPoliciesInfo (hashcat_ctx_t *hashcat_ctx, NvPhysi { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVAPI_PTR *nvapi = hwmon_ctx->hm_nvapi; + NVAPI_PTR *nvapi = (NVAPI_PTR *) hwmon_ctx->hm_nvapi; - const NvAPI_Status NvAPI_rc = nvapi->NvAPI_GPU_GetPerfPoliciesInfo (hPhysicalGpu, perfPolicies_info); + const NvAPI_Status NvAPI_rc = (NvAPI_Status) nvapi->NvAPI_GPU_GetPerfPoliciesInfo (hPhysicalGpu, perfPolicies_info); if (NvAPI_rc != NVAPI_OK) { @@ -947,9 +947,9 @@ static int hm_NvAPI_GPU_GetPerfPoliciesStatus (hashcat_ctx_t *hashcat_ctx, NvPhy { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVAPI_PTR *nvapi = hwmon_ctx->hm_nvapi; + NVAPI_PTR *nvapi = (NVAPI_PTR *) hwmon_ctx->hm_nvapi; - const NvAPI_Status NvAPI_rc = nvapi->NvAPI_GPU_GetPerfPoliciesStatus (hPhysicalGpu, perfPolicies_status); + const NvAPI_Status NvAPI_rc = (NvAPI_Status) nvapi->NvAPI_GPU_GetPerfPoliciesStatus (hPhysicalGpu, perfPolicies_status); if (NvAPI_rc != NVAPI_OK) { @@ -969,9 +969,9 @@ static int hm_NvAPI_GPU_GetBusId (hashcat_ctx_t *hashcat_ctx, NvPhysicalGpuHandl { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVAPI_PTR *nvapi = hwmon_ctx->hm_nvapi; + NVAPI_PTR *nvapi = (NVAPI_PTR *) hwmon_ctx->hm_nvapi; - const NvAPI_Status NvAPI_rc = nvapi->NvAPI_GPU_GetBusId (hPhysicalGpu, pBusId); + const NvAPI_Status NvAPI_rc = (NvAPI_Status) nvapi->NvAPI_GPU_GetBusId (hPhysicalGpu, pBusId); if (NvAPI_rc != NVAPI_OK) { @@ -991,9 +991,9 @@ static int hm_NvAPI_GPU_GetBusSlotId (hashcat_ctx_t *hashcat_ctx, NvPhysicalGpuH { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - NVAPI_PTR *nvapi = hwmon_ctx->hm_nvapi; + NVAPI_PTR *nvapi = (NVAPI_PTR *) hwmon_ctx->hm_nvapi; - const NvAPI_Status NvAPI_rc = nvapi->NvAPI_GPU_GetBusSlotId (hPhysicalGpu, pBusSlotId); + const NvAPI_Status NvAPI_rc = (NvAPI_Status) nvapi->NvAPI_GPU_GetBusSlotId (hPhysicalGpu, pBusSlotId); if (NvAPI_rc != NVAPI_OK) { @@ -1015,7 +1015,7 @@ static int adl_init (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; memset (adl, 0, sizeof (ADL_PTR)); @@ -1074,7 +1074,7 @@ static void adl_close (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; if (adl) { @@ -1089,7 +1089,7 @@ static int hm_ADL_Main_Control_Destroy (hashcat_ctx_t *hashcat_ctx) { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Main_Control_Destroy (); @@ -1107,7 +1107,7 @@ static int hm_ADL_Main_Control_Create (hashcat_ctx_t *hashcat_ctx, ADL_MAIN_MALL { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Main_Control_Create (callback, iEnumConnectedAdapters); @@ -1125,7 +1125,7 @@ static int hm_ADL_Adapter_NumberOfAdapters_Get (hashcat_ctx_t *hashcat_ctx, int { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Adapter_NumberOfAdapters_Get (lpNumAdapters); @@ -1143,7 +1143,7 @@ static int hm_ADL_Adapter_AdapterInfo_Get (hashcat_ctx_t *hashcat_ctx, LPAdapter { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Adapter_AdapterInfo_Get (lpInfo, iInputSize); @@ -1161,7 +1161,7 @@ static int hm_ADL_Overdrive5_Temperature_Get (hashcat_ctx_t *hashcat_ctx, int iA { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Overdrive5_Temperature_Get (iAdapterIndex, iThermalControllerIndex, lpTemperature); @@ -1179,7 +1179,7 @@ static int hm_ADL_Overdrive6_Temperature_Get (hashcat_ctx_t *hashcat_ctx, int iA { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Overdrive6_Temperature_Get (iAdapterIndex, iTemperature); @@ -1197,7 +1197,7 @@ static int hm_ADL_Overdrive_CurrentActivity_Get (hashcat_ctx_t *hashcat_ctx, int { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Overdrive5_CurrentActivity_Get (iAdapterIndex, lpActivity); @@ -1215,7 +1215,7 @@ static int hm_ADL_Overdrive5_FanSpeed_Get (hashcat_ctx_t *hashcat_ctx, int iAdap { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Overdrive5_FanSpeed_Get (iAdapterIndex, iThermalControllerIndex, lpFanSpeedValue); @@ -1233,7 +1233,7 @@ static int hm_ADL_Overdrive6_FanSpeed_Get (hashcat_ctx_t *hashcat_ctx, int iAdap { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Overdrive6_FanSpeed_Get (iAdapterIndex, lpFanSpeedInfo); @@ -1251,7 +1251,7 @@ static int hm_ADL_Overdrive_Caps (hashcat_ctx_t *hashcat_ctx, int iAdapterIndex, { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Overdrive_Caps (iAdapterIndex, od_supported, od_enabled, od_version); @@ -1269,7 +1269,7 @@ static int hm_ADL_Overdrive6_TargetTemperatureData_Get (hashcat_ctx_t *hashcat_c { hwmon_ctx_t *hwmon_ctx = hashcat_ctx->hwmon_ctx; - ADL_PTR *adl = hwmon_ctx->hm_adl; + ADL_PTR *adl = (ADL_PTR *) hwmon_ctx->hm_adl; const int ADL_rc = adl->ADL_Overdrive6_TargetTemperatureData_Get (iAdapterIndex, cur_temp, default_temp); diff --git a/src/outfile_check.c b/src/outfile_check.c index 84d47b1e9..02e3cb4fa 100644 --- a/src/outfile_check.c +++ b/src/outfile_check.c @@ -37,7 +37,7 @@ static int outfile_remove (hashcat_ctx_t *hashcat_ctx) salt_t *salts_buf = hashes->salts_buf; const u32 salts_cnt = hashes->salts_cnt; - char *digests_buf = hashes->digests_buf; + char *digests_buf = (char *) hashes->digests_buf; char *root_directory = outcheck_ctx->root_directory; u32 outfile_check_timer = user_options->outfile_check_timer; diff --git a/src/potfile.c b/src/potfile.c index 58a247406..98804ae15 100644 --- a/src/potfile.c +++ b/src/potfile.c @@ -347,7 +347,7 @@ void potfile_update_hashes (hashcat_ctx_t *hashcat_ctx, hash_t *hash_buf, char * // the main search function is this: - void **found = tfind (&search_entry, (void **) &tree, sort_pot_tree_by_hash); + void **found = (void **) tfind (&search_entry, (void **) &tree, sort_pot_tree_by_hash); if (found) { @@ -451,7 +451,7 @@ int potfile_remove_parse (hashcat_ctx_t *hashcat_ctx) // the following function searches if the "key" is already present and if not inserts the new entry: - void **found = tsearch (new_entry, (void **) &all_hashes_tree, sort_pot_tree_by_hash); + void **found = (void **) tsearch (new_entry, (void **) &all_hashes_tree, sort_pot_tree_by_hash); pot_tree_entry_t *found_entry = (pot_tree_entry_t *) *found; diff --git a/src/rp.c b/src/rp.c index 2fdce44ca..738ff4bb7 100644 --- a/src/rp.c +++ b/src/rp.c @@ -872,7 +872,7 @@ int kernel_rules_generate (hashcat_ctx_t *hashcat_ctx, kernel_rule_t **out_buf, const user_options_t *user_options = hashcat_ctx->user_options; u32 kernel_rules_cnt = 0; - kernel_rule_t *kernel_rules_buf = hccalloc (user_options->rp_gen, sizeof (kernel_rule_t)); + kernel_rule_t *kernel_rules_buf = (kernel_rule_t *) hccalloc (user_options->rp_gen, sizeof (kernel_rule_t)); char *rule_buf = (char *) hcmalloc (RP_RULE_SIZE); diff --git a/src/rp_cpu.c b/src/rp_cpu.c index 3070516ae..b9dc23e69 100644 --- a/src/rp_cpu.c +++ b/src/rp_cpu.c @@ -807,14 +807,16 @@ int _old_apply_rule (const char *rule, int rule_len, char in[RP_PASSWORD_SIZE], case RULE_OP_REJECT_NOT_CONTAIN: NEXT_RULEPOS (rule_pos); - char *match = strchr (out, rule_new[rule_pos]); - if (match != NULL) { - pos_mem = (int)(match - out); - } - else - { - return (RULE_RC_REJECT_ERROR); + const char *match = strchr (out, rule_new[rule_pos]); + if (match != NULL) + { + pos_mem = (int)(match - out); + } + else + { + return (RULE_RC_REJECT_ERROR); + } } break; diff --git a/src/shared.c b/src/shared.c index 009322c48..6fb7b1b1d 100644 --- a/src/shared.c +++ b/src/shared.c @@ -994,7 +994,7 @@ static int rounds_count_length (const char *input_buf, const int input_len) if (memcmp (input_buf, rounds, 7) == 0) { - char *next_pos = strchr (input_buf + 8, '$'); + const char *next_pos = strchr (input_buf + 8, '$'); if (next_pos == NULL) return -1; diff --git a/src/tuningdb.c b/src/tuningdb.c index 248f8d30a..f2a7f9ac5 100644 --- a/src/tuningdb.c +++ b/src/tuningdb.c @@ -342,7 +342,7 @@ tuning_db_entry_t *tuning_db_search (hashcat_ctx_t *hashcat_ctx, const char *dev { device_name_nospace[i] = 0; - tuning_db_alias_t *alias = bsearch (&a, tuning_db->alias_buf, tuning_db->alias_cnt, sizeof (tuning_db_alias_t), sort_by_tuning_db_alias); + tuning_db_alias_t *alias = (tuning_db_alias_t *) bsearch (&a, tuning_db->alias_buf, tuning_db->alias_cnt, sizeof (tuning_db_alias_t), sort_by_tuning_db_alias); if (alias == NULL) continue; @@ -372,7 +372,7 @@ tuning_db_entry_t *tuning_db_search (hashcat_ctx_t *hashcat_ctx, const char *dev s.attack_mode = (i & 2) ? -1 : attack_mode; s.hash_mode = (i & 4) ? -1 : hash_mode; - entry = bsearch (&s, tuning_db->entry_buf, tuning_db->entry_cnt, sizeof (tuning_db_entry_t), sort_by_tuning_db_entry); + entry = (tuning_db_entry_t *) bsearch (&s, tuning_db->entry_buf, tuning_db->entry_cnt, sizeof (tuning_db_entry_t), sort_by_tuning_db_entry); if (entry != NULL) break; @@ -386,7 +386,7 @@ tuning_db_entry_t *tuning_db_search (hashcat_ctx_t *hashcat_ctx, const char *dev { s.device_name = alias_name; - entry = bsearch (&s, tuning_db->entry_buf, tuning_db->entry_cnt, sizeof (tuning_db_entry_t), sort_by_tuning_db_entry); + entry = (tuning_db_entry_t *) bsearch (&s, tuning_db->entry_buf, tuning_db->entry_cnt, sizeof (tuning_db_entry_t), sort_by_tuning_db_entry); if (entry != NULL) break; } @@ -406,7 +406,7 @@ tuning_db_entry_t *tuning_db_search (hashcat_ctx_t *hashcat_ctx, const char *dev s.device_name = "DEVICE_TYPE_ACCELERATOR"; } - entry = bsearch (&s, tuning_db->entry_buf, tuning_db->entry_cnt, sizeof (tuning_db_entry_t), sort_by_tuning_db_entry); + entry = (tuning_db_entry_t *) bsearch (&s, tuning_db->entry_buf, tuning_db->entry_cnt, sizeof (tuning_db_entry_t), sort_by_tuning_db_entry); if (entry != NULL) break; } From bd6c0e57e4c522148b26817e8a2a1237e5ba6288 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 9 Sep 2019 17:52:08 -0700 Subject: [PATCH 004/300] Change 0/1 to true/false Found with clang-tidy --- src/autotune.c | 2 +- src/folder.c | 2 +- src/hashes.c | 12 ++++++------ src/hwmon.c | 2 +- src/potfile.c | 2 +- src/slow_candidates.c | 12 ++++++------ src/terminal.c | 4 ++-- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/autotune.c b/src/autotune.c index 24aa16979..bcf1ac33b 100644 --- a/src/autotune.c +++ b/src/autotune.c @@ -199,7 +199,7 @@ static int autotune (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param u32 kernel_loops_max_reduced = kernel_loops_max; - if (1) + if (true) { double exec_msec = try_run (hashcat_ctx, device_param, kernel_accel_min, kernel_loops_min); diff --git a/src/folder.c b/src/folder.c index 27b4837cb..be81daed1 100644 --- a/src/folder.c +++ b/src/folder.c @@ -458,7 +458,7 @@ int folder_config_init (hashcat_ctx_t *hashcat_ctx, MAYBE_UNUSED const char *ins hcfree (cpath); //if (getenv ("TMP") == NULL) - if (1) + if (true) { char *tmp; diff --git a/src/hashes.c b/src/hashes.c index a92af200e..2c0107ba5 100644 --- a/src/hashes.c +++ b/src/hashes.c @@ -887,10 +887,10 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) hlfmt_hash (hashcat_ctx, hashlist_format, input_buf, input_len, &hash_buf, &hash_len); - bool hash_fmt_error = 0; + bool hash_fmt_error = false; - if (hash_len < 1) hash_fmt_error = 1; - if (hash_buf == NULL) hash_fmt_error = 1; + if (hash_len < 1) hash_fmt_error = true; + if (hash_buf == NULL) hash_fmt_error = true; if (hash_fmt_error) { @@ -1034,10 +1034,10 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) hlfmt_hash (hashcat_ctx, hashlist_format, line_buf, line_len, &hash_buf, &hash_len); - bool hash_fmt_error = 0; + bool hash_fmt_error = false; - if (hash_len < 1) hash_fmt_error = 1; - if (hash_buf == NULL) hash_fmt_error = 1; + if (hash_len < 1) hash_fmt_error = true; + if (hash_buf == NULL) hash_fmt_error = true; if (hash_fmt_error) { diff --git a/src/hwmon.c b/src/hwmon.c index 905ce6e61..6d154280c 100644 --- a/src/hwmon.c +++ b/src/hwmon.c @@ -2557,7 +2557,7 @@ int hwmon_ctx_init (hashcat_ctx_t *hashcat_ctx) if (hwmon_ctx->hm_sysfs) { - if (1) + if (true) { int hm_adapters_id = 0; diff --git a/src/potfile.c b/src/potfile.c index 58a247406..3a973ba07 100644 --- a/src/potfile.c +++ b/src/potfile.c @@ -247,7 +247,7 @@ void potfile_write_append (hashcat_ctx_t *hashcat_ctx, const char *out_buf, cons int tmp_len = 0; - if (1) + if (true) { memcpy (tmp_buf + tmp_len, out_buf, out_len); diff --git a/src/slow_candidates.c b/src/slow_candidates.c index 222cc4a92..6fef1fcdd 100644 --- a/src/slow_candidates.c +++ b/src/slow_candidates.c @@ -35,7 +35,7 @@ void slow_candidates_seek (hashcat_ctx_t *hashcat_ctx, void *extra_info, const u char *line_buf = NULL; u32 line_len = 0; - while (1) + while (true) { HCFILE *fp = &extra_info_straight->fp; @@ -86,7 +86,7 @@ void slow_candidates_seek (hashcat_ctx_t *hashcat_ctx, void *extra_info, const u char *line_buf = NULL; u32 line_len = 0; - while (1) + while (true) { get_next_word (hashcat_ctx, base_fp, &line_buf, &line_len); @@ -121,7 +121,7 @@ void slow_candidates_seek (hashcat_ctx_t *hashcat_ctx, void *extra_info, const u char *line_buf = extra_info_combi->scratch_buf; u32 line_len = 0; - while (1) + while (true) { line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE); @@ -174,7 +174,7 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info) char *line_buf = NULL; u32 line_len = 0; - while (1) + while (true) { HCFILE *fp = &extra_info_straight->fp; @@ -246,7 +246,7 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info) char *line_buf = NULL; u32 line_len = 0; - while (1) + while (true) { get_next_word (hashcat_ctx, base_fp, &line_buf, &line_len); @@ -284,7 +284,7 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info) char *line_buf = extra_info_combi->scratch_buf; u32 line_len = 0; - while (1) + while (true) { line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE); diff --git a/src/terminal.c b/src/terminal.c index e0ae0137f..208117b08 100644 --- a/src/terminal.c +++ b/src/terminal.c @@ -555,7 +555,7 @@ void example_hashes (hashcat_ctx_t *hashcat_ctx) { event_log_info (hashcat_ctx, "HASH: %s", hashconfig->st_hash); - if (need_hexify ((const u8 *) hashconfig->st_pass, strlen (hashconfig->st_pass), user_options->separator, 0)) + if (need_hexify ((const u8 *) hashconfig->st_pass, strlen (hashconfig->st_pass), user_options->separator, false)) { char tmp_buf[HCBUFSIZ_LARGE] = { 0 }; @@ -615,7 +615,7 @@ void example_hashes (hashcat_ctx_t *hashcat_ctx) { event_log_info (hashcat_ctx, "HASH: %s", hashconfig->st_hash); - if (need_hexify ((const u8 *) hashconfig->st_pass, strlen (hashconfig->st_pass), user_options->separator, 0)) + if (need_hexify ((const u8 *) hashconfig->st_pass, strlen (hashconfig->st_pass), user_options->separator, false)) { char tmp_buf[HCBUFSIZ_LARGE] = { 0 }; From 49edbe184bd05ce5ed0372cd2f1ebf3942d19e78 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Wed, 11 Sep 2019 20:18:26 -0700 Subject: [PATCH 005/300] Avoid narrowing errors C++ with -Wnarrowing complains about these. --- src/modules/module_06400.c | 2 +- src/modules/module_06500.c | 2 +- src/modules/module_06700.c | 2 +- src/modules/module_14600.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/modules/module_06400.c b/src/modules/module_06400.c index ad4e7273a..51ed05522 100644 --- a/src/modules/module_06400.c +++ b/src/modules/module_06400.c @@ -311,7 +311,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *iter_pos = token.buf[1]; - char salt_iter[3] = { iter_pos[0], iter_pos[1], 0 }; + u8 salt_iter[3] = { iter_pos[0], iter_pos[1], 0 }; salt->salt_sign[0] = hc_strtoul ((const char *) salt_iter, NULL, 10); diff --git a/src/modules/module_06500.c b/src/modules/module_06500.c index 011a3f5bf..a8c51fd28 100644 --- a/src/modules/module_06500.c +++ b/src/modules/module_06500.c @@ -462,7 +462,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *iter_pos = token.buf[1]; - char salt_iter[3] = { iter_pos[0], iter_pos[1], 0 }; + u8 salt_iter[3] = { iter_pos[0], iter_pos[1], 0 }; salt->salt_sign[0] = hc_strtoul ((const char *) salt_iter, NULL, 10); diff --git a/src/modules/module_06700.c b/src/modules/module_06700.c index 25cf31f8c..2fc10a247 100644 --- a/src/modules/module_06700.c +++ b/src/modules/module_06700.c @@ -224,7 +224,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *iter_pos = token.buf[1]; - char salt_iter[3] = { iter_pos[0], iter_pos[1], 0 }; + u8 salt_iter[3] = { iter_pos[0], iter_pos[1], 0 }; salt->salt_sign[0] = hc_strtoul ((const char *) salt_iter, NULL, 10); diff --git a/src/modules/module_14600.c b/src/modules/module_14600.c index 74c962be4..46d30eb20 100644 --- a/src/modules/module_14600.c +++ b/src/modules/module_14600.c @@ -61,7 +61,7 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, #define LUKS_KEY_ENABLED 0x00AC71F3 #define LUKS_STRIPES 4000 // partition header starts with magic -#define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe}; +#define LUKS_MAGIC {'L','U','K','S', (char) 0xba, (char) 0xbe}; #define LUKS_MAGIC_L 6 /* Actually we need only 37, but we don't want struct autoaligning to kick in */ #define UUID_STRING_L 40 From b19761081148f0d6d57fad2eafefc7021285b1bb Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 2 Oct 2019 14:18:26 +0200 Subject: [PATCH 006/300] Add tokenizer support for TOKEN_ATTR_VERIFY_FLOAT --- include/convert.h | 2 ++ include/types.h | 9 +++++---- src/convert.c | 21 +++++++++++++++++++++ src/shared.c | 10 ++++++++++ 4 files changed, 38 insertions(+), 4 deletions(-) diff --git a/include/convert.h b/include/convert.h index 7a11466ca..968c93e1b 100644 --- a/include/convert.h +++ b/include/convert.h @@ -24,6 +24,8 @@ bool is_valid_hex_string (const u8 *s, const size_t len); bool is_valid_hex_char (const u8 c); bool is_valid_digit_string (const u8 *s, const size_t len); bool is_valid_digit_char (const u8 c); +bool is_valid_float_string (const u8 *s, const size_t len); +bool is_valid_float_char (const u8 c); u8 hex_convert (const u8 c); diff --git a/include/types.h b/include/types.h index 0f754aa71..e56326117 100644 --- a/include/types.h +++ b/include/types.h @@ -758,10 +758,11 @@ typedef enum token_attr TOKEN_ATTR_VERIFY_SIGNATURE = 1 << 2, TOKEN_ATTR_VERIFY_LENGTH = 1 << 3, TOKEN_ATTR_VERIFY_DIGIT = 1 << 4, - TOKEN_ATTR_VERIFY_HEX = 1 << 5, - TOKEN_ATTR_VERIFY_BASE64A = 1 << 6, - TOKEN_ATTR_VERIFY_BASE64B = 1 << 7, - TOKEN_ATTR_VERIFY_BASE64C = 1 << 8 + TOKEN_ATTR_VERIFY_FLOAT = 1 << 5, + TOKEN_ATTR_VERIFY_HEX = 1 << 6, + TOKEN_ATTR_VERIFY_BASE64A = 1 << 7, + TOKEN_ATTR_VERIFY_BASE64B = 1 << 8, + TOKEN_ATTR_VERIFY_BASE64C = 1 << 9 } token_attr_t; diff --git a/src/convert.c b/src/convert.c index befca7fb9..3a26d6a28 100644 --- a/src/convert.c +++ b/src/convert.c @@ -311,6 +311,27 @@ bool is_valid_hex_char (const u8 c) return false; } +bool is_valid_float_string (const u8 *s, const size_t len) +{ + for (size_t i = 0; i < len; i++) + { + const u8 c = s[i]; + + if (is_valid_float_char (c) == false) return false; + } + + return true; +} + +bool is_valid_float_char (const u8 c) +{ + if ((c >= '0') && (c <= '9')) return true; + + if (c == '.') return true; + + return false; +} + bool is_valid_digit_string (const u8 *s, const size_t len) { for (size_t i = 0; i < len; i++) diff --git a/src/shared.c b/src/shared.c index 009322c48..8d4181375 100644 --- a/src/shared.c +++ b/src/shared.c @@ -1092,6 +1092,16 @@ int input_tokenizer (const u8 *input_buf, const int input_len, token_t *token) if (token->len[token_idx] > token->len_max[token_idx]) return (PARSER_TOKEN_LENGTH); } + if (token->attr[token_idx] & TOKEN_ATTR_VERIFY_DIGIT) + { + if (is_valid_digit_string (token->buf[token_idx], token->len[token_idx]) == false) return (PARSER_TOKEN_ENCODING); + } + + if (token->attr[token_idx] & TOKEN_ATTR_VERIFY_FLOAT) + { + if (is_valid_float_string (token->buf[token_idx], token->len[token_idx]) == false) return (PARSER_TOKEN_ENCODING); + } + if (token->attr[token_idx] & TOKEN_ATTR_VERIFY_HEX) { if (is_valid_hex_string (token->buf[token_idx], token->len[token_idx]) == false) return (PARSER_TOKEN_ENCODING); From a0284b83789e03eed1801e6884e14234cda3b8f8 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 8 Oct 2019 12:33:11 +0200 Subject: [PATCH 007/300] Fixed invalid use of --hex-wordlist if encoded wordlist string is larger than length 256 --- docs/changes.txt | 1 + src/dispatch.c | 2 -- src/slow_candidates.c | 15 +++++++++------ src/wordlist.c | 13 +++++++++++++ 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 42bb6124b..01d86a99e 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -67,6 +67,7 @@ - Fixed incorrect progress-only result in a special race condition - Fixed invalid call of mp_css_utf16le_expand()/mp_css_utf16be_expand() in a slow-candidate session - Fixed invalid password truncation in attack-mode 1 if final password is longer than 32 character +- Fixed invalid use of --hex-wordlist if encoded wordlist string is larger than length 256 - Fixed maximum password length limit which was announced as 256 but actually was 255 - Fixed output of IKE PSK (mode 5300 and 5400) hashes to have separators at right position - Fixed output password of "e" rule in pure and cpu rule engine if separator character is also the first letter diff --git a/src/dispatch.c b/src/dispatch.c index b2e936235..428be4371 100644 --- a/src/dispatch.c +++ b/src/dispatch.c @@ -1390,8 +1390,6 @@ static int calc (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param) { get_next_word (hashcat_ctx_tmp, &fp, &line_buf, &line_len); - line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len); - // post-process rule engine if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l)) diff --git a/src/slow_candidates.c b/src/slow_candidates.c index 222cc4a92..a4033c6cf 100644 --- a/src/slow_candidates.c +++ b/src/slow_candidates.c @@ -125,6 +125,8 @@ void slow_candidates_seek (hashcat_ctx_t *hashcat_ctx, void *extra_info, const u { line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE); + line_len = convert_from_hex (hashcat_ctx, line_buf, line_len); + // post-process rule engine if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l)) @@ -180,8 +182,6 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info) get_next_word (hashcat_ctx, fp, &line_buf, &line_len); - line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len); - // post-process rule engine char rule_buf_out[RP_PASSWORD_SIZE]; @@ -250,21 +250,22 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info) { get_next_word (hashcat_ctx, base_fp, &line_buf, &line_len); - line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len); - // post-process rule engine + char rule_buf_out[RP_PASSWORD_SIZE]; + if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l)) { if (line_len >= RP_PASSWORD_SIZE) continue; - char rule_buf_out[RP_PASSWORD_SIZE]; - memset (rule_buf_out, 0, sizeof (rule_buf_out)); const int rule_len_out = _old_apply_rule (user_options->rule_buf_l, (int) user_options_extra->rule_len_l, line_buf, (int) line_len, rule_buf_out); if (rule_len_out < 0) continue; + + line_buf = rule_buf_out; + line_len = (u32) rule_len_out; } break; @@ -288,6 +289,8 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info) { line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE); + line_len = convert_from_hex (hashcat_ctx, line_buf, line_len); + // post-process rule engine if (run_rule_engine ((int) user_options_extra->rule_len_r, user_options->rule_buf_r)) diff --git a/src/wordlist.c b/src/wordlist.c index 57bd36346..7ac0b07c1 100644 --- a/src/wordlist.c +++ b/src/wordlist.c @@ -187,7 +187,13 @@ void get_next_word (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, char **out_buf, u32 wl_data->pos += off; + // do the on-the-fly hex decode using original buffer + // this is safe as length only decreases in size + + len = (u32) convert_from_hex (hashcat_ctx, ptr, len); + // do the on-the-fly encoding + // needs to write into new buffer because size case both decrease and increase if (wl_data->iconv_enabled == true) { @@ -204,6 +210,8 @@ void get_next_word (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, char **out_buf, u32 len = HCBUFSIZ_TINY - iconv_sz; } + // this is only a test for length, not writing into output buffer + if (run_rule_engine (user_options_extra->rule_len_l, user_options->rule_buf_l)) { if (len >= RP_PASSWORD_SIZE) continue; @@ -444,6 +452,11 @@ int count_words (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, const char *dictfile, u i += off; + // do the on-the-fly hex decode using original buffer + // this is safe as length only decreases in size + + len = (u32) convert_from_hex (hashcat_ctx, ptr, len); + // do the on-the-fly encoding if (wl_data->iconv_enabled == true) From 786efc2d7c25117514929b1f071483162b76ae3d Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 9 Oct 2019 10:49:58 +0200 Subject: [PATCH 008/300] Add support for OPTS_TYPE_PT_HEX --- include/types.h | 61 +++++++++++++++++++++++++------------------------ src/interface.c | 10 ++++++++ src/mpsp.c | 12 +++++----- src/selftest.c | 59 ++++++++++++++++++++++++++++++++--------------- src/wordlist.c | 3 ++- 5 files changed, 89 insertions(+), 56 deletions(-) diff --git a/include/types.h b/include/types.h index e56326117..8dc5263d0 100644 --- a/include/types.h +++ b/include/types.h @@ -392,36 +392,37 @@ typedef enum opts_type OPTS_TYPE_PT_ALWAYS_ASCII = (1ULL << 13), OPTS_TYPE_PT_ALWAYS_HEXIFY = (1ULL << 14), OPTS_TYPE_PT_LM = (1ULL << 15), // special handling: all lower, 7 max, ... - OPTS_TYPE_ST_UTF16LE = (1ULL << 16), - OPTS_TYPE_ST_UTF16BE = (1ULL << 17), - OPTS_TYPE_ST_UPPER = (1ULL << 18), - OPTS_TYPE_ST_LOWER = (1ULL << 19), - OPTS_TYPE_ST_ADD01 = (1ULL << 20), - OPTS_TYPE_ST_ADD02 = (1ULL << 21), - OPTS_TYPE_ST_ADD80 = (1ULL << 22), - OPTS_TYPE_ST_ADDBITS14 = (1ULL << 23), - OPTS_TYPE_ST_ADDBITS15 = (1ULL << 24), - OPTS_TYPE_ST_HEX = (1ULL << 25), - OPTS_TYPE_ST_BASE64 = (1ULL << 26), - OPTS_TYPE_ST_HASH_MD5 = (1ULL << 27), - OPTS_TYPE_HASH_COPY = (1ULL << 28), - OPTS_TYPE_HASH_SPLIT = (1ULL << 29), - OPTS_TYPE_HOOK12 = (1ULL << 30), - OPTS_TYPE_HOOK23 = (1ULL << 31), - OPTS_TYPE_INIT2 = (1ULL << 32), - OPTS_TYPE_LOOP2 = (1ULL << 33), - OPTS_TYPE_AUX1 = (1ULL << 34), - OPTS_TYPE_AUX2 = (1ULL << 35), - OPTS_TYPE_AUX3 = (1ULL << 36), - OPTS_TYPE_AUX4 = (1ULL << 37), - OPTS_TYPE_BINARY_HASHFILE = (1ULL << 38), - OPTS_TYPE_PREFERED_THREAD = (1ULL << 39), // some algorithms (complicated ones with many branches) benefit from this - OPTS_TYPE_PT_ADD06 = (1ULL << 40), - OPTS_TYPE_KEYBOARD_MAPPING = (1ULL << 41), - OPTS_TYPE_DEEP_COMP_KERNEL = (1ULL << 42), // if we have to iterate through each hash inside the comp kernel, for example if each hash has to be decrypted separately - OPTS_TYPE_SUGGEST_KG = (1ULL << 43), // suggest keep guessing for modules the user maybe wants to use --keep-guessing - OPTS_TYPE_COPY_TMPS = (1ULL << 44), // if we want to use data from tmps buffer (for example get the PMK in WPA) - OPTS_TYPE_POTFILE_NOPASS = (1ULL << 45), // sometimes the password should not be printed to potfile + OPTS_TYPE_PT_HEX = (1ULL << 16), // input wordlist (and masks!) are always in hex + OPTS_TYPE_ST_UTF16LE = (1ULL << 17), + OPTS_TYPE_ST_UTF16BE = (1ULL << 18), + OPTS_TYPE_ST_UPPER = (1ULL << 19), + OPTS_TYPE_ST_LOWER = (1ULL << 20), + OPTS_TYPE_ST_ADD01 = (1ULL << 21), + OPTS_TYPE_ST_ADD02 = (1ULL << 22), + OPTS_TYPE_ST_ADD80 = (1ULL << 23), + OPTS_TYPE_ST_ADDBITS14 = (1ULL << 24), + OPTS_TYPE_ST_ADDBITS15 = (1ULL << 25), + OPTS_TYPE_ST_HEX = (1ULL << 26), + OPTS_TYPE_ST_BASE64 = (1ULL << 27), + OPTS_TYPE_ST_HASH_MD5 = (1ULL << 28), + OPTS_TYPE_HASH_COPY = (1ULL << 29), + OPTS_TYPE_HASH_SPLIT = (1ULL << 30), + OPTS_TYPE_HOOK12 = (1ULL << 31), + OPTS_TYPE_HOOK23 = (1ULL << 32), + OPTS_TYPE_INIT2 = (1ULL << 33), + OPTS_TYPE_LOOP2 = (1ULL << 34), + OPTS_TYPE_AUX1 = (1ULL << 35), + OPTS_TYPE_AUX2 = (1ULL << 36), + OPTS_TYPE_AUX3 = (1ULL << 37), + OPTS_TYPE_AUX4 = (1ULL << 38), + OPTS_TYPE_BINARY_HASHFILE = (1ULL << 39), + OPTS_TYPE_PREFERED_THREAD = (1ULL << 40), // some algorithms (complicated ones with many branches) benefit from this + OPTS_TYPE_PT_ADD06 = (1ULL << 41), + OPTS_TYPE_KEYBOARD_MAPPING = (1ULL << 42), + OPTS_TYPE_DEEP_COMP_KERNEL = (1ULL << 43), // if we have to iterate through each hash inside the comp kernel, for example if each hash has to be decrypted separately + OPTS_TYPE_SUGGEST_KG = (1ULL << 44), // suggest keep guessing for modules the user maybe wants to use --keep-guessing + OPTS_TYPE_COPY_TMPS = (1ULL << 45), // if we want to use data from tmps buffer (for example get the PMK in WPA) + OPTS_TYPE_POTFILE_NOPASS = (1ULL << 46), // sometimes the password should not be printed to potfile } opts_type_t; diff --git a/src/interface.c b/src/interface.c index 60ce5e5ec..7c7732ee9 100644 --- a/src/interface.c +++ b/src/interface.c @@ -292,6 +292,16 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) } } + if (user_options->hex_charset) + { + hashconfig->opts_type |= OPTS_TYPE_PT_HEX; + } + + if (user_options->hex_wordlist) + { + hashconfig->opts_type |= OPTS_TYPE_PT_HEX; + } + if (user_options->hex_salt) { if (hashconfig->salt_type == SALT_TYPE_GENERIC) diff --git a/src/mpsp.c b/src/mpsp.c index f69f14fba..89510dd9a 100644 --- a/src/mpsp.c +++ b/src/mpsp.c @@ -254,7 +254,7 @@ static int mp_add_cs_buf (hashcat_ctx_t *hashcat_ctx, const u32 *in_buf, size_t static int mp_expand (hashcat_ctx_t *hashcat_ctx, const char *in_buf, size_t in_len, cs_t *mp_sys, cs_t *mp_usr, u32 mp_usr_offset, int interpret) { - const user_options_t *user_options = hashcat_ctx->user_options; + const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; size_t in_pos; @@ -317,7 +317,7 @@ static int mp_expand (hashcat_ctx_t *hashcat_ctx, const char *in_buf, size_t in_ } else { - if (user_options->hex_charset == true) + if (hashconfig->opts_type & OPTS_TYPE_PT_HEX) { in_pos++; @@ -362,7 +362,7 @@ static int mp_expand (hashcat_ctx_t *hashcat_ctx, const char *in_buf, size_t in_ static int mp_gen_css (hashcat_ctx_t *hashcat_ctx, char *mask_buf, size_t mask_len, cs_t *mp_sys, cs_t *mp_usr, cs_t *css_buf, u32 *css_cnt) { - const user_options_t *user_options = hashcat_ctx->user_options; + const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; memset (css_buf, 0, 256 * sizeof (cs_t)); @@ -430,7 +430,7 @@ static int mp_gen_css (hashcat_ctx_t *hashcat_ctx, char *mask_buf, size_t mask_l } else { - if (user_options->hex_charset == true) + if (hashconfig->opts_type & OPTS_TYPE_PT_HEX) { mask_pos++; @@ -488,7 +488,7 @@ static int mp_gen_css (hashcat_ctx_t *hashcat_ctx, char *mask_buf, size_t mask_l static int mp_get_truncated_mask (hashcat_ctx_t *hashcat_ctx, const char *mask_buf, const size_t mask_len, const u32 len, char *new_mask_buf) { - const user_options_t *user_options = hashcat_ctx->user_options; + const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; u32 mask_pos; @@ -512,7 +512,7 @@ static int mp_get_truncated_mask (hashcat_ctx_t *hashcat_ctx, const char *mask_b } else { - if (user_options->hex_charset == true) + if (hashconfig->opts_type & OPTS_TYPE_PT_HEX) { mask_pos++; diff --git a/src/selftest.c b/src/selftest.c index b299cb3eb..53e590a1b 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -44,6 +44,25 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param // password : move the known password into a fake buffer + pw_t tmp; + + memset (&tmp, 0, sizeof (tmp)); + + char *tmp_ptr = (char *) &tmp.i; + + const size_t tmp_len = strlen (hashconfig->st_pass); + + if (hashconfig->opts_type & OPTS_TYPE_PT_HEX) + { + tmp.pw_len = hex_decode ((const u8 *) hashconfig->st_pass, (const int) tmp_len, (u8 *) tmp_ptr); + } + else + { + memcpy (tmp_ptr, hashconfig->st_pass, tmp_len); + + tmp.pw_len = (u32) tmp_len; + } + u32 highest_pw_len = 0; if (user_options->slow_candidates == true) @@ -53,13 +72,15 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param device_param->kernel_params_buf32[30] = 1; } - pw_t pw; memset (&pw, 0, sizeof (pw)); + pw_t pw; + + memset (&pw, 0, sizeof (pw)); char *pw_ptr = (char *) &pw.i; - const size_t pw_len = strlen (hashconfig->st_pass); + const size_t pw_len = tmp.pw_len; - memcpy (pw_ptr, hashconfig->st_pass, pw_len); + memcpy (pw_ptr, tmp_ptr, pw_len); pw.pw_len = (u32) pw_len; @@ -87,9 +108,9 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param char *pw_ptr = (char *) &pw.i; - const size_t pw_len = strlen (hashconfig->st_pass); + const size_t pw_len = tmp.pw_len; - memcpy (pw_ptr, hashconfig->st_pass, pw_len); + memcpy (pw_ptr, tmp_ptr, pw_len); pw.pw_len = (u32) pw_len; @@ -119,9 +140,9 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param char *pw_ptr = (char *) &pw.i; - const size_t pw_len = strlen (hashconfig->st_pass); + const size_t pw_len = tmp.pw_len; - memcpy (pw_ptr, hashconfig->st_pass, pw_len - 1); + memcpy (pw_ptr, tmp_ptr, pw_len - 1); pw.pw_len = (u32) pw_len - 1; @@ -136,7 +157,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param char *comb_ptr = (char *) &comb.i; - memcpy (comb_ptr, hashconfig->st_pass + pw_len - 1, 1); + memcpy (comb_ptr, tmp_ptr + pw_len - 1, 1); comb.pw_len = 1; @@ -186,9 +207,9 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param char *pw_ptr = (char *) &pw.i; - const size_t pw_len = strlen (hashconfig->st_pass); + const size_t pw_len = tmp.pw_len; - memcpy (pw_ptr, hashconfig->st_pass, pw_len); + memcpy (pw_ptr, tmp_ptr, pw_len); if (hashconfig->opts_type & OPTS_TYPE_PT_UPPER) { @@ -215,7 +236,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param char *bf_ptr = (char *) &bf.i; - memcpy (bf_ptr, hashconfig->st_pass, 1); + memcpy (bf_ptr, tmp_ptr, 1); if (hashconfig->opts_type & OPTS_TYPE_PT_UTF16LE) { @@ -223,7 +244,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param for (int i = 0, j = 0; i < 1; i += 1, j += 2) { - bf_ptr[j + 0] = hashconfig->st_pass[i]; + bf_ptr[j + 0] = tmp_ptr[i]; bf_ptr[j + 1] = 0; } } @@ -234,7 +255,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param for (int i = 0, j = 0; i < 1; i += 1, j += 2) { bf_ptr[j + 0] = 0; - bf_ptr[j + 1] = hashconfig->st_pass[i]; + bf_ptr[j + 1] = tmp_ptr[i]; } } @@ -264,9 +285,9 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param char *pw_ptr = (char *) &pw.i; - const size_t pw_len = strlen (hashconfig->st_pass); + const size_t pw_len = tmp.pw_len; - memcpy (pw_ptr + 1, hashconfig->st_pass + 1, pw_len - 1); + memcpy (pw_ptr + 1, tmp_ptr + 1, pw_len - 1); size_t new_pass_len = pw_len; @@ -276,7 +297,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param for (size_t i = 1, j = 2; i < new_pass_len; i += 1, j += 2) { - pw_ptr[j + 0] = hashconfig->st_pass[i]; + pw_ptr[j + 0] = tmp_ptr[i]; pw_ptr[j + 1] = 0; } @@ -289,7 +310,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param for (size_t i = 1, j = 2; i < new_pass_len; i += 1, j += 2) { pw_ptr[j + 0] = 0; - pw_ptr[j + 1] = hashconfig->st_pass[i]; + pw_ptr[j + 1] = tmp_ptr[i]; } new_pass_len *= 2; @@ -366,9 +387,9 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param char *pw_ptr = (char *) &pw.i; - const size_t pw_len = strlen (hashconfig->st_pass); + const size_t pw_len = tmp.pw_len; - memcpy (pw_ptr, hashconfig->st_pass, pw_len); + memcpy (pw_ptr, tmp_ptr, pw_len); pw.pw_len = (u32) pw_len; diff --git a/src/wordlist.c b/src/wordlist.c index 7ac0b07c1..380dfcf4d 100644 --- a/src/wordlist.c +++ b/src/wordlist.c @@ -16,11 +16,12 @@ size_t convert_from_hex (hashcat_ctx_t *hashcat_ctx, char *line_buf, const size_t line_len) { + const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; const user_options_t *user_options = hashcat_ctx->user_options; if (line_len & 1) return (line_len); // not in hex - if (user_options->hex_wordlist == true) + if (hashconfig->opts_type & OPTS_TYPE_PT_HEX) { size_t i, j; From 2622993c00b489b820fcc0773a26299c610694af Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 9 Oct 2019 19:15:37 +0200 Subject: [PATCH 009/300] Fix check of OPTS_TYPE_PT_HEX in selftest --- src/selftest.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/selftest.c b/src/selftest.c index 53e590a1b..6265bed04 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -44,6 +44,8 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param // password : move the known password into a fake buffer + const u32 module_opts_type = module_ctx->module_opts_type (hashconfig, user_options, user_options_extra); + pw_t tmp; memset (&tmp, 0, sizeof (tmp)); @@ -52,7 +54,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param const size_t tmp_len = strlen (hashconfig->st_pass); - if (hashconfig->opts_type & OPTS_TYPE_PT_HEX) + if (module_opts_type & OPTS_TYPE_PT_HEX) { tmp.pw_len = hex_decode ((const u8 *) hashconfig->st_pass, (const int) tmp_len, (u8 *) tmp_ptr); } From c78b8878d5e1c1304218cce53efcf3a52a1cb772 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 9 Oct 2019 19:18:18 +0200 Subject: [PATCH 010/300] Fix calculation of mask length for status view in case hex-charset is used --- include/mpsp.h | 2 +- src/mpsp.c | 27 ++++++++++++++++++++++----- src/status.c | 5 +++-- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/include/mpsp.h b/include/mpsp.h index b986d0dc7..da0e6dfc7 100644 --- a/include/mpsp.h +++ b/include/mpsp.h @@ -22,7 +22,7 @@ #define INCR_MASKS 1000 -u32 mp_get_length (const char *mask); +u32 mp_get_length (const char *mask, const u32 opts_type); void sp_exec (u64 ctx, char *pw_buf, cs_t *root_css_buf, cs_t *markov_css_buf, u32 start, u32 stop); diff --git a/src/mpsp.c b/src/mpsp.c index 89510dd9a..f3a7fc344 100644 --- a/src/mpsp.c +++ b/src/mpsp.c @@ -1061,7 +1061,7 @@ static int mask_append (hashcat_ctx_t *hashcat_ctx, const char *mask, const char if (user_options->increment == true) { - const u32 mask_length = mp_get_length (mask); + const u32 mask_length = mp_get_length (mask, hashconfig->opts_type); u32 increment_min = user_options->increment_min; u32 increment_max = user_options->increment_max; @@ -1129,17 +1129,34 @@ static int mask_append (hashcat_ctx_t *hashcat_ctx, const char *mask, const char return 0; } -u32 mp_get_length (const char *mask) +u32 mp_get_length (const char *mask, const u32 opts_type) { + bool ignore_next = false; + u32 len = 0; const size_t mask_len = strlen (mask); for (size_t i = 0; i < mask_len; i++) { - if (mask[i] == '?') i++; + if (ignore_next == true) + { + ignore_next = false; + } + else + { + if (mask[i] == '?') + { + ignore_next = true; + } - len++; + if (opts_type & OPTS_TYPE_PT_HEX) + { + ignore_next = true; + } + + len++; + } } return len; @@ -1260,7 +1277,7 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx) if (user_options->benchmark == true) { - pw_min = mp_get_length (mask_ctx->mask); + pw_min = mp_get_length (mask_ctx->mask, hashconfig->opts_type); pw_max = pw_min; } diff --git a/src/status.c b/src/status.c index 718336f43..26407519e 100644 --- a/src/status.c +++ b/src/status.c @@ -778,13 +778,14 @@ char *status_get_guess_charset (const hashcat_ctx_t *hashcat_ctx) int status_get_guess_mask_length (const hashcat_ctx_t *hashcat_ctx) { - const mask_ctx_t *mask_ctx = hashcat_ctx->mask_ctx; + const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; + const mask_ctx_t *mask_ctx = hashcat_ctx->mask_ctx; if (mask_ctx == NULL) return -1; if (mask_ctx->mask == NULL) return -1; - return mp_get_length (mask_ctx->mask); + return mp_get_length (mask_ctx->mask, hashconfig->opts_type); } char *status_get_guess_candidates_dev (const hashcat_ctx_t *hashcat_ctx, const int backend_devices_idx) From 870229196b495bf175ff776d52ece9662c099c13 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 9 Oct 2019 19:43:05 +0200 Subject: [PATCH 011/300] Fix long hex encoded masks in maskfiles --- include/types.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/types.h b/include/types.h index 8dc5263d0..8614d035c 100644 --- a/include/types.h +++ b/include/types.h @@ -1629,7 +1629,7 @@ typedef struct loopback_ctx typedef struct mf { - char mf_buf[0x100]; + char mf_buf[0x400]; int mf_len; } mf_t; From 95920f1ef3ddf70aa30aa7d55d21fdf311d2d725 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 25 Oct 2019 10:05:56 +0200 Subject: [PATCH 012/300] Startup Checks: Prevent the user to modify options which are overwritten automatically in benchmark mode --- docs/changes.txt | 1 + src/user_options.c | 124 +++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 116 insertions(+), 9 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 01d86a99e..20d207bad 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -99,6 +99,7 @@ - OpenCL Runtime: Workaround JiT compiler error on ROCM 2.3 driver if the 'inline' keyword is used in function declaration - OpenCL Runtime: Workaround memory allocation error on AMD driver on Windows leading to CL_MEM_OBJECT_ALLOCATION_FAILURE - OpenCL Runtime: Workaround ROCm OpenCL driver problem trying to write temporary file into readonly folder by setting TMPDIR +- Startup Checks: Prevent the user to modify options which are overwritten automatically in benchmark mode - Startup Checks: Improved the pidfile check: Do not just check for existing PID but also check executable filename - Startup Screen: Add extra warning when using --force - Startup Screen: Provide an estimate of host memory requirements for the requested attack diff --git a/src/user_options.c b/src/user_options.c index 81078d074..405e1b42e 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -1007,20 +1007,126 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) return -1; } - if ((user_options->spin_damp_chgd == true) && (user_options->benchmark == true)) - { - event_log_error (hashcat_ctx, "Values of --spin-damp cannot be used in combination with --benchmark."); - - return -1; - } - if (user_options->benchmark == true) { + // sanity checks based on automatically overwritten configuration variables by + // benchmark mode section in user_options_preprocess() + + #ifdef WITH_BRAIN + if (user_options->brain_client == true) + { + event_log_error (hashcat_ctx, "Brain client (-z) is not allowed in benchmark mode."); + + return -1; + } + + if (user_options->brain_server == true) + { + event_log_error (hashcat_ctx, "Brain server is not allowed in benchmark mode."); + + return -1; + } + #endif + if (user_options->attack_mode_chgd == true) { - if (user_options->attack_mode != ATTACK_MODE_BF) + event_log_error (hashcat_ctx, "Can't change --attack-mode (-a) in benchmark mode."); + + return -1; + } + + if (user_options->bitmap_min != BITMAP_MIN) + { + event_log_error (hashcat_ctx, "Can't change --bitmap-min in benchmark mode."); + + return -1; + } + + if (user_options->bitmap_max != BITMAP_MAX) + { + event_log_error (hashcat_ctx, "Can't change --bitmap-max in benchmark mode."); + + return -1; + } + + if (user_options->hwmon_temp_abort != HWMON_TEMP_ABORT) + { + event_log_error (hashcat_ctx, "Can't change --hwmon-temp-abort in benchmark mode."); + + return -1; + } + + if (user_options->left == true) + { + event_log_error (hashcat_ctx, "Can't change --left in benchmark mode."); + + return -1; + } + + if (user_options->show == true) + { + event_log_error (hashcat_ctx, "Can't change --show in benchmark mode."); + + return -1; + } + + if (user_options->speed_only == true) + { + event_log_error (hashcat_ctx, "Can't change --speed-only in benchmark mode."); + + return -1; + } + + if (user_options->progress_only == true) + { + event_log_error (hashcat_ctx, "Can't change --progress-only in benchmark mode."); + + return -1; + } + + if (user_options->increment == true) + { + event_log_error (hashcat_ctx, "Can't change --increment (-i) in benchmark mode."); + + return -1; + } + + if (user_options->restore == true) + { + event_log_error (hashcat_ctx, "Can't change --restore in benchmark mode."); + + return -1; + } + + if (user_options->status == true) + { + event_log_error (hashcat_ctx, "Can't change --status in benchmark mode."); + + return -1; + } + + if (user_options->spin_damp_chgd == true) + { + event_log_error (hashcat_ctx, "Can't change --spin-damp in benchmark mode."); + + return -1; + } + + if (user_options->workload_profile_chgd == true) + { + event_log_error (hashcat_ctx, "Can't change --workload-profile (-w) in benchmark mode."); + + return -1; + } + + if ((user_options->custom_charset_1 != NULL) + || (user_options->custom_charset_2 != NULL) + || (user_options->custom_charset_3 != NULL) + || (user_options->custom_charset_4 != NULL)) + { + if (user_options->attack_mode == ATTACK_MODE_STRAIGHT) { - event_log_error (hashcat_ctx, "Benchmark mode is only allowed in attack mode 3 (brute-force)."); + event_log_error (hashcat_ctx, "Custom charsets are not supported in benchmark mode."); return -1; } From 5a4cfe9fa397650fa5782f88d1206dcea0c99833 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 25 Oct 2019 11:16:06 +0200 Subject: [PATCH 013/300] Allow workload-profile change in benchmark mode --- src/user_options.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/user_options.c b/src/user_options.c index 405e1b42e..5b2abc1b6 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -1112,13 +1112,6 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) return -1; } - if (user_options->workload_profile_chgd == true) - { - event_log_error (hashcat_ctx, "Can't change --workload-profile (-w) in benchmark mode."); - - return -1; - } - if ((user_options->custom_charset_1 != NULL) || (user_options->custom_charset_2 != NULL) || (user_options->custom_charset_3 != NULL) From 04b403ff16dd00f7d2ca46b122d551f5b054d678 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 25 Oct 2019 12:37:09 +0200 Subject: [PATCH 014/300] _FORTIFY_SOURCE needs string.h --- include/common.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/common.h b/include/common.h index 39ea9016d..d4b54936d 100644 --- a/include/common.h +++ b/include/common.h @@ -36,6 +36,9 @@ #define _FILE_OFFSET_BITS 64 #endif +// _FORTIFY_SOURCE needs string.h +#include + #ifndef _FORTIFY_SOURCE #define _FORTIFY_SOURCE 2 #endif From c5262f76e986185f9d4de088dbc9c179bb884cc7 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Mon, 28 Oct 2019 13:04:24 +0100 Subject: [PATCH 015/300] fixes #2208: -m 15200/12700 correctly validate "address" in decrypted data --- OpenCL/m12700-pure.cl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenCL/m12700-pure.cl b/OpenCL/m12700-pure.cl index 8fc00d476..f163e8da8 100644 --- a/OpenCL/m12700-pure.cl +++ b/OpenCL/m12700-pure.cl @@ -406,7 +406,7 @@ KERNEL_FQ void m12700_comp (KERN_ATTR_TMPS (mywallet_tmp_t)) } // "addre - if ((pt[i + 0] == '"') && (pt[i + 1] == 'a') && (pt[i + 2] == 'd') && (pt[i + 3] == 'd') && (pt[i + 4] == 'r') && (pt[i + 5] == 'a')) + if ((pt[i + 0] == '"') && (pt[i + 1] == 'a') && (pt[i + 2] == 'd') && (pt[i + 3] == 'd') && (pt[i + 4] == 'r') && (pt[i + 5] == 'e')) { const u32 r0 = data[0]; const u32 r1 = data[1]; From 9a4bb20135c64e8a63513c2c4ef4dca4dd6c737a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 30 Oct 2019 09:02:02 +0100 Subject: [PATCH 016/300] Fix KERNEL_STATIC check in -m 12700 kernel --- OpenCL/m12700-pure.cl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/OpenCL/m12700-pure.cl b/OpenCL/m12700-pure.cl index f163e8da8..b8a74179d 100644 --- a/OpenCL/m12700-pure.cl +++ b/OpenCL/m12700-pure.cl @@ -353,11 +353,11 @@ KERNEL_FQ void m12700_comp (KERN_ATTR_TMPS (mywallet_tmp_t)) const u32 r2 = data[2]; const u32 r3 = data[3]; - #ifdef KERNEL_STATIC #define il_pos 0 - #endif + #ifdef KERNEL_STATIC #include COMPARE_M + #endif } // "tx_no @@ -383,11 +383,11 @@ KERNEL_FQ void m12700_comp (KERN_ATTR_TMPS (mywallet_tmp_t)) const u32 r2 = data[2]; const u32 r3 = data[3]; - #ifdef KERNEL_STATIC #define il_pos 0 - #endif + #ifdef KERNEL_STATIC #include COMPARE_M + #endif } // "doubl From d71afd6d7a3aa0fb2c7a832ed2adf2f65dc2b504 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 2 Nov 2019 10:29:34 +0100 Subject: [PATCH 017/300] Prepare new --hook-threads feature --- extra/tab_completion/hashcat.sh | 4 +- include/shared.h | 2 + include/types.h | 79 +++++++++++++++++---------------- src/hashcat.c | 6 +++ src/shared.c | 21 +++++++++ src/usage.c | 1 + src/user_options.c | 5 +++ 7 files changed, 78 insertions(+), 40 deletions(-) diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh index f17019a19..96d426c22 100644 --- a/extra/tab_completion/hashcat.sh +++ b/extra/tab_completion/hashcat.sh @@ -250,8 +250,8 @@ _hashcat () local BUILD_IN_CHARSETS='?l ?u ?d ?a ?b ?s ?h ?H' local SHORT_OPTS="-m -a -V -h -b -t -T -o -p -c -d -D -w -n -u -j -k -r -g -1 -2 -3 -4 -i -I -s -l -O -S -z" - local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --benchmark-all --hex-salt --hex-wordlist --hex-charset --force --status --status-json --status-timer --stdin-timeout-abort --machine-readable --loopback --markov-hcstat2 --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --wordlist-autohex-disable --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --example-hashes --backend-info --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-disable --hwmon-temp-abort --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --optimized-kernel-enable --self-test-disable --slow-candidates --brain-server --brain-client --brain-client-features --brain-host --brain-port --brain-session --brain-session-whitelist --brain-password" - local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --stdin-timeout-abort --markov-hcstat2 --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-temp-abort --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --increment-min --increment-max --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --brain-client-features --brain-host --brain-password --brain-port --brain-session --brain-session-whitelist" + local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --benchmark-all --hex-salt --hex-wordlist --hex-charset --force --status --status-json --status-timer --stdin-timeout-abort --machine-readable --loopback --markov-hcstat2 --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --wordlist-autohex-disable --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --example-hashes --backend-info --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-disable --hwmon-temp-abort --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --optimized-kernel-enable --self-test-disable --slow-candidates --brain-server --brain-client --brain-client-features --brain-host --brain-port --brain-session --brain-session-whitelist --brain-password" + local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --stdin-timeout-abort --markov-hcstat2 --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-temp-abort --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment-min --increment-max --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --brain-client-features --brain-host --brain-password --brain-port --brain-session --brain-session-whitelist" COMPREPLY=() local cur="${COMP_WORDS[COMP_CWORD]}" diff --git a/include/shared.h b/include/shared.h index 787a241c6..203a85244 100644 --- a/include/shared.h +++ b/include/shared.h @@ -64,6 +64,8 @@ bool hc_string_is_digit (const char *s); void hc_string_trim_trailing (char *s); void hc_string_trim_leading (char *s); +int hc_get_processor_count (); + bool hc_same_files (char *file1, char *file2); u32 hc_strtoul (const char *nptr, char **endptr, int base); diff --git a/include/types.h b/include/types.h index 8614d035c..f5e3b3dbc 100644 --- a/include/types.h +++ b/include/types.h @@ -583,6 +583,7 @@ typedef enum user_options_defaults HEX_CHARSET = false, HEX_SALT = false, HEX_WORDLIST = false, + HOOK_THREADS = 0, INCREMENT = false, INCREMENT_MAX = PW_MAX, INCREMENT_MIN = 1, @@ -647,60 +648,61 @@ typedef enum user_options_map IDX_ATTACK_MODE = 'a', IDX_BACKEND_DEVICES = 'd', IDX_BACKEND_INFO = 'I', - IDX_BACKEND_VECTOR_WIDTH = 0xff27, - IDX_BENCHMARK_ALL = 0xff01, + IDX_BACKEND_VECTOR_WIDTH = 0xff01, + IDX_BENCHMARK_ALL = 0xff02, IDX_BENCHMARK = 'b', - IDX_BITMAP_MAX = 0xff02, - IDX_BITMAP_MIN = 0xff03, + IDX_BITMAP_MAX = 0xff03, + IDX_BITMAP_MIN = 0xff04, #ifdef WITH_BRAIN IDX_BRAIN_CLIENT = 'z', - IDX_BRAIN_CLIENT_FEATURES = 0xff04, - IDX_BRAIN_HOST = 0xff05, - IDX_BRAIN_PASSWORD = 0xff06, - IDX_BRAIN_PORT = 0xff07, - IDX_BRAIN_SERVER = 0xff08, - IDX_BRAIN_SESSION = 0xff09, - IDX_BRAIN_SESSION_WHITELIST = 0xff0a, + IDX_BRAIN_CLIENT_FEATURES = 0xff05, + IDX_BRAIN_HOST = 0xff06, + IDX_BRAIN_PASSWORD = 0xff07, + IDX_BRAIN_PORT = 0xff08, + IDX_BRAIN_SERVER = 0xff09, + IDX_BRAIN_SESSION = 0xff0a, + IDX_BRAIN_SESSION_WHITELIST = 0xff0b, #endif - IDX_CPU_AFFINITY = 0xff0b, + IDX_CPU_AFFINITY = 0xff0c, IDX_CUSTOM_CHARSET_1 = '1', IDX_CUSTOM_CHARSET_2 = '2', IDX_CUSTOM_CHARSET_3 = '3', IDX_CUSTOM_CHARSET_4 = '4', - IDX_DEBUG_FILE = 0xff0c, - IDX_DEBUG_MODE = 0xff0d, - IDX_ENCODING_FROM = 0xff0e, - IDX_ENCODING_TO = 0xff0f, - IDX_EXAMPLE_HASHES = 0xff10, - IDX_FORCE = 0xff11, - IDX_HWMON_DISABLE = 0xff12, - IDX_HWMON_TEMP_ABORT = 0xff13, + IDX_DEBUG_FILE = 0xff0d, + IDX_DEBUG_MODE = 0xff0e, + IDX_ENCODING_FROM = 0xff0f, + IDX_ENCODING_TO = 0xff10, + IDX_EXAMPLE_HASHES = 0xff11, + IDX_FORCE = 0xff12, + IDX_HWMON_DISABLE = 0xff13, + IDX_HWMON_TEMP_ABORT = 0xff14, IDX_HASH_MODE = 'm', - IDX_HCCAPX_MESSAGE_PAIR = 0xff14, + IDX_HCCAPX_MESSAGE_PAIR = 0xff15, IDX_HELP = 'h', - IDX_HEX_CHARSET = 0xff15, - IDX_HEX_SALT = 0xff16, - IDX_HEX_WORDLIST = 0xff17, + IDX_HEX_CHARSET = 0xff16, + IDX_HEX_SALT = 0xff17, + IDX_HEX_WORDLIST = 0xff18, + IDX_HOOK_THREADS = 0xff19, IDX_INCREMENT = 'i', - IDX_INCREMENT_MAX = 0xff18, - IDX_INCREMENT_MIN = 0xff19, - IDX_INDUCTION_DIR = 0xff1a, - IDX_KEEP_GUESSING = 0xff1b, + IDX_INCREMENT_MAX = 0xff1a, + IDX_INCREMENT_MIN = 0xff1b, + IDX_INDUCTION_DIR = 0xff1c, + IDX_KEEP_GUESSING = 0xff1d, IDX_KERNEL_ACCEL = 'n', IDX_KERNEL_LOOPS = 'u', IDX_KERNEL_THREADS = 'T', - IDX_KEYBOARD_LAYOUT_MAPPING = 0xff1c, - IDX_KEYSPACE = 0xff1d, - IDX_LEFT = 0xff1e, + IDX_KEYBOARD_LAYOUT_MAPPING = 0xff1e, + IDX_KEYSPACE = 0xff1f, + IDX_LEFT = 0xff20, IDX_LIMIT = 'l', - IDX_LOGFILE_DISABLE = 0xff1f, - IDX_LOOPBACK = 0xff20, - IDX_MACHINE_READABLE = 0xff21, - IDX_MARKOV_CLASSIC = 0xff22, - IDX_MARKOV_DISABLE = 0xff23, - IDX_MARKOV_HCSTAT2 = 0xff24, + IDX_LOGFILE_DISABLE = 0xff21, + IDX_LOOPBACK = 0xff22, + IDX_MACHINE_READABLE = 0xff23, + IDX_MARKOV_CLASSIC = 0xff24, + IDX_MARKOV_DISABLE = 0xff25, + IDX_MARKOV_HCSTAT2 = 0xff26, IDX_MARKOV_THRESHOLD = 't', - IDX_NONCE_ERROR_CORRECTIONS = 0xff25, + IDX_NONCE_ERROR_CORRECTIONS = 0xff27, IDX_OPENCL_DEVICE_TYPES = 'D', IDX_OPTIMIZED_KERNEL_ENABLE = 'O', IDX_OUTFILE_AUTOHEX_DISABLE = 0xff28, @@ -1916,6 +1918,7 @@ typedef struct user_options u32 hwmon_temp_abort; int hash_mode; u32 hccapx_message_pair; + u32 hook_threads; u32 increment_max; u32 increment_min; u32 kernel_accel; diff --git a/src/hashcat.c b/src/hashcat.c index 01a069ab7..eaf16a24a 100644 --- a/src/hashcat.c +++ b/src/hashcat.c @@ -1043,6 +1043,12 @@ int hashcat_session_init (hashcat_ctx_t *hashcat_ctx, const char *install_folder setup_umask (); + /** + * Find number of physical CPU cores + */ + + user_options->hook_threads = hc_get_processor_count (); + /** * tuning db */ diff --git a/src/shared.c b/src/shared.c index 8d4181375..41e6ac6d2 100644 --- a/src/shared.c +++ b/src/shared.c @@ -609,6 +609,27 @@ void hc_string_trim_trailing (char *s) s[new_len] = 0; } +int hc_get_processor_count () +{ + int cnt = 0; + + #if defined (_WIN) + + SYSTEM_INFO info; + + GetSystemInfo (&info); + + cnt = (int) info.dwNumberOfProcessors; + + #else + + cnt = (int) sysconf (_SC_NPROCESSORS_ONLN); + + #endif + + return cnt; +} + bool hc_same_files (char *file1, char *file2) { if ((file1 != NULL) && (file2 != NULL)) diff --git a/src/usage.c b/src/usage.c index 57b14bab1..657e5eb2b 100644 --- a/src/usage.c +++ b/src/usage.c @@ -88,6 +88,7 @@ static const char *const USAGE_BIG_PRE_HASHMODES[] = " --bitmap-min | Num | Sets minimum bits allowed for bitmaps to X | --bitmap-min=24", " --bitmap-max | Num | Sets maximum bits allowed for bitmaps to X | --bitmap-max=24", " --cpu-affinity | Str | Locks to CPU devices, separated with commas | --cpu-affinity=1,2,3", + " --hook-threads | Num | Sets number of threads for a hook (per compute unit) | --hook-threads=8", " --example-hashes | | Show an example hash for each hash-mode |", " -I, --backend-info | | Show info about detected backend API devices | -I", " -d, --backend-devices | Str | Backend devices to use, separated with commas | -d 1", diff --git a/src/user_options.c b/src/user_options.c index 5b2abc1b6..1f74cf1e9 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -58,6 +58,7 @@ static const struct option long_options[] = {"hex-charset", no_argument, NULL, IDX_HEX_CHARSET}, {"hex-salt", no_argument, NULL, IDX_HEX_SALT}, {"hex-wordlist", no_argument, NULL, IDX_HEX_WORDLIST}, + {"hook-threads", required_argument, NULL, IDX_HOOK_THREADS}, {"increment-max", required_argument, NULL, IDX_INCREMENT_MAX}, {"increment-min", required_argument, NULL, IDX_INCREMENT_MIN}, {"increment", no_argument, NULL, IDX_INCREMENT}, @@ -185,6 +186,7 @@ int user_options_init (hashcat_ctx_t *hashcat_ctx) user_options->hex_charset = HEX_CHARSET; user_options->hex_salt = HEX_SALT; user_options->hex_wordlist = HEX_WORDLIST; + user_options->hook_threads = HOOK_THREADS; user_options->increment = INCREMENT; user_options->increment_max = INCREMENT_MAX; user_options->increment_min = INCREMENT_MIN; @@ -321,6 +323,7 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_BITMAP_MAX: case IDX_INCREMENT_MIN: case IDX_INCREMENT_MAX: + case IDX_HOOK_THREADS: #ifdef WITH_BRAIN case IDX_BRAIN_PORT: #endif @@ -457,6 +460,7 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_SEPARATOR: user_options->separator = optarg[0]; break; case IDX_BITMAP_MIN: user_options->bitmap_min = hc_strtoul (optarg, NULL, 10); break; case IDX_BITMAP_MAX: user_options->bitmap_max = hc_strtoul (optarg, NULL, 10); break; + case IDX_HOOK_THREADS: user_options->hook_threads = hc_strtoul (optarg, NULL, 10); break; case IDX_INCREMENT: user_options->increment = true; break; case IDX_INCREMENT_MIN: user_options->increment_min = hc_strtoul (optarg, NULL, 10); user_options->increment_min_chgd = true; break; @@ -2822,6 +2826,7 @@ void user_options_logger (hashcat_ctx_t *hashcat_ctx) logfile_top_uint (user_options->hex_charset); logfile_top_uint (user_options->hex_salt); logfile_top_uint (user_options->hex_wordlist); + logfile_top_uint (user_options->hook_threads); logfile_top_uint (user_options->increment); logfile_top_uint (user_options->increment_max); logfile_top_uint (user_options->increment_min); From a8555fa048517bf352c0ba16745d467f6c2ed837 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 3 Nov 2019 12:05:52 +0100 Subject: [PATCH 018/300] Support use of all available CPU cores for hash-mode specific hooks --- docs/changes.txt | 1 + include/backend.h | 3 + include/modules.h | 4 +- include/types.h | 16 +++ src/backend.c | 110 +++++++++++++++- src/modules/module_11600.c | 263 ++++++++++++++++++------------------- src/selftest.c | 4 +- 7 files changed, 262 insertions(+), 139 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 20d207bad..58785133b 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -8,6 +8,7 @@ - Refactor hashcat backend interface to allow adding compute API other than OpenCL - Added CUDA as a new compute API to hashcat backend (enables hashcat to run on NVIDIA Jetson or IBM POWER9) - Support use of all available GPU memory using CUDA backend +- Support use of all available CPU cores for hash-mode specific hooks - Support on-the-fly loading of compressed wordlists in zip and gzip format - Support for inline VeraCrypt PIM Brute-Force - Support deflate decompression for the 7-Zip hash-mode using zlib hook diff --git a/include/backend.h b/include/backend.h index 4d24cf4c0..8f9154d94 100644 --- a/include/backend.h +++ b/include/backend.h @@ -154,4 +154,7 @@ int backend_session_update_combinator (hashcat_ctx_t *hashcat_ctx); int backend_session_update_mp (hashcat_ctx_t *hashcat_ctx); int backend_session_update_mp_rl (hashcat_ctx_t *hashcat_ctx, const u32 css_cnt_l, const u32 css_cnt_r); +void *hook12_thread (void *p); +void *hook23_thread (void *p); + #endif // _BACKEND_H diff --git a/include/modules.h b/include/modules.h index 1e90e67dd..4e6fee69c 100644 --- a/include/modules.h +++ b/include/modules.h @@ -71,8 +71,8 @@ bool module_jit_cache_disable (MAYBE_UNUSED const hashconfig_t *ha u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos); int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash); -void module_hook12 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pws_cnt); -void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pws_cnt); +void module_hook12 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos); +void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos); int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz); diff --git a/include/types.h b/include/types.h index f5e3b3dbc..7955690de 100644 --- a/include/types.h +++ b/include/types.h @@ -2461,6 +2461,22 @@ typedef struct thread_param } thread_param_t; +typedef struct hook_thread_param +{ + int tid; + int tsz; + + module_ctx_t *module_ctx; + + hc_device_param_t *device_param; + + void *hook_salts_buf; + + u32 salt_pos; + u64 pws_cnt; + +} hook_thread_param_t; + #define MAX_TOKENS 128 #define MAX_SIGNATURES 16 diff --git a/src/backend.c b/src/backend.c index 832175b8a..958c1259f 100644 --- a/src/backend.c +++ b/src/backend.c @@ -2877,7 +2877,42 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, if (hc_clEnqueueReadBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, device_param->size_hooks, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; } - module_ctx->module_hook12 (device_param, hashes->hook_salts_buf, salt_pos, pws_cnt); + const int hook_threads = (int) user_options->hook_threads; + + hook_thread_param_t *hook_threads_param = (hook_thread_param_t *) hccalloc (hook_threads, sizeof (hook_thread_param_t)); + + for (int i = 0; i < hook_threads; i++) + { + hook_thread_param_t *hook_thread_param = hook_threads_param + i; + + hook_thread_param->tid = i; + hook_thread_param->tsz = hook_threads; + + hook_thread_param->module_ctx = module_ctx; + + hook_thread_param->device_param = device_param; + + hook_thread_param->hook_salts_buf = hashes->hook_salts_buf; + + hook_thread_param->salt_pos = salt_pos; + + hook_thread_param->pws_cnt = pws_cnt; + } + + hc_thread_t *c_threads = (hc_thread_t *) calloc (hook_threads, sizeof (hc_thread_t)); + + for (int i = 0; i < hook_threads; i++) + { + hook_thread_param_t *hook_thread_param = hook_threads_param + i; + + hc_thread_create (c_threads[i], hook12_thread, hook_thread_param); + } + + hc_thread_wait (hook_threads, c_threads); + + hcfree (c_threads); + + hcfree (hook_threads_param); if (device_param->is_cuda == true) { @@ -2957,7 +2992,42 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, if (hc_clEnqueueReadBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, device_param->size_hooks, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; } - module_ctx->module_hook23 (device_param, hashes->hook_salts_buf, salt_pos, pws_cnt); + const int hook_threads = (int) user_options->hook_threads; + + hook_thread_param_t *hook_threads_param = (hook_thread_param_t *) hccalloc (hook_threads, sizeof (hook_thread_param_t)); + + for (int i = 0; i < hook_threads; i++) + { + hook_thread_param_t *hook_thread_param = hook_threads_param + i; + + hook_thread_param->tid = i; + hook_thread_param->tsz = hook_threads; + + hook_thread_param->module_ctx = module_ctx; + + hook_thread_param->device_param = device_param; + + hook_thread_param->hook_salts_buf = hashes->hook_salts_buf; + + hook_thread_param->salt_pos = salt_pos; + + hook_thread_param->pws_cnt = pws_cnt; + } + + hc_thread_t *c_threads = (hc_thread_t *) calloc (hook_threads, sizeof (hc_thread_t)); + + for (int i = 0; i < hook_threads; i++) + { + hook_thread_param_t *hook_thread_param = hook_threads_param + i; + + hc_thread_create (c_threads[i], hook23_thread, hook_thread_param); + } + + hc_thread_wait (hook_threads, c_threads); + + hcfree (c_threads); + + hcfree (hook_threads_param); if (device_param->is_cuda == true) { @@ -10131,3 +10201,39 @@ int backend_session_update_mp_rl (hashcat_ctx_t *hashcat_ctx, const u32 css_cnt_ return 0; } + +void *hook12_thread (void *p) +{ + hook_thread_param_t *hook_thread_param = (hook_thread_param_t *) p; + + module_ctx_t *module_ctx = hook_thread_param->module_ctx; + + const u64 tid = hook_thread_param->tid; + const u64 tsz = hook_thread_param->tsz; + const u64 pws_cnt = hook_thread_param->pws_cnt; + + for (u64 pw_pos = tid; pw_pos < pws_cnt; pw_pos += tsz) + { + module_ctx->module_hook12 (hook_thread_param->device_param, hook_thread_param->hook_salts_buf, hook_thread_param->salt_pos, pw_pos); + } + + return NULL; +} + +void *hook23_thread (void *p) +{ + hook_thread_param_t *hook_thread_param = (hook_thread_param_t *) p; + + module_ctx_t *module_ctx = hook_thread_param->module_ctx; + + const u64 tid = hook_thread_param->tid; + const u64 tsz = hook_thread_param->tsz; + const u64 pws_cnt = hook_thread_param->pws_cnt; + + for (u64 pw_pos = tid; pw_pos < pws_cnt; pw_pos += tsz) + { + module_ctx->module_hook23 (hook_thread_param->device_param, hook_thread_param->hook_salts_buf, hook_thread_param->salt_pos, pw_pos); + } + + return NULL; +} diff --git a/src/modules/module_11600.c b/src/modules/module_11600.c index c05058ab9..29f0ef400 100644 --- a/src/modules/module_11600.c +++ b/src/modules/module_11600.c @@ -94,7 +94,7 @@ typedef struct seven_zip_hook_salt static const char *SIGNATURE_SEVEN_ZIP = "$7z$"; -void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pws_cnt) +void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos) { seven_zip_hook_t *hook_items = (seven_zip_hook_t *) device_param->hooks_buf; @@ -105,67 +105,40 @@ void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, u32 *data_buf = seven_zip->data_buf; u32 unpack_size = seven_zip->unpack_size; - for (u64 pw_pos = 0; pw_pos < pws_cnt; pw_pos++) + // this hook data needs to be updated (the "hook_success" variable): + + seven_zip_hook_t *hook_item = &hook_items[pw_pos]; + + const u32 *ukey = (const u32 *) hook_item->ukey; + + // init AES + + AES_KEY aes_key; + + memset (&aes_key, 0, sizeof (aes_key)); + + aes256_set_decrypt_key (aes_key.rdk, ukey, (u32 *) te0, (u32 *) te1, (u32 *) te2, (u32 *) te3, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3); + + int aes_len = seven_zip->aes_len; + + u32 data[4]; + u32 out[4]; + u32 iv[4]; + + iv[0] = seven_zip->iv_buf[0]; + iv[1] = seven_zip->iv_buf[1]; + iv[2] = seven_zip->iv_buf[2]; + iv[3] = seven_zip->iv_buf[3]; + + u32 out_full[81882]; + + // if aes_len > 16 we need to loop + + int i = 0; + int j = 0; + + for (i = 0, j = 0; i < aes_len - 16; i += 16, j += 4) { - // this hook data needs to be updated (the "hook_success" variable): - - seven_zip_hook_t *hook_item = &hook_items[pw_pos]; - - const u32 *ukey = (const u32 *) hook_item->ukey; - - // init AES - - AES_KEY aes_key; - - memset (&aes_key, 0, sizeof (aes_key)); - - aes256_set_decrypt_key (aes_key.rdk, ukey, (u32 *) te0, (u32 *) te1, (u32 *) te2, (u32 *) te3, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3); - - int aes_len = seven_zip->aes_len; - - u32 data[4]; - u32 out[4]; - u32 iv[4]; - - iv[0] = seven_zip->iv_buf[0]; - iv[1] = seven_zip->iv_buf[1]; - iv[2] = seven_zip->iv_buf[2]; - iv[3] = seven_zip->iv_buf[3]; - - u32 out_full[81882]; - - // if aes_len > 16 we need to loop - - int i = 0; - int j = 0; - - for (i = 0, j = 0; i < aes_len - 16; i += 16, j += 4) - { - data[0] = data_buf[j + 0]; - data[1] = data_buf[j + 1]; - data[2] = data_buf[j + 2]; - data[3] = data_buf[j + 3]; - - aes256_decrypt (aes_key.rdk, data, out, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3, (u32 *) td4); - - out[0] ^= iv[0]; - out[1] ^= iv[1]; - out[2] ^= iv[2]; - out[3] ^= iv[3]; - - iv[0] = data[0]; - iv[1] = data[1]; - iv[2] = data[2]; - iv[3] = data[3]; - - out_full[j + 0] = out[0]; - out_full[j + 1] = out[1]; - out_full[j + 2] = out[2]; - out_full[j + 3] = out[3]; - } - - // we need to run it at least once: - data[0] = data_buf[j + 0]; data[1] = data_buf[j + 1]; data[2] = data_buf[j + 2]; @@ -178,105 +151,129 @@ void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, out[2] ^= iv[2]; out[3] ^= iv[3]; + iv[0] = data[0]; + iv[1] = data[1]; + iv[2] = data[2]; + iv[3] = data[3]; + out_full[j + 0] = out[0]; out_full[j + 1] = out[1]; out_full[j + 2] = out[2]; out_full[j + 3] = out[3]; + } - /* - * check the CRC32 "hash" - */ + // we need to run it at least once: - u32 seven_zip_crc = seven_zip->crc; + data[0] = data_buf[j + 0]; + data[1] = data_buf[j + 1]; + data[2] = data_buf[j + 2]; + data[3] = data_buf[j + 3]; - u32 crc; + aes256_decrypt (aes_key.rdk, data, out, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3, (u32 *) td4); - if (data_type == 0) // uncompressed + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + out_full[j + 0] = out[0]; + out_full[j + 1] = out[1]; + out_full[j + 2] = out[2]; + out_full[j + 3] = out[3]; + + /* + * check the CRC32 "hash" + */ + + u32 seven_zip_crc = seven_zip->crc; + + u32 crc; + + if (data_type == 0) // uncompressed + { + crc = cpu_crc32_buffer ((u8 *) out_full, unpack_size); + } + else + { + u32 crc_len = seven_zip->crc_len; + + char *coder_attributes = seven_zip->coder_attributes; + + // input buffers and length + + u8 *compressed_data = (u8 *) out_full; + + SizeT compressed_data_len = aes_len; + + // output buffers and length + + unsigned char *decompressed_data; + + decompressed_data = (unsigned char *) hcmalloc (crc_len); + + SizeT decompressed_data_len = crc_len; + + int ret; + + if (data_type == 1) // LZMA1 { - crc = cpu_crc32_buffer ((u8 *) out_full, unpack_size); + ret = hc_lzma1_decompress (compressed_data, &compressed_data_len, decompressed_data, &decompressed_data_len, coder_attributes); } - else + else if (data_type == 7) // inflate using zlib (DEFLATE compression) { - u32 crc_len = seven_zip->crc_len; + ret = SZ_ERROR_DATA; - char *coder_attributes = seven_zip->coder_attributes; + z_stream inf; - // input buffers and length + inf.zalloc = Z_NULL; + inf.zfree = Z_NULL; + inf.opaque = Z_NULL; - u8 *compressed_data = (u8 *) out_full; + inf.avail_in = compressed_data_len; + inf.next_in = compressed_data; - SizeT compressed_data_len = aes_len; + inf.avail_out = decompressed_data_len; + inf.next_out = decompressed_data; - // output buffers and length + // inflate: - unsigned char *decompressed_data; + inflateInit2 (&inf, -MAX_WBITS); - decompressed_data = (unsigned char *) hcmalloc (crc_len); + int zlib_ret = inflate (&inf, Z_NO_FLUSH); - SizeT decompressed_data_len = crc_len; + inflateEnd (&inf); - int ret; - - if (data_type == 1) // LZMA1 + if ((zlib_ret == Z_OK) || (zlib_ret == Z_STREAM_END)) { - ret = hc_lzma1_decompress (compressed_data, &compressed_data_len, decompressed_data, &decompressed_data_len, coder_attributes); + ret = SZ_OK; } - else if (data_type == 7) // inflate using zlib (DEFLATE compression) - { - ret = SZ_ERROR_DATA; - - z_stream inf; - - inf.zalloc = Z_NULL; - inf.zfree = Z_NULL; - inf.opaque = Z_NULL; - - inf.avail_in = compressed_data_len; - inf.next_in = compressed_data; - - inf.avail_out = decompressed_data_len; - inf.next_out = decompressed_data; - - // inflate: - - inflateInit2 (&inf, -MAX_WBITS); - - int zlib_ret = inflate (&inf, Z_NO_FLUSH); - - inflateEnd (&inf); - - if ((zlib_ret == Z_OK) || (zlib_ret == Z_STREAM_END)) - { - ret = SZ_OK; - } - } - else // we only support LZMA2 in addition to LZMA1 - { - ret = hc_lzma2_decompress (compressed_data, &compressed_data_len, decompressed_data, &decompressed_data_len, coder_attributes); - } - - if (ret != SZ_OK) - { - hook_item->hook_success = 0; - - hcfree (decompressed_data); - - continue; - } - - crc = cpu_crc32_buffer (decompressed_data, crc_len); - - hcfree (decompressed_data); + } + else // we only support LZMA2 in addition to LZMA1 + { + ret = hc_lzma2_decompress (compressed_data, &compressed_data_len, decompressed_data, &decompressed_data_len, coder_attributes); } - if (crc == seven_zip_crc) - { - hook_item->hook_success = 1; - } - else + if (ret != SZ_OK) { hook_item->hook_success = 0; + + hcfree (decompressed_data); + + return; } + + crc = cpu_crc32_buffer (decompressed_data, crc_len); + + hcfree (decompressed_data); + } + + if (crc == seven_zip_crc) + { + hook_item->hook_success = 1; + } + else + { + hook_item->hook_success = 0; } } diff --git a/src/selftest.c b/src/selftest.c index 6265bed04..9e9e40f8e 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -455,7 +455,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param if (hc_clEnqueueReadBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, device_param->size_hooks, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; } - module_ctx->module_hook12 (device_param, hashes->st_hook_salts_buf, 0, 1); + module_ctx->module_hook12 (device_param, hashes->st_hook_salts_buf, 0, 0); if (device_param->is_cuda == true) { @@ -502,7 +502,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param if (hc_clEnqueueReadBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, device_param->size_hooks, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; } - module_ctx->module_hook23 (device_param, hashes->st_hook_salts_buf, 0, 1); + module_ctx->module_hook23 (device_param, hashes->st_hook_salts_buf, 0, 0); if (device_param->is_cuda == true) { From 9ea1f88f271b0047cb989ff00bf6aa7302846ead Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 3 Nov 2019 12:33:09 +0100 Subject: [PATCH 019/300] Fix tokenizer configuration in -m 20711 --- src/modules/module_20711.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_20711.c b/src/modules/module_20711.c index 2cf90e042..51308e59d 100644 --- a/src/modules/module_20711.c +++ b/src/modules/module_20711.c @@ -82,7 +82,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.len_min[1] = 16; token.len_max[1] = 16; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; + | TOKEN_ATTR_VERIFY_HEX; token.sep[2] = '$'; token.len_min[2] = 64; From 4078bcd8d77b017ac42d05d4df94da9adf5f900f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 5 Nov 2019 12:18:14 +0100 Subject: [PATCH 020/300] Fix tokenizer configuration in -m 20710 and -m 13600 --- src/modules/module_13600.c | 2 +- src/modules/module_20710.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/module_13600.c b/src/modules/module_13600.c index 562841524..66321b943 100644 --- a/src/modules/module_13600.c +++ b/src/modules/module_13600.c @@ -156,7 +156,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.len_max[5] = 6; token.sep[5] = '*'; token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; + | TOKEN_ATTR_VERIFY_HEX; token.len_min[6] = 1; token.len_max[6] = 6; diff --git a/src/modules/module_20710.c b/src/modules/module_20710.c index 6d867729b..6e956e43a 100644 --- a/src/modules/module_20710.c +++ b/src/modules/module_20710.c @@ -59,7 +59,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.len_min[0] = 64; token.len_max[0] = 64; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; + | TOKEN_ATTR_VERIFY_HEX; token.len_min[1] = SALT_MIN; token.len_max[1] = SALT_MAX; From 6adc217bae404dc3728a5514a05b8b420d3f5bf7 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 5 Nov 2019 13:49:22 +0100 Subject: [PATCH 021/300] Keep output of --show and --left in the original ordering of the input hash file --- include/potfile.h | 1 + include/types.h | 9 +++++ src/hashes.c | 6 ++++ src/potfile.c | 87 ++++++++++++++++++++++++++++++++++++++++++++--- 4 files changed, 98 insertions(+), 5 deletions(-) diff --git a/include/potfile.h b/include/potfile.h index fcc8407c6..de97a312a 100644 --- a/include/potfile.h +++ b/include/potfile.h @@ -30,5 +30,6 @@ void potfile_update_hashes (hashcat_ctx_t *hashcat_ctx, hash_t *hash_buf, cha void pot_tree_destroy (pot_tree_entry_t *tree); int sort_pot_tree_by_hash (const void *v1, const void *v2); +int sort_pot_orig_line (const void *v1, const void *v2); #endif // _POTFILE_H diff --git a/include/types.h b/include/types.h index 7955690de..3169a989f 100644 --- a/include/types.h +++ b/include/types.h @@ -834,6 +834,7 @@ typedef struct hash hashinfo_t *hash_info; char *pw_buf; int pw_len; + u64 orig_line_pos; } hash_t; @@ -1695,6 +1696,14 @@ typedef struct pot_tree_entry } pot_tree_entry_t; +typedef struct pot_orig_line_entry +{ + u8 *hash_buf; + int hash_len; + int line_pos; + +} pot_orig_line_entry_t; + typedef struct restore_data { int version; diff --git a/src/hashes.c b/src/hashes.c index 2c0107ba5..159ae47ac 100644 --- a/src/hashes.c +++ b/src/hashes.c @@ -822,6 +822,12 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) for (u64 hash_pos = 0; hash_pos < hashes_avail; hash_pos++) { + /** + * Initialize some values for later use + */ + + hashes_buf[hash_pos].orig_line_pos = hash_pos; + hashes_buf[hash_pos].digest = ((char *) digests_buf) + (hash_pos * hashconfig->dgst_size); if (hashconfig->is_salted == true) diff --git a/src/potfile.c b/src/potfile.c index a7df3b804..784df9373 100644 --- a/src/potfile.c +++ b/src/potfile.c @@ -74,6 +74,16 @@ int sort_pot_tree_by_hash (const void *v1, const void *v2) return sort_by_hash (h1, h2, hc); } +// this function is used to reproduce the hash ordering based on the original input hash file + +int sort_pot_orig_line (const void *v1, const void *v2) +{ + const pot_orig_line_entry_t *t1 = (const pot_orig_line_entry_t *) v1; + const pot_orig_line_entry_t *t2 = (const pot_orig_line_entry_t *) v2; + + return t1->line_pos > t2->line_pos; +} + // the problem with the GNU tdestroy () function is that it doesn't work with mingw etc // there are 2 alternatives: // 1. recursively delete the entries with entry->left and entry->right @@ -648,6 +658,9 @@ int potfile_handle_show (hashcat_ctx_t *hashcat_ctx) u32 salts_cnt = hashes->salts_cnt; salt_t *salts_buf = hashes->salts_buf; + pot_orig_line_entry_t *final_buf = (pot_orig_line_entry_t *) hccalloc (hashes->hashes_cnt, sizeof (pot_orig_line_entry_t)); + u32 final_cnt = 0; + if (hashconfig->opts_type & OPTS_TYPE_HASH_SPLIT) { // this implementation will work for LM only @@ -757,7 +770,17 @@ int potfile_handle_show (hashcat_ctx_t *hashcat_ctx) const int tmp_len = outfile_write (hashcat_ctx, (char *) out_buf, out_len, (u8 *) mixed_buf, mixed_len, 0, username, user_len, (char *) tmp_buf); - EVENT_DATA (EVENT_POTFILE_HASH_SHOW, tmp_buf, tmp_len); + //EVENT_DATA (EVENT_POTFILE_HASH_SHOW, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_buf = (u8 *) hcmalloc (tmp_len); + + memcpy (final_buf[final_cnt].hash_buf, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_len = tmp_len; + + final_buf[final_cnt].line_pos = hash1->orig_line_pos; + + final_cnt++; } } } @@ -808,7 +831,6 @@ int potfile_handle_show (hashcat_ctx_t *hashcat_ctx) tmp_buf[0] = 0; - // special case for collider modes: we do not use the $HEX[] format within the hash itself // therefore we need to convert the $HEX[] password into hexadecimal (without "$HEX[" and "]") @@ -837,11 +859,32 @@ int potfile_handle_show (hashcat_ctx_t *hashcat_ctx) tmp_len = outfile_write (hashcat_ctx, (char *) out_buf, out_len, (u8 *) hash->pw_buf, hash->pw_len, 0, username, user_len, (char *) tmp_buf); } - EVENT_DATA (EVENT_POTFILE_HASH_SHOW, tmp_buf, tmp_len); + //EVENT_DATA (EVENT_POTFILE_HASH_SHOW, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_buf = (u8 *) hcmalloc (tmp_len); + + memcpy (final_buf[final_cnt].hash_buf, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_len = tmp_len; + + final_buf[final_cnt].line_pos = hash->orig_line_pos; + + final_cnt++; } } } + qsort (final_buf, final_cnt, sizeof (pot_orig_line_entry_t), sort_pot_orig_line); + + for (u32 final_pos = 0; final_pos < final_cnt; final_pos++) + { + EVENT_DATA (EVENT_POTFILE_HASH_SHOW, final_buf[final_pos].hash_buf, final_buf[final_pos].hash_len); + + hcfree (final_buf[final_pos].hash_buf); + } + + hcfree (final_buf); + return 0; } @@ -857,6 +900,9 @@ int potfile_handle_left (hashcat_ctx_t *hashcat_ctx) u32 salts_cnt = hashes->salts_cnt; salt_t *salts_buf = hashes->salts_buf; + pot_orig_line_entry_t *final_buf = (pot_orig_line_entry_t *) hccalloc (hashes->hashes_cnt, sizeof (pot_orig_line_entry_t)); + u32 final_cnt = 0; + if (hashconfig->opts_type & OPTS_TYPE_HASH_SPLIT) { // this implementation will work for LM only @@ -933,7 +979,17 @@ int potfile_handle_left (hashcat_ctx_t *hashcat_ctx) const int tmp_len = outfile_write (hashcat_ctx, (char *) out_buf, out_len, NULL, 0, 0, username, user_len, (char *) tmp_buf); - EVENT_DATA (EVENT_POTFILE_HASH_LEFT, tmp_buf, tmp_len); + //EVENT_DATA (EVENT_POTFILE_HASH_LEFT, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_buf = (u8 *) hcmalloc (tmp_len); + + memcpy (final_buf[final_cnt].hash_buf, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_len = tmp_len; + + final_buf[final_cnt].line_pos = hash1->orig_line_pos; + + final_cnt++; } } } @@ -1008,10 +1064,31 @@ int potfile_handle_left (hashcat_ctx_t *hashcat_ctx) const int tmp_len = outfile_write (hashcat_ctx, (char *) out_buf, out_len, NULL, 0, 0, username, user_len, (char *) tmp_buf); - EVENT_DATA (EVENT_POTFILE_HASH_LEFT, tmp_buf, tmp_len); + //EVENT_DATA (EVENT_POTFILE_HASH_LEFT, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_buf = (u8 *) hcmalloc (tmp_len); + + memcpy (final_buf[final_cnt].hash_buf, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_len = tmp_len; + + final_buf[final_cnt].line_pos = hash->orig_line_pos; + + final_cnt++; } } } + qsort (final_buf, final_cnt, sizeof (pot_orig_line_entry_t), sort_pot_orig_line); + + for (u32 final_pos = 0; final_pos < final_cnt; final_pos++) + { + EVENT_DATA (EVENT_POTFILE_HASH_LEFT, final_buf[final_pos].hash_buf, final_buf[final_pos].hash_len); + + hcfree (final_buf[final_pos].hash_buf); + } + + hcfree (final_buf); + return 0; } From b02fe8e076c68170bab690aa3e5fcc8534431e0c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 5 Nov 2019 20:44:19 +0100 Subject: [PATCH 022/300] Mark Intel OpenCL CPU runtime as broken for hash-mode 15300 --- docs/changes.txt | 1 + src/modules/module_15300.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/docs/changes.txt b/docs/changes.txt index 58785133b..719c86069 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -13,6 +13,7 @@ - Support for inline VeraCrypt PIM Brute-Force - Support deflate decompression for the 7-Zip hash-mode using zlib hook - Added documentation on hashcat brain, slow-candidate and keyboard-layout mapping features +- Keep output of --show and --left in the original ordering of the input hash file ## ## Algorithms diff --git a/src/modules/module_15300.c b/src/modules/module_15300.c index da8ae9c42..9a19cc9ae 100644 --- a/src/modules/module_15300.c +++ b/src/modules/module_15300.c @@ -113,6 +113,12 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return true; } + //l_opencl_p_18.1.0.013.tgz: self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + return true; + } + return false; } From 461deb1e171ec6b72a3b1d64def73e2733ba711c Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Fri, 8 Nov 2019 11:39:03 +0100 Subject: [PATCH 023/300] fixes #2214: -m 15200 = Blockchain allow large data similar to -m 12700 with hash copy --- src/modules/module_15200.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/module_15200.c b/src/modules/module_15200.c index 2139e5cf7..a5b5e81e5 100644 --- a/src/modules/module_15200.c +++ b/src/modules/module_15200.c @@ -93,13 +93,13 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.sep[2] = '$'; token.len_min[2] = 1; - token.len_max[2] = 5; + token.len_max[2] = 6; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.sep[3] = '$'; token.len_min[3] = 64; - token.len_max[3] = 20000; + token.len_max[3] = 999999; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; From 17b7eb1dce0677075aac2b36835959d8f0573d3d Mon Sep 17 00:00:00 2001 From: philsmd Date: Sat, 9 Nov 2019 10:44:28 +0100 Subject: [PATCH 024/300] fixes #2200: new WinZip tokenizer hex data length problem --- src/modules/module_13600.c | 6 +++--- tools/test_modules/m13600.pm | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/modules/module_13600.c b/src/modules/module_13600.c index 66321b943..f984d0473 100644 --- a/src/modules/module_13600.c +++ b/src/modules/module_13600.c @@ -162,7 +162,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.len_max[6] = 6; token.sep[6] = '*'; token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; + | TOKEN_ATTR_VERIFY_HEX; token.len_min[7] = 0; token.len_max[7] = 16384; @@ -233,7 +233,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *compress_length_pos = token.buf[6]; - const u32 compress_length = hc_strtoul ((const char *) compress_length_pos, NULL, 10); + const u32 compress_length = hc_strtoul ((const char *) compress_length_pos, NULL, 16); zip2->compress_length = compress_length; @@ -384,7 +384,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE sprintf (auth_tmp + j, "%02x", ptr[i]); } - const int line_len = snprintf (line_buf, line_size, "%s*%u*%u*%u*%s*%x*%u*%s*%s*%s", + const int line_len = snprintf (line_buf, line_size, "%s*%u*%u*%u*%s*%x*%x*%s*%s*%s", SIGNATURE_ZIP2_START, zip2->type, zip2->mode, diff --git a/tools/test_modules/m13600.pm b/tools/test_modules/m13600.pm index 86c5667bc..ca04a7516 100644 --- a/tools/test_modules/m13600.pm +++ b/tools/test_modules/m13600.pm @@ -94,7 +94,7 @@ sub module_generate_hash my $auth = hmac_hex ($data, $key_bin, \&sha1, 64); - my $hash = sprintf ('$zip2$*%u*%u*%u*%s*%s*%u*%s*%s*$/zip2$', $type, $mode, $magic, $salt, $verify_bytes, $compress_length, $data, substr ($auth, 0, 20)); + my $hash = sprintf ('$zip2$*%u*%u*%u*%s*%s*%x*%s*%s*$/zip2$', $type, $mode, $magic, $salt, $verify_bytes, $compress_length, $data, substr ($auth, 0, 20)); return $hash; } From fc2d9ad23518b4214a8bcd72a33592d2a8d2ff12 Mon Sep 17 00:00:00 2001 From: philsmd Date: Sat, 9 Nov 2019 10:53:25 +0100 Subject: [PATCH 025/300] minor: pip2 confirm uninstall fixed --- tools/install_modules.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/install_modules.sh b/tools/install_modules.sh index 268e09b9f..823079177 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -59,7 +59,7 @@ ERRORS=$((ERRORS+$?)) pip2 install pygost pycryptoplus -pip2 -y uninstall pycryptodome +pip2 uninstall -y pycryptodome ERRORS=$((ERRORS+$?)) From a6edb84157579115dc1b899b0284ebdbd3fbee51 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 9 Nov 2019 16:42:50 -0800 Subject: [PATCH 026/300] Fix extra semicolon warnings These macros don't need a ; but since ; is used, make the macros more robust by enclosing them in a do while loop. --- include/dynloader.h | 64 ++++++++++++++++-------------- include/logfile.h | 36 ++++++++--------- src/backend.c | 28 +++++++------ src/cpu_crc32.c | 2 +- src/hwmon.c | 96 ++++++++++++++++++++++----------------------- src/rp.c | 4 +- 6 files changed, 119 insertions(+), 111 deletions(-) diff --git a/include/dynloader.h b/include/dynloader.h index 96c498ddc..bc871abd1 100644 --- a/include/dynloader.h +++ b/include/dynloader.h @@ -28,46 +28,52 @@ hc_dynfunc_t hc_dlsym (hc_dynlib_t handle, const char *symbol); #endif #define HC_LOAD_FUNC2(ptr,name,type,var,libname,noerr) \ - ptr->name = (type) hc_dlsym (ptr->var, #name); \ - if (noerr != -1) { \ - if (!ptr->name) { \ - if (noerr == 1) { \ - event_log_error (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ - return -1; \ - } \ - if (noerr != 1) { \ - event_log_warning (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ - return 0; \ + do { \ + ptr->name = (type) hc_dlsym (ptr->var, #name); \ + if (noerr != -1) { \ + if (!ptr->name) { \ + if (noerr == 1) { \ + event_log_error (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ + return -1; \ + } \ + if (noerr != 1) { \ + event_log_warning (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ + return 0; \ + } \ } \ } \ - } + } while (0) #define HC_LOAD_FUNC(ptr,name,type,libname,noerr) \ - ptr->name = (type) hc_dlsym (ptr->lib, #name); \ - if (noerr != -1) { \ + do { \ + ptr->name = (type) hc_dlsym (ptr->lib, #name); \ + if (noerr != -1) { \ + if (!ptr->name) { \ + if (noerr == 1) { \ + event_log_error (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ + return -1; \ + } \ + if (noerr != 1) { \ + event_log_warning (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ + return 0; \ + } \ + } \ + } \ + } while (0) + +#define HC_LOAD_ADDR(ptr,name,type,func,addr,libname,noerr) \ + do { \ + ptr->name = (type) (*ptr->func) (addr); \ if (!ptr->name) { \ if (noerr == 1) { \ - event_log_error (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ + event_log_error (hashcat_ctx, "%s at address %08x is missing from %s shared library.", #name, addr, #libname); \ return -1; \ } \ if (noerr != 1) { \ - event_log_warning (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ + event_log_warning (hashcat_ctx, "%s at address %08x is missing from %s shared library.", #name, addr, #libname); \ return 0; \ } \ } \ - } - -#define HC_LOAD_ADDR(ptr,name,type,func,addr,libname,noerr) \ - ptr->name = (type) (*ptr->func) (addr); \ - if (!ptr->name) { \ - if (noerr == 1) { \ - event_log_error (hashcat_ctx, "%s at address %08x is missing from %s shared library.", #name, addr, #libname); \ - return -1; \ - } \ - if (noerr != 1) { \ - event_log_warning (hashcat_ctx, "%s at address %08x is missing from %s shared library.", #name, addr, #libname); \ - return 0; \ - } \ - } + } while (0) #endif // _DYNALOADER_H diff --git a/include/logfile.h b/include/logfile.h index e2d814644..5d184deba 100644 --- a/include/logfile.h +++ b/include/logfile.h @@ -14,25 +14,25 @@ // logfile_append() checks for logfile_disable internally to make it easier from here -#define logfile_top_msg(msg) logfile_append (hashcat_ctx, "%s\t%s", logfile_ctx->topid, (msg)); -#define logfile_sub_msg(msg) logfile_append (hashcat_ctx, "%s\t%s\t%s", logfile_ctx->topid, logfile_ctx->subid, (msg)); -#define logfile_top_var_uint64(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%" PRIu64 "", logfile_ctx->topid, (var), (u64) (val)); -#define logfile_sub_var_uint64(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%s\t%" PRIu64 "", logfile_ctx->topid, logfile_ctx->subid, (var), (u64) (val)); -#define logfile_top_var_uint(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%u", logfile_ctx->topid, (var), (u32) (val)); -#define logfile_sub_var_uint(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%s\t%u", logfile_ctx->topid, logfile_ctx->subid, (var), (u32) (val)); -#define logfile_top_var_char(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%c", logfile_ctx->topid, (var), (char) (val)); -#define logfile_sub_var_char(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%s\t%c", logfile_ctx->topid, logfile_ctx->subid, (var), (char) (val)); -#define logfile_top_var_string(var,val) if ((val) != NULL) logfile_append (hashcat_ctx, "%s\t%s\t%s", logfile_ctx->topid, (var), (val)); -#define logfile_sub_var_string(var,val) if ((val) != NULL) logfile_append (hashcat_ctx, "%s\t%s\t%s\t%s", logfile_ctx->topid, logfile_ctx->subid, (var), (val)); +#define logfile_top_msg(msg) logfile_append (hashcat_ctx, "%s\t%s", logfile_ctx->topid, (msg)) +#define logfile_sub_msg(msg) logfile_append (hashcat_ctx, "%s\t%s\t%s", logfile_ctx->topid, logfile_ctx->subid, (msg)) +#define logfile_top_var_uint64(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%" PRIu64 "", logfile_ctx->topid, (var), (u64) (val)) +#define logfile_sub_var_uint64(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%s\t%" PRIu64 "", logfile_ctx->topid, logfile_ctx->subid, (var), (u64) (val)) +#define logfile_top_var_uint(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%u", logfile_ctx->topid, (var), (u32) (val)) +#define logfile_sub_var_uint(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%s\t%u", logfile_ctx->topid, logfile_ctx->subid, (var), (u32) (val)) +#define logfile_top_var_char(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%c", logfile_ctx->topid, (var), (char) (val)) +#define logfile_sub_var_char(var,val) logfile_append (hashcat_ctx, "%s\t%s\t%s\t%c", logfile_ctx->topid, logfile_ctx->subid, (var), (char) (val)) +#define logfile_top_var_string(var,val) if ((val) != NULL) logfile_append (hashcat_ctx, "%s\t%s\t%s", logfile_ctx->topid, (var), (val)) +#define logfile_sub_var_string(var,val) if ((val) != NULL) logfile_append (hashcat_ctx, "%s\t%s\t%s\t%s", logfile_ctx->topid, logfile_ctx->subid, (var), (val)) -#define logfile_top_uint(var) logfile_top_var_uint (#var, (var)); -#define logfile_sub_uint(var) logfile_sub_var_uint (#var, (var)); -#define logfile_top_uint64(var) logfile_top_var_uint64 (#var, (var)); -#define logfile_sub_uint64(var) logfile_sub_var_uint64 (#var, (var)); -#define logfile_top_char(var) logfile_top_var_char (#var, (var)); -#define logfile_sub_char(var) logfile_sub_var_char (#var, (var)); -#define logfile_top_string(var) logfile_top_var_string (#var, (var)); -#define logfile_sub_string(var) logfile_sub_var_string (#var, (var)); +#define logfile_top_uint(var) logfile_top_var_uint (#var, (var)) +#define logfile_sub_uint(var) logfile_sub_var_uint (#var, (var)) +#define logfile_top_uint64(var) logfile_top_var_uint64 (#var, (var)) +#define logfile_sub_uint64(var) logfile_sub_var_uint64 (#var, (var)) +#define logfile_top_char(var) logfile_top_var_char (#var, (var)) +#define logfile_sub_char(var) logfile_sub_var_char (#var, (var)) +#define logfile_top_string(var) logfile_top_var_string (#var, (var)) +#define logfile_sub_string(var) logfile_sub_var_string (#var, (var)) void logfile_generate_topid (hashcat_ctx_t *hashcat_ctx); void logfile_generate_subid (hashcat_ctx_t *hashcat_ctx); diff --git a/src/backend.c b/src/backend.c index cf91df365..363dbf150 100644 --- a/src/backend.c +++ b/src/backend.c @@ -921,19 +921,21 @@ int cuda_init (hashcat_ctx_t *hashcat_ctx) if (cuda->lib == NULL) return -1; #define HC_LOAD_FUNC_CUDA(ptr,name,cudaname,type,libname,noerr) \ - ptr->name = (type) hc_dlsym ((ptr)->lib, #cudaname); \ - if ((noerr) != -1) { \ - if (!(ptr)->name) { \ - if ((noerr) == 1) { \ - event_log_error (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ - return -1; \ - } \ - if ((noerr) != 1) { \ - event_log_warning (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ - return 0; \ + do { \ + ptr->name = (type) hc_dlsym ((ptr)->lib, #cudaname); \ + if ((noerr) != -1) { \ + if (!(ptr)->name) { \ + if ((noerr) == 1) { \ + event_log_error (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ + return -1; \ + } \ + if ((noerr) != 1) { \ + event_log_warning (hashcat_ctx, "%s is missing from %s shared library.", #name, #libname); \ + return 0; \ + } \ } \ } \ - } + } while (0) // finding the right symbol is a PITA, because of the _v2 suffix // a good reference is cuda.h itself @@ -4877,7 +4879,7 @@ int backend_ctx_init (hashcat_ctx_t *hashcat_ctx) if (backend_ctx->ocl) { #define FREE_OPENCL_CTX_ON_ERROR \ - { \ + do { \ hcfree (opencl_platforms); \ hcfree (opencl_platforms_devices); \ hcfree (opencl_platforms_devices_cnt); \ @@ -4885,7 +4887,7 @@ int backend_ctx_init (hashcat_ctx_t *hashcat_ctx) hcfree (opencl_platforms_vendor); \ hcfree (opencl_platforms_vendor_id); \ hcfree (opencl_platforms_version); \ - } + } while(0) cl_platform_id *opencl_platforms = (cl_platform_id *) hccalloc (CL_PLATFORMS_MAX, sizeof (cl_platform_id)); cl_uint opencl_platforms_cnt = 0; diff --git a/src/cpu_crc32.c b/src/cpu_crc32.c index f7e9accff..1da9094bc 100644 --- a/src/cpu_crc32.c +++ b/src/cpu_crc32.c @@ -85,7 +85,7 @@ u32 cpu_crc32_buffer (const u8 *buf, const size_t length) crc = crc32tab[(crc ^ buf[pos]) & 0xff] ^ (crc >> 8); } - return crc ^ 0xffffffff;; + return crc ^ 0xffffffff; } int cpu_crc32 (const char *filename, u8 keytab[64]) diff --git a/src/hwmon.c b/src/hwmon.c index 5069bade1..a709b3b72 100644 --- a/src/hwmon.c +++ b/src/hwmon.c @@ -518,22 +518,22 @@ static int nvml_init (hashcat_ctx_t *hashcat_ctx) return -1; } - HC_LOAD_FUNC(nvml, nvmlErrorString, NVML_ERROR_STRING, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlInit, NVML_INIT, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlShutdown, NVML_SHUTDOWN, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetCount, NVML_DEVICE_GET_COUNT, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetName, NVML_DEVICE_GET_NAME, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetHandleByIndex, NVML_DEVICE_GET_HANDLE_BY_INDEX, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetTemperature, NVML_DEVICE_GET_TEMPERATURE, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetFanSpeed, NVML_DEVICE_GET_FAN_SPEED, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetUtilizationRates, NVML_DEVICE_GET_UTILIZATION_RATES, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetClockInfo, NVML_DEVICE_GET_CLOCKINFO, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetTemperatureThreshold, NVML_DEVICE_GET_THRESHOLD, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetCurrPcieLinkGeneration, NVML_DEVICE_GET_CURRPCIELINKGENERATION, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetCurrPcieLinkWidth, NVML_DEVICE_GET_CURRPCIELINKWIDTH, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetCurrentClocksThrottleReasons, NVML_DEVICE_GET_CURRENTCLOCKSTHROTTLEREASONS, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetSupportedClocksThrottleReasons, NVML_DEVICE_GET_SUPPORTEDCLOCKSTHROTTLEREASONS, NVML, 0) - HC_LOAD_FUNC(nvml, nvmlDeviceGetPciInfo, NVML_DEVICE_GET_PCIINFO, NVML, 0) + HC_LOAD_FUNC(nvml, nvmlErrorString, NVML_ERROR_STRING, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlInit, NVML_INIT, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlShutdown, NVML_SHUTDOWN, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetCount, NVML_DEVICE_GET_COUNT, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetName, NVML_DEVICE_GET_NAME, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetHandleByIndex, NVML_DEVICE_GET_HANDLE_BY_INDEX, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetTemperature, NVML_DEVICE_GET_TEMPERATURE, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetFanSpeed, NVML_DEVICE_GET_FAN_SPEED, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetUtilizationRates, NVML_DEVICE_GET_UTILIZATION_RATES, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetClockInfo, NVML_DEVICE_GET_CLOCKINFO, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetTemperatureThreshold, NVML_DEVICE_GET_THRESHOLD, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetCurrPcieLinkGeneration, NVML_DEVICE_GET_CURRPCIELINKGENERATION, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetCurrPcieLinkWidth, NVML_DEVICE_GET_CURRPCIELINKWIDTH, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetCurrentClocksThrottleReasons, NVML_DEVICE_GET_CURRENTCLOCKSTHROTTLEREASONS, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetSupportedClocksThrottleReasons, NVML_DEVICE_GET_SUPPORTEDCLOCKSTHROTTLEREASONS, NVML, 0); + HC_LOAD_FUNC(nvml, nvmlDeviceGetPciInfo, NVML_DEVICE_GET_PCIINFO, NVML, 0); return 0; } @@ -820,15 +820,15 @@ static int nvapi_init (hashcat_ctx_t *hashcat_ctx) return -1; } - HC_LOAD_FUNC(nvapi, nvapi_QueryInterface, NVAPI_QUERYINTERFACE, NVAPI, 0) - HC_LOAD_ADDR(nvapi, NvAPI_Initialize, NVAPI_INITIALIZE, nvapi_QueryInterface, 0x0150E828U, NVAPI, 0) - HC_LOAD_ADDR(nvapi, NvAPI_Unload, NVAPI_UNLOAD, nvapi_QueryInterface, 0xD22BDD7EU, NVAPI, 0) - HC_LOAD_ADDR(nvapi, NvAPI_GetErrorMessage, NVAPI_GETERRORMESSAGE, nvapi_QueryInterface, 0x6C2D048CU, NVAPI, 0) - HC_LOAD_ADDR(nvapi, NvAPI_EnumPhysicalGPUs, NVAPI_ENUMPHYSICALGPUS, nvapi_QueryInterface, 0xE5AC921FU, NVAPI, 0) - HC_LOAD_ADDR(nvapi, NvAPI_GPU_GetPerfPoliciesInfo, NVAPI_GPU_GETPERFPOLICIESINFO, nvapi_QueryInterface, 0x409D9841U, NVAPI, 0) - HC_LOAD_ADDR(nvapi, NvAPI_GPU_GetPerfPoliciesStatus, NVAPI_GPU_GETPERFPOLICIESSTATUS, nvapi_QueryInterface, 0x3D358A0CU, NVAPI, 0) - HC_LOAD_ADDR(nvapi, NvAPI_GPU_GetBusId, NVAPI_GPU_GETBUSID, nvapi_QueryInterface, 0x1BE0B8E5U, NVAPI, 0) - HC_LOAD_ADDR(nvapi, NvAPI_GPU_GetBusSlotId, NVAPI_GPU_GETBUSSLOTID, nvapi_QueryInterface, 0x2A0A350FU, NVAPI, 0) + HC_LOAD_FUNC(nvapi, nvapi_QueryInterface, NVAPI_QUERYINTERFACE, NVAPI, 0); + HC_LOAD_ADDR(nvapi, NvAPI_Initialize, NVAPI_INITIALIZE, nvapi_QueryInterface, 0x0150E828U, NVAPI, 0); + HC_LOAD_ADDR(nvapi, NvAPI_Unload, NVAPI_UNLOAD, nvapi_QueryInterface, 0xD22BDD7EU, NVAPI, 0); + HC_LOAD_ADDR(nvapi, NvAPI_GetErrorMessage, NVAPI_GETERRORMESSAGE, nvapi_QueryInterface, 0x6C2D048CU, NVAPI, 0); + HC_LOAD_ADDR(nvapi, NvAPI_EnumPhysicalGPUs, NVAPI_ENUMPHYSICALGPUS, nvapi_QueryInterface, 0xE5AC921FU, NVAPI, 0); + HC_LOAD_ADDR(nvapi, NvAPI_GPU_GetPerfPoliciesInfo, NVAPI_GPU_GETPERFPOLICIESINFO, nvapi_QueryInterface, 0x409D9841U, NVAPI, 0); + HC_LOAD_ADDR(nvapi, NvAPI_GPU_GetPerfPoliciesStatus, NVAPI_GPU_GETPERFPOLICIESSTATUS, nvapi_QueryInterface, 0x3D358A0CU, NVAPI, 0); + HC_LOAD_ADDR(nvapi, NvAPI_GPU_GetBusId, NVAPI_GPU_GETBUSID, nvapi_QueryInterface, 0x1BE0B8E5U, NVAPI, 0); + HC_LOAD_ADDR(nvapi, NvAPI_GPU_GetBusSlotId, NVAPI_GPU_GETBUSSLOTID, nvapi_QueryInterface, 0x2A0A350FU, NVAPI, 0); return 0; } @@ -1045,27 +1045,27 @@ static int adl_init (hashcat_ctx_t *hashcat_ctx) return -1; } - HC_LOAD_FUNC(adl, ADL_Main_Control_Destroy, ADL_MAIN_CONTROL_DESTROY, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Main_Control_Create, ADL_MAIN_CONTROL_CREATE, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Adapter_NumberOfAdapters_Get, ADL_ADAPTER_NUMBEROFADAPTERS_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Adapter_AdapterInfo_Get, ADL_ADAPTER_ADAPTERINFO_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Display_DisplayInfo_Get, ADL_DISPLAY_DISPLAYINFO_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Adapter_ID_Get, ADL_ADAPTER_ID_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Adapter_VideoBiosInfo_Get, ADL_ADAPTER_VIDEOBIOSINFO_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive5_ThermalDevices_Enum, ADL_OVERDRIVE5_THERMALDEVICES_ENUM, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive5_Temperature_Get, ADL_OVERDRIVE5_TEMPERATURE_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive6_Temperature_Get, ADL_OVERDRIVE6_TEMPERATURE_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive5_CurrentActivity_Get, ADL_OVERDRIVE5_CURRENTACTIVITY_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive5_FanSpeedInfo_Get, ADL_OVERDRIVE5_FANSPEEDINFO_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive5_FanSpeed_Get, ADL_OVERDRIVE5_FANSPEED_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive6_FanSpeed_Get, ADL_OVERDRIVE6_FANSPEED_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Adapter_Active_Get, ADL_ADAPTER_ACTIVE_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive_Caps, ADL_OVERDRIVE_CAPS, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive6_Capabilities_Get, ADL_OVERDRIVE6_CAPABILITIES_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive6_StateInfo_Get, ADL_OVERDRIVE6_STATEINFO_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive6_CurrentStatus_Get, ADL_OVERDRIVE6_CURRENTSTATUS_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive6_TargetTemperatureData_Get, ADL_OVERDRIVE6_TARGETTEMPERATUREDATA_GET, ADL, 0) - HC_LOAD_FUNC(adl, ADL_Overdrive6_TargetTemperatureRangeInfo_Get, ADL_OVERDRIVE6_TARGETTEMPERATURERANGEINFO_GET, ADL, 0) + HC_LOAD_FUNC(adl, ADL_Main_Control_Destroy, ADL_MAIN_CONTROL_DESTROY, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Main_Control_Create, ADL_MAIN_CONTROL_CREATE, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Adapter_NumberOfAdapters_Get, ADL_ADAPTER_NUMBEROFADAPTERS_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Adapter_AdapterInfo_Get, ADL_ADAPTER_ADAPTERINFO_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Display_DisplayInfo_Get, ADL_DISPLAY_DISPLAYINFO_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Adapter_ID_Get, ADL_ADAPTER_ID_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Adapter_VideoBiosInfo_Get, ADL_ADAPTER_VIDEOBIOSINFO_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive5_ThermalDevices_Enum, ADL_OVERDRIVE5_THERMALDEVICES_ENUM, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive5_Temperature_Get, ADL_OVERDRIVE5_TEMPERATURE_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive6_Temperature_Get, ADL_OVERDRIVE6_TEMPERATURE_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive5_CurrentActivity_Get, ADL_OVERDRIVE5_CURRENTACTIVITY_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive5_FanSpeedInfo_Get, ADL_OVERDRIVE5_FANSPEEDINFO_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive5_FanSpeed_Get, ADL_OVERDRIVE5_FANSPEED_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive6_FanSpeed_Get, ADL_OVERDRIVE6_FANSPEED_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Adapter_Active_Get, ADL_ADAPTER_ACTIVE_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive_Caps, ADL_OVERDRIVE_CAPS, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive6_Capabilities_Get, ADL_OVERDRIVE6_CAPABILITIES_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive6_StateInfo_Get, ADL_OVERDRIVE6_STATEINFO_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive6_CurrentStatus_Get, ADL_OVERDRIVE6_CURRENTSTATUS_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive6_TargetTemperatureData_Get, ADL_OVERDRIVE6_TARGETTEMPERATUREDATA_GET, ADL, 0); + HC_LOAD_FUNC(adl, ADL_Overdrive6_TargetTemperatureRangeInfo_Get, ADL_OVERDRIVE6_TARGETTEMPERATURERANGEINFO_GET, ADL, 0); return 0; } @@ -2247,12 +2247,12 @@ int hwmon_ctx_init (hashcat_ctx_t *hashcat_ctx) hm_attrs_t *hm_adapters_sysfs = (hm_attrs_t *) hccalloc (DEVICES_MAX, sizeof (hm_attrs_t)); #define FREE_ADAPTERS \ - { \ + do { \ hcfree (hm_adapters_adl); \ hcfree (hm_adapters_nvapi); \ hcfree (hm_adapters_nvml); \ hcfree (hm_adapters_sysfs); \ - } + } while(0) if (backend_ctx->need_nvml == true) { diff --git a/src/rp.c b/src/rp.c index 738ff4bb7..63c0f5ba9 100644 --- a/src/rp.c +++ b/src/rp.c @@ -218,8 +218,8 @@ int generate_random_rule (char rule_buf[RP_RULE_SIZE], const u32 rp_gen_func_min #define INCR_POS if (++rule_pos == rule_len) return (-1) #define SET_NAME(rule,val) (rule)->cmds[rule_cnt] = ((val) & 0xff) << 0 -#define SET_P0(rule,val) INCR_POS; if (is_hex_notation (rule_buf, rule_len, rule_pos) == true) { (rule)->cmds[rule_cnt] |= (hex_convert (rule_buf[rule_pos + 3] & 0xff) << 8) | (hex_convert (rule_buf[rule_pos + 2] & 0xff) << 12); rule_pos += 3; } else { (rule)->cmds[rule_cnt] |= ((val) & 0xff) << 8; } -#define SET_P1(rule,val) INCR_POS; if (is_hex_notation (rule_buf, rule_len, rule_pos) == true) { (rule)->cmds[rule_cnt] |= (hex_convert (rule_buf[rule_pos + 3] & 0xff) << 16) | (hex_convert (rule_buf[rule_pos + 2] & 0xff) << 20); rule_pos += 3; } else { (rule)->cmds[rule_cnt] |= ((val) & 0xff) << 16; } +#define SET_P0(rule,val) do { INCR_POS; if (is_hex_notation (rule_buf, rule_len, rule_pos) == true) { (rule)->cmds[rule_cnt] |= (hex_convert (rule_buf[rule_pos + 3] & 0xff) << 8) | (hex_convert (rule_buf[rule_pos + 2] & 0xff) << 12); rule_pos += 3; } else { (rule)->cmds[rule_cnt] |= ((val) & 0xff) << 8; } } while(0) +#define SET_P1(rule,val) do { INCR_POS; if (is_hex_notation (rule_buf, rule_len, rule_pos) == true) { (rule)->cmds[rule_cnt] |= (hex_convert (rule_buf[rule_pos + 3] & 0xff) << 16) | (hex_convert (rule_buf[rule_pos + 2] & 0xff) << 20); rule_pos += 3; } else { (rule)->cmds[rule_cnt] |= ((val) & 0xff) << 16; } } while(0) #define GET_NAME(rule) rule_cmd = (((rule)->cmds[rule_cnt] >> 0) & 0xff) #define GET_P0(rule) INCR_POS; rule_buf[rule_pos] = (((rule)->cmds[rule_cnt] >> 8) & 0xff) #define GET_P1(rule) INCR_POS; rule_buf[rule_pos] = (((rule)->cmds[rule_cnt] >> 16) & 0xff) From 9d9351da2224fd35afe98e2a201cff5648a1572e Mon Sep 17 00:00:00 2001 From: Solar Designer Date: Tue, 12 Nov 2019 19:32:03 +0100 Subject: [PATCH 027/300] Add Nexus legacy wallet support to -m 11300 --- OpenCL/m11300-pure.cl | 41 ++++++++++++++++++++------------------ src/modules/module_11300.c | 14 ++++++++----- 2 files changed, 31 insertions(+), 24 deletions(-) diff --git a/OpenCL/m11300-pure.cl b/OpenCL/m11300-pure.cl index c734b102c..c50ccd358 100644 --- a/OpenCL/m11300-pure.cl +++ b/OpenCL/m11300-pure.cl @@ -102,7 +102,7 @@ KERNEL_FQ void m11300_init (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ sha512_update_global_swap (&ctx, pws[gid].i, pws[gid].pw_len); - sha512_update_global_swap (&ctx, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); + sha512_update_global_swap (&ctx, salt_bufs[salt_pos].salt_buf, 8); sha512_final (&ctx); @@ -293,13 +293,6 @@ KERNEL_FQ void m11300_comp (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ key[6] = h32_from_64_S (dgst[3]); key[7] = l32_from_64_S (dgst[3]); - u32 iv[4]; - - iv[0] = h32_from_64_S (dgst[4]); - iv[1] = l32_from_64_S (dgst[4]); - iv[2] = h32_from_64_S (dgst[5]); - iv[3] = l32_from_64_S (dgst[5]); - #define KEYLEN 60 u32 ks[KEYLEN]; @@ -308,10 +301,18 @@ KERNEL_FQ void m11300_comp (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ u32 out[4]; - for (u32 i = 0; i < esalt_bufs[digests_offset].cry_master_len; i += 16) { - u32 data[4]; + u32 i = esalt_bufs[digests_offset].cry_master_len - 32; + u32 iv[4]; + iv[0] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 0]); + iv[1] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 1]); + iv[2] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 2]); + iv[3] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 3]); + + i += 16; + + u32 data[4]; data[0] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 0]); data[1] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 1]); data[2] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 2]); @@ -323,17 +324,19 @@ KERNEL_FQ void m11300_comp (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - - iv[0] = data[0]; - iv[1] = data[1]; - iv[2] = data[2]; - iv[3] = data[3]; } - if ((out[0] == 0x10101010) - && (out[1] == 0x10101010) - && (out[2] == 0x10101010) - && (out[3] == 0x10101010)) + u32 pad; + if (salt_bufs[salt_pos].salt_len != 18) /* most wallets */ + { + pad = 0x10101010; + if (out[0] != pad || out[1] != pad) + return; + } else { /* Nexus legacy wallet */ + pad = 0x08080808; + } + + if (out[2] == pad && out[3] == pad) { if (atomic_inc (&hashes_shown[digests_offset]) == 0) { diff --git a/src/modules/module_11300.c b/src/modules/module_11300.c index 32a164d91..d6f7a4b93 100644 --- a/src/modules/module_11300.c +++ b/src/modules/module_11300.c @@ -127,12 +127,12 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.sep[1] = '$'; token.len_min[1] = 2; - token.len_max[1] = 2; + token.len_max[1] = 3; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; token.sep[2] = '$'; - token.len_min[2] = 16; + token.len_min[2] = 64; token.len_max[2] = 256; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; @@ -145,7 +145,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.sep[4] = '$'; token.len_min[4] = 16; - token.len_max[4] = 16; + token.len_max[4] = 36; token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; @@ -208,7 +208,10 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE if (ckey_buf_len != ckey_len) return (PARSER_SALT_VALUE); if (public_key_buf_len != public_key_len) return (PARSER_SALT_VALUE); - if (cry_master_len % 16) return (PARSER_SALT_VALUE); + if (cry_master_len < 64) return (PARSER_SALT_VALUE); + if (cry_master_len % 32) return (PARSER_SALT_VALUE); + + if (cry_salt_len != 16 && cry_salt_len != 36) return (PARSER_SALT_VALUE); // esalt @@ -234,7 +237,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // salt - const bool parse_rc = generic_salt_decode (hashconfig, cry_salt_buf_pos, cry_salt_buf_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len); + const bool parse_rc = generic_salt_decode (hashconfig, cry_salt_buf_pos, 16 /* instead of cry_salt_buf_len */, (u8 *) salt->salt_buf, (int *) &salt->salt_len); + salt->salt_len = cry_salt_buf_len / 2; /* communicate original salt size to the kernel */ if (parse_rc == false) return (PARSER_SALT_LENGTH); From 7458e4f487d600958d72ec82585881241658e6ac Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 14 Nov 2019 11:31:00 +0100 Subject: [PATCH 028/300] Add per-device available memory test of static data (hashlist, ruleset) before test of dynamic data (-n based) --- src/backend.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/backend.c b/src/backend.c index 363dbf150..177597943 100644 --- a/src/backend.c +++ b/src/backend.c @@ -7759,6 +7759,38 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) * global buffers */ + const u64 size_total_fixed + = bitmap_ctx->bitmap_size + + bitmap_ctx->bitmap_size + + bitmap_ctx->bitmap_size + + bitmap_ctx->bitmap_size + + bitmap_ctx->bitmap_size + + bitmap_ctx->bitmap_size + + bitmap_ctx->bitmap_size + + bitmap_ctx->bitmap_size + + size_plains + + size_digests + + size_shown + + size_salts + + size_results + + size_extra_buffer + + size_st_digests + + size_st_salts + + size_st_esalts + + size_esalts + + size_markov_css + + size_root_css + + size_rules + + size_rules_c + + size_tm; + + if (size_total_fixed > device_param->device_available_mem) + { + event_log_error (hashcat_ctx, "* Device #%u: Not enough allocatable device memory for this hashlist and/or ruleset.", device_id + 1); + + return -1; + } + if (device_param->is_cuda == true) { if (hc_cuMemAlloc (hashcat_ctx, &device_param->cuda_d_bitmap_s1_a, bitmap_ctx->bitmap_size) == -1) return -1; From 664e595b45ad1b4dea2c07c26f72d85cca85e3bb Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 14 Nov 2019 12:46:09 +0100 Subject: [PATCH 029/300] Add unstable warning for -m 10700 for Intel CPU --- src/modules/module_10700.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/modules/module_10700.c b/src/modules/module_10700.c index 3e669131e..3577e173e 100644 --- a/src/modules/module_10700.c +++ b/src/modules/module_10700.c @@ -141,6 +141,12 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE } } + // l_opencl_p_18.1.0.013.tgz: Segmentation fault + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + return true; + } + return false; } From 732ea73721f1b755e74324f3519193f2cea492ac Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 14 Nov 2019 12:47:05 +0100 Subject: [PATCH 030/300] Add free memory to per device startup info (not only total and allocatable memory) --- src/terminal.c | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/src/terminal.c b/src/terminal.c index 208117b08..0ed13723f 100644 --- a/src/terminal.c +++ b/src/terminal.c @@ -683,6 +683,7 @@ void backend_info (hashcat_ctx_t *hashcat_ctx) char *device_name = device_param->device_name; u32 device_processors = device_param->device_processors; u32 device_maxclock_frequency = device_param->device_maxclock_frequency; + u64 device_available_mem = device_param->device_available_mem; u64 device_global_mem = device_param->device_global_mem; if (device_param->device_id_alias_cnt) @@ -697,7 +698,8 @@ void backend_info (hashcat_ctx_t *hashcat_ctx) event_log_info (hashcat_ctx, " Name...........: %s", device_name); event_log_info (hashcat_ctx, " Processor(s)...: %u", device_processors); event_log_info (hashcat_ctx, " Clock..........: %u", device_maxclock_frequency); - event_log_info (hashcat_ctx, " Memory.........: %" PRIu64 " MB", device_global_mem / 1024 / 1024); + event_log_info (hashcat_ctx, " Memory.Total...: %" PRIu64 " MB", device_global_mem / 1024 / 1024); + event_log_info (hashcat_ctx, " Memory.Free....: %" PRIu64 " MB", device_available_mem / 1024 / 1024); event_log_info (hashcat_ctx, NULL); } } @@ -738,6 +740,7 @@ void backend_info (hashcat_ctx_t *hashcat_ctx) u32 device_processors = device_param->device_processors; u32 device_maxclock_frequency = device_param->device_maxclock_frequency; u64 device_maxmem_alloc = device_param->device_maxmem_alloc; + u64 device_available_mem = device_param->device_available_mem; u64 device_global_mem = device_param->device_global_mem; cl_device_type opencl_device_type = device_param->opencl_device_type; cl_uint opencl_device_vendor_id = device_param->opencl_device_vendor_id; @@ -762,7 +765,8 @@ void backend_info (hashcat_ctx_t *hashcat_ctx) event_log_info (hashcat_ctx, " Version........: %s", opencl_device_version); event_log_info (hashcat_ctx, " Processor(s)...: %u", device_processors); event_log_info (hashcat_ctx, " Clock..........: %u", device_maxclock_frequency); - event_log_info (hashcat_ctx, " Memory.........: %" PRIu64 "/%" PRIu64 " MB allocatable", device_maxmem_alloc / 1024 / 1024, device_global_mem / 1024 / 1024); + event_log_info (hashcat_ctx, " Memory.Total...: %" PRIu64 " MB (limited to %" PRIu64 " MB allocatable in one block)", device_global_mem / 1024 / 1024, device_maxmem_alloc / 1024 / 1024); + event_log_info (hashcat_ctx, " Memory.Free....: %" PRIu64 " MB", device_available_mem / 1024 / 1024); event_log_info (hashcat_ctx, " OpenCL.Version.: %s", opencl_device_c_version); event_log_info (hashcat_ctx, " Driver.Version.: %s", opencl_driver_version); event_log_info (hashcat_ctx, NULL); @@ -801,17 +805,19 @@ void backend_info_compact (hashcat_ctx_t *hashcat_ctx) const hc_device_param_t *device_param = backend_ctx->devices_param + backend_devices_idx; - int device_id = device_param->device_id; - char *device_name = device_param->device_name; - u32 device_processors = device_param->device_processors; - u64 device_global_mem = device_param->device_global_mem; + int device_id = device_param->device_id; + char *device_name = device_param->device_name; + u32 device_processors = device_param->device_processors; + u64 device_global_mem = device_param->device_global_mem; + u64 device_available_mem = device_param->device_available_mem; if ((device_param->skipped == false) && (device_param->skipped_warning == false)) { - event_log_info (hashcat_ctx, "* Device #%u: %s, %" PRIu64 " MB, %uMCU", + event_log_info (hashcat_ctx, "* Device #%u: %s, %" PRIu64 "/%" PRIu64 " MB, %uMCU", device_id + 1, device_name, - device_global_mem / 1024 / 1024, + device_available_mem / 1024 / 1024, + device_global_mem / 1024 / 1024, device_processors); } else @@ -854,19 +860,21 @@ void backend_info_compact (hashcat_ctx_t *hashcat_ctx) const hc_device_param_t *device_param = backend_ctx->devices_param + backend_devices_idx; - int device_id = device_param->device_id; - char *device_name = device_param->device_name; - u32 device_processors = device_param->device_processors; - u64 device_maxmem_alloc = device_param->device_maxmem_alloc; - u64 device_global_mem = device_param->device_global_mem; + int device_id = device_param->device_id; + char *device_name = device_param->device_name; + u32 device_processors = device_param->device_processors; + u64 device_maxmem_alloc = device_param->device_maxmem_alloc; + u64 device_global_mem = device_param->device_global_mem; + u64 device_available_mem = device_param->device_available_mem; if ((device_param->skipped == false) && (device_param->skipped_warning == false)) { - event_log_info (hashcat_ctx, "* Device #%u: %s, %" PRIu64 "/%" PRIu64 " MB allocatable, %uMCU", + event_log_info (hashcat_ctx, "* Device #%u: %s, %" PRIu64 "/%" PRIu64 " MB (%" PRIu64 " MB allocatable), %uMCU", device_id + 1, device_name, - device_maxmem_alloc / 1024 / 1024, - device_global_mem / 1024 / 1024, + device_available_mem / 1024 / 1024, + device_global_mem / 1024 / 1024, + device_maxmem_alloc / 1024 / 1024, device_processors); } else From 9c2c73c6ccbdd8e1b22fc78255851a807fe845d4 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 15 Nov 2019 10:12:33 +0100 Subject: [PATCH 031/300] Clear hook buffers after full kernel chain is finished --- src/backend.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/backend.c b/src/backend.c index 177597943..f29d77723 100644 --- a/src/backend.c +++ b/src/backend.c @@ -3102,6 +3102,34 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, if (run_kernel (hashcat_ctx, device_param, KERN_RUN_3, pws_cnt, false, 0) == -1) return -1; } } + + /* + * maybe we should add this zero of temporary buffers + * however it drops the performance from 7055338 to 7010621 + + if (device_param->is_cuda == true) + { + if (run_cuda_kernel_bzero (hashcat_ctx, device_param, device_param->cuda_d_tmps, device_param->size_tmps) == -1) return -1; + } + + if (device_param->is_opencl == true) + { + if (run_opencl_kernel_bzero (hashcat_ctx, device_param, device_param->opencl_d_tmps, device_param->size_tmps) == -1) return -1; + } + */ + + if ((hashconfig->opts_type & OPTS_TYPE_HOOK12) || (hashconfig->opts_type & OPTS_TYPE_HOOK23)) + { + if (device_param->is_cuda == true) + { + if (run_cuda_kernel_bzero (hashcat_ctx, device_param, device_param->cuda_d_hooks, device_param->size_hooks) == -1) return -1; + } + + if (device_param->is_opencl == true) + { + if (run_opencl_kernel_bzero (hashcat_ctx, device_param, device_param->opencl_d_hooks, device_param->size_hooks) == -1) return -1; + } + } } return 0; From 08a74596c1f289805f0e6c45b5575e4dd77c008b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 15 Nov 2019 13:06:45 +0100 Subject: [PATCH 032/300] Add cry_salt_buf[] and cry_salt_len for easier readability in -m 11300 --- OpenCL/m11300-pure.cl | 23 +++++++++++++++++------ src/modules/module_11300.c | 15 ++++++++++++--- 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/OpenCL/m11300-pure.cl b/OpenCL/m11300-pure.cl index c50ccd358..1145fd7ba 100644 --- a/OpenCL/m11300-pure.cl +++ b/OpenCL/m11300-pure.cl @@ -26,6 +26,9 @@ typedef struct bitcoin_wallet u32 cry_master_buf[64]; u32 cry_master_len; + u32 cry_salt_buf[16]; + u32 cry_salt_len; + } bitcoin_wallet_t; DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w4, u32x *w5, u32x *w6, u32x *w7, u64x *ipad, u64x *opad, u64x *digest) @@ -102,7 +105,7 @@ KERNEL_FQ void m11300_init (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ sha512_update_global_swap (&ctx, pws[gid].i, pws[gid].pw_len); - sha512_update_global_swap (&ctx, salt_bufs[salt_pos].salt_buf, 8); + sha512_update_global_swap (&ctx, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); sha512_final (&ctx); @@ -305,6 +308,7 @@ KERNEL_FQ void m11300_comp (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ u32 i = esalt_bufs[digests_offset].cry_master_len - 32; u32 iv[4]; + iv[0] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 0]); iv[1] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 1]); iv[2] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 2]); @@ -313,6 +317,7 @@ KERNEL_FQ void m11300_comp (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ i += 16; u32 data[4]; + data[0] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 0]); data[1] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 1]); data[2] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 2]); @@ -326,13 +331,19 @@ KERNEL_FQ void m11300_comp (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ out[3] ^= iv[3]; } - u32 pad; - if (salt_bufs[salt_pos].salt_len != 18) /* most wallets */ + u32 pad = 0; + + if (esalt_bufs[digests_offset].cry_salt_len != 18) { + /* most wallets */ pad = 0x10101010; - if (out[0] != pad || out[1] != pad) - return; - } else { /* Nexus legacy wallet */ + + if (out[0] != pad) return; + if (out[1] != pad) return; + } + else + { + /* Nexus legacy wallet */ pad = 0x08080808; } diff --git a/src/modules/module_11300.c b/src/modules/module_11300.c index d6f7a4b93..70676cdbb 100644 --- a/src/modules/module_11300.c +++ b/src/modules/module_11300.c @@ -51,6 +51,9 @@ typedef struct bitcoin_wallet u32 cry_master_buf[64]; u32 cry_master_len; + u32 cry_salt_buf[16]; + u32 cry_salt_len; + } bitcoin_wallet_t; typedef struct bitcoin_wallet_tmp @@ -235,13 +238,19 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE salt->salt_iter = cry_rounds - 1; - // salt + // esalt - const bool parse_rc = generic_salt_decode (hashconfig, cry_salt_buf_pos, 16 /* instead of cry_salt_buf_len */, (u8 *) salt->salt_buf, (int *) &salt->salt_len); - salt->salt_len = cry_salt_buf_len / 2; /* communicate original salt size to the kernel */ + const bool parse_rc = generic_salt_decode (hashconfig, cry_salt_buf_pos, cry_salt_buf_len, (u8 *) bitcoin_wallet->cry_salt_buf, (int *) &bitcoin_wallet->cry_salt_len); if (parse_rc == false) return (PARSER_SALT_LENGTH); + // salt + + salt->salt_buf[0] = bitcoin_wallet->cry_salt_buf[0]; + salt->salt_buf[1] = bitcoin_wallet->cry_salt_buf[1]; + + salt->salt_len = 8; + return (PARSER_OK); } From fe8c17f4c74065aaded12c63db92515143f1dc82 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 15 Nov 2019 14:42:34 +0100 Subject: [PATCH 033/300] Support pause/abort in hooks --- include/types.h | 1 + src/backend.c | 18 ++++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/include/types.h b/include/types.h index 3169a989f..c9a25cd8e 100644 --- a/include/types.h +++ b/include/types.h @@ -2476,6 +2476,7 @@ typedef struct hook_thread_param int tsz; module_ctx_t *module_ctx; + status_ctx_t *status_ctx; hc_device_param_t *device_param; diff --git a/src/backend.c b/src/backend.c index f29d77723..c0b7734e0 100644 --- a/src/backend.c +++ b/src/backend.c @@ -2891,6 +2891,7 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, hook_thread_param->tsz = hook_threads; hook_thread_param->module_ctx = module_ctx; + hook_thread_param->status_ctx = status_ctx; hook_thread_param->device_param = device_param; @@ -3006,6 +3007,7 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, hook_thread_param->tsz = hook_threads; hook_thread_param->module_ctx = module_ctx; + hook_thread_param->status_ctx = status_ctx; hook_thread_param->device_param = device_param; @@ -10269,6 +10271,7 @@ void *hook12_thread (void *p) hook_thread_param_t *hook_thread_param = (hook_thread_param_t *) p; module_ctx_t *module_ctx = hook_thread_param->module_ctx; + status_ctx_t *status_ctx = hook_thread_param->status_ctx; const u64 tid = hook_thread_param->tid; const u64 tsz = hook_thread_param->tsz; @@ -10276,7 +10279,12 @@ void *hook12_thread (void *p) for (u64 pw_pos = tid; pw_pos < pws_cnt; pw_pos += tsz) { - module_ctx->module_hook12 (hook_thread_param->device_param, hook_thread_param->hook_salts_buf, hook_thread_param->salt_pos, pw_pos); + while (status_ctx->devices_status == STATUS_PAUSED) sleep (1); + + if (status_ctx->devices_status == STATUS_RUNNING) + { + module_ctx->module_hook12 (hook_thread_param->device_param, hook_thread_param->hook_salts_buf, hook_thread_param->salt_pos, pw_pos); + } } return NULL; @@ -10287,6 +10295,7 @@ void *hook23_thread (void *p) hook_thread_param_t *hook_thread_param = (hook_thread_param_t *) p; module_ctx_t *module_ctx = hook_thread_param->module_ctx; + status_ctx_t *status_ctx = hook_thread_param->status_ctx; const u64 tid = hook_thread_param->tid; const u64 tsz = hook_thread_param->tsz; @@ -10294,7 +10303,12 @@ void *hook23_thread (void *p) for (u64 pw_pos = tid; pw_pos < pws_cnt; pw_pos += tsz) { - module_ctx->module_hook23 (hook_thread_param->device_param, hook_thread_param->hook_salts_buf, hook_thread_param->salt_pos, pw_pos); + while (status_ctx->devices_status == STATUS_PAUSED) sleep (1); + + if (status_ctx->devices_status == STATUS_RUNNING) + { + module_ctx->module_hook23 (hook_thread_param->device_param, hook_thread_param->hook_salts_buf, hook_thread_param->salt_pos, pw_pos); + } } return NULL; From db91fe6981e6fc3976b1d7a8fa46b4acc953d5ef Mon Sep 17 00:00:00 2001 From: philsmd Date: Sat, 16 Nov 2019 10:48:52 +0100 Subject: [PATCH 034/300] Added -m 21700 = Electrum 4 and -m 21800 = Electrum 5 --- OpenCL/inc_common.h | 42 +- OpenCL/m21700-pure.cl | 643 ++ OpenCL/m21800-pure.cl | 582 ++ deps/secp256k1/.gitignore | 50 + deps/secp256k1/COPYING | 19 + deps/secp256k1/Makefile.am | 183 + deps/secp256k1/README.md | 73 + deps/secp256k1/TODO | 3 + deps/secp256k1/autogen.sh | 3 + .../build-aux/m4/ax_jni_include_dir.m4 | 145 + .../build-aux/m4/ax_prog_cc_for_build.m4 | 125 + deps/secp256k1/build-aux/m4/bitcoin_secp.m4 | 68 + deps/secp256k1/configure.ac | 591 ++ deps/secp256k1/contrib/lax_der_parsing.c | 150 + deps/secp256k1/contrib/lax_der_parsing.h | 91 + .../contrib/lax_der_privatekey_parsing.c | 113 + .../contrib/lax_der_privatekey_parsing.h | 90 + deps/secp256k1/include/secp256k1.h | 708 +++ deps/secp256k1/include/secp256k1_ecdh.h | 55 + .../include/secp256k1_preallocated.h | 128 + deps/secp256k1/include/secp256k1_recovery.h | 110 + deps/secp256k1/libsecp256k1.pc.in | 13 + deps/secp256k1/obj/.gitignore | 0 deps/secp256k1/sage/group_prover.sage | 322 + deps/secp256k1/sage/secp256k1.sage | 306 + deps/secp256k1/sage/weierstrass_prover.sage | 264 + deps/secp256k1/src/asm/field_10x26_arm.s | 913 +++ deps/secp256k1/src/basic-config.h | 38 + deps/secp256k1/src/bench.h | 82 + deps/secp256k1/src/bench_ecdh.c | 54 + deps/secp256k1/src/bench_ecmult.c | 207 + deps/secp256k1/src/bench_internal.c | 369 ++ deps/secp256k1/src/bench_recover.c | 60 + deps/secp256k1/src/bench_sign.c | 56 + deps/secp256k1/src/bench_verify.c | 112 + deps/secp256k1/src/ecdsa.h | 21 + deps/secp256k1/src/ecdsa_impl.h | 319 + deps/secp256k1/src/eckey.h | 25 + deps/secp256k1/src/eckey_impl.h | 100 + deps/secp256k1/src/ecmult.h | 48 + deps/secp256k1/src/ecmult_const.h | 20 + deps/secp256k1/src/ecmult_const_impl.h | 261 + deps/secp256k1/src/ecmult_gen.h | 50 + deps/secp256k1/src/ecmult_gen_impl.h | 211 + deps/secp256k1/src/ecmult_impl.h | 1216 ++++ deps/secp256k1/src/field.h | 132 + deps/secp256k1/src/field_10x26.h | 50 + deps/secp256k1/src/field_10x26_impl.h | 1162 ++++ deps/secp256k1/src/field_5x52.h | 49 + deps/secp256k1/src/field_5x52_asm_impl.h | 502 ++ deps/secp256k1/src/field_5x52_impl.h | 496 ++ deps/secp256k1/src/field_5x52_int128_impl.h | 279 + deps/secp256k1/src/field_impl.h | 318 + deps/secp256k1/src/gen_context.c | 87 + deps/secp256k1/src/group.h | 142 + deps/secp256k1/src/group_impl.h | 705 +++ deps/secp256k1/src/hash.h | 41 + deps/secp256k1/src/hash_impl.h | 283 + .../src/java/org/bitcoin/NativeSecp256k1.java | 446 ++ .../java/org/bitcoin/NativeSecp256k1Test.java | 225 + .../java/org/bitcoin/NativeSecp256k1Util.java | 45 + .../java/org/bitcoin/Secp256k1Context.java | 51 + .../src/java/org_bitcoin_NativeSecp256k1.c | 379 ++ .../src/java/org_bitcoin_NativeSecp256k1.h | 119 + .../src/java/org_bitcoin_Secp256k1Context.c | 15 + .../src/java/org_bitcoin_Secp256k1Context.h | 22 + .../src/modules/ecdh/Makefile.am.include | 8 + deps/secp256k1/src/modules/ecdh/main_impl.h | 67 + deps/secp256k1/src/modules/ecdh/tests_impl.h | 132 + .../src/modules/recovery/Makefile.am.include | 8 + .../src/modules/recovery/main_impl.h | 193 + .../src/modules/recovery/tests_impl.h | 393 ++ deps/secp256k1/src/num.h | 74 + deps/secp256k1/src/num_gmp.h | 20 + deps/secp256k1/src/num_gmp_impl.h | 288 + deps/secp256k1/src/num_impl.h | 24 + deps/secp256k1/src/scalar.h | 106 + deps/secp256k1/src/scalar_4x64.h | 19 + deps/secp256k1/src/scalar_4x64_impl.h | 949 +++ deps/secp256k1/src/scalar_8x32.h | 19 + deps/secp256k1/src/scalar_8x32_impl.h | 721 +++ deps/secp256k1/src/scalar_impl.h | 333 ++ deps/secp256k1/src/scalar_low.h | 15 + deps/secp256k1/src/scalar_low_impl.h | 117 + deps/secp256k1/src/scratch.h | 42 + deps/secp256k1/src/scratch_impl.h | 88 + deps/secp256k1/src/secp256k1.c | 690 +++ deps/secp256k1/src/testrand.h | 38 + deps/secp256k1/src/testrand_impl.h | 110 + deps/secp256k1/src/tests.c | 5301 +++++++++++++++++ deps/secp256k1/src/tests_exhaustive.c | 511 ++ deps/secp256k1/src/util.h | 162 + docs/changes.txt | 2 +- docs/credits.txt | 1 + docs/readme.txt | 2 +- include/ext_secp256k1.h | 13 + src/Makefile | 41 +- src/ext_secp256k1.c | 77 + src/modules/module_21700.c | 401 ++ src/modules/module_21800.c | 529 ++ tools/install_modules.sh | 3 + tools/test_modules/m21700.pm | 284 + tools/test_modules/m21800.pm | 338 ++ 103 files changed, 26683 insertions(+), 23 deletions(-) create mode 100644 OpenCL/m21700-pure.cl create mode 100644 OpenCL/m21800-pure.cl create mode 100644 deps/secp256k1/.gitignore create mode 100644 deps/secp256k1/COPYING create mode 100644 deps/secp256k1/Makefile.am create mode 100644 deps/secp256k1/README.md create mode 100644 deps/secp256k1/TODO create mode 100755 deps/secp256k1/autogen.sh create mode 100644 deps/secp256k1/build-aux/m4/ax_jni_include_dir.m4 create mode 100644 deps/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 create mode 100644 deps/secp256k1/build-aux/m4/bitcoin_secp.m4 create mode 100644 deps/secp256k1/configure.ac create mode 100644 deps/secp256k1/contrib/lax_der_parsing.c create mode 100644 deps/secp256k1/contrib/lax_der_parsing.h create mode 100644 deps/secp256k1/contrib/lax_der_privatekey_parsing.c create mode 100644 deps/secp256k1/contrib/lax_der_privatekey_parsing.h create mode 100644 deps/secp256k1/include/secp256k1.h create mode 100644 deps/secp256k1/include/secp256k1_ecdh.h create mode 100644 deps/secp256k1/include/secp256k1_preallocated.h create mode 100644 deps/secp256k1/include/secp256k1_recovery.h create mode 100644 deps/secp256k1/libsecp256k1.pc.in create mode 100644 deps/secp256k1/obj/.gitignore create mode 100644 deps/secp256k1/sage/group_prover.sage create mode 100644 deps/secp256k1/sage/secp256k1.sage create mode 100644 deps/secp256k1/sage/weierstrass_prover.sage create mode 100644 deps/secp256k1/src/asm/field_10x26_arm.s create mode 100644 deps/secp256k1/src/basic-config.h create mode 100644 deps/secp256k1/src/bench.h create mode 100644 deps/secp256k1/src/bench_ecdh.c create mode 100644 deps/secp256k1/src/bench_ecmult.c create mode 100644 deps/secp256k1/src/bench_internal.c create mode 100644 deps/secp256k1/src/bench_recover.c create mode 100644 deps/secp256k1/src/bench_sign.c create mode 100644 deps/secp256k1/src/bench_verify.c create mode 100644 deps/secp256k1/src/ecdsa.h create mode 100644 deps/secp256k1/src/ecdsa_impl.h create mode 100644 deps/secp256k1/src/eckey.h create mode 100644 deps/secp256k1/src/eckey_impl.h create mode 100644 deps/secp256k1/src/ecmult.h create mode 100644 deps/secp256k1/src/ecmult_const.h create mode 100644 deps/secp256k1/src/ecmult_const_impl.h create mode 100644 deps/secp256k1/src/ecmult_gen.h create mode 100644 deps/secp256k1/src/ecmult_gen_impl.h create mode 100644 deps/secp256k1/src/ecmult_impl.h create mode 100644 deps/secp256k1/src/field.h create mode 100644 deps/secp256k1/src/field_10x26.h create mode 100644 deps/secp256k1/src/field_10x26_impl.h create mode 100644 deps/secp256k1/src/field_5x52.h create mode 100644 deps/secp256k1/src/field_5x52_asm_impl.h create mode 100644 deps/secp256k1/src/field_5x52_impl.h create mode 100644 deps/secp256k1/src/field_5x52_int128_impl.h create mode 100644 deps/secp256k1/src/field_impl.h create mode 100644 deps/secp256k1/src/gen_context.c create mode 100644 deps/secp256k1/src/group.h create mode 100644 deps/secp256k1/src/group_impl.h create mode 100644 deps/secp256k1/src/hash.h create mode 100644 deps/secp256k1/src/hash_impl.h create mode 100644 deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1.java create mode 100644 deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Test.java create mode 100644 deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Util.java create mode 100644 deps/secp256k1/src/java/org/bitcoin/Secp256k1Context.java create mode 100644 deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.c create mode 100644 deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.h create mode 100644 deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.c create mode 100644 deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.h create mode 100644 deps/secp256k1/src/modules/ecdh/Makefile.am.include create mode 100644 deps/secp256k1/src/modules/ecdh/main_impl.h create mode 100644 deps/secp256k1/src/modules/ecdh/tests_impl.h create mode 100644 deps/secp256k1/src/modules/recovery/Makefile.am.include create mode 100755 deps/secp256k1/src/modules/recovery/main_impl.h create mode 100644 deps/secp256k1/src/modules/recovery/tests_impl.h create mode 100644 deps/secp256k1/src/num.h create mode 100644 deps/secp256k1/src/num_gmp.h create mode 100644 deps/secp256k1/src/num_gmp_impl.h create mode 100644 deps/secp256k1/src/num_impl.h create mode 100644 deps/secp256k1/src/scalar.h create mode 100644 deps/secp256k1/src/scalar_4x64.h create mode 100644 deps/secp256k1/src/scalar_4x64_impl.h create mode 100644 deps/secp256k1/src/scalar_8x32.h create mode 100644 deps/secp256k1/src/scalar_8x32_impl.h create mode 100644 deps/secp256k1/src/scalar_impl.h create mode 100644 deps/secp256k1/src/scalar_low.h create mode 100644 deps/secp256k1/src/scalar_low_impl.h create mode 100644 deps/secp256k1/src/scratch.h create mode 100644 deps/secp256k1/src/scratch_impl.h create mode 100644 deps/secp256k1/src/secp256k1.c create mode 100644 deps/secp256k1/src/testrand.h create mode 100644 deps/secp256k1/src/testrand_impl.h create mode 100644 deps/secp256k1/src/tests.c create mode 100644 deps/secp256k1/src/tests_exhaustive.c create mode 100644 deps/secp256k1/src/util.h create mode 100644 include/ext_secp256k1.h create mode 100644 src/ext_secp256k1.c create mode 100644 src/modules/module_21700.c create mode 100644 src/modules/module_21800.c create mode 100644 tools/test_modules/m21700.pm create mode 100644 tools/test_modules/m21800.pm diff --git a/OpenCL/inc_common.h b/OpenCL/inc_common.h index 58a6bbeb5..36bbb8998 100644 --- a/OpenCL/inc_common.h +++ b/OpenCL/inc_common.h @@ -110,27 +110,29 @@ */ #ifdef IS_CUDA -#define KERN_ATTR_BASIC() KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, void, void, void) -#define KERN_ATTR_BITSLICE() KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bs_word_t *g_words_buf_s, void, void, void) -#define KERN_ATTR_ESALT(e) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, void, void, e) -#define KERN_ATTR_RULES() KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, void, void, void) -#define KERN_ATTR_RULES_ESALT(e) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, void, void, e) -#define KERN_ATTR_TMPS(t) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, t, void, void) -#define KERN_ATTR_TMPS_ESALT(t,e) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, t, void, e) -#define KERN_ATTR_TMPS_HOOKS(t,h) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, t, h, void) -#define KERN_ATTR_VECTOR() KERN_ATTR (GLOBAL_AS, GLOBAL_AS const u32x *g_words_buf_r, void, void, void) -#define KERN_ATTR_VECTOR_ESALT(e) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const u32x *g_words_buf_r, void, void, e) +#define KERN_ATTR_BASIC() KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, void, void, void) +#define KERN_ATTR_BITSLICE() KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bs_word_t *g_words_buf_s, void, void, void) +#define KERN_ATTR_ESALT(e) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, void, void, e) +#define KERN_ATTR_RULES() KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, void, void, void) +#define KERN_ATTR_RULES_ESALT(e) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, void, void, e) +#define KERN_ATTR_TMPS(t) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, t, void, void) +#define KERN_ATTR_TMPS_ESALT(t,e) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, t, void, e) +#define KERN_ATTR_TMPS_HOOKS(t,h) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, t, h, void) +#define KERN_ATTR_TMPS_HOOKS_ESALT(t,h,e) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const bf_t *g_bfs_buf, t, h, e) +#define KERN_ATTR_VECTOR() KERN_ATTR (GLOBAL_AS, GLOBAL_AS const u32x *g_words_buf_r, void, void, void) +#define KERN_ATTR_VECTOR_ESALT(e) KERN_ATTR (GLOBAL_AS, GLOBAL_AS const u32x *g_words_buf_r, void, void, e) #else -#define KERN_ATTR_BASIC() KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, void, void, void) -#define KERN_ATTR_BITSLICE() KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bs_word_t *words_buf_s, void, void, void) -#define KERN_ATTR_ESALT(e) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, void, void, e) -#define KERN_ATTR_RULES() KERN_ATTR (CONSTANT_AS, GLOBAL_AS const bf_t *bfs_buf, void, void, void) -#define KERN_ATTR_RULES_ESALT(e) KERN_ATTR (CONSTANT_AS, GLOBAL_AS const bf_t *bfs_buf, void, void, e) -#define KERN_ATTR_TMPS(t) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, t, void, void) -#define KERN_ATTR_TMPS_ESALT(t,e) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, t, void, e) -#define KERN_ATTR_TMPS_HOOKS(t,h) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, t, h, void) -#define KERN_ATTR_VECTOR() KERN_ATTR (GLOBAL_AS, CONSTANT_AS const u32x *words_buf_r, void, void, void) -#define KERN_ATTR_VECTOR_ESALT(e) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const u32x *words_buf_r, void, void, e) +#define KERN_ATTR_BASIC() KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, void, void, void) +#define KERN_ATTR_BITSLICE() KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bs_word_t *words_buf_s, void, void, void) +#define KERN_ATTR_ESALT(e) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, void, void, e) +#define KERN_ATTR_RULES() KERN_ATTR (CONSTANT_AS, GLOBAL_AS const bf_t *bfs_buf, void, void, void) +#define KERN_ATTR_RULES_ESALT(e) KERN_ATTR (CONSTANT_AS, GLOBAL_AS const bf_t *bfs_buf, void, void, e) +#define KERN_ATTR_TMPS(t) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, t, void, void) +#define KERN_ATTR_TMPS_ESALT(t,e) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, t, void, e) +#define KERN_ATTR_TMPS_HOOKS(t,h) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, t, h, void) +#define KERN_ATTR_TMPS_HOOKS_ESALT(t,h,e) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const bf_t *bfs_buf, t, h, e) +#define KERN_ATTR_VECTOR() KERN_ATTR (GLOBAL_AS, CONSTANT_AS const u32x *words_buf_r, void, void, void) +#define KERN_ATTR_VECTOR_ESALT(e) KERN_ATTR (GLOBAL_AS, CONSTANT_AS const u32x *words_buf_r, void, void, e) #endif // union based packing diff --git a/OpenCL/m21700-pure.cl b/OpenCL/m21700-pure.cl new file mode 100644 index 000000000..178b28402 --- /dev/null +++ b/OpenCL/m21700-pure.cl @@ -0,0 +1,643 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha256.cl" +#include "inc_hash_sha512.cl" +#endif + +#define COMPARE_M "inc_comp_multi.cl" + +typedef struct electrum +{ + u32 data_buf[4096]; + u32 data_len; + +} electrum_t; + +typedef struct electrum_tmp +{ + u64 ipad[8]; + u64 opad[8]; + + u64 dgst[8]; + u64 out[8]; + +} electrum_tmp_t; + +typedef struct +{ + u32 ukey[8]; + + u32 pubkey[9]; // 32 + 1 bytes (for sign of the curve point) + + u32 hook_success; + +} electrum_hook_t; + +DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w4, u32x *w5, u32x *w6, u32x *w7, u64x *ipad, u64x *opad, u64x *digest) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + digest[5] = ipad[5]; + digest[6] = ipad[6]; + digest[7] = ipad[7]; + + sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest); + + w0[0] = h32_from_64 (digest[0]); + w0[1] = l32_from_64 (digest[0]); + w0[2] = h32_from_64 (digest[1]); + w0[3] = l32_from_64 (digest[1]); + w1[0] = h32_from_64 (digest[2]); + w1[1] = l32_from_64 (digest[2]); + w1[2] = h32_from_64 (digest[3]); + w1[3] = l32_from_64 (digest[3]); + w2[0] = h32_from_64 (digest[4]); + w2[1] = l32_from_64 (digest[4]); + w2[2] = h32_from_64 (digest[5]); + w2[3] = l32_from_64 (digest[5]); + w3[0] = h32_from_64 (digest[6]); + w3[1] = l32_from_64 (digest[6]); + w3[2] = h32_from_64 (digest[7]); + w3[3] = l32_from_64 (digest[7]); + w4[0] = 0x80000000; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = (128 + 64) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + digest[5] = opad[5]; + digest[6] = opad[6]; + digest[7] = opad[7]; + + sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest); +} + +KERNEL_FQ void m21700_init (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electrum_hook_t, electrum_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + sha512_hmac_ctx_t sha512_hmac_ctx; + + sha512_hmac_init_global_swap (&sha512_hmac_ctx, pws[gid].i, pws[gid].pw_len); + + tmps[gid].ipad[0] = sha512_hmac_ctx.ipad.h[0]; + tmps[gid].ipad[1] = sha512_hmac_ctx.ipad.h[1]; + tmps[gid].ipad[2] = sha512_hmac_ctx.ipad.h[2]; + tmps[gid].ipad[3] = sha512_hmac_ctx.ipad.h[3]; + tmps[gid].ipad[4] = sha512_hmac_ctx.ipad.h[4]; + tmps[gid].ipad[5] = sha512_hmac_ctx.ipad.h[5]; + tmps[gid].ipad[6] = sha512_hmac_ctx.ipad.h[6]; + tmps[gid].ipad[7] = sha512_hmac_ctx.ipad.h[7]; + + tmps[gid].opad[0] = sha512_hmac_ctx.opad.h[0]; + tmps[gid].opad[1] = sha512_hmac_ctx.opad.h[1]; + tmps[gid].opad[2] = sha512_hmac_ctx.opad.h[2]; + tmps[gid].opad[3] = sha512_hmac_ctx.opad.h[3]; + tmps[gid].opad[4] = sha512_hmac_ctx.opad.h[4]; + tmps[gid].opad[5] = sha512_hmac_ctx.opad.h[5]; + tmps[gid].opad[6] = sha512_hmac_ctx.opad.h[6]; + tmps[gid].opad[7] = sha512_hmac_ctx.opad.h[7]; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + u32 w4[4]; + u32 w5[4]; + u32 w6[4]; + u32 w7[4]; + + w0[0] = 1; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + w4[0] = 0; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = 0; + + sha512_hmac_update_128 (&sha512_hmac_ctx, w0, w1, w2, w3, w4, w5, w6, w7, 4); + + sha512_hmac_final (&sha512_hmac_ctx); + + tmps[gid].dgst[0] = sha512_hmac_ctx.opad.h[0]; + tmps[gid].dgst[1] = sha512_hmac_ctx.opad.h[1]; + tmps[gid].dgst[2] = sha512_hmac_ctx.opad.h[2]; + tmps[gid].dgst[3] = sha512_hmac_ctx.opad.h[3]; + tmps[gid].dgst[4] = sha512_hmac_ctx.opad.h[4]; + tmps[gid].dgst[5] = sha512_hmac_ctx.opad.h[5]; + tmps[gid].dgst[6] = sha512_hmac_ctx.opad.h[6]; + tmps[gid].dgst[7] = sha512_hmac_ctx.opad.h[7]; + + tmps[gid].out[0] = tmps[gid].dgst[0]; + tmps[gid].out[1] = tmps[gid].dgst[1]; + tmps[gid].out[2] = tmps[gid].dgst[2]; + tmps[gid].out[3] = tmps[gid].dgst[3]; + tmps[gid].out[4] = tmps[gid].dgst[4]; + tmps[gid].out[5] = tmps[gid].dgst[5]; + tmps[gid].out[6] = tmps[gid].dgst[6]; + tmps[gid].out[7] = tmps[gid].dgst[7]; +} + +KERNEL_FQ void m21700_loop (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electrum_hook_t, electrum_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= gid_max) return; + + u64x ipad[8]; + u64x opad[8]; + + ipad[0] = pack64v (tmps, ipad, gid, 0); + ipad[1] = pack64v (tmps, ipad, gid, 1); + ipad[2] = pack64v (tmps, ipad, gid, 2); + ipad[3] = pack64v (tmps, ipad, gid, 3); + ipad[4] = pack64v (tmps, ipad, gid, 4); + ipad[5] = pack64v (tmps, ipad, gid, 5); + ipad[6] = pack64v (tmps, ipad, gid, 6); + ipad[7] = pack64v (tmps, ipad, gid, 7); + + opad[0] = pack64v (tmps, opad, gid, 0); + opad[1] = pack64v (tmps, opad, gid, 1); + opad[2] = pack64v (tmps, opad, gid, 2); + opad[3] = pack64v (tmps, opad, gid, 3); + opad[4] = pack64v (tmps, opad, gid, 4); + opad[5] = pack64v (tmps, opad, gid, 5); + opad[6] = pack64v (tmps, opad, gid, 6); + opad[7] = pack64v (tmps, opad, gid, 7); + + u64x dgst[8]; + u64x out[8]; + + dgst[0] = pack64v (tmps, dgst, gid, 0); + dgst[1] = pack64v (tmps, dgst, gid, 1); + dgst[2] = pack64v (tmps, dgst, gid, 2); + dgst[3] = pack64v (tmps, dgst, gid, 3); + dgst[4] = pack64v (tmps, dgst, gid, 4); + dgst[5] = pack64v (tmps, dgst, gid, 5); + dgst[6] = pack64v (tmps, dgst, gid, 6); + dgst[7] = pack64v (tmps, dgst, gid, 7); + + out[0] = pack64v (tmps, out, gid, 0); + out[1] = pack64v (tmps, out, gid, 1); + out[2] = pack64v (tmps, out, gid, 2); + out[3] = pack64v (tmps, out, gid, 3); + out[4] = pack64v (tmps, out, gid, 4); + out[5] = pack64v (tmps, out, gid, 5); + out[6] = pack64v (tmps, out, gid, 6); + out[7] = pack64v (tmps, out, gid, 7); + + for (u32 j = 0; j < loop_cnt; j++) + { + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + u32x w4[4]; + u32x w5[4]; + u32x w6[4]; + u32x w7[4]; + + w0[0] = h32_from_64 (dgst[0]); + w0[1] = l32_from_64 (dgst[0]); + w0[2] = h32_from_64 (dgst[1]); + w0[3] = l32_from_64 (dgst[1]); + w1[0] = h32_from_64 (dgst[2]); + w1[1] = l32_from_64 (dgst[2]); + w1[2] = h32_from_64 (dgst[3]); + w1[3] = l32_from_64 (dgst[3]); + w2[0] = h32_from_64 (dgst[4]); + w2[1] = l32_from_64 (dgst[4]); + w2[2] = h32_from_64 (dgst[5]); + w2[3] = l32_from_64 (dgst[5]); + w3[0] = h32_from_64 (dgst[6]); + w3[1] = l32_from_64 (dgst[6]); + w3[2] = h32_from_64 (dgst[7]); + w3[3] = l32_from_64 (dgst[7]); + w4[0] = 0x80000000; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = (128 + 64) * 8; + + hmac_sha512_run_V (w0, w1, w2, w3, w4, w5, w6, w7, ipad, opad, dgst); + + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + out[5] ^= dgst[5]; + out[6] ^= dgst[6]; + out[7] ^= dgst[7]; + } + + unpack64v (tmps, dgst, gid, 0, dgst[0]); + unpack64v (tmps, dgst, gid, 1, dgst[1]); + unpack64v (tmps, dgst, gid, 2, dgst[2]); + unpack64v (tmps, dgst, gid, 3, dgst[3]); + unpack64v (tmps, dgst, gid, 4, dgst[4]); + unpack64v (tmps, dgst, gid, 5, dgst[5]); + unpack64v (tmps, dgst, gid, 6, dgst[6]); + unpack64v (tmps, dgst, gid, 7, dgst[7]); + + unpack64v (tmps, out, gid, 0, out[0]); + unpack64v (tmps, out, gid, 1, out[1]); + unpack64v (tmps, out, gid, 2, out[2]); + unpack64v (tmps, out, gid, 3, out[3]); + unpack64v (tmps, out, gid, 4, out[4]); + unpack64v (tmps, out, gid, 5, out[5]); + unpack64v (tmps, out, gid, 6, out[6]); + unpack64v (tmps, out, gid, 7, out[7]); +} + +KERNEL_FQ void m21700_hook23 (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electrum_hook_t, electrum_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u64 out[8]; + + out[0] = tmps[gid].out[0]; + out[1] = tmps[gid].out[1]; + out[2] = tmps[gid].out[2]; + out[3] = tmps[gid].out[3]; + out[4] = tmps[gid].out[4]; + out[5] = tmps[gid].out[5]; + out[6] = tmps[gid].out[6]; + out[7] = tmps[gid].out[7]; + + // we need to perform a modulo operation with 512-bit % 256-bit (bignum modulo): + // the modulus is the secp256k1 group order + + /* + the general modulo by shift and substract code (a = a % b): + + x = b; + + t = a >> 1; + + while (x <= t) x <<= 1; + + while (a >= b) + { + if (a >= x) a -= x; + + x >>= 1; + } + + return a; // remainder + */ + + u32 a[16]; + + a[ 0] = h32_from_64_S (out[0]); + a[ 1] = l32_from_64_S (out[0]); + a[ 2] = h32_from_64_S (out[1]); + a[ 3] = l32_from_64_S (out[1]); + a[ 4] = h32_from_64_S (out[2]); + a[ 5] = l32_from_64_S (out[2]); + a[ 6] = h32_from_64_S (out[3]); + a[ 7] = l32_from_64_S (out[3]); + a[ 8] = h32_from_64_S (out[4]); + a[ 9] = l32_from_64_S (out[4]); + a[10] = h32_from_64_S (out[5]); + a[11] = l32_from_64_S (out[5]); + a[12] = h32_from_64_S (out[6]); + a[13] = l32_from_64_S (out[6]); + a[14] = h32_from_64_S (out[7]); + a[15] = l32_from_64_S (out[7]); + + u32 b[16]; + + b[ 0] = 0x00000000; + b[ 1] = 0x00000000; + b[ 2] = 0x00000000; + b[ 3] = 0x00000000; + b[ 4] = 0x00000000; + b[ 5] = 0x00000000; + b[ 6] = 0x00000000; + b[ 7] = 0x00000000; + b[ 8] = 0xffffffff; + b[ 9] = 0xffffffff; + b[10] = 0xffffffff; + b[11] = 0xfffffffe; + b[12] = 0xbaaedce6; + b[13] = 0xaf48a03b; + b[14] = 0xbfd25e8c; + b[15] = 0xd0364141; + + /* + * Start: + */ + + // x = b (but with a fast "shift" trick to avoid the while loop) + + u32 x[16]; + + x[ 0] = b[ 8]; // this is a trick: we just put the group order's most significant bit all the + x[ 1] = b[ 9]; // way to the top to avoid doing the initial: while (x <= t) x <<= 1 + x[ 2] = b[10]; + x[ 3] = b[11]; + x[ 4] = b[12]; + x[ 5] = b[13]; + x[ 6] = b[14]; + x[ 7] = b[15]; + x[ 8] = 0x00000000; + x[ 9] = 0x00000000; + x[10] = 0x00000000; + x[11] = 0x00000000; + x[12] = 0x00000000; + x[13] = 0x00000000; + x[14] = 0x00000000; + x[15] = 0x00000000; + + // a >= b + + while (a[0] >= b[0]) + { + if (a[ 0] == b[ 0]) if (a[ 1] < b[ 1]) break; + if (a[ 1] == b[ 1]) if (a[ 2] < b[ 2]) break; + if (a[ 2] == b[ 2]) if (a[ 3] < b[ 3]) break; + if (a[ 3] == b[ 3]) if (a[ 4] < b[ 4]) break; + if (a[ 4] == b[ 4]) if (a[ 5] < b[ 5]) break; + if (a[ 5] == b[ 5]) if (a[ 6] < b[ 6]) break; + if (a[ 6] == b[ 6]) if (a[ 7] < b[ 7]) break; + if (a[ 7] == b[ 7]) if (a[ 8] < b[ 8]) break; + if (a[ 8] == b[ 8]) if (a[ 9] < b[ 9]) break; + if (a[ 9] == b[ 9]) if (a[10] < b[10]) break; + if (a[10] == b[10]) if (a[11] < b[11]) break; + if (a[11] == b[11]) if (a[12] < b[12]) break; + if (a[12] == b[12]) if (a[13] < b[13]) break; + if (a[13] == b[13]) if (a[14] < b[14]) break; + if (a[14] == b[14]) if (a[15] < b[15]) break; + + // r = x (copy it to have the original values for the subtraction) + + u32 r[16]; + + r[ 0] = x[ 0]; + r[ 1] = x[ 1]; + r[ 2] = x[ 2]; + r[ 3] = x[ 3]; + r[ 4] = x[ 4]; + r[ 5] = x[ 5]; + r[ 6] = x[ 6]; + r[ 7] = x[ 7]; + r[ 8] = x[ 8]; + r[ 9] = x[ 9]; + r[10] = x[10]; + r[11] = x[11]; + r[12] = x[12]; + r[13] = x[13]; + r[14] = x[14]; + r[15] = x[15]; + + // x >>= 1 + + x[15] = x[15] >> 1 | (x[14] & 1) << 31; + x[14] = x[14] >> 1 | (x[13] & 1) << 31; + x[13] = x[13] >> 1 | (x[12] & 1) << 31; + x[12] = x[12] >> 1 | (x[11] & 1) << 31; + x[11] = x[11] >> 1 | (x[10] & 1) << 31; + x[10] = x[10] >> 1 | (x[ 9] & 1) << 31; + x[ 9] = x[ 9] >> 1 | (x[ 8] & 1) << 31; + x[ 8] = x[ 8] >> 1 | (x[ 7] & 1) << 31; + x[ 7] = x[ 7] >> 1 | (x[ 6] & 1) << 31; + x[ 6] = x[ 6] >> 1 | (x[ 5] & 1) << 31; + x[ 5] = x[ 5] >> 1 | (x[ 4] & 1) << 31; + x[ 4] = x[ 4] >> 1 | (x[ 3] & 1) << 31; + x[ 3] = x[ 3] >> 1 | (x[ 2] & 1) << 31; + x[ 2] = x[ 2] >> 1 | (x[ 1] & 1) << 31; + x[ 1] = x[ 1] >> 1 | (x[ 0] & 1) << 31; + x[ 0] = x[ 0] >> 1; + + // if (a >= r) a -= r; + + if (a[ 0] < r[ 0]) continue; + if (a[ 0] == r[ 0]) if (a[ 1] < r[ 1]) continue; + if (a[ 1] == r[ 1]) if (a[ 2] < r[ 2]) continue; + if (a[ 2] == r[ 2]) if (a[ 3] < r[ 3]) continue; + if (a[ 3] == r[ 3]) if (a[ 4] < r[ 4]) continue; + if (a[ 4] == r[ 4]) if (a[ 5] < r[ 5]) continue; + if (a[ 5] == r[ 5]) if (a[ 6] < r[ 6]) continue; + if (a[ 6] == r[ 6]) if (a[ 7] < r[ 7]) continue; + if (a[ 7] == r[ 7]) if (a[ 8] < r[ 8]) continue; + if (a[ 8] == r[ 8]) if (a[ 9] < r[ 9]) continue; + if (a[ 9] == r[ 9]) if (a[10] < r[10]) continue; + if (a[10] == r[10]) if (a[11] < r[11]) continue; + if (a[11] == r[11]) if (a[12] < r[12]) continue; + if (a[12] == r[12]) if (a[13] < r[13]) continue; + if (a[13] == r[13]) if (a[14] < r[14]) continue; + if (a[14] == r[14]) if (a[15] < r[15]) continue; + + // substract (a -= r): + + r[ 0] = a[ 0] - r[ 0]; + r[ 1] = a[ 1] - r[ 1]; + r[ 2] = a[ 2] - r[ 2]; + r[ 3] = a[ 3] - r[ 3]; + r[ 4] = a[ 4] - r[ 4]; + r[ 5] = a[ 5] - r[ 5]; + r[ 6] = a[ 6] - r[ 6]; + r[ 7] = a[ 7] - r[ 7]; + r[ 8] = a[ 8] - r[ 8]; + r[ 9] = a[ 9] - r[ 9]; + r[10] = a[10] - r[10]; + r[11] = a[11] - r[11]; + r[12] = a[12] - r[12]; + r[13] = a[13] - r[13]; + r[14] = a[14] - r[14]; + r[15] = a[15] - r[15]; + + // take care of the "borrow" (we can't do it the other way around 15...1 because r[x] is changed!) + + if (r[ 1] > a[ 1]) r[ 0]--; + if (r[ 2] > a[ 2]) r[ 1]--; + if (r[ 3] > a[ 3]) r[ 2]--; + if (r[ 4] > a[ 4]) r[ 3]--; + if (r[ 5] > a[ 5]) r[ 4]--; + if (r[ 6] > a[ 6]) r[ 5]--; + if (r[ 7] > a[ 7]) r[ 6]--; + if (r[ 8] > a[ 8]) r[ 7]--; + if (r[ 9] > a[ 9]) r[ 8]--; + if (r[10] > a[10]) r[ 9]--; + if (r[11] > a[11]) r[10]--; + if (r[12] > a[12]) r[11]--; + if (r[13] > a[13]) r[12]--; + if (r[14] > a[14]) r[13]--; + if (r[15] > a[15]) r[14]--; + + a[ 0] = r[ 0]; + a[ 1] = r[ 1]; + a[ 2] = r[ 2]; + a[ 3] = r[ 3]; + a[ 4] = r[ 4]; + a[ 5] = r[ 5]; + a[ 6] = r[ 6]; + a[ 7] = r[ 7]; + a[ 8] = r[ 8]; + a[ 9] = r[ 9]; + a[10] = r[10]; + a[11] = r[11]; + a[12] = r[12]; + a[13] = r[13]; + a[14] = r[14]; + a[15] = r[15]; + } + + /** + * copy the last 256 bit (32 bytes) of modulo (a) to the hook buffer + */ + + hooks[gid].ukey[0] = hc_swap32_S (a[ 8]); + hooks[gid].ukey[1] = hc_swap32_S (a[ 9]); + hooks[gid].ukey[2] = hc_swap32_S (a[10]); + hooks[gid].ukey[3] = hc_swap32_S (a[11]); + hooks[gid].ukey[4] = hc_swap32_S (a[12]); + hooks[gid].ukey[5] = hc_swap32_S (a[13]); + hooks[gid].ukey[6] = hc_swap32_S (a[14]); + hooks[gid].ukey[7] = hc_swap32_S (a[15]); +} + +KERNEL_FQ void m21700_comp (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electrum_hook_t, electrum_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + if (hooks[gid].hook_success == 0) return; + + u32 pubkey[64] = { 0 }; + + pubkey[0] = hooks[gid].pubkey[0]; + pubkey[1] = hooks[gid].pubkey[1]; + pubkey[2] = hooks[gid].pubkey[2]; + pubkey[3] = hooks[gid].pubkey[3]; + pubkey[4] = hooks[gid].pubkey[4]; + pubkey[5] = hooks[gid].pubkey[5]; + pubkey[6] = hooks[gid].pubkey[6]; + pubkey[7] = hooks[gid].pubkey[7]; + pubkey[8] = hooks[gid].pubkey[8]; + + sha512_ctx_t sha512_ctx; + + sha512_init (&sha512_ctx); + sha512_update_swap (&sha512_ctx, pubkey, 33); // 33 because of 32 byte curve point + sign + sha512_final (&sha512_ctx); + + /* + * sha256-hmac () of the data_buf + */ + + GLOBAL_AS u32 *data_buf = (GLOBAL_AS u32 *) esalt_bufs[digests_offset].data_buf; + + u32 data_len = esalt_bufs[digests_offset].data_len; + + u32 key[16] = { 0 }; + + key[0] = h32_from_64_S (sha512_ctx.h[4]); + key[1] = l32_from_64_S (sha512_ctx.h[4]); + key[2] = h32_from_64_S (sha512_ctx.h[5]); + key[3] = l32_from_64_S (sha512_ctx.h[5]); + + key[4] = h32_from_64_S (sha512_ctx.h[6]); + key[5] = l32_from_64_S (sha512_ctx.h[6]); + key[6] = h32_from_64_S (sha512_ctx.h[7]); + key[7] = l32_from_64_S (sha512_ctx.h[7]); + + sha256_hmac_ctx_t sha256_ctx; + + sha256_hmac_init (&sha256_ctx, key, 32); + + sha256_hmac_update_global_swap (&sha256_ctx, data_buf, data_len); + + sha256_hmac_final (&sha256_ctx); + + const u32 r0 = sha256_ctx.opad.h[0]; + const u32 r1 = sha256_ctx.opad.h[1]; + const u32 r2 = sha256_ctx.opad.h[2]; + const u32 r3 = sha256_ctx.opad.h[3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} diff --git a/OpenCL/m21800-pure.cl b/OpenCL/m21800-pure.cl new file mode 100644 index 000000000..f90bbaba9 --- /dev/null +++ b/OpenCL/m21800-pure.cl @@ -0,0 +1,582 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha512.cl" +#endif + +typedef struct electrum_tmp +{ + u64 ipad[8]; + u64 opad[8]; + + u64 dgst[8]; + u64 out[8]; + +} electrum_tmp_t; + +typedef struct +{ + u32 ukey[8]; + + u32 hook_success; + +} electrum_hook_t; + +DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w4, u32x *w5, u32x *w6, u32x *w7, u64x *ipad, u64x *opad, u64x *digest) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + digest[5] = ipad[5]; + digest[6] = ipad[6]; + digest[7] = ipad[7]; + + sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest); + + w0[0] = h32_from_64 (digest[0]); + w0[1] = l32_from_64 (digest[0]); + w0[2] = h32_from_64 (digest[1]); + w0[3] = l32_from_64 (digest[1]); + w1[0] = h32_from_64 (digest[2]); + w1[1] = l32_from_64 (digest[2]); + w1[2] = h32_from_64 (digest[3]); + w1[3] = l32_from_64 (digest[3]); + w2[0] = h32_from_64 (digest[4]); + w2[1] = l32_from_64 (digest[4]); + w2[2] = h32_from_64 (digest[5]); + w2[3] = l32_from_64 (digest[5]); + w3[0] = h32_from_64 (digest[6]); + w3[1] = l32_from_64 (digest[6]); + w3[2] = h32_from_64 (digest[7]); + w3[3] = l32_from_64 (digest[7]); + w4[0] = 0x80000000; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = (128 + 64) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + digest[5] = opad[5]; + digest[6] = opad[6]; + digest[7] = opad[7]; + + sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest); +} + +KERNEL_FQ void m21800_init (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hook_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + sha512_hmac_ctx_t sha512_hmac_ctx; + + sha512_hmac_init_global_swap (&sha512_hmac_ctx, pws[gid].i, pws[gid].pw_len); + + tmps[gid].ipad[0] = sha512_hmac_ctx.ipad.h[0]; + tmps[gid].ipad[1] = sha512_hmac_ctx.ipad.h[1]; + tmps[gid].ipad[2] = sha512_hmac_ctx.ipad.h[2]; + tmps[gid].ipad[3] = sha512_hmac_ctx.ipad.h[3]; + tmps[gid].ipad[4] = sha512_hmac_ctx.ipad.h[4]; + tmps[gid].ipad[5] = sha512_hmac_ctx.ipad.h[5]; + tmps[gid].ipad[6] = sha512_hmac_ctx.ipad.h[6]; + tmps[gid].ipad[7] = sha512_hmac_ctx.ipad.h[7]; + + tmps[gid].opad[0] = sha512_hmac_ctx.opad.h[0]; + tmps[gid].opad[1] = sha512_hmac_ctx.opad.h[1]; + tmps[gid].opad[2] = sha512_hmac_ctx.opad.h[2]; + tmps[gid].opad[3] = sha512_hmac_ctx.opad.h[3]; + tmps[gid].opad[4] = sha512_hmac_ctx.opad.h[4]; + tmps[gid].opad[5] = sha512_hmac_ctx.opad.h[5]; + tmps[gid].opad[6] = sha512_hmac_ctx.opad.h[6]; + tmps[gid].opad[7] = sha512_hmac_ctx.opad.h[7]; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + u32 w4[4]; + u32 w5[4]; + u32 w6[4]; + u32 w7[4]; + + w0[0] = 1; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + w4[0] = 0; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = 0; + + sha512_hmac_update_128 (&sha512_hmac_ctx, w0, w1, w2, w3, w4, w5, w6, w7, 4); + + sha512_hmac_final (&sha512_hmac_ctx); + + tmps[gid].dgst[0] = sha512_hmac_ctx.opad.h[0]; + tmps[gid].dgst[1] = sha512_hmac_ctx.opad.h[1]; + tmps[gid].dgst[2] = sha512_hmac_ctx.opad.h[2]; + tmps[gid].dgst[3] = sha512_hmac_ctx.opad.h[3]; + tmps[gid].dgst[4] = sha512_hmac_ctx.opad.h[4]; + tmps[gid].dgst[5] = sha512_hmac_ctx.opad.h[5]; + tmps[gid].dgst[6] = sha512_hmac_ctx.opad.h[6]; + tmps[gid].dgst[7] = sha512_hmac_ctx.opad.h[7]; + + tmps[gid].out[0] = tmps[gid].dgst[0]; + tmps[gid].out[1] = tmps[gid].dgst[1]; + tmps[gid].out[2] = tmps[gid].dgst[2]; + tmps[gid].out[3] = tmps[gid].dgst[3]; + tmps[gid].out[4] = tmps[gid].dgst[4]; + tmps[gid].out[5] = tmps[gid].dgst[5]; + tmps[gid].out[6] = tmps[gid].dgst[6]; + tmps[gid].out[7] = tmps[gid].dgst[7]; +} + +KERNEL_FQ void m21800_loop (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hook_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= gid_max) return; + + u64x ipad[8]; + u64x opad[8]; + + ipad[0] = pack64v (tmps, ipad, gid, 0); + ipad[1] = pack64v (tmps, ipad, gid, 1); + ipad[2] = pack64v (tmps, ipad, gid, 2); + ipad[3] = pack64v (tmps, ipad, gid, 3); + ipad[4] = pack64v (tmps, ipad, gid, 4); + ipad[5] = pack64v (tmps, ipad, gid, 5); + ipad[6] = pack64v (tmps, ipad, gid, 6); + ipad[7] = pack64v (tmps, ipad, gid, 7); + + opad[0] = pack64v (tmps, opad, gid, 0); + opad[1] = pack64v (tmps, opad, gid, 1); + opad[2] = pack64v (tmps, opad, gid, 2); + opad[3] = pack64v (tmps, opad, gid, 3); + opad[4] = pack64v (tmps, opad, gid, 4); + opad[5] = pack64v (tmps, opad, gid, 5); + opad[6] = pack64v (tmps, opad, gid, 6); + opad[7] = pack64v (tmps, opad, gid, 7); + + u64x dgst[8]; + u64x out[8]; + + dgst[0] = pack64v (tmps, dgst, gid, 0); + dgst[1] = pack64v (tmps, dgst, gid, 1); + dgst[2] = pack64v (tmps, dgst, gid, 2); + dgst[3] = pack64v (tmps, dgst, gid, 3); + dgst[4] = pack64v (tmps, dgst, gid, 4); + dgst[5] = pack64v (tmps, dgst, gid, 5); + dgst[6] = pack64v (tmps, dgst, gid, 6); + dgst[7] = pack64v (tmps, dgst, gid, 7); + + out[0] = pack64v (tmps, out, gid, 0); + out[1] = pack64v (tmps, out, gid, 1); + out[2] = pack64v (tmps, out, gid, 2); + out[3] = pack64v (tmps, out, gid, 3); + out[4] = pack64v (tmps, out, gid, 4); + out[5] = pack64v (tmps, out, gid, 5); + out[6] = pack64v (tmps, out, gid, 6); + out[7] = pack64v (tmps, out, gid, 7); + + for (u32 j = 0; j < loop_cnt; j++) + { + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + u32x w4[4]; + u32x w5[4]; + u32x w6[4]; + u32x w7[4]; + + w0[0] = h32_from_64 (dgst[0]); + w0[1] = l32_from_64 (dgst[0]); + w0[2] = h32_from_64 (dgst[1]); + w0[3] = l32_from_64 (dgst[1]); + w1[0] = h32_from_64 (dgst[2]); + w1[1] = l32_from_64 (dgst[2]); + w1[2] = h32_from_64 (dgst[3]); + w1[3] = l32_from_64 (dgst[3]); + w2[0] = h32_from_64 (dgst[4]); + w2[1] = l32_from_64 (dgst[4]); + w2[2] = h32_from_64 (dgst[5]); + w2[3] = l32_from_64 (dgst[5]); + w3[0] = h32_from_64 (dgst[6]); + w3[1] = l32_from_64 (dgst[6]); + w3[2] = h32_from_64 (dgst[7]); + w3[3] = l32_from_64 (dgst[7]); + w4[0] = 0x80000000; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = (128 + 64) * 8; + + hmac_sha512_run_V (w0, w1, w2, w3, w4, w5, w6, w7, ipad, opad, dgst); + + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + out[5] ^= dgst[5]; + out[6] ^= dgst[6]; + out[7] ^= dgst[7]; + } + + unpack64v (tmps, dgst, gid, 0, dgst[0]); + unpack64v (tmps, dgst, gid, 1, dgst[1]); + unpack64v (tmps, dgst, gid, 2, dgst[2]); + unpack64v (tmps, dgst, gid, 3, dgst[3]); + unpack64v (tmps, dgst, gid, 4, dgst[4]); + unpack64v (tmps, dgst, gid, 5, dgst[5]); + unpack64v (tmps, dgst, gid, 6, dgst[6]); + unpack64v (tmps, dgst, gid, 7, dgst[7]); + + unpack64v (tmps, out, gid, 0, out[0]); + unpack64v (tmps, out, gid, 1, out[1]); + unpack64v (tmps, out, gid, 2, out[2]); + unpack64v (tmps, out, gid, 3, out[3]); + unpack64v (tmps, out, gid, 4, out[4]); + unpack64v (tmps, out, gid, 5, out[5]); + unpack64v (tmps, out, gid, 6, out[6]); + unpack64v (tmps, out, gid, 7, out[7]); +} + +KERNEL_FQ void m21800_hook23 (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hook_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u64 out[8]; + + out[0] = tmps[gid].out[0]; + out[1] = tmps[gid].out[1]; + out[2] = tmps[gid].out[2]; + out[3] = tmps[gid].out[3]; + out[4] = tmps[gid].out[4]; + out[5] = tmps[gid].out[5]; + out[6] = tmps[gid].out[6]; + out[7] = tmps[gid].out[7]; + + // we need to perform a modulo operation with 512-bit % 256-bit (bignum modulo): + // the modulus is the secp256k1 group order + + /* + the general modulo by shift and substract code (a = a % b): + + x = b; + + t = a >> 1; + + while (x <= t) x <<= 1; + + while (a >= b) + { + if (a >= x) a -= x; + + x >>= 1; + } + + return a; // remainder + */ + + u32 a[16]; + + a[ 0] = h32_from_64_S (out[0]); + a[ 1] = l32_from_64_S (out[0]); + a[ 2] = h32_from_64_S (out[1]); + a[ 3] = l32_from_64_S (out[1]); + a[ 4] = h32_from_64_S (out[2]); + a[ 5] = l32_from_64_S (out[2]); + a[ 6] = h32_from_64_S (out[3]); + a[ 7] = l32_from_64_S (out[3]); + a[ 8] = h32_from_64_S (out[4]); + a[ 9] = l32_from_64_S (out[4]); + a[10] = h32_from_64_S (out[5]); + a[11] = l32_from_64_S (out[5]); + a[12] = h32_from_64_S (out[6]); + a[13] = l32_from_64_S (out[6]); + a[14] = h32_from_64_S (out[7]); + a[15] = l32_from_64_S (out[7]); + + u32 b[16]; + + b[ 0] = 0x00000000; + b[ 1] = 0x00000000; + b[ 2] = 0x00000000; + b[ 3] = 0x00000000; + b[ 4] = 0x00000000; + b[ 5] = 0x00000000; + b[ 6] = 0x00000000; + b[ 7] = 0x00000000; + b[ 8] = 0xffffffff; + b[ 9] = 0xffffffff; + b[10] = 0xffffffff; + b[11] = 0xfffffffe; + b[12] = 0xbaaedce6; + b[13] = 0xaf48a03b; + b[14] = 0xbfd25e8c; + b[15] = 0xd0364141; + + /* + * Start: + */ + + // x = b (but with a fast "shift" trick to avoid the while loop) + + u32 x[16]; + + x[ 0] = b[ 8]; // this is a trick: we just put the group order's most significant bit all the + x[ 1] = b[ 9]; // way to the top to avoid doing the initial: while (x <= t) x <<= 1 + x[ 2] = b[10]; + x[ 3] = b[11]; + x[ 4] = b[12]; + x[ 5] = b[13]; + x[ 6] = b[14]; + x[ 7] = b[15]; + x[ 8] = 0x00000000; + x[ 9] = 0x00000000; + x[10] = 0x00000000; + x[11] = 0x00000000; + x[12] = 0x00000000; + x[13] = 0x00000000; + x[14] = 0x00000000; + x[15] = 0x00000000; + + // a >= b + + while (a[0] >= b[0]) + { + if (a[ 0] == b[ 0]) if (a[ 1] < b[ 1]) break; + if (a[ 1] == b[ 1]) if (a[ 2] < b[ 2]) break; + if (a[ 2] == b[ 2]) if (a[ 3] < b[ 3]) break; + if (a[ 3] == b[ 3]) if (a[ 4] < b[ 4]) break; + if (a[ 4] == b[ 4]) if (a[ 5] < b[ 5]) break; + if (a[ 5] == b[ 5]) if (a[ 6] < b[ 6]) break; + if (a[ 6] == b[ 6]) if (a[ 7] < b[ 7]) break; + if (a[ 7] == b[ 7]) if (a[ 8] < b[ 8]) break; + if (a[ 8] == b[ 8]) if (a[ 9] < b[ 9]) break; + if (a[ 9] == b[ 9]) if (a[10] < b[10]) break; + if (a[10] == b[10]) if (a[11] < b[11]) break; + if (a[11] == b[11]) if (a[12] < b[12]) break; + if (a[12] == b[12]) if (a[13] < b[13]) break; + if (a[13] == b[13]) if (a[14] < b[14]) break; + if (a[14] == b[14]) if (a[15] < b[15]) break; + + // r = x (copy it to have the original values for the subtraction) + + u32 r[16]; + + r[ 0] = x[ 0]; + r[ 1] = x[ 1]; + r[ 2] = x[ 2]; + r[ 3] = x[ 3]; + r[ 4] = x[ 4]; + r[ 5] = x[ 5]; + r[ 6] = x[ 6]; + r[ 7] = x[ 7]; + r[ 8] = x[ 8]; + r[ 9] = x[ 9]; + r[10] = x[10]; + r[11] = x[11]; + r[12] = x[12]; + r[13] = x[13]; + r[14] = x[14]; + r[15] = x[15]; + + // x >>= 1 + + x[15] = x[15] >> 1 | (x[14] & 1) << 31; + x[14] = x[14] >> 1 | (x[13] & 1) << 31; + x[13] = x[13] >> 1 | (x[12] & 1) << 31; + x[12] = x[12] >> 1 | (x[11] & 1) << 31; + x[11] = x[11] >> 1 | (x[10] & 1) << 31; + x[10] = x[10] >> 1 | (x[ 9] & 1) << 31; + x[ 9] = x[ 9] >> 1 | (x[ 8] & 1) << 31; + x[ 8] = x[ 8] >> 1 | (x[ 7] & 1) << 31; + x[ 7] = x[ 7] >> 1 | (x[ 6] & 1) << 31; + x[ 6] = x[ 6] >> 1 | (x[ 5] & 1) << 31; + x[ 5] = x[ 5] >> 1 | (x[ 4] & 1) << 31; + x[ 4] = x[ 4] >> 1 | (x[ 3] & 1) << 31; + x[ 3] = x[ 3] >> 1 | (x[ 2] & 1) << 31; + x[ 2] = x[ 2] >> 1 | (x[ 1] & 1) << 31; + x[ 1] = x[ 1] >> 1 | (x[ 0] & 1) << 31; + x[ 0] = x[ 0] >> 1; + + // if (a >= r) a -= r; + + if (a[ 0] < r[ 0]) continue; + if (a[ 0] == r[ 0]) if (a[ 1] < r[ 1]) continue; + if (a[ 1] == r[ 1]) if (a[ 2] < r[ 2]) continue; + if (a[ 2] == r[ 2]) if (a[ 3] < r[ 3]) continue; + if (a[ 3] == r[ 3]) if (a[ 4] < r[ 4]) continue; + if (a[ 4] == r[ 4]) if (a[ 5] < r[ 5]) continue; + if (a[ 5] == r[ 5]) if (a[ 6] < r[ 6]) continue; + if (a[ 6] == r[ 6]) if (a[ 7] < r[ 7]) continue; + if (a[ 7] == r[ 7]) if (a[ 8] < r[ 8]) continue; + if (a[ 8] == r[ 8]) if (a[ 9] < r[ 9]) continue; + if (a[ 9] == r[ 9]) if (a[10] < r[10]) continue; + if (a[10] == r[10]) if (a[11] < r[11]) continue; + if (a[11] == r[11]) if (a[12] < r[12]) continue; + if (a[12] == r[12]) if (a[13] < r[13]) continue; + if (a[13] == r[13]) if (a[14] < r[14]) continue; + if (a[14] == r[14]) if (a[15] < r[15]) continue; + + // substract (a -= r): + + r[ 0] = a[ 0] - r[ 0]; + r[ 1] = a[ 1] - r[ 1]; + r[ 2] = a[ 2] - r[ 2]; + r[ 3] = a[ 3] - r[ 3]; + r[ 4] = a[ 4] - r[ 4]; + r[ 5] = a[ 5] - r[ 5]; + r[ 6] = a[ 6] - r[ 6]; + r[ 7] = a[ 7] - r[ 7]; + r[ 8] = a[ 8] - r[ 8]; + r[ 9] = a[ 9] - r[ 9]; + r[10] = a[10] - r[10]; + r[11] = a[11] - r[11]; + r[12] = a[12] - r[12]; + r[13] = a[13] - r[13]; + r[14] = a[14] - r[14]; + r[15] = a[15] - r[15]; + + // take care of the "borrow" (we can't do it the other way around 15...1 because r[x] is changed!) + + if (r[ 1] > a[ 1]) r[ 0]--; + if (r[ 2] > a[ 2]) r[ 1]--; + if (r[ 3] > a[ 3]) r[ 2]--; + if (r[ 4] > a[ 4]) r[ 3]--; + if (r[ 5] > a[ 5]) r[ 4]--; + if (r[ 6] > a[ 6]) r[ 5]--; + if (r[ 7] > a[ 7]) r[ 6]--; + if (r[ 8] > a[ 8]) r[ 7]--; + if (r[ 9] > a[ 9]) r[ 8]--; + if (r[10] > a[10]) r[ 9]--; + if (r[11] > a[11]) r[10]--; + if (r[12] > a[12]) r[11]--; + if (r[13] > a[13]) r[12]--; + if (r[14] > a[14]) r[13]--; + if (r[15] > a[15]) r[14]--; + + a[ 0] = r[ 0]; + a[ 1] = r[ 1]; + a[ 2] = r[ 2]; + a[ 3] = r[ 3]; + a[ 4] = r[ 4]; + a[ 5] = r[ 5]; + a[ 6] = r[ 6]; + a[ 7] = r[ 7]; + a[ 8] = r[ 8]; + a[ 9] = r[ 9]; + a[10] = r[10]; + a[11] = r[11]; + a[12] = r[12]; + a[13] = r[13]; + a[14] = r[14]; + a[15] = r[15]; + } + + /** + * copy the last 256 bit (32 bytes) of modulo (a) to the hook buffer + */ + + hooks[gid].ukey[0] = hc_swap32_S (a[ 8]); + hooks[gid].ukey[1] = hc_swap32_S (a[ 9]); + hooks[gid].ukey[2] = hc_swap32_S (a[10]); + hooks[gid].ukey[3] = hc_swap32_S (a[11]); + hooks[gid].ukey[4] = hc_swap32_S (a[12]); + hooks[gid].ukey[5] = hc_swap32_S (a[13]); + hooks[gid].ukey[6] = hc_swap32_S (a[14]); + hooks[gid].ukey[7] = hc_swap32_S (a[15]); +} + +KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hook_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + if (hooks[gid].hook_success == 1) + { + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, 0, 0, 0); + } + + return; + } +} diff --git a/deps/secp256k1/.gitignore b/deps/secp256k1/.gitignore new file mode 100644 index 000000000..55d325aee --- /dev/null +++ b/deps/secp256k1/.gitignore @@ -0,0 +1,50 @@ +bench_inv +bench_ecdh +bench_ecmult +bench_sign +bench_verify +bench_schnorr_verify +bench_recover +bench_internal +tests +exhaustive_tests +gen_context +*.exe +*.so +*.a +!.gitignore + +Makefile +configure +.libs/ +Makefile.in +aclocal.m4 +autom4te.cache/ +config.log +config.status +*.tar.gz +*.la +libtool +.deps/ +.dirstamp +*.lo +*.o +*~ +src/libsecp256k1-config.h +src/libsecp256k1-config.h.in +src/ecmult_static_context.h +build-aux/config.guess +build-aux/config.sub +build-aux/depcomp +build-aux/install-sh +build-aux/ltmain.sh +build-aux/m4/libtool.m4 +build-aux/m4/lt~obsolete.m4 +build-aux/m4/ltoptions.m4 +build-aux/m4/ltsugar.m4 +build-aux/m4/ltversion.m4 +build-aux/missing +build-aux/compile +build-aux/test-driver +src/stamp-h1 +libsecp256k1.pc diff --git a/deps/secp256k1/COPYING b/deps/secp256k1/COPYING new file mode 100644 index 000000000..4522a5990 --- /dev/null +++ b/deps/secp256k1/COPYING @@ -0,0 +1,19 @@ +Copyright (c) 2013 Pieter Wuille + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/deps/secp256k1/Makefile.am b/deps/secp256k1/Makefile.am new file mode 100644 index 000000000..f420944e8 --- /dev/null +++ b/deps/secp256k1/Makefile.am @@ -0,0 +1,183 @@ +ACLOCAL_AMFLAGS = -I build-aux/m4 + +lib_LTLIBRARIES = libsecp256k1.la +if USE_JNI +JNI_LIB = libsecp256k1_jni.la +noinst_LTLIBRARIES = $(JNI_LIB) +else +JNI_LIB = +endif +include_HEADERS = include/secp256k1.h +include_HEADERS += include/secp256k1_preallocated.h +noinst_HEADERS = +noinst_HEADERS += src/scalar.h +noinst_HEADERS += src/scalar_4x64.h +noinst_HEADERS += src/scalar_8x32.h +noinst_HEADERS += src/scalar_low.h +noinst_HEADERS += src/scalar_impl.h +noinst_HEADERS += src/scalar_4x64_impl.h +noinst_HEADERS += src/scalar_8x32_impl.h +noinst_HEADERS += src/scalar_low_impl.h +noinst_HEADERS += src/group.h +noinst_HEADERS += src/group_impl.h +noinst_HEADERS += src/num_gmp.h +noinst_HEADERS += src/num_gmp_impl.h +noinst_HEADERS += src/ecdsa.h +noinst_HEADERS += src/ecdsa_impl.h +noinst_HEADERS += src/eckey.h +noinst_HEADERS += src/eckey_impl.h +noinst_HEADERS += src/ecmult.h +noinst_HEADERS += src/ecmult_impl.h +noinst_HEADERS += src/ecmult_const.h +noinst_HEADERS += src/ecmult_const_impl.h +noinst_HEADERS += src/ecmult_gen.h +noinst_HEADERS += src/ecmult_gen_impl.h +noinst_HEADERS += src/num.h +noinst_HEADERS += src/num_impl.h +noinst_HEADERS += src/field_10x26.h +noinst_HEADERS += src/field_10x26_impl.h +noinst_HEADERS += src/field_5x52.h +noinst_HEADERS += src/field_5x52_impl.h +noinst_HEADERS += src/field_5x52_int128_impl.h +noinst_HEADERS += src/field_5x52_asm_impl.h +noinst_HEADERS += src/java/org_bitcoin_NativeSecp256k1.h +noinst_HEADERS += src/java/org_bitcoin_Secp256k1Context.h +noinst_HEADERS += src/util.h +noinst_HEADERS += src/scratch.h +noinst_HEADERS += src/scratch_impl.h +noinst_HEADERS += src/testrand.h +noinst_HEADERS += src/testrand_impl.h +noinst_HEADERS += src/hash.h +noinst_HEADERS += src/hash_impl.h +noinst_HEADERS += src/field.h +noinst_HEADERS += src/field_impl.h +noinst_HEADERS += src/bench.h +noinst_HEADERS += contrib/lax_der_parsing.h +noinst_HEADERS += contrib/lax_der_parsing.c +noinst_HEADERS += contrib/lax_der_privatekey_parsing.h +noinst_HEADERS += contrib/lax_der_privatekey_parsing.c + +if USE_EXTERNAL_ASM +COMMON_LIB = libsecp256k1_common.la +noinst_LTLIBRARIES = $(COMMON_LIB) +else +COMMON_LIB = +endif + +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = libsecp256k1.pc + +if USE_EXTERNAL_ASM +if USE_ASM_ARM +libsecp256k1_common_la_SOURCES = src/asm/field_10x26_arm.s +endif +endif + +libsecp256k1_la_SOURCES = src/secp256k1.c +libsecp256k1_la_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/include -I$(top_srcdir)/src $(SECP_INCLUDES) +libsecp256k1_la_LIBADD = $(JNI_LIB) $(SECP_LIBS) $(COMMON_LIB) + +libsecp256k1_jni_la_SOURCES = src/java/org_bitcoin_NativeSecp256k1.c src/java/org_bitcoin_Secp256k1Context.c +libsecp256k1_jni_la_CPPFLAGS = -DSECP256K1_BUILD $(JNI_INCLUDES) + +noinst_PROGRAMS = +if USE_BENCHMARK +noinst_PROGRAMS += bench_verify bench_sign bench_internal bench_ecmult +bench_verify_SOURCES = src/bench_verify.c +bench_verify_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) +bench_sign_SOURCES = src/bench_sign.c +bench_sign_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) +bench_internal_SOURCES = src/bench_internal.c +bench_internal_LDADD = $(SECP_LIBS) $(COMMON_LIB) +bench_internal_CPPFLAGS = -DSECP256K1_BUILD $(SECP_INCLUDES) +bench_ecmult_SOURCES = src/bench_ecmult.c +bench_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB) +bench_ecmult_CPPFLAGS = -DSECP256K1_BUILD $(SECP_INCLUDES) +endif + +TESTS = +if USE_TESTS +noinst_PROGRAMS += tests +tests_SOURCES = src/tests.c +tests_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/src -I$(top_srcdir)/include $(SECP_INCLUDES) $(SECP_TEST_INCLUDES) +if !ENABLE_COVERAGE +tests_CPPFLAGS += -DVERIFY +endif +tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) +tests_LDFLAGS = -static +TESTS += tests +endif + +if USE_EXHAUSTIVE_TESTS +noinst_PROGRAMS += exhaustive_tests +exhaustive_tests_SOURCES = src/tests_exhaustive.c +exhaustive_tests_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/src $(SECP_INCLUDES) +if !ENABLE_COVERAGE +exhaustive_tests_CPPFLAGS += -DVERIFY +endif +exhaustive_tests_LDADD = $(SECP_LIBS) $(COMMON_LIB) +exhaustive_tests_LDFLAGS = -static +TESTS += exhaustive_tests +endif + +JAVAROOT=src/java +JAVAORG=org/bitcoin +JAVA_GUAVA=$(srcdir)/$(JAVAROOT)/guava/guava-18.0.jar +CLASSPATH_ENV=CLASSPATH=$(JAVA_GUAVA) +JAVA_FILES= \ + $(JAVAROOT)/$(JAVAORG)/NativeSecp256k1.java \ + $(JAVAROOT)/$(JAVAORG)/NativeSecp256k1Test.java \ + $(JAVAROOT)/$(JAVAORG)/NativeSecp256k1Util.java \ + $(JAVAROOT)/$(JAVAORG)/Secp256k1Context.java + +if USE_JNI + +$(JAVA_GUAVA): + @echo Guava is missing. Fetch it via: \ + wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/18.0/guava-18.0.jar -O $(@) + @false + +.stamp-java: $(JAVA_FILES) + @echo Compiling $^ + $(AM_V_at)$(CLASSPATH_ENV) javac $^ + @touch $@ + +if USE_TESTS + +check-java: libsecp256k1.la $(JAVA_GUAVA) .stamp-java + $(AM_V_at)java -Djava.library.path="./:./src:./src/.libs:.libs/" -cp "$(JAVA_GUAVA):$(JAVAROOT)" $(JAVAORG)/NativeSecp256k1Test + +endif +endif + +if USE_ECMULT_STATIC_PRECOMPUTATION +CPPFLAGS_FOR_BUILD +=-I$(top_srcdir) -I$(builddir)/src + +gen_context_OBJECTS = gen_context.o +gen_context_BIN = gen_context$(BUILD_EXEEXT) +gen_%.o: src/gen_%.c src/libsecp256k1-config.h + $(CC_FOR_BUILD) $(CPPFLAGS_FOR_BUILD) $(CFLAGS_FOR_BUILD) -c $< -o $@ + +$(gen_context_BIN): $(gen_context_OBJECTS) + $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $(LDFLAGS_FOR_BUILD) $^ -o $@ + +$(libsecp256k1_la_OBJECTS): src/ecmult_static_context.h +$(tests_OBJECTS): src/ecmult_static_context.h +$(bench_internal_OBJECTS): src/ecmult_static_context.h +$(bench_ecmult_OBJECTS): src/ecmult_static_context.h + +src/ecmult_static_context.h: $(gen_context_BIN) + ./$(gen_context_BIN) + +CLEANFILES = $(gen_context_BIN) src/ecmult_static_context.h $(JAVAROOT)/$(JAVAORG)/*.class .stamp-java +endif + +EXTRA_DIST = autogen.sh src/gen_context.c src/basic-config.h $(JAVA_FILES) + +if ENABLE_MODULE_ECDH +include src/modules/ecdh/Makefile.am.include +endif + +if ENABLE_MODULE_RECOVERY +include src/modules/recovery/Makefile.am.include +endif diff --git a/deps/secp256k1/README.md b/deps/secp256k1/README.md new file mode 100644 index 000000000..84c048790 --- /dev/null +++ b/deps/secp256k1/README.md @@ -0,0 +1,73 @@ +libsecp256k1 +============ + +[![Build Status](https://travis-ci.org/bitcoin-core/secp256k1.svg?branch=master)](https://travis-ci.org/bitcoin-core/secp256k1) + +Optimized C library for EC operations on curve secp256k1. + +This library is a work in progress and is being used to research best practices. Use at your own risk. + +Features: +* secp256k1 ECDSA signing/verification and key generation. +* Adding/multiplying private/public keys. +* Serialization/parsing of private keys, public keys, signatures. +* Constant time, constant memory access signing and pubkey generation. +* Derandomized DSA (via RFC6979 or with a caller provided function.) +* Very efficient implementation. + +Implementation details +---------------------- + +* General + * No runtime heap allocation. + * Extensive testing infrastructure. + * Structured to facilitate review and analysis. + * Intended to be portable to any system with a C89 compiler and uint64_t support. + * No use of floating types, except in benchmarks. + * Expose only higher level interfaces to minimize the API surface and improve application security. ("Be difficult to use insecurely.") +* Field operations + * Optimized implementation of arithmetic modulo the curve's field size (2^256 - 0x1000003D1). + * Using 5 52-bit limbs (including hand-optimized assembly for x86_64, by Diederik Huys). + * Using 10 26-bit limbs. + * Field inverses and square roots using a sliding window over blocks of 1s (by Peter Dettman). +* Scalar operations + * Optimized implementation without data-dependent branches of arithmetic modulo the curve's order. + * Using 4 64-bit limbs (relying on __int128 support in the compiler). + * Using 8 32-bit limbs. +* Group operations + * Point addition formula specifically simplified for the curve equation (y^2 = x^3 + 7). + * Use addition between points in Jacobian and affine coordinates where possible. + * Use a unified addition/doubling formula where necessary to avoid data-dependent branches. + * Point/x comparison without a field inversion by comparison in the Jacobian coordinate space. +* Point multiplication for verification (a*P + b*G). + * Use wNAF notation for point multiplicands. + * Use a much larger window for multiples of G, using precomputed multiples. + * Use Shamir's trick to do the multiplication with the public key and the generator simultaneously. + * Optionally (off by default) use secp256k1's efficiently-computable endomorphism to split the P multiplicand into 2 half-sized ones. +* Point multiplication for signing + * Use a precomputed table of multiples of powers of 16 multiplied with the generator, so general multiplication becomes a series of additions. + * Intended to be completely free of timing sidechannels for secret-key operations (on reasonable hardware/toolchains) + * Access the table with branch-free conditional moves so memory access is uniform. + * No data-dependent branches + * Optional runtime blinding which attempts to frustrate differential power analysis. + * The precomputed tables add and eventually subtract points for which no known scalar (private key) is known, preventing even an attacker with control over the private key used to control the data internally. + +Build steps +----------- + +libsecp256k1 is built using autotools: + + $ ./autogen.sh + $ ./configure + $ make + $ make check + $ sudo make install # optional + +Exhaustive tests +----------- + + $ ./exhaustive_tests + +With valgrind, you might need to increase the max stack size: + + $ valgrind --max-stackframe=2500000 ./exhaustive_tests diff --git a/deps/secp256k1/TODO b/deps/secp256k1/TODO new file mode 100644 index 000000000..a300e1c5e --- /dev/null +++ b/deps/secp256k1/TODO @@ -0,0 +1,3 @@ +* Unit tests for fieldelem/groupelem, including ones intended to + trigger fieldelem's boundary cases. +* Complete constant-time operations for signing/keygen diff --git a/deps/secp256k1/autogen.sh b/deps/secp256k1/autogen.sh new file mode 100755 index 000000000..65286b935 --- /dev/null +++ b/deps/secp256k1/autogen.sh @@ -0,0 +1,3 @@ +#!/bin/sh +set -e +autoreconf -if --warnings=all diff --git a/deps/secp256k1/build-aux/m4/ax_jni_include_dir.m4 b/deps/secp256k1/build-aux/m4/ax_jni_include_dir.m4 new file mode 100644 index 000000000..cdc78d87d --- /dev/null +++ b/deps/secp256k1/build-aux/m4/ax_jni_include_dir.m4 @@ -0,0 +1,145 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_JNI_INCLUDE_DIR +# +# DESCRIPTION +# +# AX_JNI_INCLUDE_DIR finds include directories needed for compiling +# programs using the JNI interface. +# +# JNI include directories are usually in the Java distribution. This is +# deduced from the value of $JAVA_HOME, $JAVAC, or the path to "javac", in +# that order. When this macro completes, a list of directories is left in +# the variable JNI_INCLUDE_DIRS. +# +# Example usage follows: +# +# AX_JNI_INCLUDE_DIR +# +# for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS +# do +# CPPFLAGS="$CPPFLAGS -I$JNI_INCLUDE_DIR" +# done +# +# If you want to force a specific compiler: +# +# - at the configure.in level, set JAVAC=yourcompiler before calling +# AX_JNI_INCLUDE_DIR +# +# - at the configure level, setenv JAVAC +# +# Note: This macro can work with the autoconf M4 macros for Java programs. +# This particular macro is not part of the original set of macros. +# +# LICENSE +# +# Copyright (c) 2008 Don Anderson +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 14 + +AU_ALIAS([AC_JNI_INCLUDE_DIR], [AX_JNI_INCLUDE_DIR]) +AC_DEFUN([AX_JNI_INCLUDE_DIR],[ + +JNI_INCLUDE_DIRS="" + +if test "x$JAVA_HOME" != x; then + _JTOPDIR="$JAVA_HOME" +else + if test "x$JAVAC" = x; then + JAVAC=javac + fi + AC_PATH_PROG([_ACJNI_JAVAC], [$JAVAC], [no]) + if test "x$_ACJNI_JAVAC" = xno; then + AC_MSG_WARN([cannot find JDK; try setting \$JAVAC or \$JAVA_HOME]) + fi + _ACJNI_FOLLOW_SYMLINKS("$_ACJNI_JAVAC") + _JTOPDIR=`echo "$_ACJNI_FOLLOWED" | sed -e 's://*:/:g' -e 's:/[[^/]]*$::'` +fi + +case "$host_os" in + darwin*) # Apple Java headers are inside the Xcode bundle. + macos_version=$(sw_vers -productVersion | sed -n -e 's/^@<:@0-9@:>@*.\(@<:@0-9@:>@*\).@<:@0-9@:>@*/\1/p') + if @<:@ "$macos_version" -gt "7" @:>@; then + _JTOPDIR="$(xcrun --show-sdk-path)/System/Library/Frameworks/JavaVM.framework" + _JINC="$_JTOPDIR/Headers" + else + _JTOPDIR="/System/Library/Frameworks/JavaVM.framework" + _JINC="$_JTOPDIR/Headers" + fi + ;; + *) _JINC="$_JTOPDIR/include";; +esac +_AS_ECHO_LOG([_JTOPDIR=$_JTOPDIR]) +_AS_ECHO_LOG([_JINC=$_JINC]) + +# On Mac OS X 10.6.4, jni.h is a symlink: +# /System/Library/Frameworks/JavaVM.framework/Versions/Current/Headers/jni.h +# -> ../../CurrentJDK/Headers/jni.h. +AC_CACHE_CHECK(jni headers, ac_cv_jni_header_path, +[ + if test -f "$_JINC/jni.h"; then + ac_cv_jni_header_path="$_JINC" + JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $ac_cv_jni_header_path" + else + _JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'` + if test -f "$_JTOPDIR/include/jni.h"; then + ac_cv_jni_header_path="$_JTOPDIR/include" + JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $ac_cv_jni_header_path" + else + ac_cv_jni_header_path=none + fi + fi +]) + +# get the likely subdirectories for system specific java includes +case "$host_os" in +bsdi*) _JNI_INC_SUBDIRS="bsdos";; +freebsd*) _JNI_INC_SUBDIRS="freebsd";; +darwin*) _JNI_INC_SUBDIRS="darwin";; +linux*) _JNI_INC_SUBDIRS="linux genunix";; +osf*) _JNI_INC_SUBDIRS="alpha";; +solaris*) _JNI_INC_SUBDIRS="solaris";; +mingw*) _JNI_INC_SUBDIRS="win32";; +cygwin*) _JNI_INC_SUBDIRS="win32";; +*) _JNI_INC_SUBDIRS="genunix";; +esac + +if test "x$ac_cv_jni_header_path" != "xnone"; then + # add any subdirectories that are present + for JINCSUBDIR in $_JNI_INC_SUBDIRS + do + if test -d "$_JTOPDIR/include/$JINCSUBDIR"; then + JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JTOPDIR/include/$JINCSUBDIR" + fi + done +fi +]) + +# _ACJNI_FOLLOW_SYMLINKS +# Follows symbolic links on , +# finally setting variable _ACJNI_FOLLOWED +# ---------------------------------------- +AC_DEFUN([_ACJNI_FOLLOW_SYMLINKS],[ +# find the include directory relative to the javac executable +_cur="$1" +while ls -ld "$_cur" 2>/dev/null | grep " -> " >/dev/null; do + AC_MSG_CHECKING([symlink for $_cur]) + _slink=`ls -ld "$_cur" | sed 's/.* -> //'` + case "$_slink" in + /*) _cur="$_slink";; + # 'X' avoids triggering unwanted echo options. + *) _cur=`echo "X$_cur" | sed -e 's/^X//' -e 's:[[^/]]*$::'`"$_slink";; + esac + AC_MSG_RESULT([$_cur]) +done +_ACJNI_FOLLOWED="$_cur" +])# _ACJNI diff --git a/deps/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 b/deps/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 new file mode 100644 index 000000000..77fd346a7 --- /dev/null +++ b/deps/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 @@ -0,0 +1,125 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PROG_CC_FOR_BUILD +# +# DESCRIPTION +# +# This macro searches for a C compiler that generates native executables, +# that is a C compiler that surely is not a cross-compiler. This can be +# useful if you have to generate source code at compile-time like for +# example GCC does. +# +# The macro sets the CC_FOR_BUILD and CPP_FOR_BUILD macros to anything +# needed to compile or link (CC_FOR_BUILD) and preprocess (CPP_FOR_BUILD). +# The value of these variables can be overridden by the user by specifying +# a compiler with an environment variable (like you do for standard CC). +# +# It also sets BUILD_EXEEXT and BUILD_OBJEXT to the executable and object +# file extensions for the build platform, and GCC_FOR_BUILD to `yes' if +# the compiler we found is GCC. All these variables but GCC_FOR_BUILD are +# substituted in the Makefile. +# +# LICENSE +# +# Copyright (c) 2008 Paolo Bonzini +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 8 + +AU_ALIAS([AC_PROG_CC_FOR_BUILD], [AX_PROG_CC_FOR_BUILD]) +AC_DEFUN([AX_PROG_CC_FOR_BUILD], [dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_CPP])dnl +AC_REQUIRE([AC_EXEEXT])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl + +dnl Use the standard macros, but make them use other variable names +dnl +pushdef([ac_cv_prog_CPP], ac_cv_build_prog_CPP)dnl +pushdef([ac_cv_prog_gcc], ac_cv_build_prog_gcc)dnl +pushdef([ac_cv_prog_cc_works], ac_cv_build_prog_cc_works)dnl +pushdef([ac_cv_prog_cc_cross], ac_cv_build_prog_cc_cross)dnl +pushdef([ac_cv_prog_cc_g], ac_cv_build_prog_cc_g)dnl +pushdef([ac_cv_exeext], ac_cv_build_exeext)dnl +pushdef([ac_cv_objext], ac_cv_build_objext)dnl +pushdef([ac_exeext], ac_build_exeext)dnl +pushdef([ac_objext], ac_build_objext)dnl +pushdef([CC], CC_FOR_BUILD)dnl +pushdef([CPP], CPP_FOR_BUILD)dnl +pushdef([CFLAGS], CFLAGS_FOR_BUILD)dnl +pushdef([CPPFLAGS], CPPFLAGS_FOR_BUILD)dnl +pushdef([LDFLAGS], LDFLAGS_FOR_BUILD)dnl +pushdef([host], build)dnl +pushdef([host_alias], build_alias)dnl +pushdef([host_cpu], build_cpu)dnl +pushdef([host_vendor], build_vendor)dnl +pushdef([host_os], build_os)dnl +pushdef([ac_cv_host], ac_cv_build)dnl +pushdef([ac_cv_host_alias], ac_cv_build_alias)dnl +pushdef([ac_cv_host_cpu], ac_cv_build_cpu)dnl +pushdef([ac_cv_host_vendor], ac_cv_build_vendor)dnl +pushdef([ac_cv_host_os], ac_cv_build_os)dnl +pushdef([ac_cpp], ac_build_cpp)dnl +pushdef([ac_compile], ac_build_compile)dnl +pushdef([ac_link], ac_build_link)dnl + +save_cross_compiling=$cross_compiling +save_ac_tool_prefix=$ac_tool_prefix +cross_compiling=no +ac_tool_prefix= + +AC_PROG_CC +AC_PROG_CPP +AC_EXEEXT + +ac_tool_prefix=$save_ac_tool_prefix +cross_compiling=$save_cross_compiling + +dnl Restore the old definitions +dnl +popdef([ac_link])dnl +popdef([ac_compile])dnl +popdef([ac_cpp])dnl +popdef([ac_cv_host_os])dnl +popdef([ac_cv_host_vendor])dnl +popdef([ac_cv_host_cpu])dnl +popdef([ac_cv_host_alias])dnl +popdef([ac_cv_host])dnl +popdef([host_os])dnl +popdef([host_vendor])dnl +popdef([host_cpu])dnl +popdef([host_alias])dnl +popdef([host])dnl +popdef([LDFLAGS])dnl +popdef([CPPFLAGS])dnl +popdef([CFLAGS])dnl +popdef([CPP])dnl +popdef([CC])dnl +popdef([ac_objext])dnl +popdef([ac_exeext])dnl +popdef([ac_cv_objext])dnl +popdef([ac_cv_exeext])dnl +popdef([ac_cv_prog_cc_g])dnl +popdef([ac_cv_prog_cc_cross])dnl +popdef([ac_cv_prog_cc_works])dnl +popdef([ac_cv_prog_gcc])dnl +popdef([ac_cv_prog_CPP])dnl + +dnl Finally, set Makefile variables +dnl +BUILD_EXEEXT=$ac_build_exeext +BUILD_OBJEXT=$ac_build_objext +AC_SUBST(BUILD_EXEEXT)dnl +AC_SUBST(BUILD_OBJEXT)dnl +AC_SUBST([CFLAGS_FOR_BUILD])dnl +AC_SUBST([CPPFLAGS_FOR_BUILD])dnl +AC_SUBST([LDFLAGS_FOR_BUILD])dnl +]) diff --git a/deps/secp256k1/build-aux/m4/bitcoin_secp.m4 b/deps/secp256k1/build-aux/m4/bitcoin_secp.m4 new file mode 100644 index 000000000..3b3975cbd --- /dev/null +++ b/deps/secp256k1/build-aux/m4/bitcoin_secp.m4 @@ -0,0 +1,68 @@ +dnl libsecp25k1 helper checks +AC_DEFUN([SECP_INT128_CHECK],[ +has_int128=$ac_cv_type___int128 +]) + +dnl escape "$0x" below using the m4 quadrigaph @S|@, and escape it again with a \ for the shell. +AC_DEFUN([SECP_64BIT_ASM_CHECK],[ +AC_MSG_CHECKING(for x86_64 assembly availability) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + #include ]],[[ + uint64_t a = 11, tmp; + __asm__ __volatile__("movq \@S|@0x100000000,%1; mulq %%rsi" : "+a"(a) : "S"(tmp) : "cc", "%rdx"); + ]])],[has_64bit_asm=yes],[has_64bit_asm=no]) +AC_MSG_RESULT([$has_64bit_asm]) +]) + +dnl +AC_DEFUN([SECP_OPENSSL_CHECK],[ + has_libcrypto=no + m4_ifdef([PKG_CHECK_MODULES],[ + PKG_CHECK_MODULES([CRYPTO], [libcrypto], [has_libcrypto=yes],[has_libcrypto=no]) + if test x"$has_libcrypto" = x"yes"; then + TEMP_LIBS="$LIBS" + LIBS="$LIBS $CRYPTO_LIBS" + AC_CHECK_LIB(crypto, main,[AC_DEFINE(HAVE_LIBCRYPTO,1,[Define this symbol if libcrypto is installed])],[has_libcrypto=no]) + LIBS="$TEMP_LIBS" + fi + ]) + if test x$has_libcrypto = xno; then + AC_CHECK_HEADER(openssl/crypto.h,[ + AC_CHECK_LIB(crypto, main,[ + has_libcrypto=yes + CRYPTO_LIBS=-lcrypto + AC_DEFINE(HAVE_LIBCRYPTO,1,[Define this symbol if libcrypto is installed]) + ]) + ]) + LIBS= + fi +if test x"$has_libcrypto" = x"yes" && test x"$has_openssl_ec" = x; then + AC_MSG_CHECKING(for EC functions in libcrypto) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + #include + #include + #include ]],[[ + EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1); + ECDSA_sign(0, NULL, 0, NULL, NULL, eckey); + ECDSA_verify(0, NULL, 0, NULL, 0, eckey); + EC_KEY_free(eckey); + ECDSA_SIG *sig_openssl; + sig_openssl = ECDSA_SIG_new(); + ECDSA_SIG_free(sig_openssl); + ]])],[has_openssl_ec=yes],[has_openssl_ec=no]) + AC_MSG_RESULT([$has_openssl_ec]) +fi +]) + +dnl +AC_DEFUN([SECP_GMP_CHECK],[ +if test x"$has_gmp" != x"yes"; then + CPPFLAGS_TEMP="$CPPFLAGS" + CPPFLAGS="$GMP_CPPFLAGS $CPPFLAGS" + LIBS_TEMP="$LIBS" + LIBS="$GMP_LIBS $LIBS" + AC_CHECK_HEADER(gmp.h,[AC_CHECK_LIB(gmp, __gmpz_init,[has_gmp=yes; GMP_LIBS="$GMP_LIBS -lgmp"; AC_DEFINE(HAVE_LIBGMP,1,[Define this symbol if libgmp is installed])])]) + CPPFLAGS="$CPPFLAGS_TEMP" + LIBS="$LIBS_TEMP" +fi +]) diff --git a/deps/secp256k1/configure.ac b/deps/secp256k1/configure.ac new file mode 100644 index 000000000..2a8db0a51 --- /dev/null +++ b/deps/secp256k1/configure.ac @@ -0,0 +1,591 @@ +AC_PREREQ([2.60]) +AC_INIT([libsecp256k1],[0.1]) +AC_CONFIG_AUX_DIR([build-aux]) +AC_CONFIG_MACRO_DIR([build-aux/m4]) +AC_CANONICAL_HOST +AH_TOP([#ifndef LIBSECP256K1_CONFIG_H]) +AH_TOP([#define LIBSECP256K1_CONFIG_H]) +AH_BOTTOM([#endif /*LIBSECP256K1_CONFIG_H*/]) +AM_INIT_AUTOMAKE([foreign subdir-objects]) +LT_INIT + +dnl make the compilation flags quiet unless V=1 is used +m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) + +PKG_PROG_PKG_CONFIG + +AC_PATH_TOOL(AR, ar) +AC_PATH_TOOL(RANLIB, ranlib) +AC_PATH_TOOL(STRIP, strip) +AX_PROG_CC_FOR_BUILD + +if test "x$CFLAGS" = "x"; then + CFLAGS="-g" +fi + +AM_PROG_CC_C_O + +AC_PROG_CC_C89 +if test x"$ac_cv_prog_cc_c89" = x"no"; then + AC_MSG_ERROR([c89 compiler support required]) +fi +AM_PROG_AS + +case $host_os in + *darwin*) + if test x$cross_compiling != xyes; then + AC_PATH_PROG([BREW],brew,) + if test x$BREW != x; then + dnl These Homebrew packages may be keg-only, meaning that they won't be found + dnl in expected paths because they may conflict with system files. Ask + dnl Homebrew where each one is located, then adjust paths accordingly. + + openssl_prefix=`$BREW --prefix openssl 2>/dev/null` + gmp_prefix=`$BREW --prefix gmp 2>/dev/null` + if test x$openssl_prefix != x; then + PKG_CONFIG_PATH="$openssl_prefix/lib/pkgconfig:$PKG_CONFIG_PATH" + export PKG_CONFIG_PATH + fi + if test x$gmp_prefix != x; then + GMP_CPPFLAGS="-I$gmp_prefix/include" + GMP_LIBS="-L$gmp_prefix/lib" + fi + else + AC_PATH_PROG([PORT],port,) + dnl if homebrew isn't installed and macports is, add the macports default paths + dnl as a last resort. + if test x$PORT != x; then + CPPFLAGS="$CPPFLAGS -isystem /opt/local/include" + LDFLAGS="$LDFLAGS -L/opt/local/lib" + fi + fi + fi + ;; +esac + +CFLAGS="$CFLAGS -W" + +warn_CFLAGS="-std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function -Wno-long-long -Wno-overlength-strings" +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS $warn_CFLAGS" +AC_MSG_CHECKING([if ${CC} supports ${warn_CFLAGS}]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" + ]) + +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -fvisibility=hidden" +AC_MSG_CHECKING([if ${CC} supports -fvisibility=hidden]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" + ]) + +AC_ARG_ENABLE(benchmark, + AS_HELP_STRING([--enable-benchmark],[compile benchmark [default=yes]]), + [use_benchmark=$enableval], + [use_benchmark=yes]) + +AC_ARG_ENABLE(coverage, + AS_HELP_STRING([--enable-coverage],[enable compiler flags to support kcov coverage analysis [default=no]]), + [enable_coverage=$enableval], + [enable_coverage=no]) + +AC_ARG_ENABLE(tests, + AS_HELP_STRING([--enable-tests],[compile tests [default=yes]]), + [use_tests=$enableval], + [use_tests=yes]) + +AC_ARG_ENABLE(openssl_tests, + AS_HELP_STRING([--enable-openssl-tests],[enable OpenSSL tests [default=auto]]), + [enable_openssl_tests=$enableval], + [enable_openssl_tests=auto]) + +AC_ARG_ENABLE(experimental, + AS_HELP_STRING([--enable-experimental],[allow experimental configure options [default=no]]), + [use_experimental=$enableval], + [use_experimental=no]) + +AC_ARG_ENABLE(exhaustive_tests, + AS_HELP_STRING([--enable-exhaustive-tests],[compile exhaustive tests [default=yes]]), + [use_exhaustive_tests=$enableval], + [use_exhaustive_tests=yes]) + +AC_ARG_ENABLE(endomorphism, + AS_HELP_STRING([--enable-endomorphism],[enable endomorphism [default=no]]), + [use_endomorphism=$enableval], + [use_endomorphism=no]) + +AC_ARG_ENABLE(ecmult_static_precomputation, + AS_HELP_STRING([--enable-ecmult-static-precomputation],[enable precomputed ecmult table for signing [default=auto]]), + [use_ecmult_static_precomputation=$enableval], + [use_ecmult_static_precomputation=auto]) + +AC_ARG_ENABLE(module_ecdh, + AS_HELP_STRING([--enable-module-ecdh],[enable ECDH shared secret computation (experimental)]), + [enable_module_ecdh=$enableval], + [enable_module_ecdh=no]) + +AC_ARG_ENABLE(module_recovery, + AS_HELP_STRING([--enable-module-recovery],[enable ECDSA pubkey recovery module [default=no]]), + [enable_module_recovery=$enableval], + [enable_module_recovery=no]) + +AC_ARG_ENABLE(external_default_callbacks, + AS_HELP_STRING([--enable-external-default-callbacks],[enable external default callback functions [default=no]]), + [use_external_default_callbacks=$enableval], + [use_external_default_callbacks=no]) + +AC_ARG_ENABLE(jni, + AS_HELP_STRING([--enable-jni],[enable libsecp256k1_jni [default=no]]), + [use_jni=$enableval], + [use_jni=no]) + +AC_ARG_WITH([field], [AS_HELP_STRING([--with-field=64bit|32bit|auto], +[finite field implementation to use [default=auto]])],[req_field=$withval], [req_field=auto]) + +AC_ARG_WITH([bignum], [AS_HELP_STRING([--with-bignum=gmp|no|auto], +[bignum implementation to use [default=auto]])],[req_bignum=$withval], [req_bignum=auto]) + +AC_ARG_WITH([scalar], [AS_HELP_STRING([--with-scalar=64bit|32bit|auto], +[scalar implementation to use [default=auto]])],[req_scalar=$withval], [req_scalar=auto]) + +AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|arm|no|auto], +[assembly optimizations to use (experimental: arm) [default=auto]])],[req_asm=$withval], [req_asm=auto]) + +AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE|auto], +[window size for ecmult precomputation for verification, specified as integer in range [2..24].] +[Larger values result in possibly better performance at the cost of an exponentially larger precomputed table.] +[The table will store 2^(SIZE-2) * 64 bytes of data but can be larger in memory due to platform-specific padding and alignment.] +[If the endomorphism optimization is enabled, two tables of this size are used instead of only one.] +["auto" is a reasonable setting for desktop machines (currently 15). [default=auto]] +)], +[req_ecmult_window=$withval], [req_ecmult_window=auto]) + +AC_ARG_WITH([ecmult-gen-precision], [AS_HELP_STRING([--with-ecmult-gen-precision=2|4|8|auto], +[Precision bits to tune the precomputed table size for signing.] +[The size of the table is 32kB for 2 bits, 64kB for 4 bits, 512kB for 8 bits of precision.] +[A larger table size usually results in possible faster signing.] +["auto" is a reasonable setting for desktop machines (currently 4). [default=auto]] +)], +[req_ecmult_gen_precision=$withval], [req_ecmult_gen_precision=auto]) + +AC_CHECK_TYPES([__int128]) + +if test x"$enable_coverage" = x"yes"; then + AC_DEFINE(COVERAGE, 1, [Define this symbol to compile out all VERIFY code]) + CFLAGS="$CFLAGS -O0 --coverage" + LDFLAGS="$LDFLAGS --coverage" +else + CFLAGS="$CFLAGS -O3" +fi + +if test x"$use_ecmult_static_precomputation" != x"no"; then + # Temporarily switch to an environment for the native compiler + save_cross_compiling=$cross_compiling + cross_compiling=no + SAVE_CC="$CC" + CC="$CC_FOR_BUILD" + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS_FOR_BUILD" + SAVE_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS_FOR_BUILD" + SAVE_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS_FOR_BUILD" + + warn_CFLAGS_FOR_BUILD="-Wall -Wextra -Wno-unused-function" + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $warn_CFLAGS_FOR_BUILD" + AC_MSG_CHECKING([if native ${CC_FOR_BUILD} supports ${warn_CFLAGS_FOR_BUILD}]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" + ]) + + AC_MSG_CHECKING([for working native compiler: ${CC_FOR_BUILD}]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([], [])], + [working_native_cc=yes], + [working_native_cc=no],[dnl]) + + CFLAGS_FOR_BUILD="$CFLAGS" + + # Restore the environment + cross_compiling=$save_cross_compiling + CC="$SAVE_CC" + CFLAGS="$SAVE_CFLAGS" + CPPFLAGS="$SAVE_CPPFLAGS" + LDFLAGS="$SAVE_LDFLAGS" + + if test x"$working_native_cc" = x"no"; then + AC_MSG_RESULT([no]) + set_precomp=no + m4_define([please_set_for_build], [Please set CC_FOR_BUILD, CFLAGS_FOR_BUILD, CPPFLAGS_FOR_BUILD, and/or LDFLAGS_FOR_BUILD.]) + if test x"$use_ecmult_static_precomputation" = x"yes"; then + AC_MSG_ERROR([native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build]) + else + AC_MSG_WARN([Disabling statically generated ecmult table because the native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build]) + fi + else + AC_MSG_RESULT([yes]) + set_precomp=yes + fi +else + set_precomp=no +fi + +if test x"$req_asm" = x"auto"; then + SECP_64BIT_ASM_CHECK + if test x"$has_64bit_asm" = x"yes"; then + set_asm=x86_64 + fi + if test x"$set_asm" = x; then + set_asm=no + fi +else + set_asm=$req_asm + case $set_asm in + x86_64) + SECP_64BIT_ASM_CHECK + if test x"$has_64bit_asm" != x"yes"; then + AC_MSG_ERROR([x86_64 assembly optimization requested but not available]) + fi + ;; + arm) + ;; + no) + ;; + *) + AC_MSG_ERROR([invalid assembly optimization selection]) + ;; + esac +fi + +if test x"$req_field" = x"auto"; then + if test x"set_asm" = x"x86_64"; then + set_field=64bit + fi + if test x"$set_field" = x; then + SECP_INT128_CHECK + if test x"$has_int128" = x"yes"; then + set_field=64bit + fi + fi + if test x"$set_field" = x; then + set_field=32bit + fi +else + set_field=$req_field + case $set_field in + 64bit) + if test x"$set_asm" != x"x86_64"; then + SECP_INT128_CHECK + if test x"$has_int128" != x"yes"; then + AC_MSG_ERROR([64bit field explicitly requested but neither __int128 support or x86_64 assembly available]) + fi + fi + ;; + 32bit) + ;; + *) + AC_MSG_ERROR([invalid field implementation selection]) + ;; + esac +fi + +if test x"$req_scalar" = x"auto"; then + SECP_INT128_CHECK + if test x"$has_int128" = x"yes"; then + set_scalar=64bit + fi + if test x"$set_scalar" = x; then + set_scalar=32bit + fi +else + set_scalar=$req_scalar + case $set_scalar in + 64bit) + SECP_INT128_CHECK + if test x"$has_int128" != x"yes"; then + AC_MSG_ERROR([64bit scalar explicitly requested but __int128 support not available]) + fi + ;; + 32bit) + ;; + *) + AC_MSG_ERROR([invalid scalar implementation selected]) + ;; + esac +fi + +if test x"$req_bignum" = x"auto"; then + SECP_GMP_CHECK + if test x"$has_gmp" = x"yes"; then + set_bignum=gmp + fi + + if test x"$set_bignum" = x; then + set_bignum=no + fi +else + set_bignum=$req_bignum + case $set_bignum in + gmp) + SECP_GMP_CHECK + if test x"$has_gmp" != x"yes"; then + AC_MSG_ERROR([gmp bignum explicitly requested but libgmp not available]) + fi + ;; + no) + ;; + *) + AC_MSG_ERROR([invalid bignum implementation selection]) + ;; + esac +fi + +# select assembly optimization +use_external_asm=no + +case $set_asm in +x86_64) + AC_DEFINE(USE_ASM_X86_64, 1, [Define this symbol to enable x86_64 assembly optimizations]) + ;; +arm) + use_external_asm=yes + ;; +no) + ;; +*) + AC_MSG_ERROR([invalid assembly optimizations]) + ;; +esac + +# select field implementation +case $set_field in +64bit) + AC_DEFINE(USE_FIELD_5X52, 1, [Define this symbol to use the FIELD_5X52 implementation]) + ;; +32bit) + AC_DEFINE(USE_FIELD_10X26, 1, [Define this symbol to use the FIELD_10X26 implementation]) + ;; +*) + AC_MSG_ERROR([invalid field implementation]) + ;; +esac + +# select bignum implementation +case $set_bignum in +gmp) + AC_DEFINE(HAVE_LIBGMP, 1, [Define this symbol if libgmp is installed]) + AC_DEFINE(USE_NUM_GMP, 1, [Define this symbol to use the gmp implementation for num]) + AC_DEFINE(USE_FIELD_INV_NUM, 1, [Define this symbol to use the num-based field inverse implementation]) + AC_DEFINE(USE_SCALAR_INV_NUM, 1, [Define this symbol to use the num-based scalar inverse implementation]) + ;; +no) + AC_DEFINE(USE_NUM_NONE, 1, [Define this symbol to use no num implementation]) + AC_DEFINE(USE_FIELD_INV_BUILTIN, 1, [Define this symbol to use the native field inverse implementation]) + AC_DEFINE(USE_SCALAR_INV_BUILTIN, 1, [Define this symbol to use the native scalar inverse implementation]) + ;; +*) + AC_MSG_ERROR([invalid bignum implementation]) + ;; +esac + +#select scalar implementation +case $set_scalar in +64bit) + AC_DEFINE(USE_SCALAR_4X64, 1, [Define this symbol to use the 4x64 scalar implementation]) + ;; +32bit) + AC_DEFINE(USE_SCALAR_8X32, 1, [Define this symbol to use the 8x32 scalar implementation]) + ;; +*) + AC_MSG_ERROR([invalid scalar implementation]) + ;; +esac + +#set ecmult window size +if test x"$req_ecmult_window" = x"auto"; then + set_ecmult_window=15 +else + set_ecmult_window=$req_ecmult_window +fi + +error_window_size=['window size for ecmult precomputation not an integer in range [2..24] or "auto"'] +case $set_ecmult_window in +''|*[[!0-9]]*) + # no valid integer + AC_MSG_ERROR($error_window_size) + ;; +*) + if test "$set_ecmult_window" -lt 2 -o "$set_ecmult_window" -gt 24 ; then + # not in range + AC_MSG_ERROR($error_window_size) + fi + AC_DEFINE_UNQUOTED(ECMULT_WINDOW_SIZE, $set_ecmult_window, [Set window size for ecmult precomputation]) + ;; +esac + +#set ecmult gen precision +if test x"$req_ecmult_gen_precision" = x"auto"; then + set_ecmult_gen_precision=4 +else + set_ecmult_gen_precision=$req_ecmult_gen_precision +fi + +case $set_ecmult_gen_precision in +2|4|8) + AC_DEFINE_UNQUOTED(ECMULT_GEN_PREC_BITS, $set_ecmult_gen_precision, [Set ecmult gen precision bits]) + ;; +*) + AC_MSG_ERROR(['ecmult gen precision not 2, 4, 8 or "auto"']) + ;; +esac + +if test x"$use_tests" = x"yes"; then + SECP_OPENSSL_CHECK + if test x"$has_openssl_ec" = x"yes"; then + if test x"$enable_openssl_tests" != x"no"; then + AC_DEFINE(ENABLE_OPENSSL_TESTS, 1, [Define this symbol if OpenSSL EC functions are available]) + SECP_TEST_INCLUDES="$SSL_CFLAGS $CRYPTO_CFLAGS" + SECP_TEST_LIBS="$CRYPTO_LIBS" + + case $host in + *mingw*) + SECP_TEST_LIBS="$SECP_TEST_LIBS -lgdi32" + ;; + esac + fi + else + if test x"$enable_openssl_tests" = x"yes"; then + AC_MSG_ERROR([OpenSSL tests requested but OpenSSL with EC support is not available]) + fi + fi +else + if test x"$enable_openssl_tests" = x"yes"; then + AC_MSG_ERROR([OpenSSL tests requested but tests are not enabled]) + fi +fi + +if test x"$use_jni" != x"no"; then + AX_JNI_INCLUDE_DIR + have_jni_dependencies=yes + if test x"$enable_module_ecdh" = x"no"; then + have_jni_dependencies=no + fi + if test "x$JNI_INCLUDE_DIRS" = "x"; then + have_jni_dependencies=no + fi + if test "x$have_jni_dependencies" = "xno"; then + if test x"$use_jni" = x"yes"; then + AC_MSG_ERROR([jni support explicitly requested but headers/dependencies were not found. Enable ECDH and try again.]) + fi + AC_MSG_WARN([jni headers/dependencies not found. jni support disabled]) + use_jni=no + else + use_jni=yes + for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS; do + JNI_INCLUDES="$JNI_INCLUDES -I$JNI_INCLUDE_DIR" + done + fi +fi + +if test x"$set_bignum" = x"gmp"; then + SECP_LIBS="$SECP_LIBS $GMP_LIBS" + SECP_INCLUDES="$SECP_INCLUDES $GMP_CPPFLAGS" +fi + +if test x"$use_endomorphism" = x"yes"; then + AC_DEFINE(USE_ENDOMORPHISM, 1, [Define this symbol to use endomorphism optimization]) +fi + +if test x"$set_precomp" = x"yes"; then + AC_DEFINE(USE_ECMULT_STATIC_PRECOMPUTATION, 1, [Define this symbol to use a statically generated ecmult table]) +fi + +if test x"$enable_module_ecdh" = x"yes"; then + AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module]) +fi + +if test x"$enable_module_recovery" = x"yes"; then + AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module]) +fi + +AC_C_BIGENDIAN() + +if test x"$use_external_asm" = x"yes"; then + AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used]) +fi + +if test x"$use_external_default_callbacks" = x"yes"; then + AC_DEFINE(USE_EXTERNAL_DEFAULT_CALLBACKS, 1, [Define this symbol if an external implementation of the default callbacks is used]) +fi + +if test x"$enable_experimental" = x"yes"; then + AC_MSG_NOTICE([******]) + AC_MSG_NOTICE([WARNING: experimental build]) + AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.]) + AC_MSG_NOTICE([Building ECDH module: $enable_module_ecdh]) + AC_MSG_NOTICE([******]) +else + if test x"$enable_module_ecdh" = x"yes"; then + AC_MSG_ERROR([ECDH module is experimental. Use --enable-experimental to allow.]) + fi + if test x"$set_asm" = x"arm"; then + AC_MSG_ERROR([ARM assembly optimization is experimental. Use --enable-experimental to allow.]) + fi +fi + +AC_CONFIG_HEADERS([src/libsecp256k1-config.h]) +AC_CONFIG_FILES([Makefile libsecp256k1.pc]) +AC_SUBST(JNI_INCLUDES) +AC_SUBST(SECP_INCLUDES) +AC_SUBST(SECP_LIBS) +AC_SUBST(SECP_TEST_LIBS) +AC_SUBST(SECP_TEST_INCLUDES) +AM_CONDITIONAL([ENABLE_COVERAGE], [test x"$enable_coverage" = x"yes"]) +AM_CONDITIONAL([USE_TESTS], [test x"$use_tests" != x"no"]) +AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$use_exhaustive_tests" != x"no"]) +AM_CONDITIONAL([USE_BENCHMARK], [test x"$use_benchmark" = x"yes"]) +AM_CONDITIONAL([USE_ECMULT_STATIC_PRECOMPUTATION], [test x"$set_precomp" = x"yes"]) +AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"]) +AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"]) +AM_CONDITIONAL([USE_JNI], [test x"$use_jni" = x"yes"]) +AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$use_external_asm" = x"yes"]) +AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"]) + +dnl make sure nothing new is exported so that we don't break the cache +PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH" +unset PKG_CONFIG_PATH +PKG_CONFIG_PATH="$PKGCONFIG_PATH_TEMP" + +AC_OUTPUT + +echo +echo "Build Options:" +echo " with endomorphism = $use_endomorphism" +echo " with ecmult precomp = $set_precomp" +echo " with external callbacks = $use_external_default_callbacks" +echo " with jni = $use_jni" +echo " with benchmarks = $use_benchmark" +echo " with coverage = $enable_coverage" +echo " module ecdh = $enable_module_ecdh" +echo " module recovery = $enable_module_recovery" +echo +echo " asm = $set_asm" +echo " bignum = $set_bignum" +echo " field = $set_field" +echo " scalar = $set_scalar" +echo " ecmult window size = $set_ecmult_window" +echo " ecmult gen prec. bits = $set_ecmult_gen_precision" +echo +echo " CC = $CC" +echo " CFLAGS = $CFLAGS" +echo " CPPFLAGS = $CPPFLAGS" +echo " LDFLAGS = $LDFLAGS" +echo diff --git a/deps/secp256k1/contrib/lax_der_parsing.c b/deps/secp256k1/contrib/lax_der_parsing.c new file mode 100644 index 000000000..e177a0562 --- /dev/null +++ b/deps/secp256k1/contrib/lax_der_parsing.c @@ -0,0 +1,150 @@ +/********************************************************************** + * Copyright (c) 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include +#include + +#include "lax_der_parsing.h" + +int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { + size_t rpos, rlen, spos, slen; + size_t pos = 0; + size_t lenbyte; + unsigned char tmpsig[64] = {0}; + int overflow = 0; + + /* Hack to initialize sig with a correctly-parsed but invalid signature. */ + secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + + /* Sequence tag byte */ + if (pos == inputlen || input[pos] != 0x30) { + return 0; + } + pos++; + + /* Sequence length bytes */ + if (pos == inputlen) { + return 0; + } + lenbyte = input[pos++]; + if (lenbyte & 0x80) { + lenbyte -= 0x80; + if (lenbyte > inputlen - pos) { + return 0; + } + pos += lenbyte; + } + + /* Integer tag byte for R */ + if (pos == inputlen || input[pos] != 0x02) { + return 0; + } + pos++; + + /* Integer length for R */ + if (pos == inputlen) { + return 0; + } + lenbyte = input[pos++]; + if (lenbyte & 0x80) { + lenbyte -= 0x80; + if (lenbyte > inputlen - pos) { + return 0; + } + while (lenbyte > 0 && input[pos] == 0) { + pos++; + lenbyte--; + } + if (lenbyte >= sizeof(size_t)) { + return 0; + } + rlen = 0; + while (lenbyte > 0) { + rlen = (rlen << 8) + input[pos]; + pos++; + lenbyte--; + } + } else { + rlen = lenbyte; + } + if (rlen > inputlen - pos) { + return 0; + } + rpos = pos; + pos += rlen; + + /* Integer tag byte for S */ + if (pos == inputlen || input[pos] != 0x02) { + return 0; + } + pos++; + + /* Integer length for S */ + if (pos == inputlen) { + return 0; + } + lenbyte = input[pos++]; + if (lenbyte & 0x80) { + lenbyte -= 0x80; + if (lenbyte > inputlen - pos) { + return 0; + } + while (lenbyte > 0 && input[pos] == 0) { + pos++; + lenbyte--; + } + if (lenbyte >= sizeof(size_t)) { + return 0; + } + slen = 0; + while (lenbyte > 0) { + slen = (slen << 8) + input[pos]; + pos++; + lenbyte--; + } + } else { + slen = lenbyte; + } + if (slen > inputlen - pos) { + return 0; + } + spos = pos; + pos += slen; + + /* Ignore leading zeroes in R */ + while (rlen > 0 && input[rpos] == 0) { + rlen--; + rpos++; + } + /* Copy R value */ + if (rlen > 32) { + overflow = 1; + } else { + memcpy(tmpsig + 32 - rlen, input + rpos, rlen); + } + + /* Ignore leading zeroes in S */ + while (slen > 0 && input[spos] == 0) { + slen--; + spos++; + } + /* Copy S value */ + if (slen > 32) { + overflow = 1; + } else { + memcpy(tmpsig + 64 - slen, input + spos, slen); + } + + if (!overflow) { + overflow = !secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + } + if (overflow) { + memset(tmpsig, 0, 64); + secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + } + return 1; +} + diff --git a/deps/secp256k1/contrib/lax_der_parsing.h b/deps/secp256k1/contrib/lax_der_parsing.h new file mode 100644 index 000000000..7eaf63bf6 --- /dev/null +++ b/deps/secp256k1/contrib/lax_der_parsing.h @@ -0,0 +1,91 @@ +/********************************************************************** + * Copyright (c) 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +/**** + * Please do not link this file directly. It is not part of the libsecp256k1 + * project and does not promise any stability in its API, functionality or + * presence. Projects which use this code should instead copy this header + * and its accompanying .c file directly into their codebase. + ****/ + +/* This file defines a function that parses DER with various errors and + * violations. This is not a part of the library itself, because the allowed + * violations are chosen arbitrarily and do not follow or establish any + * standard. + * + * In many places it matters that different implementations do not only accept + * the same set of valid signatures, but also reject the same set of signatures. + * The only means to accomplish that is by strictly obeying a standard, and not + * accepting anything else. + * + * Nonetheless, sometimes there is a need for compatibility with systems that + * use signatures which do not strictly obey DER. The snippet below shows how + * certain violations are easily supported. You may need to adapt it. + * + * Do not use this for new systems. Use well-defined DER or compact signatures + * instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and + * secp256k1_ecdsa_signature_parse_compact). + * + * The supported violations are: + * - All numbers are parsed as nonnegative integers, even though X.609-0207 + * section 8.3.3 specifies that integers are always encoded as two's + * complement. + * - Integers can have length 0, even though section 8.3.1 says they can't. + * - Integers with overly long padding are accepted, violation section + * 8.3.2. + * - 127-byte long length descriptors are accepted, even though section + * 8.1.3.5.c says that they are not. + * - Trailing garbage data inside or after the signature is ignored. + * - The length descriptor of the sequence is ignored. + * + * Compared to for example OpenSSL, many violations are NOT supported: + * - Using overly long tag descriptors for the sequence or integers inside, + * violating section 8.1.2.2. + * - Encoding primitive integers as constructed values, violating section + * 8.3.1. + */ + +#ifndef SECP256K1_CONTRIB_LAX_DER_PARSING_H +#define SECP256K1_CONTRIB_LAX_DER_PARSING_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** Parse a signature in "lax DER" format + * + * Returns: 1 when the signature could be parsed, 0 otherwise. + * Args: ctx: a secp256k1 context object + * Out: sig: a pointer to a signature object + * In: input: a pointer to the signature to be parsed + * inputlen: the length of the array pointed to be input + * + * This function will accept any valid DER encoded signature, even if the + * encoded numbers are out of range. In addition, it will accept signatures + * which violate the DER spec in various ways. Its purpose is to allow + * validation of the Bitcoin blockchain, which includes non-DER signatures + * from before the network rules were updated to enforce DER. Note that + * the set of supported violations is a strict subset of what OpenSSL will + * accept. + * + * After the call, sig will always be initialized. If parsing failed or the + * encoded numbers are out of range, signature validation with it is + * guaranteed to fail for every message and public key. + */ +int ecdsa_signature_parse_der_lax( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature* sig, + const unsigned char *input, + size_t inputlen +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_CONTRIB_LAX_DER_PARSING_H */ diff --git a/deps/secp256k1/contrib/lax_der_privatekey_parsing.c b/deps/secp256k1/contrib/lax_der_privatekey_parsing.c new file mode 100644 index 000000000..c2e63b4b8 --- /dev/null +++ b/deps/secp256k1/contrib/lax_der_privatekey_parsing.c @@ -0,0 +1,113 @@ +/********************************************************************** + * Copyright (c) 2014, 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include +#include + +#include "lax_der_privatekey_parsing.h" + +int ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) { + const unsigned char *end = privkey + privkeylen; + int lenb = 0; + int len = 0; + memset(out32, 0, 32); + /* sequence header */ + if (end < privkey+1 || *privkey != 0x30) { + return 0; + } + privkey++; + /* sequence length constructor */ + if (end < privkey+1 || !(*privkey & 0x80)) { + return 0; + } + lenb = *privkey & ~0x80; privkey++; + if (lenb < 1 || lenb > 2) { + return 0; + } + if (end < privkey+lenb) { + return 0; + } + /* sequence length */ + len = privkey[lenb-1] | (lenb > 1 ? privkey[lenb-2] << 8 : 0); + privkey += lenb; + if (end < privkey+len) { + return 0; + } + /* sequence element 0: version number (=1) */ + if (end < privkey+3 || privkey[0] != 0x02 || privkey[1] != 0x01 || privkey[2] != 0x01) { + return 0; + } + privkey += 3; + /* sequence element 1: octet string, up to 32 bytes */ + if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1]) { + return 0; + } + memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]); + if (!secp256k1_ec_seckey_verify(ctx, out32)) { + memset(out32, 0, 32); + return 0; + } + return 1; +} + +int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) { + secp256k1_pubkey pubkey; + size_t pubkeylen = 0; + if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) { + *privkeylen = 0; + return 0; + } + if (compressed) { + static const unsigned char begin[] = { + 0x30,0x81,0xD3,0x02,0x01,0x01,0x04,0x20 + }; + static const unsigned char middle[] = { + 0xA0,0x81,0x85,0x30,0x81,0x82,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48, + 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04, + 0x21,0x02,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87, + 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8, + 0x17,0x98,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E, + 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x24,0x03,0x22,0x00 + }; + unsigned char *ptr = privkey; + memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); + memcpy(ptr, key32, 32); ptr += 32; + memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); + pubkeylen = 33; + secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED); + ptr += pubkeylen; + *privkeylen = ptr - privkey; + } else { + static const unsigned char begin[] = { + 0x30,0x82,0x01,0x13,0x02,0x01,0x01,0x04,0x20 + }; + static const unsigned char middle[] = { + 0xA0,0x81,0xA5,0x30,0x81,0xA2,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48, + 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04, + 0x41,0x04,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87, + 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8, + 0x17,0x98,0x48,0x3A,0xDA,0x77,0x26,0xA3,0xC4,0x65,0x5D,0xA4,0xFB,0xFC,0x0E,0x11, + 0x08,0xA8,0xFD,0x17,0xB4,0x48,0xA6,0x85,0x54,0x19,0x9C,0x47,0xD0,0x8F,0xFB,0x10, + 0xD4,0xB8,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E, + 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x44,0x03,0x42,0x00 + }; + unsigned char *ptr = privkey; + memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); + memcpy(ptr, key32, 32); ptr += 32; + memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); + pubkeylen = 65; + secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED); + ptr += pubkeylen; + *privkeylen = ptr - privkey; + } + return 1; +} diff --git a/deps/secp256k1/contrib/lax_der_privatekey_parsing.h b/deps/secp256k1/contrib/lax_der_privatekey_parsing.h new file mode 100644 index 000000000..fece261fb --- /dev/null +++ b/deps/secp256k1/contrib/lax_der_privatekey_parsing.h @@ -0,0 +1,90 @@ +/********************************************************************** + * Copyright (c) 2014, 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +/**** + * Please do not link this file directly. It is not part of the libsecp256k1 + * project and does not promise any stability in its API, functionality or + * presence. Projects which use this code should instead copy this header + * and its accompanying .c file directly into their codebase. + ****/ + +/* This file contains code snippets that parse DER private keys with + * various errors and violations. This is not a part of the library + * itself, because the allowed violations are chosen arbitrarily and + * do not follow or establish any standard. + * + * It also contains code to serialize private keys in a compatible + * manner. + * + * These functions are meant for compatibility with applications + * that require BER encoded keys. When working with secp256k1-specific + * code, the simple 32-byte private keys normally used by the + * library are sufficient. + */ + +#ifndef SECP256K1_CONTRIB_BER_PRIVATEKEY_H +#define SECP256K1_CONTRIB_BER_PRIVATEKEY_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** Export a private key in DER format. + * + * Returns: 1 if the private key was valid. + * Args: ctx: pointer to a context object, initialized for signing (cannot + * be NULL) + * Out: privkey: pointer to an array for storing the private key in BER. + * Should have space for 279 bytes, and cannot be NULL. + * privkeylen: Pointer to an int where the length of the private key in + * privkey will be stored. + * In: seckey: pointer to a 32-byte secret key to export. + * compressed: 1 if the key should be exported in + * compressed format, 0 otherwise + * + * This function is purely meant for compatibility with applications that + * require BER encoded keys. When working with secp256k1-specific code, the + * simple 32-byte private keys are sufficient. + * + * Note that this function does not guarantee correct DER output. It is + * guaranteed to be parsable by secp256k1_ec_privkey_import_der + */ +SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der( + const secp256k1_context* ctx, + unsigned char *privkey, + size_t *privkeylen, + const unsigned char *seckey, + int compressed +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Import a private key in DER format. + * Returns: 1 if a private key was extracted. + * Args: ctx: pointer to a context object (cannot be NULL). + * Out: seckey: pointer to a 32-byte array for storing the private key. + * (cannot be NULL). + * In: privkey: pointer to a private key in DER format (cannot be NULL). + * privkeylen: length of the DER private key pointed to be privkey. + * + * This function will accept more than just strict DER, and even allow some BER + * violations. The public key stored inside the DER-encoded private key is not + * verified for correctness, nor are the curve parameters. Use this function + * only if you know in advance it is supposed to contain a secp256k1 private + * key. + */ +SECP256K1_WARN_UNUSED_RESULT int ec_privkey_import_der( + const secp256k1_context* ctx, + unsigned char *seckey, + const unsigned char *privkey, + size_t privkeylen +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_CONTRIB_BER_PRIVATEKEY_H */ diff --git a/deps/secp256k1/include/secp256k1.h b/deps/secp256k1/include/secp256k1.h new file mode 100644 index 000000000..36020e516 --- /dev/null +++ b/deps/secp256k1/include/secp256k1.h @@ -0,0 +1,708 @@ +#ifndef SECP256K1_H +#define SECP256K1_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* These rules specify the order of arguments in API calls: + * + * 1. Context pointers go first, followed by output arguments, combined + * output/input arguments, and finally input-only arguments. + * 2. Array lengths always immediately the follow the argument whose length + * they describe, even if this violates rule 1. + * 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated + * later go first. This means: signatures, public nonces, private nonces, + * messages, public keys, secret keys, tweaks. + * 4. Arguments that are not data pointers go last, from more complex to less + * complex: function pointers, algorithm names, messages, void pointers, + * counts, flags, booleans. + * 5. Opaque data pointers follow the function pointer they are to be passed to. + */ + +/** Opaque data structure that holds context information (precomputed tables etc.). + * + * The purpose of context structures is to cache large precomputed data tables + * that are expensive to construct, and also to maintain the randomization data + * for blinding. + * + * Do not create a new context object for each operation, as construction is + * far slower than all other API calls (~100 times slower than an ECDSA + * verification). + * + * A constructed context can safely be used from multiple threads + * simultaneously, but API calls that take a non-const pointer to a context + * need exclusive access to it. In particular this is the case for + * secp256k1_context_destroy, secp256k1_context_preallocated_destroy, + * and secp256k1_context_randomize. + * + * Regarding randomization, either do it once at creation time (in which case + * you do not need any locking for the other calls), or use a read-write lock. + */ +typedef struct secp256k1_context_struct secp256k1_context; + +/** Opaque data structure that holds rewriteable "scratch space" + * + * The purpose of this structure is to replace dynamic memory allocations, + * because we target architectures where this may not be available. It is + * essentially a resizable (within specified parameters) block of bytes, + * which is initially created either by memory allocation or TODO as a pointer + * into some fixed rewritable space. + * + * Unlike the context object, this cannot safely be shared between threads + * without additional synchronization logic. + */ +typedef struct secp256k1_scratch_space_struct secp256k1_scratch_space; + +/** Opaque data structure that holds a parsed and valid public key. + * + * The exact representation of data inside is implementation defined and not + * guaranteed to be portable between different platforms or versions. It is + * however guaranteed to be 64 bytes in size, and can be safely copied/moved. + * If you need to convert to a format suitable for storage, transmission, or + * comparison, use secp256k1_ec_pubkey_serialize and secp256k1_ec_pubkey_parse. + */ +typedef struct { + unsigned char data[64]; +} secp256k1_pubkey; + +/** Opaque data structured that holds a parsed ECDSA signature. + * + * The exact representation of data inside is implementation defined and not + * guaranteed to be portable between different platforms or versions. It is + * however guaranteed to be 64 bytes in size, and can be safely copied/moved. + * If you need to convert to a format suitable for storage, transmission, or + * comparison, use the secp256k1_ecdsa_signature_serialize_* and + * secp256k1_ecdsa_signature_parse_* functions. + */ +typedef struct { + unsigned char data[64]; +} secp256k1_ecdsa_signature; + +/** A pointer to a function to deterministically generate a nonce. + * + * Returns: 1 if a nonce was successfully generated. 0 will cause signing to fail. + * Out: nonce32: pointer to a 32-byte array to be filled by the function. + * In: msg32: the 32-byte message hash being verified (will not be NULL) + * key32: pointer to a 32-byte secret key (will not be NULL) + * algo16: pointer to a 16-byte array describing the signature + * algorithm (will be NULL for ECDSA for compatibility). + * data: Arbitrary data pointer that is passed through. + * attempt: how many iterations we have tried to find a nonce. + * This will almost always be 0, but different attempt values + * are required to result in a different nonce. + * + * Except for test cases, this function should compute some cryptographic hash of + * the message, the algorithm, the key and the attempt. + */ +typedef int (*secp256k1_nonce_function)( + unsigned char *nonce32, + const unsigned char *msg32, + const unsigned char *key32, + const unsigned char *algo16, + void *data, + unsigned int attempt +); + +# if !defined(SECP256K1_GNUC_PREREQ) +# if defined(__GNUC__)&&defined(__GNUC_MINOR__) +# define SECP256K1_GNUC_PREREQ(_maj,_min) \ + ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min)) +# else +# define SECP256K1_GNUC_PREREQ(_maj,_min) 0 +# endif +# endif + +# if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) ) +# if SECP256K1_GNUC_PREREQ(2,7) +# define SECP256K1_INLINE __inline__ +# elif (defined(_MSC_VER)) +# define SECP256K1_INLINE __inline +# else +# define SECP256K1_INLINE +# endif +# else +# define SECP256K1_INLINE inline +# endif + +#ifndef SECP256K1_API +# if defined(_WIN32) +# ifdef SECP256K1_BUILD +# define SECP256K1_API __declspec(dllexport) +# else +# define SECP256K1_API +# endif +# elif defined(__GNUC__) && defined(SECP256K1_BUILD) +# define SECP256K1_API __attribute__ ((visibility ("default"))) +# else +# define SECP256K1_API +# endif +#endif + +/**Warning attributes + * NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out + * some paranoid null checks. */ +# if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4) +# define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__)) +# else +# define SECP256K1_WARN_UNUSED_RESULT +# endif +# if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4) +# define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x))) +# else +# define SECP256K1_ARG_NONNULL(_x) +# endif + +/** All flags' lower 8 bits indicate what they're for. Do not use directly. */ +#define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1) +#define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0) +#define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1) +/** The higher bits contain the actual data. Do not use directly. */ +#define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8) +#define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9) +#define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8) + +/** Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and + * secp256k1_context_preallocated_create. */ +#define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) +#define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN) +#define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT) + +/** Flag to pass to secp256k1_ec_pubkey_serialize. */ +#define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION) +#define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION) + +/** Prefix byte used to tag various encoded curvepoints for specific purposes */ +#define SECP256K1_TAG_PUBKEY_EVEN 0x02 +#define SECP256K1_TAG_PUBKEY_ODD 0x03 +#define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04 +#define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06 +#define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07 + +/** A simple secp256k1 context object with no precomputed tables. These are useful for + * type serialization/parsing functions which require a context object to maintain + * API consistency, but currently do not require expensive precomputations or dynamic + * allocations. + */ +SECP256K1_API extern const secp256k1_context *secp256k1_context_no_precomp; + +/** Create a secp256k1 context object (in dynamically allocated memory). + * + * This function uses malloc to allocate memory. It is guaranteed that malloc is + * called at most once for every call of this function. If you need to avoid dynamic + * memory allocation entirely, see the functions in secp256k1_preallocated.h. + * + * Returns: a newly created context object. + * In: flags: which parts of the context to initialize. + * + * See also secp256k1_context_randomize. + */ +SECP256K1_API secp256k1_context* secp256k1_context_create( + unsigned int flags +) SECP256K1_WARN_UNUSED_RESULT; + +/** Copy a secp256k1 context object (into dynamically allocated memory). + * + * This function uses malloc to allocate memory. It is guaranteed that malloc is + * called at most once for every call of this function. If you need to avoid dynamic + * memory allocation entirely, see the functions in secp256k1_preallocated.h. + * + * Returns: a newly created context object. + * Args: ctx: an existing context to copy (cannot be NULL) + */ +SECP256K1_API secp256k1_context* secp256k1_context_clone( + const secp256k1_context* ctx +) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; + +/** Destroy a secp256k1 context object (created in dynamically allocated memory). + * + * The context pointer may not be used afterwards. + * + * The context to destroy must have been created using secp256k1_context_create + * or secp256k1_context_clone. If the context has instead been created using + * secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone, the + * behaviour is undefined. In that case, secp256k1_context_preallocated_destroy must + * be used instead. + * + * Args: ctx: an existing context to destroy, constructed using + * secp256k1_context_create or secp256k1_context_clone + */ +SECP256K1_API void secp256k1_context_destroy( + secp256k1_context* ctx +); + +/** Set a callback function to be called when an illegal argument is passed to + * an API call. It will only trigger for violations that are mentioned + * explicitly in the header. + * + * The philosophy is that these shouldn't be dealt with through a + * specific return value, as calling code should not have branches to deal with + * the case that this code itself is broken. + * + * On the other hand, during debug stage, one would want to be informed about + * such mistakes, and the default (crashing) may be inadvisable. + * When this callback is triggered, the API function called is guaranteed not + * to cause a crash, though its return value and output arguments are + * undefined. + * + * When this function has not been called (or called with fn==NULL), then the + * default handler will be used. The library provides a default handler which + * writes the message to stderr and calls abort. This default handler can be + * replaced at link time if the preprocessor macro + * USE_EXTERNAL_DEFAULT_CALLBACKS is defined, which is the case if the build + * has been configured with --enable-external-default-callbacks. Then the + * following two symbols must be provided to link against: + * - void secp256k1_default_illegal_callback_fn(const char* message, void* data); + * - void secp256k1_default_error_callback_fn(const char* message, void* data); + * The library can call these default handlers even before a proper callback data + * pointer could have been set using secp256k1_context_set_illegal_callback or + * secp256k1_context_set_error_callback, e.g., when the creation of a context + * fails. In this case, the corresponding default handler will be called with + * the data pointer argument set to NULL. + * + * Args: ctx: an existing context object (cannot be NULL) + * In: fun: a pointer to a function to call when an illegal argument is + * passed to the API, taking a message and an opaque pointer. + * (NULL restores the default handler.) + * data: the opaque pointer to pass to fun above. + * + * See also secp256k1_context_set_error_callback. + */ +SECP256K1_API void secp256k1_context_set_illegal_callback( + secp256k1_context* ctx, + void (*fun)(const char* message, void* data), + const void* data +) SECP256K1_ARG_NONNULL(1); + +/** Set a callback function to be called when an internal consistency check + * fails. The default is crashing. + * + * This can only trigger in case of a hardware failure, miscompilation, + * memory corruption, serious bug in the library, or other error would can + * otherwise result in undefined behaviour. It will not trigger due to mere + * incorrect usage of the API (see secp256k1_context_set_illegal_callback + * for that). After this callback returns, anything may happen, including + * crashing. + * + * Args: ctx: an existing context object (cannot be NULL) + * In: fun: a pointer to a function to call when an internal error occurs, + * taking a message and an opaque pointer (NULL restores the + * default handler, see secp256k1_context_set_illegal_callback + * for details). + * data: the opaque pointer to pass to fun above. + * + * See also secp256k1_context_set_illegal_callback. + */ +SECP256K1_API void secp256k1_context_set_error_callback( + secp256k1_context* ctx, + void (*fun)(const char* message, void* data), + const void* data +) SECP256K1_ARG_NONNULL(1); + +/** Create a secp256k1 scratch space object. + * + * Returns: a newly created scratch space. + * Args: ctx: an existing context object (cannot be NULL) + * In: size: amount of memory to be available as scratch space. Some extra + * (<100 bytes) will be allocated for extra accounting. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space* secp256k1_scratch_space_create( + const secp256k1_context* ctx, + size_t size +) SECP256K1_ARG_NONNULL(1); + +/** Destroy a secp256k1 scratch space. + * + * The pointer may not be used afterwards. + * Args: ctx: a secp256k1 context object. + * scratch: space to destroy + */ +SECP256K1_API void secp256k1_scratch_space_destroy( + const secp256k1_context* ctx, + secp256k1_scratch_space* scratch +) SECP256K1_ARG_NONNULL(1); + +/** Parse a variable-length public key into the pubkey object. + * + * Returns: 1 if the public key was fully valid. + * 0 if the public key could not be parsed or is invalid. + * Args: ctx: a secp256k1 context object. + * Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a + * parsed version of input. If not, its value is undefined. + * In: input: pointer to a serialized public key + * inputlen: length of the array pointed to by input + * + * This function supports parsing compressed (33 bytes, header byte 0x02 or + * 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header + * byte 0x06 or 0x07) format public keys. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse( + const secp256k1_context* ctx, + secp256k1_pubkey* pubkey, + const unsigned char *input, + size_t inputlen +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Serialize a pubkey object into a serialized byte sequence. + * + * Returns: 1 always. + * Args: ctx: a secp256k1 context object. + * Out: output: a pointer to a 65-byte (if compressed==0) or 33-byte (if + * compressed==1) byte array to place the serialized key + * in. + * In/Out: outputlen: a pointer to an integer which is initially set to the + * size of output, and is overwritten with the written + * size. + * In: pubkey: a pointer to a secp256k1_pubkey containing an + * initialized public key. + * flags: SECP256K1_EC_COMPRESSED if serialization should be in + * compressed format, otherwise SECP256K1_EC_UNCOMPRESSED. + */ +SECP256K1_API int secp256k1_ec_pubkey_serialize( + const secp256k1_context* ctx, + unsigned char *output, + size_t *outputlen, + const secp256k1_pubkey* pubkey, + unsigned int flags +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Parse an ECDSA signature in compact (64 bytes) format. + * + * Returns: 1 when the signature could be parsed, 0 otherwise. + * Args: ctx: a secp256k1 context object + * Out: sig: a pointer to a signature object + * In: input64: a pointer to the 64-byte array to parse + * + * The signature must consist of a 32-byte big endian R value, followed by a + * 32-byte big endian S value. If R or S fall outside of [0..order-1], the + * encoding is invalid. R and S with value 0 are allowed in the encoding. + * + * After the call, sig will always be initialized. If parsing failed or R or + * S are zero, the resulting sig value is guaranteed to fail validation for any + * message and public key. + */ +SECP256K1_API int secp256k1_ecdsa_signature_parse_compact( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature* sig, + const unsigned char *input64 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Parse a DER ECDSA signature. + * + * Returns: 1 when the signature could be parsed, 0 otherwise. + * Args: ctx: a secp256k1 context object + * Out: sig: a pointer to a signature object + * In: input: a pointer to the signature to be parsed + * inputlen: the length of the array pointed to be input + * + * This function will accept any valid DER encoded signature, even if the + * encoded numbers are out of range. + * + * After the call, sig will always be initialized. If parsing failed or the + * encoded numbers are out of range, signature validation with it is + * guaranteed to fail for every message and public key. + */ +SECP256K1_API int secp256k1_ecdsa_signature_parse_der( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature* sig, + const unsigned char *input, + size_t inputlen +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Serialize an ECDSA signature in DER format. + * + * Returns: 1 if enough space was available to serialize, 0 otherwise + * Args: ctx: a secp256k1 context object + * Out: output: a pointer to an array to store the DER serialization + * In/Out: outputlen: a pointer to a length integer. Initially, this integer + * should be set to the length of output. After the call + * it will be set to the length of the serialization (even + * if 0 was returned). + * In: sig: a pointer to an initialized signature object + */ +SECP256K1_API int secp256k1_ecdsa_signature_serialize_der( + const secp256k1_context* ctx, + unsigned char *output, + size_t *outputlen, + const secp256k1_ecdsa_signature* sig +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Serialize an ECDSA signature in compact (64 byte) format. + * + * Returns: 1 + * Args: ctx: a secp256k1 context object + * Out: output64: a pointer to a 64-byte array to store the compact serialization + * In: sig: a pointer to an initialized signature object + * + * See secp256k1_ecdsa_signature_parse_compact for details about the encoding. + */ +SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact( + const secp256k1_context* ctx, + unsigned char *output64, + const secp256k1_ecdsa_signature* sig +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Verify an ECDSA signature. + * + * Returns: 1: correct signature + * 0: incorrect or unparseable signature + * Args: ctx: a secp256k1 context object, initialized for verification. + * In: sig: the signature being verified (cannot be NULL) + * msg32: the 32-byte message hash being verified (cannot be NULL) + * pubkey: pointer to an initialized public key to verify with (cannot be NULL) + * + * To avoid accepting malleable signatures, only ECDSA signatures in lower-S + * form are accepted. + * + * If you need to accept ECDSA signatures from sources that do not obey this + * rule, apply secp256k1_ecdsa_signature_normalize to the signature prior to + * validation, but be aware that doing so results in malleable signatures. + * + * For details, see the comments for that function. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify( + const secp256k1_context* ctx, + const secp256k1_ecdsa_signature *sig, + const unsigned char *msg32, + const secp256k1_pubkey *pubkey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Convert a signature to a normalized lower-S form. + * + * Returns: 1 if sigin was not normalized, 0 if it already was. + * Args: ctx: a secp256k1 context object + * Out: sigout: a pointer to a signature to fill with the normalized form, + * or copy if the input was already normalized. (can be NULL if + * you're only interested in whether the input was already + * normalized). + * In: sigin: a pointer to a signature to check/normalize (cannot be NULL, + * can be identical to sigout) + * + * With ECDSA a third-party can forge a second distinct signature of the same + * message, given a single initial signature, but without knowing the key. This + * is done by negating the S value modulo the order of the curve, 'flipping' + * the sign of the random point R which is not included in the signature. + * + * Forgery of the same message isn't universally problematic, but in systems + * where message malleability or uniqueness of signatures is important this can + * cause issues. This forgery can be blocked by all verifiers forcing signers + * to use a normalized form. + * + * The lower-S form reduces the size of signatures slightly on average when + * variable length encodings (such as DER) are used and is cheap to verify, + * making it a good choice. Security of always using lower-S is assured because + * anyone can trivially modify a signature after the fact to enforce this + * property anyway. + * + * The lower S value is always between 0x1 and + * 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, + * inclusive. + * + * No other forms of ECDSA malleability are known and none seem likely, but + * there is no formal proof that ECDSA, even with this additional restriction, + * is free of other malleability. Commonly used serialization schemes will also + * accept various non-unique encodings, so care should be taken when this + * property is required for an application. + * + * The secp256k1_ecdsa_sign function will by default create signatures in the + * lower-S form, and secp256k1_ecdsa_verify will not accept others. In case + * signatures come from a system that cannot enforce this property, + * secp256k1_ecdsa_signature_normalize must be called before verification. + */ +SECP256K1_API int secp256k1_ecdsa_signature_normalize( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature *sigout, + const secp256k1_ecdsa_signature *sigin +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3); + +/** An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function. + * If a data pointer is passed, it is assumed to be a pointer to 32 bytes of + * extra entropy. + */ +SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_rfc6979; + +/** A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979). */ +SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_default; + +/** Create an ECDSA signature. + * + * Returns: 1: signature created + * 0: the nonce generation function failed, or the private key was invalid. + * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) + * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) + * In: msg32: the 32-byte message hash being signed (cannot be NULL) + * seckey: pointer to a 32-byte secret key (cannot be NULL) + * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used + * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) + * + * The created signature is always in lower-S form. See + * secp256k1_ecdsa_signature_normalize for more details. + */ +SECP256K1_API int secp256k1_ecdsa_sign( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature *sig, + const unsigned char *msg32, + const unsigned char *seckey, + secp256k1_nonce_function noncefp, + const void *ndata +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Verify an ECDSA secret key. + * + * Returns: 1: secret key is valid + * 0: secret key is invalid + * Args: ctx: pointer to a context object (cannot be NULL) + * In: seckey: pointer to a 32-byte secret key (cannot be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify( + const secp256k1_context* ctx, + const unsigned char *seckey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); + +/** Compute the public key for a secret key. + * + * Returns: 1: secret was valid, public key stores + * 0: secret was invalid, try again + * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) + * Out: pubkey: pointer to the created public key (cannot be NULL) + * In: seckey: pointer to a 32-byte private key (cannot be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create( + const secp256k1_context* ctx, + secp256k1_pubkey *pubkey, + const unsigned char *seckey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Negates a private key in place. + * + * Returns: 1 always + * Args: ctx: pointer to a context object + * In/Out: seckey: pointer to the 32-byte private key to be negated (cannot be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate( + const secp256k1_context* ctx, + unsigned char *seckey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); + +/** Negates a public key in place. + * + * Returns: 1 always + * Args: ctx: pointer to a context object + * In/Out: pubkey: pointer to the public key to be negated (cannot be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate( + const secp256k1_context* ctx, + secp256k1_pubkey *pubkey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); + +/** Tweak a private key by adding tweak to it. + * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for + * uniformly random 32-byte arrays, or if the resulting private key + * would be invalid (only when the tweak is the complement of the + * private key). 1 otherwise. + * Args: ctx: pointer to a context object (cannot be NULL). + * In/Out: seckey: pointer to a 32-byte private key. + * In: tweak: pointer to a 32-byte tweak. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add( + const secp256k1_context* ctx, + unsigned char *seckey, + const unsigned char *tweak +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Tweak a public key by adding tweak times the generator to it. + * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for + * uniformly random 32-byte arrays, or if the resulting public key + * would be invalid (only when the tweak is the complement of the + * corresponding private key). 1 otherwise. + * Args: ctx: pointer to a context object initialized for validation + * (cannot be NULL). + * In/Out: pubkey: pointer to a public key object. + * In: tweak: pointer to a 32-byte tweak. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add( + const secp256k1_context* ctx, + secp256k1_pubkey *pubkey, + const unsigned char *tweak +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Tweak a private key by multiplying it by a tweak. + * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for + * uniformly random 32-byte arrays, or equal to zero. 1 otherwise. + * Args: ctx: pointer to a context object (cannot be NULL). + * In/Out: seckey: pointer to a 32-byte private key. + * In: tweak: pointer to a 32-byte tweak. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul( + const secp256k1_context* ctx, + unsigned char *seckey, + const unsigned char *tweak +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Tweak a public key by multiplying it by a tweak value. + * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for + * uniformly random 32-byte arrays, or equal to zero. 1 otherwise. + * Args: ctx: pointer to a context object initialized for validation + * (cannot be NULL). + * In/Out: pubkey: pointer to a public key object. + * In: tweak: pointer to a 32-byte tweak. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul( + const secp256k1_context* ctx, + secp256k1_pubkey *pubkey, + const unsigned char *tweak +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Updates the context randomization to protect against side-channel leakage. + * Returns: 1: randomization successfully updated or nothing to randomize + * 0: error + * Args: ctx: pointer to a context object (cannot be NULL) + * In: seed32: pointer to a 32-byte random seed (NULL resets to initial state) + * + * While secp256k1 code is written to be constant-time no matter what secret + * values are, it's possible that a future compiler may output code which isn't, + * and also that the CPU may not emit the same radio frequencies or draw the same + * amount power for all values. + * + * This function provides a seed which is combined into the blinding value: that + * blinding value is added before each multiplication (and removed afterwards) so + * that it does not affect function results, but shields against attacks which + * rely on any input-dependent behaviour. + * + * This function has currently an effect only on contexts initialized for signing + * because randomization is currently used only for signing. However, this is not + * guaranteed and may change in the future. It is safe to call this function on + * contexts not initialized for signing; then it will have no effect and return 1. + * + * You should call this after secp256k1_context_create or + * secp256k1_context_clone (and secp256k1_context_preallocated_create or + * secp256k1_context_clone, resp.), and you may call this repeatedly afterwards. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize( + secp256k1_context* ctx, + const unsigned char *seed32 +) SECP256K1_ARG_NONNULL(1); + +/** Add a number of public keys together. + * Returns: 1: the sum of the public keys is valid. + * 0: the sum of the public keys is not valid. + * Args: ctx: pointer to a context object + * Out: out: pointer to a public key object for placing the resulting public key + * (cannot be NULL) + * In: ins: pointer to array of pointers to public keys (cannot be NULL) + * n: the number of public keys to add together (must be at least 1) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine( + const secp256k1_context* ctx, + secp256k1_pubkey *out, + const secp256k1_pubkey * const * ins, + size_t n +) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_H */ diff --git a/deps/secp256k1/include/secp256k1_ecdh.h b/deps/secp256k1/include/secp256k1_ecdh.h new file mode 100644 index 000000000..df5fde235 --- /dev/null +++ b/deps/secp256k1/include/secp256k1_ecdh.h @@ -0,0 +1,55 @@ +#ifndef SECP256K1_ECDH_H +#define SECP256K1_ECDH_H + +#include "secp256k1.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** A pointer to a function that applies hash function to a point + * + * Returns: 1 if a point was successfully hashed. 0 will cause ecdh to fail + * Out: output: pointer to an array to be filled by the function + * In: x: pointer to a 32-byte x coordinate + * y: pointer to a 32-byte y coordinate + * data: Arbitrary data pointer that is passed through + */ +typedef int (*secp256k1_ecdh_hash_function)( + unsigned char *output, + const unsigned char *x, + const unsigned char *y, + void *data +); + +/** An implementation of SHA256 hash function that applies to compressed public key. */ +SECP256K1_API extern const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256; + +/** A default ecdh hash function (currently equal to secp256k1_ecdh_hash_function_sha256). */ +SECP256K1_API extern const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default; + +/** Compute an EC Diffie-Hellman secret in constant time + * Returns: 1: exponentiation was successful + * 0: scalar was invalid (zero or overflow) + * Args: ctx: pointer to a context object (cannot be NULL) + * Out: output: pointer to an array to be filled by the function + * In: pubkey: a pointer to a secp256k1_pubkey containing an + * initialized public key + * privkey: a 32-byte scalar with which to multiply the point + * hashfp: pointer to a hash function. If NULL, secp256k1_ecdh_hash_function_sha256 is used + * data: Arbitrary data pointer that is passed through + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh( + const secp256k1_context* ctx, + unsigned char *output, + const secp256k1_pubkey *pubkey, + const unsigned char *privkey, + secp256k1_ecdh_hash_function hashfp, + void *data +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_ECDH_H */ diff --git a/deps/secp256k1/include/secp256k1_preallocated.h b/deps/secp256k1/include/secp256k1_preallocated.h new file mode 100644 index 000000000..a9ae15d5a --- /dev/null +++ b/deps/secp256k1/include/secp256k1_preallocated.h @@ -0,0 +1,128 @@ +#ifndef SECP256K1_PREALLOCATED_H +#define SECP256K1_PREALLOCATED_H + +#include "secp256k1.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* The module provided by this header file is intended for settings in which it + * is not possible or desirable to rely on dynamic memory allocation. It provides + * functions for creating, cloning, and destroying secp256k1 context objects in a + * contiguous fixed-size block of memory provided by the caller. + * + * Context objects created by functions in this module can be used like contexts + * objects created by functions in secp256k1.h, i.e., they can be passed to any + * API function that expects a context object (see secp256k1.h for details). The + * only exception is that context objects created by functions in this module + * must be destroyed using secp256k1_context_preallocated_destroy (in this + * module) instead of secp256k1_context_destroy (in secp256k1.h). + * + * It is guaranteed that functions in this module will not call malloc or its + * friends realloc, calloc, and free. + */ + +/** Determine the memory size of a secp256k1 context object to be created in + * caller-provided memory. + * + * The purpose of this function is to determine how much memory must be provided + * to secp256k1_context_preallocated_create. + * + * Returns: the required size of the caller-provided memory block + * In: flags: which parts of the context to initialize. + */ +SECP256K1_API size_t secp256k1_context_preallocated_size( + unsigned int flags +) SECP256K1_WARN_UNUSED_RESULT; + +/** Create a secp256k1 context object in caller-provided memory. + * + * The caller must provide a pointer to a rewritable contiguous block of memory + * of size at least secp256k1_context_preallocated_size(flags) bytes, suitably + * aligned to hold an object of any type. + * + * The block of memory is exclusively owned by the created context object during + * the lifetime of this context object, which begins with the call to this + * function and ends when a call to secp256k1_context_preallocated_destroy + * (which destroys the context object again) returns. During the lifetime of the + * context object, the caller is obligated not to access this block of memory, + * i.e., the caller may not read or write the memory, e.g., by copying the memory + * contents to a different location or trying to create a second context object + * in the memory. In simpler words, the prealloc pointer (or any pointer derived + * from it) should not be used during the lifetime of the context object. + * + * Returns: a newly created context object. + * In: prealloc: a pointer to a rewritable contiguous block of memory of + * size at least secp256k1_context_preallocated_size(flags) + * bytes, as detailed above (cannot be NULL) + * flags: which parts of the context to initialize. + * + * See also secp256k1_context_randomize (in secp256k1.h) + * and secp256k1_context_preallocated_destroy. + */ +SECP256K1_API secp256k1_context* secp256k1_context_preallocated_create( + void* prealloc, + unsigned int flags +) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; + +/** Determine the memory size of a secp256k1 context object to be copied into + * caller-provided memory. + * + * Returns: the required size of the caller-provided memory block. + * In: ctx: an existing context to copy (cannot be NULL) + */ +SECP256K1_API size_t secp256k1_context_preallocated_clone_size( + const secp256k1_context* ctx +) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; + +/** Copy a secp256k1 context object into caller-provided memory. + * + * The caller must provide a pointer to a rewritable contiguous block of memory + * of size at least secp256k1_context_preallocated_size(flags) bytes, suitably + * aligned to hold an object of any type. + * + * The block of memory is exclusively owned by the created context object during + * the lifetime of this context object, see the description of + * secp256k1_context_preallocated_create for details. + * + * Returns: a newly created context object. + * Args: ctx: an existing context to copy (cannot be NULL) + * In: prealloc: a pointer to a rewritable contiguous block of memory of + * size at least secp256k1_context_preallocated_size(flags) + * bytes, as detailed above (cannot be NULL) + */ +SECP256K1_API secp256k1_context* secp256k1_context_preallocated_clone( + const secp256k1_context* ctx, + void* prealloc +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_WARN_UNUSED_RESULT; + +/** Destroy a secp256k1 context object that has been created in + * caller-provided memory. + * + * The context pointer may not be used afterwards. + * + * The context to destroy must have been created using + * secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone. + * If the context has instead been created using secp256k1_context_create or + * secp256k1_context_clone, the behaviour is undefined. In that case, + * secp256k1_context_destroy must be used instead. + * + * If required, it is the responsibility of the caller to deallocate the block + * of memory properly after this function returns, e.g., by calling free on the + * preallocated pointer given to secp256k1_context_preallocated_create or + * secp256k1_context_preallocated_clone. + * + * Args: ctx: an existing context to destroy, constructed using + * secp256k1_context_preallocated_create or + * secp256k1_context_preallocated_clone (cannot be NULL) + */ +SECP256K1_API void secp256k1_context_preallocated_destroy( + secp256k1_context* ctx +); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_PREALLOCATED_H */ diff --git a/deps/secp256k1/include/secp256k1_recovery.h b/deps/secp256k1/include/secp256k1_recovery.h new file mode 100644 index 000000000..cf6c5ed7f --- /dev/null +++ b/deps/secp256k1/include/secp256k1_recovery.h @@ -0,0 +1,110 @@ +#ifndef SECP256K1_RECOVERY_H +#define SECP256K1_RECOVERY_H + +#include "secp256k1.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** Opaque data structured that holds a parsed ECDSA signature, + * supporting pubkey recovery. + * + * The exact representation of data inside is implementation defined and not + * guaranteed to be portable between different platforms or versions. It is + * however guaranteed to be 65 bytes in size, and can be safely copied/moved. + * If you need to convert to a format suitable for storage or transmission, use + * the secp256k1_ecdsa_signature_serialize_* and + * secp256k1_ecdsa_signature_parse_* functions. + * + * Furthermore, it is guaranteed that identical signatures (including their + * recoverability) will have identical representation, so they can be + * memcmp'ed. + */ +typedef struct { + unsigned char data[65]; +} secp256k1_ecdsa_recoverable_signature; + +/** Parse a compact ECDSA signature (64 bytes + recovery id). + * + * Returns: 1 when the signature could be parsed, 0 otherwise + * Args: ctx: a secp256k1 context object + * Out: sig: a pointer to a signature object + * In: input64: a pointer to a 64-byte compact signature + * recid: the recovery id (0, 1, 2 or 3) + */ +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact( + const secp256k1_context* ctx, + secp256k1_ecdsa_recoverable_signature* sig, + const unsigned char *input64, + int recid +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Convert a recoverable signature into a normal signature. + * + * Returns: 1 + * Out: sig: a pointer to a normal signature (cannot be NULL). + * In: sigin: a pointer to a recoverable signature (cannot be NULL). + */ +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature* sig, + const secp256k1_ecdsa_recoverable_signature* sigin +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Serialize an ECDSA signature in compact format (64 bytes + recovery id). + * + * Returns: 1 + * Args: ctx: a secp256k1 context object + * Out: output64: a pointer to a 64-byte array of the compact signature (cannot be NULL) + * recid: a pointer to an integer to hold the recovery id (can be NULL). + * In: sig: a pointer to an initialized signature object (cannot be NULL) + */ +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact( + const secp256k1_context* ctx, + unsigned char *output64, + int *recid, + const secp256k1_ecdsa_recoverable_signature* sig +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Create a recoverable ECDSA signature. + * + * Returns: 1: signature created + * 0: the nonce generation function failed, or the private key was invalid. + * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) + * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) + * In: msg32: the 32-byte message hash being signed (cannot be NULL) + * seckey: pointer to a 32-byte secret key (cannot be NULL) + * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used + * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) + */ +SECP256K1_API int secp256k1_ecdsa_sign_recoverable( + const secp256k1_context* ctx, + secp256k1_ecdsa_recoverable_signature *sig, + const unsigned char *msg32, + const unsigned char *seckey, + secp256k1_nonce_function noncefp, + const void *ndata +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Recover an ECDSA public key from a signature. + * + * Returns: 1: public key successfully recovered (which guarantees a correct signature). + * 0: otherwise. + * Args: ctx: pointer to a context object, initialized for verification (cannot be NULL) + * Out: pubkey: pointer to the recovered public key (cannot be NULL) + * In: sig: pointer to initialized signature that supports pubkey recovery (cannot be NULL) + * msg32: the 32-byte message hash assumed to be signed (cannot be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover( + const secp256k1_context* ctx, + secp256k1_pubkey *pubkey, + const secp256k1_ecdsa_recoverable_signature *sig, + const unsigned char *msg32 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_RECOVERY_H */ diff --git a/deps/secp256k1/libsecp256k1.pc.in b/deps/secp256k1/libsecp256k1.pc.in new file mode 100644 index 000000000..694e98eef --- /dev/null +++ b/deps/secp256k1/libsecp256k1.pc.in @@ -0,0 +1,13 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: libsecp256k1 +Description: Optimized C library for EC operations on curve secp256k1 +URL: https://github.com/bitcoin-core/secp256k1 +Version: @PACKAGE_VERSION@ +Cflags: -I${includedir} +Libs: -L${libdir} -lsecp256k1 +Libs.private: @SECP_LIBS@ + diff --git a/deps/secp256k1/obj/.gitignore b/deps/secp256k1/obj/.gitignore new file mode 100644 index 000000000..e69de29bb diff --git a/deps/secp256k1/sage/group_prover.sage b/deps/secp256k1/sage/group_prover.sage new file mode 100644 index 000000000..8521f0799 --- /dev/null +++ b/deps/secp256k1/sage/group_prover.sage @@ -0,0 +1,322 @@ +# This code supports verifying group implementations which have branches +# or conditional statements (like cmovs), by allowing each execution path +# to independently set assumptions on input or intermediary variables. +# +# The general approach is: +# * A constraint is a tuple of two sets of symbolic expressions: +# the first of which are required to evaluate to zero, the second of which +# are required to evaluate to nonzero. +# - A constraint is said to be conflicting if any of its nonzero expressions +# is in the ideal with basis the zero expressions (in other words: when the +# zero expressions imply that one of the nonzero expressions are zero). +# * There is a list of laws that describe the intended behaviour, including +# laws for addition and doubling. Each law is called with the symbolic point +# coordinates as arguments, and returns: +# - A constraint describing the assumptions under which it is applicable, +# called "assumeLaw" +# - A constraint describing the requirements of the law, called "require" +# * Implementations are transliterated into functions that operate as well on +# algebraic input points, and are called once per combination of branches +# executed. Each execution returns: +# - A constraint describing the assumptions this implementation requires +# (such as Z1=1), called "assumeFormula" +# - A constraint describing the assumptions this specific branch requires, +# but which is by construction guaranteed to cover the entire space by +# merging the results from all branches, called "assumeBranch" +# - The result of the computation +# * All combinations of laws with implementation branches are tried, and: +# - If the combination of assumeLaw, assumeFormula, and assumeBranch results +# in a conflict, it means this law does not apply to this branch, and it is +# skipped. +# - For others, we try to prove the require constraints hold, assuming the +# information in assumeLaw + assumeFormula + assumeBranch, and if this does +# not succeed, we fail. +# + To prove an expression is zero, we check whether it belongs to the +# ideal with the assumed zero expressions as basis. This test is exact. +# + To prove an expression is nonzero, we check whether each of its +# factors is contained in the set of nonzero assumptions' factors. +# This test is not exact, so various combinations of original and +# reduced expressions' factors are tried. +# - If we succeed, we print out the assumptions from assumeFormula that +# weren't implied by assumeLaw already. Those from assumeBranch are skipped, +# as we assume that all constraints in it are complementary with each other. +# +# Based on the sage verification scripts used in the Explicit-Formulas Database +# by Tanja Lange and others, see http://hyperelliptic.org/EFD + +class fastfrac: + """Fractions over rings.""" + + def __init__(self,R,top,bot=1): + """Construct a fractional, given a ring, a numerator, and denominator.""" + self.R = R + if parent(top) == ZZ or parent(top) == R: + self.top = R(top) + self.bot = R(bot) + elif top.__class__ == fastfrac: + self.top = top.top + self.bot = top.bot * bot + else: + self.top = R(numerator(top)) + self.bot = R(denominator(top)) * bot + + def iszero(self,I): + """Return whether this fraction is zero given an ideal.""" + return self.top in I and self.bot not in I + + def reduce(self,assumeZero): + zero = self.R.ideal(map(numerator, assumeZero)) + return fastfrac(self.R, zero.reduce(self.top)) / fastfrac(self.R, zero.reduce(self.bot)) + + def __add__(self,other): + """Add two fractions.""" + if parent(other) == ZZ: + return fastfrac(self.R,self.top + self.bot * other,self.bot) + if other.__class__ == fastfrac: + return fastfrac(self.R,self.top * other.bot + self.bot * other.top,self.bot * other.bot) + return NotImplemented + + def __sub__(self,other): + """Subtract two fractions.""" + if parent(other) == ZZ: + return fastfrac(self.R,self.top - self.bot * other,self.bot) + if other.__class__ == fastfrac: + return fastfrac(self.R,self.top * other.bot - self.bot * other.top,self.bot * other.bot) + return NotImplemented + + def __neg__(self): + """Return the negation of a fraction.""" + return fastfrac(self.R,-self.top,self.bot) + + def __mul__(self,other): + """Multiply two fractions.""" + if parent(other) == ZZ: + return fastfrac(self.R,self.top * other,self.bot) + if other.__class__ == fastfrac: + return fastfrac(self.R,self.top * other.top,self.bot * other.bot) + return NotImplemented + + def __rmul__(self,other): + """Multiply something else with a fraction.""" + return self.__mul__(other) + + def __div__(self,other): + """Divide two fractions.""" + if parent(other) == ZZ: + return fastfrac(self.R,self.top,self.bot * other) + if other.__class__ == fastfrac: + return fastfrac(self.R,self.top * other.bot,self.bot * other.top) + return NotImplemented + + def __pow__(self,other): + """Compute a power of a fraction.""" + if parent(other) == ZZ: + if other < 0: + # Negative powers require flipping top and bottom + return fastfrac(self.R,self.bot ^ (-other),self.top ^ (-other)) + else: + return fastfrac(self.R,self.top ^ other,self.bot ^ other) + return NotImplemented + + def __str__(self): + return "fastfrac((" + str(self.top) + ") / (" + str(self.bot) + "))" + def __repr__(self): + return "%s" % self + + def numerator(self): + return self.top + +class constraints: + """A set of constraints, consisting of zero and nonzero expressions. + + Constraints can either be used to express knowledge or a requirement. + + Both the fields zero and nonzero are maps from expressions to description + strings. The expressions that are the keys in zero are required to be zero, + and the expressions that are the keys in nonzero are required to be nonzero. + + Note that (a != 0) and (b != 0) is the same as (a*b != 0), so all keys in + nonzero could be multiplied into a single key. This is often much less + efficient to work with though, so we keep them separate inside the + constraints. This allows higher-level code to do fast checks on the individual + nonzero elements, or combine them if needed for stronger checks. + + We can't multiply the different zero elements, as it would suffice for one of + the factors to be zero, instead of all of them. Instead, the zero elements are + typically combined into an ideal first. + """ + + def __init__(self, **kwargs): + if 'zero' in kwargs: + self.zero = dict(kwargs['zero']) + else: + self.zero = dict() + if 'nonzero' in kwargs: + self.nonzero = dict(kwargs['nonzero']) + else: + self.nonzero = dict() + + def negate(self): + return constraints(zero=self.nonzero, nonzero=self.zero) + + def __add__(self, other): + zero = self.zero.copy() + zero.update(other.zero) + nonzero = self.nonzero.copy() + nonzero.update(other.nonzero) + return constraints(zero=zero, nonzero=nonzero) + + def __str__(self): + return "constraints(zero=%s,nonzero=%s)" % (self.zero, self.nonzero) + + def __repr__(self): + return "%s" % self + + +def conflicts(R, con): + """Check whether any of the passed non-zero assumptions is implied by the zero assumptions""" + zero = R.ideal(map(numerator, con.zero)) + if 1 in zero: + return True + # First a cheap check whether any of the individual nonzero terms conflict on + # their own. + for nonzero in con.nonzero: + if nonzero.iszero(zero): + return True + # It can be the case that entries in the nonzero set do not individually + # conflict with the zero set, but their combination does. For example, knowing + # that either x or y is zero is equivalent to having x*y in the zero set. + # Having x or y individually in the nonzero set is not a conflict, but both + # simultaneously is, so that is the right thing to check for. + if reduce(lambda a,b: a * b, con.nonzero, fastfrac(R, 1)).iszero(zero): + return True + return False + + +def get_nonzero_set(R, assume): + """Calculate a simple set of nonzero expressions""" + zero = R.ideal(map(numerator, assume.zero)) + nonzero = set() + for nz in map(numerator, assume.nonzero): + for (f,n) in nz.factor(): + nonzero.add(f) + rnz = zero.reduce(nz) + for (f,n) in rnz.factor(): + nonzero.add(f) + return nonzero + + +def prove_nonzero(R, exprs, assume): + """Check whether an expression is provably nonzero, given assumptions""" + zero = R.ideal(map(numerator, assume.zero)) + nonzero = get_nonzero_set(R, assume) + expl = set() + ok = True + for expr in exprs: + if numerator(expr) in zero: + return (False, [exprs[expr]]) + allexprs = reduce(lambda a,b: numerator(a)*numerator(b), exprs, 1) + for (f, n) in allexprs.factor(): + if f not in nonzero: + ok = False + if ok: + return (True, None) + ok = True + for (f, n) in zero.reduce(numerator(allexprs)).factor(): + if f not in nonzero: + ok = False + if ok: + return (True, None) + ok = True + for expr in exprs: + for (f,n) in numerator(expr).factor(): + if f not in nonzero: + ok = False + if ok: + return (True, None) + ok = True + for expr in exprs: + for (f,n) in zero.reduce(numerator(expr)).factor(): + if f not in nonzero: + expl.add(exprs[expr]) + if expl: + return (False, list(expl)) + else: + return (True, None) + + +def prove_zero(R, exprs, assume): + """Check whether all of the passed expressions are provably zero, given assumptions""" + r, e = prove_nonzero(R, dict(map(lambda x: (fastfrac(R, x.bot, 1), exprs[x]), exprs)), assume) + if not r: + return (False, map(lambda x: "Possibly zero denominator: %s" % x, e)) + zero = R.ideal(map(numerator, assume.zero)) + nonzero = prod(x for x in assume.nonzero) + expl = [] + for expr in exprs: + if not expr.iszero(zero): + expl.append(exprs[expr]) + if not expl: + return (True, None) + return (False, expl) + + +def describe_extra(R, assume, assumeExtra): + """Describe what assumptions are added, given existing assumptions""" + zerox = assume.zero.copy() + zerox.update(assumeExtra.zero) + zero = R.ideal(map(numerator, assume.zero)) + zeroextra = R.ideal(map(numerator, zerox)) + nonzero = get_nonzero_set(R, assume) + ret = set() + # Iterate over the extra zero expressions + for base in assumeExtra.zero: + if base not in zero: + add = [] + for (f, n) in numerator(base).factor(): + if f not in nonzero: + add += ["%s" % f] + if add: + ret.add((" * ".join(add)) + " = 0 [%s]" % assumeExtra.zero[base]) + # Iterate over the extra nonzero expressions + for nz in assumeExtra.nonzero: + nzr = zeroextra.reduce(numerator(nz)) + if nzr not in zeroextra: + for (f,n) in nzr.factor(): + if zeroextra.reduce(f) not in nonzero: + ret.add("%s != 0" % zeroextra.reduce(f)) + return ", ".join(x for x in ret) + + +def check_symbolic(R, assumeLaw, assumeAssert, assumeBranch, require): + """Check a set of zero and nonzero requirements, given a set of zero and nonzero assumptions""" + assume = assumeLaw + assumeAssert + assumeBranch + + if conflicts(R, assume): + # This formula does not apply + return None + + describe = describe_extra(R, assumeLaw + assumeBranch, assumeAssert) + + ok, msg = prove_zero(R, require.zero, assume) + if not ok: + return "FAIL, %s fails (assuming %s)" % (str(msg), describe) + + res, expl = prove_nonzero(R, require.nonzero, assume) + if not res: + return "FAIL, %s fails (assuming %s)" % (str(expl), describe) + + if describe != "": + return "OK (assuming %s)" % describe + else: + return "OK" + + +def concrete_verify(c): + for k in c.zero: + if k != 0: + return (False, c.zero[k]) + for k in c.nonzero: + if k == 0: + return (False, c.nonzero[k]) + return (True, None) diff --git a/deps/secp256k1/sage/secp256k1.sage b/deps/secp256k1/sage/secp256k1.sage new file mode 100644 index 000000000..a97e732f7 --- /dev/null +++ b/deps/secp256k1/sage/secp256k1.sage @@ -0,0 +1,306 @@ +# Test libsecp256k1' group operation implementations using prover.sage + +import sys + +load("group_prover.sage") +load("weierstrass_prover.sage") + +def formula_secp256k1_gej_double_var(a): + """libsecp256k1's secp256k1_gej_double_var, used by various addition functions""" + rz = a.Z * a.Y + rz = rz * 2 + t1 = a.X^2 + t1 = t1 * 3 + t2 = t1^2 + t3 = a.Y^2 + t3 = t3 * 2 + t4 = t3^2 + t4 = t4 * 2 + t3 = t3 * a.X + rx = t3 + rx = rx * 4 + rx = -rx + rx = rx + t2 + t2 = -t2 + t3 = t3 * 6 + t3 = t3 + t2 + ry = t1 * t3 + t2 = -t4 + ry = ry + t2 + return jacobianpoint(rx, ry, rz) + +def formula_secp256k1_gej_add_var(branch, a, b): + """libsecp256k1's secp256k1_gej_add_var""" + if branch == 0: + return (constraints(), constraints(nonzero={a.Infinity : 'a_infinite'}), b) + if branch == 1: + return (constraints(), constraints(zero={a.Infinity : 'a_finite'}, nonzero={b.Infinity : 'b_infinite'}), a) + z22 = b.Z^2 + z12 = a.Z^2 + u1 = a.X * z22 + u2 = b.X * z12 + s1 = a.Y * z22 + s1 = s1 * b.Z + s2 = b.Y * z12 + s2 = s2 * a.Z + h = -u1 + h = h + u2 + i = -s1 + i = i + s2 + if branch == 2: + r = formula_secp256k1_gej_double_var(a) + return (constraints(), constraints(zero={h : 'h=0', i : 'i=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}), r) + if branch == 3: + return (constraints(), constraints(zero={h : 'h=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={i : 'i!=0'}), point_at_infinity()) + i2 = i^2 + h2 = h^2 + h3 = h2 * h + h = h * b.Z + rz = a.Z * h + t = u1 * h2 + rx = t + rx = rx * 2 + rx = rx + h3 + rx = -rx + rx = rx + i2 + ry = -rx + ry = ry + t + ry = ry * i + h3 = h3 * s1 + h3 = -h3 + ry = ry + h3 + return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) + +def formula_secp256k1_gej_add_ge_var(branch, a, b): + """libsecp256k1's secp256k1_gej_add_ge_var, which assume bz==1""" + if branch == 0: + return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(nonzero={a.Infinity : 'a_infinite'}), b) + if branch == 1: + return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite'}, nonzero={b.Infinity : 'b_infinite'}), a) + z12 = a.Z^2 + u1 = a.X + u2 = b.X * z12 + s1 = a.Y + s2 = b.Y * z12 + s2 = s2 * a.Z + h = -u1 + h = h + u2 + i = -s1 + i = i + s2 + if (branch == 2): + r = formula_secp256k1_gej_double_var(a) + return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r) + if (branch == 3): + return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity()) + i2 = i^2 + h2 = h^2 + h3 = h * h2 + rz = a.Z * h + t = u1 * h2 + rx = t + rx = rx * 2 + rx = rx + h3 + rx = -rx + rx = rx + i2 + ry = -rx + ry = ry + t + ry = ry * i + h3 = h3 * s1 + h3 = -h3 + ry = ry + h3 + return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) + +def formula_secp256k1_gej_add_zinv_var(branch, a, b): + """libsecp256k1's secp256k1_gej_add_zinv_var""" + bzinv = b.Z^(-1) + if branch == 0: + return (constraints(), constraints(nonzero={b.Infinity : 'b_infinite'}), a) + if branch == 1: + bzinv2 = bzinv^2 + bzinv3 = bzinv2 * bzinv + rx = b.X * bzinv2 + ry = b.Y * bzinv3 + rz = 1 + return (constraints(), constraints(zero={b.Infinity : 'b_finite'}, nonzero={a.Infinity : 'a_infinite'}), jacobianpoint(rx, ry, rz)) + azz = a.Z * bzinv + z12 = azz^2 + u1 = a.X + u2 = b.X * z12 + s1 = a.Y + s2 = b.Y * z12 + s2 = s2 * azz + h = -u1 + h = h + u2 + i = -s1 + i = i + s2 + if branch == 2: + r = formula_secp256k1_gej_double_var(a) + return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r) + if branch == 3: + return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity()) + i2 = i^2 + h2 = h^2 + h3 = h * h2 + rz = a.Z + rz = rz * h + t = u1 * h2 + rx = t + rx = rx * 2 + rx = rx + h3 + rx = -rx + rx = rx + i2 + ry = -rx + ry = ry + t + ry = ry * i + h3 = h3 * s1 + h3 = -h3 + ry = ry + h3 + return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) + +def formula_secp256k1_gej_add_ge(branch, a, b): + """libsecp256k1's secp256k1_gej_add_ge""" + zeroes = {} + nonzeroes = {} + a_infinity = False + if (branch & 4) != 0: + nonzeroes.update({a.Infinity : 'a_infinite'}) + a_infinity = True + else: + zeroes.update({a.Infinity : 'a_finite'}) + zz = a.Z^2 + u1 = a.X + u2 = b.X * zz + s1 = a.Y + s2 = b.Y * zz + s2 = s2 * a.Z + t = u1 + t = t + u2 + m = s1 + m = m + s2 + rr = t^2 + m_alt = -u2 + tt = u1 * m_alt + rr = rr + tt + degenerate = (branch & 3) == 3 + if (branch & 1) != 0: + zeroes.update({m : 'm_zero'}) + else: + nonzeroes.update({m : 'm_nonzero'}) + if (branch & 2) != 0: + zeroes.update({rr : 'rr_zero'}) + else: + nonzeroes.update({rr : 'rr_nonzero'}) + rr_alt = s1 + rr_alt = rr_alt * 2 + m_alt = m_alt + u1 + if not degenerate: + rr_alt = rr + m_alt = m + n = m_alt^2 + q = n * t + n = n^2 + if degenerate: + n = m + t = rr_alt^2 + rz = a.Z * m_alt + infinity = False + if (branch & 8) != 0: + if not a_infinity: + infinity = True + zeroes.update({rz : 'r.z=0'}) + else: + nonzeroes.update({rz : 'r.z!=0'}) + rz = rz * 2 + q = -q + t = t + q + rx = t + t = t * 2 + t = t + q + t = t * rr_alt + t = t + n + ry = -t + rx = rx * 4 + ry = ry * 4 + if a_infinity: + rx = b.X + ry = b.Y + rz = 1 + if infinity: + return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zeroes, nonzero=nonzeroes), point_at_infinity()) + return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zeroes, nonzero=nonzeroes), jacobianpoint(rx, ry, rz)) + +def formula_secp256k1_gej_add_ge_old(branch, a, b): + """libsecp256k1's old secp256k1_gej_add_ge, which fails when ay+by=0 but ax!=bx""" + a_infinity = (branch & 1) != 0 + zero = {} + nonzero = {} + if a_infinity: + nonzero.update({a.Infinity : 'a_infinite'}) + else: + zero.update({a.Infinity : 'a_finite'}) + zz = a.Z^2 + u1 = a.X + u2 = b.X * zz + s1 = a.Y + s2 = b.Y * zz + s2 = s2 * a.Z + z = a.Z + t = u1 + t = t + u2 + m = s1 + m = m + s2 + n = m^2 + q = n * t + n = n^2 + rr = t^2 + t = u1 * u2 + t = -t + rr = rr + t + t = rr^2 + rz = m * z + infinity = False + if (branch & 2) != 0: + if not a_infinity: + infinity = True + else: + return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(nonzero={z : 'conflict_a'}, zero={z : 'conflict_b'}), point_at_infinity()) + zero.update({rz : 'r.z=0'}) + else: + nonzero.update({rz : 'r.z!=0'}) + rz = rz * (0 if a_infinity else 2) + rx = t + q = -q + rx = rx + q + q = q * 3 + t = t * 2 + t = t + q + t = t * rr + t = t + n + ry = -t + rx = rx * (0 if a_infinity else 4) + ry = ry * (0 if a_infinity else 4) + t = b.X + t = t * (1 if a_infinity else 0) + rx = rx + t + t = b.Y + t = t * (1 if a_infinity else 0) + ry = ry + t + t = (1 if a_infinity else 0) + rz = rz + t + if infinity: + return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zero, nonzero=nonzero), point_at_infinity()) + return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zero, nonzero=nonzero), jacobianpoint(rx, ry, rz)) + +if __name__ == "__main__": + check_symbolic_jacobian_weierstrass("secp256k1_gej_add_var", 0, 7, 5, formula_secp256k1_gej_add_var) + check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge_var", 0, 7, 5, formula_secp256k1_gej_add_ge_var) + check_symbolic_jacobian_weierstrass("secp256k1_gej_add_zinv_var", 0, 7, 5, formula_secp256k1_gej_add_zinv_var) + check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge", 0, 7, 16, formula_secp256k1_gej_add_ge) + check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge_old [should fail]", 0, 7, 4, formula_secp256k1_gej_add_ge_old) + + if len(sys.argv) >= 2 and sys.argv[1] == "--exhaustive": + check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_var", 0, 7, 5, formula_secp256k1_gej_add_var, 43) + check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge_var", 0, 7, 5, formula_secp256k1_gej_add_ge_var, 43) + check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_zinv_var", 0, 7, 5, formula_secp256k1_gej_add_zinv_var, 43) + check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge", 0, 7, 16, formula_secp256k1_gej_add_ge, 43) + check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge_old [should fail]", 0, 7, 4, formula_secp256k1_gej_add_ge_old, 43) diff --git a/deps/secp256k1/sage/weierstrass_prover.sage b/deps/secp256k1/sage/weierstrass_prover.sage new file mode 100644 index 000000000..03ef2ec90 --- /dev/null +++ b/deps/secp256k1/sage/weierstrass_prover.sage @@ -0,0 +1,264 @@ +# Prover implementation for Weierstrass curves of the form +# y^2 = x^3 + A * x + B, specifically with a = 0 and b = 7, with group laws +# operating on affine and Jacobian coordinates, including the point at infinity +# represented by a 4th variable in coordinates. + +load("group_prover.sage") + + +class affinepoint: + def __init__(self, x, y, infinity=0): + self.x = x + self.y = y + self.infinity = infinity + def __str__(self): + return "affinepoint(x=%s,y=%s,inf=%s)" % (self.x, self.y, self.infinity) + + +class jacobianpoint: + def __init__(self, x, y, z, infinity=0): + self.X = x + self.Y = y + self.Z = z + self.Infinity = infinity + def __str__(self): + return "jacobianpoint(X=%s,Y=%s,Z=%s,inf=%s)" % (self.X, self.Y, self.Z, self.Infinity) + + +def point_at_infinity(): + return jacobianpoint(1, 1, 1, 1) + + +def negate(p): + if p.__class__ == affinepoint: + return affinepoint(p.x, -p.y) + if p.__class__ == jacobianpoint: + return jacobianpoint(p.X, -p.Y, p.Z) + assert(False) + + +def on_weierstrass_curve(A, B, p): + """Return a set of zero-expressions for an affine point to be on the curve""" + return constraints(zero={p.x^3 + A*p.x + B - p.y^2: 'on_curve'}) + + +def tangential_to_weierstrass_curve(A, B, p12, p3): + """Return a set of zero-expressions for ((x12,y12),(x3,y3)) to be a line that is tangential to the curve at (x12,y12)""" + return constraints(zero={ + (p12.y - p3.y) * (p12.y * 2) - (p12.x^2 * 3 + A) * (p12.x - p3.x): 'tangential_to_curve' + }) + + +def colinear(p1, p2, p3): + """Return a set of zero-expressions for ((x1,y1),(x2,y2),(x3,y3)) to be collinear""" + return constraints(zero={ + (p1.y - p2.y) * (p1.x - p3.x) - (p1.y - p3.y) * (p1.x - p2.x): 'colinear_1', + (p2.y - p3.y) * (p2.x - p1.x) - (p2.y - p1.y) * (p2.x - p3.x): 'colinear_2', + (p3.y - p1.y) * (p3.x - p2.x) - (p3.y - p2.y) * (p3.x - p1.x): 'colinear_3' + }) + + +def good_affine_point(p): + return constraints(nonzero={p.x : 'nonzero_x', p.y : 'nonzero_y'}) + + +def good_jacobian_point(p): + return constraints(nonzero={p.X : 'nonzero_X', p.Y : 'nonzero_Y', p.Z^6 : 'nonzero_Z'}) + + +def good_point(p): + return constraints(nonzero={p.Z^6 : 'nonzero_X'}) + + +def finite(p, *affine_fns): + con = good_point(p) + constraints(zero={p.Infinity : 'finite_point'}) + if p.Z != 0: + return con + reduce(lambda a, b: a + b, (f(affinepoint(p.X / p.Z^2, p.Y / p.Z^3)) for f in affine_fns), con) + else: + return con + +def infinite(p): + return constraints(nonzero={p.Infinity : 'infinite_point'}) + + +def law_jacobian_weierstrass_add(A, B, pa, pb, pA, pB, pC): + """Check whether the passed set of coordinates is a valid Jacobian add, given assumptions""" + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + on_weierstrass_curve(A, B, pa) + + on_weierstrass_curve(A, B, pb) + + finite(pA) + + finite(pB) + + constraints(nonzero={pa.x - pb.x : 'different_x'})) + require = (finite(pC, lambda pc: on_weierstrass_curve(A, B, pc) + + colinear(pa, pb, negate(pc)))) + return (assumeLaw, require) + + +def law_jacobian_weierstrass_double(A, B, pa, pb, pA, pB, pC): + """Check whether the passed set of coordinates is a valid Jacobian doubling, given assumptions""" + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + on_weierstrass_curve(A, B, pa) + + on_weierstrass_curve(A, B, pb) + + finite(pA) + + finite(pB) + + constraints(zero={pa.x - pb.x : 'equal_x', pa.y - pb.y : 'equal_y'})) + require = (finite(pC, lambda pc: on_weierstrass_curve(A, B, pc) + + tangential_to_weierstrass_curve(A, B, pa, negate(pc)))) + return (assumeLaw, require) + + +def law_jacobian_weierstrass_add_opposites(A, B, pa, pb, pA, pB, pC): + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + on_weierstrass_curve(A, B, pa) + + on_weierstrass_curve(A, B, pb) + + finite(pA) + + finite(pB) + + constraints(zero={pa.x - pb.x : 'equal_x', pa.y + pb.y : 'opposite_y'})) + require = infinite(pC) + return (assumeLaw, require) + + +def law_jacobian_weierstrass_add_infinite_a(A, B, pa, pb, pA, pB, pC): + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + on_weierstrass_curve(A, B, pb) + + infinite(pA) + + finite(pB)) + require = finite(pC, lambda pc: constraints(zero={pc.x - pb.x : 'c.x=b.x', pc.y - pb.y : 'c.y=b.y'})) + return (assumeLaw, require) + + +def law_jacobian_weierstrass_add_infinite_b(A, B, pa, pb, pA, pB, pC): + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + on_weierstrass_curve(A, B, pa) + + infinite(pB) + + finite(pA)) + require = finite(pC, lambda pc: constraints(zero={pc.x - pa.x : 'c.x=a.x', pc.y - pa.y : 'c.y=a.y'})) + return (assumeLaw, require) + + +def law_jacobian_weierstrass_add_infinite_ab(A, B, pa, pb, pA, pB, pC): + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + infinite(pA) + + infinite(pB)) + require = infinite(pC) + return (assumeLaw, require) + + +laws_jacobian_weierstrass = { + 'add': law_jacobian_weierstrass_add, + 'double': law_jacobian_weierstrass_double, + 'add_opposite': law_jacobian_weierstrass_add_opposites, + 'add_infinite_a': law_jacobian_weierstrass_add_infinite_a, + 'add_infinite_b': law_jacobian_weierstrass_add_infinite_b, + 'add_infinite_ab': law_jacobian_weierstrass_add_infinite_ab +} + + +def check_exhaustive_jacobian_weierstrass(name, A, B, branches, formula, p): + """Verify an implementation of addition of Jacobian points on a Weierstrass curve, by executing and validating the result for every possible addition in a prime field""" + F = Integers(p) + print "Formula %s on Z%i:" % (name, p) + points = [] + for x in xrange(0, p): + for y in xrange(0, p): + point = affinepoint(F(x), F(y)) + r, e = concrete_verify(on_weierstrass_curve(A, B, point)) + if r: + points.append(point) + + for za in xrange(1, p): + for zb in xrange(1, p): + for pa in points: + for pb in points: + for ia in xrange(2): + for ib in xrange(2): + pA = jacobianpoint(pa.x * F(za)^2, pa.y * F(za)^3, F(za), ia) + pB = jacobianpoint(pb.x * F(zb)^2, pb.y * F(zb)^3, F(zb), ib) + for branch in xrange(0, branches): + assumeAssert, assumeBranch, pC = formula(branch, pA, pB) + pC.X = F(pC.X) + pC.Y = F(pC.Y) + pC.Z = F(pC.Z) + pC.Infinity = F(pC.Infinity) + r, e = concrete_verify(assumeAssert + assumeBranch) + if r: + match = False + for key in laws_jacobian_weierstrass: + assumeLaw, require = laws_jacobian_weierstrass[key](A, B, pa, pb, pA, pB, pC) + r, e = concrete_verify(assumeLaw) + if r: + if match: + print " multiple branches for (%s,%s,%s,%s) + (%s,%s,%s,%s)" % (pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity) + else: + match = True + r, e = concrete_verify(require) + if not r: + print " failure in branch %i for (%s,%s,%s,%s) + (%s,%s,%s,%s) = (%s,%s,%s,%s): %s" % (branch, pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity, pC.X, pC.Y, pC.Z, pC.Infinity, e) + print + + +def check_symbolic_function(R, assumeAssert, assumeBranch, f, A, B, pa, pb, pA, pB, pC): + assumeLaw, require = f(A, B, pa, pb, pA, pB, pC) + return check_symbolic(R, assumeLaw, assumeAssert, assumeBranch, require) + +def check_symbolic_jacobian_weierstrass(name, A, B, branches, formula): + """Verify an implementation of addition of Jacobian points on a Weierstrass curve symbolically""" + R. = PolynomialRing(QQ,8,order='invlex') + lift = lambda x: fastfrac(R,x) + ax = lift(ax) + ay = lift(ay) + Az = lift(Az) + bx = lift(bx) + by = lift(by) + Bz = lift(Bz) + Ai = lift(Ai) + Bi = lift(Bi) + + pa = affinepoint(ax, ay, Ai) + pb = affinepoint(bx, by, Bi) + pA = jacobianpoint(ax * Az^2, ay * Az^3, Az, Ai) + pB = jacobianpoint(bx * Bz^2, by * Bz^3, Bz, Bi) + + res = {} + + for key in laws_jacobian_weierstrass: + res[key] = [] + + print ("Formula " + name + ":") + count = 0 + for branch in xrange(branches): + assumeFormula, assumeBranch, pC = formula(branch, pA, pB) + pC.X = lift(pC.X) + pC.Y = lift(pC.Y) + pC.Z = lift(pC.Z) + pC.Infinity = lift(pC.Infinity) + + for key in laws_jacobian_weierstrass: + res[key].append((check_symbolic_function(R, assumeFormula, assumeBranch, laws_jacobian_weierstrass[key], A, B, pa, pb, pA, pB, pC), branch)) + + for key in res: + print " %s:" % key + val = res[key] + for x in val: + if x[0] is not None: + print " branch %i: %s" % (x[1], x[0]) + + print diff --git a/deps/secp256k1/src/asm/field_10x26_arm.s b/deps/secp256k1/src/asm/field_10x26_arm.s new file mode 100644 index 000000000..9a5bd0672 --- /dev/null +++ b/deps/secp256k1/src/asm/field_10x26_arm.s @@ -0,0 +1,913 @@ +@ vim: set tabstop=8 softtabstop=8 shiftwidth=8 noexpandtab syntax=armasm: +/********************************************************************** + * Copyright (c) 2014 Wladimir J. van der Laan * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ +/* +ARM implementation of field_10x26 inner loops. + +Note: + +- To avoid unnecessary loads and make use of available registers, two + 'passes' have every time been interleaved, with the odd passes accumulating c' and d' + which will be added to c and d respectively in the even passes + +*/ + + .syntax unified + @ eabi attributes - see readelf -A + .eabi_attribute 24, 1 @ Tag_ABI_align_needed = 8-byte + .eabi_attribute 25, 1 @ Tag_ABI_align_preserved = 8-byte, except leaf SP + .text + + @ Field constants + .set field_R0, 0x3d10 + .set field_R1, 0x400 + .set field_not_M, 0xfc000000 @ ~M = ~0x3ffffff + + .align 2 + .global secp256k1_fe_mul_inner + .type secp256k1_fe_mul_inner, %function + @ Arguments: + @ r0 r Restrict: can overlap with a, not with b + @ r1 a + @ r2 b + @ Stack (total 4+10*4 = 44) + @ sp + #0 saved 'r' pointer + @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 +secp256k1_fe_mul_inner: + stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} + sub sp, sp, #48 @ frame=44 + alignment + str r0, [sp, #0] @ save result address, we need it only at the end + + /****************************************** + * Main computation code. + ****************************************** + + Allocation: + r0,r14,r7,r8 scratch + r1 a (pointer) + r2 b (pointer) + r3:r4 c + r5:r6 d + r11:r12 c' + r9:r10 d' + + Note: do not write to r[] here, it may overlap with a[] + */ + + /* A - interleaved with B */ + ldr r7, [r1, #0*4] @ a[0] + ldr r8, [r2, #9*4] @ b[9] + ldr r0, [r1, #1*4] @ a[1] + umull r5, r6, r7, r8 @ d = a[0] * b[9] + ldr r14, [r2, #8*4] @ b[8] + umull r9, r10, r0, r8 @ d' = a[1] * b[9] + ldr r7, [r1, #2*4] @ a[2] + umlal r5, r6, r0, r14 @ d += a[1] * b[8] + ldr r8, [r2, #7*4] @ b[7] + umlal r9, r10, r7, r14 @ d' += a[2] * b[8] + ldr r0, [r1, #3*4] @ a[3] + umlal r5, r6, r7, r8 @ d += a[2] * b[7] + ldr r14, [r2, #6*4] @ b[6] + umlal r9, r10, r0, r8 @ d' += a[3] * b[7] + ldr r7, [r1, #4*4] @ a[4] + umlal r5, r6, r0, r14 @ d += a[3] * b[6] + ldr r8, [r2, #5*4] @ b[5] + umlal r9, r10, r7, r14 @ d' += a[4] * b[6] + ldr r0, [r1, #5*4] @ a[5] + umlal r5, r6, r7, r8 @ d += a[4] * b[5] + ldr r14, [r2, #4*4] @ b[4] + umlal r9, r10, r0, r8 @ d' += a[5] * b[5] + ldr r7, [r1, #6*4] @ a[6] + umlal r5, r6, r0, r14 @ d += a[5] * b[4] + ldr r8, [r2, #3*4] @ b[3] + umlal r9, r10, r7, r14 @ d' += a[6] * b[4] + ldr r0, [r1, #7*4] @ a[7] + umlal r5, r6, r7, r8 @ d += a[6] * b[3] + ldr r14, [r2, #2*4] @ b[2] + umlal r9, r10, r0, r8 @ d' += a[7] * b[3] + ldr r7, [r1, #8*4] @ a[8] + umlal r5, r6, r0, r14 @ d += a[7] * b[2] + ldr r8, [r2, #1*4] @ b[1] + umlal r9, r10, r7, r14 @ d' += a[8] * b[2] + ldr r0, [r1, #9*4] @ a[9] + umlal r5, r6, r7, r8 @ d += a[8] * b[1] + ldr r14, [r2, #0*4] @ b[0] + umlal r9, r10, r0, r8 @ d' += a[9] * b[1] + ldr r7, [r1, #0*4] @ a[0] + umlal r5, r6, r0, r14 @ d += a[9] * b[0] + @ r7,r14 used in B + + bic r0, r5, field_not_M @ t9 = d & M + str r0, [sp, #4 + 4*9] + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + + /* B */ + umull r3, r4, r7, r14 @ c = a[0] * b[0] + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u0 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u0 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t0 = c & M + str r14, [sp, #4 + 0*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u0 * R1 + umlal r3, r4, r0, r14 + + /* C - interleaved with D */ + ldr r7, [r1, #0*4] @ a[0] + ldr r8, [r2, #2*4] @ b[2] + ldr r14, [r2, #1*4] @ b[1] + umull r11, r12, r7, r8 @ c' = a[0] * b[2] + ldr r0, [r1, #1*4] @ a[1] + umlal r3, r4, r7, r14 @ c += a[0] * b[1] + ldr r8, [r2, #0*4] @ b[0] + umlal r11, r12, r0, r14 @ c' += a[1] * b[1] + ldr r7, [r1, #2*4] @ a[2] + umlal r3, r4, r0, r8 @ c += a[1] * b[0] + ldr r14, [r2, #9*4] @ b[9] + umlal r11, r12, r7, r8 @ c' += a[2] * b[0] + ldr r0, [r1, #3*4] @ a[3] + umlal r5, r6, r7, r14 @ d += a[2] * b[9] + ldr r8, [r2, #8*4] @ b[8] + umull r9, r10, r0, r14 @ d' = a[3] * b[9] + ldr r7, [r1, #4*4] @ a[4] + umlal r5, r6, r0, r8 @ d += a[3] * b[8] + ldr r14, [r2, #7*4] @ b[7] + umlal r9, r10, r7, r8 @ d' += a[4] * b[8] + ldr r0, [r1, #5*4] @ a[5] + umlal r5, r6, r7, r14 @ d += a[4] * b[7] + ldr r8, [r2, #6*4] @ b[6] + umlal r9, r10, r0, r14 @ d' += a[5] * b[7] + ldr r7, [r1, #6*4] @ a[6] + umlal r5, r6, r0, r8 @ d += a[5] * b[6] + ldr r14, [r2, #5*4] @ b[5] + umlal r9, r10, r7, r8 @ d' += a[6] * b[6] + ldr r0, [r1, #7*4] @ a[7] + umlal r5, r6, r7, r14 @ d += a[6] * b[5] + ldr r8, [r2, #4*4] @ b[4] + umlal r9, r10, r0, r14 @ d' += a[7] * b[5] + ldr r7, [r1, #8*4] @ a[8] + umlal r5, r6, r0, r8 @ d += a[7] * b[4] + ldr r14, [r2, #3*4] @ b[3] + umlal r9, r10, r7, r8 @ d' += a[8] * b[4] + ldr r0, [r1, #9*4] @ a[9] + umlal r5, r6, r7, r14 @ d += a[8] * b[3] + ldr r8, [r2, #2*4] @ b[2] + umlal r9, r10, r0, r14 @ d' += a[9] * b[3] + umlal r5, r6, r0, r8 @ d += a[9] * b[2] + + bic r0, r5, field_not_M @ u1 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u1 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t1 = c & M + str r14, [sp, #4 + 1*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u1 * R1 + umlal r3, r4, r0, r14 + + /* D */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u2 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u2 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t2 = c & M + str r14, [sp, #4 + 2*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u2 * R1 + umlal r3, r4, r0, r14 + + /* E - interleaved with F */ + ldr r7, [r1, #0*4] @ a[0] + ldr r8, [r2, #4*4] @ b[4] + umull r11, r12, r7, r8 @ c' = a[0] * b[4] + ldr r8, [r2, #3*4] @ b[3] + umlal r3, r4, r7, r8 @ c += a[0] * b[3] + ldr r7, [r1, #1*4] @ a[1] + umlal r11, r12, r7, r8 @ c' += a[1] * b[3] + ldr r8, [r2, #2*4] @ b[2] + umlal r3, r4, r7, r8 @ c += a[1] * b[2] + ldr r7, [r1, #2*4] @ a[2] + umlal r11, r12, r7, r8 @ c' += a[2] * b[2] + ldr r8, [r2, #1*4] @ b[1] + umlal r3, r4, r7, r8 @ c += a[2] * b[1] + ldr r7, [r1, #3*4] @ a[3] + umlal r11, r12, r7, r8 @ c' += a[3] * b[1] + ldr r8, [r2, #0*4] @ b[0] + umlal r3, r4, r7, r8 @ c += a[3] * b[0] + ldr r7, [r1, #4*4] @ a[4] + umlal r11, r12, r7, r8 @ c' += a[4] * b[0] + ldr r8, [r2, #9*4] @ b[9] + umlal r5, r6, r7, r8 @ d += a[4] * b[9] + ldr r7, [r1, #5*4] @ a[5] + umull r9, r10, r7, r8 @ d' = a[5] * b[9] + ldr r8, [r2, #8*4] @ b[8] + umlal r5, r6, r7, r8 @ d += a[5] * b[8] + ldr r7, [r1, #6*4] @ a[6] + umlal r9, r10, r7, r8 @ d' += a[6] * b[8] + ldr r8, [r2, #7*4] @ b[7] + umlal r5, r6, r7, r8 @ d += a[6] * b[7] + ldr r7, [r1, #7*4] @ a[7] + umlal r9, r10, r7, r8 @ d' += a[7] * b[7] + ldr r8, [r2, #6*4] @ b[6] + umlal r5, r6, r7, r8 @ d += a[7] * b[6] + ldr r7, [r1, #8*4] @ a[8] + umlal r9, r10, r7, r8 @ d' += a[8] * b[6] + ldr r8, [r2, #5*4] @ b[5] + umlal r5, r6, r7, r8 @ d += a[8] * b[5] + ldr r7, [r1, #9*4] @ a[9] + umlal r9, r10, r7, r8 @ d' += a[9] * b[5] + ldr r8, [r2, #4*4] @ b[4] + umlal r5, r6, r7, r8 @ d += a[9] * b[4] + + bic r0, r5, field_not_M @ u3 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u3 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t3 = c & M + str r14, [sp, #4 + 3*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u3 * R1 + umlal r3, r4, r0, r14 + + /* F */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u4 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u4 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t4 = c & M + str r14, [sp, #4 + 4*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u4 * R1 + umlal r3, r4, r0, r14 + + /* G - interleaved with H */ + ldr r7, [r1, #0*4] @ a[0] + ldr r8, [r2, #6*4] @ b[6] + ldr r14, [r2, #5*4] @ b[5] + umull r11, r12, r7, r8 @ c' = a[0] * b[6] + ldr r0, [r1, #1*4] @ a[1] + umlal r3, r4, r7, r14 @ c += a[0] * b[5] + ldr r8, [r2, #4*4] @ b[4] + umlal r11, r12, r0, r14 @ c' += a[1] * b[5] + ldr r7, [r1, #2*4] @ a[2] + umlal r3, r4, r0, r8 @ c += a[1] * b[4] + ldr r14, [r2, #3*4] @ b[3] + umlal r11, r12, r7, r8 @ c' += a[2] * b[4] + ldr r0, [r1, #3*4] @ a[3] + umlal r3, r4, r7, r14 @ c += a[2] * b[3] + ldr r8, [r2, #2*4] @ b[2] + umlal r11, r12, r0, r14 @ c' += a[3] * b[3] + ldr r7, [r1, #4*4] @ a[4] + umlal r3, r4, r0, r8 @ c += a[3] * b[2] + ldr r14, [r2, #1*4] @ b[1] + umlal r11, r12, r7, r8 @ c' += a[4] * b[2] + ldr r0, [r1, #5*4] @ a[5] + umlal r3, r4, r7, r14 @ c += a[4] * b[1] + ldr r8, [r2, #0*4] @ b[0] + umlal r11, r12, r0, r14 @ c' += a[5] * b[1] + ldr r7, [r1, #6*4] @ a[6] + umlal r3, r4, r0, r8 @ c += a[5] * b[0] + ldr r14, [r2, #9*4] @ b[9] + umlal r11, r12, r7, r8 @ c' += a[6] * b[0] + ldr r0, [r1, #7*4] @ a[7] + umlal r5, r6, r7, r14 @ d += a[6] * b[9] + ldr r8, [r2, #8*4] @ b[8] + umull r9, r10, r0, r14 @ d' = a[7] * b[9] + ldr r7, [r1, #8*4] @ a[8] + umlal r5, r6, r0, r8 @ d += a[7] * b[8] + ldr r14, [r2, #7*4] @ b[7] + umlal r9, r10, r7, r8 @ d' += a[8] * b[8] + ldr r0, [r1, #9*4] @ a[9] + umlal r5, r6, r7, r14 @ d += a[8] * b[7] + ldr r8, [r2, #6*4] @ b[6] + umlal r9, r10, r0, r14 @ d' += a[9] * b[7] + umlal r5, r6, r0, r8 @ d += a[9] * b[6] + + bic r0, r5, field_not_M @ u5 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u5 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t5 = c & M + str r14, [sp, #4 + 5*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u5 * R1 + umlal r3, r4, r0, r14 + + /* H */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u6 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u6 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t6 = c & M + str r14, [sp, #4 + 6*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u6 * R1 + umlal r3, r4, r0, r14 + + /* I - interleaved with J */ + ldr r8, [r2, #8*4] @ b[8] + ldr r7, [r1, #0*4] @ a[0] + ldr r14, [r2, #7*4] @ b[7] + umull r11, r12, r7, r8 @ c' = a[0] * b[8] + ldr r0, [r1, #1*4] @ a[1] + umlal r3, r4, r7, r14 @ c += a[0] * b[7] + ldr r8, [r2, #6*4] @ b[6] + umlal r11, r12, r0, r14 @ c' += a[1] * b[7] + ldr r7, [r1, #2*4] @ a[2] + umlal r3, r4, r0, r8 @ c += a[1] * b[6] + ldr r14, [r2, #5*4] @ b[5] + umlal r11, r12, r7, r8 @ c' += a[2] * b[6] + ldr r0, [r1, #3*4] @ a[3] + umlal r3, r4, r7, r14 @ c += a[2] * b[5] + ldr r8, [r2, #4*4] @ b[4] + umlal r11, r12, r0, r14 @ c' += a[3] * b[5] + ldr r7, [r1, #4*4] @ a[4] + umlal r3, r4, r0, r8 @ c += a[3] * b[4] + ldr r14, [r2, #3*4] @ b[3] + umlal r11, r12, r7, r8 @ c' += a[4] * b[4] + ldr r0, [r1, #5*4] @ a[5] + umlal r3, r4, r7, r14 @ c += a[4] * b[3] + ldr r8, [r2, #2*4] @ b[2] + umlal r11, r12, r0, r14 @ c' += a[5] * b[3] + ldr r7, [r1, #6*4] @ a[6] + umlal r3, r4, r0, r8 @ c += a[5] * b[2] + ldr r14, [r2, #1*4] @ b[1] + umlal r11, r12, r7, r8 @ c' += a[6] * b[2] + ldr r0, [r1, #7*4] @ a[7] + umlal r3, r4, r7, r14 @ c += a[6] * b[1] + ldr r8, [r2, #0*4] @ b[0] + umlal r11, r12, r0, r14 @ c' += a[7] * b[1] + ldr r7, [r1, #8*4] @ a[8] + umlal r3, r4, r0, r8 @ c += a[7] * b[0] + ldr r14, [r2, #9*4] @ b[9] + umlal r11, r12, r7, r8 @ c' += a[8] * b[0] + ldr r0, [r1, #9*4] @ a[9] + umlal r5, r6, r7, r14 @ d += a[8] * b[9] + ldr r8, [r2, #8*4] @ b[8] + umull r9, r10, r0, r14 @ d' = a[9] * b[9] + umlal r5, r6, r0, r8 @ d += a[9] * b[8] + + bic r0, r5, field_not_M @ u7 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u7 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t7 = c & M + str r14, [sp, #4 + 7*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u7 * R1 + umlal r3, r4, r0, r14 + + /* J */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u8 = d & M + str r0, [sp, #4 + 8*4] + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u8 * R0 + umlal r3, r4, r0, r14 + + /****************************************** + * compute and write back result + ****************************************** + Allocation: + r0 r + r3:r4 c + r5:r6 d + r7 t0 + r8 t1 + r9 t2 + r11 u8 + r12 t9 + r1,r2,r10,r14 scratch + + Note: do not read from a[] after here, it may overlap with r[] + */ + ldr r0, [sp, #0] + add r1, sp, #4 + 3*4 @ r[3..7] = t3..7, r11=u8, r12=t9 + ldmia r1, {r2,r7,r8,r9,r10,r11,r12} + add r1, r0, #3*4 + stmia r1, {r2,r7,r8,r9,r10} + + bic r2, r3, field_not_M @ r[8] = c & M + str r2, [r0, #8*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u8 * R1 + umlal r3, r4, r11, r14 + movw r14, field_R0 @ c += d * R0 + umlal r3, r4, r5, r14 + adds r3, r3, r12 @ c += t9 + adc r4, r4, #0 + + add r1, sp, #4 + 0*4 @ r7,r8,r9 = t0,t1,t2 + ldmia r1, {r7,r8,r9} + + ubfx r2, r3, #0, #22 @ r[9] = c & (M >> 4) + str r2, [r0, #9*4] + mov r3, r3, lsr #22 @ c >>= 22 + orr r3, r3, r4, asl #10 + mov r4, r4, lsr #22 + movw r14, field_R1 << 4 @ c += d * (R1 << 4) + umlal r3, r4, r5, r14 + + movw r14, field_R0 >> 4 @ d = c * (R0 >> 4) + t0 (64x64 multiply+add) + umull r5, r6, r3, r14 @ d = c.lo * (R0 >> 4) + adds r5, r5, r7 @ d.lo += t0 + mla r6, r14, r4, r6 @ d.hi += c.hi * (R0 >> 4) + adc r6, r6, 0 @ d.hi += carry + + bic r2, r5, field_not_M @ r[0] = d & M + str r2, [r0, #0*4] + + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + + movw r14, field_R1 >> 4 @ d += c * (R1 >> 4) + t1 (64x64 multiply+add) + umull r1, r2, r3, r14 @ tmp = c.lo * (R1 >> 4) + adds r5, r5, r8 @ d.lo += t1 + adc r6, r6, #0 @ d.hi += carry + adds r5, r5, r1 @ d.lo += tmp.lo + mla r2, r14, r4, r2 @ tmp.hi += c.hi * (R1 >> 4) + adc r6, r6, r2 @ d.hi += carry + tmp.hi + + bic r2, r5, field_not_M @ r[1] = d & M + str r2, [r0, #1*4] + mov r5, r5, lsr #26 @ d >>= 26 (ignore hi) + orr r5, r5, r6, asl #6 + + add r5, r5, r9 @ d += t2 + str r5, [r0, #2*4] @ r[2] = d + + add sp, sp, #48 + ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size secp256k1_fe_mul_inner, .-secp256k1_fe_mul_inner + + .align 2 + .global secp256k1_fe_sqr_inner + .type secp256k1_fe_sqr_inner, %function + @ Arguments: + @ r0 r Can overlap with a + @ r1 a + @ Stack (total 4+10*4 = 44) + @ sp + #0 saved 'r' pointer + @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 +secp256k1_fe_sqr_inner: + stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} + sub sp, sp, #48 @ frame=44 + alignment + str r0, [sp, #0] @ save result address, we need it only at the end + /****************************************** + * Main computation code. + ****************************************** + + Allocation: + r0,r14,r2,r7,r8 scratch + r1 a (pointer) + r3:r4 c + r5:r6 d + r11:r12 c' + r9:r10 d' + + Note: do not write to r[] here, it may overlap with a[] + */ + /* A interleaved with B */ + ldr r0, [r1, #1*4] @ a[1]*2 + ldr r7, [r1, #0*4] @ a[0] + mov r0, r0, asl #1 + ldr r14, [r1, #9*4] @ a[9] + umull r3, r4, r7, r7 @ c = a[0] * a[0] + ldr r8, [r1, #8*4] @ a[8] + mov r7, r7, asl #1 + umull r5, r6, r7, r14 @ d = a[0]*2 * a[9] + ldr r7, [r1, #2*4] @ a[2]*2 + umull r9, r10, r0, r14 @ d' = a[1]*2 * a[9] + ldr r14, [r1, #7*4] @ a[7] + umlal r5, r6, r0, r8 @ d += a[1]*2 * a[8] + mov r7, r7, asl #1 + ldr r0, [r1, #3*4] @ a[3]*2 + umlal r9, r10, r7, r8 @ d' += a[2]*2 * a[8] + ldr r8, [r1, #6*4] @ a[6] + umlal r5, r6, r7, r14 @ d += a[2]*2 * a[7] + mov r0, r0, asl #1 + ldr r7, [r1, #4*4] @ a[4]*2 + umlal r9, r10, r0, r14 @ d' += a[3]*2 * a[7] + ldr r14, [r1, #5*4] @ a[5] + mov r7, r7, asl #1 + umlal r5, r6, r0, r8 @ d += a[3]*2 * a[6] + umlal r9, r10, r7, r8 @ d' += a[4]*2 * a[6] + umlal r5, r6, r7, r14 @ d += a[4]*2 * a[5] + umlal r9, r10, r14, r14 @ d' += a[5] * a[5] + + bic r0, r5, field_not_M @ t9 = d & M + str r0, [sp, #4 + 9*4] + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + + /* B */ + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u0 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u0 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t0 = c & M + str r14, [sp, #4 + 0*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u0 * R1 + umlal r3, r4, r0, r14 + + /* C interleaved with D */ + ldr r0, [r1, #0*4] @ a[0]*2 + ldr r14, [r1, #1*4] @ a[1] + mov r0, r0, asl #1 + ldr r8, [r1, #2*4] @ a[2] + umlal r3, r4, r0, r14 @ c += a[0]*2 * a[1] + mov r7, r8, asl #1 @ a[2]*2 + umull r11, r12, r14, r14 @ c' = a[1] * a[1] + ldr r14, [r1, #9*4] @ a[9] + umlal r11, r12, r0, r8 @ c' += a[0]*2 * a[2] + ldr r0, [r1, #3*4] @ a[3]*2 + ldr r8, [r1, #8*4] @ a[8] + umlal r5, r6, r7, r14 @ d += a[2]*2 * a[9] + mov r0, r0, asl #1 + ldr r7, [r1, #4*4] @ a[4]*2 + umull r9, r10, r0, r14 @ d' = a[3]*2 * a[9] + ldr r14, [r1, #7*4] @ a[7] + umlal r5, r6, r0, r8 @ d += a[3]*2 * a[8] + mov r7, r7, asl #1 + ldr r0, [r1, #5*4] @ a[5]*2 + umlal r9, r10, r7, r8 @ d' += a[4]*2 * a[8] + ldr r8, [r1, #6*4] @ a[6] + mov r0, r0, asl #1 + umlal r5, r6, r7, r14 @ d += a[4]*2 * a[7] + umlal r9, r10, r0, r14 @ d' += a[5]*2 * a[7] + umlal r5, r6, r0, r8 @ d += a[5]*2 * a[6] + umlal r9, r10, r8, r8 @ d' += a[6] * a[6] + + bic r0, r5, field_not_M @ u1 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u1 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t1 = c & M + str r14, [sp, #4 + 1*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u1 * R1 + umlal r3, r4, r0, r14 + + /* D */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u2 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u2 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t2 = c & M + str r14, [sp, #4 + 2*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u2 * R1 + umlal r3, r4, r0, r14 + + /* E interleaved with F */ + ldr r7, [r1, #0*4] @ a[0]*2 + ldr r0, [r1, #1*4] @ a[1]*2 + ldr r14, [r1, #2*4] @ a[2] + mov r7, r7, asl #1 + ldr r8, [r1, #3*4] @ a[3] + ldr r2, [r1, #4*4] + umlal r3, r4, r7, r8 @ c += a[0]*2 * a[3] + mov r0, r0, asl #1 + umull r11, r12, r7, r2 @ c' = a[0]*2 * a[4] + mov r2, r2, asl #1 @ a[4]*2 + umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[3] + ldr r8, [r1, #9*4] @ a[9] + umlal r3, r4, r0, r14 @ c += a[1]*2 * a[2] + ldr r0, [r1, #5*4] @ a[5]*2 + umlal r11, r12, r14, r14 @ c' += a[2] * a[2] + ldr r14, [r1, #8*4] @ a[8] + mov r0, r0, asl #1 + umlal r5, r6, r2, r8 @ d += a[4]*2 * a[9] + ldr r7, [r1, #6*4] @ a[6]*2 + umull r9, r10, r0, r8 @ d' = a[5]*2 * a[9] + mov r7, r7, asl #1 + ldr r8, [r1, #7*4] @ a[7] + umlal r5, r6, r0, r14 @ d += a[5]*2 * a[8] + umlal r9, r10, r7, r14 @ d' += a[6]*2 * a[8] + umlal r5, r6, r7, r8 @ d += a[6]*2 * a[7] + umlal r9, r10, r8, r8 @ d' += a[7] * a[7] + + bic r0, r5, field_not_M @ u3 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u3 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t3 = c & M + str r14, [sp, #4 + 3*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u3 * R1 + umlal r3, r4, r0, r14 + + /* F */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u4 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u4 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t4 = c & M + str r14, [sp, #4 + 4*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u4 * R1 + umlal r3, r4, r0, r14 + + /* G interleaved with H */ + ldr r7, [r1, #0*4] @ a[0]*2 + ldr r0, [r1, #1*4] @ a[1]*2 + mov r7, r7, asl #1 + ldr r8, [r1, #5*4] @ a[5] + ldr r2, [r1, #6*4] @ a[6] + umlal r3, r4, r7, r8 @ c += a[0]*2 * a[5] + ldr r14, [r1, #4*4] @ a[4] + mov r0, r0, asl #1 + umull r11, r12, r7, r2 @ c' = a[0]*2 * a[6] + ldr r7, [r1, #2*4] @ a[2]*2 + umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[5] + mov r7, r7, asl #1 + ldr r8, [r1, #3*4] @ a[3] + umlal r3, r4, r0, r14 @ c += a[1]*2 * a[4] + mov r0, r2, asl #1 @ a[6]*2 + umlal r11, r12, r7, r14 @ c' += a[2]*2 * a[4] + ldr r14, [r1, #9*4] @ a[9] + umlal r3, r4, r7, r8 @ c += a[2]*2 * a[3] + ldr r7, [r1, #7*4] @ a[7]*2 + umlal r11, r12, r8, r8 @ c' += a[3] * a[3] + mov r7, r7, asl #1 + ldr r8, [r1, #8*4] @ a[8] + umlal r5, r6, r0, r14 @ d += a[6]*2 * a[9] + umull r9, r10, r7, r14 @ d' = a[7]*2 * a[9] + umlal r5, r6, r7, r8 @ d += a[7]*2 * a[8] + umlal r9, r10, r8, r8 @ d' += a[8] * a[8] + + bic r0, r5, field_not_M @ u5 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u5 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t5 = c & M + str r14, [sp, #4 + 5*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u5 * R1 + umlal r3, r4, r0, r14 + + /* H */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u6 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u6 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t6 = c & M + str r14, [sp, #4 + 6*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u6 * R1 + umlal r3, r4, r0, r14 + + /* I interleaved with J */ + ldr r7, [r1, #0*4] @ a[0]*2 + ldr r0, [r1, #1*4] @ a[1]*2 + mov r7, r7, asl #1 + ldr r8, [r1, #7*4] @ a[7] + ldr r2, [r1, #8*4] @ a[8] + umlal r3, r4, r7, r8 @ c += a[0]*2 * a[7] + ldr r14, [r1, #6*4] @ a[6] + mov r0, r0, asl #1 + umull r11, r12, r7, r2 @ c' = a[0]*2 * a[8] + ldr r7, [r1, #2*4] @ a[2]*2 + umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[7] + ldr r8, [r1, #5*4] @ a[5] + umlal r3, r4, r0, r14 @ c += a[1]*2 * a[6] + ldr r0, [r1, #3*4] @ a[3]*2 + mov r7, r7, asl #1 + umlal r11, r12, r7, r14 @ c' += a[2]*2 * a[6] + ldr r14, [r1, #4*4] @ a[4] + mov r0, r0, asl #1 + umlal r3, r4, r7, r8 @ c += a[2]*2 * a[5] + mov r2, r2, asl #1 @ a[8]*2 + umlal r11, r12, r0, r8 @ c' += a[3]*2 * a[5] + umlal r3, r4, r0, r14 @ c += a[3]*2 * a[4] + umlal r11, r12, r14, r14 @ c' += a[4] * a[4] + ldr r8, [r1, #9*4] @ a[9] + umlal r5, r6, r2, r8 @ d += a[8]*2 * a[9] + @ r8 will be used in J + + bic r0, r5, field_not_M @ u7 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u7 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t7 = c & M + str r14, [sp, #4 + 7*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u7 * R1 + umlal r3, r4, r0, r14 + + /* J */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + umlal r5, r6, r8, r8 @ d += a[9] * a[9] + + bic r0, r5, field_not_M @ u8 = d & M + str r0, [sp, #4 + 8*4] + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u8 * R0 + umlal r3, r4, r0, r14 + + /****************************************** + * compute and write back result + ****************************************** + Allocation: + r0 r + r3:r4 c + r5:r6 d + r7 t0 + r8 t1 + r9 t2 + r11 u8 + r12 t9 + r1,r2,r10,r14 scratch + + Note: do not read from a[] after here, it may overlap with r[] + */ + ldr r0, [sp, #0] + add r1, sp, #4 + 3*4 @ r[3..7] = t3..7, r11=u8, r12=t9 + ldmia r1, {r2,r7,r8,r9,r10,r11,r12} + add r1, r0, #3*4 + stmia r1, {r2,r7,r8,r9,r10} + + bic r2, r3, field_not_M @ r[8] = c & M + str r2, [r0, #8*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u8 * R1 + umlal r3, r4, r11, r14 + movw r14, field_R0 @ c += d * R0 + umlal r3, r4, r5, r14 + adds r3, r3, r12 @ c += t9 + adc r4, r4, #0 + + add r1, sp, #4 + 0*4 @ r7,r8,r9 = t0,t1,t2 + ldmia r1, {r7,r8,r9} + + ubfx r2, r3, #0, #22 @ r[9] = c & (M >> 4) + str r2, [r0, #9*4] + mov r3, r3, lsr #22 @ c >>= 22 + orr r3, r3, r4, asl #10 + mov r4, r4, lsr #22 + movw r14, field_R1 << 4 @ c += d * (R1 << 4) + umlal r3, r4, r5, r14 + + movw r14, field_R0 >> 4 @ d = c * (R0 >> 4) + t0 (64x64 multiply+add) + umull r5, r6, r3, r14 @ d = c.lo * (R0 >> 4) + adds r5, r5, r7 @ d.lo += t0 + mla r6, r14, r4, r6 @ d.hi += c.hi * (R0 >> 4) + adc r6, r6, 0 @ d.hi += carry + + bic r2, r5, field_not_M @ r[0] = d & M + str r2, [r0, #0*4] + + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + + movw r14, field_R1 >> 4 @ d += c * (R1 >> 4) + t1 (64x64 multiply+add) + umull r1, r2, r3, r14 @ tmp = c.lo * (R1 >> 4) + adds r5, r5, r8 @ d.lo += t1 + adc r6, r6, #0 @ d.hi += carry + adds r5, r5, r1 @ d.lo += tmp.lo + mla r2, r14, r4, r2 @ tmp.hi += c.hi * (R1 >> 4) + adc r6, r6, r2 @ d.hi += carry + tmp.hi + + bic r2, r5, field_not_M @ r[1] = d & M + str r2, [r0, #1*4] + mov r5, r5, lsr #26 @ d >>= 26 (ignore hi) + orr r5, r5, r6, asl #6 + + add r5, r5, r9 @ d += t2 + str r5, [r0, #2*4] @ r[2] = d + + add sp, sp, #48 + ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size secp256k1_fe_sqr_inner, .-secp256k1_fe_sqr_inner + diff --git a/deps/secp256k1/src/basic-config.h b/deps/secp256k1/src/basic-config.h new file mode 100644 index 000000000..e9be39d4c --- /dev/null +++ b/deps/secp256k1/src/basic-config.h @@ -0,0 +1,38 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_BASIC_CONFIG_H +#define SECP256K1_BASIC_CONFIG_H + +#ifdef USE_BASIC_CONFIG + +#undef USE_ASM_X86_64 +#undef USE_ECMULT_STATIC_PRECOMPUTATION +#undef USE_ENDOMORPHISM +#undef USE_EXTERNAL_ASM +#undef USE_EXTERNAL_DEFAULT_CALLBACKS +#undef USE_FIELD_10X26 +#undef USE_FIELD_5X52 +#undef USE_FIELD_INV_BUILTIN +#undef USE_FIELD_INV_NUM +#undef USE_NUM_GMP +#undef USE_NUM_NONE +#undef USE_SCALAR_4X64 +#undef USE_SCALAR_8X32 +#undef USE_SCALAR_INV_BUILTIN +#undef USE_SCALAR_INV_NUM +#undef ECMULT_WINDOW_SIZE + +#define USE_NUM_NONE 1 +#define USE_FIELD_INV_BUILTIN 1 +#define USE_SCALAR_INV_BUILTIN 1 +#define USE_FIELD_10X26 1 +#define USE_SCALAR_8X32 1 +#define ECMULT_WINDOW_SIZE 15 + +#endif /* USE_BASIC_CONFIG */ + +#endif /* SECP256K1_BASIC_CONFIG_H */ diff --git a/deps/secp256k1/src/bench.h b/deps/secp256k1/src/bench.h new file mode 100644 index 000000000..5b59783f6 --- /dev/null +++ b/deps/secp256k1/src/bench.h @@ -0,0 +1,82 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_BENCH_H +#define SECP256K1_BENCH_H + +#include +#include +#include +#include "sys/time.h" + +static double gettimedouble(void) { + struct timeval tv; + gettimeofday(&tv, NULL); + return tv.tv_usec * 0.000001 + tv.tv_sec; +} + +void print_number(double x) { + double y = x; + int c = 0; + if (y < 0.0) { + y = -y; + } + while (y > 0 && y < 100.0) { + y *= 10.0; + c++; + } + printf("%.*f", c, x); +} + +void run_benchmark(char *name, void (*benchmark)(void*), void (*setup)(void*), void (*teardown)(void*), void* data, int count, int iter) { + int i; + double min = HUGE_VAL; + double sum = 0.0; + double max = 0.0; + for (i = 0; i < count; i++) { + double begin, total; + if (setup != NULL) { + setup(data); + } + begin = gettimedouble(); + benchmark(data); + total = gettimedouble() - begin; + if (teardown != NULL) { + teardown(data); + } + if (total < min) { + min = total; + } + if (total > max) { + max = total; + } + sum += total; + } + printf("%s: min ", name); + print_number(min * 1000000.0 / iter); + printf("us / avg "); + print_number((sum / count) * 1000000.0 / iter); + printf("us / max "); + print_number(max * 1000000.0 / iter); + printf("us\n"); +} + +int have_flag(int argc, char** argv, char *flag) { + char** argm = argv + argc; + argv++; + if (argv == argm) { + return 1; + } + while (argv != NULL && argv != argm) { + if (strcmp(*argv, flag) == 0) { + return 1; + } + argv++; + } + return 0; +} + +#endif /* SECP256K1_BENCH_H */ diff --git a/deps/secp256k1/src/bench_ecdh.c b/deps/secp256k1/src/bench_ecdh.c new file mode 100644 index 000000000..c1dd5a6ac --- /dev/null +++ b/deps/secp256k1/src/bench_ecdh.c @@ -0,0 +1,54 @@ +/********************************************************************** + * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include + +#include "include/secp256k1.h" +#include "include/secp256k1_ecdh.h" +#include "util.h" +#include "bench.h" + +typedef struct { + secp256k1_context *ctx; + secp256k1_pubkey point; + unsigned char scalar[32]; +} bench_ecdh_data; + +static void bench_ecdh_setup(void* arg) { + int i; + bench_ecdh_data *data = (bench_ecdh_data*)arg; + const unsigned char point[] = { + 0x03, + 0x54, 0x94, 0xc1, 0x5d, 0x32, 0x09, 0x97, 0x06, + 0xc2, 0x39, 0x5f, 0x94, 0x34, 0x87, 0x45, 0xfd, + 0x75, 0x7c, 0xe3, 0x0e, 0x4e, 0x8c, 0x90, 0xfb, + 0xa2, 0xba, 0xd1, 0x84, 0xf8, 0x83, 0xc6, 0x9f + }; + + /* create a context with no capabilities */ + data->ctx = secp256k1_context_create(SECP256K1_FLAGS_TYPE_CONTEXT); + for (i = 0; i < 32; i++) { + data->scalar[i] = i + 1; + } + CHECK(secp256k1_ec_pubkey_parse(data->ctx, &data->point, point, sizeof(point)) == 1); +} + +static void bench_ecdh(void* arg) { + int i; + unsigned char res[32]; + bench_ecdh_data *data = (bench_ecdh_data*)arg; + + for (i = 0; i < 20000; i++) { + CHECK(secp256k1_ecdh(data->ctx, res, &data->point, data->scalar, NULL, NULL) == 1); + } +} + +int main(void) { + bench_ecdh_data data; + + run_benchmark("ecdh", bench_ecdh, bench_ecdh_setup, NULL, &data, 10, 20000); + return 0; +} diff --git a/deps/secp256k1/src/bench_ecmult.c b/deps/secp256k1/src/bench_ecmult.c new file mode 100644 index 000000000..7b5d185dc --- /dev/null +++ b/deps/secp256k1/src/bench_ecmult.c @@ -0,0 +1,207 @@ +/********************************************************************** + * Copyright (c) 2017 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ +#include + +#include "include/secp256k1.h" + +#include "util.h" +#include "hash_impl.h" +#include "num_impl.h" +#include "field_impl.h" +#include "group_impl.h" +#include "scalar_impl.h" +#include "ecmult_impl.h" +#include "bench.h" +#include "secp256k1.c" + +#define POINTS 32768 +#define ITERS 10000 + +typedef struct { + /* Setup once in advance */ + secp256k1_context* ctx; + secp256k1_scratch_space* scratch; + secp256k1_scalar* scalars; + secp256k1_ge* pubkeys; + secp256k1_scalar* seckeys; + secp256k1_gej* expected_output; + secp256k1_ecmult_multi_func ecmult_multi; + + /* Changes per test */ + size_t count; + int includes_g; + + /* Changes per test iteration */ + size_t offset1; + size_t offset2; + + /* Test output. */ + secp256k1_gej* output; +} bench_data; + +static int bench_callback(secp256k1_scalar* sc, secp256k1_ge* ge, size_t idx, void* arg) { + bench_data* data = (bench_data*)arg; + if (data->includes_g) ++idx; + if (idx == 0) { + *sc = data->scalars[data->offset1]; + *ge = secp256k1_ge_const_g; + } else { + *sc = data->scalars[(data->offset1 + idx) % POINTS]; + *ge = data->pubkeys[(data->offset2 + idx - 1) % POINTS]; + } + return 1; +} + +static void bench_ecmult(void* arg) { + bench_data* data = (bench_data*)arg; + + size_t count = data->count; + int includes_g = data->includes_g; + size_t iters = 1 + ITERS / count; + size_t iter; + + for (iter = 0; iter < iters; ++iter) { + data->ecmult_multi(&data->ctx->error_callback, &data->ctx->ecmult_ctx, data->scratch, &data->output[iter], data->includes_g ? &data->scalars[data->offset1] : NULL, bench_callback, arg, count - includes_g); + data->offset1 = (data->offset1 + count) % POINTS; + data->offset2 = (data->offset2 + count - 1) % POINTS; + } +} + +static void bench_ecmult_setup(void* arg) { + bench_data* data = (bench_data*)arg; + data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS; + data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS; +} + +static void bench_ecmult_teardown(void* arg) { + bench_data* data = (bench_data*)arg; + size_t iters = 1 + ITERS / data->count; + size_t iter; + /* Verify the results in teardown, to avoid doing comparisons while benchmarking. */ + for (iter = 0; iter < iters; ++iter) { + secp256k1_gej tmp; + secp256k1_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL); + CHECK(secp256k1_gej_is_infinity(&tmp)); + } +} + +static void generate_scalar(uint32_t num, secp256k1_scalar* scalar) { + secp256k1_sha256 sha256; + unsigned char c[11] = {'e', 'c', 'm', 'u', 'l', 't', 0, 0, 0, 0}; + unsigned char buf[32]; + int overflow = 0; + c[6] = num; + c[7] = num >> 8; + c[8] = num >> 16; + c[9] = num >> 24; + secp256k1_sha256_initialize(&sha256); + secp256k1_sha256_write(&sha256, c, sizeof(c)); + secp256k1_sha256_finalize(&sha256, buf); + secp256k1_scalar_set_b32(scalar, buf, &overflow); + CHECK(!overflow); +} + +static void run_test(bench_data* data, size_t count, int includes_g) { + char str[32]; + static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + size_t iters = 1 + ITERS / count; + size_t iter; + + data->count = count; + data->includes_g = includes_g; + + /* Compute (the negation of) the expected results directly. */ + data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS; + data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS; + for (iter = 0; iter < iters; ++iter) { + secp256k1_scalar tmp; + secp256k1_scalar total = data->scalars[(data->offset1++) % POINTS]; + size_t i = 0; + for (i = 0; i + 1 < count; ++i) { + secp256k1_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]); + secp256k1_scalar_add(&total, &total, &tmp); + } + secp256k1_scalar_negate(&total, &total); + secp256k1_ecmult(&data->ctx->ecmult_ctx, &data->expected_output[iter], NULL, &zero, &total); + } + + /* Run the benchmark. */ + sprintf(str, includes_g ? "ecmult_%ig" : "ecmult_%i", (int)count); + run_benchmark(str, bench_ecmult, bench_ecmult_setup, bench_ecmult_teardown, data, 10, count * (1 + ITERS / count)); +} + +int main(int argc, char **argv) { + bench_data data; + int i, p; + secp256k1_gej* pubkeys_gej; + size_t scratch_size; + + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + scratch_size = secp256k1_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16; + data.scratch = secp256k1_scratch_space_create(data.ctx, scratch_size); + data.ecmult_multi = secp256k1_ecmult_multi_var; + + if (argc > 1) { + if(have_flag(argc, argv, "pippenger_wnaf")) { + printf("Using pippenger_wnaf:\n"); + data.ecmult_multi = secp256k1_ecmult_pippenger_batch_single; + } else if(have_flag(argc, argv, "strauss_wnaf")) { + printf("Using strauss_wnaf:\n"); + data.ecmult_multi = secp256k1_ecmult_strauss_batch_single; + } else if(have_flag(argc, argv, "simple")) { + printf("Using simple algorithm:\n"); + data.ecmult_multi = secp256k1_ecmult_multi_var; + secp256k1_scratch_space_destroy(data.ctx, data.scratch); + data.scratch = NULL; + } else { + fprintf(stderr, "%s: unrecognized argument '%s'.\n", argv[0], argv[1]); + fprintf(stderr, "Use 'pippenger_wnaf', 'strauss_wnaf', 'simple' or no argument to benchmark a combined algorithm.\n"); + return 1; + } + } + + /* Allocate stuff */ + data.scalars = malloc(sizeof(secp256k1_scalar) * POINTS); + data.seckeys = malloc(sizeof(secp256k1_scalar) * POINTS); + data.pubkeys = malloc(sizeof(secp256k1_ge) * POINTS); + data.expected_output = malloc(sizeof(secp256k1_gej) * (ITERS + 1)); + data.output = malloc(sizeof(secp256k1_gej) * (ITERS + 1)); + + /* Generate a set of scalars, and private/public keypairs. */ + pubkeys_gej = malloc(sizeof(secp256k1_gej) * POINTS); + secp256k1_gej_set_ge(&pubkeys_gej[0], &secp256k1_ge_const_g); + secp256k1_scalar_set_int(&data.seckeys[0], 1); + for (i = 0; i < POINTS; ++i) { + generate_scalar(i, &data.scalars[i]); + if (i) { + secp256k1_gej_double_var(&pubkeys_gej[i], &pubkeys_gej[i - 1], NULL); + secp256k1_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]); + } + } + secp256k1_ge_set_all_gej_var(data.pubkeys, pubkeys_gej, POINTS); + free(pubkeys_gej); + + for (i = 1; i <= 8; ++i) { + run_test(&data, i, 1); + } + + for (p = 0; p <= 11; ++p) { + for (i = 9; i <= 16; ++i) { + run_test(&data, i << p, 1); + } + } + if (data.scratch != NULL) { + secp256k1_scratch_space_destroy(data.ctx, data.scratch); + } + secp256k1_context_destroy(data.ctx); + free(data.scalars); + free(data.pubkeys); + free(data.seckeys); + free(data.output); + free(data.expected_output); + + return(0); +} diff --git a/deps/secp256k1/src/bench_internal.c b/deps/secp256k1/src/bench_internal.c new file mode 100644 index 000000000..a8f4e9e12 --- /dev/null +++ b/deps/secp256k1/src/bench_internal.c @@ -0,0 +1,369 @@ +/********************************************************************** + * Copyright (c) 2014-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ +#include + +#include "include/secp256k1.h" + +#include "util.h" +#include "hash_impl.h" +#include "num_impl.h" +#include "field_impl.h" +#include "group_impl.h" +#include "scalar_impl.h" +#include "ecmult_const_impl.h" +#include "ecmult_impl.h" +#include "bench.h" +#include "secp256k1.c" + +typedef struct { + secp256k1_scalar scalar_x, scalar_y; + secp256k1_fe fe_x, fe_y; + secp256k1_ge ge_x, ge_y; + secp256k1_gej gej_x, gej_y; + unsigned char data[64]; + int wnaf[256]; +} bench_inv; + +void bench_setup(void* arg) { + bench_inv *data = (bench_inv*)arg; + + static const unsigned char init_x[32] = { + 0x02, 0x03, 0x05, 0x07, 0x0b, 0x0d, 0x11, 0x13, + 0x17, 0x1d, 0x1f, 0x25, 0x29, 0x2b, 0x2f, 0x35, + 0x3b, 0x3d, 0x43, 0x47, 0x49, 0x4f, 0x53, 0x59, + 0x61, 0x65, 0x67, 0x6b, 0x6d, 0x71, 0x7f, 0x83 + }; + + static const unsigned char init_y[32] = { + 0x82, 0x83, 0x85, 0x87, 0x8b, 0x8d, 0x81, 0x83, + 0x97, 0xad, 0xaf, 0xb5, 0xb9, 0xbb, 0xbf, 0xc5, + 0xdb, 0xdd, 0xe3, 0xe7, 0xe9, 0xef, 0xf3, 0xf9, + 0x11, 0x15, 0x17, 0x1b, 0x1d, 0xb1, 0xbf, 0xd3 + }; + + secp256k1_scalar_set_b32(&data->scalar_x, init_x, NULL); + secp256k1_scalar_set_b32(&data->scalar_y, init_y, NULL); + secp256k1_fe_set_b32(&data->fe_x, init_x); + secp256k1_fe_set_b32(&data->fe_y, init_y); + CHECK(secp256k1_ge_set_xo_var(&data->ge_x, &data->fe_x, 0)); + CHECK(secp256k1_ge_set_xo_var(&data->ge_y, &data->fe_y, 1)); + secp256k1_gej_set_ge(&data->gej_x, &data->ge_x); + secp256k1_gej_set_ge(&data->gej_y, &data->ge_y); + memcpy(data->data, init_x, 32); + memcpy(data->data + 32, init_y, 32); +} + +void bench_scalar_add(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 2000000; i++) { + secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } +} + +void bench_scalar_negate(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 2000000; i++) { + secp256k1_scalar_negate(&data->scalar_x, &data->scalar_x); + } +} + +void bench_scalar_sqr(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 200000; i++) { + secp256k1_scalar_sqr(&data->scalar_x, &data->scalar_x); + } +} + +void bench_scalar_mul(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 200000; i++) { + secp256k1_scalar_mul(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } +} + +#ifdef USE_ENDOMORPHISM +void bench_scalar_split(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 20000; i++) { + secp256k1_scalar l, r; + secp256k1_scalar_split_lambda(&l, &r, &data->scalar_x); + secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } +} +#endif + +void bench_scalar_inverse(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 2000; i++) { + secp256k1_scalar_inverse(&data->scalar_x, &data->scalar_x); + secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } +} + +void bench_scalar_inverse_var(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 2000; i++) { + secp256k1_scalar_inverse_var(&data->scalar_x, &data->scalar_x); + secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } +} + +void bench_field_normalize(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 2000000; i++) { + secp256k1_fe_normalize(&data->fe_x); + } +} + +void bench_field_normalize_weak(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 2000000; i++) { + secp256k1_fe_normalize_weak(&data->fe_x); + } +} + +void bench_field_mul(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 200000; i++) { + secp256k1_fe_mul(&data->fe_x, &data->fe_x, &data->fe_y); + } +} + +void bench_field_sqr(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 200000; i++) { + secp256k1_fe_sqr(&data->fe_x, &data->fe_x); + } +} + +void bench_field_inverse(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 20000; i++) { + secp256k1_fe_inv(&data->fe_x, &data->fe_x); + secp256k1_fe_add(&data->fe_x, &data->fe_y); + } +} + +void bench_field_inverse_var(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 20000; i++) { + secp256k1_fe_inv_var(&data->fe_x, &data->fe_x); + secp256k1_fe_add(&data->fe_x, &data->fe_y); + } +} + +void bench_field_sqrt(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + secp256k1_fe t; + + for (i = 0; i < 20000; i++) { + t = data->fe_x; + secp256k1_fe_sqrt(&data->fe_x, &t); + secp256k1_fe_add(&data->fe_x, &data->fe_y); + } +} + +void bench_group_double_var(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 200000; i++) { + secp256k1_gej_double_var(&data->gej_x, &data->gej_x, NULL); + } +} + +void bench_group_add_var(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 200000; i++) { + secp256k1_gej_add_var(&data->gej_x, &data->gej_x, &data->gej_y, NULL); + } +} + +void bench_group_add_affine(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 200000; i++) { + secp256k1_gej_add_ge(&data->gej_x, &data->gej_x, &data->ge_y); + } +} + +void bench_group_add_affine_var(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 200000; i++) { + secp256k1_gej_add_ge_var(&data->gej_x, &data->gej_x, &data->ge_y, NULL); + } +} + +void bench_group_jacobi_var(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 20000; i++) { + secp256k1_gej_has_quad_y_var(&data->gej_x); + } +} + +void bench_ecmult_wnaf(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 20000; i++) { + secp256k1_ecmult_wnaf(data->wnaf, 256, &data->scalar_x, WINDOW_A); + secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } +} + +void bench_wnaf_const(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < 20000; i++) { + secp256k1_wnaf_const(data->wnaf, &data->scalar_x, WINDOW_A, 256); + secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } +} + + +void bench_sha256(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + secp256k1_sha256 sha; + + for (i = 0; i < 20000; i++) { + secp256k1_sha256_initialize(&sha); + secp256k1_sha256_write(&sha, data->data, 32); + secp256k1_sha256_finalize(&sha, data->data); + } +} + +void bench_hmac_sha256(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + secp256k1_hmac_sha256 hmac; + + for (i = 0; i < 20000; i++) { + secp256k1_hmac_sha256_initialize(&hmac, data->data, 32); + secp256k1_hmac_sha256_write(&hmac, data->data, 32); + secp256k1_hmac_sha256_finalize(&hmac, data->data); + } +} + +void bench_rfc6979_hmac_sha256(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + secp256k1_rfc6979_hmac_sha256 rng; + + for (i = 0; i < 20000; i++) { + secp256k1_rfc6979_hmac_sha256_initialize(&rng, data->data, 64); + secp256k1_rfc6979_hmac_sha256_generate(&rng, data->data, 32); + } +} + +void bench_context_verify(void* arg) { + int i; + (void)arg; + for (i = 0; i < 20; i++) { + secp256k1_context_destroy(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY)); + } +} + +void bench_context_sign(void* arg) { + int i; + (void)arg; + for (i = 0; i < 200; i++) { + secp256k1_context_destroy(secp256k1_context_create(SECP256K1_CONTEXT_SIGN)); + } +} + +#ifndef USE_NUM_NONE +void bench_num_jacobi(void* arg) { + int i; + bench_inv *data = (bench_inv*)arg; + secp256k1_num nx, norder; + + secp256k1_scalar_get_num(&nx, &data->scalar_x); + secp256k1_scalar_order_get_num(&norder); + secp256k1_scalar_get_num(&norder, &data->scalar_y); + + for (i = 0; i < 200000; i++) { + secp256k1_num_jacobi(&nx, &norder); + } +} +#endif + +int main(int argc, char **argv) { + bench_inv data; + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "add")) run_benchmark("scalar_add", bench_scalar_add, bench_setup, NULL, &data, 10, 2000000); + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "negate")) run_benchmark("scalar_negate", bench_scalar_negate, bench_setup, NULL, &data, 10, 2000000); + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "sqr")) run_benchmark("scalar_sqr", bench_scalar_sqr, bench_setup, NULL, &data, 10, 200000); + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "mul")) run_benchmark("scalar_mul", bench_scalar_mul, bench_setup, NULL, &data, 10, 200000); +#ifdef USE_ENDOMORPHISM + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "split")) run_benchmark("scalar_split", bench_scalar_split, bench_setup, NULL, &data, 10, 20000); +#endif + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "inverse")) run_benchmark("scalar_inverse", bench_scalar_inverse, bench_setup, NULL, &data, 10, 2000); + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "inverse")) run_benchmark("scalar_inverse_var", bench_scalar_inverse_var, bench_setup, NULL, &data, 10, 2000); + + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "normalize")) run_benchmark("field_normalize", bench_field_normalize, bench_setup, NULL, &data, 10, 2000000); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "normalize")) run_benchmark("field_normalize_weak", bench_field_normalize_weak, bench_setup, NULL, &data, 10, 2000000); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "sqr")) run_benchmark("field_sqr", bench_field_sqr, bench_setup, NULL, &data, 10, 200000); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "mul")) run_benchmark("field_mul", bench_field_mul, bench_setup, NULL, &data, 10, 200000); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "inverse")) run_benchmark("field_inverse", bench_field_inverse, bench_setup, NULL, &data, 10, 20000); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "inverse")) run_benchmark("field_inverse_var", bench_field_inverse_var, bench_setup, NULL, &data, 10, 20000); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "sqrt")) run_benchmark("field_sqrt", bench_field_sqrt, bench_setup, NULL, &data, 10, 20000); + + if (have_flag(argc, argv, "group") || have_flag(argc, argv, "double")) run_benchmark("group_double_var", bench_group_double_var, bench_setup, NULL, &data, 10, 200000); + if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_var", bench_group_add_var, bench_setup, NULL, &data, 10, 200000); + if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_affine", bench_group_add_affine, bench_setup, NULL, &data, 10, 200000); + if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_affine_var", bench_group_add_affine_var, bench_setup, NULL, &data, 10, 200000); + if (have_flag(argc, argv, "group") || have_flag(argc, argv, "jacobi")) run_benchmark("group_jacobi_var", bench_group_jacobi_var, bench_setup, NULL, &data, 10, 20000); + + if (have_flag(argc, argv, "ecmult") || have_flag(argc, argv, "wnaf")) run_benchmark("wnaf_const", bench_wnaf_const, bench_setup, NULL, &data, 10, 20000); + if (have_flag(argc, argv, "ecmult") || have_flag(argc, argv, "wnaf")) run_benchmark("ecmult_wnaf", bench_ecmult_wnaf, bench_setup, NULL, &data, 10, 20000); + + if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "sha256")) run_benchmark("hash_sha256", bench_sha256, bench_setup, NULL, &data, 10, 20000); + if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "hmac")) run_benchmark("hash_hmac_sha256", bench_hmac_sha256, bench_setup, NULL, &data, 10, 20000); + if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "rng6979")) run_benchmark("hash_rfc6979_hmac_sha256", bench_rfc6979_hmac_sha256, bench_setup, NULL, &data, 10, 20000); + + if (have_flag(argc, argv, "context") || have_flag(argc, argv, "verify")) run_benchmark("context_verify", bench_context_verify, bench_setup, NULL, &data, 10, 20); + if (have_flag(argc, argv, "context") || have_flag(argc, argv, "sign")) run_benchmark("context_sign", bench_context_sign, bench_setup, NULL, &data, 10, 200); + +#ifndef USE_NUM_NONE + if (have_flag(argc, argv, "num") || have_flag(argc, argv, "jacobi")) run_benchmark("num_jacobi", bench_num_jacobi, bench_setup, NULL, &data, 10, 200000); +#endif + return 0; +} diff --git a/deps/secp256k1/src/bench_recover.c b/deps/secp256k1/src/bench_recover.c new file mode 100644 index 000000000..b806eed94 --- /dev/null +++ b/deps/secp256k1/src/bench_recover.c @@ -0,0 +1,60 @@ +/********************************************************************** + * Copyright (c) 2014-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include "include/secp256k1.h" +#include "include/secp256k1_recovery.h" +#include "util.h" +#include "bench.h" + +typedef struct { + secp256k1_context *ctx; + unsigned char msg[32]; + unsigned char sig[64]; +} bench_recover_data; + +void bench_recover(void* arg) { + int i; + bench_recover_data *data = (bench_recover_data*)arg; + secp256k1_pubkey pubkey; + unsigned char pubkeyc[33]; + + for (i = 0; i < 20000; i++) { + int j; + size_t pubkeylen = 33; + secp256k1_ecdsa_recoverable_signature sig; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(data->ctx, &sig, data->sig, i % 2)); + CHECK(secp256k1_ecdsa_recover(data->ctx, &pubkey, &sig, data->msg)); + CHECK(secp256k1_ec_pubkey_serialize(data->ctx, pubkeyc, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED)); + for (j = 0; j < 32; j++) { + data->sig[j + 32] = data->msg[j]; /* Move former message to S. */ + data->msg[j] = data->sig[j]; /* Move former R to message. */ + data->sig[j] = pubkeyc[j + 1]; /* Move recovered pubkey X coordinate to R (which must be a valid X coordinate). */ + } + } +} + +void bench_recover_setup(void* arg) { + int i; + bench_recover_data *data = (bench_recover_data*)arg; + + for (i = 0; i < 32; i++) { + data->msg[i] = 1 + i; + } + for (i = 0; i < 64; i++) { + data->sig[i] = 65 + i; + } +} + +int main(void) { + bench_recover_data data; + + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); + + run_benchmark("ecdsa_recover", bench_recover, bench_recover_setup, NULL, &data, 10, 20000); + + secp256k1_context_destroy(data.ctx); + return 0; +} diff --git a/deps/secp256k1/src/bench_sign.c b/deps/secp256k1/src/bench_sign.c new file mode 100644 index 000000000..544b43963 --- /dev/null +++ b/deps/secp256k1/src/bench_sign.c @@ -0,0 +1,56 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include "include/secp256k1.h" +#include "util.h" +#include "bench.h" + +typedef struct { + secp256k1_context* ctx; + unsigned char msg[32]; + unsigned char key[32]; +} bench_sign; + +static void bench_sign_setup(void* arg) { + int i; + bench_sign *data = (bench_sign*)arg; + + for (i = 0; i < 32; i++) { + data->msg[i] = i + 1; + } + for (i = 0; i < 32; i++) { + data->key[i] = i + 65; + } +} + +static void bench_sign_run(void* arg) { + int i; + bench_sign *data = (bench_sign*)arg; + + unsigned char sig[74]; + for (i = 0; i < 20000; i++) { + size_t siglen = 74; + int j; + secp256k1_ecdsa_signature signature; + CHECK(secp256k1_ecdsa_sign(data->ctx, &signature, data->msg, data->key, NULL, NULL)); + CHECK(secp256k1_ecdsa_signature_serialize_der(data->ctx, sig, &siglen, &signature)); + for (j = 0; j < 32; j++) { + data->msg[j] = sig[j]; + data->key[j] = sig[j + 32]; + } + } +} + +int main(void) { + bench_sign data; + + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); + + run_benchmark("ecdsa_sign", bench_sign_run, bench_sign_setup, NULL, &data, 10, 20000); + + secp256k1_context_destroy(data.ctx); + return 0; +} diff --git a/deps/secp256k1/src/bench_verify.c b/deps/secp256k1/src/bench_verify.c new file mode 100644 index 000000000..418defa0a --- /dev/null +++ b/deps/secp256k1/src/bench_verify.c @@ -0,0 +1,112 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include +#include + +#include "include/secp256k1.h" +#include "util.h" +#include "bench.h" + +#ifdef ENABLE_OPENSSL_TESTS +#include +#include +#include +#endif + +typedef struct { + secp256k1_context *ctx; + unsigned char msg[32]; + unsigned char key[32]; + unsigned char sig[72]; + size_t siglen; + unsigned char pubkey[33]; + size_t pubkeylen; +#ifdef ENABLE_OPENSSL_TESTS + EC_GROUP* ec_group; +#endif +} benchmark_verify_t; + +static void benchmark_verify(void* arg) { + int i; + benchmark_verify_t* data = (benchmark_verify_t*)arg; + + for (i = 0; i < 20000; i++) { + secp256k1_pubkey pubkey; + secp256k1_ecdsa_signature sig; + data->sig[data->siglen - 1] ^= (i & 0xFF); + data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); + data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); + CHECK(secp256k1_ec_pubkey_parse(data->ctx, &pubkey, data->pubkey, data->pubkeylen) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(data->ctx, &sig, data->sig, data->siglen) == 1); + CHECK(secp256k1_ecdsa_verify(data->ctx, &sig, data->msg, &pubkey) == (i == 0)); + data->sig[data->siglen - 1] ^= (i & 0xFF); + data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); + data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); + } +} + +#ifdef ENABLE_OPENSSL_TESTS +static void benchmark_verify_openssl(void* arg) { + int i; + benchmark_verify_t* data = (benchmark_verify_t*)arg; + + for (i = 0; i < 20000; i++) { + data->sig[data->siglen - 1] ^= (i & 0xFF); + data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); + data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); + { + EC_KEY *pkey = EC_KEY_new(); + const unsigned char *pubkey = &data->pubkey[0]; + int result; + + CHECK(pkey != NULL); + result = EC_KEY_set_group(pkey, data->ec_group); + CHECK(result); + result = (o2i_ECPublicKey(&pkey, &pubkey, data->pubkeylen)) != NULL; + CHECK(result); + result = ECDSA_verify(0, &data->msg[0], sizeof(data->msg), &data->sig[0], data->siglen, pkey) == (i == 0); + CHECK(result); + EC_KEY_free(pkey); + } + data->sig[data->siglen - 1] ^= (i & 0xFF); + data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); + data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); + } +} +#endif + +int main(void) { + int i; + secp256k1_pubkey pubkey; + secp256k1_ecdsa_signature sig; + benchmark_verify_t data; + + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + + for (i = 0; i < 32; i++) { + data.msg[i] = 1 + i; + } + for (i = 0; i < 32; i++) { + data.key[i] = 33 + i; + } + data.siglen = 72; + CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL)); + CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig)); + CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key)); + data.pubkeylen = 33; + CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + + run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000); +#ifdef ENABLE_OPENSSL_TESTS + data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1); + run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, 20000); + EC_GROUP_free(data.ec_group); +#endif + + secp256k1_context_destroy(data.ctx); + return 0; +} diff --git a/deps/secp256k1/src/ecdsa.h b/deps/secp256k1/src/ecdsa.h new file mode 100644 index 000000000..80590c7cc --- /dev/null +++ b/deps/secp256k1/src/ecdsa.h @@ -0,0 +1,21 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECDSA_H +#define SECP256K1_ECDSA_H + +#include + +#include "scalar.h" +#include "group.h" +#include "ecmult.h" + +static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *r, secp256k1_scalar *s, const unsigned char *sig, size_t size); +static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar *r, const secp256k1_scalar *s); +static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context *ctx, const secp256k1_scalar* r, const secp256k1_scalar* s, const secp256k1_ge *pubkey, const secp256k1_scalar *message); +static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid); + +#endif /* SECP256K1_ECDSA_H */ diff --git a/deps/secp256k1/src/ecdsa_impl.h b/deps/secp256k1/src/ecdsa_impl.h new file mode 100644 index 000000000..eb099c87d --- /dev/null +++ b/deps/secp256k1/src/ecdsa_impl.h @@ -0,0 +1,319 @@ +/********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + + +#ifndef SECP256K1_ECDSA_IMPL_H +#define SECP256K1_ECDSA_IMPL_H + +#include "scalar.h" +#include "field.h" +#include "group.h" +#include "ecmult.h" +#include "ecmult_gen.h" +#include "ecdsa.h" + +/** Group order for secp256k1 defined as 'n' in "Standards for Efficient Cryptography" (SEC2) 2.7.1 + * sage: for t in xrange(1023, -1, -1): + * .. p = 2**256 - 2**32 - t + * .. if p.is_prime(): + * .. print '%x'%p + * .. break + * 'fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f' + * sage: a = 0 + * sage: b = 7 + * sage: F = FiniteField (p) + * sage: '%x' % (EllipticCurve ([F (a), F (b)]).order()) + * 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141' + */ +static const secp256k1_fe secp256k1_ecdsa_const_order_as_fe = SECP256K1_FE_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, + 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364141UL +); + +/** Difference between field and order, values 'p' and 'n' values defined in + * "Standards for Efficient Cryptography" (SEC2) 2.7.1. + * sage: p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F + * sage: a = 0 + * sage: b = 7 + * sage: F = FiniteField (p) + * sage: '%x' % (p - EllipticCurve ([F (a), F (b)]).order()) + * '14551231950b75fc4402da1722fc9baee' + */ +static const secp256k1_fe secp256k1_ecdsa_const_p_minus_order = SECP256K1_FE_CONST( + 0, 0, 0, 1, 0x45512319UL, 0x50B75FC4UL, 0x402DA172UL, 0x2FC9BAEEUL +); + +static int secp256k1_der_read_len(size_t *len, const unsigned char **sigp, const unsigned char *sigend) { + size_t lenleft; + unsigned char b1; + VERIFY_CHECK(len != NULL); + *len = 0; + if (*sigp >= sigend) { + return 0; + } + b1 = *((*sigp)++); + if (b1 == 0xFF) { + /* X.690-0207 8.1.3.5.c the value 0xFF shall not be used. */ + return 0; + } + if ((b1 & 0x80) == 0) { + /* X.690-0207 8.1.3.4 short form length octets */ + *len = b1; + return 1; + } + if (b1 == 0x80) { + /* Indefinite length is not allowed in DER. */ + return 0; + } + /* X.690-207 8.1.3.5 long form length octets */ + lenleft = b1 & 0x7F; /* lenleft is at least 1 */ + if (lenleft > (size_t)(sigend - *sigp)) { + return 0; + } + if (**sigp == 0) { + /* Not the shortest possible length encoding. */ + return 0; + } + if (lenleft > sizeof(size_t)) { + /* The resulting length would exceed the range of a size_t, so + * certainly longer than the passed array size. + */ + return 0; + } + while (lenleft > 0) { + *len = (*len << 8) | **sigp; + (*sigp)++; + lenleft--; + } + if (*len > (size_t)(sigend - *sigp)) { + /* Result exceeds the length of the passed array. */ + return 0; + } + if (*len < 128) { + /* Not the shortest possible length encoding. */ + return 0; + } + return 1; +} + +static int secp256k1_der_parse_integer(secp256k1_scalar *r, const unsigned char **sig, const unsigned char *sigend) { + int overflow = 0; + unsigned char ra[32] = {0}; + size_t rlen; + + if (*sig == sigend || **sig != 0x02) { + /* Not a primitive integer (X.690-0207 8.3.1). */ + return 0; + } + (*sig)++; + if (secp256k1_der_read_len(&rlen, sig, sigend) == 0) { + return 0; + } + if (rlen == 0 || *sig + rlen > sigend) { + /* Exceeds bounds or not at least length 1 (X.690-0207 8.3.1). */ + return 0; + } + if (**sig == 0x00 && rlen > 1 && (((*sig)[1]) & 0x80) == 0x00) { + /* Excessive 0x00 padding. */ + return 0; + } + if (**sig == 0xFF && rlen > 1 && (((*sig)[1]) & 0x80) == 0x80) { + /* Excessive 0xFF padding. */ + return 0; + } + if ((**sig & 0x80) == 0x80) { + /* Negative. */ + overflow = 1; + } + /* There is at most one leading zero byte: + * if there were two leading zero bytes, we would have failed and returned 0 + * because of excessive 0x00 padding already. */ + if (rlen > 0 && **sig == 0) { + /* Skip leading zero byte */ + rlen--; + (*sig)++; + } + if (rlen > 32) { + overflow = 1; + } + if (!overflow) { + memcpy(ra + 32 - rlen, *sig, rlen); + secp256k1_scalar_set_b32(r, ra, &overflow); + } + if (overflow) { + secp256k1_scalar_set_int(r, 0); + } + (*sig) += rlen; + return 1; +} + +static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *rr, secp256k1_scalar *rs, const unsigned char *sig, size_t size) { + const unsigned char *sigend = sig + size; + size_t rlen; + if (sig == sigend || *(sig++) != 0x30) { + /* The encoding doesn't start with a constructed sequence (X.690-0207 8.9.1). */ + return 0; + } + if (secp256k1_der_read_len(&rlen, &sig, sigend) == 0) { + return 0; + } + if (rlen != (size_t)(sigend - sig)) { + /* Tuple exceeds bounds or garage after tuple. */ + return 0; + } + + if (!secp256k1_der_parse_integer(rr, &sig, sigend)) { + return 0; + } + if (!secp256k1_der_parse_integer(rs, &sig, sigend)) { + return 0; + } + + if (sig != sigend) { + /* Trailing garbage inside tuple. */ + return 0; + } + + return 1; +} + +static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar* ar, const secp256k1_scalar* as) { + unsigned char r[33] = {0}, s[33] = {0}; + unsigned char *rp = r, *sp = s; + size_t lenR = 33, lenS = 33; + secp256k1_scalar_get_b32(&r[1], ar); + secp256k1_scalar_get_b32(&s[1], as); + while (lenR > 1 && rp[0] == 0 && rp[1] < 0x80) { lenR--; rp++; } + while (lenS > 1 && sp[0] == 0 && sp[1] < 0x80) { lenS--; sp++; } + if (*size < 6+lenS+lenR) { + *size = 6 + lenS + lenR; + return 0; + } + *size = 6 + lenS + lenR; + sig[0] = 0x30; + sig[1] = 4 + lenS + lenR; + sig[2] = 0x02; + sig[3] = lenR; + memcpy(sig+4, rp, lenR); + sig[4+lenR] = 0x02; + sig[5+lenR] = lenS; + memcpy(sig+lenR+6, sp, lenS); + return 1; +} + +static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context *ctx, const secp256k1_scalar *sigr, const secp256k1_scalar *sigs, const secp256k1_ge *pubkey, const secp256k1_scalar *message) { + unsigned char c[32]; + secp256k1_scalar sn, u1, u2; +#if !defined(EXHAUSTIVE_TEST_ORDER) + secp256k1_fe xr; +#endif + secp256k1_gej pubkeyj; + secp256k1_gej pr; + + if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) { + return 0; + } + + secp256k1_scalar_inverse_var(&sn, sigs); + secp256k1_scalar_mul(&u1, &sn, message); + secp256k1_scalar_mul(&u2, &sn, sigr); + secp256k1_gej_set_ge(&pubkeyj, pubkey); + secp256k1_ecmult(ctx, &pr, &pubkeyj, &u2, &u1); + if (secp256k1_gej_is_infinity(&pr)) { + return 0; + } + +#if defined(EXHAUSTIVE_TEST_ORDER) +{ + secp256k1_scalar computed_r; + secp256k1_ge pr_ge; + secp256k1_ge_set_gej(&pr_ge, &pr); + secp256k1_fe_normalize(&pr_ge.x); + + secp256k1_fe_get_b32(c, &pr_ge.x); + secp256k1_scalar_set_b32(&computed_r, c, NULL); + return secp256k1_scalar_eq(sigr, &computed_r); +} +#else + secp256k1_scalar_get_b32(c, sigr); + secp256k1_fe_set_b32(&xr, c); + + /** We now have the recomputed R point in pr, and its claimed x coordinate (modulo n) + * in xr. Naively, we would extract the x coordinate from pr (requiring a inversion modulo p), + * compute the remainder modulo n, and compare it to xr. However: + * + * xr == X(pr) mod n + * <=> exists h. (xr + h * n < p && xr + h * n == X(pr)) + * [Since 2 * n > p, h can only be 0 or 1] + * <=> (xr == X(pr)) || (xr + n < p && xr + n == X(pr)) + * [In Jacobian coordinates, X(pr) is pr.x / pr.z^2 mod p] + * <=> (xr == pr.x / pr.z^2 mod p) || (xr + n < p && xr + n == pr.x / pr.z^2 mod p) + * [Multiplying both sides of the equations by pr.z^2 mod p] + * <=> (xr * pr.z^2 mod p == pr.x) || (xr + n < p && (xr + n) * pr.z^2 mod p == pr.x) + * + * Thus, we can avoid the inversion, but we have to check both cases separately. + * secp256k1_gej_eq_x implements the (xr * pr.z^2 mod p == pr.x) test. + */ + if (secp256k1_gej_eq_x_var(&xr, &pr)) { + /* xr * pr.z^2 mod p == pr.x, so the signature is valid. */ + return 1; + } + if (secp256k1_fe_cmp_var(&xr, &secp256k1_ecdsa_const_p_minus_order) >= 0) { + /* xr + n >= p, so we can skip testing the second case. */ + return 0; + } + secp256k1_fe_add(&xr, &secp256k1_ecdsa_const_order_as_fe); + if (secp256k1_gej_eq_x_var(&xr, &pr)) { + /* (xr + n) * pr.z^2 mod p == pr.x, so the signature is valid. */ + return 1; + } + return 0; +#endif +} + +static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid) { + unsigned char b[32]; + secp256k1_gej rp; + secp256k1_ge r; + secp256k1_scalar n; + int overflow = 0; + + secp256k1_ecmult_gen(ctx, &rp, nonce); + secp256k1_ge_set_gej(&r, &rp); + secp256k1_fe_normalize(&r.x); + secp256k1_fe_normalize(&r.y); + secp256k1_fe_get_b32(b, &r.x); + secp256k1_scalar_set_b32(sigr, b, &overflow); + /* These two conditions should be checked before calling */ + VERIFY_CHECK(!secp256k1_scalar_is_zero(sigr)); + VERIFY_CHECK(overflow == 0); + + if (recid) { + /* The overflow condition is cryptographically unreachable as hitting it requires finding the discrete log + * of some P where P.x >= order, and only 1 in about 2^127 points meet this criteria. + */ + *recid = (overflow ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0); + } + secp256k1_scalar_mul(&n, sigr, seckey); + secp256k1_scalar_add(&n, &n, message); + secp256k1_scalar_inverse(sigs, nonce); + secp256k1_scalar_mul(sigs, sigs, &n); + secp256k1_scalar_clear(&n); + secp256k1_gej_clear(&rp); + secp256k1_ge_clear(&r); + if (secp256k1_scalar_is_zero(sigs)) { + return 0; + } + if (secp256k1_scalar_is_high(sigs)) { + secp256k1_scalar_negate(sigs, sigs); + if (recid) { + *recid ^= 1; + } + } + return 1; +} + +#endif /* SECP256K1_ECDSA_IMPL_H */ diff --git a/deps/secp256k1/src/eckey.h b/deps/secp256k1/src/eckey.h new file mode 100644 index 000000000..b621f1e6c --- /dev/null +++ b/deps/secp256k1/src/eckey.h @@ -0,0 +1,25 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECKEY_H +#define SECP256K1_ECKEY_H + +#include + +#include "group.h" +#include "scalar.h" +#include "ecmult.h" +#include "ecmult_gen.h" + +static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size); +static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed); + +static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak); +static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak); +static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak); +static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak); + +#endif /* SECP256K1_ECKEY_H */ diff --git a/deps/secp256k1/src/eckey_impl.h b/deps/secp256k1/src/eckey_impl.h new file mode 100644 index 000000000..7c5b78932 --- /dev/null +++ b/deps/secp256k1/src/eckey_impl.h @@ -0,0 +1,100 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECKEY_IMPL_H +#define SECP256K1_ECKEY_IMPL_H + +#include "eckey.h" + +#include "scalar.h" +#include "field.h" +#include "group.h" +#include "ecmult_gen.h" + +static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size) { + if (size == 33 && (pub[0] == SECP256K1_TAG_PUBKEY_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_ODD)) { + secp256k1_fe x; + return secp256k1_fe_set_b32(&x, pub+1) && secp256k1_ge_set_xo_var(elem, &x, pub[0] == SECP256K1_TAG_PUBKEY_ODD); + } else if (size == 65 && (pub[0] == SECP256K1_TAG_PUBKEY_UNCOMPRESSED || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { + secp256k1_fe x, y; + if (!secp256k1_fe_set_b32(&x, pub+1) || !secp256k1_fe_set_b32(&y, pub+33)) { + return 0; + } + secp256k1_ge_set_xy(elem, &x, &y); + if ((pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD) && + secp256k1_fe_is_odd(&y) != (pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { + return 0; + } + return secp256k1_ge_is_valid_var(elem); + } else { + return 0; + } +} + +static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed) { + if (secp256k1_ge_is_infinity(elem)) { + return 0; + } + secp256k1_fe_normalize_var(&elem->x); + secp256k1_fe_normalize_var(&elem->y); + secp256k1_fe_get_b32(&pub[1], &elem->x); + if (compressed) { + *size = 33; + pub[0] = secp256k1_fe_is_odd(&elem->y) ? SECP256K1_TAG_PUBKEY_ODD : SECP256K1_TAG_PUBKEY_EVEN; + } else { + *size = 65; + pub[0] = SECP256K1_TAG_PUBKEY_UNCOMPRESSED; + secp256k1_fe_get_b32(&pub[33], &elem->y); + } + return 1; +} + +static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak) { + secp256k1_scalar_add(key, key, tweak); + if (secp256k1_scalar_is_zero(key)) { + return 0; + } + return 1; +} + +static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak) { + secp256k1_gej pt; + secp256k1_scalar one; + secp256k1_gej_set_ge(&pt, key); + secp256k1_scalar_set_int(&one, 1); + secp256k1_ecmult(ctx, &pt, &pt, &one, tweak); + + if (secp256k1_gej_is_infinity(&pt)) { + return 0; + } + secp256k1_ge_set_gej(key, &pt); + return 1; +} + +static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak) { + if (secp256k1_scalar_is_zero(tweak)) { + return 0; + } + + secp256k1_scalar_mul(key, key, tweak); + return 1; +} + +static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak) { + secp256k1_scalar zero; + secp256k1_gej pt; + if (secp256k1_scalar_is_zero(tweak)) { + return 0; + } + + secp256k1_scalar_set_int(&zero, 0); + secp256k1_gej_set_ge(&pt, key); + secp256k1_ecmult(ctx, &pt, &pt, tweak, &zero); + secp256k1_ge_set_gej(key, &pt); + return 1; +} + +#endif /* SECP256K1_ECKEY_IMPL_H */ diff --git a/deps/secp256k1/src/ecmult.h b/deps/secp256k1/src/ecmult.h new file mode 100644 index 000000000..c9b198239 --- /dev/null +++ b/deps/secp256k1/src/ecmult.h @@ -0,0 +1,48 @@ +/********************************************************************** + * Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECMULT_H +#define SECP256K1_ECMULT_H + +#include "num.h" +#include "group.h" +#include "scalar.h" +#include "scratch.h" + +typedef struct { + /* For accelerating the computation of a*P + b*G: */ + secp256k1_ge_storage (*pre_g)[]; /* odd multiples of the generator */ +#ifdef USE_ENDOMORPHISM + secp256k1_ge_storage (*pre_g_128)[]; /* odd multiples of 2^128*generator */ +#endif +} secp256k1_ecmult_context; + +static const size_t SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; +static void secp256k1_ecmult_context_init(secp256k1_ecmult_context *ctx); +static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, void **prealloc); +static void secp256k1_ecmult_context_finalize_memcpy(secp256k1_ecmult_context *dst, const secp256k1_ecmult_context *src); +static void secp256k1_ecmult_context_clear(secp256k1_ecmult_context *ctx); +static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context *ctx); + +/** Double multiply: R = na*A + ng*G */ +static void secp256k1_ecmult(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng); + +typedef int (secp256k1_ecmult_multi_callback)(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *data); + +/** + * Multi-multiply: R = inp_g_sc * G + sum_i ni * Ai. + * Chooses the right algorithm for a given number of points and scratch space + * size. Resets and overwrites the given scratch space. If the points do not + * fit in the scratch space the algorithm is repeatedly run with batches of + * points. If no scratch space is given then a simple algorithm is used that + * simply multiplies the points with the corresponding scalars and adds them up. + * Returns: 1 on success (including when inp_g_sc is NULL and n is 0) + * 0 if there is not enough scratch space for a single point or + * callback returns 0 + */ +static int secp256k1_ecmult_multi_var(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n); + +#endif /* SECP256K1_ECMULT_H */ diff --git a/deps/secp256k1/src/ecmult_const.h b/deps/secp256k1/src/ecmult_const.h new file mode 100644 index 000000000..03bb33257 --- /dev/null +++ b/deps/secp256k1/src/ecmult_const.h @@ -0,0 +1,20 @@ +/********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECMULT_CONST_H +#define SECP256K1_ECMULT_CONST_H + +#include "scalar.h" +#include "group.h" + +/** + * Multiply: R = q*A (in constant-time) + * Here `bits` should be set to the maximum bitlength of the _absolute value_ of `q`, plus + * one because we internally sometimes add 2 to the number during the WNAF conversion. + */ +static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q, int bits); + +#endif /* SECP256K1_ECMULT_CONST_H */ diff --git a/deps/secp256k1/src/ecmult_const_impl.h b/deps/secp256k1/src/ecmult_const_impl.h new file mode 100644 index 000000000..aaa576ada --- /dev/null +++ b/deps/secp256k1/src/ecmult_const_impl.h @@ -0,0 +1,261 @@ +/********************************************************************** + * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECMULT_CONST_IMPL_H +#define SECP256K1_ECMULT_CONST_IMPL_H + +#include "scalar.h" +#include "group.h" +#include "ecmult_const.h" +#include "ecmult_impl.h" + +/* This is like `ECMULT_TABLE_GET_GE` but is constant time */ +#define ECMULT_CONST_TABLE_GET_GE(r,pre,n,w) do { \ + int m; \ + int abs_n = (n) * (((n) > 0) * 2 - 1); \ + int idx_n = abs_n / 2; \ + secp256k1_fe neg_y; \ + VERIFY_CHECK(((n) & 1) == 1); \ + VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ + VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ + VERIFY_SETUP(secp256k1_fe_clear(&(r)->x)); \ + VERIFY_SETUP(secp256k1_fe_clear(&(r)->y)); \ + for (m = 0; m < ECMULT_TABLE_SIZE(w); m++) { \ + /* This loop is used to avoid secret data in array indices. See + * the comment in ecmult_gen_impl.h for rationale. */ \ + secp256k1_fe_cmov(&(r)->x, &(pre)[m].x, m == idx_n); \ + secp256k1_fe_cmov(&(r)->y, &(pre)[m].y, m == idx_n); \ + } \ + (r)->infinity = 0; \ + secp256k1_fe_negate(&neg_y, &(r)->y, 1); \ + secp256k1_fe_cmov(&(r)->y, &neg_y, (n) != abs_n); \ +} while(0) + + +/** Convert a number to WNAF notation. + * The number becomes represented by sum(2^{wi} * wnaf[i], i=0..WNAF_SIZE(w)+1) - return_val. + * It has the following guarantees: + * - each wnaf[i] an odd integer between -(1 << w) and (1 << w) + * - each wnaf[i] is nonzero + * - the number of words set is always WNAF_SIZE(w) + 1 + * + * Adapted from `The Width-w NAF Method Provides Small Memory and Fast Elliptic Scalar + * Multiplications Secure against Side Channel Attacks`, Okeya and Tagaki. M. Joye (Ed.) + * CT-RSA 2003, LNCS 2612, pp. 328-443, 2003. Springer-Verlagy Berlin Heidelberg 2003 + * + * Numbers reference steps of `Algorithm SPA-resistant Width-w NAF with Odd Scalar` on pp. 335 + */ +static int secp256k1_wnaf_const(int *wnaf, const secp256k1_scalar *scalar, int w, int size) { + int global_sign; + int skew = 0; + int word = 0; + + /* 1 2 3 */ + int u_last; + int u; + + int flip; + int bit; + secp256k1_scalar s; + int not_neg_one; + + VERIFY_CHECK(w > 0); + VERIFY_CHECK(size > 0); + + /* Note that we cannot handle even numbers by negating them to be odd, as is + * done in other implementations, since if our scalars were specified to have + * width < 256 for performance reasons, their negations would have width 256 + * and we'd lose any performance benefit. Instead, we use a technique from + * Section 4.2 of the Okeya/Tagaki paper, which is to add either 1 (for even) + * or 2 (for odd) to the number we are encoding, returning a skew value indicating + * this, and having the caller compensate after doing the multiplication. + * + * In fact, we _do_ want to negate numbers to minimize their bit-lengths (and in + * particular, to ensure that the outputs from the endomorphism-split fit into + * 128 bits). If we negate, the parity of our number flips, inverting which of + * {1, 2} we want to add to the scalar when ensuring that it's odd. Further + * complicating things, -1 interacts badly with `secp256k1_scalar_cadd_bit` and + * we need to special-case it in this logic. */ + flip = secp256k1_scalar_is_high(scalar); + /* We add 1 to even numbers, 2 to odd ones, noting that negation flips parity */ + bit = flip ^ !secp256k1_scalar_is_even(scalar); + /* We check for negative one, since adding 2 to it will cause an overflow */ + secp256k1_scalar_negate(&s, scalar); + not_neg_one = !secp256k1_scalar_is_one(&s); + s = *scalar; + secp256k1_scalar_cadd_bit(&s, bit, not_neg_one); + /* If we had negative one, flip == 1, s.d[0] == 0, bit == 1, so caller expects + * that we added two to it and flipped it. In fact for -1 these operations are + * identical. We only flipped, but since skewing is required (in the sense that + * the skew must be 1 or 2, never zero) and flipping is not, we need to change + * our flags to claim that we only skewed. */ + global_sign = secp256k1_scalar_cond_negate(&s, flip); + global_sign *= not_neg_one * 2 - 1; + skew = 1 << bit; + + /* 4 */ + u_last = secp256k1_scalar_shr_int(&s, w); + do { + int sign; + int even; + + /* 4.1 4.4 */ + u = secp256k1_scalar_shr_int(&s, w); + /* 4.2 */ + even = ((u & 1) == 0); + sign = 2 * (u_last > 0) - 1; + u += sign * even; + u_last -= sign * even * (1 << w); + + /* 4.3, adapted for global sign change */ + wnaf[word++] = u_last * global_sign; + + u_last = u; + } while (word * w < size); + wnaf[word] = u * global_sign; + + VERIFY_CHECK(secp256k1_scalar_is_zero(&s)); + VERIFY_CHECK(word == WNAF_SIZE_BITS(size, w)); + return skew; +} + +static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *scalar, int size) { + secp256k1_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_ge tmpa; + secp256k1_fe Z; + + int skew_1; +#ifdef USE_ENDOMORPHISM + secp256k1_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; + int wnaf_lam[1 + WNAF_SIZE(WINDOW_A - 1)]; + int skew_lam; + secp256k1_scalar q_1, q_lam; +#endif + int wnaf_1[1 + WNAF_SIZE(WINDOW_A - 1)]; + + int i; + + /* build wnaf representation for q. */ + int rsize = size; +#ifdef USE_ENDOMORPHISM + if (size > 128) { + rsize = 128; + /* split q into q_1 and q_lam (where q = q_1 + q_lam*lambda, and q_1 and q_lam are ~128 bit) */ + secp256k1_scalar_split_lambda(&q_1, &q_lam, scalar); + skew_1 = secp256k1_wnaf_const(wnaf_1, &q_1, WINDOW_A - 1, 128); + skew_lam = secp256k1_wnaf_const(wnaf_lam, &q_lam, WINDOW_A - 1, 128); + } else +#endif + { + skew_1 = secp256k1_wnaf_const(wnaf_1, scalar, WINDOW_A - 1, size); +#ifdef USE_ENDOMORPHISM + skew_lam = 0; +#endif + } + + /* Calculate odd multiples of a. + * All multiples are brought to the same Z 'denominator', which is stored + * in Z. Due to secp256k1' isomorphism we can do all operations pretending + * that the Z coordinate was 1, use affine addition formulae, and correct + * the Z coordinate of the result once at the end. + */ + secp256k1_gej_set_ge(r, a); + secp256k1_ecmult_odd_multiples_table_globalz_windowa(pre_a, &Z, r); + for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { + secp256k1_fe_normalize_weak(&pre_a[i].y); + } +#ifdef USE_ENDOMORPHISM + if (size > 128) { + for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { + secp256k1_ge_mul_lambda(&pre_a_lam[i], &pre_a[i]); + } + } +#endif + + /* first loop iteration (separated out so we can directly set r, rather + * than having it start at infinity, get doubled several times, then have + * its new value added to it) */ + i = wnaf_1[WNAF_SIZE_BITS(rsize, WINDOW_A - 1)]; + VERIFY_CHECK(i != 0); + ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a, i, WINDOW_A); + secp256k1_gej_set_ge(r, &tmpa); +#ifdef USE_ENDOMORPHISM + if (size > 128) { + i = wnaf_lam[WNAF_SIZE_BITS(rsize, WINDOW_A - 1)]; + VERIFY_CHECK(i != 0); + ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a_lam, i, WINDOW_A); + secp256k1_gej_add_ge(r, r, &tmpa); + } +#endif + /* remaining loop iterations */ + for (i = WNAF_SIZE_BITS(rsize, WINDOW_A - 1) - 1; i >= 0; i--) { + int n; + int j; + for (j = 0; j < WINDOW_A - 1; ++j) { + secp256k1_gej_double_nonzero(r, r, NULL); + } + + n = wnaf_1[i]; + ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a, n, WINDOW_A); + VERIFY_CHECK(n != 0); + secp256k1_gej_add_ge(r, r, &tmpa); +#ifdef USE_ENDOMORPHISM + if (size > 128) { + n = wnaf_lam[i]; + ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a_lam, n, WINDOW_A); + VERIFY_CHECK(n != 0); + secp256k1_gej_add_ge(r, r, &tmpa); + } +#endif + } + + secp256k1_fe_mul(&r->z, &r->z, &Z); + + { + /* Correct for wNAF skew */ + secp256k1_ge correction = *a; + secp256k1_ge_storage correction_1_stor; +#ifdef USE_ENDOMORPHISM + secp256k1_ge_storage correction_lam_stor; +#endif + secp256k1_ge_storage a2_stor; + secp256k1_gej tmpj; + secp256k1_gej_set_ge(&tmpj, &correction); + secp256k1_gej_double_var(&tmpj, &tmpj, NULL); + secp256k1_ge_set_gej(&correction, &tmpj); + secp256k1_ge_to_storage(&correction_1_stor, a); +#ifdef USE_ENDOMORPHISM + if (size > 128) { + secp256k1_ge_to_storage(&correction_lam_stor, a); + } +#endif + secp256k1_ge_to_storage(&a2_stor, &correction); + + /* For odd numbers this is 2a (so replace it), for even ones a (so no-op) */ + secp256k1_ge_storage_cmov(&correction_1_stor, &a2_stor, skew_1 == 2); +#ifdef USE_ENDOMORPHISM + if (size > 128) { + secp256k1_ge_storage_cmov(&correction_lam_stor, &a2_stor, skew_lam == 2); + } +#endif + + /* Apply the correction */ + secp256k1_ge_from_storage(&correction, &correction_1_stor); + secp256k1_ge_neg(&correction, &correction); + secp256k1_gej_add_ge(r, r, &correction); + +#ifdef USE_ENDOMORPHISM + if (size > 128) { + secp256k1_ge_from_storage(&correction, &correction_lam_stor); + secp256k1_ge_neg(&correction, &correction); + secp256k1_ge_mul_lambda(&correction, &correction); + secp256k1_gej_add_ge(r, r, &correction); + } +#endif + } +} + +#endif /* SECP256K1_ECMULT_CONST_IMPL_H */ diff --git a/deps/secp256k1/src/ecmult_gen.h b/deps/secp256k1/src/ecmult_gen.h new file mode 100644 index 000000000..30815e5aa --- /dev/null +++ b/deps/secp256k1/src/ecmult_gen.h @@ -0,0 +1,50 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECMULT_GEN_H +#define SECP256K1_ECMULT_GEN_H + +#include "scalar.h" +#include "group.h" + +#if ECMULT_GEN_PREC_BITS != 2 && ECMULT_GEN_PREC_BITS != 4 && ECMULT_GEN_PREC_BITS != 8 +# error "Set ECMULT_GEN_PREC_BITS to 2, 4 or 8." +#endif +#define ECMULT_GEN_PREC_B ECMULT_GEN_PREC_BITS +#define ECMULT_GEN_PREC_G (1 << ECMULT_GEN_PREC_B) +#define ECMULT_GEN_PREC_N (256 / ECMULT_GEN_PREC_B) + +typedef struct { + /* For accelerating the computation of a*G: + * To harden against timing attacks, use the following mechanism: + * * Break up the multiplicand into groups of PREC_B bits, called n_0, n_1, n_2, ..., n_(PREC_N-1). + * * Compute sum(n_i * (PREC_G)^i * G + U_i, i=0 ... PREC_N-1), where: + * * U_i = U * 2^i, for i=0 ... PREC_N-2 + * * U_i = U * (1-2^(PREC_N-1)), for i=PREC_N-1 + * where U is a point with no known corresponding scalar. Note that sum(U_i, i=0 ... PREC_N-1) = 0. + * For each i, and each of the PREC_G possible values of n_i, (n_i * (PREC_G)^i * G + U_i) is + * precomputed (call it prec(i, n_i)). The formula now becomes sum(prec(i, n_i), i=0 ... PREC_N-1). + * None of the resulting prec group elements have a known scalar, and neither do any of + * the intermediate sums while computing a*G. + */ + secp256k1_ge_storage (*prec)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G]; /* prec[j][i] = (PREC_G)^j * i * G + U_i */ + secp256k1_scalar blind; + secp256k1_gej initial; +} secp256k1_ecmult_gen_context; + +static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; +static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context* ctx); +static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context* ctx, void **prealloc); +static void secp256k1_ecmult_gen_context_finalize_memcpy(secp256k1_ecmult_gen_context *dst, const secp256k1_ecmult_gen_context* src); +static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context* ctx); +static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context* ctx); + +/** Multiply with the generator: R = a*G */ +static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context* ctx, secp256k1_gej *r, const secp256k1_scalar *a); + +static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32); + +#endif /* SECP256K1_ECMULT_GEN_H */ diff --git a/deps/secp256k1/src/ecmult_gen_impl.h b/deps/secp256k1/src/ecmult_gen_impl.h new file mode 100644 index 000000000..a1b963939 --- /dev/null +++ b/deps/secp256k1/src/ecmult_gen_impl.h @@ -0,0 +1,211 @@ +/********************************************************************** + * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECMULT_GEN_IMPL_H +#define SECP256K1_ECMULT_GEN_IMPL_H + +#include "util.h" +#include "scalar.h" +#include "group.h" +#include "ecmult_gen.h" +#include "hash_impl.h" +#ifdef USE_ECMULT_STATIC_PRECOMPUTATION +#include "ecmult_static_context.h" +#endif + +#ifndef USE_ECMULT_STATIC_PRECOMPUTATION + static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = ROUND_TO_ALIGN(sizeof(*((secp256k1_ecmult_gen_context*) NULL)->prec)); +#else + static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = 0; +#endif + +static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context *ctx) { + ctx->prec = NULL; +} + +static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context *ctx, void **prealloc) { +#ifndef USE_ECMULT_STATIC_PRECOMPUTATION + secp256k1_ge prec[ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G]; + secp256k1_gej gj; + secp256k1_gej nums_gej; + int i, j; + size_t const prealloc_size = SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; + void* const base = *prealloc; +#endif + + if (ctx->prec != NULL) { + return; + } +#ifndef USE_ECMULT_STATIC_PRECOMPUTATION + ctx->prec = (secp256k1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])manual_alloc(prealloc, prealloc_size, base, prealloc_size); + + /* get the generator */ + secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); + + /* Construct a group element with no known corresponding scalar (nothing up my sleeve). */ + { + static const unsigned char nums_b32[33] = "The scalar for this x is unknown"; + secp256k1_fe nums_x; + secp256k1_ge nums_ge; + int r; + r = secp256k1_fe_set_b32(&nums_x, nums_b32); + (void)r; + VERIFY_CHECK(r); + r = secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0); + (void)r; + VERIFY_CHECK(r); + secp256k1_gej_set_ge(&nums_gej, &nums_ge); + /* Add G to make the bits in x uniformly distributed. */ + secp256k1_gej_add_ge_var(&nums_gej, &nums_gej, &secp256k1_ge_const_g, NULL); + } + + /* compute prec. */ + { + secp256k1_gej precj[ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G]; /* Jacobian versions of prec. */ + secp256k1_gej gbase; + secp256k1_gej numsbase; + gbase = gj; /* PREC_G^j * G */ + numsbase = nums_gej; /* 2^j * nums. */ + for (j = 0; j < ECMULT_GEN_PREC_N; j++) { + /* Set precj[j*PREC_G .. j*PREC_G+(PREC_G-1)] to (numsbase, numsbase + gbase, ..., numsbase + (PREC_G-1)*gbase). */ + precj[j*ECMULT_GEN_PREC_G] = numsbase; + for (i = 1; i < ECMULT_GEN_PREC_G; i++) { + secp256k1_gej_add_var(&precj[j*ECMULT_GEN_PREC_G + i], &precj[j*ECMULT_GEN_PREC_G + i - 1], &gbase, NULL); + } + /* Multiply gbase by PREC_G. */ + for (i = 0; i < ECMULT_GEN_PREC_B; i++) { + secp256k1_gej_double_var(&gbase, &gbase, NULL); + } + /* Multiply numbase by 2. */ + secp256k1_gej_double_var(&numsbase, &numsbase, NULL); + if (j == ECMULT_GEN_PREC_N - 2) { + /* In the last iteration, numsbase is (1 - 2^j) * nums instead. */ + secp256k1_gej_neg(&numsbase, &numsbase); + secp256k1_gej_add_var(&numsbase, &numsbase, &nums_gej, NULL); + } + } + secp256k1_ge_set_all_gej_var(prec, precj, ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G); + } + for (j = 0; j < ECMULT_GEN_PREC_N; j++) { + for (i = 0; i < ECMULT_GEN_PREC_G; i++) { + secp256k1_ge_to_storage(&(*ctx->prec)[j][i], &prec[j*ECMULT_GEN_PREC_G + i]); + } + } +#else + (void)prealloc; + ctx->prec = (secp256k1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])secp256k1_ecmult_static_context; +#endif + secp256k1_ecmult_gen_blind(ctx, NULL); +} + +static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context* ctx) { + return ctx->prec != NULL; +} + +static void secp256k1_ecmult_gen_context_finalize_memcpy(secp256k1_ecmult_gen_context *dst, const secp256k1_ecmult_gen_context *src) { +#ifndef USE_ECMULT_STATIC_PRECOMPUTATION + if (src->prec != NULL) { + /* We cast to void* first to suppress a -Wcast-align warning. */ + dst->prec = (secp256k1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])(void*)((unsigned char*)dst + ((unsigned char*)src->prec - (unsigned char*)src)); + } +#else + (void)dst, (void)src; +#endif +} + +static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context *ctx) { + secp256k1_scalar_clear(&ctx->blind); + secp256k1_gej_clear(&ctx->initial); + ctx->prec = NULL; +} + +static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *gn) { + secp256k1_ge add; + secp256k1_ge_storage adds; + secp256k1_scalar gnb; + int bits; + int i, j; + memset(&adds, 0, sizeof(adds)); + *r = ctx->initial; + /* Blind scalar/point multiplication by computing (n-b)G + bG instead of nG. */ + secp256k1_scalar_add(&gnb, gn, &ctx->blind); + add.infinity = 0; + for (j = 0; j < ECMULT_GEN_PREC_N; j++) { + bits = secp256k1_scalar_get_bits(&gnb, j * ECMULT_GEN_PREC_B, ECMULT_GEN_PREC_B); + for (i = 0; i < ECMULT_GEN_PREC_G; i++) { + /** This uses a conditional move to avoid any secret data in array indexes. + * _Any_ use of secret indexes has been demonstrated to result in timing + * sidechannels, even when the cache-line access patterns are uniform. + * See also: + * "A word of warning", CHES 2013 Rump Session, by Daniel J. Bernstein and Peter Schwabe + * (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and + * "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, + * by Dag Arne Osvik, Adi Shamir, and Eran Tromer + * (http://www.tau.ac.il/~tromer/papers/cache.pdf) + */ + secp256k1_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits); + } + secp256k1_ge_from_storage(&add, &adds); + secp256k1_gej_add_ge(r, r, &add); + } + bits = 0; + secp256k1_ge_clear(&add); + secp256k1_scalar_clear(&gnb); +} + +/* Setup blinding values for secp256k1_ecmult_gen. */ +static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32) { + secp256k1_scalar b; + secp256k1_gej gb; + secp256k1_fe s; + unsigned char nonce32[32]; + secp256k1_rfc6979_hmac_sha256 rng; + int retry; + unsigned char keydata[64] = {0}; + if (seed32 == NULL) { + /* When seed is NULL, reset the initial point and blinding value. */ + secp256k1_gej_set_ge(&ctx->initial, &secp256k1_ge_const_g); + secp256k1_gej_neg(&ctx->initial, &ctx->initial); + secp256k1_scalar_set_int(&ctx->blind, 1); + } + /* The prior blinding value (if not reset) is chained forward by including it in the hash. */ + secp256k1_scalar_get_b32(nonce32, &ctx->blind); + /** Using a CSPRNG allows a failure free interface, avoids needing large amounts of random data, + * and guards against weak or adversarial seeds. This is a simpler and safer interface than + * asking the caller for blinding values directly and expecting them to retry on failure. + */ + memcpy(keydata, nonce32, 32); + if (seed32 != NULL) { + memcpy(keydata + 32, seed32, 32); + } + secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, seed32 ? 64 : 32); + memset(keydata, 0, sizeof(keydata)); + /* Retry for out of range results to achieve uniformity. */ + do { + secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + retry = !secp256k1_fe_set_b32(&s, nonce32); + retry = retry || secp256k1_fe_is_zero(&s); + } while (retry); /* This branch true is cryptographically unreachable. Requires sha256_hmac output > Fp. */ + /* Randomize the projection to defend against multiplier sidechannels. */ + secp256k1_gej_rescale(&ctx->initial, &s); + secp256k1_fe_clear(&s); + do { + secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + secp256k1_scalar_set_b32(&b, nonce32, &retry); + /* A blinding value of 0 works, but would undermine the projection hardening. */ + retry = retry || secp256k1_scalar_is_zero(&b); + } while (retry); /* This branch true is cryptographically unreachable. Requires sha256_hmac output > order. */ + secp256k1_rfc6979_hmac_sha256_finalize(&rng); + memset(nonce32, 0, 32); + secp256k1_ecmult_gen(ctx, &gb, &b); + secp256k1_scalar_negate(&b, &b); + ctx->blind = b; + ctx->initial = gb; + secp256k1_scalar_clear(&b); + secp256k1_gej_clear(&gb); +} + +#endif /* SECP256K1_ECMULT_GEN_IMPL_H */ diff --git a/deps/secp256k1/src/ecmult_impl.h b/deps/secp256k1/src/ecmult_impl.h new file mode 100644 index 000000000..f03fa9469 --- /dev/null +++ b/deps/secp256k1/src/ecmult_impl.h @@ -0,0 +1,1216 @@ +/***************************************************************************** + * Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra, Jonas Nick * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php. * + *****************************************************************************/ + +#ifndef SECP256K1_ECMULT_IMPL_H +#define SECP256K1_ECMULT_IMPL_H + +#include +#include + +#include "util.h" +#include "group.h" +#include "scalar.h" +#include "ecmult.h" + +#if defined(EXHAUSTIVE_TEST_ORDER) +/* We need to lower these values for exhaustive tests because + * the tables cannot have infinities in them (this breaks the + * affine-isomorphism stuff which tracks z-ratios) */ +# if EXHAUSTIVE_TEST_ORDER > 128 +# define WINDOW_A 5 +# define WINDOW_G 8 +# elif EXHAUSTIVE_TEST_ORDER > 8 +# define WINDOW_A 4 +# define WINDOW_G 4 +# else +# define WINDOW_A 2 +# define WINDOW_G 2 +# endif +#else +/* optimal for 128-bit and 256-bit exponents. */ +# define WINDOW_A 5 +/** Larger values for ECMULT_WINDOW_SIZE result in possibly better + * performance at the cost of an exponentially larger precomputed + * table. The exact table size is + * (1 << (WINDOW_G - 2)) * sizeof(secp256k1_ge_storage) bytes, + * where sizeof(secp256k1_ge_storage) is typically 64 bytes but can + * be larger due to platform-specific padding and alignment. + * If the endomorphism optimization is enabled (USE_ENDOMORMPHSIM) + * two tables of this size are used instead of only one. + */ +# define WINDOW_G ECMULT_WINDOW_SIZE +#endif + +/* Noone will ever need more than a window size of 24. The code might + * be correct for larger values of ECMULT_WINDOW_SIZE but this is not + * not tested. + * + * The following limitations are known, and there are probably more: + * If WINDOW_G > 27 and size_t has 32 bits, then the code is incorrect + * because the size of the memory object that we allocate (in bytes) + * will not fit in a size_t. + * If WINDOW_G > 31 and int has 32 bits, then the code is incorrect + * because certain expressions will overflow. + */ +#if ECMULT_WINDOW_SIZE < 2 || ECMULT_WINDOW_SIZE > 24 +# error Set ECMULT_WINDOW_SIZE to an integer in range [2..24]. +#endif + +#ifdef USE_ENDOMORPHISM + #define WNAF_BITS 128 +#else + #define WNAF_BITS 256 +#endif +#define WNAF_SIZE_BITS(bits, w) (((bits) + (w) - 1) / (w)) +#define WNAF_SIZE(w) WNAF_SIZE_BITS(WNAF_BITS, w) + +/** The number of entries a table with precomputed multiples needs to have. */ +#define ECMULT_TABLE_SIZE(w) (1 << ((w)-2)) + +/* The number of objects allocated on the scratch space for ecmult_multi algorithms */ +#define PIPPENGER_SCRATCH_OBJECTS 6 +#define STRAUSS_SCRATCH_OBJECTS 6 + +#define PIPPENGER_MAX_BUCKET_WINDOW 12 + +/* Minimum number of points for which pippenger_wnaf is faster than strauss wnaf */ +#ifdef USE_ENDOMORPHISM + #define ECMULT_PIPPENGER_THRESHOLD 88 +#else + #define ECMULT_PIPPENGER_THRESHOLD 160 +#endif + +#ifdef USE_ENDOMORPHISM + #define ECMULT_MAX_POINTS_PER_BATCH 5000000 +#else + #define ECMULT_MAX_POINTS_PER_BATCH 10000000 +#endif + +/** Fill a table 'prej' with precomputed odd multiples of a. Prej will contain + * the values [1*a,3*a,...,(2*n-1)*a], so it space for n values. zr[0] will + * contain prej[0].z / a.z. The other zr[i] values = prej[i].z / prej[i-1].z. + * Prej's Z values are undefined, except for the last value. + */ +static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_gej *prej, secp256k1_fe *zr, const secp256k1_gej *a) { + secp256k1_gej d; + secp256k1_ge a_ge, d_ge; + int i; + + VERIFY_CHECK(!a->infinity); + + secp256k1_gej_double_var(&d, a, NULL); + + /* + * Perform the additions on an isomorphism where 'd' is affine: drop the z coordinate + * of 'd', and scale the 1P starting value's x/y coordinates without changing its z. + */ + d_ge.x = d.x; + d_ge.y = d.y; + d_ge.infinity = 0; + + secp256k1_ge_set_gej_zinv(&a_ge, a, &d.z); + prej[0].x = a_ge.x; + prej[0].y = a_ge.y; + prej[0].z = a->z; + prej[0].infinity = 0; + + zr[0] = d.z; + for (i = 1; i < n; i++) { + secp256k1_gej_add_ge_var(&prej[i], &prej[i-1], &d_ge, &zr[i]); + } + + /* + * Each point in 'prej' has a z coordinate too small by a factor of 'd.z'. Only + * the final point's z coordinate is actually used though, so just update that. + */ + secp256k1_fe_mul(&prej[n-1].z, &prej[n-1].z, &d.z); +} + +/** Fill a table 'pre' with precomputed odd multiples of a. + * + * There are two versions of this function: + * - secp256k1_ecmult_odd_multiples_table_globalz_windowa which brings its + * resulting point set to a single constant Z denominator, stores the X and Y + * coordinates as ge_storage points in pre, and stores the global Z in rz. + * It only operates on tables sized for WINDOW_A wnaf multiples. + * - secp256k1_ecmult_odd_multiples_table_storage_var, which converts its + * resulting point set to actually affine points, and stores those in pre. + * It operates on tables of any size. + * + * To compute a*P + b*G, we compute a table for P using the first function, + * and for G using the second (which requires an inverse, but it only needs to + * happen once). + */ +static void secp256k1_ecmult_odd_multiples_table_globalz_windowa(secp256k1_ge *pre, secp256k1_fe *globalz, const secp256k1_gej *a) { + secp256k1_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)]; + + /* Compute the odd multiples in Jacobian form. */ + secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), prej, zr, a); + /* Bring them to the same Z denominator. */ + secp256k1_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A), pre, globalz, prej, zr); +} + +static void secp256k1_ecmult_odd_multiples_table_storage_var(const int n, secp256k1_ge_storage *pre, const secp256k1_gej *a) { + secp256k1_gej d; + secp256k1_ge d_ge, p_ge; + secp256k1_gej pj; + secp256k1_fe zi; + secp256k1_fe zr; + secp256k1_fe dx_over_dz_squared; + int i; + + VERIFY_CHECK(!a->infinity); + + secp256k1_gej_double_var(&d, a, NULL); + + /* First, we perform all the additions in an isomorphic curve obtained by multiplying + * all `z` coordinates by 1/`d.z`. In these coordinates `d` is affine so we can use + * `secp256k1_gej_add_ge_var` to perform the additions. For each addition, we store + * the resulting y-coordinate and the z-ratio, since we only have enough memory to + * store two field elements. These are sufficient to efficiently undo the isomorphism + * and recompute all the `x`s. + */ + d_ge.x = d.x; + d_ge.y = d.y; + d_ge.infinity = 0; + + secp256k1_ge_set_gej_zinv(&p_ge, a, &d.z); + pj.x = p_ge.x; + pj.y = p_ge.y; + pj.z = a->z; + pj.infinity = 0; + + for (i = 0; i < (n - 1); i++) { + secp256k1_fe_normalize_var(&pj.y); + secp256k1_fe_to_storage(&pre[i].y, &pj.y); + secp256k1_gej_add_ge_var(&pj, &pj, &d_ge, &zr); + secp256k1_fe_normalize_var(&zr); + secp256k1_fe_to_storage(&pre[i].x, &zr); + } + + /* Invert d.z in the same batch, preserving pj.z so we can extract 1/d.z */ + secp256k1_fe_mul(&zi, &pj.z, &d.z); + secp256k1_fe_inv_var(&zi, &zi); + + /* Directly set `pre[n - 1]` to `pj`, saving the inverted z-coordinate so + * that we can combine it with the saved z-ratios to compute the other zs + * without any more inversions. */ + secp256k1_ge_set_gej_zinv(&p_ge, &pj, &zi); + secp256k1_ge_to_storage(&pre[n - 1], &p_ge); + + /* Compute the actual x-coordinate of D, which will be needed below. */ + secp256k1_fe_mul(&d.z, &zi, &pj.z); /* d.z = 1/d.z */ + secp256k1_fe_sqr(&dx_over_dz_squared, &d.z); + secp256k1_fe_mul(&dx_over_dz_squared, &dx_over_dz_squared, &d.x); + + /* Going into the second loop, we have set `pre[n-1]` to its final affine + * form, but still need to set `pre[i]` for `i` in 0 through `n-2`. We + * have `zi = (p.z * d.z)^-1`, where + * + * `p.z` is the z-coordinate of the point on the isomorphic curve + * which was ultimately assigned to `pre[n-1]`. + * `d.z` is the multiplier that must be applied to all z-coordinates + * to move from our isomorphic curve back to secp256k1; so the + * product `p.z * d.z` is the z-coordinate of the secp256k1 + * point assigned to `pre[n-1]`. + * + * All subsequent inverse-z-coordinates can be obtained by multiplying this + * factor by successive z-ratios, which is much more efficient than directly + * computing each one. + * + * Importantly, these inverse-zs will be coordinates of points on secp256k1, + * while our other stored values come from computations on the isomorphic + * curve. So in the below loop, we will take care not to actually use `zi` + * or any derived values until we're back on secp256k1. + */ + i = n - 1; + while (i > 0) { + secp256k1_fe zi2, zi3; + const secp256k1_fe *rzr; + i--; + + secp256k1_ge_from_storage(&p_ge, &pre[i]); + + /* For each remaining point, we extract the z-ratio from the stored + * x-coordinate, compute its z^-1 from that, and compute the full + * point from that. */ + rzr = &p_ge.x; + secp256k1_fe_mul(&zi, &zi, rzr); + secp256k1_fe_sqr(&zi2, &zi); + secp256k1_fe_mul(&zi3, &zi2, &zi); + /* To compute the actual x-coordinate, we use the stored z ratio and + * y-coordinate, which we obtained from `secp256k1_gej_add_ge_var` + * in the loop above, as well as the inverse of the square of its + * z-coordinate. We store the latter in the `zi2` variable, which is + * computed iteratively starting from the overall Z inverse then + * multiplying by each z-ratio in turn. + * + * Denoting the z-ratio as `rzr`, we observe that it is equal to `h` + * from the inside of the above `gej_add_ge_var` call. This satisfies + * + * rzr = d_x * z^2 - x * d_z^2 + * + * where (`d_x`, `d_z`) are Jacobian coordinates of `D` and `(x, z)` + * are Jacobian coordinates of our desired point -- except both are on + * the isomorphic curve that we were using when we called `gej_add_ge_var`. + * To get back to secp256k1, we must multiply both `z`s by `d_z`, or + * equivalently divide both `x`s by `d_z^2`. Our equation then becomes + * + * rzr = d_x * z^2 / d_z^2 - x + * + * (The left-hand-side, being a ratio of z-coordinates, is unaffected + * by the isomorphism.) + * + * Rearranging to solve for `x`, we have + * + * x = d_x * z^2 / d_z^2 - rzr + * + * But what we actually want is the affine coordinate `X = x/z^2`, + * which will satisfy + * + * X = d_x / d_z^2 - rzr / z^2 + * = dx_over_dz_squared - rzr * zi2 + */ + secp256k1_fe_mul(&p_ge.x, rzr, &zi2); + secp256k1_fe_negate(&p_ge.x, &p_ge.x, 1); + secp256k1_fe_add(&p_ge.x, &dx_over_dz_squared); + /* y is stored_y/z^3, as we expect */ + secp256k1_fe_mul(&p_ge.y, &p_ge.y, &zi3); + /* Store */ + secp256k1_ge_to_storage(&pre[i], &p_ge); + } +} + +/** The following two macro retrieves a particular odd multiple from a table + * of precomputed multiples. */ +#define ECMULT_TABLE_GET_GE(r,pre,n,w) do { \ + VERIFY_CHECK(((n) & 1) == 1); \ + VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ + VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ + if ((n) > 0) { \ + *(r) = (pre)[((n)-1)/2]; \ + } else { \ + *(r) = (pre)[(-(n)-1)/2]; \ + secp256k1_fe_negate(&((r)->y), &((r)->y), 1); \ + } \ +} while(0) + +#define ECMULT_TABLE_GET_GE_STORAGE(r,pre,n,w) do { \ + VERIFY_CHECK(((n) & 1) == 1); \ + VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ + VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ + if ((n) > 0) { \ + secp256k1_ge_from_storage((r), &(pre)[((n)-1)/2]); \ + } else { \ + secp256k1_ge_from_storage((r), &(pre)[(-(n)-1)/2]); \ + secp256k1_fe_negate(&((r)->y), &((r)->y), 1); \ + } \ +} while(0) + +static const size_t SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE = + ROUND_TO_ALIGN(sizeof((*((secp256k1_ecmult_context*) NULL)->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G)) +#ifdef USE_ENDOMORPHISM + + ROUND_TO_ALIGN(sizeof((*((secp256k1_ecmult_context*) NULL)->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G)) +#endif + ; + +static void secp256k1_ecmult_context_init(secp256k1_ecmult_context *ctx) { + ctx->pre_g = NULL; +#ifdef USE_ENDOMORPHISM + ctx->pre_g_128 = NULL; +#endif +} + +static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, void **prealloc) { + secp256k1_gej gj; + void* const base = *prealloc; + size_t const prealloc_size = SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; + + if (ctx->pre_g != NULL) { + return; + } + + /* get the generator */ + secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); + + { + size_t size = sizeof((*ctx->pre_g)[0]) * ((size_t)ECMULT_TABLE_SIZE(WINDOW_G)); + /* check for overflow */ + VERIFY_CHECK(size / sizeof((*ctx->pre_g)[0]) == ((size_t)ECMULT_TABLE_SIZE(WINDOW_G))); + ctx->pre_g = (secp256k1_ge_storage (*)[])manual_alloc(prealloc, sizeof((*ctx->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G), base, prealloc_size); + } + + /* precompute the tables with odd multiples */ + secp256k1_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g, &gj); + +#ifdef USE_ENDOMORPHISM + { + secp256k1_gej g_128j; + int i; + + size_t size = sizeof((*ctx->pre_g_128)[0]) * ((size_t) ECMULT_TABLE_SIZE(WINDOW_G)); + /* check for overflow */ + VERIFY_CHECK(size / sizeof((*ctx->pre_g_128)[0]) == ((size_t)ECMULT_TABLE_SIZE(WINDOW_G))); + ctx->pre_g_128 = (secp256k1_ge_storage (*)[])manual_alloc(prealloc, sizeof((*ctx->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G), base, prealloc_size); + + /* calculate 2^128*generator */ + g_128j = gj; + for (i = 0; i < 128; i++) { + secp256k1_gej_double_var(&g_128j, &g_128j, NULL); + } + secp256k1_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g_128, &g_128j); + } +#endif +} + +static void secp256k1_ecmult_context_finalize_memcpy(secp256k1_ecmult_context *dst, const secp256k1_ecmult_context *src) { + if (src->pre_g != NULL) { + /* We cast to void* first to suppress a -Wcast-align warning. */ + dst->pre_g = (secp256k1_ge_storage (*)[])(void*)((unsigned char*)dst + ((unsigned char*)(src->pre_g) - (unsigned char*)src)); + } +#ifdef USE_ENDOMORPHISM + if (src->pre_g_128 != NULL) { + dst->pre_g_128 = (secp256k1_ge_storage (*)[])(void*)((unsigned char*)dst + ((unsigned char*)(src->pre_g_128) - (unsigned char*)src)); + } +#endif +} + +static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context *ctx) { + return ctx->pre_g != NULL; +} + +static void secp256k1_ecmult_context_clear(secp256k1_ecmult_context *ctx) { + secp256k1_ecmult_context_init(ctx); +} + +/** Convert a number to WNAF notation. The number becomes represented by sum(2^i * wnaf[i], i=0..bits), + * with the following guarantees: + * - each wnaf[i] is either 0, or an odd integer between -(1<<(w-1) - 1) and (1<<(w-1) - 1) + * - two non-zero entries in wnaf are separated by at least w-1 zeroes. + * - the number of set values in wnaf is returned. This number is at most 256, and at most one more + * than the number of bits in the (absolute value) of the input. + */ +static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a, int w) { + secp256k1_scalar s; + int last_set_bit = -1; + int bit = 0; + int sign = 1; + int carry = 0; + + VERIFY_CHECK(wnaf != NULL); + VERIFY_CHECK(0 <= len && len <= 256); + VERIFY_CHECK(a != NULL); + VERIFY_CHECK(2 <= w && w <= 31); + + memset(wnaf, 0, len * sizeof(wnaf[0])); + + s = *a; + if (secp256k1_scalar_get_bits(&s, 255, 1)) { + secp256k1_scalar_negate(&s, &s); + sign = -1; + } + + while (bit < len) { + int now; + int word; + if (secp256k1_scalar_get_bits(&s, bit, 1) == (unsigned int)carry) { + bit++; + continue; + } + + now = w; + if (now > len - bit) { + now = len - bit; + } + + word = secp256k1_scalar_get_bits_var(&s, bit, now) + carry; + + carry = (word >> (w-1)) & 1; + word -= carry << w; + + wnaf[bit] = sign * word; + last_set_bit = bit; + + bit += now; + } +#ifdef VERIFY + CHECK(carry == 0); + while (bit < 256) { + CHECK(secp256k1_scalar_get_bits(&s, bit++, 1) == 0); + } +#endif + return last_set_bit + 1; +} + +struct secp256k1_strauss_point_state { +#ifdef USE_ENDOMORPHISM + secp256k1_scalar na_1, na_lam; + int wnaf_na_1[130]; + int wnaf_na_lam[130]; + int bits_na_1; + int bits_na_lam; +#else + int wnaf_na[256]; + int bits_na; +#endif + size_t input_pos; +}; + +struct secp256k1_strauss_state { + secp256k1_gej* prej; + secp256k1_fe* zr; + secp256k1_ge* pre_a; +#ifdef USE_ENDOMORPHISM + secp256k1_ge* pre_a_lam; +#endif + struct secp256k1_strauss_point_state* ps; +}; + +static void secp256k1_ecmult_strauss_wnaf(const secp256k1_ecmult_context *ctx, const struct secp256k1_strauss_state *state, secp256k1_gej *r, int num, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng) { + secp256k1_ge tmpa; + secp256k1_fe Z; +#ifdef USE_ENDOMORPHISM + /* Splitted G factors. */ + secp256k1_scalar ng_1, ng_128; + int wnaf_ng_1[129]; + int bits_ng_1 = 0; + int wnaf_ng_128[129]; + int bits_ng_128 = 0; +#else + int wnaf_ng[256]; + int bits_ng = 0; +#endif + int i; + int bits = 0; + int np; + int no = 0; + + for (np = 0; np < num; ++np) { + if (secp256k1_scalar_is_zero(&na[np]) || secp256k1_gej_is_infinity(&a[np])) { + continue; + } + state->ps[no].input_pos = np; +#ifdef USE_ENDOMORPHISM + /* split na into na_1 and na_lam (where na = na_1 + na_lam*lambda, and na_1 and na_lam are ~128 bit) */ + secp256k1_scalar_split_lambda(&state->ps[no].na_1, &state->ps[no].na_lam, &na[np]); + + /* build wnaf representation for na_1 and na_lam. */ + state->ps[no].bits_na_1 = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na_1, 130, &state->ps[no].na_1, WINDOW_A); + state->ps[no].bits_na_lam = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na_lam, 130, &state->ps[no].na_lam, WINDOW_A); + VERIFY_CHECK(state->ps[no].bits_na_1 <= 130); + VERIFY_CHECK(state->ps[no].bits_na_lam <= 130); + if (state->ps[no].bits_na_1 > bits) { + bits = state->ps[no].bits_na_1; + } + if (state->ps[no].bits_na_lam > bits) { + bits = state->ps[no].bits_na_lam; + } +#else + /* build wnaf representation for na. */ + state->ps[no].bits_na = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na, 256, &na[np], WINDOW_A); + if (state->ps[no].bits_na > bits) { + bits = state->ps[no].bits_na; + } +#endif + ++no; + } + + /* Calculate odd multiples of a. + * All multiples are brought to the same Z 'denominator', which is stored + * in Z. Due to secp256k1' isomorphism we can do all operations pretending + * that the Z coordinate was 1, use affine addition formulae, and correct + * the Z coordinate of the result once at the end. + * The exception is the precomputed G table points, which are actually + * affine. Compared to the base used for other points, they have a Z ratio + * of 1/Z, so we can use secp256k1_gej_add_zinv_var, which uses the same + * isomorphism to efficiently add with a known Z inverse. + */ + if (no > 0) { + /* Compute the odd multiples in Jacobian form. */ + secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->prej, state->zr, &a[state->ps[0].input_pos]); + for (np = 1; np < no; ++np) { + secp256k1_gej tmp = a[state->ps[np].input_pos]; +#ifdef VERIFY + secp256k1_fe_normalize_var(&(state->prej[(np - 1) * ECMULT_TABLE_SIZE(WINDOW_A) + ECMULT_TABLE_SIZE(WINDOW_A) - 1].z)); +#endif + secp256k1_gej_rescale(&tmp, &(state->prej[(np - 1) * ECMULT_TABLE_SIZE(WINDOW_A) + ECMULT_TABLE_SIZE(WINDOW_A) - 1].z)); + secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->prej + np * ECMULT_TABLE_SIZE(WINDOW_A), state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), &tmp); + secp256k1_fe_mul(state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), &(a[state->ps[np].input_pos].z)); + } + /* Bring them to the same Z denominator. */ + secp256k1_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A) * no, state->pre_a, &Z, state->prej, state->zr); + } else { + secp256k1_fe_set_int(&Z, 1); + } + +#ifdef USE_ENDOMORPHISM + for (np = 0; np < no; ++np) { + for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { + secp256k1_ge_mul_lambda(&state->pre_a_lam[np * ECMULT_TABLE_SIZE(WINDOW_A) + i], &state->pre_a[np * ECMULT_TABLE_SIZE(WINDOW_A) + i]); + } + } + + if (ng) { + /* split ng into ng_1 and ng_128 (where gn = gn_1 + gn_128*2^128, and gn_1 and gn_128 are ~128 bit) */ + secp256k1_scalar_split_128(&ng_1, &ng_128, ng); + + /* Build wnaf representation for ng_1 and ng_128 */ + bits_ng_1 = secp256k1_ecmult_wnaf(wnaf_ng_1, 129, &ng_1, WINDOW_G); + bits_ng_128 = secp256k1_ecmult_wnaf(wnaf_ng_128, 129, &ng_128, WINDOW_G); + if (bits_ng_1 > bits) { + bits = bits_ng_1; + } + if (bits_ng_128 > bits) { + bits = bits_ng_128; + } + } +#else + if (ng) { + bits_ng = secp256k1_ecmult_wnaf(wnaf_ng, 256, ng, WINDOW_G); + if (bits_ng > bits) { + bits = bits_ng; + } + } +#endif + + secp256k1_gej_set_infinity(r); + + for (i = bits - 1; i >= 0; i--) { + int n; + secp256k1_gej_double_var(r, r, NULL); +#ifdef USE_ENDOMORPHISM + for (np = 0; np < no; ++np) { + if (i < state->ps[np].bits_na_1 && (n = state->ps[np].wnaf_na_1[i])) { + ECMULT_TABLE_GET_GE(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); + secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); + } + if (i < state->ps[np].bits_na_lam && (n = state->ps[np].wnaf_na_lam[i])) { + ECMULT_TABLE_GET_GE(&tmpa, state->pre_a_lam + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); + secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); + } + } + if (i < bits_ng_1 && (n = wnaf_ng_1[i])) { + ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g, n, WINDOW_G); + secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); + } + if (i < bits_ng_128 && (n = wnaf_ng_128[i])) { + ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g_128, n, WINDOW_G); + secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); + } +#else + for (np = 0; np < no; ++np) { + if (i < state->ps[np].bits_na && (n = state->ps[np].wnaf_na[i])) { + ECMULT_TABLE_GET_GE(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); + secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); + } + } + if (i < bits_ng && (n = wnaf_ng[i])) { + ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g, n, WINDOW_G); + secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); + } +#endif + } + + if (!r->infinity) { + secp256k1_fe_mul(&r->z, &r->z, &Z); + } +} + +static void secp256k1_ecmult(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng) { + secp256k1_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; + struct secp256k1_strauss_point_state ps[1]; +#ifdef USE_ENDOMORPHISM + secp256k1_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; +#endif + struct secp256k1_strauss_state state; + + state.prej = prej; + state.zr = zr; + state.pre_a = pre_a; +#ifdef USE_ENDOMORPHISM + state.pre_a_lam = pre_a_lam; +#endif + state.ps = ps; + secp256k1_ecmult_strauss_wnaf(ctx, &state, r, 1, a, na, ng); +} + +static size_t secp256k1_strauss_scratch_size(size_t n_points) { +#ifdef USE_ENDOMORPHISM + static const size_t point_size = (2 * sizeof(secp256k1_ge) + sizeof(secp256k1_gej) + sizeof(secp256k1_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct secp256k1_strauss_point_state) + sizeof(secp256k1_gej) + sizeof(secp256k1_scalar); +#else + static const size_t point_size = (sizeof(secp256k1_ge) + sizeof(secp256k1_gej) + sizeof(secp256k1_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct secp256k1_strauss_point_state) + sizeof(secp256k1_gej) + sizeof(secp256k1_scalar); +#endif + return n_points*point_size; +} + +static int secp256k1_ecmult_strauss_batch(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { + secp256k1_gej* points; + secp256k1_scalar* scalars; + struct secp256k1_strauss_state state; + size_t i; + const size_t scratch_checkpoint = secp256k1_scratch_checkpoint(error_callback, scratch); + + secp256k1_gej_set_infinity(r); + if (inp_g_sc == NULL && n_points == 0) { + return 1; + } + + points = (secp256k1_gej*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(secp256k1_gej)); + scalars = (secp256k1_scalar*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(secp256k1_scalar)); + state.prej = (secp256k1_gej*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_gej)); + state.zr = (secp256k1_fe*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_fe)); +#ifdef USE_ENDOMORPHISM + state.pre_a = (secp256k1_ge*)secp256k1_scratch_alloc(error_callback, scratch, n_points * 2 * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_ge)); + state.pre_a_lam = state.pre_a + n_points * ECMULT_TABLE_SIZE(WINDOW_A); +#else + state.pre_a = (secp256k1_ge*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_ge)); +#endif + state.ps = (struct secp256k1_strauss_point_state*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(struct secp256k1_strauss_point_state)); + + if (points == NULL || scalars == NULL || state.prej == NULL || state.zr == NULL || state.pre_a == NULL) { + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 0; + } + + for (i = 0; i < n_points; i++) { + secp256k1_ge point; + if (!cb(&scalars[i], &point, i+cb_offset, cbdata)) { + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 0; + } + secp256k1_gej_set_ge(&points[i], &point); + } + secp256k1_ecmult_strauss_wnaf(ctx, &state, r, n_points, points, scalars, inp_g_sc); + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 1; +} + +/* Wrapper for secp256k1_ecmult_multi_func interface */ +static int secp256k1_ecmult_strauss_batch_single(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *actx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n) { + return secp256k1_ecmult_strauss_batch(error_callback, actx, scratch, r, inp_g_sc, cb, cbdata, n, 0); +} + +static size_t secp256k1_strauss_max_points(const secp256k1_callback* error_callback, secp256k1_scratch *scratch) { + return secp256k1_scratch_max_allocation(error_callback, scratch, STRAUSS_SCRATCH_OBJECTS) / secp256k1_strauss_scratch_size(1); +} + +/** Convert a number to WNAF notation. + * The number becomes represented by sum(2^{wi} * wnaf[i], i=0..WNAF_SIZE(w)+1) - return_val. + * It has the following guarantees: + * - each wnaf[i] is either 0 or an odd integer between -(1 << w) and (1 << w) + * - the number of words set is always WNAF_SIZE(w) + * - the returned skew is 0 or 1 + */ +static int secp256k1_wnaf_fixed(int *wnaf, const secp256k1_scalar *s, int w) { + int skew = 0; + int pos; + int max_pos; + int last_w; + const secp256k1_scalar *work = s; + + if (secp256k1_scalar_is_zero(s)) { + for (pos = 0; pos < WNAF_SIZE(w); pos++) { + wnaf[pos] = 0; + } + return 0; + } + + if (secp256k1_scalar_is_even(s)) { + skew = 1; + } + + wnaf[0] = secp256k1_scalar_get_bits_var(work, 0, w) + skew; + /* Compute last window size. Relevant when window size doesn't divide the + * number of bits in the scalar */ + last_w = WNAF_BITS - (WNAF_SIZE(w) - 1) * w; + + /* Store the position of the first nonzero word in max_pos to allow + * skipping leading zeros when calculating the wnaf. */ + for (pos = WNAF_SIZE(w) - 1; pos > 0; pos--) { + int val = secp256k1_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); + if(val != 0) { + break; + } + wnaf[pos] = 0; + } + max_pos = pos; + pos = 1; + + while (pos <= max_pos) { + int val = secp256k1_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); + if ((val & 1) == 0) { + wnaf[pos - 1] -= (1 << w); + wnaf[pos] = (val + 1); + } else { + wnaf[pos] = val; + } + /* Set a coefficient to zero if it is 1 or -1 and the proceeding digit + * is strictly negative or strictly positive respectively. Only change + * coefficients at previous positions because above code assumes that + * wnaf[pos - 1] is odd. + */ + if (pos >= 2 && ((wnaf[pos - 1] == 1 && wnaf[pos - 2] < 0) || (wnaf[pos - 1] == -1 && wnaf[pos - 2] > 0))) { + if (wnaf[pos - 1] == 1) { + wnaf[pos - 2] += 1 << w; + } else { + wnaf[pos - 2] -= 1 << w; + } + wnaf[pos - 1] = 0; + } + ++pos; + } + + return skew; +} + +struct secp256k1_pippenger_point_state { + int skew_na; + size_t input_pos; +}; + +struct secp256k1_pippenger_state { + int *wnaf_na; + struct secp256k1_pippenger_point_state* ps; +}; + +/* + * pippenger_wnaf computes the result of a multi-point multiplication as + * follows: The scalars are brought into wnaf with n_wnaf elements each. Then + * for every i < n_wnaf, first each point is added to a "bucket" corresponding + * to the point's wnaf[i]. Second, the buckets are added together such that + * r += 1*bucket[0] + 3*bucket[1] + 5*bucket[2] + ... + */ +static int secp256k1_ecmult_pippenger_wnaf(secp256k1_gej *buckets, int bucket_window, struct secp256k1_pippenger_state *state, secp256k1_gej *r, const secp256k1_scalar *sc, const secp256k1_ge *pt, size_t num) { + size_t n_wnaf = WNAF_SIZE(bucket_window+1); + size_t np; + size_t no = 0; + int i; + int j; + + for (np = 0; np < num; ++np) { + if (secp256k1_scalar_is_zero(&sc[np]) || secp256k1_ge_is_infinity(&pt[np])) { + continue; + } + state->ps[no].input_pos = np; + state->ps[no].skew_na = secp256k1_wnaf_fixed(&state->wnaf_na[no*n_wnaf], &sc[np], bucket_window+1); + no++; + } + secp256k1_gej_set_infinity(r); + + if (no == 0) { + return 1; + } + + for (i = n_wnaf - 1; i >= 0; i--) { + secp256k1_gej running_sum; + + for(j = 0; j < ECMULT_TABLE_SIZE(bucket_window+2); j++) { + secp256k1_gej_set_infinity(&buckets[j]); + } + + for (np = 0; np < no; ++np) { + int n = state->wnaf_na[np*n_wnaf + i]; + struct secp256k1_pippenger_point_state point_state = state->ps[np]; + secp256k1_ge tmp; + int idx; + + if (i == 0) { + /* correct for wnaf skew */ + int skew = point_state.skew_na; + if (skew) { + secp256k1_ge_neg(&tmp, &pt[point_state.input_pos]); + secp256k1_gej_add_ge_var(&buckets[0], &buckets[0], &tmp, NULL); + } + } + if (n > 0) { + idx = (n - 1)/2; + secp256k1_gej_add_ge_var(&buckets[idx], &buckets[idx], &pt[point_state.input_pos], NULL); + } else if (n < 0) { + idx = -(n + 1)/2; + secp256k1_ge_neg(&tmp, &pt[point_state.input_pos]); + secp256k1_gej_add_ge_var(&buckets[idx], &buckets[idx], &tmp, NULL); + } + } + + for(j = 0; j < bucket_window; j++) { + secp256k1_gej_double_var(r, r, NULL); + } + + secp256k1_gej_set_infinity(&running_sum); + /* Accumulate the sum: bucket[0] + 3*bucket[1] + 5*bucket[2] + 7*bucket[3] + ... + * = bucket[0] + bucket[1] + bucket[2] + bucket[3] + ... + * + 2 * (bucket[1] + 2*bucket[2] + 3*bucket[3] + ...) + * using an intermediate running sum: + * running_sum = bucket[0] + bucket[1] + bucket[2] + ... + * + * The doubling is done implicitly by deferring the final window doubling (of 'r'). + */ + for(j = ECMULT_TABLE_SIZE(bucket_window+2) - 1; j > 0; j--) { + secp256k1_gej_add_var(&running_sum, &running_sum, &buckets[j], NULL); + secp256k1_gej_add_var(r, r, &running_sum, NULL); + } + + secp256k1_gej_add_var(&running_sum, &running_sum, &buckets[0], NULL); + secp256k1_gej_double_var(r, r, NULL); + secp256k1_gej_add_var(r, r, &running_sum, NULL); + } + return 1; +} + +/** + * Returns optimal bucket_window (number of bits of a scalar represented by a + * set of buckets) for a given number of points. + */ +static int secp256k1_pippenger_bucket_window(size_t n) { +#ifdef USE_ENDOMORPHISM + if (n <= 1) { + return 1; + } else if (n <= 4) { + return 2; + } else if (n <= 20) { + return 3; + } else if (n <= 57) { + return 4; + } else if (n <= 136) { + return 5; + } else if (n <= 235) { + return 6; + } else if (n <= 1260) { + return 7; + } else if (n <= 4420) { + return 9; + } else if (n <= 7880) { + return 10; + } else if (n <= 16050) { + return 11; + } else { + return PIPPENGER_MAX_BUCKET_WINDOW; + } +#else + if (n <= 1) { + return 1; + } else if (n <= 11) { + return 2; + } else if (n <= 45) { + return 3; + } else if (n <= 100) { + return 4; + } else if (n <= 275) { + return 5; + } else if (n <= 625) { + return 6; + } else if (n <= 1850) { + return 7; + } else if (n <= 3400) { + return 8; + } else if (n <= 9630) { + return 9; + } else if (n <= 17900) { + return 10; + } else if (n <= 32800) { + return 11; + } else { + return PIPPENGER_MAX_BUCKET_WINDOW; + } +#endif +} + +/** + * Returns the maximum optimal number of points for a bucket_window. + */ +static size_t secp256k1_pippenger_bucket_window_inv(int bucket_window) { + switch(bucket_window) { +#ifdef USE_ENDOMORPHISM + case 1: return 1; + case 2: return 4; + case 3: return 20; + case 4: return 57; + case 5: return 136; + case 6: return 235; + case 7: return 1260; + case 8: return 1260; + case 9: return 4420; + case 10: return 7880; + case 11: return 16050; + case PIPPENGER_MAX_BUCKET_WINDOW: return SIZE_MAX; +#else + case 1: return 1; + case 2: return 11; + case 3: return 45; + case 4: return 100; + case 5: return 275; + case 6: return 625; + case 7: return 1850; + case 8: return 3400; + case 9: return 9630; + case 10: return 17900; + case 11: return 32800; + case PIPPENGER_MAX_BUCKET_WINDOW: return SIZE_MAX; +#endif + } + return 0; +} + + +#ifdef USE_ENDOMORPHISM +SECP256K1_INLINE static void secp256k1_ecmult_endo_split(secp256k1_scalar *s1, secp256k1_scalar *s2, secp256k1_ge *p1, secp256k1_ge *p2) { + secp256k1_scalar tmp = *s1; + secp256k1_scalar_split_lambda(s1, s2, &tmp); + secp256k1_ge_mul_lambda(p2, p1); + + if (secp256k1_scalar_is_high(s1)) { + secp256k1_scalar_negate(s1, s1); + secp256k1_ge_neg(p1, p1); + } + if (secp256k1_scalar_is_high(s2)) { + secp256k1_scalar_negate(s2, s2); + secp256k1_ge_neg(p2, p2); + } +} +#endif + +/** + * Returns the scratch size required for a given number of points (excluding + * base point G) without considering alignment. + */ +static size_t secp256k1_pippenger_scratch_size(size_t n_points, int bucket_window) { +#ifdef USE_ENDOMORPHISM + size_t entries = 2*n_points + 2; +#else + size_t entries = n_points + 1; +#endif + size_t entry_size = sizeof(secp256k1_ge) + sizeof(secp256k1_scalar) + sizeof(struct secp256k1_pippenger_point_state) + (WNAF_SIZE(bucket_window+1)+1)*sizeof(int); + return (sizeof(secp256k1_gej) << bucket_window) + sizeof(struct secp256k1_pippenger_state) + entries * entry_size; +} + +static int secp256k1_ecmult_pippenger_batch(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { + const size_t scratch_checkpoint = secp256k1_scratch_checkpoint(error_callback, scratch); + /* Use 2(n+1) with the endomorphism, n+1 without, when calculating batch + * sizes. The reason for +1 is that we add the G scalar to the list of + * other scalars. */ +#ifdef USE_ENDOMORPHISM + size_t entries = 2*n_points + 2; +#else + size_t entries = n_points + 1; +#endif + secp256k1_ge *points; + secp256k1_scalar *scalars; + secp256k1_gej *buckets; + struct secp256k1_pippenger_state *state_space; + size_t idx = 0; + size_t point_idx = 0; + int i, j; + int bucket_window; + + (void)ctx; + secp256k1_gej_set_infinity(r); + if (inp_g_sc == NULL && n_points == 0) { + return 1; + } + + bucket_window = secp256k1_pippenger_bucket_window(n_points); + points = (secp256k1_ge *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*points)); + scalars = (secp256k1_scalar *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*scalars)); + state_space = (struct secp256k1_pippenger_state *) secp256k1_scratch_alloc(error_callback, scratch, sizeof(*state_space)); + if (points == NULL || scalars == NULL || state_space == NULL) { + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 0; + } + + state_space->ps = (struct secp256k1_pippenger_point_state *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*state_space->ps)); + state_space->wnaf_na = (int *) secp256k1_scratch_alloc(error_callback, scratch, entries*(WNAF_SIZE(bucket_window+1)) * sizeof(int)); + buckets = (secp256k1_gej *) secp256k1_scratch_alloc(error_callback, scratch, (1<ps == NULL || state_space->wnaf_na == NULL || buckets == NULL) { + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 0; + } + + if (inp_g_sc != NULL) { + scalars[0] = *inp_g_sc; + points[0] = secp256k1_ge_const_g; + idx++; +#ifdef USE_ENDOMORPHISM + secp256k1_ecmult_endo_split(&scalars[0], &scalars[1], &points[0], &points[1]); + idx++; +#endif + } + + while (point_idx < n_points) { + if (!cb(&scalars[idx], &points[idx], point_idx + cb_offset, cbdata)) { + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 0; + } + idx++; +#ifdef USE_ENDOMORPHISM + secp256k1_ecmult_endo_split(&scalars[idx - 1], &scalars[idx], &points[idx - 1], &points[idx]); + idx++; +#endif + point_idx++; + } + + secp256k1_ecmult_pippenger_wnaf(buckets, bucket_window, state_space, r, scalars, points, idx); + + /* Clear data */ + for(i = 0; (size_t)i < idx; i++) { + secp256k1_scalar_clear(&scalars[i]); + state_space->ps[i].skew_na = 0; + for(j = 0; j < WNAF_SIZE(bucket_window+1); j++) { + state_space->wnaf_na[i * WNAF_SIZE(bucket_window+1) + j] = 0; + } + } + for(i = 0; i < 1< max_alloc) { + break; + } + space_for_points = max_alloc - space_overhead; + + n_points = space_for_points/entry_size; + n_points = n_points > max_points ? max_points : n_points; + if (n_points > res) { + res = n_points; + } + if (n_points < max_points) { + /* A larger bucket_window may support even more points. But if we + * would choose that then the caller couldn't safely use any number + * smaller than what this function returns */ + break; + } + } + return res; +} + +/* Computes ecmult_multi by simply multiplying and adding each point. Does not + * require a scratch space */ +static int secp256k1_ecmult_multi_simple_var(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points) { + size_t point_idx; + secp256k1_scalar szero; + secp256k1_gej tmpj; + + secp256k1_scalar_set_int(&szero, 0); + secp256k1_gej_set_infinity(r); + secp256k1_gej_set_infinity(&tmpj); + /* r = inp_g_sc*G */ + secp256k1_ecmult(ctx, r, &tmpj, &szero, inp_g_sc); + for (point_idx = 0; point_idx < n_points; point_idx++) { + secp256k1_ge point; + secp256k1_gej pointj; + secp256k1_scalar scalar; + if (!cb(&scalar, &point, point_idx, cbdata)) { + return 0; + } + /* r += scalar*point */ + secp256k1_gej_set_ge(&pointj, &point); + secp256k1_ecmult(ctx, &tmpj, &pointj, &scalar, NULL); + secp256k1_gej_add_var(r, r, &tmpj, NULL); + } + return 1; +} + +/* Compute the number of batches and the batch size given the maximum batch size and the + * total number of points */ +static int secp256k1_ecmult_multi_batch_size_helper(size_t *n_batches, size_t *n_batch_points, size_t max_n_batch_points, size_t n) { + if (max_n_batch_points == 0) { + return 0; + } + if (max_n_batch_points > ECMULT_MAX_POINTS_PER_BATCH) { + max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH; + } + if (n == 0) { + *n_batches = 0; + *n_batch_points = 0; + return 1; + } + /* Compute ceil(n/max_n_batch_points) and ceil(n/n_batches) */ + *n_batches = 1 + (n - 1) / max_n_batch_points; + *n_batch_points = 1 + (n - 1) / *n_batches; + return 1; +} + +typedef int (*secp256k1_ecmult_multi_func)(const secp256k1_callback* error_callback, const secp256k1_ecmult_context*, secp256k1_scratch*, secp256k1_gej*, const secp256k1_scalar*, secp256k1_ecmult_multi_callback cb, void*, size_t); +static int secp256k1_ecmult_multi_var(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n) { + size_t i; + + int (*f)(const secp256k1_callback* error_callback, const secp256k1_ecmult_context*, secp256k1_scratch*, secp256k1_gej*, const secp256k1_scalar*, secp256k1_ecmult_multi_callback cb, void*, size_t, size_t); + size_t n_batches; + size_t n_batch_points; + + secp256k1_gej_set_infinity(r); + if (inp_g_sc == NULL && n == 0) { + return 1; + } else if (n == 0) { + secp256k1_scalar szero; + secp256k1_scalar_set_int(&szero, 0); + secp256k1_ecmult(ctx, r, r, &szero, inp_g_sc); + return 1; + } + if (scratch == NULL) { + return secp256k1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); + } + + /* Compute the batch sizes for Pippenger's algorithm given a scratch space. If it's greater than + * a threshold use Pippenger's algorithm. Otherwise use Strauss' algorithm. + * As a first step check if there's enough space for Pippenger's algo (which requires less space + * than Strauss' algo) and if not, use the simple algorithm. */ + if (!secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, secp256k1_pippenger_max_points(error_callback, scratch), n)) { + return secp256k1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); + } + if (n_batch_points >= ECMULT_PIPPENGER_THRESHOLD) { + f = secp256k1_ecmult_pippenger_batch; + } else { + if (!secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, secp256k1_strauss_max_points(error_callback, scratch), n)) { + return secp256k1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); + } + f = secp256k1_ecmult_strauss_batch; + } + for(i = 0; i < n_batches; i++) { + size_t nbp = n < n_batch_points ? n : n_batch_points; + size_t offset = n_batch_points*i; + secp256k1_gej tmp; + if (!f(error_callback, ctx, scratch, &tmp, i == 0 ? inp_g_sc : NULL, cb, cbdata, nbp, offset)) { + return 0; + } + secp256k1_gej_add_var(r, r, &tmp, NULL); + n -= nbp; + } + return 1; +} + +#endif /* SECP256K1_ECMULT_IMPL_H */ diff --git a/deps/secp256k1/src/field.h b/deps/secp256k1/src/field.h new file mode 100644 index 000000000..bb6692ad5 --- /dev/null +++ b/deps/secp256k1/src/field.h @@ -0,0 +1,132 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_H +#define SECP256K1_FIELD_H + +/** Field element module. + * + * Field elements can be represented in several ways, but code accessing + * it (and implementations) need to take certain properties into account: + * - Each field element can be normalized or not. + * - Each field element has a magnitude, which represents how far away + * its representation is away from normalization. Normalized elements + * always have a magnitude of 1, but a magnitude of 1 doesn't imply + * normality. + */ + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#if defined(USE_FIELD_10X26) +#include "field_10x26.h" +#elif defined(USE_FIELD_5X52) +#include "field_5x52.h" +#else +#error "Please select field implementation" +#endif + +#include "util.h" + +/** Normalize a field element. */ +static void secp256k1_fe_normalize(secp256k1_fe *r); + +/** Weakly normalize a field element: reduce it magnitude to 1, but don't fully normalize. */ +static void secp256k1_fe_normalize_weak(secp256k1_fe *r); + +/** Normalize a field element, without constant-time guarantee. */ +static void secp256k1_fe_normalize_var(secp256k1_fe *r); + +/** Verify whether a field element represents zero i.e. would normalize to a zero value. The field + * implementation may optionally normalize the input, but this should not be relied upon. */ +static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r); + +/** Verify whether a field element represents zero i.e. would normalize to a zero value. The field + * implementation may optionally normalize the input, but this should not be relied upon. */ +static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r); + +/** Set a field element equal to a small integer. Resulting field element is normalized. */ +static void secp256k1_fe_set_int(secp256k1_fe *r, int a); + +/** Sets a field element equal to zero, initializing all fields. */ +static void secp256k1_fe_clear(secp256k1_fe *a); + +/** Verify whether a field element is zero. Requires the input to be normalized. */ +static int secp256k1_fe_is_zero(const secp256k1_fe *a); + +/** Check the "oddness" of a field element. Requires the input to be normalized. */ +static int secp256k1_fe_is_odd(const secp256k1_fe *a); + +/** Compare two field elements. Requires magnitude-1 inputs. */ +static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b); + +/** Same as secp256k1_fe_equal, but may be variable time. */ +static int secp256k1_fe_equal_var(const secp256k1_fe *a, const secp256k1_fe *b); + +/** Compare two field elements. Requires both inputs to be normalized */ +static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b); + +/** Set a field element equal to 32-byte big endian value. If successful, the resulting field element is normalized. */ +static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a); + +/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ +static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a); + +/** Set a field element equal to the additive inverse of another. Takes a maximum magnitude of the input + * as an argument. The magnitude of the output is one higher. */ +static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m); + +/** Multiplies the passed field element with a small integer constant. Multiplies the magnitude by that + * small integer. */ +static void secp256k1_fe_mul_int(secp256k1_fe *r, int a); + +/** Adds a field element to another. The result has the sum of the inputs' magnitudes as magnitude. */ +static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a); + +/** Sets a field element to be the product of two others. Requires the inputs' magnitudes to be at most 8. + * The output magnitude is 1 (but not guaranteed to be normalized). */ +static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b); + +/** Sets a field element to be the square of another. Requires the input's magnitude to be at most 8. + * The output magnitude is 1 (but not guaranteed to be normalized). */ +static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a); + +/** If a has a square root, it is computed in r and 1 is returned. If a does not + * have a square root, the root of its negation is computed and 0 is returned. + * The input's magnitude can be at most 8. The output magnitude is 1 (but not + * guaranteed to be normalized). The result in r will always be a square + * itself. */ +static int secp256k1_fe_sqrt(secp256k1_fe *r, const secp256k1_fe *a); + +/** Checks whether a field element is a quadratic residue. */ +static int secp256k1_fe_is_quad_var(const secp256k1_fe *a); + +/** Sets a field element to be the (modular) inverse of another. Requires the input's magnitude to be + * at most 8. The output magnitude is 1 (but not guaranteed to be normalized). */ +static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a); + +/** Potentially faster version of secp256k1_fe_inv, without constant-time guarantee. */ +static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a); + +/** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be + * at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and + * outputs must not overlap in memory. */ +static void secp256k1_fe_inv_all_var(secp256k1_fe *r, const secp256k1_fe *a, size_t len); + +/** Convert a field element to the storage type. */ +static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a); + +/** Convert a field element back from the storage type. */ +static void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a); + +/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. */ +static void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag); + +/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. */ +static void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag); + +#endif /* SECP256K1_FIELD_H */ diff --git a/deps/secp256k1/src/field_10x26.h b/deps/secp256k1/src/field_10x26.h new file mode 100644 index 000000000..5ff03c8ab --- /dev/null +++ b/deps/secp256k1/src/field_10x26.h @@ -0,0 +1,50 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_REPR_H +#define SECP256K1_FIELD_REPR_H + +#include + +typedef struct { + /* X = sum(i=0..9, n[i]*2^(i*26)) mod p + * where p = 2^256 - 0x1000003D1 + */ + uint32_t n[10]; +#ifdef VERIFY + int magnitude; + int normalized; +#endif +} secp256k1_fe; + +/* Unpacks a constant into a overlapping multi-limbed FE element. */ +#define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ + (d0) & 0x3FFFFFFUL, \ + (((uint32_t)d0) >> 26) | (((uint32_t)(d1) & 0xFFFFFUL) << 6), \ + (((uint32_t)d1) >> 20) | (((uint32_t)(d2) & 0x3FFFUL) << 12), \ + (((uint32_t)d2) >> 14) | (((uint32_t)(d3) & 0xFFUL) << 18), \ + (((uint32_t)d3) >> 8) | (((uint32_t)(d4) & 0x3UL) << 24), \ + (((uint32_t)d4) >> 2) & 0x3FFFFFFUL, \ + (((uint32_t)d4) >> 28) | (((uint32_t)(d5) & 0x3FFFFFUL) << 4), \ + (((uint32_t)d5) >> 22) | (((uint32_t)(d6) & 0xFFFFUL) << 10), \ + (((uint32_t)d6) >> 16) | (((uint32_t)(d7) & 0x3FFUL) << 16), \ + (((uint32_t)d7) >> 10) \ +} + +#ifdef VERIFY +#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)), 1, 1} +#else +#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0))} +#endif + +typedef struct { + uint32_t n[8]; +} secp256k1_fe_storage; + +#define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ (d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7) }} +#define SECP256K1_FE_STORAGE_CONST_GET(d) d.n[7], d.n[6], d.n[5], d.n[4],d.n[3], d.n[2], d.n[1], d.n[0] + +#endif /* SECP256K1_FIELD_REPR_H */ diff --git a/deps/secp256k1/src/field_10x26_impl.h b/deps/secp256k1/src/field_10x26_impl.h new file mode 100644 index 000000000..4ae4fdcec --- /dev/null +++ b/deps/secp256k1/src/field_10x26_impl.h @@ -0,0 +1,1162 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_REPR_IMPL_H +#define SECP256K1_FIELD_REPR_IMPL_H + +#include "util.h" +#include "field.h" + +#ifdef VERIFY +static void secp256k1_fe_verify(const secp256k1_fe *a) { + const uint32_t *d = a->n; + int m = a->normalized ? 1 : 2 * a->magnitude, r = 1; + r &= (d[0] <= 0x3FFFFFFUL * m); + r &= (d[1] <= 0x3FFFFFFUL * m); + r &= (d[2] <= 0x3FFFFFFUL * m); + r &= (d[3] <= 0x3FFFFFFUL * m); + r &= (d[4] <= 0x3FFFFFFUL * m); + r &= (d[5] <= 0x3FFFFFFUL * m); + r &= (d[6] <= 0x3FFFFFFUL * m); + r &= (d[7] <= 0x3FFFFFFUL * m); + r &= (d[8] <= 0x3FFFFFFUL * m); + r &= (d[9] <= 0x03FFFFFUL * m); + r &= (a->magnitude >= 0); + r &= (a->magnitude <= 32); + if (a->normalized) { + r &= (a->magnitude <= 1); + if (r && (d[9] == 0x03FFFFFUL)) { + uint32_t mid = d[8] & d[7] & d[6] & d[5] & d[4] & d[3] & d[2]; + if (mid == 0x3FFFFFFUL) { + r &= ((d[1] + 0x40UL + ((d[0] + 0x3D1UL) >> 26)) <= 0x3FFFFFFUL); + } + } + } + VERIFY_CHECK(r == 1); +} +#endif + +static void secp256k1_fe_normalize(secp256k1_fe *r) { + uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], + t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; + + /* Reduce t9 at the start so there will be at most a single carry from the first pass */ + uint32_t m; + uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; m = t2; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; m &= t3; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; m &= t4; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; m &= t5; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; m &= t6; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; m &= t7; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; m &= t8; + + /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t9 >> 23 == 0); + + /* At most a single final reduction is needed; check if the value is >= the field characteristic */ + x = (t9 >> 22) | ((t9 == 0x03FFFFFUL) & (m == 0x3FFFFFFUL) + & ((t1 + 0x40UL + ((t0 + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); + + /* Apply the final reduction (for constant-time behaviour, we do it always) */ + t0 += x * 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; + + /* If t9 didn't carry to bit 22 already, then it should have after any final reduction */ + VERIFY_CHECK(t9 >> 22 == x); + + /* Mask off the possible multiple of 2^256 from the final reduction */ + t9 &= 0x03FFFFFUL; + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; + +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { + uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], + t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; + + /* Reduce t9 at the start so there will be at most a single carry from the first pass */ + uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; + + /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t9 >> 23 == 0); + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; + +#ifdef VERIFY + r->magnitude = 1; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_normalize_var(secp256k1_fe *r) { + uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], + t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; + + /* Reduce t9 at the start so there will be at most a single carry from the first pass */ + uint32_t m; + uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; m = t2; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; m &= t3; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; m &= t4; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; m &= t5; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; m &= t6; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; m &= t7; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; m &= t8; + + /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t9 >> 23 == 0); + + /* At most a single final reduction is needed; check if the value is >= the field characteristic */ + x = (t9 >> 22) | ((t9 == 0x03FFFFFUL) & (m == 0x3FFFFFFUL) + & ((t1 + 0x40UL + ((t0 + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); + + if (x) { + t0 += 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; + + /* If t9 didn't carry to bit 22 already, then it should have after any final reduction */ + VERIFY_CHECK(t9 >> 22 == x); + + /* Mask off the possible multiple of 2^256 from the final reduction */ + t9 &= 0x03FFFFFUL; + } + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; + +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r) { + uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], + t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; + + /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ + uint32_t z0, z1; + + /* Reduce t9 at the start so there will be at most a single carry from the first pass */ + uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; z0 = t0; z1 = t0 ^ 0x3D0UL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; z0 |= t1; z1 &= t1 ^ 0x40UL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; z0 |= t2; z1 &= t2; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; z0 |= t3; z1 &= t3; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; z0 |= t4; z1 &= t4; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; z0 |= t5; z1 &= t5; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; z0 |= t6; z1 &= t6; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; z0 |= t7; z1 &= t7; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; z0 |= t8; z1 &= t8; + z0 |= t9; z1 &= t9 ^ 0x3C00000UL; + + /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t9 >> 23 == 0); + + return (z0 == 0) | (z1 == 0x3FFFFFFUL); +} + +static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { + uint32_t t0, t1, t2, t3, t4, t5, t6, t7, t8, t9; + uint32_t z0, z1; + uint32_t x; + + t0 = r->n[0]; + t9 = r->n[9]; + + /* Reduce t9 at the start so there will be at most a single carry from the first pass */ + x = t9 >> 22; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x3D1UL; + + /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ + z0 = t0 & 0x3FFFFFFUL; + z1 = z0 ^ 0x3D0UL; + + /* Fast return path should catch the majority of cases */ + if ((z0 != 0UL) & (z1 != 0x3FFFFFFUL)) { + return 0; + } + + t1 = r->n[1]; + t2 = r->n[2]; + t3 = r->n[3]; + t4 = r->n[4]; + t5 = r->n[5]; + t6 = r->n[6]; + t7 = r->n[7]; + t8 = r->n[8]; + + t9 &= 0x03FFFFFUL; + t1 += (x << 6); + + t1 += (t0 >> 26); + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; z0 |= t1; z1 &= t1 ^ 0x40UL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; z0 |= t2; z1 &= t2; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; z0 |= t3; z1 &= t3; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; z0 |= t4; z1 &= t4; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; z0 |= t5; z1 &= t5; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; z0 |= t6; z1 &= t6; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; z0 |= t7; z1 &= t7; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; z0 |= t8; z1 &= t8; + z0 |= t9; z1 &= t9 ^ 0x3C00000UL; + + /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t9 >> 23 == 0); + + return (z0 == 0) | (z1 == 0x3FFFFFFUL); +} + +SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { + r->n[0] = a; + r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0; +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe *a) { + const uint32_t *t = a->n; +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + return (t[0] | t[1] | t[2] | t[3] | t[4] | t[5] | t[6] | t[7] | t[8] | t[9]) == 0; +} + +SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + return a->n[0] & 1; +} + +SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe *a) { + int i; +#ifdef VERIFY + a->magnitude = 0; + a->normalized = 1; +#endif + for (i=0; i<10; i++) { + a->n[i] = 0; + } +} + +static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b) { + int i; +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + VERIFY_CHECK(b->normalized); + secp256k1_fe_verify(a); + secp256k1_fe_verify(b); +#endif + for (i = 9; i >= 0; i--) { + if (a->n[i] > b->n[i]) { + return 1; + } + if (a->n[i] < b->n[i]) { + return -1; + } + } + return 0; +} + +static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a) { + r->n[0] = (uint32_t)a[31] | ((uint32_t)a[30] << 8) | ((uint32_t)a[29] << 16) | ((uint32_t)(a[28] & 0x3) << 24); + r->n[1] = (uint32_t)((a[28] >> 2) & 0x3f) | ((uint32_t)a[27] << 6) | ((uint32_t)a[26] << 14) | ((uint32_t)(a[25] & 0xf) << 22); + r->n[2] = (uint32_t)((a[25] >> 4) & 0xf) | ((uint32_t)a[24] << 4) | ((uint32_t)a[23] << 12) | ((uint32_t)(a[22] & 0x3f) << 20); + r->n[3] = (uint32_t)((a[22] >> 6) & 0x3) | ((uint32_t)a[21] << 2) | ((uint32_t)a[20] << 10) | ((uint32_t)a[19] << 18); + r->n[4] = (uint32_t)a[18] | ((uint32_t)a[17] << 8) | ((uint32_t)a[16] << 16) | ((uint32_t)(a[15] & 0x3) << 24); + r->n[5] = (uint32_t)((a[15] >> 2) & 0x3f) | ((uint32_t)a[14] << 6) | ((uint32_t)a[13] << 14) | ((uint32_t)(a[12] & 0xf) << 22); + r->n[6] = (uint32_t)((a[12] >> 4) & 0xf) | ((uint32_t)a[11] << 4) | ((uint32_t)a[10] << 12) | ((uint32_t)(a[9] & 0x3f) << 20); + r->n[7] = (uint32_t)((a[9] >> 6) & 0x3) | ((uint32_t)a[8] << 2) | ((uint32_t)a[7] << 10) | ((uint32_t)a[6] << 18); + r->n[8] = (uint32_t)a[5] | ((uint32_t)a[4] << 8) | ((uint32_t)a[3] << 16) | ((uint32_t)(a[2] & 0x3) << 24); + r->n[9] = (uint32_t)((a[2] >> 2) & 0x3f) | ((uint32_t)a[1] << 6) | ((uint32_t)a[0] << 14); + + if (r->n[9] == 0x3FFFFFUL && (r->n[8] & r->n[7] & r->n[6] & r->n[5] & r->n[4] & r->n[3] & r->n[2]) == 0x3FFFFFFUL && (r->n[1] + 0x40UL + ((r->n[0] + 0x3D1UL) >> 26)) > 0x3FFFFFFUL) { + return 0; + } +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif + return 1; +} + +/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ +static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + r[0] = (a->n[9] >> 14) & 0xff; + r[1] = (a->n[9] >> 6) & 0xff; + r[2] = ((a->n[9] & 0x3F) << 2) | ((a->n[8] >> 24) & 0x3); + r[3] = (a->n[8] >> 16) & 0xff; + r[4] = (a->n[8] >> 8) & 0xff; + r[5] = a->n[8] & 0xff; + r[6] = (a->n[7] >> 18) & 0xff; + r[7] = (a->n[7] >> 10) & 0xff; + r[8] = (a->n[7] >> 2) & 0xff; + r[9] = ((a->n[7] & 0x3) << 6) | ((a->n[6] >> 20) & 0x3f); + r[10] = (a->n[6] >> 12) & 0xff; + r[11] = (a->n[6] >> 4) & 0xff; + r[12] = ((a->n[6] & 0xf) << 4) | ((a->n[5] >> 22) & 0xf); + r[13] = (a->n[5] >> 14) & 0xff; + r[14] = (a->n[5] >> 6) & 0xff; + r[15] = ((a->n[5] & 0x3f) << 2) | ((a->n[4] >> 24) & 0x3); + r[16] = (a->n[4] >> 16) & 0xff; + r[17] = (a->n[4] >> 8) & 0xff; + r[18] = a->n[4] & 0xff; + r[19] = (a->n[3] >> 18) & 0xff; + r[20] = (a->n[3] >> 10) & 0xff; + r[21] = (a->n[3] >> 2) & 0xff; + r[22] = ((a->n[3] & 0x3) << 6) | ((a->n[2] >> 20) & 0x3f); + r[23] = (a->n[2] >> 12) & 0xff; + r[24] = (a->n[2] >> 4) & 0xff; + r[25] = ((a->n[2] & 0xf) << 4) | ((a->n[1] >> 22) & 0xf); + r[26] = (a->n[1] >> 14) & 0xff; + r[27] = (a->n[1] >> 6) & 0xff; + r[28] = ((a->n[1] & 0x3f) << 2) | ((a->n[0] >> 24) & 0x3); + r[29] = (a->n[0] >> 16) & 0xff; + r[30] = (a->n[0] >> 8) & 0xff; + r[31] = a->n[0] & 0xff; +} + +SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= m); + secp256k1_fe_verify(a); +#endif + r->n[0] = 0x3FFFC2FUL * 2 * (m + 1) - a->n[0]; + r->n[1] = 0x3FFFFBFUL * 2 * (m + 1) - a->n[1]; + r->n[2] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[2]; + r->n[3] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[3]; + r->n[4] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[4]; + r->n[5] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[5]; + r->n[6] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[6]; + r->n[7] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[7]; + r->n[8] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[8]; + r->n[9] = 0x03FFFFFUL * 2 * (m + 1) - a->n[9]; +#ifdef VERIFY + r->magnitude = m + 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe *r, int a) { + r->n[0] *= a; + r->n[1] *= a; + r->n[2] *= a; + r->n[3] *= a; + r->n[4] *= a; + r->n[5] *= a; + r->n[6] *= a; + r->n[7] *= a; + r->n[8] *= a; + r->n[9] *= a; +#ifdef VERIFY + r->magnitude *= a; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a) { +#ifdef VERIFY + secp256k1_fe_verify(a); +#endif + r->n[0] += a->n[0]; + r->n[1] += a->n[1]; + r->n[2] += a->n[2]; + r->n[3] += a->n[3]; + r->n[4] += a->n[4]; + r->n[5] += a->n[5]; + r->n[6] += a->n[6]; + r->n[7] += a->n[7]; + r->n[8] += a->n[8]; + r->n[9] += a->n[9]; +#ifdef VERIFY + r->magnitude += a->magnitude; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +#if defined(USE_EXTERNAL_ASM) + +/* External assembler implementation */ +void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b); +void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t *a); + +#else + +#ifdef VERIFY +#define VERIFY_BITS(x, n) VERIFY_CHECK(((x) >> (n)) == 0) +#else +#define VERIFY_BITS(x, n) do { } while(0) +#endif + +SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b) { + uint64_t c, d; + uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; + uint32_t t9, t1, t0, t2, t3, t4, t5, t6, t7; + const uint32_t M = 0x3FFFFFFUL, R0 = 0x3D10UL, R1 = 0x400UL; + + VERIFY_BITS(a[0], 30); + VERIFY_BITS(a[1], 30); + VERIFY_BITS(a[2], 30); + VERIFY_BITS(a[3], 30); + VERIFY_BITS(a[4], 30); + VERIFY_BITS(a[5], 30); + VERIFY_BITS(a[6], 30); + VERIFY_BITS(a[7], 30); + VERIFY_BITS(a[8], 30); + VERIFY_BITS(a[9], 26); + VERIFY_BITS(b[0], 30); + VERIFY_BITS(b[1], 30); + VERIFY_BITS(b[2], 30); + VERIFY_BITS(b[3], 30); + VERIFY_BITS(b[4], 30); + VERIFY_BITS(b[5], 30); + VERIFY_BITS(b[6], 30); + VERIFY_BITS(b[7], 30); + VERIFY_BITS(b[8], 30); + VERIFY_BITS(b[9], 26); + + /** [... a b c] is a shorthand for ... + a<<52 + b<<26 + c<<0 mod n. + * for 0 <= x <= 9, px is a shorthand for sum(a[i]*b[x-i], i=0..x). + * for 9 <= x <= 18, px is a shorthand for sum(a[i]*b[x-i], i=(x-9)..9) + * Note that [x 0 0 0 0 0 0 0 0 0 0] = [x*R1 x*R0]. + */ + + d = (uint64_t)a[0] * b[9] + + (uint64_t)a[1] * b[8] + + (uint64_t)a[2] * b[7] + + (uint64_t)a[3] * b[6] + + (uint64_t)a[4] * b[5] + + (uint64_t)a[5] * b[4] + + (uint64_t)a[6] * b[3] + + (uint64_t)a[7] * b[2] + + (uint64_t)a[8] * b[1] + + (uint64_t)a[9] * b[0]; + /* VERIFY_BITS(d, 64); */ + /* [d 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ + t9 = d & M; d >>= 26; + VERIFY_BITS(t9, 26); + VERIFY_BITS(d, 38); + /* [d t9 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ + + c = (uint64_t)a[0] * b[0]; + VERIFY_BITS(c, 60); + /* [d t9 0 0 0 0 0 0 0 0 c] = [p9 0 0 0 0 0 0 0 0 p0] */ + d += (uint64_t)a[1] * b[9] + + (uint64_t)a[2] * b[8] + + (uint64_t)a[3] * b[7] + + (uint64_t)a[4] * b[6] + + (uint64_t)a[5] * b[5] + + (uint64_t)a[6] * b[4] + + (uint64_t)a[7] * b[3] + + (uint64_t)a[8] * b[2] + + (uint64_t)a[9] * b[1]; + VERIFY_BITS(d, 63); + /* [d t9 0 0 0 0 0 0 0 0 c] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + u0 = d & M; d >>= 26; c += u0 * R0; + VERIFY_BITS(u0, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 61); + /* [d u0 t9 0 0 0 0 0 0 0 0 c-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + t0 = c & M; c >>= 26; c += u0 * R1; + VERIFY_BITS(t0, 26); + VERIFY_BITS(c, 37); + /* [d u0 t9 0 0 0 0 0 0 0 c-u0*R1 t0-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + + c += (uint64_t)a[0] * b[1] + + (uint64_t)a[1] * b[0]; + VERIFY_BITS(c, 62); + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 p1 p0] */ + d += (uint64_t)a[2] * b[9] + + (uint64_t)a[3] * b[8] + + (uint64_t)a[4] * b[7] + + (uint64_t)a[5] * b[6] + + (uint64_t)a[6] * b[5] + + (uint64_t)a[7] * b[4] + + (uint64_t)a[8] * b[3] + + (uint64_t)a[9] * b[2]; + VERIFY_BITS(d, 63); + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + u1 = d & M; d >>= 26; c += u1 * R0; + VERIFY_BITS(u1, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 63); + /* [d u1 0 t9 0 0 0 0 0 0 0 c-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + t1 = c & M; c >>= 26; c += u1 * R1; + VERIFY_BITS(t1, 26); + VERIFY_BITS(c, 38); + /* [d u1 0 t9 0 0 0 0 0 0 c-u1*R1 t1-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + + c += (uint64_t)a[0] * b[2] + + (uint64_t)a[1] * b[1] + + (uint64_t)a[2] * b[0]; + VERIFY_BITS(c, 62); + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + d += (uint64_t)a[3] * b[9] + + (uint64_t)a[4] * b[8] + + (uint64_t)a[5] * b[7] + + (uint64_t)a[6] * b[6] + + (uint64_t)a[7] * b[5] + + (uint64_t)a[8] * b[4] + + (uint64_t)a[9] * b[3]; + VERIFY_BITS(d, 63); + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + u2 = d & M; d >>= 26; c += u2 * R0; + VERIFY_BITS(u2, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 63); + /* [d u2 0 0 t9 0 0 0 0 0 0 c-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + t2 = c & M; c >>= 26; c += u2 * R1; + VERIFY_BITS(t2, 26); + VERIFY_BITS(c, 38); + /* [d u2 0 0 t9 0 0 0 0 0 c-u2*R1 t2-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[3] + + (uint64_t)a[1] * b[2] + + (uint64_t)a[2] * b[1] + + (uint64_t)a[3] * b[0]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + d += (uint64_t)a[4] * b[9] + + (uint64_t)a[5] * b[8] + + (uint64_t)a[6] * b[7] + + (uint64_t)a[7] * b[6] + + (uint64_t)a[8] * b[5] + + (uint64_t)a[9] * b[4]; + VERIFY_BITS(d, 63); + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + u3 = d & M; d >>= 26; c += u3 * R0; + VERIFY_BITS(u3, 26); + VERIFY_BITS(d, 37); + /* VERIFY_BITS(c, 64); */ + /* [d u3 0 0 0 t9 0 0 0 0 0 c-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + t3 = c & M; c >>= 26; c += u3 * R1; + VERIFY_BITS(t3, 26); + VERIFY_BITS(c, 39); + /* [d u3 0 0 0 t9 0 0 0 0 c-u3*R1 t3-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[4] + + (uint64_t)a[1] * b[3] + + (uint64_t)a[2] * b[2] + + (uint64_t)a[3] * b[1] + + (uint64_t)a[4] * b[0]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[5] * b[9] + + (uint64_t)a[6] * b[8] + + (uint64_t)a[7] * b[7] + + (uint64_t)a[8] * b[6] + + (uint64_t)a[9] * b[5]; + VERIFY_BITS(d, 62); + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + u4 = d & M; d >>= 26; c += u4 * R0; + VERIFY_BITS(u4, 26); + VERIFY_BITS(d, 36); + /* VERIFY_BITS(c, 64); */ + /* [d u4 0 0 0 0 t9 0 0 0 0 c-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + t4 = c & M; c >>= 26; c += u4 * R1; + VERIFY_BITS(t4, 26); + VERIFY_BITS(c, 39); + /* [d u4 0 0 0 0 t9 0 0 0 c-u4*R1 t4-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[5] + + (uint64_t)a[1] * b[4] + + (uint64_t)a[2] * b[3] + + (uint64_t)a[3] * b[2] + + (uint64_t)a[4] * b[1] + + (uint64_t)a[5] * b[0]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[6] * b[9] + + (uint64_t)a[7] * b[8] + + (uint64_t)a[8] * b[7] + + (uint64_t)a[9] * b[6]; + VERIFY_BITS(d, 62); + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + u5 = d & M; d >>= 26; c += u5 * R0; + VERIFY_BITS(u5, 26); + VERIFY_BITS(d, 36); + /* VERIFY_BITS(c, 64); */ + /* [d u5 0 0 0 0 0 t9 0 0 0 c-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + t5 = c & M; c >>= 26; c += u5 * R1; + VERIFY_BITS(t5, 26); + VERIFY_BITS(c, 39); + /* [d u5 0 0 0 0 0 t9 0 0 c-u5*R1 t5-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[6] + + (uint64_t)a[1] * b[5] + + (uint64_t)a[2] * b[4] + + (uint64_t)a[3] * b[3] + + (uint64_t)a[4] * b[2] + + (uint64_t)a[5] * b[1] + + (uint64_t)a[6] * b[0]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[7] * b[9] + + (uint64_t)a[8] * b[8] + + (uint64_t)a[9] * b[7]; + VERIFY_BITS(d, 61); + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + u6 = d & M; d >>= 26; c += u6 * R0; + VERIFY_BITS(u6, 26); + VERIFY_BITS(d, 35); + /* VERIFY_BITS(c, 64); */ + /* [d u6 0 0 0 0 0 0 t9 0 0 c-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + t6 = c & M; c >>= 26; c += u6 * R1; + VERIFY_BITS(t6, 26); + VERIFY_BITS(c, 39); + /* [d u6 0 0 0 0 0 0 t9 0 c-u6*R1 t6-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[7] + + (uint64_t)a[1] * b[6] + + (uint64_t)a[2] * b[5] + + (uint64_t)a[3] * b[4] + + (uint64_t)a[4] * b[3] + + (uint64_t)a[5] * b[2] + + (uint64_t)a[6] * b[1] + + (uint64_t)a[7] * b[0]; + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x8000007C00000007ULL); + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[8] * b[9] + + (uint64_t)a[9] * b[8]; + VERIFY_BITS(d, 58); + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + u7 = d & M; d >>= 26; c += u7 * R0; + VERIFY_BITS(u7, 26); + VERIFY_BITS(d, 32); + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x800001703FFFC2F7ULL); + /* [d u7 0 0 0 0 0 0 0 t9 0 c-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + t7 = c & M; c >>= 26; c += u7 * R1; + VERIFY_BITS(t7, 26); + VERIFY_BITS(c, 38); + /* [d u7 0 0 0 0 0 0 0 t9 c-u7*R1 t7-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[8] + + (uint64_t)a[1] * b[7] + + (uint64_t)a[2] * b[6] + + (uint64_t)a[3] * b[5] + + (uint64_t)a[4] * b[4] + + (uint64_t)a[5] * b[3] + + (uint64_t)a[6] * b[2] + + (uint64_t)a[7] * b[1] + + (uint64_t)a[8] * b[0]; + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x9000007B80000008ULL); + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[9] * b[9]; + VERIFY_BITS(d, 57); + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + u8 = d & M; d >>= 26; c += u8 * R0; + VERIFY_BITS(u8, 26); + VERIFY_BITS(d, 31); + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x9000016FBFFFC2F8ULL); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + r[3] = t3; + VERIFY_BITS(r[3], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[4] = t4; + VERIFY_BITS(r[4], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[5] = t5; + VERIFY_BITS(r[5], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[6] = t6; + VERIFY_BITS(r[6], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[7] = t7; + VERIFY_BITS(r[7], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + r[8] = c & M; c >>= 26; c += u8 * R1; + VERIFY_BITS(r[8], 26); + VERIFY_BITS(c, 39); + /* [d u8 0 0 0 0 0 0 0 0 t9+c-u8*R1 r8-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 0 0 t9+c r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += d * R0 + t9; + VERIFY_BITS(c, 45); + /* [d 0 0 0 0 0 0 0 0 0 c-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[9] = c & (M >> 4); c >>= 22; c += d * (R1 << 4); + VERIFY_BITS(r[9], 22); + VERIFY_BITS(c, 46); + /* [d 0 0 0 0 0 0 0 0 r9+((c-d*R1<<4)<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 -d*R1 r9+(c<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + d = c * (R0 >> 4) + t0; + VERIFY_BITS(d, 56); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 d-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[0] = d & M; d >>= 26; + VERIFY_BITS(r[0], 26); + VERIFY_BITS(d, 30); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1+d r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += c * (R1 >> 4) + t1; + VERIFY_BITS(d, 53); + VERIFY_CHECK(d <= 0x10000003FFFFBFULL); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 d-c*R1>>4 r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [r9 r8 r7 r6 r5 r4 r3 t2 d r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[1] = d & M; d >>= 26; + VERIFY_BITS(r[1], 26); + VERIFY_BITS(d, 27); + VERIFY_CHECK(d <= 0x4000000ULL); + /* [r9 r8 r7 r6 r5 r4 r3 t2+d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += t2; + VERIFY_BITS(d, 27); + /* [r9 r8 r7 r6 r5 r4 r3 d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[2] = d; + VERIFY_BITS(r[2], 27); + /* [r9 r8 r7 r6 r5 r4 r3 r2 r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ +} + +SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t *a) { + uint64_t c, d; + uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; + uint32_t t9, t0, t1, t2, t3, t4, t5, t6, t7; + const uint32_t M = 0x3FFFFFFUL, R0 = 0x3D10UL, R1 = 0x400UL; + + VERIFY_BITS(a[0], 30); + VERIFY_BITS(a[1], 30); + VERIFY_BITS(a[2], 30); + VERIFY_BITS(a[3], 30); + VERIFY_BITS(a[4], 30); + VERIFY_BITS(a[5], 30); + VERIFY_BITS(a[6], 30); + VERIFY_BITS(a[7], 30); + VERIFY_BITS(a[8], 30); + VERIFY_BITS(a[9], 26); + + /** [... a b c] is a shorthand for ... + a<<52 + b<<26 + c<<0 mod n. + * px is a shorthand for sum(a[i]*a[x-i], i=0..x). + * Note that [x 0 0 0 0 0 0 0 0 0 0] = [x*R1 x*R0]. + */ + + d = (uint64_t)(a[0]*2) * a[9] + + (uint64_t)(a[1]*2) * a[8] + + (uint64_t)(a[2]*2) * a[7] + + (uint64_t)(a[3]*2) * a[6] + + (uint64_t)(a[4]*2) * a[5]; + /* VERIFY_BITS(d, 64); */ + /* [d 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ + t9 = d & M; d >>= 26; + VERIFY_BITS(t9, 26); + VERIFY_BITS(d, 38); + /* [d t9 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ + + c = (uint64_t)a[0] * a[0]; + VERIFY_BITS(c, 60); + /* [d t9 0 0 0 0 0 0 0 0 c] = [p9 0 0 0 0 0 0 0 0 p0] */ + d += (uint64_t)(a[1]*2) * a[9] + + (uint64_t)(a[2]*2) * a[8] + + (uint64_t)(a[3]*2) * a[7] + + (uint64_t)(a[4]*2) * a[6] + + (uint64_t)a[5] * a[5]; + VERIFY_BITS(d, 63); + /* [d t9 0 0 0 0 0 0 0 0 c] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + u0 = d & M; d >>= 26; c += u0 * R0; + VERIFY_BITS(u0, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 61); + /* [d u0 t9 0 0 0 0 0 0 0 0 c-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + t0 = c & M; c >>= 26; c += u0 * R1; + VERIFY_BITS(t0, 26); + VERIFY_BITS(c, 37); + /* [d u0 t9 0 0 0 0 0 0 0 c-u0*R1 t0-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + + c += (uint64_t)(a[0]*2) * a[1]; + VERIFY_BITS(c, 62); + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 p1 p0] */ + d += (uint64_t)(a[2]*2) * a[9] + + (uint64_t)(a[3]*2) * a[8] + + (uint64_t)(a[4]*2) * a[7] + + (uint64_t)(a[5]*2) * a[6]; + VERIFY_BITS(d, 63); + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + u1 = d & M; d >>= 26; c += u1 * R0; + VERIFY_BITS(u1, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 63); + /* [d u1 0 t9 0 0 0 0 0 0 0 c-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + t1 = c & M; c >>= 26; c += u1 * R1; + VERIFY_BITS(t1, 26); + VERIFY_BITS(c, 38); + /* [d u1 0 t9 0 0 0 0 0 0 c-u1*R1 t1-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[2] + + (uint64_t)a[1] * a[1]; + VERIFY_BITS(c, 62); + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + d += (uint64_t)(a[3]*2) * a[9] + + (uint64_t)(a[4]*2) * a[8] + + (uint64_t)(a[5]*2) * a[7] + + (uint64_t)a[6] * a[6]; + VERIFY_BITS(d, 63); + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + u2 = d & M; d >>= 26; c += u2 * R0; + VERIFY_BITS(u2, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 63); + /* [d u2 0 0 t9 0 0 0 0 0 0 c-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + t2 = c & M; c >>= 26; c += u2 * R1; + VERIFY_BITS(t2, 26); + VERIFY_BITS(c, 38); + /* [d u2 0 0 t9 0 0 0 0 0 c-u2*R1 t2-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[3] + + (uint64_t)(a[1]*2) * a[2]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + d += (uint64_t)(a[4]*2) * a[9] + + (uint64_t)(a[5]*2) * a[8] + + (uint64_t)(a[6]*2) * a[7]; + VERIFY_BITS(d, 63); + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + u3 = d & M; d >>= 26; c += u3 * R0; + VERIFY_BITS(u3, 26); + VERIFY_BITS(d, 37); + /* VERIFY_BITS(c, 64); */ + /* [d u3 0 0 0 t9 0 0 0 0 0 c-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + t3 = c & M; c >>= 26; c += u3 * R1; + VERIFY_BITS(t3, 26); + VERIFY_BITS(c, 39); + /* [d u3 0 0 0 t9 0 0 0 0 c-u3*R1 t3-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[4] + + (uint64_t)(a[1]*2) * a[3] + + (uint64_t)a[2] * a[2]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + d += (uint64_t)(a[5]*2) * a[9] + + (uint64_t)(a[6]*2) * a[8] + + (uint64_t)a[7] * a[7]; + VERIFY_BITS(d, 62); + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + u4 = d & M; d >>= 26; c += u4 * R0; + VERIFY_BITS(u4, 26); + VERIFY_BITS(d, 36); + /* VERIFY_BITS(c, 64); */ + /* [d u4 0 0 0 0 t9 0 0 0 0 c-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + t4 = c & M; c >>= 26; c += u4 * R1; + VERIFY_BITS(t4, 26); + VERIFY_BITS(c, 39); + /* [d u4 0 0 0 0 t9 0 0 0 c-u4*R1 t4-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[5] + + (uint64_t)(a[1]*2) * a[4] + + (uint64_t)(a[2]*2) * a[3]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)(a[6]*2) * a[9] + + (uint64_t)(a[7]*2) * a[8]; + VERIFY_BITS(d, 62); + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + u5 = d & M; d >>= 26; c += u5 * R0; + VERIFY_BITS(u5, 26); + VERIFY_BITS(d, 36); + /* VERIFY_BITS(c, 64); */ + /* [d u5 0 0 0 0 0 t9 0 0 0 c-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + t5 = c & M; c >>= 26; c += u5 * R1; + VERIFY_BITS(t5, 26); + VERIFY_BITS(c, 39); + /* [d u5 0 0 0 0 0 t9 0 0 c-u5*R1 t5-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[6] + + (uint64_t)(a[1]*2) * a[5] + + (uint64_t)(a[2]*2) * a[4] + + (uint64_t)a[3] * a[3]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)(a[7]*2) * a[9] + + (uint64_t)a[8] * a[8]; + VERIFY_BITS(d, 61); + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + u6 = d & M; d >>= 26; c += u6 * R0; + VERIFY_BITS(u6, 26); + VERIFY_BITS(d, 35); + /* VERIFY_BITS(c, 64); */ + /* [d u6 0 0 0 0 0 0 t9 0 0 c-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + t6 = c & M; c >>= 26; c += u6 * R1; + VERIFY_BITS(t6, 26); + VERIFY_BITS(c, 39); + /* [d u6 0 0 0 0 0 0 t9 0 c-u6*R1 t6-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[7] + + (uint64_t)(a[1]*2) * a[6] + + (uint64_t)(a[2]*2) * a[5] + + (uint64_t)(a[3]*2) * a[4]; + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x8000007C00000007ULL); + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)(a[8]*2) * a[9]; + VERIFY_BITS(d, 58); + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + u7 = d & M; d >>= 26; c += u7 * R0; + VERIFY_BITS(u7, 26); + VERIFY_BITS(d, 32); + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x800001703FFFC2F7ULL); + /* [d u7 0 0 0 0 0 0 0 t9 0 c-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + t7 = c & M; c >>= 26; c += u7 * R1; + VERIFY_BITS(t7, 26); + VERIFY_BITS(c, 38); + /* [d u7 0 0 0 0 0 0 0 t9 c-u7*R1 t7-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[8] + + (uint64_t)(a[1]*2) * a[7] + + (uint64_t)(a[2]*2) * a[6] + + (uint64_t)(a[3]*2) * a[5] + + (uint64_t)a[4] * a[4]; + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x9000007B80000008ULL); + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[9] * a[9]; + VERIFY_BITS(d, 57); + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + u8 = d & M; d >>= 26; c += u8 * R0; + VERIFY_BITS(u8, 26); + VERIFY_BITS(d, 31); + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x9000016FBFFFC2F8ULL); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + r[3] = t3; + VERIFY_BITS(r[3], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[4] = t4; + VERIFY_BITS(r[4], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[5] = t5; + VERIFY_BITS(r[5], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[6] = t6; + VERIFY_BITS(r[6], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[7] = t7; + VERIFY_BITS(r[7], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + r[8] = c & M; c >>= 26; c += u8 * R1; + VERIFY_BITS(r[8], 26); + VERIFY_BITS(c, 39); + /* [d u8 0 0 0 0 0 0 0 0 t9+c-u8*R1 r8-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 0 0 t9+c r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += d * R0 + t9; + VERIFY_BITS(c, 45); + /* [d 0 0 0 0 0 0 0 0 0 c-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[9] = c & (M >> 4); c >>= 22; c += d * (R1 << 4); + VERIFY_BITS(r[9], 22); + VERIFY_BITS(c, 46); + /* [d 0 0 0 0 0 0 0 0 r9+((c-d*R1<<4)<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 -d*R1 r9+(c<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + d = c * (R0 >> 4) + t0; + VERIFY_BITS(d, 56); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 d-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[0] = d & M; d >>= 26; + VERIFY_BITS(r[0], 26); + VERIFY_BITS(d, 30); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1+d r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += c * (R1 >> 4) + t1; + VERIFY_BITS(d, 53); + VERIFY_CHECK(d <= 0x10000003FFFFBFULL); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 d-c*R1>>4 r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [r9 r8 r7 r6 r5 r4 r3 t2 d r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[1] = d & M; d >>= 26; + VERIFY_BITS(r[1], 26); + VERIFY_BITS(d, 27); + VERIFY_CHECK(d <= 0x4000000ULL); + /* [r9 r8 r7 r6 r5 r4 r3 t2+d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += t2; + VERIFY_BITS(d, 27); + /* [r9 r8 r7 r6 r5 r4 r3 d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[2] = d; + VERIFY_BITS(r[2], 27); + /* [r9 r8 r7 r6 r5 r4 r3 r2 r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ +} +#endif + +static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= 8); + VERIFY_CHECK(b->magnitude <= 8); + secp256k1_fe_verify(a); + secp256k1_fe_verify(b); + VERIFY_CHECK(r != b); + VERIFY_CHECK(a != b); +#endif + secp256k1_fe_mul_inner(r->n, a->n, b->n); +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= 8); + secp256k1_fe_verify(a); +#endif + secp256k1_fe_sqr_inner(r->n, a->n); +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +static SECP256K1_INLINE void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag) { + uint32_t mask0, mask1; + mask0 = flag + ~((uint32_t)0); + mask1 = ~mask0; + r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); + r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); + r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); + r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); + r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); + r->n[5] = (r->n[5] & mask0) | (a->n[5] & mask1); + r->n[6] = (r->n[6] & mask0) | (a->n[6] & mask1); + r->n[7] = (r->n[7] & mask0) | (a->n[7] & mask1); + r->n[8] = (r->n[8] & mask0) | (a->n[8] & mask1); + r->n[9] = (r->n[9] & mask0) | (a->n[9] & mask1); +#ifdef VERIFY + if (a->magnitude > r->magnitude) { + r->magnitude = a->magnitude; + } + r->normalized &= a->normalized; +#endif +} + +static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) { + uint32_t mask0, mask1; + mask0 = flag + ~((uint32_t)0); + mask1 = ~mask0; + r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); + r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); + r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); + r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); + r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); + r->n[5] = (r->n[5] & mask0) | (a->n[5] & mask1); + r->n[6] = (r->n[6] & mask0) | (a->n[6] & mask1); + r->n[7] = (r->n[7] & mask0) | (a->n[7] & mask1); +} + +static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); +#endif + r->n[0] = a->n[0] | a->n[1] << 26; + r->n[1] = a->n[1] >> 6 | a->n[2] << 20; + r->n[2] = a->n[2] >> 12 | a->n[3] << 14; + r->n[3] = a->n[3] >> 18 | a->n[4] << 8; + r->n[4] = a->n[4] >> 24 | a->n[5] << 2 | a->n[6] << 28; + r->n[5] = a->n[6] >> 4 | a->n[7] << 22; + r->n[6] = a->n[7] >> 10 | a->n[8] << 16; + r->n[7] = a->n[8] >> 16 | a->n[9] << 10; +} + +static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { + r->n[0] = a->n[0] & 0x3FFFFFFUL; + r->n[1] = a->n[0] >> 26 | ((a->n[1] << 6) & 0x3FFFFFFUL); + r->n[2] = a->n[1] >> 20 | ((a->n[2] << 12) & 0x3FFFFFFUL); + r->n[3] = a->n[2] >> 14 | ((a->n[3] << 18) & 0x3FFFFFFUL); + r->n[4] = a->n[3] >> 8 | ((a->n[4] << 24) & 0x3FFFFFFUL); + r->n[5] = (a->n[4] >> 2) & 0x3FFFFFFUL; + r->n[6] = a->n[4] >> 28 | ((a->n[5] << 4) & 0x3FFFFFFUL); + r->n[7] = a->n[5] >> 22 | ((a->n[6] << 10) & 0x3FFFFFFUL); + r->n[8] = a->n[6] >> 16 | ((a->n[7] << 16) & 0x3FFFFFFUL); + r->n[9] = a->n[7] >> 10; +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; +#endif +} + +#endif /* SECP256K1_FIELD_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/field_5x52.h b/deps/secp256k1/src/field_5x52.h new file mode 100644 index 000000000..fc5bfe357 --- /dev/null +++ b/deps/secp256k1/src/field_5x52.h @@ -0,0 +1,49 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_REPR_H +#define SECP256K1_FIELD_REPR_H + +#include + +typedef struct { + /* X = sum(i=0..4, n[i]*2^(i*52)) mod p + * where p = 2^256 - 0x1000003D1 + */ + uint64_t n[5]; +#ifdef VERIFY + int magnitude; + int normalized; +#endif +} secp256k1_fe; + +/* Unpacks a constant into a overlapping multi-limbed FE element. */ +#define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ + (d0) | (((uint64_t)(d1) & 0xFFFFFUL) << 32), \ + ((uint64_t)(d1) >> 20) | (((uint64_t)(d2)) << 12) | (((uint64_t)(d3) & 0xFFUL) << 44), \ + ((uint64_t)(d3) >> 8) | (((uint64_t)(d4) & 0xFFFFFFFUL) << 24), \ + ((uint64_t)(d4) >> 28) | (((uint64_t)(d5)) << 4) | (((uint64_t)(d6) & 0xFFFFUL) << 36), \ + ((uint64_t)(d6) >> 16) | (((uint64_t)(d7)) << 16) \ +} + +#ifdef VERIFY +#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)), 1, 1} +#else +#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0))} +#endif + +typedef struct { + uint64_t n[4]; +} secp256k1_fe_storage; + +#define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ \ + (d0) | (((uint64_t)(d1)) << 32), \ + (d2) | (((uint64_t)(d3)) << 32), \ + (d4) | (((uint64_t)(d5)) << 32), \ + (d6) | (((uint64_t)(d7)) << 32) \ +}} + +#endif /* SECP256K1_FIELD_REPR_H */ diff --git a/deps/secp256k1/src/field_5x52_asm_impl.h b/deps/secp256k1/src/field_5x52_asm_impl.h new file mode 100644 index 000000000..1fc3171f6 --- /dev/null +++ b/deps/secp256k1/src/field_5x52_asm_impl.h @@ -0,0 +1,502 @@ +/********************************************************************** + * Copyright (c) 2013-2014 Diederik Huys, Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +/** + * Changelog: + * - March 2013, Diederik Huys: original version + * - November 2014, Pieter Wuille: updated to use Peter Dettman's parallel multiplication algorithm + * - December 2014, Pieter Wuille: converted from YASM to GCC inline assembly + */ + +#ifndef SECP256K1_FIELD_INNER5X52_IMPL_H +#define SECP256K1_FIELD_INNER5X52_IMPL_H + +SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { +/** + * Registers: rdx:rax = multiplication accumulator + * r9:r8 = c + * r15:rcx = d + * r10-r14 = a0-a4 + * rbx = b + * rdi = r + * rsi = a / t? + */ + uint64_t tmp1, tmp2, tmp3; +__asm__ __volatile__( + "movq 0(%%rsi),%%r10\n" + "movq 8(%%rsi),%%r11\n" + "movq 16(%%rsi),%%r12\n" + "movq 24(%%rsi),%%r13\n" + "movq 32(%%rsi),%%r14\n" + + /* d += a3 * b0 */ + "movq 0(%%rbx),%%rax\n" + "mulq %%r13\n" + "movq %%rax,%%rcx\n" + "movq %%rdx,%%r15\n" + /* d += a2 * b1 */ + "movq 8(%%rbx),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a1 * b2 */ + "movq 16(%%rbx),%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d = a0 * b3 */ + "movq 24(%%rbx),%%rax\n" + "mulq %%r10\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* c = a4 * b4 */ + "movq 32(%%rbx),%%rax\n" + "mulq %%r14\n" + "movq %%rax,%%r8\n" + "movq %%rdx,%%r9\n" + /* d += (c & M) * R */ + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* c >>= 52 (%%r8 only) */ + "shrdq $52,%%r9,%%r8\n" + /* t3 (tmp1) = d & M */ + "movq %%rcx,%%rsi\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rsi\n" + "movq %%rsi,%q1\n" + /* d >>= 52 */ + "shrdq $52,%%r15,%%rcx\n" + "xorq %%r15,%%r15\n" + /* d += a4 * b0 */ + "movq 0(%%rbx),%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a3 * b1 */ + "movq 8(%%rbx),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a2 * b2 */ + "movq 16(%%rbx),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a1 * b3 */ + "movq 24(%%rbx),%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a0 * b4 */ + "movq 32(%%rbx),%%rax\n" + "mulq %%r10\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += c * R */ + "movq %%r8,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* t4 = d & M (%%rsi) */ + "movq %%rcx,%%rsi\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rsi\n" + /* d >>= 52 */ + "shrdq $52,%%r15,%%rcx\n" + "xorq %%r15,%%r15\n" + /* tx = t4 >> 48 (tmp3) */ + "movq %%rsi,%%rax\n" + "shrq $48,%%rax\n" + "movq %%rax,%q3\n" + /* t4 &= (M >> 4) (tmp2) */ + "movq $0xffffffffffff,%%rax\n" + "andq %%rax,%%rsi\n" + "movq %%rsi,%q2\n" + /* c = a0 * b0 */ + "movq 0(%%rbx),%%rax\n" + "mulq %%r10\n" + "movq %%rax,%%r8\n" + "movq %%rdx,%%r9\n" + /* d += a4 * b1 */ + "movq 8(%%rbx),%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a3 * b2 */ + "movq 16(%%rbx),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a2 * b3 */ + "movq 24(%%rbx),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a1 * b4 */ + "movq 32(%%rbx),%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* u0 = d & M (%%rsi) */ + "movq %%rcx,%%rsi\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rsi\n" + /* d >>= 52 */ + "shrdq $52,%%r15,%%rcx\n" + "xorq %%r15,%%r15\n" + /* u0 = (u0 << 4) | tx (%%rsi) */ + "shlq $4,%%rsi\n" + "movq %q3,%%rax\n" + "orq %%rax,%%rsi\n" + /* c += u0 * (R >> 4) */ + "movq $0x1000003d1,%%rax\n" + "mulq %%rsi\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* r[0] = c & M */ + "movq %%r8,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq %%rax,0(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* c += a1 * b0 */ + "movq 0(%%rbx),%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* c += a0 * b1 */ + "movq 8(%%rbx),%%rax\n" + "mulq %%r10\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d += a4 * b2 */ + "movq 16(%%rbx),%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a3 * b3 */ + "movq 24(%%rbx),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a2 * b4 */ + "movq 32(%%rbx),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* c += (d & M) * R */ + "movq %%rcx,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d >>= 52 */ + "shrdq $52,%%r15,%%rcx\n" + "xorq %%r15,%%r15\n" + /* r[1] = c & M */ + "movq %%r8,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq %%rax,8(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* c += a2 * b0 */ + "movq 0(%%rbx),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* c += a1 * b1 */ + "movq 8(%%rbx),%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* c += a0 * b2 (last use of %%r10 = a0) */ + "movq 16(%%rbx),%%rax\n" + "mulq %%r10\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* fetch t3 (%%r10, overwrites a0), t4 (%%rsi) */ + "movq %q2,%%rsi\n" + "movq %q1,%%r10\n" + /* d += a4 * b3 */ + "movq 24(%%rbx),%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a3 * b4 */ + "movq 32(%%rbx),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* c += (d & M) * R */ + "movq %%rcx,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d >>= 52 (%%rcx only) */ + "shrdq $52,%%r15,%%rcx\n" + /* r[2] = c & M */ + "movq %%r8,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq %%rax,16(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* c += t3 */ + "addq %%r10,%%r8\n" + /* c += d * R */ + "movq %%rcx,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* r[3] = c & M */ + "movq %%r8,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq %%rax,24(%%rdi)\n" + /* c >>= 52 (%%r8 only) */ + "shrdq $52,%%r9,%%r8\n" + /* c += t4 (%%r8 only) */ + "addq %%rsi,%%r8\n" + /* r[4] = c */ + "movq %%r8,32(%%rdi)\n" +: "+S"(a), "=m"(tmp1), "=m"(tmp2), "=m"(tmp3) +: "b"(b), "D"(r) +: "%rax", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15", "cc", "memory" +); +} + +SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t *a) { +/** + * Registers: rdx:rax = multiplication accumulator + * r9:r8 = c + * rcx:rbx = d + * r10-r14 = a0-a4 + * r15 = M (0xfffffffffffff) + * rdi = r + * rsi = a / t? + */ + uint64_t tmp1, tmp2, tmp3; +__asm__ __volatile__( + "movq 0(%%rsi),%%r10\n" + "movq 8(%%rsi),%%r11\n" + "movq 16(%%rsi),%%r12\n" + "movq 24(%%rsi),%%r13\n" + "movq 32(%%rsi),%%r14\n" + "movq $0xfffffffffffff,%%r15\n" + + /* d = (a0*2) * a3 */ + "leaq (%%r10,%%r10,1),%%rax\n" + "mulq %%r13\n" + "movq %%rax,%%rbx\n" + "movq %%rdx,%%rcx\n" + /* d += (a1*2) * a2 */ + "leaq (%%r11,%%r11,1),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* c = a4 * a4 */ + "movq %%r14,%%rax\n" + "mulq %%r14\n" + "movq %%rax,%%r8\n" + "movq %%rdx,%%r9\n" + /* d += (c & M) * R */ + "andq %%r15,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* c >>= 52 (%%r8 only) */ + "shrdq $52,%%r9,%%r8\n" + /* t3 (tmp1) = d & M */ + "movq %%rbx,%%rsi\n" + "andq %%r15,%%rsi\n" + "movq %%rsi,%q1\n" + /* d >>= 52 */ + "shrdq $52,%%rcx,%%rbx\n" + "xorq %%rcx,%%rcx\n" + /* a4 *= 2 */ + "addq %%r14,%%r14\n" + /* d += a0 * a4 */ + "movq %%r10,%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* d+= (a1*2) * a3 */ + "leaq (%%r11,%%r11,1),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* d += a2 * a2 */ + "movq %%r12,%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* d += c * R */ + "movq %%r8,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* t4 = d & M (%%rsi) */ + "movq %%rbx,%%rsi\n" + "andq %%r15,%%rsi\n" + /* d >>= 52 */ + "shrdq $52,%%rcx,%%rbx\n" + "xorq %%rcx,%%rcx\n" + /* tx = t4 >> 48 (tmp3) */ + "movq %%rsi,%%rax\n" + "shrq $48,%%rax\n" + "movq %%rax,%q3\n" + /* t4 &= (M >> 4) (tmp2) */ + "movq $0xffffffffffff,%%rax\n" + "andq %%rax,%%rsi\n" + "movq %%rsi,%q2\n" + /* c = a0 * a0 */ + "movq %%r10,%%rax\n" + "mulq %%r10\n" + "movq %%rax,%%r8\n" + "movq %%rdx,%%r9\n" + /* d += a1 * a4 */ + "movq %%r11,%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* d += (a2*2) * a3 */ + "leaq (%%r12,%%r12,1),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* u0 = d & M (%%rsi) */ + "movq %%rbx,%%rsi\n" + "andq %%r15,%%rsi\n" + /* d >>= 52 */ + "shrdq $52,%%rcx,%%rbx\n" + "xorq %%rcx,%%rcx\n" + /* u0 = (u0 << 4) | tx (%%rsi) */ + "shlq $4,%%rsi\n" + "movq %q3,%%rax\n" + "orq %%rax,%%rsi\n" + /* c += u0 * (R >> 4) */ + "movq $0x1000003d1,%%rax\n" + "mulq %%rsi\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* r[0] = c & M */ + "movq %%r8,%%rax\n" + "andq %%r15,%%rax\n" + "movq %%rax,0(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* a0 *= 2 */ + "addq %%r10,%%r10\n" + /* c += a0 * a1 */ + "movq %%r10,%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d += a2 * a4 */ + "movq %%r12,%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* d += a3 * a3 */ + "movq %%r13,%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* c += (d & M) * R */ + "movq %%rbx,%%rax\n" + "andq %%r15,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d >>= 52 */ + "shrdq $52,%%rcx,%%rbx\n" + "xorq %%rcx,%%rcx\n" + /* r[1] = c & M */ + "movq %%r8,%%rax\n" + "andq %%r15,%%rax\n" + "movq %%rax,8(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* c += a0 * a2 (last use of %%r10) */ + "movq %%r10,%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* fetch t3 (%%r10, overwrites a0),t4 (%%rsi) */ + "movq %q2,%%rsi\n" + "movq %q1,%%r10\n" + /* c += a1 * a1 */ + "movq %%r11,%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d += a3 * a4 */ + "movq %%r13,%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* c += (d & M) * R */ + "movq %%rbx,%%rax\n" + "andq %%r15,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d >>= 52 (%%rbx only) */ + "shrdq $52,%%rcx,%%rbx\n" + /* r[2] = c & M */ + "movq %%r8,%%rax\n" + "andq %%r15,%%rax\n" + "movq %%rax,16(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* c += t3 */ + "addq %%r10,%%r8\n" + /* c += d * R */ + "movq %%rbx,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* r[3] = c & M */ + "movq %%r8,%%rax\n" + "andq %%r15,%%rax\n" + "movq %%rax,24(%%rdi)\n" + /* c >>= 52 (%%r8 only) */ + "shrdq $52,%%r9,%%r8\n" + /* c += t4 (%%r8 only) */ + "addq %%rsi,%%r8\n" + /* r[4] = c */ + "movq %%r8,32(%%rdi)\n" +: "+S"(a), "=m"(tmp1), "=m"(tmp2), "=m"(tmp3) +: "D"(r) +: "%rax", "%rbx", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15", "cc", "memory" +); +} + +#endif /* SECP256K1_FIELD_INNER5X52_IMPL_H */ diff --git a/deps/secp256k1/src/field_5x52_impl.h b/deps/secp256k1/src/field_5x52_impl.h new file mode 100644 index 000000000..f4263320d --- /dev/null +++ b/deps/secp256k1/src/field_5x52_impl.h @@ -0,0 +1,496 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_REPR_IMPL_H +#define SECP256K1_FIELD_REPR_IMPL_H + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include "util.h" +#include "field.h" + +#if defined(USE_ASM_X86_64) +#include "field_5x52_asm_impl.h" +#else +#include "field_5x52_int128_impl.h" +#endif + +/** Implements arithmetic modulo FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F, + * represented as 5 uint64_t's in base 2^52. The values are allowed to contain >52 each. In particular, + * each FieldElem has a 'magnitude' associated with it. Internally, a magnitude M means each element + * is at most M*(2^53-1), except the most significant one, which is limited to M*(2^49-1). All operations + * accept any input with magnitude at most M, and have different rules for propagating magnitude to their + * output. + */ + +#ifdef VERIFY +static void secp256k1_fe_verify(const secp256k1_fe *a) { + const uint64_t *d = a->n; + int m = a->normalized ? 1 : 2 * a->magnitude, r = 1; + /* secp256k1 'p' value defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ + r &= (d[0] <= 0xFFFFFFFFFFFFFULL * m); + r &= (d[1] <= 0xFFFFFFFFFFFFFULL * m); + r &= (d[2] <= 0xFFFFFFFFFFFFFULL * m); + r &= (d[3] <= 0xFFFFFFFFFFFFFULL * m); + r &= (d[4] <= 0x0FFFFFFFFFFFFULL * m); + r &= (a->magnitude >= 0); + r &= (a->magnitude <= 2048); + if (a->normalized) { + r &= (a->magnitude <= 1); + if (r && (d[4] == 0x0FFFFFFFFFFFFULL) && ((d[3] & d[2] & d[1]) == 0xFFFFFFFFFFFFFULL)) { + r &= (d[0] < 0xFFFFEFFFFFC2FULL); + } + } + VERIFY_CHECK(r == 1); +} +#endif + +static void secp256k1_fe_normalize(secp256k1_fe *r) { + uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; + + /* Reduce t4 at the start so there will be at most a single carry from the first pass */ + uint64_t m; + uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; m = t1; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; m &= t2; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; m &= t3; + + /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t4 >> 49 == 0); + + /* At most a single final reduction is needed; check if the value is >= the field characteristic */ + x = (t4 >> 48) | ((t4 == 0x0FFFFFFFFFFFFULL) & (m == 0xFFFFFFFFFFFFFULL) + & (t0 >= 0xFFFFEFFFFFC2FULL)); + + /* Apply the final reduction (for constant-time behaviour, we do it always) */ + t0 += x * 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; + + /* If t4 didn't carry to bit 48 already, then it should have after any final reduction */ + VERIFY_CHECK(t4 >> 48 == x); + + /* Mask off the possible multiple of 2^256 from the final reduction */ + t4 &= 0x0FFFFFFFFFFFFULL; + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { + uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; + + /* Reduce t4 at the start so there will be at most a single carry from the first pass */ + uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; + + /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t4 >> 49 == 0); + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + +#ifdef VERIFY + r->magnitude = 1; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_normalize_var(secp256k1_fe *r) { + uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; + + /* Reduce t4 at the start so there will be at most a single carry from the first pass */ + uint64_t m; + uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; m = t1; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; m &= t2; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; m &= t3; + + /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t4 >> 49 == 0); + + /* At most a single final reduction is needed; check if the value is >= the field characteristic */ + x = (t4 >> 48) | ((t4 == 0x0FFFFFFFFFFFFULL) & (m == 0xFFFFFFFFFFFFFULL) + & (t0 >= 0xFFFFEFFFFFC2FULL)); + + if (x) { + t0 += 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; + + /* If t4 didn't carry to bit 48 already, then it should have after any final reduction */ + VERIFY_CHECK(t4 >> 48 == x); + + /* Mask off the possible multiple of 2^256 from the final reduction */ + t4 &= 0x0FFFFFFFFFFFFULL; + } + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r) { + uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; + + /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ + uint64_t z0, z1; + + /* Reduce t4 at the start so there will be at most a single carry from the first pass */ + uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; z0 = t0; z1 = t0 ^ 0x1000003D0ULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; z0 |= t1; z1 &= t1; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; z0 |= t2; z1 &= t2; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; z0 |= t3; z1 &= t3; + z0 |= t4; z1 &= t4 ^ 0xF000000000000ULL; + + /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t4 >> 49 == 0); + + return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); +} + +static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { + uint64_t t0, t1, t2, t3, t4; + uint64_t z0, z1; + uint64_t x; + + t0 = r->n[0]; + t4 = r->n[4]; + + /* Reduce t4 at the start so there will be at most a single carry from the first pass */ + x = t4 >> 48; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x1000003D1ULL; + + /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ + z0 = t0 & 0xFFFFFFFFFFFFFULL; + z1 = z0 ^ 0x1000003D0ULL; + + /* Fast return path should catch the majority of cases */ + if ((z0 != 0ULL) & (z1 != 0xFFFFFFFFFFFFFULL)) { + return 0; + } + + t1 = r->n[1]; + t2 = r->n[2]; + t3 = r->n[3]; + + t4 &= 0x0FFFFFFFFFFFFULL; + + t1 += (t0 >> 52); + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; z0 |= t1; z1 &= t1; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; z0 |= t2; z1 &= t2; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; z0 |= t3; z1 &= t3; + z0 |= t4; z1 &= t4 ^ 0xF000000000000ULL; + + /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t4 >> 49 == 0); + + return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); +} + +SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { + r->n[0] = a; + r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0; +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe *a) { + const uint64_t *t = a->n; +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0; +} + +SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + return a->n[0] & 1; +} + +SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe *a) { + int i; +#ifdef VERIFY + a->magnitude = 0; + a->normalized = 1; +#endif + for (i=0; i<5; i++) { + a->n[i] = 0; + } +} + +static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b) { + int i; +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + VERIFY_CHECK(b->normalized); + secp256k1_fe_verify(a); + secp256k1_fe_verify(b); +#endif + for (i = 4; i >= 0; i--) { + if (a->n[i] > b->n[i]) { + return 1; + } + if (a->n[i] < b->n[i]) { + return -1; + } + } + return 0; +} + +static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a) { + r->n[0] = (uint64_t)a[31] + | ((uint64_t)a[30] << 8) + | ((uint64_t)a[29] << 16) + | ((uint64_t)a[28] << 24) + | ((uint64_t)a[27] << 32) + | ((uint64_t)a[26] << 40) + | ((uint64_t)(a[25] & 0xF) << 48); + r->n[1] = (uint64_t)((a[25] >> 4) & 0xF) + | ((uint64_t)a[24] << 4) + | ((uint64_t)a[23] << 12) + | ((uint64_t)a[22] << 20) + | ((uint64_t)a[21] << 28) + | ((uint64_t)a[20] << 36) + | ((uint64_t)a[19] << 44); + r->n[2] = (uint64_t)a[18] + | ((uint64_t)a[17] << 8) + | ((uint64_t)a[16] << 16) + | ((uint64_t)a[15] << 24) + | ((uint64_t)a[14] << 32) + | ((uint64_t)a[13] << 40) + | ((uint64_t)(a[12] & 0xF) << 48); + r->n[3] = (uint64_t)((a[12] >> 4) & 0xF) + | ((uint64_t)a[11] << 4) + | ((uint64_t)a[10] << 12) + | ((uint64_t)a[9] << 20) + | ((uint64_t)a[8] << 28) + | ((uint64_t)a[7] << 36) + | ((uint64_t)a[6] << 44); + r->n[4] = (uint64_t)a[5] + | ((uint64_t)a[4] << 8) + | ((uint64_t)a[3] << 16) + | ((uint64_t)a[2] << 24) + | ((uint64_t)a[1] << 32) + | ((uint64_t)a[0] << 40); + if (r->n[4] == 0x0FFFFFFFFFFFFULL && (r->n[3] & r->n[2] & r->n[1]) == 0xFFFFFFFFFFFFFULL && r->n[0] >= 0xFFFFEFFFFFC2FULL) { + return 0; + } +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif + return 1; +} + +/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ +static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + r[0] = (a->n[4] >> 40) & 0xFF; + r[1] = (a->n[4] >> 32) & 0xFF; + r[2] = (a->n[4] >> 24) & 0xFF; + r[3] = (a->n[4] >> 16) & 0xFF; + r[4] = (a->n[4] >> 8) & 0xFF; + r[5] = a->n[4] & 0xFF; + r[6] = (a->n[3] >> 44) & 0xFF; + r[7] = (a->n[3] >> 36) & 0xFF; + r[8] = (a->n[3] >> 28) & 0xFF; + r[9] = (a->n[3] >> 20) & 0xFF; + r[10] = (a->n[3] >> 12) & 0xFF; + r[11] = (a->n[3] >> 4) & 0xFF; + r[12] = ((a->n[2] >> 48) & 0xF) | ((a->n[3] & 0xF) << 4); + r[13] = (a->n[2] >> 40) & 0xFF; + r[14] = (a->n[2] >> 32) & 0xFF; + r[15] = (a->n[2] >> 24) & 0xFF; + r[16] = (a->n[2] >> 16) & 0xFF; + r[17] = (a->n[2] >> 8) & 0xFF; + r[18] = a->n[2] & 0xFF; + r[19] = (a->n[1] >> 44) & 0xFF; + r[20] = (a->n[1] >> 36) & 0xFF; + r[21] = (a->n[1] >> 28) & 0xFF; + r[22] = (a->n[1] >> 20) & 0xFF; + r[23] = (a->n[1] >> 12) & 0xFF; + r[24] = (a->n[1] >> 4) & 0xFF; + r[25] = ((a->n[0] >> 48) & 0xF) | ((a->n[1] & 0xF) << 4); + r[26] = (a->n[0] >> 40) & 0xFF; + r[27] = (a->n[0] >> 32) & 0xFF; + r[28] = (a->n[0] >> 24) & 0xFF; + r[29] = (a->n[0] >> 16) & 0xFF; + r[30] = (a->n[0] >> 8) & 0xFF; + r[31] = a->n[0] & 0xFF; +} + +SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= m); + secp256k1_fe_verify(a); +#endif + r->n[0] = 0xFFFFEFFFFFC2FULL * 2 * (m + 1) - a->n[0]; + r->n[1] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[1]; + r->n[2] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[2]; + r->n[3] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[3]; + r->n[4] = 0x0FFFFFFFFFFFFULL * 2 * (m + 1) - a->n[4]; +#ifdef VERIFY + r->magnitude = m + 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe *r, int a) { + r->n[0] *= a; + r->n[1] *= a; + r->n[2] *= a; + r->n[3] *= a; + r->n[4] *= a; +#ifdef VERIFY + r->magnitude *= a; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a) { +#ifdef VERIFY + secp256k1_fe_verify(a); +#endif + r->n[0] += a->n[0]; + r->n[1] += a->n[1]; + r->n[2] += a->n[2]; + r->n[3] += a->n[3]; + r->n[4] += a->n[4]; +#ifdef VERIFY + r->magnitude += a->magnitude; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= 8); + VERIFY_CHECK(b->magnitude <= 8); + secp256k1_fe_verify(a); + secp256k1_fe_verify(b); + VERIFY_CHECK(r != b); + VERIFY_CHECK(a != b); +#endif + secp256k1_fe_mul_inner(r->n, a->n, b->n); +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= 8); + secp256k1_fe_verify(a); +#endif + secp256k1_fe_sqr_inner(r->n, a->n); +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +static SECP256K1_INLINE void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag) { + uint64_t mask0, mask1; + mask0 = flag + ~((uint64_t)0); + mask1 = ~mask0; + r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); + r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); + r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); + r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); + r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); +#ifdef VERIFY + if (a->magnitude > r->magnitude) { + r->magnitude = a->magnitude; + } + r->normalized &= a->normalized; +#endif +} + +static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) { + uint64_t mask0, mask1; + mask0 = flag + ~((uint64_t)0); + mask1 = ~mask0; + r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); + r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); + r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); + r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); +} + +static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); +#endif + r->n[0] = a->n[0] | a->n[1] << 52; + r->n[1] = a->n[1] >> 12 | a->n[2] << 40; + r->n[2] = a->n[2] >> 24 | a->n[3] << 28; + r->n[3] = a->n[3] >> 36 | a->n[4] << 16; +} + +static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { + r->n[0] = a->n[0] & 0xFFFFFFFFFFFFFULL; + r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & 0xFFFFFFFFFFFFFULL); + r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & 0xFFFFFFFFFFFFFULL); + r->n[3] = a->n[2] >> 28 | ((a->n[3] << 36) & 0xFFFFFFFFFFFFFULL); + r->n[4] = a->n[3] >> 16; +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; +#endif +} + +#endif /* SECP256K1_FIELD_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/field_5x52_int128_impl.h b/deps/secp256k1/src/field_5x52_int128_impl.h new file mode 100644 index 000000000..bcbfb92ac --- /dev/null +++ b/deps/secp256k1/src/field_5x52_int128_impl.h @@ -0,0 +1,279 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_INNER5X52_IMPL_H +#define SECP256K1_FIELD_INNER5X52_IMPL_H + +#include + +#ifdef VERIFY +#define VERIFY_BITS(x, n) VERIFY_CHECK(((x) >> (n)) == 0) +#else +#define VERIFY_BITS(x, n) do { } while(0) +#endif + +SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { + uint128_t c, d; + uint64_t t3, t4, tx, u0; + uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; + const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL; + + VERIFY_BITS(a[0], 56); + VERIFY_BITS(a[1], 56); + VERIFY_BITS(a[2], 56); + VERIFY_BITS(a[3], 56); + VERIFY_BITS(a[4], 52); + VERIFY_BITS(b[0], 56); + VERIFY_BITS(b[1], 56); + VERIFY_BITS(b[2], 56); + VERIFY_BITS(b[3], 56); + VERIFY_BITS(b[4], 52); + VERIFY_CHECK(r != b); + VERIFY_CHECK(a != b); + + /* [... a b c] is a shorthand for ... + a<<104 + b<<52 + c<<0 mod n. + * for 0 <= x <= 4, px is a shorthand for sum(a[i]*b[x-i], i=0..x). + * for 4 <= x <= 8, px is a shorthand for sum(a[i]*b[x-i], i=(x-4)..4) + * Note that [x 0 0 0 0 0] = [x*R]. + */ + + d = (uint128_t)a0 * b[3] + + (uint128_t)a1 * b[2] + + (uint128_t)a2 * b[1] + + (uint128_t)a3 * b[0]; + VERIFY_BITS(d, 114); + /* [d 0 0 0] = [p3 0 0 0] */ + c = (uint128_t)a4 * b[4]; + VERIFY_BITS(c, 112); + /* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + d += (c & M) * R; c >>= 52; + VERIFY_BITS(d, 115); + VERIFY_BITS(c, 60); + /* [c 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + t3 = d & M; d >>= 52; + VERIFY_BITS(t3, 52); + VERIFY_BITS(d, 63); + /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + + d += (uint128_t)a0 * b[4] + + (uint128_t)a1 * b[3] + + (uint128_t)a2 * b[2] + + (uint128_t)a3 * b[1] + + (uint128_t)a4 * b[0]; + VERIFY_BITS(d, 115); + /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + d += c * R; + VERIFY_BITS(d, 116); + /* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + t4 = d & M; d >>= 52; + VERIFY_BITS(t4, 52); + VERIFY_BITS(d, 64); + /* [d t4 t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + tx = (t4 >> 48); t4 &= (M >> 4); + VERIFY_BITS(tx, 4); + VERIFY_BITS(t4, 48); + /* [d t4+(tx<<48) t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + + c = (uint128_t)a0 * b[0]; + VERIFY_BITS(c, 112); + /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 0 p4 p3 0 0 p0] */ + d += (uint128_t)a1 * b[4] + + (uint128_t)a2 * b[3] + + (uint128_t)a3 * b[2] + + (uint128_t)a4 * b[1]; + VERIFY_BITS(d, 115); + /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + u0 = d & M; d >>= 52; + VERIFY_BITS(u0, 52); + VERIFY_BITS(d, 63); + /* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + /* [d 0 t4+(tx<<48)+(u0<<52) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + u0 = (u0 << 4) | tx; + VERIFY_BITS(u0, 56); + /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + c += (uint128_t)u0 * (R >> 4); + VERIFY_BITS(c, 115); + /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + r[0] = c & M; c >>= 52; + VERIFY_BITS(r[0], 52); + VERIFY_BITS(c, 61); + /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 0 p0] */ + + c += (uint128_t)a0 * b[1] + + (uint128_t)a1 * b[0]; + VERIFY_BITS(c, 114); + /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 p1 p0] */ + d += (uint128_t)a2 * b[4] + + (uint128_t)a3 * b[3] + + (uint128_t)a4 * b[2]; + VERIFY_BITS(d, 114); + /* [d 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + c += (d & M) * R; d >>= 52; + VERIFY_BITS(c, 115); + VERIFY_BITS(d, 62); + /* [d 0 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + r[1] = c & M; c >>= 52; + VERIFY_BITS(r[1], 52); + VERIFY_BITS(c, 63); + /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + + c += (uint128_t)a0 * b[2] + + (uint128_t)a1 * b[1] + + (uint128_t)a2 * b[0]; + VERIFY_BITS(c, 114); + /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint128_t)a3 * b[4] + + (uint128_t)a4 * b[3]; + VERIFY_BITS(d, 114); + /* [d 0 0 t4 t3 c t1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += (d & M) * R; d >>= 52; + VERIFY_BITS(c, 115); + VERIFY_BITS(d, 62); + /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[2] = c & M; c >>= 52; + VERIFY_BITS(r[2], 52); + VERIFY_BITS(c, 63); + /* [d 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += d * R + t3; + VERIFY_BITS(c, 100); + /* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[3] = c & M; c >>= 52; + VERIFY_BITS(r[3], 52); + VERIFY_BITS(c, 48); + /* [t4+c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += t4; + VERIFY_BITS(c, 49); + /* [c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[4] = c; + VERIFY_BITS(r[4], 49); + /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ +} + +SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t *a) { + uint128_t c, d; + uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; + int64_t t3, t4, tx, u0; + const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL; + + VERIFY_BITS(a[0], 56); + VERIFY_BITS(a[1], 56); + VERIFY_BITS(a[2], 56); + VERIFY_BITS(a[3], 56); + VERIFY_BITS(a[4], 52); + + /** [... a b c] is a shorthand for ... + a<<104 + b<<52 + c<<0 mod n. + * px is a shorthand for sum(a[i]*a[x-i], i=0..x). + * Note that [x 0 0 0 0 0] = [x*R]. + */ + + d = (uint128_t)(a0*2) * a3 + + (uint128_t)(a1*2) * a2; + VERIFY_BITS(d, 114); + /* [d 0 0 0] = [p3 0 0 0] */ + c = (uint128_t)a4 * a4; + VERIFY_BITS(c, 112); + /* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + d += (c & M) * R; c >>= 52; + VERIFY_BITS(d, 115); + VERIFY_BITS(c, 60); + /* [c 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + t3 = d & M; d >>= 52; + VERIFY_BITS(t3, 52); + VERIFY_BITS(d, 63); + /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + + a4 *= 2; + d += (uint128_t)a0 * a4 + + (uint128_t)(a1*2) * a3 + + (uint128_t)a2 * a2; + VERIFY_BITS(d, 115); + /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + d += c * R; + VERIFY_BITS(d, 116); + /* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + t4 = d & M; d >>= 52; + VERIFY_BITS(t4, 52); + VERIFY_BITS(d, 64); + /* [d t4 t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + tx = (t4 >> 48); t4 &= (M >> 4); + VERIFY_BITS(tx, 4); + VERIFY_BITS(t4, 48); + /* [d t4+(tx<<48) t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + + c = (uint128_t)a0 * a0; + VERIFY_BITS(c, 112); + /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 0 p4 p3 0 0 p0] */ + d += (uint128_t)a1 * a4 + + (uint128_t)(a2*2) * a3; + VERIFY_BITS(d, 114); + /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + u0 = d & M; d >>= 52; + VERIFY_BITS(u0, 52); + VERIFY_BITS(d, 62); + /* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + /* [d 0 t4+(tx<<48)+(u0<<52) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + u0 = (u0 << 4) | tx; + VERIFY_BITS(u0, 56); + /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + c += (uint128_t)u0 * (R >> 4); + VERIFY_BITS(c, 113); + /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + r[0] = c & M; c >>= 52; + VERIFY_BITS(r[0], 52); + VERIFY_BITS(c, 61); + /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 0 p0] */ + + a0 *= 2; + c += (uint128_t)a0 * a1; + VERIFY_BITS(c, 114); + /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 p1 p0] */ + d += (uint128_t)a2 * a4 + + (uint128_t)a3 * a3; + VERIFY_BITS(d, 114); + /* [d 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + c += (d & M) * R; d >>= 52; + VERIFY_BITS(c, 115); + VERIFY_BITS(d, 62); + /* [d 0 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + r[1] = c & M; c >>= 52; + VERIFY_BITS(r[1], 52); + VERIFY_BITS(c, 63); + /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + + c += (uint128_t)a0 * a2 + + (uint128_t)a1 * a1; + VERIFY_BITS(c, 114); + /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint128_t)a3 * a4; + VERIFY_BITS(d, 114); + /* [d 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += (d & M) * R; d >>= 52; + VERIFY_BITS(c, 115); + VERIFY_BITS(d, 62); + /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[2] = c & M; c >>= 52; + VERIFY_BITS(r[2], 52); + VERIFY_BITS(c, 63); + /* [d 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + c += d * R + t3; + VERIFY_BITS(c, 100); + /* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[3] = c & M; c >>= 52; + VERIFY_BITS(r[3], 52); + VERIFY_BITS(c, 48); + /* [t4+c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += t4; + VERIFY_BITS(c, 49); + /* [c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[4] = c; + VERIFY_BITS(r[4], 49); + /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ +} + +#endif /* SECP256K1_FIELD_INNER5X52_IMPL_H */ diff --git a/deps/secp256k1/src/field_impl.h b/deps/secp256k1/src/field_impl.h new file mode 100644 index 000000000..6070caccf --- /dev/null +++ b/deps/secp256k1/src/field_impl.h @@ -0,0 +1,318 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_IMPL_H +#define SECP256K1_FIELD_IMPL_H + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include "util.h" +#include "num.h" + +#if defined(USE_FIELD_10X26) +#include "field_10x26_impl.h" +#elif defined(USE_FIELD_5X52) +#include "field_5x52_impl.h" +#else +#error "Please select field implementation" +#endif + +SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b) { + secp256k1_fe na; + secp256k1_fe_negate(&na, a, 1); + secp256k1_fe_add(&na, b); + return secp256k1_fe_normalizes_to_zero(&na); +} + +SECP256K1_INLINE static int secp256k1_fe_equal_var(const secp256k1_fe *a, const secp256k1_fe *b) { + secp256k1_fe na; + secp256k1_fe_negate(&na, a, 1); + secp256k1_fe_add(&na, b); + return secp256k1_fe_normalizes_to_zero_var(&na); +} + +static int secp256k1_fe_sqrt(secp256k1_fe *r, const secp256k1_fe *a) { + /** Given that p is congruent to 3 mod 4, we can compute the square root of + * a mod p as the (p+1)/4'th power of a. + * + * As (p+1)/4 is an even number, it will have the same result for a and for + * (-a). Only one of these two numbers actually has a square root however, + * so we test at the end by squaring and comparing to the input. + * Also because (p+1)/4 is an even number, the computed square root is + * itself always a square (a ** ((p+1)/4) is the square of a ** ((p+1)/8)). + */ + secp256k1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; + int j; + + VERIFY_CHECK(r != a); + + /** The binary representation of (p + 1)/4 has 3 blocks of 1s, with lengths in + * { 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block: + * 1, [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223] + */ + + secp256k1_fe_sqr(&x2, a); + secp256k1_fe_mul(&x2, &x2, a); + + secp256k1_fe_sqr(&x3, &x2); + secp256k1_fe_mul(&x3, &x3, a); + + x6 = x3; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x6, &x6); + } + secp256k1_fe_mul(&x6, &x6, &x3); + + x9 = x6; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x9, &x9); + } + secp256k1_fe_mul(&x9, &x9, &x3); + + x11 = x9; + for (j=0; j<2; j++) { + secp256k1_fe_sqr(&x11, &x11); + } + secp256k1_fe_mul(&x11, &x11, &x2); + + x22 = x11; + for (j=0; j<11; j++) { + secp256k1_fe_sqr(&x22, &x22); + } + secp256k1_fe_mul(&x22, &x22, &x11); + + x44 = x22; + for (j=0; j<22; j++) { + secp256k1_fe_sqr(&x44, &x44); + } + secp256k1_fe_mul(&x44, &x44, &x22); + + x88 = x44; + for (j=0; j<44; j++) { + secp256k1_fe_sqr(&x88, &x88); + } + secp256k1_fe_mul(&x88, &x88, &x44); + + x176 = x88; + for (j=0; j<88; j++) { + secp256k1_fe_sqr(&x176, &x176); + } + secp256k1_fe_mul(&x176, &x176, &x88); + + x220 = x176; + for (j=0; j<44; j++) { + secp256k1_fe_sqr(&x220, &x220); + } + secp256k1_fe_mul(&x220, &x220, &x44); + + x223 = x220; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x223, &x223); + } + secp256k1_fe_mul(&x223, &x223, &x3); + + /* The final result is then assembled using a sliding window over the blocks. */ + + t1 = x223; + for (j=0; j<23; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(&t1, &t1, &x22); + for (j=0; j<6; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(&t1, &t1, &x2); + secp256k1_fe_sqr(&t1, &t1); + secp256k1_fe_sqr(r, &t1); + + /* Check that a square root was actually calculated */ + + secp256k1_fe_sqr(&t1, r); + return secp256k1_fe_equal(&t1, a); +} + +static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a) { + secp256k1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; + int j; + + /** The binary representation of (p - 2) has 5 blocks of 1s, with lengths in + * { 1, 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block: + * [1], [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223] + */ + + secp256k1_fe_sqr(&x2, a); + secp256k1_fe_mul(&x2, &x2, a); + + secp256k1_fe_sqr(&x3, &x2); + secp256k1_fe_mul(&x3, &x3, a); + + x6 = x3; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x6, &x6); + } + secp256k1_fe_mul(&x6, &x6, &x3); + + x9 = x6; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x9, &x9); + } + secp256k1_fe_mul(&x9, &x9, &x3); + + x11 = x9; + for (j=0; j<2; j++) { + secp256k1_fe_sqr(&x11, &x11); + } + secp256k1_fe_mul(&x11, &x11, &x2); + + x22 = x11; + for (j=0; j<11; j++) { + secp256k1_fe_sqr(&x22, &x22); + } + secp256k1_fe_mul(&x22, &x22, &x11); + + x44 = x22; + for (j=0; j<22; j++) { + secp256k1_fe_sqr(&x44, &x44); + } + secp256k1_fe_mul(&x44, &x44, &x22); + + x88 = x44; + for (j=0; j<44; j++) { + secp256k1_fe_sqr(&x88, &x88); + } + secp256k1_fe_mul(&x88, &x88, &x44); + + x176 = x88; + for (j=0; j<88; j++) { + secp256k1_fe_sqr(&x176, &x176); + } + secp256k1_fe_mul(&x176, &x176, &x88); + + x220 = x176; + for (j=0; j<44; j++) { + secp256k1_fe_sqr(&x220, &x220); + } + secp256k1_fe_mul(&x220, &x220, &x44); + + x223 = x220; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x223, &x223); + } + secp256k1_fe_mul(&x223, &x223, &x3); + + /* The final result is then assembled using a sliding window over the blocks. */ + + t1 = x223; + for (j=0; j<23; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(&t1, &t1, &x22); + for (j=0; j<5; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(&t1, &t1, a); + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(&t1, &t1, &x2); + for (j=0; j<2; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(r, a, &t1); +} + +static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a) { +#if defined(USE_FIELD_INV_BUILTIN) + secp256k1_fe_inv(r, a); +#elif defined(USE_FIELD_INV_NUM) + secp256k1_num n, m; + static const secp256k1_fe negone = SECP256K1_FE_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0xFFFFFC2EUL + ); + /* secp256k1 field prime, value p defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ + static const unsigned char prime[32] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F + }; + unsigned char b[32]; + int res; + secp256k1_fe c = *a; + secp256k1_fe_normalize_var(&c); + secp256k1_fe_get_b32(b, &c); + secp256k1_num_set_bin(&n, b, 32); + secp256k1_num_set_bin(&m, prime, 32); + secp256k1_num_mod_inverse(&n, &n, &m); + secp256k1_num_get_bin(b, 32, &n); + res = secp256k1_fe_set_b32(r, b); + (void)res; + VERIFY_CHECK(res); + /* Verify the result is the (unique) valid inverse using non-GMP code. */ + secp256k1_fe_mul(&c, &c, r); + secp256k1_fe_add(&c, &negone); + CHECK(secp256k1_fe_normalizes_to_zero_var(&c)); +#else +#error "Please select field inverse implementation" +#endif +} + +static void secp256k1_fe_inv_all_var(secp256k1_fe *r, const secp256k1_fe *a, size_t len) { + secp256k1_fe u; + size_t i; + if (len < 1) { + return; + } + + VERIFY_CHECK((r + len <= a) || (a + len <= r)); + + r[0] = a[0]; + + i = 0; + while (++i < len) { + secp256k1_fe_mul(&r[i], &r[i - 1], &a[i]); + } + + secp256k1_fe_inv_var(&u, &r[--i]); + + while (i > 0) { + size_t j = i--; + secp256k1_fe_mul(&r[j], &r[i], &u); + secp256k1_fe_mul(&u, &u, &a[j]); + } + + r[0] = u; +} + +static int secp256k1_fe_is_quad_var(const secp256k1_fe *a) { +#ifndef USE_NUM_NONE + unsigned char b[32]; + secp256k1_num n; + secp256k1_num m; + /* secp256k1 field prime, value p defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ + static const unsigned char prime[32] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F + }; + + secp256k1_fe c = *a; + secp256k1_fe_normalize_var(&c); + secp256k1_fe_get_b32(b, &c); + secp256k1_num_set_bin(&n, b, 32); + secp256k1_num_set_bin(&m, prime, 32); + return secp256k1_num_jacobi(&n, &m) >= 0; +#else + secp256k1_fe r; + return secp256k1_fe_sqrt(&r, a); +#endif +} + +#endif /* SECP256K1_FIELD_IMPL_H */ diff --git a/deps/secp256k1/src/gen_context.c b/deps/secp256k1/src/gen_context.c new file mode 100644 index 000000000..539f574bf --- /dev/null +++ b/deps/secp256k1/src/gen_context.c @@ -0,0 +1,87 @@ +/********************************************************************** + * Copyright (c) 2013, 2014, 2015 Thomas Daede, Cory Fields * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +// Autotools creates libsecp256k1-config.h, of which ECMULT_GEN_PREC_BITS is needed. +// ifndef guard so downstream users can define their own if they do not use autotools. +#if !defined(ECMULT_GEN_PREC_BITS) +#include "libsecp256k1-config.h" +#endif +#define USE_BASIC_CONFIG 1 +#include "basic-config.h" + +#include "include/secp256k1.h" +#include "util.h" +#include "field_impl.h" +#include "scalar_impl.h" +#include "group_impl.h" +#include "ecmult_gen_impl.h" + +static void default_error_callback_fn(const char* str, void* data) { + (void)data; + fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str); + abort(); +} + +static const secp256k1_callback default_error_callback = { + default_error_callback_fn, + NULL +}; + +int main(int argc, char **argv) { + secp256k1_ecmult_gen_context ctx; + void *prealloc, *base; + int inner; + int outer; + FILE* fp; + + (void)argc; + (void)argv; + + fp = fopen("src/ecmult_static_context.h","w"); + if (fp == NULL) { + fprintf(stderr, "Could not open src/ecmult_static_context.h for writing!\n"); + return -1; + } + + fprintf(fp, "#ifndef _SECP256K1_ECMULT_STATIC_CONTEXT_\n"); + fprintf(fp, "#define _SECP256K1_ECMULT_STATIC_CONTEXT_\n"); + fprintf(fp, "#include \"src/group.h\"\n"); + fprintf(fp, "#define SC SECP256K1_GE_STORAGE_CONST\n"); + fprintf(fp, "#if ECMULT_GEN_PREC_N != %d || ECMULT_GEN_PREC_G != %d\n", ECMULT_GEN_PREC_N, ECMULT_GEN_PREC_G); + fprintf(fp, " #error configuration mismatch, invalid ECMULT_GEN_PREC_N, ECMULT_GEN_PREC_G. Try deleting ecmult_static_context.h before the build.\n"); + fprintf(fp, "#endif\n"); + fprintf(fp, "static const secp256k1_ge_storage secp256k1_ecmult_static_context[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G] = {\n"); + + base = checked_malloc(&default_error_callback, SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE); + prealloc = base; + secp256k1_ecmult_gen_context_init(&ctx); + secp256k1_ecmult_gen_context_build(&ctx, &prealloc); + for(outer = 0; outer != ECMULT_GEN_PREC_N; outer++) { + fprintf(fp,"{\n"); + for(inner = 0; inner != ECMULT_GEN_PREC_G; inner++) { + fprintf(fp," SC(%uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu)", SECP256K1_GE_STORAGE_CONST_GET((*ctx.prec)[outer][inner])); + if (inner != ECMULT_GEN_PREC_G - 1) { + fprintf(fp,",\n"); + } else { + fprintf(fp,"\n"); + } + } + if (outer != ECMULT_GEN_PREC_N - 1) { + fprintf(fp,"},\n"); + } else { + fprintf(fp,"}\n"); + } + } + fprintf(fp,"};\n"); + secp256k1_ecmult_gen_context_clear(&ctx); + free(base); + + fprintf(fp, "#undef SC\n"); + fprintf(fp, "#endif\n"); + fclose(fp); + + return 0; +} diff --git a/deps/secp256k1/src/group.h b/deps/secp256k1/src/group.h new file mode 100644 index 000000000..8e122ab42 --- /dev/null +++ b/deps/secp256k1/src/group.h @@ -0,0 +1,142 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_GROUP_H +#define SECP256K1_GROUP_H + +#include "num.h" +#include "field.h" + +/** A group element of the secp256k1 curve, in affine coordinates. */ +typedef struct { + secp256k1_fe x; + secp256k1_fe y; + int infinity; /* whether this represents the point at infinity */ +} secp256k1_ge; + +#define SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), 0} +#define SECP256K1_GE_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} + +/** A group element of the secp256k1 curve, in jacobian coordinates. */ +typedef struct { + secp256k1_fe x; /* actual X: x/z^2 */ + secp256k1_fe y; /* actual Y: y/z^3 */ + secp256k1_fe z; + int infinity; /* whether this represents the point at infinity */ +} secp256k1_gej; + +#define SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1), 0} +#define SECP256K1_GEJ_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} + +typedef struct { + secp256k1_fe_storage x; + secp256k1_fe_storage y; +} secp256k1_ge_storage; + +#define SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_STORAGE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_STORAGE_CONST((i),(j),(k),(l),(m),(n),(o),(p))} + +#define SECP256K1_GE_STORAGE_CONST_GET(t) SECP256K1_FE_STORAGE_CONST_GET(t.x), SECP256K1_FE_STORAGE_CONST_GET(t.y) + +/** Set a group element equal to the point with given X and Y coordinates */ +static void secp256k1_ge_set_xy(secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y); + +/** Set a group element (affine) equal to the point with the given X coordinate + * and a Y coordinate that is a quadratic residue modulo p. The return value + * is true iff a coordinate with the given X coordinate exists. + */ +static int secp256k1_ge_set_xquad(secp256k1_ge *r, const secp256k1_fe *x); + +/** Set a group element (affine) equal to the point with the given X coordinate, and given oddness + * for Y. Return value indicates whether the result is valid. */ +static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd); + +/** Check whether a group element is the point at infinity. */ +static int secp256k1_ge_is_infinity(const secp256k1_ge *a); + +/** Check whether a group element is valid (i.e., on the curve). */ +static int secp256k1_ge_is_valid_var(const secp256k1_ge *a); + +static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a); + +/** Set a group element equal to another which is given in jacobian coordinates */ +static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a); + +/** Set a batch of group elements equal to the inputs given in jacobian coordinates */ +static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len); + +/** Bring a batch inputs given in jacobian coordinates (with known z-ratios) to + * the same global z "denominator". zr must contain the known z-ratios such + * that mul(a[i].z, zr[i+1]) == a[i+1].z. zr[0] is ignored. The x and y + * coordinates of the result are stored in r, the common z coordinate is + * stored in globalz. */ +static void secp256k1_ge_globalz_set_table_gej(size_t len, secp256k1_ge *r, secp256k1_fe *globalz, const secp256k1_gej *a, const secp256k1_fe *zr); + +/** Set a group element (affine) equal to the point at infinity. */ +static void secp256k1_ge_set_infinity(secp256k1_ge *r); + +/** Set a group element (jacobian) equal to the point at infinity. */ +static void secp256k1_gej_set_infinity(secp256k1_gej *r); + +/** Set a group element (jacobian) equal to another which is given in affine coordinates. */ +static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a); + +/** Compare the X coordinate of a group element (jacobian). */ +static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a); + +/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */ +static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a); + +/** Check whether a group element is the point at infinity. */ +static int secp256k1_gej_is_infinity(const secp256k1_gej *a); + +/** Check whether a group element's y coordinate is a quadratic residue. */ +static int secp256k1_gej_has_quad_y_var(const secp256k1_gej *a); + +/** Set r equal to the double of a. If rzr is not-NULL, r->z = a->z * *rzr (where infinity means an implicit z = 0). + * a may not be zero. Constant time. */ +static void secp256k1_gej_double_nonzero(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr); + +/** Set r equal to the double of a. If rzr is not-NULL, r->z = a->z * *rzr (where infinity means an implicit z = 0). */ +static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr); + +/** Set r equal to the sum of a and b. If rzr is non-NULL, r->z = a->z * *rzr (a cannot be infinity in that case). */ +static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr); + +/** Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). */ +static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b); + +/** Set r equal to the sum of a and b (with b given in affine coordinates). This is more efficient + than secp256k1_gej_add_var. It is identical to secp256k1_gej_add_ge but without constant-time + guarantee, and b is allowed to be infinity. If rzr is non-NULL, r->z = a->z * *rzr (a cannot be infinity in that case). */ +static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr); + +/** Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv). */ +static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv); + +#ifdef USE_ENDOMORPHISM +/** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */ +static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a); +#endif + +/** Clear a secp256k1_gej to prevent leaking sensitive information. */ +static void secp256k1_gej_clear(secp256k1_gej *r); + +/** Clear a secp256k1_ge to prevent leaking sensitive information. */ +static void secp256k1_ge_clear(secp256k1_ge *r); + +/** Convert a group element to the storage type. */ +static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a); + +/** Convert a group element back from the storage type. */ +static void secp256k1_ge_from_storage(secp256k1_ge *r, const secp256k1_ge_storage *a); + +/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. */ +static void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag); + +/** Rescale a jacobian point by b which must be non-zero. Constant-time. */ +static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *b); + +#endif /* SECP256K1_GROUP_H */ diff --git a/deps/secp256k1/src/group_impl.h b/deps/secp256k1/src/group_impl.h new file mode 100644 index 000000000..9b93c39e9 --- /dev/null +++ b/deps/secp256k1/src/group_impl.h @@ -0,0 +1,705 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_GROUP_IMPL_H +#define SECP256K1_GROUP_IMPL_H + +#include "num.h" +#include "field.h" +#include "group.h" + +/* These points can be generated in sage as follows: + * + * 0. Setup a worksheet with the following parameters. + * b = 4 # whatever CURVE_B will be set to + * F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) + * C = EllipticCurve ([F (0), F (b)]) + * + * 1. Determine all the small orders available to you. (If there are + * no satisfactory ones, go back and change b.) + * print C.order().factor(limit=1000) + * + * 2. Choose an order as one of the prime factors listed in the above step. + * (You can also multiply some to get a composite order, though the + * tests will crash trying to invert scalars during signing.) We take a + * random point and scale it to drop its order to the desired value. + * There is some probability this won't work; just try again. + * order = 199 + * P = C.random_point() + * P = (int(P.order()) / int(order)) * P + * assert(P.order() == order) + * + * 3. Print the values. You'll need to use a vim macro or something to + * split the hex output into 4-byte chunks. + * print "%x %x" % P.xy() + */ +#if defined(EXHAUSTIVE_TEST_ORDER) +# if EXHAUSTIVE_TEST_ORDER == 199 +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( + 0xFA7CC9A7, 0x0737F2DB, 0xA749DD39, 0x2B4FB069, + 0x3B017A7D, 0xA808C2F1, 0xFB12940C, 0x9EA66C18, + 0x78AC123A, 0x5ED8AEF3, 0x8732BC91, 0x1F3A2868, + 0x48DF246C, 0x808DAE72, 0xCFE52572, 0x7F0501ED +); + +static const int CURVE_B = 4; +# elif EXHAUSTIVE_TEST_ORDER == 13 +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( + 0xedc60018, 0xa51a786b, 0x2ea91f4d, 0x4c9416c0, + 0x9de54c3b, 0xa1316554, 0x6cf4345c, 0x7277ef15, + 0x54cb1b6b, 0xdc8c1273, 0x087844ea, 0x43f4603e, + 0x0eaf9a43, 0xf6effe55, 0x939f806d, 0x37adf8ac +); +static const int CURVE_B = 2; +# else +# error No known generator for the specified exhaustive test group order. +# endif +#else +/** Generator for secp256k1, value 'g' defined in + * "Standards for Efficient Cryptography" (SEC2) 2.7.1. + */ +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( + 0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL, + 0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL, + 0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL, + 0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL +); + +static const int CURVE_B = 7; +#endif + +static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) { + secp256k1_fe zi2; + secp256k1_fe zi3; + secp256k1_fe_sqr(&zi2, zi); + secp256k1_fe_mul(&zi3, &zi2, zi); + secp256k1_fe_mul(&r->x, &a->x, &zi2); + secp256k1_fe_mul(&r->y, &a->y, &zi3); + r->infinity = a->infinity; +} + +static void secp256k1_ge_set_xy(secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y) { + r->infinity = 0; + r->x = *x; + r->y = *y; +} + +static int secp256k1_ge_is_infinity(const secp256k1_ge *a) { + return a->infinity; +} + +static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a) { + *r = *a; + secp256k1_fe_normalize_weak(&r->y); + secp256k1_fe_negate(&r->y, &r->y, 1); +} + +static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a) { + secp256k1_fe z2, z3; + r->infinity = a->infinity; + secp256k1_fe_inv(&a->z, &a->z); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_mul(&z3, &a->z, &z2); + secp256k1_fe_mul(&a->x, &a->x, &z2); + secp256k1_fe_mul(&a->y, &a->y, &z3); + secp256k1_fe_set_int(&a->z, 1); + r->x = a->x; + r->y = a->y; +} + +static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a) { + secp256k1_fe z2, z3; + r->infinity = a->infinity; + if (a->infinity) { + return; + } + secp256k1_fe_inv_var(&a->z, &a->z); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_mul(&z3, &a->z, &z2); + secp256k1_fe_mul(&a->x, &a->x, &z2); + secp256k1_fe_mul(&a->y, &a->y, &z3); + secp256k1_fe_set_int(&a->z, 1); + r->x = a->x; + r->y = a->y; +} + +static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len) { + secp256k1_fe u; + size_t i; + size_t last_i = SIZE_MAX; + + for (i = 0; i < len; i++) { + if (!a[i].infinity) { + /* Use destination's x coordinates as scratch space */ + if (last_i == SIZE_MAX) { + r[i].x = a[i].z; + } else { + secp256k1_fe_mul(&r[i].x, &r[last_i].x, &a[i].z); + } + last_i = i; + } + } + if (last_i == SIZE_MAX) { + return; + } + secp256k1_fe_inv_var(&u, &r[last_i].x); + + i = last_i; + while (i > 0) { + i--; + if (!a[i].infinity) { + secp256k1_fe_mul(&r[last_i].x, &r[i].x, &u); + secp256k1_fe_mul(&u, &u, &a[last_i].z); + last_i = i; + } + } + VERIFY_CHECK(!a[last_i].infinity); + r[last_i].x = u; + + for (i = 0; i < len; i++) { + r[i].infinity = a[i].infinity; + if (!a[i].infinity) { + secp256k1_ge_set_gej_zinv(&r[i], &a[i], &r[i].x); + } + } +} + +static void secp256k1_ge_globalz_set_table_gej(size_t len, secp256k1_ge *r, secp256k1_fe *globalz, const secp256k1_gej *a, const secp256k1_fe *zr) { + size_t i = len - 1; + secp256k1_fe zs; + + if (len > 0) { + /* The z of the final point gives us the "global Z" for the table. */ + r[i].x = a[i].x; + r[i].y = a[i].y; + /* Ensure all y values are in weak normal form for fast negation of points */ + secp256k1_fe_normalize_weak(&r[i].y); + *globalz = a[i].z; + r[i].infinity = 0; + zs = zr[i]; + + /* Work our way backwards, using the z-ratios to scale the x/y values. */ + while (i > 0) { + if (i != len - 1) { + secp256k1_fe_mul(&zs, &zs, &zr[i]); + } + i--; + secp256k1_ge_set_gej_zinv(&r[i], &a[i], &zs); + } + } +} + +static void secp256k1_gej_set_infinity(secp256k1_gej *r) { + r->infinity = 1; + secp256k1_fe_clear(&r->x); + secp256k1_fe_clear(&r->y); + secp256k1_fe_clear(&r->z); +} + +static void secp256k1_ge_set_infinity(secp256k1_ge *r) { + r->infinity = 1; + secp256k1_fe_clear(&r->x); + secp256k1_fe_clear(&r->y); +} + +static void secp256k1_gej_clear(secp256k1_gej *r) { + r->infinity = 0; + secp256k1_fe_clear(&r->x); + secp256k1_fe_clear(&r->y); + secp256k1_fe_clear(&r->z); +} + +static void secp256k1_ge_clear(secp256k1_ge *r) { + r->infinity = 0; + secp256k1_fe_clear(&r->x); + secp256k1_fe_clear(&r->y); +} + +static int secp256k1_ge_set_xquad(secp256k1_ge *r, const secp256k1_fe *x) { + secp256k1_fe x2, x3, c; + r->x = *x; + secp256k1_fe_sqr(&x2, x); + secp256k1_fe_mul(&x3, x, &x2); + r->infinity = 0; + secp256k1_fe_set_int(&c, CURVE_B); + secp256k1_fe_add(&c, &x3); + return secp256k1_fe_sqrt(&r->y, &c); +} + +static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd) { + if (!secp256k1_ge_set_xquad(r, x)) { + return 0; + } + secp256k1_fe_normalize_var(&r->y); + if (secp256k1_fe_is_odd(&r->y) != odd) { + secp256k1_fe_negate(&r->y, &r->y, 1); + } + return 1; + +} + +static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a) { + r->infinity = a->infinity; + r->x = a->x; + r->y = a->y; + secp256k1_fe_set_int(&r->z, 1); +} + +static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a) { + secp256k1_fe r, r2; + VERIFY_CHECK(!a->infinity); + secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x); + r2 = a->x; secp256k1_fe_normalize_weak(&r2); + return secp256k1_fe_equal_var(&r, &r2); +} + +static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a) { + r->infinity = a->infinity; + r->x = a->x; + r->y = a->y; + r->z = a->z; + secp256k1_fe_normalize_weak(&r->y); + secp256k1_fe_negate(&r->y, &r->y, 1); +} + +static int secp256k1_gej_is_infinity(const secp256k1_gej *a) { + return a->infinity; +} + +static int secp256k1_gej_is_valid_var(const secp256k1_gej *a) { + secp256k1_fe y2, x3, z2, z6; + if (a->infinity) { + return 0; + } + /** y^2 = x^3 + 7 + * (Y/Z^3)^2 = (X/Z^2)^3 + 7 + * Y^2 / Z^6 = X^3 / Z^6 + 7 + * Y^2 = X^3 + 7*Z^6 + */ + secp256k1_fe_sqr(&y2, &a->y); + secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_sqr(&z6, &z2); secp256k1_fe_mul(&z6, &z6, &z2); + secp256k1_fe_mul_int(&z6, CURVE_B); + secp256k1_fe_add(&x3, &z6); + secp256k1_fe_normalize_weak(&x3); + return secp256k1_fe_equal_var(&y2, &x3); +} + +static int secp256k1_ge_is_valid_var(const secp256k1_ge *a) { + secp256k1_fe y2, x3, c; + if (a->infinity) { + return 0; + } + /* y^2 = x^3 + 7 */ + secp256k1_fe_sqr(&y2, &a->y); + secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); + secp256k1_fe_set_int(&c, CURVE_B); + secp256k1_fe_add(&x3, &c); + secp256k1_fe_normalize_weak(&x3); + return secp256k1_fe_equal_var(&y2, &x3); +} + +static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr) { + /* Operations: 3 mul, 4 sqr, 0 normalize, 12 mul_int/add/negate. + * + * Note that there is an implementation described at + * https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l + * which trades a multiply for a square, but in practice this is actually slower, + * mainly because it requires more normalizations. + */ + secp256k1_fe t1,t2,t3,t4; + /** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, + * Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have + * y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p. + * + * Having said this, if this function receives a point on a sextic twist, e.g. by + * a fault attack, it is possible for y to be 0. This happens for y^2 = x^3 + 6, + * since -6 does have a cube root mod p. For this point, this function will not set + * the infinity flag even though the point doubles to infinity, and the result + * point will be gibberish (z = 0 but infinity = 0). + */ + r->infinity = a->infinity; + if (r->infinity) { + if (rzr != NULL) { + secp256k1_fe_set_int(rzr, 1); + } + return; + } + + if (rzr != NULL) { + *rzr = a->y; + secp256k1_fe_normalize_weak(rzr); + secp256k1_fe_mul_int(rzr, 2); + } + + secp256k1_fe_mul(&r->z, &a->z, &a->y); + secp256k1_fe_mul_int(&r->z, 2); /* Z' = 2*Y*Z (2) */ + secp256k1_fe_sqr(&t1, &a->x); + secp256k1_fe_mul_int(&t1, 3); /* T1 = 3*X^2 (3) */ + secp256k1_fe_sqr(&t2, &t1); /* T2 = 9*X^4 (1) */ + secp256k1_fe_sqr(&t3, &a->y); + secp256k1_fe_mul_int(&t3, 2); /* T3 = 2*Y^2 (2) */ + secp256k1_fe_sqr(&t4, &t3); + secp256k1_fe_mul_int(&t4, 2); /* T4 = 8*Y^4 (2) */ + secp256k1_fe_mul(&t3, &t3, &a->x); /* T3 = 2*X*Y^2 (1) */ + r->x = t3; + secp256k1_fe_mul_int(&r->x, 4); /* X' = 8*X*Y^2 (4) */ + secp256k1_fe_negate(&r->x, &r->x, 4); /* X' = -8*X*Y^2 (5) */ + secp256k1_fe_add(&r->x, &t2); /* X' = 9*X^4 - 8*X*Y^2 (6) */ + secp256k1_fe_negate(&t2, &t2, 1); /* T2 = -9*X^4 (2) */ + secp256k1_fe_mul_int(&t3, 6); /* T3 = 12*X*Y^2 (6) */ + secp256k1_fe_add(&t3, &t2); /* T3 = 12*X*Y^2 - 9*X^4 (8) */ + secp256k1_fe_mul(&r->y, &t1, &t3); /* Y' = 36*X^3*Y^2 - 27*X^6 (1) */ + secp256k1_fe_negate(&t2, &t4, 2); /* T2 = -8*Y^4 (3) */ + secp256k1_fe_add(&r->y, &t2); /* Y' = 36*X^3*Y^2 - 27*X^6 - 8*Y^4 (4) */ +} + +static SECP256K1_INLINE void secp256k1_gej_double_nonzero(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr) { + VERIFY_CHECK(!secp256k1_gej_is_infinity(a)); + secp256k1_gej_double_var(r, a, rzr); +} + +static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr) { + /* Operations: 12 mul, 4 sqr, 2 normalize, 12 mul_int/add/negate */ + secp256k1_fe z22, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; + + if (a->infinity) { + VERIFY_CHECK(rzr == NULL); + *r = *b; + return; + } + + if (b->infinity) { + if (rzr != NULL) { + secp256k1_fe_set_int(rzr, 1); + } + *r = *a; + return; + } + + r->infinity = 0; + secp256k1_fe_sqr(&z22, &b->z); + secp256k1_fe_sqr(&z12, &a->z); + secp256k1_fe_mul(&u1, &a->x, &z22); + secp256k1_fe_mul(&u2, &b->x, &z12); + secp256k1_fe_mul(&s1, &a->y, &z22); secp256k1_fe_mul(&s1, &s1, &b->z); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); + secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); + if (secp256k1_fe_normalizes_to_zero_var(&h)) { + if (secp256k1_fe_normalizes_to_zero_var(&i)) { + secp256k1_gej_double_var(r, a, rzr); + } else { + if (rzr != NULL) { + secp256k1_fe_set_int(rzr, 0); + } + r->infinity = 1; + } + return; + } + secp256k1_fe_sqr(&i2, &i); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_mul(&h3, &h, &h2); + secp256k1_fe_mul(&h, &h, &b->z); + if (rzr != NULL) { + *rzr = h; + } + secp256k1_fe_mul(&r->z, &a->z, &h); + secp256k1_fe_mul(&t, &u1, &h2); + r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); + secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); + secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); + secp256k1_fe_add(&r->y, &h3); +} + +static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr) { + /* 8 mul, 3 sqr, 4 normalize, 12 mul_int/add/negate */ + secp256k1_fe z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; + if (a->infinity) { + VERIFY_CHECK(rzr == NULL); + secp256k1_gej_set_ge(r, b); + return; + } + if (b->infinity) { + if (rzr != NULL) { + secp256k1_fe_set_int(rzr, 1); + } + *r = *a; + return; + } + r->infinity = 0; + + secp256k1_fe_sqr(&z12, &a->z); + u1 = a->x; secp256k1_fe_normalize_weak(&u1); + secp256k1_fe_mul(&u2, &b->x, &z12); + s1 = a->y; secp256k1_fe_normalize_weak(&s1); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); + secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); + if (secp256k1_fe_normalizes_to_zero_var(&h)) { + if (secp256k1_fe_normalizes_to_zero_var(&i)) { + secp256k1_gej_double_var(r, a, rzr); + } else { + if (rzr != NULL) { + secp256k1_fe_set_int(rzr, 0); + } + r->infinity = 1; + } + return; + } + secp256k1_fe_sqr(&i2, &i); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_mul(&h3, &h, &h2); + if (rzr != NULL) { + *rzr = h; + } + secp256k1_fe_mul(&r->z, &a->z, &h); + secp256k1_fe_mul(&t, &u1, &h2); + r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); + secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); + secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); + secp256k1_fe_add(&r->y, &h3); +} + +static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv) { + /* 9 mul, 3 sqr, 4 normalize, 12 mul_int/add/negate */ + secp256k1_fe az, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; + + if (b->infinity) { + *r = *a; + return; + } + if (a->infinity) { + secp256k1_fe bzinv2, bzinv3; + r->infinity = b->infinity; + secp256k1_fe_sqr(&bzinv2, bzinv); + secp256k1_fe_mul(&bzinv3, &bzinv2, bzinv); + secp256k1_fe_mul(&r->x, &b->x, &bzinv2); + secp256k1_fe_mul(&r->y, &b->y, &bzinv3); + secp256k1_fe_set_int(&r->z, 1); + return; + } + r->infinity = 0; + + /** We need to calculate (rx,ry,rz) = (ax,ay,az) + (bx,by,1/bzinv). Due to + * secp256k1's isomorphism we can multiply the Z coordinates on both sides + * by bzinv, and get: (rx,ry,rz*bzinv) = (ax,ay,az*bzinv) + (bx,by,1). + * This means that (rx,ry,rz) can be calculated as + * (ax,ay,az*bzinv) + (bx,by,1), when not applying the bzinv factor to rz. + * The variable az below holds the modified Z coordinate for a, which is used + * for the computation of rx and ry, but not for rz. + */ + secp256k1_fe_mul(&az, &a->z, bzinv); + + secp256k1_fe_sqr(&z12, &az); + u1 = a->x; secp256k1_fe_normalize_weak(&u1); + secp256k1_fe_mul(&u2, &b->x, &z12); + s1 = a->y; secp256k1_fe_normalize_weak(&s1); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &az); + secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); + if (secp256k1_fe_normalizes_to_zero_var(&h)) { + if (secp256k1_fe_normalizes_to_zero_var(&i)) { + secp256k1_gej_double_var(r, a, NULL); + } else { + r->infinity = 1; + } + return; + } + secp256k1_fe_sqr(&i2, &i); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_mul(&h3, &h, &h2); + r->z = a->z; secp256k1_fe_mul(&r->z, &r->z, &h); + secp256k1_fe_mul(&t, &u1, &h2); + r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); + secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); + secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); + secp256k1_fe_add(&r->y, &h3); +} + + +static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b) { + /* Operations: 7 mul, 5 sqr, 4 normalize, 21 mul_int/add/negate/cmov */ + static const secp256k1_fe fe_1 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_fe zz, u1, u2, s1, s2, t, tt, m, n, q, rr; + secp256k1_fe m_alt, rr_alt; + int infinity, degenerate; + VERIFY_CHECK(!b->infinity); + VERIFY_CHECK(a->infinity == 0 || a->infinity == 1); + + /** In: + * Eric Brier and Marc Joye, Weierstrass Elliptic Curves and Side-Channel Attacks. + * In D. Naccache and P. Paillier, Eds., Public Key Cryptography, vol. 2274 of Lecture Notes in Computer Science, pages 335-345. Springer-Verlag, 2002. + * we find as solution for a unified addition/doubling formula: + * lambda = ((x1 + x2)^2 - x1 * x2 + a) / (y1 + y2), with a = 0 for secp256k1's curve equation. + * x3 = lambda^2 - (x1 + x2) + * 2*y3 = lambda * (x1 + x2 - 2 * x3) - (y1 + y2). + * + * Substituting x_i = Xi / Zi^2 and yi = Yi / Zi^3, for i=1,2,3, gives: + * U1 = X1*Z2^2, U2 = X2*Z1^2 + * S1 = Y1*Z2^3, S2 = Y2*Z1^3 + * Z = Z1*Z2 + * T = U1+U2 + * M = S1+S2 + * Q = T*M^2 + * R = T^2-U1*U2 + * X3 = 4*(R^2-Q) + * Y3 = 4*(R*(3*Q-2*R^2)-M^4) + * Z3 = 2*M*Z + * (Note that the paper uses xi = Xi / Zi and yi = Yi / Zi instead.) + * + * This formula has the benefit of being the same for both addition + * of distinct points and doubling. However, it breaks down in the + * case that either point is infinity, or that y1 = -y2. We handle + * these cases in the following ways: + * + * - If b is infinity we simply bail by means of a VERIFY_CHECK. + * + * - If a is infinity, we detect this, and at the end of the + * computation replace the result (which will be meaningless, + * but we compute to be constant-time) with b.x : b.y : 1. + * + * - If a = -b, we have y1 = -y2, which is a degenerate case. + * But here the answer is infinity, so we simply set the + * infinity flag of the result, overriding the computed values + * without even needing to cmov. + * + * - If y1 = -y2 but x1 != x2, which does occur thanks to certain + * properties of our curve (specifically, 1 has nontrivial cube + * roots in our field, and the curve equation has no x coefficient) + * then the answer is not infinity but also not given by the above + * equation. In this case, we cmov in place an alternate expression + * for lambda. Specifically (y1 - y2)/(x1 - x2). Where both these + * expressions for lambda are defined, they are equal, and can be + * obtained from each other by multiplication by (y1 + y2)/(y1 + y2) + * then substitution of x^3 + 7 for y^2 (using the curve equation). + * For all pairs of nonzero points (a, b) at least one is defined, + * so this covers everything. + */ + + secp256k1_fe_sqr(&zz, &a->z); /* z = Z1^2 */ + u1 = a->x; secp256k1_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */ + secp256k1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */ + s1 = a->y; secp256k1_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */ + secp256k1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z1^2 (1) */ + secp256k1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */ + t = u1; secp256k1_fe_add(&t, &u2); /* t = T = U1+U2 (2) */ + m = s1; secp256k1_fe_add(&m, &s2); /* m = M = S1+S2 (2) */ + secp256k1_fe_sqr(&rr, &t); /* rr = T^2 (1) */ + secp256k1_fe_negate(&m_alt, &u2, 1); /* Malt = -X2*Z1^2 */ + secp256k1_fe_mul(&tt, &u1, &m_alt); /* tt = -U1*U2 (2) */ + secp256k1_fe_add(&rr, &tt); /* rr = R = T^2-U1*U2 (3) */ + /** If lambda = R/M = 0/0 we have a problem (except in the "trivial" + * case that Z = z1z2 = 0, and this is special-cased later on). */ + degenerate = secp256k1_fe_normalizes_to_zero(&m) & + secp256k1_fe_normalizes_to_zero(&rr); + /* This only occurs when y1 == -y2 and x1^3 == x2^3, but x1 != x2. + * This means either x1 == beta*x2 or beta*x1 == x2, where beta is + * a nontrivial cube root of one. In either case, an alternate + * non-indeterminate expression for lambda is (y1 - y2)/(x1 - x2), + * so we set R/M equal to this. */ + rr_alt = s1; + secp256k1_fe_mul_int(&rr_alt, 2); /* rr = Y1*Z2^3 - Y2*Z1^3 (2) */ + secp256k1_fe_add(&m_alt, &u1); /* Malt = X1*Z2^2 - X2*Z1^2 */ + + secp256k1_fe_cmov(&rr_alt, &rr, !degenerate); + secp256k1_fe_cmov(&m_alt, &m, !degenerate); + /* Now Ralt / Malt = lambda and is guaranteed not to be 0/0. + * From here on out Ralt and Malt represent the numerator + * and denominator of lambda; R and M represent the explicit + * expressions x1^2 + x2^2 + x1x2 and y1 + y2. */ + secp256k1_fe_sqr(&n, &m_alt); /* n = Malt^2 (1) */ + secp256k1_fe_mul(&q, &n, &t); /* q = Q = T*Malt^2 (1) */ + /* These two lines use the observation that either M == Malt or M == 0, + * so M^3 * Malt is either Malt^4 (which is computed by squaring), or + * zero (which is "computed" by cmov). So the cost is one squaring + * versus two multiplications. */ + secp256k1_fe_sqr(&n, &n); + secp256k1_fe_cmov(&n, &m, degenerate); /* n = M^3 * Malt (2) */ + secp256k1_fe_sqr(&t, &rr_alt); /* t = Ralt^2 (1) */ + secp256k1_fe_mul(&r->z, &a->z, &m_alt); /* r->z = Malt*Z (1) */ + infinity = secp256k1_fe_normalizes_to_zero(&r->z) * (1 - a->infinity); + secp256k1_fe_mul_int(&r->z, 2); /* r->z = Z3 = 2*Malt*Z (2) */ + secp256k1_fe_negate(&q, &q, 1); /* q = -Q (2) */ + secp256k1_fe_add(&t, &q); /* t = Ralt^2-Q (3) */ + secp256k1_fe_normalize_weak(&t); + r->x = t; /* r->x = Ralt^2-Q (1) */ + secp256k1_fe_mul_int(&t, 2); /* t = 2*x3 (2) */ + secp256k1_fe_add(&t, &q); /* t = 2*x3 - Q: (4) */ + secp256k1_fe_mul(&t, &t, &rr_alt); /* t = Ralt*(2*x3 - Q) (1) */ + secp256k1_fe_add(&t, &n); /* t = Ralt*(2*x3 - Q) + M^3*Malt (3) */ + secp256k1_fe_negate(&r->y, &t, 3); /* r->y = Ralt*(Q - 2x3) - M^3*Malt (4) */ + secp256k1_fe_normalize_weak(&r->y); + secp256k1_fe_mul_int(&r->x, 4); /* r->x = X3 = 4*(Ralt^2-Q) */ + secp256k1_fe_mul_int(&r->y, 4); /* r->y = Y3 = 4*Ralt*(Q - 2x3) - 4*M^3*Malt (4) */ + + /** In case a->infinity == 1, replace r with (b->x, b->y, 1). */ + secp256k1_fe_cmov(&r->x, &b->x, a->infinity); + secp256k1_fe_cmov(&r->y, &b->y, a->infinity); + secp256k1_fe_cmov(&r->z, &fe_1, a->infinity); + r->infinity = infinity; +} + +static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *s) { + /* Operations: 4 mul, 1 sqr */ + secp256k1_fe zz; + VERIFY_CHECK(!secp256k1_fe_is_zero(s)); + secp256k1_fe_sqr(&zz, s); + secp256k1_fe_mul(&r->x, &r->x, &zz); /* r->x *= s^2 */ + secp256k1_fe_mul(&r->y, &r->y, &zz); + secp256k1_fe_mul(&r->y, &r->y, s); /* r->y *= s^3 */ + secp256k1_fe_mul(&r->z, &r->z, s); /* r->z *= s */ +} + +static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a) { + secp256k1_fe x, y; + VERIFY_CHECK(!a->infinity); + x = a->x; + secp256k1_fe_normalize(&x); + y = a->y; + secp256k1_fe_normalize(&y); + secp256k1_fe_to_storage(&r->x, &x); + secp256k1_fe_to_storage(&r->y, &y); +} + +static void secp256k1_ge_from_storage(secp256k1_ge *r, const secp256k1_ge_storage *a) { + secp256k1_fe_from_storage(&r->x, &a->x); + secp256k1_fe_from_storage(&r->y, &a->y); + r->infinity = 0; +} + +static SECP256K1_INLINE void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag) { + secp256k1_fe_storage_cmov(&r->x, &a->x, flag); + secp256k1_fe_storage_cmov(&r->y, &a->y, flag); +} + +#ifdef USE_ENDOMORPHISM +static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a) { + static const secp256k1_fe beta = SECP256K1_FE_CONST( + 0x7ae96a2bul, 0x657c0710ul, 0x6e64479eul, 0xac3434e9ul, + 0x9cf04975ul, 0x12f58995ul, 0xc1396c28ul, 0x719501eeul + ); + *r = *a; + secp256k1_fe_mul(&r->x, &r->x, &beta); +} +#endif + +static int secp256k1_gej_has_quad_y_var(const secp256k1_gej *a) { + secp256k1_fe yz; + + if (a->infinity) { + return 0; + } + + /* We rely on the fact that the Jacobi symbol of 1 / a->z^3 is the same as + * that of a->z. Thus a->y / a->z^3 is a quadratic residue iff a->y * a->z + is */ + secp256k1_fe_mul(&yz, &a->y, &a->z); + return secp256k1_fe_is_quad_var(&yz); +} + +#endif /* SECP256K1_GROUP_IMPL_H */ diff --git a/deps/secp256k1/src/hash.h b/deps/secp256k1/src/hash.h new file mode 100644 index 000000000..de26e4b89 --- /dev/null +++ b/deps/secp256k1/src/hash.h @@ -0,0 +1,41 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_HASH_H +#define SECP256K1_HASH_H + +#include +#include + +typedef struct { + uint32_t s[8]; + uint32_t buf[16]; /* In big endian */ + size_t bytes; +} secp256k1_sha256; + +static void secp256k1_sha256_initialize(secp256k1_sha256 *hash); +static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t size); +static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32); + +typedef struct { + secp256k1_sha256 inner, outer; +} secp256k1_hmac_sha256; + +static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t size); +static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size); +static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32); + +typedef struct { + unsigned char v[32]; + unsigned char k[32]; + int retry; +} secp256k1_rfc6979_hmac_sha256; + +static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen); +static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen); +static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng); + +#endif /* SECP256K1_HASH_H */ diff --git a/deps/secp256k1/src/hash_impl.h b/deps/secp256k1/src/hash_impl.h new file mode 100644 index 000000000..782f97216 --- /dev/null +++ b/deps/secp256k1/src/hash_impl.h @@ -0,0 +1,283 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_HASH_IMPL_H +#define SECP256K1_HASH_IMPL_H + +#include "hash.h" + +#include +#include +#include + +#define Ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) +#define Maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) +#define Sigma0(x) (((x) >> 2 | (x) << 30) ^ ((x) >> 13 | (x) << 19) ^ ((x) >> 22 | (x) << 10)) +#define Sigma1(x) (((x) >> 6 | (x) << 26) ^ ((x) >> 11 | (x) << 21) ^ ((x) >> 25 | (x) << 7)) +#define sigma0(x) (((x) >> 7 | (x) << 25) ^ ((x) >> 18 | (x) << 14) ^ ((x) >> 3)) +#define sigma1(x) (((x) >> 17 | (x) << 15) ^ ((x) >> 19 | (x) << 13) ^ ((x) >> 10)) + +#define Round(a,b,c,d,e,f,g,h,k,w) do { \ + uint32_t t1 = (h) + Sigma1(e) + Ch((e), (f), (g)) + (k) + (w); \ + uint32_t t2 = Sigma0(a) + Maj((a), (b), (c)); \ + (d) += t1; \ + (h) = t1 + t2; \ +} while(0) + +#ifdef WORDS_BIGENDIAN +#define BE32(x) (x) +#else +#define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24)) +#endif + +static void secp256k1_sha256_initialize(secp256k1_sha256 *hash) { + hash->s[0] = 0x6a09e667ul; + hash->s[1] = 0xbb67ae85ul; + hash->s[2] = 0x3c6ef372ul; + hash->s[3] = 0xa54ff53aul; + hash->s[4] = 0x510e527ful; + hash->s[5] = 0x9b05688cul; + hash->s[6] = 0x1f83d9abul; + hash->s[7] = 0x5be0cd19ul; + hash->bytes = 0; +} + +/** Perform one SHA-256 transformation, processing 16 big endian 32-bit words. */ +static void secp256k1_sha256_transform(uint32_t* s, const uint32_t* chunk) { + uint32_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4], f = s[5], g = s[6], h = s[7]; + uint32_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15; + + Round(a, b, c, d, e, f, g, h, 0x428a2f98, w0 = BE32(chunk[0])); + Round(h, a, b, c, d, e, f, g, 0x71374491, w1 = BE32(chunk[1])); + Round(g, h, a, b, c, d, e, f, 0xb5c0fbcf, w2 = BE32(chunk[2])); + Round(f, g, h, a, b, c, d, e, 0xe9b5dba5, w3 = BE32(chunk[3])); + Round(e, f, g, h, a, b, c, d, 0x3956c25b, w4 = BE32(chunk[4])); + Round(d, e, f, g, h, a, b, c, 0x59f111f1, w5 = BE32(chunk[5])); + Round(c, d, e, f, g, h, a, b, 0x923f82a4, w6 = BE32(chunk[6])); + Round(b, c, d, e, f, g, h, a, 0xab1c5ed5, w7 = BE32(chunk[7])); + Round(a, b, c, d, e, f, g, h, 0xd807aa98, w8 = BE32(chunk[8])); + Round(h, a, b, c, d, e, f, g, 0x12835b01, w9 = BE32(chunk[9])); + Round(g, h, a, b, c, d, e, f, 0x243185be, w10 = BE32(chunk[10])); + Round(f, g, h, a, b, c, d, e, 0x550c7dc3, w11 = BE32(chunk[11])); + Round(e, f, g, h, a, b, c, d, 0x72be5d74, w12 = BE32(chunk[12])); + Round(d, e, f, g, h, a, b, c, 0x80deb1fe, w13 = BE32(chunk[13])); + Round(c, d, e, f, g, h, a, b, 0x9bdc06a7, w14 = BE32(chunk[14])); + Round(b, c, d, e, f, g, h, a, 0xc19bf174, w15 = BE32(chunk[15])); + + Round(a, b, c, d, e, f, g, h, 0xe49b69c1, w0 += sigma1(w14) + w9 + sigma0(w1)); + Round(h, a, b, c, d, e, f, g, 0xefbe4786, w1 += sigma1(w15) + w10 + sigma0(w2)); + Round(g, h, a, b, c, d, e, f, 0x0fc19dc6, w2 += sigma1(w0) + w11 + sigma0(w3)); + Round(f, g, h, a, b, c, d, e, 0x240ca1cc, w3 += sigma1(w1) + w12 + sigma0(w4)); + Round(e, f, g, h, a, b, c, d, 0x2de92c6f, w4 += sigma1(w2) + w13 + sigma0(w5)); + Round(d, e, f, g, h, a, b, c, 0x4a7484aa, w5 += sigma1(w3) + w14 + sigma0(w6)); + Round(c, d, e, f, g, h, a, b, 0x5cb0a9dc, w6 += sigma1(w4) + w15 + sigma0(w7)); + Round(b, c, d, e, f, g, h, a, 0x76f988da, w7 += sigma1(w5) + w0 + sigma0(w8)); + Round(a, b, c, d, e, f, g, h, 0x983e5152, w8 += sigma1(w6) + w1 + sigma0(w9)); + Round(h, a, b, c, d, e, f, g, 0xa831c66d, w9 += sigma1(w7) + w2 + sigma0(w10)); + Round(g, h, a, b, c, d, e, f, 0xb00327c8, w10 += sigma1(w8) + w3 + sigma0(w11)); + Round(f, g, h, a, b, c, d, e, 0xbf597fc7, w11 += sigma1(w9) + w4 + sigma0(w12)); + Round(e, f, g, h, a, b, c, d, 0xc6e00bf3, w12 += sigma1(w10) + w5 + sigma0(w13)); + Round(d, e, f, g, h, a, b, c, 0xd5a79147, w13 += sigma1(w11) + w6 + sigma0(w14)); + Round(c, d, e, f, g, h, a, b, 0x06ca6351, w14 += sigma1(w12) + w7 + sigma0(w15)); + Round(b, c, d, e, f, g, h, a, 0x14292967, w15 += sigma1(w13) + w8 + sigma0(w0)); + + Round(a, b, c, d, e, f, g, h, 0x27b70a85, w0 += sigma1(w14) + w9 + sigma0(w1)); + Round(h, a, b, c, d, e, f, g, 0x2e1b2138, w1 += sigma1(w15) + w10 + sigma0(w2)); + Round(g, h, a, b, c, d, e, f, 0x4d2c6dfc, w2 += sigma1(w0) + w11 + sigma0(w3)); + Round(f, g, h, a, b, c, d, e, 0x53380d13, w3 += sigma1(w1) + w12 + sigma0(w4)); + Round(e, f, g, h, a, b, c, d, 0x650a7354, w4 += sigma1(w2) + w13 + sigma0(w5)); + Round(d, e, f, g, h, a, b, c, 0x766a0abb, w5 += sigma1(w3) + w14 + sigma0(w6)); + Round(c, d, e, f, g, h, a, b, 0x81c2c92e, w6 += sigma1(w4) + w15 + sigma0(w7)); + Round(b, c, d, e, f, g, h, a, 0x92722c85, w7 += sigma1(w5) + w0 + sigma0(w8)); + Round(a, b, c, d, e, f, g, h, 0xa2bfe8a1, w8 += sigma1(w6) + w1 + sigma0(w9)); + Round(h, a, b, c, d, e, f, g, 0xa81a664b, w9 += sigma1(w7) + w2 + sigma0(w10)); + Round(g, h, a, b, c, d, e, f, 0xc24b8b70, w10 += sigma1(w8) + w3 + sigma0(w11)); + Round(f, g, h, a, b, c, d, e, 0xc76c51a3, w11 += sigma1(w9) + w4 + sigma0(w12)); + Round(e, f, g, h, a, b, c, d, 0xd192e819, w12 += sigma1(w10) + w5 + sigma0(w13)); + Round(d, e, f, g, h, a, b, c, 0xd6990624, w13 += sigma1(w11) + w6 + sigma0(w14)); + Round(c, d, e, f, g, h, a, b, 0xf40e3585, w14 += sigma1(w12) + w7 + sigma0(w15)); + Round(b, c, d, e, f, g, h, a, 0x106aa070, w15 += sigma1(w13) + w8 + sigma0(w0)); + + Round(a, b, c, d, e, f, g, h, 0x19a4c116, w0 += sigma1(w14) + w9 + sigma0(w1)); + Round(h, a, b, c, d, e, f, g, 0x1e376c08, w1 += sigma1(w15) + w10 + sigma0(w2)); + Round(g, h, a, b, c, d, e, f, 0x2748774c, w2 += sigma1(w0) + w11 + sigma0(w3)); + Round(f, g, h, a, b, c, d, e, 0x34b0bcb5, w3 += sigma1(w1) + w12 + sigma0(w4)); + Round(e, f, g, h, a, b, c, d, 0x391c0cb3, w4 += sigma1(w2) + w13 + sigma0(w5)); + Round(d, e, f, g, h, a, b, c, 0x4ed8aa4a, w5 += sigma1(w3) + w14 + sigma0(w6)); + Round(c, d, e, f, g, h, a, b, 0x5b9cca4f, w6 += sigma1(w4) + w15 + sigma0(w7)); + Round(b, c, d, e, f, g, h, a, 0x682e6ff3, w7 += sigma1(w5) + w0 + sigma0(w8)); + Round(a, b, c, d, e, f, g, h, 0x748f82ee, w8 += sigma1(w6) + w1 + sigma0(w9)); + Round(h, a, b, c, d, e, f, g, 0x78a5636f, w9 += sigma1(w7) + w2 + sigma0(w10)); + Round(g, h, a, b, c, d, e, f, 0x84c87814, w10 += sigma1(w8) + w3 + sigma0(w11)); + Round(f, g, h, a, b, c, d, e, 0x8cc70208, w11 += sigma1(w9) + w4 + sigma0(w12)); + Round(e, f, g, h, a, b, c, d, 0x90befffa, w12 += sigma1(w10) + w5 + sigma0(w13)); + Round(d, e, f, g, h, a, b, c, 0xa4506ceb, w13 += sigma1(w11) + w6 + sigma0(w14)); + Round(c, d, e, f, g, h, a, b, 0xbef9a3f7, w14 + sigma1(w12) + w7 + sigma0(w15)); + Round(b, c, d, e, f, g, h, a, 0xc67178f2, w15 + sigma1(w13) + w8 + sigma0(w0)); + + s[0] += a; + s[1] += b; + s[2] += c; + s[3] += d; + s[4] += e; + s[5] += f; + s[6] += g; + s[7] += h; +} + +static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t len) { + size_t bufsize = hash->bytes & 0x3F; + hash->bytes += len; + VERIFY_CHECK(hash->bytes >= len); + while (len >= 64 - bufsize) { + /* Fill the buffer, and process it. */ + size_t chunk_len = 64 - bufsize; + memcpy(((unsigned char*)hash->buf) + bufsize, data, chunk_len); + data += chunk_len; + len -= chunk_len; + secp256k1_sha256_transform(hash->s, hash->buf); + bufsize = 0; + } + if (len) { + /* Fill the buffer with what remains. */ + memcpy(((unsigned char*)hash->buf) + bufsize, data, len); + } +} + +static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32) { + static const unsigned char pad[64] = {0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + uint32_t sizedesc[2]; + uint32_t out[8]; + int i = 0; + sizedesc[0] = BE32(hash->bytes >> 29); + sizedesc[1] = BE32(hash->bytes << 3); + secp256k1_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64)); + secp256k1_sha256_write(hash, (const unsigned char*)sizedesc, 8); + for (i = 0; i < 8; i++) { + out[i] = BE32(hash->s[i]); + hash->s[i] = 0; + } + memcpy(out32, (const unsigned char*)out, 32); +} + +static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t keylen) { + size_t n; + unsigned char rkey[64]; + if (keylen <= sizeof(rkey)) { + memcpy(rkey, key, keylen); + memset(rkey + keylen, 0, sizeof(rkey) - keylen); + } else { + secp256k1_sha256 sha256; + secp256k1_sha256_initialize(&sha256); + secp256k1_sha256_write(&sha256, key, keylen); + secp256k1_sha256_finalize(&sha256, rkey); + memset(rkey + 32, 0, 32); + } + + secp256k1_sha256_initialize(&hash->outer); + for (n = 0; n < sizeof(rkey); n++) { + rkey[n] ^= 0x5c; + } + secp256k1_sha256_write(&hash->outer, rkey, sizeof(rkey)); + + secp256k1_sha256_initialize(&hash->inner); + for (n = 0; n < sizeof(rkey); n++) { + rkey[n] ^= 0x5c ^ 0x36; + } + secp256k1_sha256_write(&hash->inner, rkey, sizeof(rkey)); + memset(rkey, 0, sizeof(rkey)); +} + +static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size) { + secp256k1_sha256_write(&hash->inner, data, size); +} + +static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32) { + unsigned char temp[32]; + secp256k1_sha256_finalize(&hash->inner, temp); + secp256k1_sha256_write(&hash->outer, temp, 32); + memset(temp, 0, 32); + secp256k1_sha256_finalize(&hash->outer, out32); +} + + +static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen) { + secp256k1_hmac_sha256 hmac; + static const unsigned char zero[1] = {0x00}; + static const unsigned char one[1] = {0x01}; + + memset(rng->v, 0x01, 32); /* RFC6979 3.2.b. */ + memset(rng->k, 0x00, 32); /* RFC6979 3.2.c. */ + + /* RFC6979 3.2.d. */ + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_write(&hmac, zero, 1); + secp256k1_hmac_sha256_write(&hmac, key, keylen); + secp256k1_hmac_sha256_finalize(&hmac, rng->k); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); + + /* RFC6979 3.2.f. */ + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_write(&hmac, one, 1); + secp256k1_hmac_sha256_write(&hmac, key, keylen); + secp256k1_hmac_sha256_finalize(&hmac, rng->k); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); + rng->retry = 0; +} + +static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen) { + /* RFC6979 3.2.h. */ + static const unsigned char zero[1] = {0x00}; + if (rng->retry) { + secp256k1_hmac_sha256 hmac; + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_write(&hmac, zero, 1); + secp256k1_hmac_sha256_finalize(&hmac, rng->k); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); + } + + while (outlen > 0) { + secp256k1_hmac_sha256 hmac; + int now = outlen; + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); + if (now > 32) { + now = 32; + } + memcpy(out, rng->v, now); + out += now; + outlen -= now; + } + + rng->retry = 1; +} + +static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng) { + memset(rng->k, 0, 32); + memset(rng->v, 0, 32); + rng->retry = 0; +} + +#undef BE32 +#undef Round +#undef sigma1 +#undef sigma0 +#undef Sigma1 +#undef Sigma0 +#undef Maj +#undef Ch + +#endif /* SECP256K1_HASH_IMPL_H */ diff --git a/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1.java b/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1.java new file mode 100644 index 000000000..1c67802fb --- /dev/null +++ b/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1.java @@ -0,0 +1,446 @@ +/* + * Copyright 2013 Google Inc. + * Copyright 2014-2016 the libsecp256k1 contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.bitcoin; + +import java.nio.ByteBuffer; +import java.nio.ByteOrder; + +import java.math.BigInteger; +import com.google.common.base.Preconditions; +import java.util.concurrent.locks.Lock; +import java.util.concurrent.locks.ReentrantReadWriteLock; +import static org.bitcoin.NativeSecp256k1Util.*; + +/** + *

This class holds native methods to handle ECDSA verification.

+ * + *

You can find an example library that can be used for this at https://github.com/bitcoin/secp256k1

+ * + *

To build secp256k1 for use with bitcoinj, run + * `./configure --enable-jni --enable-experimental --enable-module-ecdh` + * and `make` then copy `.libs/libsecp256k1.so` to your system library path + * or point the JVM to the folder containing it with -Djava.library.path + *

+ */ +public class NativeSecp256k1 { + + private static final ReentrantReadWriteLock rwl = new ReentrantReadWriteLock(); + private static final Lock r = rwl.readLock(); + private static final Lock w = rwl.writeLock(); + private static ThreadLocal nativeECDSABuffer = new ThreadLocal(); + /** + * Verifies the given secp256k1 signature in native code. + * Calling when enabled == false is undefined (probably library not loaded) + * + * @param data The data which was signed, must be exactly 32 bytes + * @param signature The signature + * @param pub The public key which did the signing + */ + public static boolean verify(byte[] data, byte[] signature, byte[] pub) throws AssertFailException{ + Preconditions.checkArgument(data.length == 32 && signature.length <= 520 && pub.length <= 520); + + ByteBuffer byteBuff = nativeECDSABuffer.get(); + if (byteBuff == null || byteBuff.capacity() < 520) { + byteBuff = ByteBuffer.allocateDirect(520); + byteBuff.order(ByteOrder.nativeOrder()); + nativeECDSABuffer.set(byteBuff); + } + byteBuff.rewind(); + byteBuff.put(data); + byteBuff.put(signature); + byteBuff.put(pub); + + byte[][] retByteArray; + + r.lock(); + try { + return secp256k1_ecdsa_verify(byteBuff, Secp256k1Context.getContext(), signature.length, pub.length) == 1; + } finally { + r.unlock(); + } + } + + /** + * libsecp256k1 Create an ECDSA signature. + * + * @param data Message hash, 32 bytes + * @param key Secret key, 32 bytes + * + * Return values + * @param sig byte array of signature + */ + public static byte[] sign(byte[] data, byte[] sec) throws AssertFailException{ + Preconditions.checkArgument(data.length == 32 && sec.length <= 32); + + ByteBuffer byteBuff = nativeECDSABuffer.get(); + if (byteBuff == null || byteBuff.capacity() < 32 + 32) { + byteBuff = ByteBuffer.allocateDirect(32 + 32); + byteBuff.order(ByteOrder.nativeOrder()); + nativeECDSABuffer.set(byteBuff); + } + byteBuff.rewind(); + byteBuff.put(data); + byteBuff.put(sec); + + byte[][] retByteArray; + + r.lock(); + try { + retByteArray = secp256k1_ecdsa_sign(byteBuff, Secp256k1Context.getContext()); + } finally { + r.unlock(); + } + + byte[] sigArr = retByteArray[0]; + int sigLen = new BigInteger(new byte[] { retByteArray[1][0] }).intValue(); + int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); + + assertEquals(sigArr.length, sigLen, "Got bad signature length."); + + return retVal == 0 ? new byte[0] : sigArr; + } + + /** + * libsecp256k1 Seckey Verify - returns 1 if valid, 0 if invalid + * + * @param seckey ECDSA Secret key, 32 bytes + */ + public static boolean secKeyVerify(byte[] seckey) { + Preconditions.checkArgument(seckey.length == 32); + + ByteBuffer byteBuff = nativeECDSABuffer.get(); + if (byteBuff == null || byteBuff.capacity() < seckey.length) { + byteBuff = ByteBuffer.allocateDirect(seckey.length); + byteBuff.order(ByteOrder.nativeOrder()); + nativeECDSABuffer.set(byteBuff); + } + byteBuff.rewind(); + byteBuff.put(seckey); + + r.lock(); + try { + return secp256k1_ec_seckey_verify(byteBuff,Secp256k1Context.getContext()) == 1; + } finally { + r.unlock(); + } + } + + + /** + * libsecp256k1 Compute Pubkey - computes public key from secret key + * + * @param seckey ECDSA Secret key, 32 bytes + * + * Return values + * @param pubkey ECDSA Public key, 33 or 65 bytes + */ + //TODO add a 'compressed' arg + public static byte[] computePubkey(byte[] seckey) throws AssertFailException{ + Preconditions.checkArgument(seckey.length == 32); + + ByteBuffer byteBuff = nativeECDSABuffer.get(); + if (byteBuff == null || byteBuff.capacity() < seckey.length) { + byteBuff = ByteBuffer.allocateDirect(seckey.length); + byteBuff.order(ByteOrder.nativeOrder()); + nativeECDSABuffer.set(byteBuff); + } + byteBuff.rewind(); + byteBuff.put(seckey); + + byte[][] retByteArray; + + r.lock(); + try { + retByteArray = secp256k1_ec_pubkey_create(byteBuff, Secp256k1Context.getContext()); + } finally { + r.unlock(); + } + + byte[] pubArr = retByteArray[0]; + int pubLen = new BigInteger(new byte[] { retByteArray[1][0] }).intValue(); + int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); + + assertEquals(pubArr.length, pubLen, "Got bad pubkey length."); + + return retVal == 0 ? new byte[0]: pubArr; + } + + /** + * libsecp256k1 Cleanup - This destroys the secp256k1 context object + * This should be called at the end of the program for proper cleanup of the context. + */ + public static synchronized void cleanup() { + w.lock(); + try { + secp256k1_destroy_context(Secp256k1Context.getContext()); + } finally { + w.unlock(); + } + } + + public static long cloneContext() { + r.lock(); + try { + return secp256k1_ctx_clone(Secp256k1Context.getContext()); + } finally { r.unlock(); } + } + + /** + * libsecp256k1 PrivKey Tweak-Mul - Tweak privkey by multiplying to it + * + * @param tweak some bytes to tweak with + * @param seckey 32-byte seckey + */ + public static byte[] privKeyTweakMul(byte[] privkey, byte[] tweak) throws AssertFailException{ + Preconditions.checkArgument(privkey.length == 32); + + ByteBuffer byteBuff = nativeECDSABuffer.get(); + if (byteBuff == null || byteBuff.capacity() < privkey.length + tweak.length) { + byteBuff = ByteBuffer.allocateDirect(privkey.length + tweak.length); + byteBuff.order(ByteOrder.nativeOrder()); + nativeECDSABuffer.set(byteBuff); + } + byteBuff.rewind(); + byteBuff.put(privkey); + byteBuff.put(tweak); + + byte[][] retByteArray; + r.lock(); + try { + retByteArray = secp256k1_privkey_tweak_mul(byteBuff,Secp256k1Context.getContext()); + } finally { + r.unlock(); + } + + byte[] privArr = retByteArray[0]; + + int privLen = (byte) new BigInteger(new byte[] { retByteArray[1][0] }).intValue() & 0xFF; + int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); + + assertEquals(privArr.length, privLen, "Got bad pubkey length."); + + assertEquals(retVal, 1, "Failed return value check."); + + return privArr; + } + + /** + * libsecp256k1 PrivKey Tweak-Add - Tweak privkey by adding to it + * + * @param tweak some bytes to tweak with + * @param seckey 32-byte seckey + */ + public static byte[] privKeyTweakAdd(byte[] privkey, byte[] tweak) throws AssertFailException{ + Preconditions.checkArgument(privkey.length == 32); + + ByteBuffer byteBuff = nativeECDSABuffer.get(); + if (byteBuff == null || byteBuff.capacity() < privkey.length + tweak.length) { + byteBuff = ByteBuffer.allocateDirect(privkey.length + tweak.length); + byteBuff.order(ByteOrder.nativeOrder()); + nativeECDSABuffer.set(byteBuff); + } + byteBuff.rewind(); + byteBuff.put(privkey); + byteBuff.put(tweak); + + byte[][] retByteArray; + r.lock(); + try { + retByteArray = secp256k1_privkey_tweak_add(byteBuff,Secp256k1Context.getContext()); + } finally { + r.unlock(); + } + + byte[] privArr = retByteArray[0]; + + int privLen = (byte) new BigInteger(new byte[] { retByteArray[1][0] }).intValue() & 0xFF; + int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); + + assertEquals(privArr.length, privLen, "Got bad pubkey length."); + + assertEquals(retVal, 1, "Failed return value check."); + + return privArr; + } + + /** + * libsecp256k1 PubKey Tweak-Add - Tweak pubkey by adding to it + * + * @param tweak some bytes to tweak with + * @param pubkey 32-byte seckey + */ + public static byte[] pubKeyTweakAdd(byte[] pubkey, byte[] tweak) throws AssertFailException{ + Preconditions.checkArgument(pubkey.length == 33 || pubkey.length == 65); + + ByteBuffer byteBuff = nativeECDSABuffer.get(); + if (byteBuff == null || byteBuff.capacity() < pubkey.length + tweak.length) { + byteBuff = ByteBuffer.allocateDirect(pubkey.length + tweak.length); + byteBuff.order(ByteOrder.nativeOrder()); + nativeECDSABuffer.set(byteBuff); + } + byteBuff.rewind(); + byteBuff.put(pubkey); + byteBuff.put(tweak); + + byte[][] retByteArray; + r.lock(); + try { + retByteArray = secp256k1_pubkey_tweak_add(byteBuff,Secp256k1Context.getContext(), pubkey.length); + } finally { + r.unlock(); + } + + byte[] pubArr = retByteArray[0]; + + int pubLen = (byte) new BigInteger(new byte[] { retByteArray[1][0] }).intValue() & 0xFF; + int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); + + assertEquals(pubArr.length, pubLen, "Got bad pubkey length."); + + assertEquals(retVal, 1, "Failed return value check."); + + return pubArr; + } + + /** + * libsecp256k1 PubKey Tweak-Mul - Tweak pubkey by multiplying to it + * + * @param tweak some bytes to tweak with + * @param pubkey 32-byte seckey + */ + public static byte[] pubKeyTweakMul(byte[] pubkey, byte[] tweak) throws AssertFailException{ + Preconditions.checkArgument(pubkey.length == 33 || pubkey.length == 65); + + ByteBuffer byteBuff = nativeECDSABuffer.get(); + if (byteBuff == null || byteBuff.capacity() < pubkey.length + tweak.length) { + byteBuff = ByteBuffer.allocateDirect(pubkey.length + tweak.length); + byteBuff.order(ByteOrder.nativeOrder()); + nativeECDSABuffer.set(byteBuff); + } + byteBuff.rewind(); + byteBuff.put(pubkey); + byteBuff.put(tweak); + + byte[][] retByteArray; + r.lock(); + try { + retByteArray = secp256k1_pubkey_tweak_mul(byteBuff,Secp256k1Context.getContext(), pubkey.length); + } finally { + r.unlock(); + } + + byte[] pubArr = retByteArray[0]; + + int pubLen = (byte) new BigInteger(new byte[] { retByteArray[1][0] }).intValue() & 0xFF; + int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); + + assertEquals(pubArr.length, pubLen, "Got bad pubkey length."); + + assertEquals(retVal, 1, "Failed return value check."); + + return pubArr; + } + + /** + * libsecp256k1 create ECDH secret - constant time ECDH calculation + * + * @param seckey byte array of secret key used in exponentiaion + * @param pubkey byte array of public key used in exponentiaion + */ + public static byte[] createECDHSecret(byte[] seckey, byte[] pubkey) throws AssertFailException{ + Preconditions.checkArgument(seckey.length <= 32 && pubkey.length <= 65); + + ByteBuffer byteBuff = nativeECDSABuffer.get(); + if (byteBuff == null || byteBuff.capacity() < 32 + pubkey.length) { + byteBuff = ByteBuffer.allocateDirect(32 + pubkey.length); + byteBuff.order(ByteOrder.nativeOrder()); + nativeECDSABuffer.set(byteBuff); + } + byteBuff.rewind(); + byteBuff.put(seckey); + byteBuff.put(pubkey); + + byte[][] retByteArray; + r.lock(); + try { + retByteArray = secp256k1_ecdh(byteBuff, Secp256k1Context.getContext(), pubkey.length); + } finally { + r.unlock(); + } + + byte[] resArr = retByteArray[0]; + int retVal = new BigInteger(new byte[] { retByteArray[1][0] }).intValue(); + + assertEquals(resArr.length, 32, "Got bad result length."); + assertEquals(retVal, 1, "Failed return value check."); + + return resArr; + } + + /** + * libsecp256k1 randomize - updates the context randomization + * + * @param seed 32-byte random seed + */ + public static synchronized boolean randomize(byte[] seed) throws AssertFailException{ + Preconditions.checkArgument(seed.length == 32 || seed == null); + + ByteBuffer byteBuff = nativeECDSABuffer.get(); + if (byteBuff == null || byteBuff.capacity() < seed.length) { + byteBuff = ByteBuffer.allocateDirect(seed.length); + byteBuff.order(ByteOrder.nativeOrder()); + nativeECDSABuffer.set(byteBuff); + } + byteBuff.rewind(); + byteBuff.put(seed); + + w.lock(); + try { + return secp256k1_context_randomize(byteBuff, Secp256k1Context.getContext()) == 1; + } finally { + w.unlock(); + } + } + + private static native long secp256k1_ctx_clone(long context); + + private static native int secp256k1_context_randomize(ByteBuffer byteBuff, long context); + + private static native byte[][] secp256k1_privkey_tweak_add(ByteBuffer byteBuff, long context); + + private static native byte[][] secp256k1_privkey_tweak_mul(ByteBuffer byteBuff, long context); + + private static native byte[][] secp256k1_pubkey_tweak_add(ByteBuffer byteBuff, long context, int pubLen); + + private static native byte[][] secp256k1_pubkey_tweak_mul(ByteBuffer byteBuff, long context, int pubLen); + + private static native void secp256k1_destroy_context(long context); + + private static native int secp256k1_ecdsa_verify(ByteBuffer byteBuff, long context, int sigLen, int pubLen); + + private static native byte[][] secp256k1_ecdsa_sign(ByteBuffer byteBuff, long context); + + private static native int secp256k1_ec_seckey_verify(ByteBuffer byteBuff, long context); + + private static native byte[][] secp256k1_ec_pubkey_create(ByteBuffer byteBuff, long context); + + private static native byte[][] secp256k1_ec_pubkey_parse(ByteBuffer byteBuff, long context, int inputLen); + + private static native byte[][] secp256k1_ecdh(ByteBuffer byteBuff, long context, int inputLen); + +} diff --git a/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Test.java b/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Test.java new file mode 100644 index 000000000..710d9f0bb --- /dev/null +++ b/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Test.java @@ -0,0 +1,225 @@ +package org.bitcoin; + +import com.google.common.io.BaseEncoding; +import java.util.Arrays; +import java.math.BigInteger; +import static org.bitcoin.NativeSecp256k1Util.*; + +/** + * This class holds test cases defined for testing this library. + */ +public class NativeSecp256k1Test { + + //TODO improve comments/add more tests + /** + * This tests verify() for a valid signature + */ + public static void testVerifyPos() throws AssertFailException{ + boolean result = false; + byte[] data = BaseEncoding.base16().lowerCase().decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()); //sha256hash of "testing" + byte[] sig = BaseEncoding.base16().lowerCase().decode("3044022079BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980220294F14E883B3F525B5367756C2A11EF6CF84B730B36C17CB0C56F0AAB2C98589".toLowerCase()); + byte[] pub = BaseEncoding.base16().lowerCase().decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase()); + + result = NativeSecp256k1.verify( data, sig, pub); + assertEquals( result, true , "testVerifyPos"); + } + + /** + * This tests verify() for a non-valid signature + */ + public static void testVerifyNeg() throws AssertFailException{ + boolean result = false; + byte[] data = BaseEncoding.base16().lowerCase().decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A91".toLowerCase()); //sha256hash of "testing" + byte[] sig = BaseEncoding.base16().lowerCase().decode("3044022079BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980220294F14E883B3F525B5367756C2A11EF6CF84B730B36C17CB0C56F0AAB2C98589".toLowerCase()); + byte[] pub = BaseEncoding.base16().lowerCase().decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase()); + + result = NativeSecp256k1.verify( data, sig, pub); + //System.out.println(" TEST " + new BigInteger(1, resultbytes).toString(16)); + assertEquals( result, false , "testVerifyNeg"); + } + + /** + * This tests secret key verify() for a valid secretkey + */ + public static void testSecKeyVerifyPos() throws AssertFailException{ + boolean result = false; + byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); + + result = NativeSecp256k1.secKeyVerify( sec ); + //System.out.println(" TEST " + new BigInteger(1, resultbytes).toString(16)); + assertEquals( result, true , "testSecKeyVerifyPos"); + } + + /** + * This tests secret key verify() for an invalid secretkey + */ + public static void testSecKeyVerifyNeg() throws AssertFailException{ + boolean result = false; + byte[] sec = BaseEncoding.base16().lowerCase().decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".toLowerCase()); + + result = NativeSecp256k1.secKeyVerify( sec ); + //System.out.println(" TEST " + new BigInteger(1, resultbytes).toString(16)); + assertEquals( result, false , "testSecKeyVerifyNeg"); + } + + /** + * This tests public key create() for a valid secretkey + */ + public static void testPubKeyCreatePos() throws AssertFailException{ + byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); + + byte[] resultArr = NativeSecp256k1.computePubkey( sec); + String pubkeyString = BaseEncoding.base16().encode(resultArr); + assertEquals( pubkeyString , "04C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D2103ED494718C697AC9AEBCFD19612E224DB46661011863ED2FC54E71861E2A6" , "testPubKeyCreatePos"); + } + + /** + * This tests public key create() for a invalid secretkey + */ + public static void testPubKeyCreateNeg() throws AssertFailException{ + byte[] sec = BaseEncoding.base16().lowerCase().decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".toLowerCase()); + + byte[] resultArr = NativeSecp256k1.computePubkey( sec); + String pubkeyString = BaseEncoding.base16().encode(resultArr); + assertEquals( pubkeyString, "" , "testPubKeyCreateNeg"); + } + + /** + * This tests sign() for a valid secretkey + */ + public static void testSignPos() throws AssertFailException{ + + byte[] data = BaseEncoding.base16().lowerCase().decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()); //sha256hash of "testing" + byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); + + byte[] resultArr = NativeSecp256k1.sign(data, sec); + String sigString = BaseEncoding.base16().encode(resultArr); + assertEquals( sigString, "30440220182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A202201C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9" , "testSignPos"); + } + + /** + * This tests sign() for a invalid secretkey + */ + public static void testSignNeg() throws AssertFailException{ + byte[] data = BaseEncoding.base16().lowerCase().decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()); //sha256hash of "testing" + byte[] sec = BaseEncoding.base16().lowerCase().decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".toLowerCase()); + + byte[] resultArr = NativeSecp256k1.sign(data, sec); + String sigString = BaseEncoding.base16().encode(resultArr); + assertEquals( sigString, "" , "testSignNeg"); + } + + /** + * This tests private key tweak-add + */ + public static void testPrivKeyTweakAdd_1() throws AssertFailException { + byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); + byte[] data = BaseEncoding.base16().lowerCase().decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()); //sha256hash of "tweak" + + byte[] resultArr = NativeSecp256k1.privKeyTweakAdd( sec , data ); + String sigString = BaseEncoding.base16().encode(resultArr); + assertEquals( sigString , "A168571E189E6F9A7E2D657A4B53AE99B909F7E712D1C23CED28093CD57C88F3" , "testPrivKeyAdd_1"); + } + + /** + * This tests private key tweak-mul + */ + public static void testPrivKeyTweakMul_1() throws AssertFailException { + byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); + byte[] data = BaseEncoding.base16().lowerCase().decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()); //sha256hash of "tweak" + + byte[] resultArr = NativeSecp256k1.privKeyTweakMul( sec , data ); + String sigString = BaseEncoding.base16().encode(resultArr); + assertEquals( sigString , "97F8184235F101550F3C71C927507651BD3F1CDB4A5A33B8986ACF0DEE20FFFC" , "testPrivKeyMul_1"); + } + + /** + * This tests private key tweak-add uncompressed + */ + public static void testPrivKeyTweakAdd_2() throws AssertFailException { + byte[] pub = BaseEncoding.base16().lowerCase().decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase()); + byte[] data = BaseEncoding.base16().lowerCase().decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()); //sha256hash of "tweak" + + byte[] resultArr = NativeSecp256k1.pubKeyTweakAdd( pub , data ); + String sigString = BaseEncoding.base16().encode(resultArr); + assertEquals( sigString , "0411C6790F4B663CCE607BAAE08C43557EDC1A4D11D88DFCB3D841D0C6A941AF525A268E2A863C148555C48FB5FBA368E88718A46E205FABC3DBA2CCFFAB0796EF" , "testPrivKeyAdd_2"); + } + + /** + * This tests private key tweak-mul uncompressed + */ + public static void testPrivKeyTweakMul_2() throws AssertFailException { + byte[] pub = BaseEncoding.base16().lowerCase().decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase()); + byte[] data = BaseEncoding.base16().lowerCase().decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()); //sha256hash of "tweak" + + byte[] resultArr = NativeSecp256k1.pubKeyTweakMul( pub , data ); + String sigString = BaseEncoding.base16().encode(resultArr); + assertEquals( sigString , "04E0FE6FE55EBCA626B98A807F6CAF654139E14E5E3698F01A9A658E21DC1D2791EC060D4F412A794D5370F672BC94B722640B5F76914151CFCA6E712CA48CC589" , "testPrivKeyMul_2"); + } + + /** + * This tests seed randomization + */ + public static void testRandomize() throws AssertFailException { + byte[] seed = BaseEncoding.base16().lowerCase().decode("A441B15FE9A3CF56661190A0B93B9DEC7D04127288CC87250967CF3B52894D11".toLowerCase()); //sha256hash of "random" + boolean result = NativeSecp256k1.randomize(seed); + assertEquals( result, true, "testRandomize"); + } + + public static void testCreateECDHSecret() throws AssertFailException{ + + byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); + byte[] pub = BaseEncoding.base16().lowerCase().decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase()); + + byte[] resultArr = NativeSecp256k1.createECDHSecret(sec, pub); + String ecdhString = BaseEncoding.base16().encode(resultArr); + assertEquals( ecdhString, "2A2A67007A926E6594AF3EB564FC74005B37A9C8AEF2033C4552051B5C87F043" , "testCreateECDHSecret"); + } + + public static void main(String[] args) throws AssertFailException{ + + + System.out.println("\n libsecp256k1 enabled: " + Secp256k1Context.isEnabled() + "\n"); + + assertEquals( Secp256k1Context.isEnabled(), true, "isEnabled" ); + + //Test verify() success/fail + testVerifyPos(); + testVerifyNeg(); + + //Test secKeyVerify() success/fail + testSecKeyVerifyPos(); + testSecKeyVerifyNeg(); + + //Test computePubkey() success/fail + testPubKeyCreatePos(); + testPubKeyCreateNeg(); + + //Test sign() success/fail + testSignPos(); + testSignNeg(); + + //Test privKeyTweakAdd() 1 + testPrivKeyTweakAdd_1(); + + //Test privKeyTweakMul() 2 + testPrivKeyTweakMul_1(); + + //Test privKeyTweakAdd() 3 + testPrivKeyTweakAdd_2(); + + //Test privKeyTweakMul() 4 + testPrivKeyTweakMul_2(); + + //Test randomize() + testRandomize(); + + //Test ECDH + testCreateECDHSecret(); + + NativeSecp256k1.cleanup(); + + System.out.println(" All tests passed." ); + + } +} diff --git a/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Util.java b/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Util.java new file mode 100644 index 000000000..04732ba04 --- /dev/null +++ b/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Util.java @@ -0,0 +1,45 @@ +/* + * Copyright 2014-2016 the libsecp256k1 contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.bitcoin; + +public class NativeSecp256k1Util{ + + public static void assertEquals( int val, int val2, String message ) throws AssertFailException{ + if( val != val2 ) + throw new AssertFailException("FAIL: " + message); + } + + public static void assertEquals( boolean val, boolean val2, String message ) throws AssertFailException{ + if( val != val2 ) + throw new AssertFailException("FAIL: " + message); + else + System.out.println("PASS: " + message); + } + + public static void assertEquals( String val, String val2, String message ) throws AssertFailException{ + if( !val.equals(val2) ) + throw new AssertFailException("FAIL: " + message); + else + System.out.println("PASS: " + message); + } + + public static class AssertFailException extends Exception { + public AssertFailException(String message) { + super( message ); + } + } +} diff --git a/deps/secp256k1/src/java/org/bitcoin/Secp256k1Context.java b/deps/secp256k1/src/java/org/bitcoin/Secp256k1Context.java new file mode 100644 index 000000000..216c986a8 --- /dev/null +++ b/deps/secp256k1/src/java/org/bitcoin/Secp256k1Context.java @@ -0,0 +1,51 @@ +/* + * Copyright 2014-2016 the libsecp256k1 contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.bitcoin; + +/** + * This class holds the context reference used in native methods + * to handle ECDSA operations. + */ +public class Secp256k1Context { + private static final boolean enabled; //true if the library is loaded + private static final long context; //ref to pointer to context obj + + static { //static initializer + boolean isEnabled = true; + long contextRef = -1; + try { + System.loadLibrary("secp256k1"); + contextRef = secp256k1_init_context(); + } catch (UnsatisfiedLinkError e) { + System.out.println("UnsatisfiedLinkError: " + e.toString()); + isEnabled = false; + } + enabled = isEnabled; + context = contextRef; + } + + public static boolean isEnabled() { + return enabled; + } + + public static long getContext() { + if(!enabled) return -1; //sanity check + return context; + } + + private static native long secp256k1_init_context(); +} diff --git a/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.c b/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.c new file mode 100644 index 000000000..b59025686 --- /dev/null +++ b/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.c @@ -0,0 +1,379 @@ +#include +#include +#include +#include "org_bitcoin_NativeSecp256k1.h" +#include "include/secp256k1.h" +#include "include/secp256k1_ecdh.h" +#include "include/secp256k1_recovery.h" + + +SECP256K1_API jlong JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ctx_1clone + (JNIEnv* env, jclass classObject, jlong ctx_l) +{ + const secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + + jlong ctx_clone_l = (uintptr_t) secp256k1_context_clone(ctx); + + (void)classObject;(void)env; + + return ctx_clone_l; + +} + +SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1context_1randomize + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + + const unsigned char* seed = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); + + (void)classObject; + + return secp256k1_context_randomize(ctx, seed); + +} + +SECP256K1_API void JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1destroy_1context + (JNIEnv* env, jclass classObject, jlong ctx_l) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + + secp256k1_context_destroy(ctx); + + (void)classObject;(void)env; +} + +SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1verify + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint siglen, jint publen) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + + unsigned char* data = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); + const unsigned char* sigdata = { (unsigned char*) (data + 32) }; + const unsigned char* pubdata = { (unsigned char*) (data + siglen + 32) }; + + secp256k1_ecdsa_signature sig; + secp256k1_pubkey pubkey; + + int ret = secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigdata, siglen); + + if( ret ) { + ret = secp256k1_ec_pubkey_parse(ctx, &pubkey, pubdata, publen); + + if( ret ) { + ret = secp256k1_ecdsa_verify(ctx, &sig, data, &pubkey); + } + } + + (void)classObject; + + return ret; +} + +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1sign + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + unsigned char* data = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); + unsigned char* secKey = (unsigned char*) (data + 32); + + jobjectArray retArray; + jbyteArray sigArray, intsByteArray; + unsigned char intsarray[2]; + + secp256k1_ecdsa_signature sig; + + int ret = secp256k1_ecdsa_sign(ctx, &sig, data, secKey, NULL, NULL); + + unsigned char outputSer[72]; + size_t outputLen = 72; + + if( ret ) { + int ret2 = secp256k1_ecdsa_signature_serialize_der(ctx,outputSer, &outputLen, &sig ); (void)ret2; + } + + intsarray[0] = outputLen; + intsarray[1] = ret; + + retArray = (*env)->NewObjectArray(env, 2, + (*env)->FindClass(env, "[B"), + (*env)->NewByteArray(env, 1)); + + sigArray = (*env)->NewByteArray(env, outputLen); + (*env)->SetByteArrayRegion(env, sigArray, 0, outputLen, (jbyte*)outputSer); + (*env)->SetObjectArrayElement(env, retArray, 0, sigArray); + + intsByteArray = (*env)->NewByteArray(env, 2); + (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); + (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); + + (void)classObject; + + return retArray; +} + +SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1seckey_1verify + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + unsigned char* secKey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); + + (void)classObject; + + return secp256k1_ec_seckey_verify(ctx, secKey); +} + +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1pubkey_1create + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + const unsigned char* secKey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); + + secp256k1_pubkey pubkey; + + jobjectArray retArray; + jbyteArray pubkeyArray, intsByteArray; + unsigned char intsarray[2]; + + int ret = secp256k1_ec_pubkey_create(ctx, &pubkey, secKey); + + unsigned char outputSer[65]; + size_t outputLen = 65; + + if( ret ) { + int ret2 = secp256k1_ec_pubkey_serialize(ctx,outputSer, &outputLen, &pubkey,SECP256K1_EC_UNCOMPRESSED );(void)ret2; + } + + intsarray[0] = outputLen; + intsarray[1] = ret; + + retArray = (*env)->NewObjectArray(env, 2, + (*env)->FindClass(env, "[B"), + (*env)->NewByteArray(env, 1)); + + pubkeyArray = (*env)->NewByteArray(env, outputLen); + (*env)->SetByteArrayRegion(env, pubkeyArray, 0, outputLen, (jbyte*)outputSer); + (*env)->SetObjectArrayElement(env, retArray, 0, pubkeyArray); + + intsByteArray = (*env)->NewByteArray(env, 2); + (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); + (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); + + (void)classObject; + + return retArray; + +} + +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1privkey_1tweak_1add + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + unsigned char* privkey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); + const unsigned char* tweak = (unsigned char*) (privkey + 32); + + jobjectArray retArray; + jbyteArray privArray, intsByteArray; + unsigned char intsarray[2]; + + int privkeylen = 32; + + int ret = secp256k1_ec_privkey_tweak_add(ctx, privkey, tweak); + + intsarray[0] = privkeylen; + intsarray[1] = ret; + + retArray = (*env)->NewObjectArray(env, 2, + (*env)->FindClass(env, "[B"), + (*env)->NewByteArray(env, 1)); + + privArray = (*env)->NewByteArray(env, privkeylen); + (*env)->SetByteArrayRegion(env, privArray, 0, privkeylen, (jbyte*)privkey); + (*env)->SetObjectArrayElement(env, retArray, 0, privArray); + + intsByteArray = (*env)->NewByteArray(env, 2); + (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); + (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); + + (void)classObject; + + return retArray; +} + +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1privkey_1tweak_1mul + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + unsigned char* privkey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); + const unsigned char* tweak = (unsigned char*) (privkey + 32); + + jobjectArray retArray; + jbyteArray privArray, intsByteArray; + unsigned char intsarray[2]; + + int privkeylen = 32; + + int ret = secp256k1_ec_privkey_tweak_mul(ctx, privkey, tweak); + + intsarray[0] = privkeylen; + intsarray[1] = ret; + + retArray = (*env)->NewObjectArray(env, 2, + (*env)->FindClass(env, "[B"), + (*env)->NewByteArray(env, 1)); + + privArray = (*env)->NewByteArray(env, privkeylen); + (*env)->SetByteArrayRegion(env, privArray, 0, privkeylen, (jbyte*)privkey); + (*env)->SetObjectArrayElement(env, retArray, 0, privArray); + + intsByteArray = (*env)->NewByteArray(env, 2); + (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); + (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); + + (void)classObject; + + return retArray; +} + +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1pubkey_1tweak_1add + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint publen) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; +/* secp256k1_pubkey* pubkey = (secp256k1_pubkey*) (*env)->GetDirectBufferAddress(env, byteBufferObject);*/ + unsigned char* pkey = (*env)->GetDirectBufferAddress(env, byteBufferObject); + const unsigned char* tweak = (unsigned char*) (pkey + publen); + + jobjectArray retArray; + jbyteArray pubArray, intsByteArray; + unsigned char intsarray[2]; + unsigned char outputSer[65]; + size_t outputLen = 65; + + secp256k1_pubkey pubkey; + int ret = secp256k1_ec_pubkey_parse(ctx, &pubkey, pkey, publen); + + if( ret ) { + ret = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, tweak); + } + + if( ret ) { + int ret2 = secp256k1_ec_pubkey_serialize(ctx,outputSer, &outputLen, &pubkey,SECP256K1_EC_UNCOMPRESSED );(void)ret2; + } + + intsarray[0] = outputLen; + intsarray[1] = ret; + + retArray = (*env)->NewObjectArray(env, 2, + (*env)->FindClass(env, "[B"), + (*env)->NewByteArray(env, 1)); + + pubArray = (*env)->NewByteArray(env, outputLen); + (*env)->SetByteArrayRegion(env, pubArray, 0, outputLen, (jbyte*)outputSer); + (*env)->SetObjectArrayElement(env, retArray, 0, pubArray); + + intsByteArray = (*env)->NewByteArray(env, 2); + (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); + (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); + + (void)classObject; + + return retArray; +} + +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1pubkey_1tweak_1mul + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint publen) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + unsigned char* pkey = (*env)->GetDirectBufferAddress(env, byteBufferObject); + const unsigned char* tweak = (unsigned char*) (pkey + publen); + + jobjectArray retArray; + jbyteArray pubArray, intsByteArray; + unsigned char intsarray[2]; + unsigned char outputSer[65]; + size_t outputLen = 65; + + secp256k1_pubkey pubkey; + int ret = secp256k1_ec_pubkey_parse(ctx, &pubkey, pkey, publen); + + if ( ret ) { + ret = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, tweak); + } + + if( ret ) { + int ret2 = secp256k1_ec_pubkey_serialize(ctx,outputSer, &outputLen, &pubkey,SECP256K1_EC_UNCOMPRESSED );(void)ret2; + } + + intsarray[0] = outputLen; + intsarray[1] = ret; + + retArray = (*env)->NewObjectArray(env, 2, + (*env)->FindClass(env, "[B"), + (*env)->NewByteArray(env, 1)); + + pubArray = (*env)->NewByteArray(env, outputLen); + (*env)->SetByteArrayRegion(env, pubArray, 0, outputLen, (jbyte*)outputSer); + (*env)->SetObjectArrayElement(env, retArray, 0, pubArray); + + intsByteArray = (*env)->NewByteArray(env, 2); + (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); + (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); + + (void)classObject; + + return retArray; +} + +SECP256K1_API jlong JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1pubkey_1combine + (JNIEnv * env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint numkeys) +{ + (void)classObject;(void)env;(void)byteBufferObject;(void)ctx_l;(void)numkeys; + + return 0; +} + +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdh + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint publen) +{ + secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; + const unsigned char* secdata = (*env)->GetDirectBufferAddress(env, byteBufferObject); + const unsigned char* pubdata = (const unsigned char*) (secdata + 32); + + jobjectArray retArray; + jbyteArray outArray, intsByteArray; + unsigned char intsarray[1]; + secp256k1_pubkey pubkey; + unsigned char nonce_res[32]; + size_t outputLen = 32; + + int ret = secp256k1_ec_pubkey_parse(ctx, &pubkey, pubdata, publen); + + if (ret) { + ret = secp256k1_ecdh( + ctx, + nonce_res, + &pubkey, + secdata, + NULL, + NULL + ); + } + + intsarray[0] = ret; + + retArray = (*env)->NewObjectArray(env, 2, + (*env)->FindClass(env, "[B"), + (*env)->NewByteArray(env, 1)); + + outArray = (*env)->NewByteArray(env, outputLen); + (*env)->SetByteArrayRegion(env, outArray, 0, 32, (jbyte*)nonce_res); + (*env)->SetObjectArrayElement(env, retArray, 0, outArray); + + intsByteArray = (*env)->NewByteArray(env, 1); + (*env)->SetByteArrayRegion(env, intsByteArray, 0, 1, (jbyte*)intsarray); + (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); + + (void)classObject; + + return retArray; +} diff --git a/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.h b/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.h new file mode 100644 index 000000000..fe613c9e9 --- /dev/null +++ b/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.h @@ -0,0 +1,119 @@ +/* DO NOT EDIT THIS FILE - it is machine generated */ +#include +#include "include/secp256k1.h" +/* Header for class org_bitcoin_NativeSecp256k1 */ + +#ifndef _Included_org_bitcoin_NativeSecp256k1 +#define _Included_org_bitcoin_NativeSecp256k1 +#ifdef __cplusplus +extern "C" { +#endif +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_ctx_clone + * Signature: (J)J + */ +SECP256K1_API jlong JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ctx_1clone + (JNIEnv *, jclass, jlong); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_context_randomize + * Signature: (Ljava/nio/ByteBuffer;J)I + */ +SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1context_1randomize + (JNIEnv *, jclass, jobject, jlong); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_privkey_tweak_add + * Signature: (Ljava/nio/ByteBuffer;J)[[B + */ +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1privkey_1tweak_1add + (JNIEnv *, jclass, jobject, jlong); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_privkey_tweak_mul + * Signature: (Ljava/nio/ByteBuffer;J)[[B + */ +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1privkey_1tweak_1mul + (JNIEnv *, jclass, jobject, jlong); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_pubkey_tweak_add + * Signature: (Ljava/nio/ByteBuffer;JI)[[B + */ +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1pubkey_1tweak_1add + (JNIEnv *, jclass, jobject, jlong, jint); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_pubkey_tweak_mul + * Signature: (Ljava/nio/ByteBuffer;JI)[[B + */ +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1pubkey_1tweak_1mul + (JNIEnv *, jclass, jobject, jlong, jint); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_destroy_context + * Signature: (J)V + */ +SECP256K1_API void JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1destroy_1context + (JNIEnv *, jclass, jlong); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_ecdsa_verify + * Signature: (Ljava/nio/ByteBuffer;JII)I + */ +SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1verify + (JNIEnv *, jclass, jobject, jlong, jint, jint); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_ecdsa_sign + * Signature: (Ljava/nio/ByteBuffer;J)[[B + */ +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1sign + (JNIEnv *, jclass, jobject, jlong); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_ec_seckey_verify + * Signature: (Ljava/nio/ByteBuffer;J)I + */ +SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1seckey_1verify + (JNIEnv *, jclass, jobject, jlong); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_ec_pubkey_create + * Signature: (Ljava/nio/ByteBuffer;J)[[B + */ +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1pubkey_1create + (JNIEnv *, jclass, jobject, jlong); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_ec_pubkey_parse + * Signature: (Ljava/nio/ByteBuffer;JI)[[B + */ +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1pubkey_1parse + (JNIEnv *, jclass, jobject, jlong, jint); + +/* + * Class: org_bitcoin_NativeSecp256k1 + * Method: secp256k1_ecdh + * Signature: (Ljava/nio/ByteBuffer;JI)[[B + */ +SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdh + (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint publen); + + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.c b/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.c new file mode 100644 index 000000000..a52939e7e --- /dev/null +++ b/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.c @@ -0,0 +1,15 @@ +#include +#include +#include "org_bitcoin_Secp256k1Context.h" +#include "include/secp256k1.h" + +SECP256K1_API jlong JNICALL Java_org_bitcoin_Secp256k1Context_secp256k1_1init_1context + (JNIEnv* env, jclass classObject) +{ + secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + + (void)classObject;(void)env; + + return (uintptr_t)ctx; +} + diff --git a/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.h b/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.h new file mode 100644 index 000000000..0d2bc84b7 --- /dev/null +++ b/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.h @@ -0,0 +1,22 @@ +/* DO NOT EDIT THIS FILE - it is machine generated */ +#include +#include "include/secp256k1.h" +/* Header for class org_bitcoin_Secp256k1Context */ + +#ifndef _Included_org_bitcoin_Secp256k1Context +#define _Included_org_bitcoin_Secp256k1Context +#ifdef __cplusplus +extern "C" { +#endif +/* + * Class: org_bitcoin_Secp256k1Context + * Method: secp256k1_init_context + * Signature: ()J + */ +SECP256K1_API jlong JNICALL Java_org_bitcoin_Secp256k1Context_secp256k1_1init_1context + (JNIEnv *, jclass); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/secp256k1/src/modules/ecdh/Makefile.am.include b/deps/secp256k1/src/modules/ecdh/Makefile.am.include new file mode 100644 index 000000000..e3088b469 --- /dev/null +++ b/deps/secp256k1/src/modules/ecdh/Makefile.am.include @@ -0,0 +1,8 @@ +include_HEADERS += include/secp256k1_ecdh.h +noinst_HEADERS += src/modules/ecdh/main_impl.h +noinst_HEADERS += src/modules/ecdh/tests_impl.h +if USE_BENCHMARK +noinst_PROGRAMS += bench_ecdh +bench_ecdh_SOURCES = src/bench_ecdh.c +bench_ecdh_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB) +endif diff --git a/deps/secp256k1/src/modules/ecdh/main_impl.h b/deps/secp256k1/src/modules/ecdh/main_impl.h new file mode 100644 index 000000000..44cb68e75 --- /dev/null +++ b/deps/secp256k1/src/modules/ecdh/main_impl.h @@ -0,0 +1,67 @@ +/********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_MODULE_ECDH_MAIN_H +#define SECP256K1_MODULE_ECDH_MAIN_H + +#include "include/secp256k1_ecdh.h" +#include "ecmult_const_impl.h" + +static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) { + unsigned char version = (y[31] & 0x01) | 0x02; + secp256k1_sha256 sha; + (void)data; + + secp256k1_sha256_initialize(&sha); + secp256k1_sha256_write(&sha, &version, 1); + secp256k1_sha256_write(&sha, x, 32); + secp256k1_sha256_finalize(&sha, output); + + return 1; +} + +const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256 = ecdh_hash_function_sha256; +const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default = ecdh_hash_function_sha256; + +int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *output, const secp256k1_pubkey *point, const unsigned char *scalar, secp256k1_ecdh_hash_function hashfp, void *data) { + int ret = 0; + int overflow = 0; + secp256k1_gej res; + secp256k1_ge pt; + secp256k1_scalar s; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(output != NULL); + ARG_CHECK(point != NULL); + ARG_CHECK(scalar != NULL); + if (hashfp == NULL) { + hashfp = secp256k1_ecdh_hash_function_default; + } + + secp256k1_pubkey_load(ctx, &pt, point); + secp256k1_scalar_set_b32(&s, scalar, &overflow); + if (overflow || secp256k1_scalar_is_zero(&s)) { + ret = 0; + } else { + unsigned char x[32]; + unsigned char y[32]; + + secp256k1_ecmult_const(&res, &pt, &s, 256); + secp256k1_ge_set_gej(&pt, &res); + + /* Compute a hash of the point */ + secp256k1_fe_normalize(&pt.x); + secp256k1_fe_normalize(&pt.y); + secp256k1_fe_get_b32(x, &pt.x); + secp256k1_fe_get_b32(y, &pt.y); + + ret = hashfp(output, x, y, data); + } + + secp256k1_scalar_clear(&s); + return ret; +} + +#endif /* SECP256K1_MODULE_ECDH_MAIN_H */ diff --git a/deps/secp256k1/src/modules/ecdh/tests_impl.h b/deps/secp256k1/src/modules/ecdh/tests_impl.h new file mode 100644 index 000000000..fe26e8fb6 --- /dev/null +++ b/deps/secp256k1/src/modules/ecdh/tests_impl.h @@ -0,0 +1,132 @@ +/********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_MODULE_ECDH_TESTS_H +#define SECP256K1_MODULE_ECDH_TESTS_H + +int ecdh_hash_function_test_fail(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) { + (void)output; + (void)x; + (void)y; + (void)data; + return 0; +} + +int ecdh_hash_function_custom(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) { + (void)data; + /* Save x and y as uncompressed public key */ + output[0] = 0x04; + memcpy(output + 1, x, 32); + memcpy(output + 33, y, 32); + return 1; +} + +void test_ecdh_api(void) { + /* Setup context that just counts errors */ + secp256k1_context *tctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); + secp256k1_pubkey point; + unsigned char res[32]; + unsigned char s_one[32] = { 0 }; + int32_t ecount = 0; + s_one[31] = 1; + + secp256k1_context_set_error_callback(tctx, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(tctx, counting_illegal_callback_fn, &ecount); + CHECK(secp256k1_ec_pubkey_create(tctx, &point, s_one) == 1); + + /* Check all NULLs are detected */ + CHECK(secp256k1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1); + CHECK(ecount == 0); + CHECK(secp256k1_ecdh(tctx, NULL, &point, s_one, NULL, NULL) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdh(tctx, res, NULL, s_one, NULL, NULL) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdh(tctx, res, &point, NULL, NULL, NULL) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1); + CHECK(ecount == 3); + + /* Cleanup */ + secp256k1_context_destroy(tctx); +} + +void test_ecdh_generator_basepoint(void) { + unsigned char s_one[32] = { 0 }; + secp256k1_pubkey point[2]; + int i; + + s_one[31] = 1; + /* Check against pubkey creation when the basepoint is the generator */ + for (i = 0; i < 100; ++i) { + secp256k1_sha256 sha; + unsigned char s_b32[32]; + unsigned char output_ecdh[65]; + unsigned char output_ser[32]; + unsigned char point_ser[65]; + size_t point_ser_len = sizeof(point_ser); + secp256k1_scalar s; + + random_scalar_order(&s); + secp256k1_scalar_get_b32(s_b32, &s); + + CHECK(secp256k1_ec_pubkey_create(ctx, &point[0], s_one) == 1); + CHECK(secp256k1_ec_pubkey_create(ctx, &point[1], s_b32) == 1); + + /* compute using ECDH function with custom hash function */ + CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); + /* compute "explicitly" */ + CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); + /* compare */ + CHECK(memcmp(output_ecdh, point_ser, 65) == 0); + + /* compute using ECDH function with default hash function */ + CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); + /* compute "explicitly" */ + CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); + secp256k1_sha256_initialize(&sha); + secp256k1_sha256_write(&sha, point_ser, point_ser_len); + secp256k1_sha256_finalize(&sha, output_ser); + /* compare */ + CHECK(memcmp(output_ecdh, output_ser, 32) == 0); + } +} + +void test_bad_scalar(void) { + unsigned char s_zero[32] = { 0 }; + unsigned char s_overflow[32] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 + }; + unsigned char s_rand[32] = { 0 }; + unsigned char output[32]; + secp256k1_scalar rand; + secp256k1_pubkey point; + + /* Create random point */ + random_scalar_order(&rand); + secp256k1_scalar_get_b32(s_rand, &rand); + CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_rand) == 1); + + /* Try to multiply it by bad values */ + CHECK(secp256k1_ecdh(ctx, output, &point, s_zero, NULL, NULL) == 0); + CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 0); + /* ...and a good one */ + s_overflow[31] -= 1; + CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 1); + + /* Hash function failure results in ecdh failure */ + CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); +} + +void run_ecdh_tests(void) { + test_ecdh_api(); + test_ecdh_generator_basepoint(); + test_bad_scalar(); +} + +#endif /* SECP256K1_MODULE_ECDH_TESTS_H */ diff --git a/deps/secp256k1/src/modules/recovery/Makefile.am.include b/deps/secp256k1/src/modules/recovery/Makefile.am.include new file mode 100644 index 000000000..bf23c26e7 --- /dev/null +++ b/deps/secp256k1/src/modules/recovery/Makefile.am.include @@ -0,0 +1,8 @@ +include_HEADERS += include/secp256k1_recovery.h +noinst_HEADERS += src/modules/recovery/main_impl.h +noinst_HEADERS += src/modules/recovery/tests_impl.h +if USE_BENCHMARK +noinst_PROGRAMS += bench_recover +bench_recover_SOURCES = src/bench_recover.c +bench_recover_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB) +endif diff --git a/deps/secp256k1/src/modules/recovery/main_impl.h b/deps/secp256k1/src/modules/recovery/main_impl.h new file mode 100755 index 000000000..ed356e53a --- /dev/null +++ b/deps/secp256k1/src/modules/recovery/main_impl.h @@ -0,0 +1,193 @@ +/********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_MODULE_RECOVERY_MAIN_H +#define SECP256K1_MODULE_RECOVERY_MAIN_H + +#include "include/secp256k1_recovery.h" + +static void secp256k1_ecdsa_recoverable_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, int* recid, const secp256k1_ecdsa_recoverable_signature* sig) { + (void)ctx; + if (sizeof(secp256k1_scalar) == 32) { + /* When the secp256k1_scalar type is exactly 32 byte, use its + * representation inside secp256k1_ecdsa_signature, as conversion is very fast. + * Note that secp256k1_ecdsa_signature_save must use the same representation. */ + memcpy(r, &sig->data[0], 32); + memcpy(s, &sig->data[32], 32); + } else { + secp256k1_scalar_set_b32(r, &sig->data[0], NULL); + secp256k1_scalar_set_b32(s, &sig->data[32], NULL); + } + *recid = sig->data[64]; +} + +static void secp256k1_ecdsa_recoverable_signature_save(secp256k1_ecdsa_recoverable_signature* sig, const secp256k1_scalar* r, const secp256k1_scalar* s, int recid) { + if (sizeof(secp256k1_scalar) == 32) { + memcpy(&sig->data[0], r, 32); + memcpy(&sig->data[32], s, 32); + } else { + secp256k1_scalar_get_b32(&sig->data[0], r); + secp256k1_scalar_get_b32(&sig->data[32], s); + } + sig->data[64] = recid; +} + +int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid) { + secp256k1_scalar r, s; + int ret = 1; + int overflow = 0; + + (void)ctx; + ARG_CHECK(sig != NULL); + ARG_CHECK(input64 != NULL); + ARG_CHECK(recid >= 0 && recid <= 3); + + secp256k1_scalar_set_b32(&r, &input64[0], &overflow); + ret &= !overflow; + secp256k1_scalar_set_b32(&s, &input64[32], &overflow); + ret &= !overflow; + if (ret) { + secp256k1_ecdsa_recoverable_signature_save(sig, &r, &s, recid); + } else { + memset(sig, 0, sizeof(*sig)); + } + return ret; +} + +int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature* sig) { + secp256k1_scalar r, s; + + (void)ctx; + ARG_CHECK(output64 != NULL); + ARG_CHECK(sig != NULL); + ARG_CHECK(recid != NULL); + + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, recid, sig); + secp256k1_scalar_get_b32(&output64[0], &r); + secp256k1_scalar_get_b32(&output64[32], &s); + return 1; +} + +int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const secp256k1_ecdsa_recoverable_signature* sigin) { + secp256k1_scalar r, s; + int recid; + + (void)ctx; + ARG_CHECK(sig != NULL); + ARG_CHECK(sigin != NULL); + + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, sigin); + secp256k1_ecdsa_signature_save(sig, &r, &s); + return 1; +} + +static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context *ctx, const secp256k1_scalar *sigr, const secp256k1_scalar* sigs, secp256k1_ge *pubkey, const secp256k1_scalar *message, int recid) { + unsigned char brx[32]; + secp256k1_fe fx; + secp256k1_ge x; + secp256k1_gej xj; + secp256k1_scalar rn, u1, u2; + secp256k1_gej qj; + int r; + + if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) { + return 0; + } + + secp256k1_scalar_get_b32(brx, sigr); + r = secp256k1_fe_set_b32(&fx, brx); + (void)r; + VERIFY_CHECK(r); /* brx comes from a scalar, so is less than the order; certainly less than p */ + if (recid & 2) { + if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0) { + return 0; + } + secp256k1_fe_add(&fx, &secp256k1_ecdsa_const_order_as_fe); + } + if (!secp256k1_ge_set_xo_var(&x, &fx, recid & 1)) { + return 0; + } + secp256k1_gej_set_ge(&xj, &x); + secp256k1_scalar_inverse_var(&rn, sigr); + secp256k1_scalar_mul(&u1, &rn, message); + secp256k1_scalar_negate(&u1, &u1); + secp256k1_scalar_mul(&u2, &rn, sigs); + secp256k1_ecmult(ctx, &qj, &xj, &u2, &u1); + secp256k1_ge_set_gej_var(pubkey, &qj); + return !secp256k1_gej_is_infinity(&qj); +} + +int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { + secp256k1_scalar r, s; + secp256k1_scalar sec, non, msg; + int recid; + int ret = 0; + int overflow = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(msg32 != NULL); + ARG_CHECK(signature != NULL); + ARG_CHECK(seckey != NULL); + if (noncefp == NULL) { + noncefp = secp256k1_nonce_function_default; + } + + secp256k1_scalar_set_b32(&sec, seckey, &overflow); + /* Fail if the secret key is invalid. */ + if (!overflow && !secp256k1_scalar_is_zero(&sec)) { + unsigned char nonce32[32]; + unsigned int count = 0; + secp256k1_scalar_set_b32(&msg, msg32, NULL); + while (1) { + ret = noncefp(nonce32, msg32, seckey, NULL, (void*)noncedata, count); + if (!ret) { + break; + } + secp256k1_scalar_set_b32(&non, nonce32, &overflow); + if (!overflow && !secp256k1_scalar_is_zero(&non)) { + if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &r, &s, &sec, &msg, &non, &recid)) { + break; + } + } + count++; + } + memset(nonce32, 0, 32); + secp256k1_scalar_clear(&msg); + secp256k1_scalar_clear(&non); + secp256k1_scalar_clear(&sec); + } + if (ret) { + secp256k1_ecdsa_recoverable_signature_save(signature, &r, &s, recid); + } else { + memset(signature, 0, sizeof(*signature)); + } + return ret; +} + +int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32) { + secp256k1_ge q; + secp256k1_scalar r, s; + secp256k1_scalar m; + int recid; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(msg32 != NULL); + ARG_CHECK(signature != NULL); + ARG_CHECK(pubkey != NULL); + + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature); + VERIFY_CHECK(recid >= 0 && recid < 4); /* should have been caught in parse_compact */ + secp256k1_scalar_set_b32(&m, msg32, NULL); + if (secp256k1_ecdsa_sig_recover(&ctx->ecmult_ctx, &r, &s, &q, &m, recid)) { + secp256k1_pubkey_save(pubkey, &q); + return 1; + } else { + memset(pubkey, 0, sizeof(*pubkey)); + return 0; + } +} + +#endif /* SECP256K1_MODULE_RECOVERY_MAIN_H */ diff --git a/deps/secp256k1/src/modules/recovery/tests_impl.h b/deps/secp256k1/src/modules/recovery/tests_impl.h new file mode 100644 index 000000000..38a533a75 --- /dev/null +++ b/deps/secp256k1/src/modules/recovery/tests_impl.h @@ -0,0 +1,393 @@ +/********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_MODULE_RECOVERY_TESTS_H +#define SECP256K1_MODULE_RECOVERY_TESTS_H + +static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { + (void) msg32; + (void) key32; + (void) algo16; + (void) data; + + /* On the first run, return 0 to force a second run */ + if (counter == 0) { + memset(nonce32, 0, 32); + return 1; + } + /* On the second run, return an overflow to force a third run */ + if (counter == 1) { + memset(nonce32, 0xff, 32); + return 1; + } + /* On the next run, return a valid nonce, but flip a coin as to whether or not to fail signing. */ + memset(nonce32, 1, 32); + return secp256k1_rand_bits(1); +} + +void test_ecdsa_recovery_api(void) { + /* Setup contexts that just count errors */ + secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + secp256k1_context *sign = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); + secp256k1_context *vrfy = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); + secp256k1_context *both = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + secp256k1_pubkey pubkey; + secp256k1_pubkey recpubkey; + secp256k1_ecdsa_signature normal_sig; + secp256k1_ecdsa_recoverable_signature recsig; + unsigned char privkey[32] = { 1 }; + unsigned char message[32] = { 2 }; + int32_t ecount = 0; + int recid = 0; + unsigned char sig[74]; + unsigned char zero_privkey[32] = { 0 }; + unsigned char over_privkey[32] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; + + secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount); + + /* Construct and verify corresponding public key. */ + CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + + /* Check bad contexts and NULLs for signing */ + ecount = 0; + CHECK(secp256k1_ecdsa_sign_recoverable(none, &recsig, message, privkey, NULL, NULL) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(sign, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(vrfy, &recsig, message, privkey, NULL, NULL) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_sign_recoverable(both, NULL, message, privkey, NULL, NULL) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, NULL, privkey, NULL, NULL) == 0); + CHECK(ecount == 4); + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, NULL, NULL, NULL) == 0); + CHECK(ecount == 5); + /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */ + secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, recovery_test_nonce_function, NULL); + CHECK(ecount == 5); + /* These will all fail, but not in ARG_CHECK way */ + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, zero_privkey, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, over_privkey, NULL, NULL) == 0); + /* This one will succeed. */ + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(ecount == 5); + + /* Check signing with a goofy nonce function */ + + /* Check bad contexts and NULLs for recovery */ + ecount = 0; + CHECK(secp256k1_ecdsa_recover(none, &recpubkey, &recsig, message) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_recover(sign, &recpubkey, &recsig, message) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_recover(vrfy, &recpubkey, &recsig, message) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_recover(both, &recpubkey, &recsig, message) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_recover(both, NULL, &recsig, message) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_recover(both, &recpubkey, NULL, message) == 0); + CHECK(ecount == 4); + CHECK(secp256k1_ecdsa_recover(both, &recpubkey, &recsig, NULL) == 0); + CHECK(ecount == 5); + + /* Check NULLs for conversion */ + CHECK(secp256k1_ecdsa_sign(both, &normal_sig, message, privkey, NULL, NULL) == 1); + ecount = 0; + CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, NULL, &recsig) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, &normal_sig, NULL) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, &normal_sig, &recsig) == 1); + + /* Check NULLs for de/serialization */ + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); + ecount = 0; + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, NULL, &recid, &recsig) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, NULL, &recsig) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, NULL) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, &recsig) == 1); + + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, NULL, sig, recid) == 0); + CHECK(ecount == 4); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, NULL, recid) == 0); + CHECK(ecount == 5); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, -1) == 0); + CHECK(ecount == 6); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, 5) == 0); + CHECK(ecount == 7); + /* overflow in signature will fail but not affect ecount */ + memcpy(sig, over_privkey, 32); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, recid) == 0); + CHECK(ecount == 7); + + /* cleanup */ + secp256k1_context_destroy(none); + secp256k1_context_destroy(sign); + secp256k1_context_destroy(vrfy); + secp256k1_context_destroy(both); +} + +void test_ecdsa_recovery_end_to_end(void) { + unsigned char extra[32] = {0x00}; + unsigned char privkey[32]; + unsigned char message[32]; + secp256k1_ecdsa_signature signature[5]; + secp256k1_ecdsa_recoverable_signature rsignature[5]; + unsigned char sig[74]; + secp256k1_pubkey pubkey; + secp256k1_pubkey recpubkey; + int recid = 0; + + /* Generate a random key and message. */ + { + secp256k1_scalar msg, key; + random_scalar_order_test(&msg); + random_scalar_order_test(&key); + secp256k1_scalar_get_b32(privkey, &key); + secp256k1_scalar_get_b32(message, &msg); + } + + /* Construct and verify corresponding public key. */ + CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + + /* Serialize/parse compact and verify/recover. */ + extra[0] = 0; + CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[4], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[1], message, privkey, NULL, extra) == 1); + extra[31] = 1; + CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[2], message, privkey, NULL, extra) == 1); + extra[31] = 0; + extra[0] = 1; + CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[3], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); + CHECK(memcmp(&signature[4], &signature[0], 64) == 0); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); + memset(&rsignature[4], 0, sizeof(rsignature[4])); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); + /* Parse compact (with recovery id) and recover. */ + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 1); + CHECK(memcmp(&pubkey, &recpubkey, sizeof(pubkey)) == 0); + /* Serialize/destroy/parse signature and verify again. */ + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); + sig[secp256k1_rand_bits(6)] += 1 + secp256k1_rand_int(255); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0); + /* Recover again */ + CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 0 || + memcmp(&pubkey, &recpubkey, sizeof(pubkey)) != 0); +} + +/* Tests several edge cases. */ +void test_ecdsa_recovery_edge_cases(void) { + const unsigned char msg32[32] = { + 'T', 'h', 'i', 's', ' ', 'i', 's', ' ', + 'a', ' ', 'v', 'e', 'r', 'y', ' ', 's', + 'e', 'c', 'r', 'e', 't', ' ', 'm', 'e', + 's', 's', 'a', 'g', 'e', '.', '.', '.' + }; + const unsigned char sig64[64] = { + /* Generated by signing the above message with nonce 'This is the nonce we will use...' + * and secret key 0 (which is not valid), resulting in recid 1. */ + 0x67, 0xCB, 0x28, 0x5F, 0x9C, 0xD1, 0x94, 0xE8, + 0x40, 0xD6, 0x29, 0x39, 0x7A, 0xF5, 0x56, 0x96, + 0x62, 0xFD, 0xE4, 0x46, 0x49, 0x99, 0x59, 0x63, + 0x17, 0x9A, 0x7D, 0xD1, 0x7B, 0xD2, 0x35, 0x32, + 0x4B, 0x1B, 0x7D, 0xF3, 0x4C, 0xE1, 0xF6, 0x8E, + 0x69, 0x4F, 0xF6, 0xF1, 0x1A, 0xC7, 0x51, 0xDD, + 0x7D, 0xD7, 0x3E, 0x38, 0x7E, 0xE4, 0xFC, 0x86, + 0x6E, 0x1B, 0xE8, 0xEC, 0xC7, 0xDD, 0x95, 0x57 + }; + secp256k1_pubkey pubkey; + /* signature (r,s) = (4,4), which can be recovered with all 4 recids. */ + const unsigned char sigb64[64] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + }; + secp256k1_pubkey pubkeyb; + secp256k1_ecdsa_recoverable_signature rsig; + secp256k1_ecdsa_signature sig; + int recid; + + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 0)); + CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 1)); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 2)); + CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 3)); + CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + + for (recid = 0; recid < 4; recid++) { + int i; + int recid2; + /* (4,4) encoded in DER. */ + unsigned char sigbder[8] = {0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04}; + unsigned char sigcder_zr[7] = {0x30, 0x05, 0x02, 0x00, 0x02, 0x01, 0x01}; + unsigned char sigcder_zs[7] = {0x30, 0x05, 0x02, 0x01, 0x01, 0x02, 0x00}; + unsigned char sigbderalt1[39] = { + 0x30, 0x25, 0x02, 0x20, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04, + }; + unsigned char sigbderalt2[39] = { + 0x30, 0x25, 0x02, 0x01, 0x04, 0x02, 0x20, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + }; + unsigned char sigbderalt3[40] = { + 0x30, 0x26, 0x02, 0x21, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04, + }; + unsigned char sigbderalt4[40] = { + 0x30, 0x26, 0x02, 0x01, 0x04, 0x02, 0x21, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + }; + /* (order + r,4) encoded in DER. */ + unsigned char sigbderlong[40] = { + 0x30, 0x26, 0x02, 0x21, 0x00, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, + 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, + 0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04 + }; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1); + for (recid2 = 0; recid2 < 4; recid2++) { + secp256k1_pubkey pubkey2b; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid2) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkey2b, &rsig, msg32) == 1); + /* Verifying with (order + r,4) should always fail. */ + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderlong, sizeof(sigbderlong)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + } + /* DER parsing tests. */ + /* Zero length r/s. */ + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); + /* Leading zeros. */ + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); + sigbderalt3[4] = 1; + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + sigbderalt4[7] = 1; + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + /* Damage signature. */ + sigbder[7]++; + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + sigbder[7]--; + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, 6) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder) - 1) == 0); + for(i = 0; i < 8; i++) { + int c; + unsigned char orig = sigbder[i]; + /*Try every single-byte change.*/ + for (c = 0; c < 256; c++) { + if (c == orig ) { + continue; + } + sigbder[i] = c; + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + } + sigbder[i] = orig; + } + } + + /* Test r/s equal to zero */ + { + /* (1,1) encoded in DER. */ + unsigned char sigcder[8] = {0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01}; + unsigned char sigc64[64] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }; + secp256k1_pubkey pubkeyc; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyc, &rsig, msg32) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 1); + sigcder[4] = 0; + sigc64[31] = 0; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); + sigcder[4] = 1; + sigcder[7] = 0; + sigc64[31] = 1; + sigc64[63] = 0; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); + } +} + +void run_recovery_tests(void) { + int i; + for (i = 0; i < count; i++) { + test_ecdsa_recovery_api(); + } + for (i = 0; i < 64*count; i++) { + test_ecdsa_recovery_end_to_end(); + } + test_ecdsa_recovery_edge_cases(); +} + +#endif /* SECP256K1_MODULE_RECOVERY_TESTS_H */ diff --git a/deps/secp256k1/src/num.h b/deps/secp256k1/src/num.h new file mode 100644 index 000000000..49f2dd791 --- /dev/null +++ b/deps/secp256k1/src/num.h @@ -0,0 +1,74 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_NUM_H +#define SECP256K1_NUM_H + +#ifndef USE_NUM_NONE + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#if defined(USE_NUM_GMP) +#include "num_gmp.h" +#else +#error "Please select num implementation" +#endif + +/** Copy a number. */ +static void secp256k1_num_copy(secp256k1_num *r, const secp256k1_num *a); + +/** Convert a number's absolute value to a binary big-endian string. + * There must be enough place. */ +static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num *a); + +/** Set a number to the value of a binary big-endian string. */ +static void secp256k1_num_set_bin(secp256k1_num *r, const unsigned char *a, unsigned int alen); + +/** Compute a modular inverse. The input must be less than the modulus. */ +static void secp256k1_num_mod_inverse(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *m); + +/** Compute the jacobi symbol (a|b). b must be positive and odd. */ +static int secp256k1_num_jacobi(const secp256k1_num *a, const secp256k1_num *b); + +/** Compare the absolute value of two numbers. */ +static int secp256k1_num_cmp(const secp256k1_num *a, const secp256k1_num *b); + +/** Test whether two number are equal (including sign). */ +static int secp256k1_num_eq(const secp256k1_num *a, const secp256k1_num *b); + +/** Add two (signed) numbers. */ +static void secp256k1_num_add(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b); + +/** Subtract two (signed) numbers. */ +static void secp256k1_num_sub(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b); + +/** Multiply two (signed) numbers. */ +static void secp256k1_num_mul(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b); + +/** Replace a number by its remainder modulo m. M's sign is ignored. The result is a number between 0 and m-1, + even if r was negative. */ +static void secp256k1_num_mod(secp256k1_num *r, const secp256k1_num *m); + +/** Right-shift the passed number by bits bits. */ +static void secp256k1_num_shift(secp256k1_num *r, int bits); + +/** Check whether a number is zero. */ +static int secp256k1_num_is_zero(const secp256k1_num *a); + +/** Check whether a number is one. */ +static int secp256k1_num_is_one(const secp256k1_num *a); + +/** Check whether a number is strictly negative. */ +static int secp256k1_num_is_neg(const secp256k1_num *a); + +/** Change a number's sign. */ +static void secp256k1_num_negate(secp256k1_num *r); + +#endif + +#endif /* SECP256K1_NUM_H */ diff --git a/deps/secp256k1/src/num_gmp.h b/deps/secp256k1/src/num_gmp.h new file mode 100644 index 000000000..3619844bd --- /dev/null +++ b/deps/secp256k1/src/num_gmp.h @@ -0,0 +1,20 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_NUM_REPR_H +#define SECP256K1_NUM_REPR_H + +#include + +#define NUM_LIMBS ((256+GMP_NUMB_BITS-1)/GMP_NUMB_BITS) + +typedef struct { + mp_limb_t data[2*NUM_LIMBS]; + int neg; + int limbs; +} secp256k1_num; + +#endif /* SECP256K1_NUM_REPR_H */ diff --git a/deps/secp256k1/src/num_gmp_impl.h b/deps/secp256k1/src/num_gmp_impl.h new file mode 100644 index 000000000..0ae2a8ba0 --- /dev/null +++ b/deps/secp256k1/src/num_gmp_impl.h @@ -0,0 +1,288 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_NUM_REPR_IMPL_H +#define SECP256K1_NUM_REPR_IMPL_H + +#include +#include +#include + +#include "util.h" +#include "num.h" + +#ifdef VERIFY +static void secp256k1_num_sanity(const secp256k1_num *a) { + VERIFY_CHECK(a->limbs == 1 || (a->limbs > 1 && a->data[a->limbs-1] != 0)); +} +#else +#define secp256k1_num_sanity(a) do { } while(0) +#endif + +static void secp256k1_num_copy(secp256k1_num *r, const secp256k1_num *a) { + *r = *a; +} + +static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num *a) { + unsigned char tmp[65]; + int len = 0; + int shift = 0; + if (a->limbs>1 || a->data[0] != 0) { + len = mpn_get_str(tmp, 256, (mp_limb_t*)a->data, a->limbs); + } + while (shift < len && tmp[shift] == 0) shift++; + VERIFY_CHECK(len-shift <= (int)rlen); + memset(r, 0, rlen - len + shift); + if (len > shift) { + memcpy(r + rlen - len + shift, tmp + shift, len - shift); + } + memset(tmp, 0, sizeof(tmp)); +} + +static void secp256k1_num_set_bin(secp256k1_num *r, const unsigned char *a, unsigned int alen) { + int len; + VERIFY_CHECK(alen > 0); + VERIFY_CHECK(alen <= 64); + len = mpn_set_str(r->data, a, alen, 256); + if (len == 0) { + r->data[0] = 0; + len = 1; + } + VERIFY_CHECK(len <= NUM_LIMBS*2); + r->limbs = len; + r->neg = 0; + while (r->limbs > 1 && r->data[r->limbs-1]==0) { + r->limbs--; + } +} + +static void secp256k1_num_add_abs(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { + mp_limb_t c = mpn_add(r->data, a->data, a->limbs, b->data, b->limbs); + r->limbs = a->limbs; + if (c != 0) { + VERIFY_CHECK(r->limbs < 2*NUM_LIMBS); + r->data[r->limbs++] = c; + } +} + +static void secp256k1_num_sub_abs(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { + mp_limb_t c = mpn_sub(r->data, a->data, a->limbs, b->data, b->limbs); + (void)c; + VERIFY_CHECK(c == 0); + r->limbs = a->limbs; + while (r->limbs > 1 && r->data[r->limbs-1]==0) { + r->limbs--; + } +} + +static void secp256k1_num_mod(secp256k1_num *r, const secp256k1_num *m) { + secp256k1_num_sanity(r); + secp256k1_num_sanity(m); + + if (r->limbs >= m->limbs) { + mp_limb_t t[2*NUM_LIMBS]; + mpn_tdiv_qr(t, r->data, 0, r->data, r->limbs, m->data, m->limbs); + memset(t, 0, sizeof(t)); + r->limbs = m->limbs; + while (r->limbs > 1 && r->data[r->limbs-1]==0) { + r->limbs--; + } + } + + if (r->neg && (r->limbs > 1 || r->data[0] != 0)) { + secp256k1_num_sub_abs(r, m, r); + r->neg = 0; + } +} + +static void secp256k1_num_mod_inverse(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *m) { + int i; + mp_limb_t g[NUM_LIMBS+1]; + mp_limb_t u[NUM_LIMBS+1]; + mp_limb_t v[NUM_LIMBS+1]; + mp_size_t sn; + mp_size_t gn; + secp256k1_num_sanity(a); + secp256k1_num_sanity(m); + + /** mpn_gcdext computes: (G,S) = gcdext(U,V), where + * * G = gcd(U,V) + * * G = U*S + V*T + * * U has equal or more limbs than V, and V has no padding + * If we set U to be (a padded version of) a, and V = m: + * G = a*S + m*T + * G = a*S mod m + * Assuming G=1: + * S = 1/a mod m + */ + VERIFY_CHECK(m->limbs <= NUM_LIMBS); + VERIFY_CHECK(m->data[m->limbs-1] != 0); + for (i = 0; i < m->limbs; i++) { + u[i] = (i < a->limbs) ? a->data[i] : 0; + v[i] = m->data[i]; + } + sn = NUM_LIMBS+1; + gn = mpn_gcdext(g, r->data, &sn, u, m->limbs, v, m->limbs); + (void)gn; + VERIFY_CHECK(gn == 1); + VERIFY_CHECK(g[0] == 1); + r->neg = a->neg ^ m->neg; + if (sn < 0) { + mpn_sub(r->data, m->data, m->limbs, r->data, -sn); + r->limbs = m->limbs; + while (r->limbs > 1 && r->data[r->limbs-1]==0) { + r->limbs--; + } + } else { + r->limbs = sn; + } + memset(g, 0, sizeof(g)); + memset(u, 0, sizeof(u)); + memset(v, 0, sizeof(v)); +} + +static int secp256k1_num_jacobi(const secp256k1_num *a, const secp256k1_num *b) { + int ret; + mpz_t ga, gb; + secp256k1_num_sanity(a); + secp256k1_num_sanity(b); + VERIFY_CHECK(!b->neg && (b->limbs > 0) && (b->data[0] & 1)); + + mpz_inits(ga, gb, NULL); + + mpz_import(gb, b->limbs, -1, sizeof(mp_limb_t), 0, 0, b->data); + mpz_import(ga, a->limbs, -1, sizeof(mp_limb_t), 0, 0, a->data); + if (a->neg) { + mpz_neg(ga, ga); + } + + ret = mpz_jacobi(ga, gb); + + mpz_clears(ga, gb, NULL); + + return ret; +} + +static int secp256k1_num_is_one(const secp256k1_num *a) { + return (a->limbs == 1 && a->data[0] == 1); +} + +static int secp256k1_num_is_zero(const secp256k1_num *a) { + return (a->limbs == 1 && a->data[0] == 0); +} + +static int secp256k1_num_is_neg(const secp256k1_num *a) { + return (a->limbs > 1 || a->data[0] != 0) && a->neg; +} + +static int secp256k1_num_cmp(const secp256k1_num *a, const secp256k1_num *b) { + if (a->limbs > b->limbs) { + return 1; + } + if (a->limbs < b->limbs) { + return -1; + } + return mpn_cmp(a->data, b->data, a->limbs); +} + +static int secp256k1_num_eq(const secp256k1_num *a, const secp256k1_num *b) { + if (a->limbs > b->limbs) { + return 0; + } + if (a->limbs < b->limbs) { + return 0; + } + if ((a->neg && !secp256k1_num_is_zero(a)) != (b->neg && !secp256k1_num_is_zero(b))) { + return 0; + } + return mpn_cmp(a->data, b->data, a->limbs) == 0; +} + +static void secp256k1_num_subadd(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b, int bneg) { + if (!(b->neg ^ bneg ^ a->neg)) { /* a and b have the same sign */ + r->neg = a->neg; + if (a->limbs >= b->limbs) { + secp256k1_num_add_abs(r, a, b); + } else { + secp256k1_num_add_abs(r, b, a); + } + } else { + if (secp256k1_num_cmp(a, b) > 0) { + r->neg = a->neg; + secp256k1_num_sub_abs(r, a, b); + } else { + r->neg = b->neg ^ bneg; + secp256k1_num_sub_abs(r, b, a); + } + } +} + +static void secp256k1_num_add(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { + secp256k1_num_sanity(a); + secp256k1_num_sanity(b); + secp256k1_num_subadd(r, a, b, 0); +} + +static void secp256k1_num_sub(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { + secp256k1_num_sanity(a); + secp256k1_num_sanity(b); + secp256k1_num_subadd(r, a, b, 1); +} + +static void secp256k1_num_mul(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { + mp_limb_t tmp[2*NUM_LIMBS+1]; + secp256k1_num_sanity(a); + secp256k1_num_sanity(b); + + VERIFY_CHECK(a->limbs + b->limbs <= 2*NUM_LIMBS+1); + if ((a->limbs==1 && a->data[0]==0) || (b->limbs==1 && b->data[0]==0)) { + r->limbs = 1; + r->neg = 0; + r->data[0] = 0; + return; + } + if (a->limbs >= b->limbs) { + mpn_mul(tmp, a->data, a->limbs, b->data, b->limbs); + } else { + mpn_mul(tmp, b->data, b->limbs, a->data, a->limbs); + } + r->limbs = a->limbs + b->limbs; + if (r->limbs > 1 && tmp[r->limbs - 1]==0) { + r->limbs--; + } + VERIFY_CHECK(r->limbs <= 2*NUM_LIMBS); + mpn_copyi(r->data, tmp, r->limbs); + r->neg = a->neg ^ b->neg; + memset(tmp, 0, sizeof(tmp)); +} + +static void secp256k1_num_shift(secp256k1_num *r, int bits) { + if (bits % GMP_NUMB_BITS) { + /* Shift within limbs. */ + mpn_rshift(r->data, r->data, r->limbs, bits % GMP_NUMB_BITS); + } + if (bits >= GMP_NUMB_BITS) { + int i; + /* Shift full limbs. */ + for (i = 0; i < r->limbs; i++) { + int index = i + (bits / GMP_NUMB_BITS); + if (index < r->limbs && index < 2*NUM_LIMBS) { + r->data[i] = r->data[index]; + } else { + r->data[i] = 0; + } + } + } + while (r->limbs>1 && r->data[r->limbs-1]==0) { + r->limbs--; + } +} + +static void secp256k1_num_negate(secp256k1_num *r) { + r->neg ^= 1; +} + +#endif /* SECP256K1_NUM_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/num_impl.h b/deps/secp256k1/src/num_impl.h new file mode 100644 index 000000000..c45193b03 --- /dev/null +++ b/deps/secp256k1/src/num_impl.h @@ -0,0 +1,24 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_NUM_IMPL_H +#define SECP256K1_NUM_IMPL_H + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include "num.h" + +#if defined(USE_NUM_GMP) +#include "num_gmp_impl.h" +#elif defined(USE_NUM_NONE) +/* Nothing. */ +#else +#error "Please select num implementation" +#endif + +#endif /* SECP256K1_NUM_IMPL_H */ diff --git a/deps/secp256k1/src/scalar.h b/deps/secp256k1/src/scalar.h new file mode 100644 index 000000000..59304cb66 --- /dev/null +++ b/deps/secp256k1/src/scalar.h @@ -0,0 +1,106 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_H +#define SECP256K1_SCALAR_H + +#include "num.h" + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#if defined(EXHAUSTIVE_TEST_ORDER) +#include "scalar_low.h" +#elif defined(USE_SCALAR_4X64) +#include "scalar_4x64.h" +#elif defined(USE_SCALAR_8X32) +#include "scalar_8x32.h" +#else +#error "Please select scalar implementation" +#endif + +/** Clear a scalar to prevent the leak of sensitive data. */ +static void secp256k1_scalar_clear(secp256k1_scalar *r); + +/** Access bits from a scalar. All requested bits must belong to the same 32-bit limb. */ +static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count); + +/** Access bits from a scalar. Not constant time. */ +static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count); + +/** Set a scalar from a big endian byte array. */ +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow); + +/** Set a scalar to an unsigned integer. */ +static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v); + +/** Convert a scalar to a byte array. */ +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a); + +/** Add two scalars together (modulo the group order). Returns whether it overflowed. */ +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b); + +/** Conditionally add a power of two to a scalar. The result is not allowed to overflow. */ +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag); + +/** Multiply two scalars (modulo the group order). */ +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b); + +/** Shift a scalar right by some amount strictly between 0 and 16, returning + * the low bits that were shifted off */ +static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n); + +/** Compute the square of a scalar (modulo the group order). */ +static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a); + +/** Compute the inverse of a scalar (modulo the group order). */ +static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a); + +/** Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. */ +static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a); + +/** Compute the complement of a scalar (modulo the group order). */ +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a); + +/** Check whether a scalar equals zero. */ +static int secp256k1_scalar_is_zero(const secp256k1_scalar *a); + +/** Check whether a scalar equals one. */ +static int secp256k1_scalar_is_one(const secp256k1_scalar *a); + +/** Check whether a scalar, considered as an nonnegative integer, is even. */ +static int secp256k1_scalar_is_even(const secp256k1_scalar *a); + +/** Check whether a scalar is higher than the group order divided by 2. */ +static int secp256k1_scalar_is_high(const secp256k1_scalar *a); + +/** Conditionally negate a number, in constant time. + * Returns -1 if the number was negated, 1 otherwise */ +static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag); + +#ifndef USE_NUM_NONE +/** Convert a scalar to a number. */ +static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a); + +/** Get the order of the group as a number. */ +static void secp256k1_scalar_order_get_num(secp256k1_num *r); +#endif + +/** Compare two scalars. */ +static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b); + +#ifdef USE_ENDOMORPHISM +/** Find r1 and r2 such that r1+r2*2^128 = a. */ +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a); +/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */ +static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a); +#endif + +/** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */ +static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift); + +#endif /* SECP256K1_SCALAR_H */ diff --git a/deps/secp256k1/src/scalar_4x64.h b/deps/secp256k1/src/scalar_4x64.h new file mode 100644 index 000000000..19c7495d1 --- /dev/null +++ b/deps/secp256k1/src/scalar_4x64.h @@ -0,0 +1,19 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_H +#define SECP256K1_SCALAR_REPR_H + +#include + +/** A scalar modulo the group order of the secp256k1 curve. */ +typedef struct { + uint64_t d[4]; +} secp256k1_scalar; + +#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{((uint64_t)(d1)) << 32 | (d0), ((uint64_t)(d3)) << 32 | (d2), ((uint64_t)(d5)) << 32 | (d4), ((uint64_t)(d7)) << 32 | (d6)}} + +#endif /* SECP256K1_SCALAR_REPR_H */ diff --git a/deps/secp256k1/src/scalar_4x64_impl.h b/deps/secp256k1/src/scalar_4x64_impl.h new file mode 100644 index 000000000..d378335d9 --- /dev/null +++ b/deps/secp256k1/src/scalar_4x64_impl.h @@ -0,0 +1,949 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_IMPL_H +#define SECP256K1_SCALAR_REPR_IMPL_H + +/* Limbs of the secp256k1 order. */ +#define SECP256K1_N_0 ((uint64_t)0xBFD25E8CD0364141ULL) +#define SECP256K1_N_1 ((uint64_t)0xBAAEDCE6AF48A03BULL) +#define SECP256K1_N_2 ((uint64_t)0xFFFFFFFFFFFFFFFEULL) +#define SECP256K1_N_3 ((uint64_t)0xFFFFFFFFFFFFFFFFULL) + +/* Limbs of 2^256 minus the secp256k1 order. */ +#define SECP256K1_N_C_0 (~SECP256K1_N_0 + 1) +#define SECP256K1_N_C_1 (~SECP256K1_N_1) +#define SECP256K1_N_C_2 (1) + +/* Limbs of half the secp256k1 order. */ +#define SECP256K1_N_H_0 ((uint64_t)0xDFE92F46681B20A0ULL) +#define SECP256K1_N_H_1 ((uint64_t)0x5D576E7357A4501DULL) +#define SECP256K1_N_H_2 ((uint64_t)0xFFFFFFFFFFFFFFFFULL) +#define SECP256K1_N_H_3 ((uint64_t)0x7FFFFFFFFFFFFFFFULL) + +SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { + r->d[0] = 0; + r->d[1] = 0; + r->d[2] = 0; + r->d[3] = 0; +} + +SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { + r->d[0] = v; + r->d[1] = 0; + r->d[2] = 0; + r->d[3] = 0; +} + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + VERIFY_CHECK((offset + count - 1) >> 6 == offset >> 6); + return (a->d[offset >> 6] >> (offset & 0x3F)) & ((((uint64_t)1) << count) - 1); +} + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + VERIFY_CHECK(count < 32); + VERIFY_CHECK(offset + count <= 256); + if ((offset + count - 1) >> 6 == offset >> 6) { + return secp256k1_scalar_get_bits(a, offset, count); + } else { + VERIFY_CHECK((offset >> 6) + 1 < 4); + return ((a->d[offset >> 6] >> (offset & 0x3F)) | (a->d[(offset >> 6) + 1] << (64 - (offset & 0x3F)))) & ((((uint64_t)1) << count) - 1); + } +} + +SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { + int yes = 0; + int no = 0; + no |= (a->d[3] < SECP256K1_N_3); /* No need for a > check. */ + no |= (a->d[2] < SECP256K1_N_2); + yes |= (a->d[2] > SECP256K1_N_2) & ~no; + no |= (a->d[1] < SECP256K1_N_1); + yes |= (a->d[1] > SECP256K1_N_1) & ~no; + yes |= (a->d[0] >= SECP256K1_N_0) & ~no; + return yes; +} + +SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, unsigned int overflow) { + uint128_t t; + VERIFY_CHECK(overflow <= 1); + t = (uint128_t)r->d[0] + overflow * SECP256K1_N_C_0; + r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)r->d[1] + overflow * SECP256K1_N_C_1; + r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)r->d[2] + overflow * SECP256K1_N_C_2; + r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint64_t)r->d[3]; + r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; + return overflow; +} + +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + int overflow; + uint128_t t = (uint128_t)a->d[0] + b->d[0]; + r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)a->d[1] + b->d[1]; + r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)a->d[2] + b->d[2]; + r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)a->d[3] + b->d[3]; + r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + overflow = t + secp256k1_scalar_check_overflow(r); + VERIFY_CHECK(overflow == 0 || overflow == 1); + secp256k1_scalar_reduce(r, overflow); + return overflow; +} + +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { + uint128_t t; + VERIFY_CHECK(bit < 256); + bit += ((uint32_t) flag - 1) & 0x100; /* forcing (bit >> 6) > 3 makes this a noop */ + t = (uint128_t)r->d[0] + (((uint64_t)((bit >> 6) == 0)) << (bit & 0x3F)); + r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)r->d[1] + (((uint64_t)((bit >> 6) == 1)) << (bit & 0x3F)); + r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)r->d[2] + (((uint64_t)((bit >> 6) == 2)) << (bit & 0x3F)); + r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)r->d[3] + (((uint64_t)((bit >> 6) == 3)) << (bit & 0x3F)); + r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; +#ifdef VERIFY + VERIFY_CHECK((t >> 64) == 0); + VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); +#endif +} + +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { + int over; + r->d[0] = (uint64_t)b32[31] | (uint64_t)b32[30] << 8 | (uint64_t)b32[29] << 16 | (uint64_t)b32[28] << 24 | (uint64_t)b32[27] << 32 | (uint64_t)b32[26] << 40 | (uint64_t)b32[25] << 48 | (uint64_t)b32[24] << 56; + r->d[1] = (uint64_t)b32[23] | (uint64_t)b32[22] << 8 | (uint64_t)b32[21] << 16 | (uint64_t)b32[20] << 24 | (uint64_t)b32[19] << 32 | (uint64_t)b32[18] << 40 | (uint64_t)b32[17] << 48 | (uint64_t)b32[16] << 56; + r->d[2] = (uint64_t)b32[15] | (uint64_t)b32[14] << 8 | (uint64_t)b32[13] << 16 | (uint64_t)b32[12] << 24 | (uint64_t)b32[11] << 32 | (uint64_t)b32[10] << 40 | (uint64_t)b32[9] << 48 | (uint64_t)b32[8] << 56; + r->d[3] = (uint64_t)b32[7] | (uint64_t)b32[6] << 8 | (uint64_t)b32[5] << 16 | (uint64_t)b32[4] << 24 | (uint64_t)b32[3] << 32 | (uint64_t)b32[2] << 40 | (uint64_t)b32[1] << 48 | (uint64_t)b32[0] << 56; + over = secp256k1_scalar_reduce(r, secp256k1_scalar_check_overflow(r)); + if (overflow) { + *overflow = over; + } +} + +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { + bin[0] = a->d[3] >> 56; bin[1] = a->d[3] >> 48; bin[2] = a->d[3] >> 40; bin[3] = a->d[3] >> 32; bin[4] = a->d[3] >> 24; bin[5] = a->d[3] >> 16; bin[6] = a->d[3] >> 8; bin[7] = a->d[3]; + bin[8] = a->d[2] >> 56; bin[9] = a->d[2] >> 48; bin[10] = a->d[2] >> 40; bin[11] = a->d[2] >> 32; bin[12] = a->d[2] >> 24; bin[13] = a->d[2] >> 16; bin[14] = a->d[2] >> 8; bin[15] = a->d[2]; + bin[16] = a->d[1] >> 56; bin[17] = a->d[1] >> 48; bin[18] = a->d[1] >> 40; bin[19] = a->d[1] >> 32; bin[20] = a->d[1] >> 24; bin[21] = a->d[1] >> 16; bin[22] = a->d[1] >> 8; bin[23] = a->d[1]; + bin[24] = a->d[0] >> 56; bin[25] = a->d[0] >> 48; bin[26] = a->d[0] >> 40; bin[27] = a->d[0] >> 32; bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0]; +} + +SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { + return (a->d[0] | a->d[1] | a->d[2] | a->d[3]) == 0; +} + +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { + uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (secp256k1_scalar_is_zero(a) == 0); + uint128_t t = (uint128_t)(~a->d[0]) + SECP256K1_N_0 + 1; + r->d[0] = t & nonzero; t >>= 64; + t += (uint128_t)(~a->d[1]) + SECP256K1_N_1; + r->d[1] = t & nonzero; t >>= 64; + t += (uint128_t)(~a->d[2]) + SECP256K1_N_2; + r->d[2] = t & nonzero; t >>= 64; + t += (uint128_t)(~a->d[3]) + SECP256K1_N_3; + r->d[3] = t & nonzero; +} + +SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { + return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3]) == 0; +} + +static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { + int yes = 0; + int no = 0; + no |= (a->d[3] < SECP256K1_N_H_3); + yes |= (a->d[3] > SECP256K1_N_H_3) & ~no; + no |= (a->d[2] < SECP256K1_N_H_2) & ~yes; /* No need for a > check. */ + no |= (a->d[1] < SECP256K1_N_H_1) & ~yes; + yes |= (a->d[1] > SECP256K1_N_H_1) & ~no; + yes |= (a->d[0] > SECP256K1_N_H_0) & ~no; + return yes; +} + +static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { + /* If we are flag = 0, mask = 00...00 and this is a no-op; + * if we are flag = 1, mask = 11...11 and this is identical to secp256k1_scalar_negate */ + uint64_t mask = !flag - 1; + uint64_t nonzero = (secp256k1_scalar_is_zero(r) != 0) - 1; + uint128_t t = (uint128_t)(r->d[0] ^ mask) + ((SECP256K1_N_0 + 1) & mask); + r->d[0] = t & nonzero; t >>= 64; + t += (uint128_t)(r->d[1] ^ mask) + (SECP256K1_N_1 & mask); + r->d[1] = t & nonzero; t >>= 64; + t += (uint128_t)(r->d[2] ^ mask) + (SECP256K1_N_2 & mask); + r->d[2] = t & nonzero; t >>= 64; + t += (uint128_t)(r->d[3] ^ mask) + (SECP256K1_N_3 & mask); + r->d[3] = t & nonzero; + return 2 * (mask == 0) - 1; +} + +/* Inspired by the macros in OpenSSL's crypto/bn/asm/x86_64-gcc.c. */ + +/** Add a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define muladd(a,b) { \ + uint64_t tl, th; \ + { \ + uint128_t t = (uint128_t)a * b; \ + th = t >> 64; /* at most 0xFFFFFFFFFFFFFFFE */ \ + tl = t; \ + } \ + c0 += tl; /* overflow is handled on the next line */ \ + th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFFFFFFFFFF */ \ + c1 += th; /* overflow is handled on the next line */ \ + c2 += (c1 < th) ? 1 : 0; /* never overflows by contract (verified in the next line) */ \ + VERIFY_CHECK((c1 >= th) || (c2 != 0)); \ +} + +/** Add a*b to the number defined by (c0,c1). c1 must never overflow. */ +#define muladd_fast(a,b) { \ + uint64_t tl, th; \ + { \ + uint128_t t = (uint128_t)a * b; \ + th = t >> 64; /* at most 0xFFFFFFFFFFFFFFFE */ \ + tl = t; \ + } \ + c0 += tl; /* overflow is handled on the next line */ \ + th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFFFFFFFFFF */ \ + c1 += th; /* never overflows by contract (verified in the next line) */ \ + VERIFY_CHECK(c1 >= th); \ +} + +/** Add 2*a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define muladd2(a,b) { \ + uint64_t tl, th, th2, tl2; \ + { \ + uint128_t t = (uint128_t)a * b; \ + th = t >> 64; /* at most 0xFFFFFFFFFFFFFFFE */ \ + tl = t; \ + } \ + th2 = th + th; /* at most 0xFFFFFFFFFFFFFFFE (in case th was 0x7FFFFFFFFFFFFFFF) */ \ + c2 += (th2 < th) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((th2 >= th) || (c2 != 0)); \ + tl2 = tl + tl; /* at most 0xFFFFFFFFFFFFFFFE (in case the lowest 63 bits of tl were 0x7FFFFFFFFFFFFFFF) */ \ + th2 += (tl2 < tl) ? 1 : 0; /* at most 0xFFFFFFFFFFFFFFFF */ \ + c0 += tl2; /* overflow is handled on the next line */ \ + th2 += (c0 < tl2) ? 1 : 0; /* second overflow is handled on the next line */ \ + c2 += (c0 < tl2) & (th2 == 0); /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c0 >= tl2) || (th2 != 0) || (c2 != 0)); \ + c1 += th2; /* overflow is handled on the next line */ \ + c2 += (c1 < th2) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c1 >= th2) || (c2 != 0)); \ +} + +/** Add a to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define sumadd(a) { \ + unsigned int over; \ + c0 += (a); /* overflow is handled on the next line */ \ + over = (c0 < (a)) ? 1 : 0; \ + c1 += over; /* overflow is handled on the next line */ \ + c2 += (c1 < over) ? 1 : 0; /* never overflows by contract */ \ +} + +/** Add a to the number defined by (c0,c1). c1 must never overflow, c2 must be zero. */ +#define sumadd_fast(a) { \ + c0 += (a); /* overflow is handled on the next line */ \ + c1 += (c0 < (a)) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c1 != 0) | (c0 >= (a))); \ + VERIFY_CHECK(c2 == 0); \ +} + +/** Extract the lowest 64 bits of (c0,c1,c2) into n, and left shift the number 64 bits. */ +#define extract(n) { \ + (n) = c0; \ + c0 = c1; \ + c1 = c2; \ + c2 = 0; \ +} + +/** Extract the lowest 64 bits of (c0,c1,c2) into n, and left shift the number 64 bits. c2 is required to be zero. */ +#define extract_fast(n) { \ + (n) = c0; \ + c0 = c1; \ + c1 = 0; \ + VERIFY_CHECK(c2 == 0); \ +} + +static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint64_t *l) { +#ifdef USE_ASM_X86_64 + /* Reduce 512 bits into 385. */ + uint64_t m0, m1, m2, m3, m4, m5, m6; + uint64_t p0, p1, p2, p3, p4; + uint64_t c; + + __asm__ __volatile__( + /* Preload. */ + "movq 32(%%rsi), %%r11\n" + "movq 40(%%rsi), %%r12\n" + "movq 48(%%rsi), %%r13\n" + "movq 56(%%rsi), %%r14\n" + /* Initialize r8,r9,r10 */ + "movq 0(%%rsi), %%r8\n" + "xorq %%r9, %%r9\n" + "xorq %%r10, %%r10\n" + /* (r8,r9) += n0 * c0 */ + "movq %8, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + /* extract m0 */ + "movq %%r8, %q0\n" + "xorq %%r8, %%r8\n" + /* (r9,r10) += l1 */ + "addq 8(%%rsi), %%r9\n" + "adcq $0, %%r10\n" + /* (r9,r10,r8) += n1 * c0 */ + "movq %8, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += n0 * c1 */ + "movq %9, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* extract m1 */ + "movq %%r9, %q1\n" + "xorq %%r9, %%r9\n" + /* (r10,r8,r9) += l2 */ + "addq 16(%%rsi), %%r10\n" + "adcq $0, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += n2 * c0 */ + "movq %8, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += n1 * c1 */ + "movq %9, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += n0 */ + "addq %%r11, %%r10\n" + "adcq $0, %%r8\n" + "adcq $0, %%r9\n" + /* extract m2 */ + "movq %%r10, %q2\n" + "xorq %%r10, %%r10\n" + /* (r8,r9,r10) += l3 */ + "addq 24(%%rsi), %%r8\n" + "adcq $0, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += n3 * c0 */ + "movq %8, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += n2 * c1 */ + "movq %9, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += n1 */ + "addq %%r12, %%r8\n" + "adcq $0, %%r9\n" + "adcq $0, %%r10\n" + /* extract m3 */ + "movq %%r8, %q3\n" + "xorq %%r8, %%r8\n" + /* (r9,r10,r8) += n3 * c1 */ + "movq %9, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += n2 */ + "addq %%r13, %%r9\n" + "adcq $0, %%r10\n" + "adcq $0, %%r8\n" + /* extract m4 */ + "movq %%r9, %q4\n" + /* (r10,r8) += n3 */ + "addq %%r14, %%r10\n" + "adcq $0, %%r8\n" + /* extract m5 */ + "movq %%r10, %q5\n" + /* extract m6 */ + "movq %%r8, %q6\n" + : "=g"(m0), "=g"(m1), "=g"(m2), "=g"(m3), "=g"(m4), "=g"(m5), "=g"(m6) + : "S"(l), "i"(SECP256K1_N_C_0), "i"(SECP256K1_N_C_1) + : "rax", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "cc"); + + /* Reduce 385 bits into 258. */ + __asm__ __volatile__( + /* Preload */ + "movq %q9, %%r11\n" + "movq %q10, %%r12\n" + "movq %q11, %%r13\n" + /* Initialize (r8,r9,r10) */ + "movq %q5, %%r8\n" + "xorq %%r9, %%r9\n" + "xorq %%r10, %%r10\n" + /* (r8,r9) += m4 * c0 */ + "movq %12, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + /* extract p0 */ + "movq %%r8, %q0\n" + "xorq %%r8, %%r8\n" + /* (r9,r10) += m1 */ + "addq %q6, %%r9\n" + "adcq $0, %%r10\n" + /* (r9,r10,r8) += m5 * c0 */ + "movq %12, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += m4 * c1 */ + "movq %13, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* extract p1 */ + "movq %%r9, %q1\n" + "xorq %%r9, %%r9\n" + /* (r10,r8,r9) += m2 */ + "addq %q7, %%r10\n" + "adcq $0, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += m6 * c0 */ + "movq %12, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += m5 * c1 */ + "movq %13, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += m4 */ + "addq %%r11, %%r10\n" + "adcq $0, %%r8\n" + "adcq $0, %%r9\n" + /* extract p2 */ + "movq %%r10, %q2\n" + /* (r8,r9) += m3 */ + "addq %q8, %%r8\n" + "adcq $0, %%r9\n" + /* (r8,r9) += m6 * c1 */ + "movq %13, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + /* (r8,r9) += m5 */ + "addq %%r12, %%r8\n" + "adcq $0, %%r9\n" + /* extract p3 */ + "movq %%r8, %q3\n" + /* (r9) += m6 */ + "addq %%r13, %%r9\n" + /* extract p4 */ + "movq %%r9, %q4\n" + : "=&g"(p0), "=&g"(p1), "=&g"(p2), "=g"(p3), "=g"(p4) + : "g"(m0), "g"(m1), "g"(m2), "g"(m3), "g"(m4), "g"(m5), "g"(m6), "i"(SECP256K1_N_C_0), "i"(SECP256K1_N_C_1) + : "rax", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "cc"); + + /* Reduce 258 bits into 256. */ + __asm__ __volatile__( + /* Preload */ + "movq %q5, %%r10\n" + /* (rax,rdx) = p4 * c0 */ + "movq %7, %%rax\n" + "mulq %%r10\n" + /* (rax,rdx) += p0 */ + "addq %q1, %%rax\n" + "adcq $0, %%rdx\n" + /* extract r0 */ + "movq %%rax, 0(%q6)\n" + /* Move to (r8,r9) */ + "movq %%rdx, %%r8\n" + "xorq %%r9, %%r9\n" + /* (r8,r9) += p1 */ + "addq %q2, %%r8\n" + "adcq $0, %%r9\n" + /* (r8,r9) += p4 * c1 */ + "movq %8, %%rax\n" + "mulq %%r10\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + /* Extract r1 */ + "movq %%r8, 8(%q6)\n" + "xorq %%r8, %%r8\n" + /* (r9,r8) += p4 */ + "addq %%r10, %%r9\n" + "adcq $0, %%r8\n" + /* (r9,r8) += p2 */ + "addq %q3, %%r9\n" + "adcq $0, %%r8\n" + /* Extract r2 */ + "movq %%r9, 16(%q6)\n" + "xorq %%r9, %%r9\n" + /* (r8,r9) += p3 */ + "addq %q4, %%r8\n" + "adcq $0, %%r9\n" + /* Extract r3 */ + "movq %%r8, 24(%q6)\n" + /* Extract c */ + "movq %%r9, %q0\n" + : "=g"(c) + : "g"(p0), "g"(p1), "g"(p2), "g"(p3), "g"(p4), "D"(r), "i"(SECP256K1_N_C_0), "i"(SECP256K1_N_C_1) + : "rax", "rdx", "r8", "r9", "r10", "cc", "memory"); +#else + uint128_t c; + uint64_t c0, c1, c2; + uint64_t n0 = l[4], n1 = l[5], n2 = l[6], n3 = l[7]; + uint64_t m0, m1, m2, m3, m4, m5; + uint32_t m6; + uint64_t p0, p1, p2, p3; + uint32_t p4; + + /* Reduce 512 bits into 385. */ + /* m[0..6] = l[0..3] + n[0..3] * SECP256K1_N_C. */ + c0 = l[0]; c1 = 0; c2 = 0; + muladd_fast(n0, SECP256K1_N_C_0); + extract_fast(m0); + sumadd_fast(l[1]); + muladd(n1, SECP256K1_N_C_0); + muladd(n0, SECP256K1_N_C_1); + extract(m1); + sumadd(l[2]); + muladd(n2, SECP256K1_N_C_0); + muladd(n1, SECP256K1_N_C_1); + sumadd(n0); + extract(m2); + sumadd(l[3]); + muladd(n3, SECP256K1_N_C_0); + muladd(n2, SECP256K1_N_C_1); + sumadd(n1); + extract(m3); + muladd(n3, SECP256K1_N_C_1); + sumadd(n2); + extract(m4); + sumadd_fast(n3); + extract_fast(m5); + VERIFY_CHECK(c0 <= 1); + m6 = c0; + + /* Reduce 385 bits into 258. */ + /* p[0..4] = m[0..3] + m[4..6] * SECP256K1_N_C. */ + c0 = m0; c1 = 0; c2 = 0; + muladd_fast(m4, SECP256K1_N_C_0); + extract_fast(p0); + sumadd_fast(m1); + muladd(m5, SECP256K1_N_C_0); + muladd(m4, SECP256K1_N_C_1); + extract(p1); + sumadd(m2); + muladd(m6, SECP256K1_N_C_0); + muladd(m5, SECP256K1_N_C_1); + sumadd(m4); + extract(p2); + sumadd_fast(m3); + muladd_fast(m6, SECP256K1_N_C_1); + sumadd_fast(m5); + extract_fast(p3); + p4 = c0 + m6; + VERIFY_CHECK(p4 <= 2); + + /* Reduce 258 bits into 256. */ + /* r[0..3] = p[0..3] + p[4] * SECP256K1_N_C. */ + c = p0 + (uint128_t)SECP256K1_N_C_0 * p4; + r->d[0] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; + c += p1 + (uint128_t)SECP256K1_N_C_1 * p4; + r->d[1] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; + c += p2 + (uint128_t)p4; + r->d[2] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; + c += p3; + r->d[3] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; +#endif + + /* Final reduction of r. */ + secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r)); +} + +static void secp256k1_scalar_mul_512(uint64_t l[8], const secp256k1_scalar *a, const secp256k1_scalar *b) { +#ifdef USE_ASM_X86_64 + const uint64_t *pb = b->d; + __asm__ __volatile__( + /* Preload */ + "movq 0(%%rdi), %%r15\n" + "movq 8(%%rdi), %%rbx\n" + "movq 16(%%rdi), %%rcx\n" + "movq 0(%%rdx), %%r11\n" + "movq 8(%%rdx), %%r12\n" + "movq 16(%%rdx), %%r13\n" + "movq 24(%%rdx), %%r14\n" + /* (rax,rdx) = a0 * b0 */ + "movq %%r15, %%rax\n" + "mulq %%r11\n" + /* Extract l0 */ + "movq %%rax, 0(%%rsi)\n" + /* (r8,r9,r10) = (rdx) */ + "movq %%rdx, %%r8\n" + "xorq %%r9, %%r9\n" + "xorq %%r10, %%r10\n" + /* (r8,r9,r10) += a0 * b1 */ + "movq %%r15, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += a1 * b0 */ + "movq %%rbx, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* Extract l1 */ + "movq %%r8, 8(%%rsi)\n" + "xorq %%r8, %%r8\n" + /* (r9,r10,r8) += a0 * b2 */ + "movq %%r15, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += a1 * b1 */ + "movq %%rbx, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += a2 * b0 */ + "movq %%rcx, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* Extract l2 */ + "movq %%r9, 16(%%rsi)\n" + "xorq %%r9, %%r9\n" + /* (r10,r8,r9) += a0 * b3 */ + "movq %%r15, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* Preload a3 */ + "movq 24(%%rdi), %%r15\n" + /* (r10,r8,r9) += a1 * b2 */ + "movq %%rbx, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += a2 * b1 */ + "movq %%rcx, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += a3 * b0 */ + "movq %%r15, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* Extract l3 */ + "movq %%r10, 24(%%rsi)\n" + "xorq %%r10, %%r10\n" + /* (r8,r9,r10) += a1 * b3 */ + "movq %%rbx, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += a2 * b2 */ + "movq %%rcx, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += a3 * b1 */ + "movq %%r15, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* Extract l4 */ + "movq %%r8, 32(%%rsi)\n" + "xorq %%r8, %%r8\n" + /* (r9,r10,r8) += a2 * b3 */ + "movq %%rcx, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += a3 * b2 */ + "movq %%r15, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* Extract l5 */ + "movq %%r9, 40(%%rsi)\n" + /* (r10,r8) += a3 * b3 */ + "movq %%r15, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + /* Extract l6 */ + "movq %%r10, 48(%%rsi)\n" + /* Extract l7 */ + "movq %%r8, 56(%%rsi)\n" + : "+d"(pb) + : "S"(l), "D"(a->d) + : "rax", "rbx", "rcx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15", "cc", "memory"); +#else + /* 160 bit accumulator. */ + uint64_t c0 = 0, c1 = 0; + uint32_t c2 = 0; + + /* l[0..7] = a[0..3] * b[0..3]. */ + muladd_fast(a->d[0], b->d[0]); + extract_fast(l[0]); + muladd(a->d[0], b->d[1]); + muladd(a->d[1], b->d[0]); + extract(l[1]); + muladd(a->d[0], b->d[2]); + muladd(a->d[1], b->d[1]); + muladd(a->d[2], b->d[0]); + extract(l[2]); + muladd(a->d[0], b->d[3]); + muladd(a->d[1], b->d[2]); + muladd(a->d[2], b->d[1]); + muladd(a->d[3], b->d[0]); + extract(l[3]); + muladd(a->d[1], b->d[3]); + muladd(a->d[2], b->d[2]); + muladd(a->d[3], b->d[1]); + extract(l[4]); + muladd(a->d[2], b->d[3]); + muladd(a->d[3], b->d[2]); + extract(l[5]); + muladd_fast(a->d[3], b->d[3]); + extract_fast(l[6]); + VERIFY_CHECK(c1 == 0); + l[7] = c0; +#endif +} + +static void secp256k1_scalar_sqr_512(uint64_t l[8], const secp256k1_scalar *a) { +#ifdef USE_ASM_X86_64 + __asm__ __volatile__( + /* Preload */ + "movq 0(%%rdi), %%r11\n" + "movq 8(%%rdi), %%r12\n" + "movq 16(%%rdi), %%r13\n" + "movq 24(%%rdi), %%r14\n" + /* (rax,rdx) = a0 * a0 */ + "movq %%r11, %%rax\n" + "mulq %%r11\n" + /* Extract l0 */ + "movq %%rax, 0(%%rsi)\n" + /* (r8,r9,r10) = (rdx,0) */ + "movq %%rdx, %%r8\n" + "xorq %%r9, %%r9\n" + "xorq %%r10, %%r10\n" + /* (r8,r9,r10) += 2 * a0 * a1 */ + "movq %%r11, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* Extract l1 */ + "movq %%r8, 8(%%rsi)\n" + "xorq %%r8, %%r8\n" + /* (r9,r10,r8) += 2 * a0 * a2 */ + "movq %%r11, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += a1 * a1 */ + "movq %%r12, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* Extract l2 */ + "movq %%r9, 16(%%rsi)\n" + "xorq %%r9, %%r9\n" + /* (r10,r8,r9) += 2 * a0 * a3 */ + "movq %%r11, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += 2 * a1 * a2 */ + "movq %%r12, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* Extract l3 */ + "movq %%r10, 24(%%rsi)\n" + "xorq %%r10, %%r10\n" + /* (r8,r9,r10) += 2 * a1 * a3 */ + "movq %%r12, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += a2 * a2 */ + "movq %%r13, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* Extract l4 */ + "movq %%r8, 32(%%rsi)\n" + "xorq %%r8, %%r8\n" + /* (r9,r10,r8) += 2 * a2 * a3 */ + "movq %%r13, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* Extract l5 */ + "movq %%r9, 40(%%rsi)\n" + /* (r10,r8) += a3 * a3 */ + "movq %%r14, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + /* Extract l6 */ + "movq %%r10, 48(%%rsi)\n" + /* Extract l7 */ + "movq %%r8, 56(%%rsi)\n" + : + : "S"(l), "D"(a->d) + : "rax", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "cc", "memory"); +#else + /* 160 bit accumulator. */ + uint64_t c0 = 0, c1 = 0; + uint32_t c2 = 0; + + /* l[0..7] = a[0..3] * b[0..3]. */ + muladd_fast(a->d[0], a->d[0]); + extract_fast(l[0]); + muladd2(a->d[0], a->d[1]); + extract(l[1]); + muladd2(a->d[0], a->d[2]); + muladd(a->d[1], a->d[1]); + extract(l[2]); + muladd2(a->d[0], a->d[3]); + muladd2(a->d[1], a->d[2]); + extract(l[3]); + muladd2(a->d[1], a->d[3]); + muladd(a->d[2], a->d[2]); + extract(l[4]); + muladd2(a->d[2], a->d[3]); + extract(l[5]); + muladd_fast(a->d[3], a->d[3]); + extract_fast(l[6]); + VERIFY_CHECK(c1 == 0); + l[7] = c0; +#endif +} + +#undef sumadd +#undef sumadd_fast +#undef muladd +#undef muladd_fast +#undef muladd2 +#undef extract +#undef extract_fast + +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + uint64_t l[8]; + secp256k1_scalar_mul_512(l, a, b); + secp256k1_scalar_reduce_512(r, l); +} + +static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) { + int ret; + VERIFY_CHECK(n > 0); + VERIFY_CHECK(n < 16); + ret = r->d[0] & ((1 << n) - 1); + r->d[0] = (r->d[0] >> n) + (r->d[1] << (64 - n)); + r->d[1] = (r->d[1] >> n) + (r->d[2] << (64 - n)); + r->d[2] = (r->d[2] >> n) + (r->d[3] << (64 - n)); + r->d[3] = (r->d[3] >> n); + return ret; +} + +static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) { + uint64_t l[8]; + secp256k1_scalar_sqr_512(l, a); + secp256k1_scalar_reduce_512(r, l); +} + +#ifdef USE_ENDOMORPHISM +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { + r1->d[0] = a->d[0]; + r1->d[1] = a->d[1]; + r1->d[2] = 0; + r1->d[3] = 0; + r2->d[0] = a->d[2]; + r2->d[1] = a->d[3]; + r2->d[2] = 0; + r2->d[3] = 0; +} +#endif + +SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { + return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3])) == 0; +} + +SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift) { + uint64_t l[8]; + unsigned int shiftlimbs; + unsigned int shiftlow; + unsigned int shifthigh; + VERIFY_CHECK(shift >= 256); + secp256k1_scalar_mul_512(l, a, b); + shiftlimbs = shift >> 6; + shiftlow = shift & 0x3F; + shifthigh = 64 - shiftlow; + r->d[0] = shift < 512 ? (l[0 + shiftlimbs] >> shiftlow | (shift < 448 && shiftlow ? (l[1 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[1] = shift < 448 ? (l[1 + shiftlimbs] >> shiftlow | (shift < 384 && shiftlow ? (l[2 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[2] = shift < 384 ? (l[2 + shiftlimbs] >> shiftlow | (shift < 320 && shiftlow ? (l[3 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[3] = shift < 320 ? (l[3 + shiftlimbs] >> shiftlow) : 0; + secp256k1_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 6] >> ((shift - 1) & 0x3f)) & 1); +} + +#endif /* SECP256K1_SCALAR_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/scalar_8x32.h b/deps/secp256k1/src/scalar_8x32.h new file mode 100644 index 000000000..2c9a348e2 --- /dev/null +++ b/deps/secp256k1/src/scalar_8x32.h @@ -0,0 +1,19 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_H +#define SECP256K1_SCALAR_REPR_H + +#include + +/** A scalar modulo the group order of the secp256k1 curve. */ +typedef struct { + uint32_t d[8]; +} secp256k1_scalar; + +#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{(d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7)}} + +#endif /* SECP256K1_SCALAR_REPR_H */ diff --git a/deps/secp256k1/src/scalar_8x32_impl.h b/deps/secp256k1/src/scalar_8x32_impl.h new file mode 100644 index 000000000..4f9ed61fe --- /dev/null +++ b/deps/secp256k1/src/scalar_8x32_impl.h @@ -0,0 +1,721 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_IMPL_H +#define SECP256K1_SCALAR_REPR_IMPL_H + +/* Limbs of the secp256k1 order. */ +#define SECP256K1_N_0 ((uint32_t)0xD0364141UL) +#define SECP256K1_N_1 ((uint32_t)0xBFD25E8CUL) +#define SECP256K1_N_2 ((uint32_t)0xAF48A03BUL) +#define SECP256K1_N_3 ((uint32_t)0xBAAEDCE6UL) +#define SECP256K1_N_4 ((uint32_t)0xFFFFFFFEUL) +#define SECP256K1_N_5 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_6 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_7 ((uint32_t)0xFFFFFFFFUL) + +/* Limbs of 2^256 minus the secp256k1 order. */ +#define SECP256K1_N_C_0 (~SECP256K1_N_0 + 1) +#define SECP256K1_N_C_1 (~SECP256K1_N_1) +#define SECP256K1_N_C_2 (~SECP256K1_N_2) +#define SECP256K1_N_C_3 (~SECP256K1_N_3) +#define SECP256K1_N_C_4 (1) + +/* Limbs of half the secp256k1 order. */ +#define SECP256K1_N_H_0 ((uint32_t)0x681B20A0UL) +#define SECP256K1_N_H_1 ((uint32_t)0xDFE92F46UL) +#define SECP256K1_N_H_2 ((uint32_t)0x57A4501DUL) +#define SECP256K1_N_H_3 ((uint32_t)0x5D576E73UL) +#define SECP256K1_N_H_4 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_H_5 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_H_6 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_H_7 ((uint32_t)0x7FFFFFFFUL) + +SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { + r->d[0] = 0; + r->d[1] = 0; + r->d[2] = 0; + r->d[3] = 0; + r->d[4] = 0; + r->d[5] = 0; + r->d[6] = 0; + r->d[7] = 0; +} + +SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { + r->d[0] = v; + r->d[1] = 0; + r->d[2] = 0; + r->d[3] = 0; + r->d[4] = 0; + r->d[5] = 0; + r->d[6] = 0; + r->d[7] = 0; +} + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + VERIFY_CHECK((offset + count - 1) >> 5 == offset >> 5); + return (a->d[offset >> 5] >> (offset & 0x1F)) & ((1 << count) - 1); +} + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + VERIFY_CHECK(count < 32); + VERIFY_CHECK(offset + count <= 256); + if ((offset + count - 1) >> 5 == offset >> 5) { + return secp256k1_scalar_get_bits(a, offset, count); + } else { + VERIFY_CHECK((offset >> 5) + 1 < 8); + return ((a->d[offset >> 5] >> (offset & 0x1F)) | (a->d[(offset >> 5) + 1] << (32 - (offset & 0x1F)))) & ((((uint32_t)1) << count) - 1); + } +} + +SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { + int yes = 0; + int no = 0; + no |= (a->d[7] < SECP256K1_N_7); /* No need for a > check. */ + no |= (a->d[6] < SECP256K1_N_6); /* No need for a > check. */ + no |= (a->d[5] < SECP256K1_N_5); /* No need for a > check. */ + no |= (a->d[4] < SECP256K1_N_4); + yes |= (a->d[4] > SECP256K1_N_4) & ~no; + no |= (a->d[3] < SECP256K1_N_3) & ~yes; + yes |= (a->d[3] > SECP256K1_N_3) & ~no; + no |= (a->d[2] < SECP256K1_N_2) & ~yes; + yes |= (a->d[2] > SECP256K1_N_2) & ~no; + no |= (a->d[1] < SECP256K1_N_1) & ~yes; + yes |= (a->d[1] > SECP256K1_N_1) & ~no; + yes |= (a->d[0] >= SECP256K1_N_0) & ~no; + return yes; +} + +SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, uint32_t overflow) { + uint64_t t; + VERIFY_CHECK(overflow <= 1); + t = (uint64_t)r->d[0] + overflow * SECP256K1_N_C_0; + r->d[0] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[1] + overflow * SECP256K1_N_C_1; + r->d[1] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[2] + overflow * SECP256K1_N_C_2; + r->d[2] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[3] + overflow * SECP256K1_N_C_3; + r->d[3] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[4] + overflow * SECP256K1_N_C_4; + r->d[4] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[5]; + r->d[5] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[6]; + r->d[6] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[7]; + r->d[7] = t & 0xFFFFFFFFUL; + return overflow; +} + +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + int overflow; + uint64_t t = (uint64_t)a->d[0] + b->d[0]; + r->d[0] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[1] + b->d[1]; + r->d[1] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[2] + b->d[2]; + r->d[2] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[3] + b->d[3]; + r->d[3] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[4] + b->d[4]; + r->d[4] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[5] + b->d[5]; + r->d[5] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[6] + b->d[6]; + r->d[6] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[7] + b->d[7]; + r->d[7] = t & 0xFFFFFFFFULL; t >>= 32; + overflow = t + secp256k1_scalar_check_overflow(r); + VERIFY_CHECK(overflow == 0 || overflow == 1); + secp256k1_scalar_reduce(r, overflow); + return overflow; +} + +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { + uint64_t t; + VERIFY_CHECK(bit < 256); + bit += ((uint32_t) flag - 1) & 0x100; /* forcing (bit >> 5) > 7 makes this a noop */ + t = (uint64_t)r->d[0] + (((uint32_t)((bit >> 5) == 0)) << (bit & 0x1F)); + r->d[0] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[1] + (((uint32_t)((bit >> 5) == 1)) << (bit & 0x1F)); + r->d[1] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[2] + (((uint32_t)((bit >> 5) == 2)) << (bit & 0x1F)); + r->d[2] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[3] + (((uint32_t)((bit >> 5) == 3)) << (bit & 0x1F)); + r->d[3] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[4] + (((uint32_t)((bit >> 5) == 4)) << (bit & 0x1F)); + r->d[4] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[5] + (((uint32_t)((bit >> 5) == 5)) << (bit & 0x1F)); + r->d[5] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[6] + (((uint32_t)((bit >> 5) == 6)) << (bit & 0x1F)); + r->d[6] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[7] + (((uint32_t)((bit >> 5) == 7)) << (bit & 0x1F)); + r->d[7] = t & 0xFFFFFFFFULL; +#ifdef VERIFY + VERIFY_CHECK((t >> 32) == 0); + VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); +#endif +} + +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { + int over; + r->d[0] = (uint32_t)b32[31] | (uint32_t)b32[30] << 8 | (uint32_t)b32[29] << 16 | (uint32_t)b32[28] << 24; + r->d[1] = (uint32_t)b32[27] | (uint32_t)b32[26] << 8 | (uint32_t)b32[25] << 16 | (uint32_t)b32[24] << 24; + r->d[2] = (uint32_t)b32[23] | (uint32_t)b32[22] << 8 | (uint32_t)b32[21] << 16 | (uint32_t)b32[20] << 24; + r->d[3] = (uint32_t)b32[19] | (uint32_t)b32[18] << 8 | (uint32_t)b32[17] << 16 | (uint32_t)b32[16] << 24; + r->d[4] = (uint32_t)b32[15] | (uint32_t)b32[14] << 8 | (uint32_t)b32[13] << 16 | (uint32_t)b32[12] << 24; + r->d[5] = (uint32_t)b32[11] | (uint32_t)b32[10] << 8 | (uint32_t)b32[9] << 16 | (uint32_t)b32[8] << 24; + r->d[6] = (uint32_t)b32[7] | (uint32_t)b32[6] << 8 | (uint32_t)b32[5] << 16 | (uint32_t)b32[4] << 24; + r->d[7] = (uint32_t)b32[3] | (uint32_t)b32[2] << 8 | (uint32_t)b32[1] << 16 | (uint32_t)b32[0] << 24; + over = secp256k1_scalar_reduce(r, secp256k1_scalar_check_overflow(r)); + if (overflow) { + *overflow = over; + } +} + +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { + bin[0] = a->d[7] >> 24; bin[1] = a->d[7] >> 16; bin[2] = a->d[7] >> 8; bin[3] = a->d[7]; + bin[4] = a->d[6] >> 24; bin[5] = a->d[6] >> 16; bin[6] = a->d[6] >> 8; bin[7] = a->d[6]; + bin[8] = a->d[5] >> 24; bin[9] = a->d[5] >> 16; bin[10] = a->d[5] >> 8; bin[11] = a->d[5]; + bin[12] = a->d[4] >> 24; bin[13] = a->d[4] >> 16; bin[14] = a->d[4] >> 8; bin[15] = a->d[4]; + bin[16] = a->d[3] >> 24; bin[17] = a->d[3] >> 16; bin[18] = a->d[3] >> 8; bin[19] = a->d[3]; + bin[20] = a->d[2] >> 24; bin[21] = a->d[2] >> 16; bin[22] = a->d[2] >> 8; bin[23] = a->d[2]; + bin[24] = a->d[1] >> 24; bin[25] = a->d[1] >> 16; bin[26] = a->d[1] >> 8; bin[27] = a->d[1]; + bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0]; +} + +SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { + return (a->d[0] | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0; +} + +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { + uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(a) == 0); + uint64_t t = (uint64_t)(~a->d[0]) + SECP256K1_N_0 + 1; + r->d[0] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[1]) + SECP256K1_N_1; + r->d[1] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[2]) + SECP256K1_N_2; + r->d[2] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[3]) + SECP256K1_N_3; + r->d[3] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[4]) + SECP256K1_N_4; + r->d[4] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[5]) + SECP256K1_N_5; + r->d[5] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[6]) + SECP256K1_N_6; + r->d[6] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[7]) + SECP256K1_N_7; + r->d[7] = t & nonzero; +} + +SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { + return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0; +} + +static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { + int yes = 0; + int no = 0; + no |= (a->d[7] < SECP256K1_N_H_7); + yes |= (a->d[7] > SECP256K1_N_H_7) & ~no; + no |= (a->d[6] < SECP256K1_N_H_6) & ~yes; /* No need for a > check. */ + no |= (a->d[5] < SECP256K1_N_H_5) & ~yes; /* No need for a > check. */ + no |= (a->d[4] < SECP256K1_N_H_4) & ~yes; /* No need for a > check. */ + no |= (a->d[3] < SECP256K1_N_H_3) & ~yes; + yes |= (a->d[3] > SECP256K1_N_H_3) & ~no; + no |= (a->d[2] < SECP256K1_N_H_2) & ~yes; + yes |= (a->d[2] > SECP256K1_N_H_2) & ~no; + no |= (a->d[1] < SECP256K1_N_H_1) & ~yes; + yes |= (a->d[1] > SECP256K1_N_H_1) & ~no; + yes |= (a->d[0] > SECP256K1_N_H_0) & ~no; + return yes; +} + +static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { + /* If we are flag = 0, mask = 00...00 and this is a no-op; + * if we are flag = 1, mask = 11...11 and this is identical to secp256k1_scalar_negate */ + uint32_t mask = !flag - 1; + uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(r) == 0); + uint64_t t = (uint64_t)(r->d[0] ^ mask) + ((SECP256K1_N_0 + 1) & mask); + r->d[0] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[1] ^ mask) + (SECP256K1_N_1 & mask); + r->d[1] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[2] ^ mask) + (SECP256K1_N_2 & mask); + r->d[2] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[3] ^ mask) + (SECP256K1_N_3 & mask); + r->d[3] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[4] ^ mask) + (SECP256K1_N_4 & mask); + r->d[4] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[5] ^ mask) + (SECP256K1_N_5 & mask); + r->d[5] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[6] ^ mask) + (SECP256K1_N_6 & mask); + r->d[6] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[7] ^ mask) + (SECP256K1_N_7 & mask); + r->d[7] = t & nonzero; + return 2 * (mask == 0) - 1; +} + + +/* Inspired by the macros in OpenSSL's crypto/bn/asm/x86_64-gcc.c. */ + +/** Add a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define muladd(a,b) { \ + uint32_t tl, th; \ + { \ + uint64_t t = (uint64_t)a * b; \ + th = t >> 32; /* at most 0xFFFFFFFE */ \ + tl = t; \ + } \ + c0 += tl; /* overflow is handled on the next line */ \ + th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFF */ \ + c1 += th; /* overflow is handled on the next line */ \ + c2 += (c1 < th) ? 1 : 0; /* never overflows by contract (verified in the next line) */ \ + VERIFY_CHECK((c1 >= th) || (c2 != 0)); \ +} + +/** Add a*b to the number defined by (c0,c1). c1 must never overflow. */ +#define muladd_fast(a,b) { \ + uint32_t tl, th; \ + { \ + uint64_t t = (uint64_t)a * b; \ + th = t >> 32; /* at most 0xFFFFFFFE */ \ + tl = t; \ + } \ + c0 += tl; /* overflow is handled on the next line */ \ + th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFF */ \ + c1 += th; /* never overflows by contract (verified in the next line) */ \ + VERIFY_CHECK(c1 >= th); \ +} + +/** Add 2*a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define muladd2(a,b) { \ + uint32_t tl, th, th2, tl2; \ + { \ + uint64_t t = (uint64_t)a * b; \ + th = t >> 32; /* at most 0xFFFFFFFE */ \ + tl = t; \ + } \ + th2 = th + th; /* at most 0xFFFFFFFE (in case th was 0x7FFFFFFF) */ \ + c2 += (th2 < th) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((th2 >= th) || (c2 != 0)); \ + tl2 = tl + tl; /* at most 0xFFFFFFFE (in case the lowest 63 bits of tl were 0x7FFFFFFF) */ \ + th2 += (tl2 < tl) ? 1 : 0; /* at most 0xFFFFFFFF */ \ + c0 += tl2; /* overflow is handled on the next line */ \ + th2 += (c0 < tl2) ? 1 : 0; /* second overflow is handled on the next line */ \ + c2 += (c0 < tl2) & (th2 == 0); /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c0 >= tl2) || (th2 != 0) || (c2 != 0)); \ + c1 += th2; /* overflow is handled on the next line */ \ + c2 += (c1 < th2) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c1 >= th2) || (c2 != 0)); \ +} + +/** Add a to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define sumadd(a) { \ + unsigned int over; \ + c0 += (a); /* overflow is handled on the next line */ \ + over = (c0 < (a)) ? 1 : 0; \ + c1 += over; /* overflow is handled on the next line */ \ + c2 += (c1 < over) ? 1 : 0; /* never overflows by contract */ \ +} + +/** Add a to the number defined by (c0,c1). c1 must never overflow, c2 must be zero. */ +#define sumadd_fast(a) { \ + c0 += (a); /* overflow is handled on the next line */ \ + c1 += (c0 < (a)) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c1 != 0) | (c0 >= (a))); \ + VERIFY_CHECK(c2 == 0); \ +} + +/** Extract the lowest 32 bits of (c0,c1,c2) into n, and left shift the number 32 bits. */ +#define extract(n) { \ + (n) = c0; \ + c0 = c1; \ + c1 = c2; \ + c2 = 0; \ +} + +/** Extract the lowest 32 bits of (c0,c1,c2) into n, and left shift the number 32 bits. c2 is required to be zero. */ +#define extract_fast(n) { \ + (n) = c0; \ + c0 = c1; \ + c1 = 0; \ + VERIFY_CHECK(c2 == 0); \ +} + +static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint32_t *l) { + uint64_t c; + uint32_t n0 = l[8], n1 = l[9], n2 = l[10], n3 = l[11], n4 = l[12], n5 = l[13], n6 = l[14], n7 = l[15]; + uint32_t m0, m1, m2, m3, m4, m5, m6, m7, m8, m9, m10, m11, m12; + uint32_t p0, p1, p2, p3, p4, p5, p6, p7, p8; + + /* 96 bit accumulator. */ + uint32_t c0, c1, c2; + + /* Reduce 512 bits into 385. */ + /* m[0..12] = l[0..7] + n[0..7] * SECP256K1_N_C. */ + c0 = l[0]; c1 = 0; c2 = 0; + muladd_fast(n0, SECP256K1_N_C_0); + extract_fast(m0); + sumadd_fast(l[1]); + muladd(n1, SECP256K1_N_C_0); + muladd(n0, SECP256K1_N_C_1); + extract(m1); + sumadd(l[2]); + muladd(n2, SECP256K1_N_C_0); + muladd(n1, SECP256K1_N_C_1); + muladd(n0, SECP256K1_N_C_2); + extract(m2); + sumadd(l[3]); + muladd(n3, SECP256K1_N_C_0); + muladd(n2, SECP256K1_N_C_1); + muladd(n1, SECP256K1_N_C_2); + muladd(n0, SECP256K1_N_C_3); + extract(m3); + sumadd(l[4]); + muladd(n4, SECP256K1_N_C_0); + muladd(n3, SECP256K1_N_C_1); + muladd(n2, SECP256K1_N_C_2); + muladd(n1, SECP256K1_N_C_3); + sumadd(n0); + extract(m4); + sumadd(l[5]); + muladd(n5, SECP256K1_N_C_0); + muladd(n4, SECP256K1_N_C_1); + muladd(n3, SECP256K1_N_C_2); + muladd(n2, SECP256K1_N_C_3); + sumadd(n1); + extract(m5); + sumadd(l[6]); + muladd(n6, SECP256K1_N_C_0); + muladd(n5, SECP256K1_N_C_1); + muladd(n4, SECP256K1_N_C_2); + muladd(n3, SECP256K1_N_C_3); + sumadd(n2); + extract(m6); + sumadd(l[7]); + muladd(n7, SECP256K1_N_C_0); + muladd(n6, SECP256K1_N_C_1); + muladd(n5, SECP256K1_N_C_2); + muladd(n4, SECP256K1_N_C_3); + sumadd(n3); + extract(m7); + muladd(n7, SECP256K1_N_C_1); + muladd(n6, SECP256K1_N_C_2); + muladd(n5, SECP256K1_N_C_3); + sumadd(n4); + extract(m8); + muladd(n7, SECP256K1_N_C_2); + muladd(n6, SECP256K1_N_C_3); + sumadd(n5); + extract(m9); + muladd(n7, SECP256K1_N_C_3); + sumadd(n6); + extract(m10); + sumadd_fast(n7); + extract_fast(m11); + VERIFY_CHECK(c0 <= 1); + m12 = c0; + + /* Reduce 385 bits into 258. */ + /* p[0..8] = m[0..7] + m[8..12] * SECP256K1_N_C. */ + c0 = m0; c1 = 0; c2 = 0; + muladd_fast(m8, SECP256K1_N_C_0); + extract_fast(p0); + sumadd_fast(m1); + muladd(m9, SECP256K1_N_C_0); + muladd(m8, SECP256K1_N_C_1); + extract(p1); + sumadd(m2); + muladd(m10, SECP256K1_N_C_0); + muladd(m9, SECP256K1_N_C_1); + muladd(m8, SECP256K1_N_C_2); + extract(p2); + sumadd(m3); + muladd(m11, SECP256K1_N_C_0); + muladd(m10, SECP256K1_N_C_1); + muladd(m9, SECP256K1_N_C_2); + muladd(m8, SECP256K1_N_C_3); + extract(p3); + sumadd(m4); + muladd(m12, SECP256K1_N_C_0); + muladd(m11, SECP256K1_N_C_1); + muladd(m10, SECP256K1_N_C_2); + muladd(m9, SECP256K1_N_C_3); + sumadd(m8); + extract(p4); + sumadd(m5); + muladd(m12, SECP256K1_N_C_1); + muladd(m11, SECP256K1_N_C_2); + muladd(m10, SECP256K1_N_C_3); + sumadd(m9); + extract(p5); + sumadd(m6); + muladd(m12, SECP256K1_N_C_2); + muladd(m11, SECP256K1_N_C_3); + sumadd(m10); + extract(p6); + sumadd_fast(m7); + muladd_fast(m12, SECP256K1_N_C_3); + sumadd_fast(m11); + extract_fast(p7); + p8 = c0 + m12; + VERIFY_CHECK(p8 <= 2); + + /* Reduce 258 bits into 256. */ + /* r[0..7] = p[0..7] + p[8] * SECP256K1_N_C. */ + c = p0 + (uint64_t)SECP256K1_N_C_0 * p8; + r->d[0] = c & 0xFFFFFFFFUL; c >>= 32; + c += p1 + (uint64_t)SECP256K1_N_C_1 * p8; + r->d[1] = c & 0xFFFFFFFFUL; c >>= 32; + c += p2 + (uint64_t)SECP256K1_N_C_2 * p8; + r->d[2] = c & 0xFFFFFFFFUL; c >>= 32; + c += p3 + (uint64_t)SECP256K1_N_C_3 * p8; + r->d[3] = c & 0xFFFFFFFFUL; c >>= 32; + c += p4 + (uint64_t)p8; + r->d[4] = c & 0xFFFFFFFFUL; c >>= 32; + c += p5; + r->d[5] = c & 0xFFFFFFFFUL; c >>= 32; + c += p6; + r->d[6] = c & 0xFFFFFFFFUL; c >>= 32; + c += p7; + r->d[7] = c & 0xFFFFFFFFUL; c >>= 32; + + /* Final reduction of r. */ + secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r)); +} + +static void secp256k1_scalar_mul_512(uint32_t *l, const secp256k1_scalar *a, const secp256k1_scalar *b) { + /* 96 bit accumulator. */ + uint32_t c0 = 0, c1 = 0, c2 = 0; + + /* l[0..15] = a[0..7] * b[0..7]. */ + muladd_fast(a->d[0], b->d[0]); + extract_fast(l[0]); + muladd(a->d[0], b->d[1]); + muladd(a->d[1], b->d[0]); + extract(l[1]); + muladd(a->d[0], b->d[2]); + muladd(a->d[1], b->d[1]); + muladd(a->d[2], b->d[0]); + extract(l[2]); + muladd(a->d[0], b->d[3]); + muladd(a->d[1], b->d[2]); + muladd(a->d[2], b->d[1]); + muladd(a->d[3], b->d[0]); + extract(l[3]); + muladd(a->d[0], b->d[4]); + muladd(a->d[1], b->d[3]); + muladd(a->d[2], b->d[2]); + muladd(a->d[3], b->d[1]); + muladd(a->d[4], b->d[0]); + extract(l[4]); + muladd(a->d[0], b->d[5]); + muladd(a->d[1], b->d[4]); + muladd(a->d[2], b->d[3]); + muladd(a->d[3], b->d[2]); + muladd(a->d[4], b->d[1]); + muladd(a->d[5], b->d[0]); + extract(l[5]); + muladd(a->d[0], b->d[6]); + muladd(a->d[1], b->d[5]); + muladd(a->d[2], b->d[4]); + muladd(a->d[3], b->d[3]); + muladd(a->d[4], b->d[2]); + muladd(a->d[5], b->d[1]); + muladd(a->d[6], b->d[0]); + extract(l[6]); + muladd(a->d[0], b->d[7]); + muladd(a->d[1], b->d[6]); + muladd(a->d[2], b->d[5]); + muladd(a->d[3], b->d[4]); + muladd(a->d[4], b->d[3]); + muladd(a->d[5], b->d[2]); + muladd(a->d[6], b->d[1]); + muladd(a->d[7], b->d[0]); + extract(l[7]); + muladd(a->d[1], b->d[7]); + muladd(a->d[2], b->d[6]); + muladd(a->d[3], b->d[5]); + muladd(a->d[4], b->d[4]); + muladd(a->d[5], b->d[3]); + muladd(a->d[6], b->d[2]); + muladd(a->d[7], b->d[1]); + extract(l[8]); + muladd(a->d[2], b->d[7]); + muladd(a->d[3], b->d[6]); + muladd(a->d[4], b->d[5]); + muladd(a->d[5], b->d[4]); + muladd(a->d[6], b->d[3]); + muladd(a->d[7], b->d[2]); + extract(l[9]); + muladd(a->d[3], b->d[7]); + muladd(a->d[4], b->d[6]); + muladd(a->d[5], b->d[5]); + muladd(a->d[6], b->d[4]); + muladd(a->d[7], b->d[3]); + extract(l[10]); + muladd(a->d[4], b->d[7]); + muladd(a->d[5], b->d[6]); + muladd(a->d[6], b->d[5]); + muladd(a->d[7], b->d[4]); + extract(l[11]); + muladd(a->d[5], b->d[7]); + muladd(a->d[6], b->d[6]); + muladd(a->d[7], b->d[5]); + extract(l[12]); + muladd(a->d[6], b->d[7]); + muladd(a->d[7], b->d[6]); + extract(l[13]); + muladd_fast(a->d[7], b->d[7]); + extract_fast(l[14]); + VERIFY_CHECK(c1 == 0); + l[15] = c0; +} + +static void secp256k1_scalar_sqr_512(uint32_t *l, const secp256k1_scalar *a) { + /* 96 bit accumulator. */ + uint32_t c0 = 0, c1 = 0, c2 = 0; + + /* l[0..15] = a[0..7]^2. */ + muladd_fast(a->d[0], a->d[0]); + extract_fast(l[0]); + muladd2(a->d[0], a->d[1]); + extract(l[1]); + muladd2(a->d[0], a->d[2]); + muladd(a->d[1], a->d[1]); + extract(l[2]); + muladd2(a->d[0], a->d[3]); + muladd2(a->d[1], a->d[2]); + extract(l[3]); + muladd2(a->d[0], a->d[4]); + muladd2(a->d[1], a->d[3]); + muladd(a->d[2], a->d[2]); + extract(l[4]); + muladd2(a->d[0], a->d[5]); + muladd2(a->d[1], a->d[4]); + muladd2(a->d[2], a->d[3]); + extract(l[5]); + muladd2(a->d[0], a->d[6]); + muladd2(a->d[1], a->d[5]); + muladd2(a->d[2], a->d[4]); + muladd(a->d[3], a->d[3]); + extract(l[6]); + muladd2(a->d[0], a->d[7]); + muladd2(a->d[1], a->d[6]); + muladd2(a->d[2], a->d[5]); + muladd2(a->d[3], a->d[4]); + extract(l[7]); + muladd2(a->d[1], a->d[7]); + muladd2(a->d[2], a->d[6]); + muladd2(a->d[3], a->d[5]); + muladd(a->d[4], a->d[4]); + extract(l[8]); + muladd2(a->d[2], a->d[7]); + muladd2(a->d[3], a->d[6]); + muladd2(a->d[4], a->d[5]); + extract(l[9]); + muladd2(a->d[3], a->d[7]); + muladd2(a->d[4], a->d[6]); + muladd(a->d[5], a->d[5]); + extract(l[10]); + muladd2(a->d[4], a->d[7]); + muladd2(a->d[5], a->d[6]); + extract(l[11]); + muladd2(a->d[5], a->d[7]); + muladd(a->d[6], a->d[6]); + extract(l[12]); + muladd2(a->d[6], a->d[7]); + extract(l[13]); + muladd_fast(a->d[7], a->d[7]); + extract_fast(l[14]); + VERIFY_CHECK(c1 == 0); + l[15] = c0; +} + +#undef sumadd +#undef sumadd_fast +#undef muladd +#undef muladd_fast +#undef muladd2 +#undef extract +#undef extract_fast + +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + uint32_t l[16]; + secp256k1_scalar_mul_512(l, a, b); + secp256k1_scalar_reduce_512(r, l); +} + +static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) { + int ret; + VERIFY_CHECK(n > 0); + VERIFY_CHECK(n < 16); + ret = r->d[0] & ((1 << n) - 1); + r->d[0] = (r->d[0] >> n) + (r->d[1] << (32 - n)); + r->d[1] = (r->d[1] >> n) + (r->d[2] << (32 - n)); + r->d[2] = (r->d[2] >> n) + (r->d[3] << (32 - n)); + r->d[3] = (r->d[3] >> n) + (r->d[4] << (32 - n)); + r->d[4] = (r->d[4] >> n) + (r->d[5] << (32 - n)); + r->d[5] = (r->d[5] >> n) + (r->d[6] << (32 - n)); + r->d[6] = (r->d[6] >> n) + (r->d[7] << (32 - n)); + r->d[7] = (r->d[7] >> n); + return ret; +} + +static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) { + uint32_t l[16]; + secp256k1_scalar_sqr_512(l, a); + secp256k1_scalar_reduce_512(r, l); +} + +#ifdef USE_ENDOMORPHISM +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { + r1->d[0] = a->d[0]; + r1->d[1] = a->d[1]; + r1->d[2] = a->d[2]; + r1->d[3] = a->d[3]; + r1->d[4] = 0; + r1->d[5] = 0; + r1->d[6] = 0; + r1->d[7] = 0; + r2->d[0] = a->d[4]; + r2->d[1] = a->d[5]; + r2->d[2] = a->d[6]; + r2->d[3] = a->d[7]; + r2->d[4] = 0; + r2->d[5] = 0; + r2->d[6] = 0; + r2->d[7] = 0; +} +#endif + +SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { + return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3]) | (a->d[4] ^ b->d[4]) | (a->d[5] ^ b->d[5]) | (a->d[6] ^ b->d[6]) | (a->d[7] ^ b->d[7])) == 0; +} + +SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift) { + uint32_t l[16]; + unsigned int shiftlimbs; + unsigned int shiftlow; + unsigned int shifthigh; + VERIFY_CHECK(shift >= 256); + secp256k1_scalar_mul_512(l, a, b); + shiftlimbs = shift >> 5; + shiftlow = shift & 0x1F; + shifthigh = 32 - shiftlow; + r->d[0] = shift < 512 ? (l[0 + shiftlimbs] >> shiftlow | (shift < 480 && shiftlow ? (l[1 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[1] = shift < 480 ? (l[1 + shiftlimbs] >> shiftlow | (shift < 448 && shiftlow ? (l[2 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[2] = shift < 448 ? (l[2 + shiftlimbs] >> shiftlow | (shift < 416 && shiftlow ? (l[3 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[3] = shift < 416 ? (l[3 + shiftlimbs] >> shiftlow | (shift < 384 && shiftlow ? (l[4 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[4] = shift < 384 ? (l[4 + shiftlimbs] >> shiftlow | (shift < 352 && shiftlow ? (l[5 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[5] = shift < 352 ? (l[5 + shiftlimbs] >> shiftlow | (shift < 320 && shiftlow ? (l[6 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[6] = shift < 320 ? (l[6 + shiftlimbs] >> shiftlow | (shift < 288 && shiftlow ? (l[7 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[7] = shift < 288 ? (l[7 + shiftlimbs] >> shiftlow) : 0; + secp256k1_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 5] >> ((shift - 1) & 0x1f)) & 1); +} + +#endif /* SECP256K1_SCALAR_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/scalar_impl.h b/deps/secp256k1/src/scalar_impl.h new file mode 100644 index 000000000..6b336d9d1 --- /dev/null +++ b/deps/secp256k1/src/scalar_impl.h @@ -0,0 +1,333 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_IMPL_H +#define SECP256K1_SCALAR_IMPL_H + +#include "scalar.h" +#include "util.h" + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#if defined(EXHAUSTIVE_TEST_ORDER) +#include "scalar_low_impl.h" +#elif defined(USE_SCALAR_4X64) +#include "scalar_4x64_impl.h" +#elif defined(USE_SCALAR_8X32) +#include "scalar_8x32_impl.h" +#else +#error "Please select scalar implementation" +#endif + +#ifndef USE_NUM_NONE +static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a) { + unsigned char c[32]; + secp256k1_scalar_get_b32(c, a); + secp256k1_num_set_bin(r, c, 32); +} + +/** secp256k1 curve order, see secp256k1_ecdsa_const_order_as_fe in ecdsa_impl.h */ +static void secp256k1_scalar_order_get_num(secp256k1_num *r) { +#if defined(EXHAUSTIVE_TEST_ORDER) + static const unsigned char order[32] = { + 0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,EXHAUSTIVE_TEST_ORDER + }; +#else + static const unsigned char order[32] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, + 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41 + }; +#endif + secp256k1_num_set_bin(r, order, 32); +} +#endif + +static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *x) { +#if defined(EXHAUSTIVE_TEST_ORDER) + int i; + *r = 0; + for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) + if ((i * *x) % EXHAUSTIVE_TEST_ORDER == 1) + *r = i; + /* If this VERIFY_CHECK triggers we were given a noninvertible scalar (and thus + * have a composite group order; fix it in exhaustive_tests.c). */ + VERIFY_CHECK(*r != 0); +} +#else + secp256k1_scalar *t; + int i; + /* First compute xN as x ^ (2^N - 1) for some values of N, + * and uM as x ^ M for some values of M. */ + secp256k1_scalar x2, x3, x6, x8, x14, x28, x56, x112, x126; + secp256k1_scalar u2, u5, u9, u11, u13; + + secp256k1_scalar_sqr(&u2, x); + secp256k1_scalar_mul(&x2, &u2, x); + secp256k1_scalar_mul(&u5, &u2, &x2); + secp256k1_scalar_mul(&x3, &u5, &u2); + secp256k1_scalar_mul(&u9, &x3, &u2); + secp256k1_scalar_mul(&u11, &u9, &u2); + secp256k1_scalar_mul(&u13, &u11, &u2); + + secp256k1_scalar_sqr(&x6, &u13); + secp256k1_scalar_sqr(&x6, &x6); + secp256k1_scalar_mul(&x6, &x6, &u11); + + secp256k1_scalar_sqr(&x8, &x6); + secp256k1_scalar_sqr(&x8, &x8); + secp256k1_scalar_mul(&x8, &x8, &x2); + + secp256k1_scalar_sqr(&x14, &x8); + for (i = 0; i < 5; i++) { + secp256k1_scalar_sqr(&x14, &x14); + } + secp256k1_scalar_mul(&x14, &x14, &x6); + + secp256k1_scalar_sqr(&x28, &x14); + for (i = 0; i < 13; i++) { + secp256k1_scalar_sqr(&x28, &x28); + } + secp256k1_scalar_mul(&x28, &x28, &x14); + + secp256k1_scalar_sqr(&x56, &x28); + for (i = 0; i < 27; i++) { + secp256k1_scalar_sqr(&x56, &x56); + } + secp256k1_scalar_mul(&x56, &x56, &x28); + + secp256k1_scalar_sqr(&x112, &x56); + for (i = 0; i < 55; i++) { + secp256k1_scalar_sqr(&x112, &x112); + } + secp256k1_scalar_mul(&x112, &x112, &x56); + + secp256k1_scalar_sqr(&x126, &x112); + for (i = 0; i < 13; i++) { + secp256k1_scalar_sqr(&x126, &x126); + } + secp256k1_scalar_mul(&x126, &x126, &x14); + + /* Then accumulate the final result (t starts at x126). */ + t = &x126; + for (i = 0; i < 3; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u5); /* 101 */ + for (i = 0; i < 4; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 4; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u5); /* 101 */ + for (i = 0; i < 5; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u11); /* 1011 */ + for (i = 0; i < 4; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u11); /* 1011 */ + for (i = 0; i < 4; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 5; i++) { /* 00 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 6; i++) { /* 00 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u13); /* 1101 */ + for (i = 0; i < 4; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u5); /* 101 */ + for (i = 0; i < 3; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 5; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u9); /* 1001 */ + for (i = 0; i < 6; i++) { /* 000 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u5); /* 101 */ + for (i = 0; i < 10; i++) { /* 0000000 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 4; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 9; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x8); /* 11111111 */ + for (i = 0; i < 5; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u9); /* 1001 */ + for (i = 0; i < 6; i++) { /* 00 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u11); /* 1011 */ + for (i = 0; i < 4; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u13); /* 1101 */ + for (i = 0; i < 5; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x2); /* 11 */ + for (i = 0; i < 6; i++) { /* 00 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u13); /* 1101 */ + for (i = 0; i < 10; i++) { /* 000000 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u13); /* 1101 */ + for (i = 0; i < 4; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u9); /* 1001 */ + for (i = 0; i < 6; i++) { /* 00000 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, x); /* 1 */ + for (i = 0; i < 8; i++) { /* 00 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(r, t, &x6); /* 111111 */ +} + +SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) { + return !(a->d[0] & 1); +} +#endif + +static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *x) { +#if defined(USE_SCALAR_INV_BUILTIN) + secp256k1_scalar_inverse(r, x); +#elif defined(USE_SCALAR_INV_NUM) + unsigned char b[32]; + secp256k1_num n, m; + secp256k1_scalar t = *x; + secp256k1_scalar_get_b32(b, &t); + secp256k1_num_set_bin(&n, b, 32); + secp256k1_scalar_order_get_num(&m); + secp256k1_num_mod_inverse(&n, &n, &m); + secp256k1_num_get_bin(b, 32, &n); + secp256k1_scalar_set_b32(r, b, NULL); + /* Verify that the inverse was computed correctly, without GMP code. */ + secp256k1_scalar_mul(&t, &t, r); + CHECK(secp256k1_scalar_is_one(&t)); +#else +#error "Please select scalar inverse implementation" +#endif +} + +#ifdef USE_ENDOMORPHISM +#if defined(EXHAUSTIVE_TEST_ORDER) +/** + * Find k1 and k2 given k, such that k1 + k2 * lambda == k mod n; unlike in the + * full case we don't bother making k1 and k2 be small, we just want them to be + * nontrivial to get full test coverage for the exhaustive tests. We therefore + * (arbitrarily) set k2 = k + 5 and k1 = k - k2 * lambda. + */ +static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { + *r2 = (*a + 5) % EXHAUSTIVE_TEST_ORDER; + *r1 = (*a + (EXHAUSTIVE_TEST_ORDER - *r2) * EXHAUSTIVE_TEST_LAMBDA) % EXHAUSTIVE_TEST_ORDER; +} +#else +/** + * The Secp256k1 curve has an endomorphism, where lambda * (x, y) = (beta * x, y), where + * lambda is {0x53,0x63,0xad,0x4c,0xc0,0x5c,0x30,0xe0,0xa5,0x26,0x1c,0x02,0x88,0x12,0x64,0x5a, + * 0x12,0x2e,0x22,0xea,0x20,0x81,0x66,0x78,0xdf,0x02,0x96,0x7c,0x1b,0x23,0xbd,0x72} + * + * "Guide to Elliptic Curve Cryptography" (Hankerson, Menezes, Vanstone) gives an algorithm + * (algorithm 3.74) to find k1 and k2 given k, such that k1 + k2 * lambda == k mod n, and k1 + * and k2 have a small size. + * It relies on constants a1, b1, a2, b2. These constants for the value of lambda above are: + * + * - a1 = {0x30,0x86,0xd2,0x21,0xa7,0xd4,0x6b,0xcd,0xe8,0x6c,0x90,0xe4,0x92,0x84,0xeb,0x15} + * - b1 = -{0xe4,0x43,0x7e,0xd6,0x01,0x0e,0x88,0x28,0x6f,0x54,0x7f,0xa9,0x0a,0xbf,0xe4,0xc3} + * - a2 = {0x01,0x14,0xca,0x50,0xf7,0xa8,0xe2,0xf3,0xf6,0x57,0xc1,0x10,0x8d,0x9d,0x44,0xcf,0xd8} + * - b2 = {0x30,0x86,0xd2,0x21,0xa7,0xd4,0x6b,0xcd,0xe8,0x6c,0x90,0xe4,0x92,0x84,0xeb,0x15} + * + * The algorithm then computes c1 = round(b1 * k / n) and c2 = round(b2 * k / n), and gives + * k1 = k - (c1*a1 + c2*a2) and k2 = -(c1*b1 + c2*b2). Instead, we use modular arithmetic, and + * compute k1 as k - k2 * lambda, avoiding the need for constants a1 and a2. + * + * g1, g2 are precomputed constants used to replace division with a rounded multiplication + * when decomposing the scalar for an endomorphism-based point multiplication. + * + * The possibility of using precomputed estimates is mentioned in "Guide to Elliptic Curve + * Cryptography" (Hankerson, Menezes, Vanstone) in section 3.5. + * + * The derivation is described in the paper "Efficient Software Implementation of Public-Key + * Cryptography on Sensor Networks Using the MSP430X Microcontroller" (Gouvea, Oliveira, Lopez), + * Section 4.3 (here we use a somewhat higher-precision estimate): + * d = a1*b2 - b1*a2 + * g1 = round((2^272)*b2/d) + * g2 = round((2^272)*b1/d) + * + * (Note that 'd' is also equal to the curve order here because [a1,b1] and [a2,b2] are found + * as outputs of the Extended Euclidean Algorithm on inputs 'order' and 'lambda'). + * + * The function below splits a in r1 and r2, such that r1 + lambda * r2 == a (mod order). + */ + +static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { + secp256k1_scalar c1, c2; + static const secp256k1_scalar minus_lambda = SECP256K1_SCALAR_CONST( + 0xAC9C52B3UL, 0x3FA3CF1FUL, 0x5AD9E3FDUL, 0x77ED9BA4UL, + 0xA880B9FCUL, 0x8EC739C2UL, 0xE0CFC810UL, 0xB51283CFUL + ); + static const secp256k1_scalar minus_b1 = SECP256K1_SCALAR_CONST( + 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000000UL, + 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C3UL + ); + static const secp256k1_scalar minus_b2 = SECP256K1_SCALAR_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, + 0x8A280AC5UL, 0x0774346DUL, 0xD765CDA8UL, 0x3DB1562CUL + ); + static const secp256k1_scalar g1 = SECP256K1_SCALAR_CONST( + 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00003086UL, + 0xD221A7D4UL, 0x6BCDE86CUL, 0x90E49284UL, 0xEB153DABUL + ); + static const secp256k1_scalar g2 = SECP256K1_SCALAR_CONST( + 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x0000E443UL, + 0x7ED6010EUL, 0x88286F54UL, 0x7FA90ABFUL, 0xE4C42212UL + ); + VERIFY_CHECK(r1 != a); + VERIFY_CHECK(r2 != a); + /* these _var calls are constant time since the shift amount is constant */ + secp256k1_scalar_mul_shift_var(&c1, a, &g1, 272); + secp256k1_scalar_mul_shift_var(&c2, a, &g2, 272); + secp256k1_scalar_mul(&c1, &c1, &minus_b1); + secp256k1_scalar_mul(&c2, &c2, &minus_b2); + secp256k1_scalar_add(r2, &c1, &c2); + secp256k1_scalar_mul(r1, r2, &minus_lambda); + secp256k1_scalar_add(r1, r1, a); +} +#endif +#endif + +#endif /* SECP256K1_SCALAR_IMPL_H */ diff --git a/deps/secp256k1/src/scalar_low.h b/deps/secp256k1/src/scalar_low.h new file mode 100644 index 000000000..5836febc5 --- /dev/null +++ b/deps/secp256k1/src/scalar_low.h @@ -0,0 +1,15 @@ +/********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_H +#define SECP256K1_SCALAR_REPR_H + +#include + +/** A scalar modulo the group order of the secp256k1 curve. */ +typedef uint32_t secp256k1_scalar; + +#endif /* SECP256K1_SCALAR_REPR_H */ diff --git a/deps/secp256k1/src/scalar_low_impl.h b/deps/secp256k1/src/scalar_low_impl.h new file mode 100644 index 000000000..910ce3f49 --- /dev/null +++ b/deps/secp256k1/src/scalar_low_impl.h @@ -0,0 +1,117 @@ +/********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_IMPL_H +#define SECP256K1_SCALAR_REPR_IMPL_H + +#include "scalar.h" + +#include + +SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) { + return !(*a & 1); +} + +SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { *r = 0; } +SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { *r = v; } + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + if (offset < 32) + return ((*a >> offset) & ((((uint32_t)1) << count) - 1)); + else + return 0; +} + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + return secp256k1_scalar_get_bits(a, offset, count); +} + +SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { return *a >= EXHAUSTIVE_TEST_ORDER; } + +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + *r = (*a + *b) % EXHAUSTIVE_TEST_ORDER; + return *r < *b; +} + +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { + if (flag && bit < 32) + *r += ((uint32_t)1 << bit); +#ifdef VERIFY + VERIFY_CHECK(bit < 32); + /* Verify that adding (1 << bit) will not overflow any in-range scalar *r by overflowing the underlying uint32_t. */ + VERIFY_CHECK(((uint32_t)1 << bit) - 1 <= UINT32_MAX - EXHAUSTIVE_TEST_ORDER); + VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); +#endif +} + +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { + const int base = 0x100 % EXHAUSTIVE_TEST_ORDER; + int i; + *r = 0; + for (i = 0; i < 32; i++) { + *r = ((*r * base) + b32[i]) % EXHAUSTIVE_TEST_ORDER; + } + /* just deny overflow, it basically always happens */ + if (overflow) *overflow = 0; +} + +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { + memset(bin, 0, 32); + bin[28] = *a >> 24; bin[29] = *a >> 16; bin[30] = *a >> 8; bin[31] = *a; +} + +SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { + return *a == 0; +} + +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { + if (*a == 0) { + *r = 0; + } else { + *r = EXHAUSTIVE_TEST_ORDER - *a; + } +} + +SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { + return *a == 1; +} + +static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { + return *a > EXHAUSTIVE_TEST_ORDER / 2; +} + +static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { + if (flag) secp256k1_scalar_negate(r, r); + return flag ? -1 : 1; +} + +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + *r = (*a * *b) % EXHAUSTIVE_TEST_ORDER; +} + +static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) { + int ret; + VERIFY_CHECK(n > 0); + VERIFY_CHECK(n < 16); + ret = *r & ((1 << n) - 1); + *r >>= n; + return ret; +} + +static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) { + *r = (*a * *a) % EXHAUSTIVE_TEST_ORDER; +} + +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { + *r1 = *a; + *r2 = 0; +} + +SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { + return *a == *b; +} + +#endif /* SECP256K1_SCALAR_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/scratch.h b/deps/secp256k1/src/scratch.h new file mode 100644 index 000000000..77b35d126 --- /dev/null +++ b/deps/secp256k1/src/scratch.h @@ -0,0 +1,42 @@ +/********************************************************************** + * Copyright (c) 2017 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef _SECP256K1_SCRATCH_ +#define _SECP256K1_SCRATCH_ + +/* The typedef is used internally; the struct name is used in the public API + * (where it is exposed as a different typedef) */ +typedef struct secp256k1_scratch_space_struct { + /** guard against interpreting this object as other types */ + unsigned char magic[8]; + /** actual allocated data */ + void *data; + /** amount that has been allocated (i.e. `data + offset` is the next + * available pointer) */ + size_t alloc_size; + /** maximum size available to allocate */ + size_t max_size; +} secp256k1_scratch; + +static secp256k1_scratch* secp256k1_scratch_create(const secp256k1_callback* error_callback, size_t max_size); + +static void secp256k1_scratch_destroy(const secp256k1_callback* error_callback, secp256k1_scratch* scratch); + +/** Returns an opaque object used to "checkpoint" a scratch space. Used + * with `secp256k1_scratch_apply_checkpoint` to undo allocations. */ +static size_t secp256k1_scratch_checkpoint(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch); + +/** Applies a check point received from `secp256k1_scratch_checkpoint`, + * undoing all allocations since that point. */ +static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t checkpoint); + +/** Returns the maximum allocation the scratch space will allow */ +static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch, size_t n_objects); + +/** Returns a pointer into the most recently allocated frame, or NULL if there is insufficient available space */ +static void *secp256k1_scratch_alloc(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t n); + +#endif diff --git a/deps/secp256k1/src/scratch_impl.h b/deps/secp256k1/src/scratch_impl.h new file mode 100644 index 000000000..4cee70000 --- /dev/null +++ b/deps/secp256k1/src/scratch_impl.h @@ -0,0 +1,88 @@ +/********************************************************************** + * Copyright (c) 2017 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef _SECP256K1_SCRATCH_IMPL_H_ +#define _SECP256K1_SCRATCH_IMPL_H_ + +#include "util.h" +#include "scratch.h" + +static secp256k1_scratch* secp256k1_scratch_create(const secp256k1_callback* error_callback, size_t size) { + const size_t base_alloc = ((sizeof(secp256k1_scratch) + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT; + void *alloc = checked_malloc(error_callback, base_alloc + size); + secp256k1_scratch* ret = (secp256k1_scratch *)alloc; + if (ret != NULL) { + memset(ret, 0, sizeof(*ret)); + memcpy(ret->magic, "scratch", 8); + ret->data = (void *) ((char *) alloc + base_alloc); + ret->max_size = size; + } + return ret; +} + +static void secp256k1_scratch_destroy(const secp256k1_callback* error_callback, secp256k1_scratch* scratch) { + if (scratch != NULL) { + VERIFY_CHECK(scratch->alloc_size == 0); /* all checkpoints should be applied */ + if (memcmp(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return; + } + memset(scratch->magic, 0, sizeof(scratch->magic)); + free(scratch); + } +} + +static size_t secp256k1_scratch_checkpoint(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch) { + if (memcmp(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return 0; + } + return scratch->alloc_size; +} + +static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t checkpoint) { + if (memcmp(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return; + } + if (checkpoint > scratch->alloc_size) { + secp256k1_callback_call(error_callback, "invalid checkpoint"); + return; + } + scratch->alloc_size = checkpoint; +} + +static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch, size_t objects) { + if (memcmp(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return 0; + } + if (scratch->max_size - scratch->alloc_size <= objects * (ALIGNMENT - 1)) { + return 0; + } + return scratch->max_size - scratch->alloc_size - objects * (ALIGNMENT - 1); +} + +static void *secp256k1_scratch_alloc(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t size) { + void *ret; + size = ROUND_TO_ALIGN(size); + + if (memcmp(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return NULL; + } + + if (size > scratch->max_size - scratch->alloc_size) { + return NULL; + } + ret = (void *) ((char *) scratch->data + scratch->alloc_size); + memset(ret, 0, size); + scratch->alloc_size += size; + + return ret; +} + +#endif diff --git a/deps/secp256k1/src/secp256k1.c b/deps/secp256k1/src/secp256k1.c new file mode 100644 index 000000000..a3f446e50 --- /dev/null +++ b/deps/secp256k1/src/secp256k1.c @@ -0,0 +1,690 @@ +/********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include "include/secp256k1.h" +#include "include/secp256k1_preallocated.h" + +#include "util.h" +#include "num_impl.h" +#include "field_impl.h" +#include "scalar_impl.h" +#include "group_impl.h" +#include "ecmult_impl.h" +#include "ecmult_const_impl.h" +#include "ecmult_gen_impl.h" +#include "ecdsa_impl.h" +#include "eckey_impl.h" +#include "hash_impl.h" +#include "scratch_impl.h" + +#define ARG_CHECK(cond) do { \ + if (EXPECT(!(cond), 0)) { \ + secp256k1_callback_call(&ctx->illegal_callback, #cond); \ + return 0; \ + } \ +} while(0) + +#define ARG_CHECK_NO_RETURN(cond) do { \ + if (EXPECT(!(cond), 0)) { \ + secp256k1_callback_call(&ctx->illegal_callback, #cond); \ + } \ +} while(0) + +#ifndef USE_EXTERNAL_DEFAULT_CALLBACKS +#include +#include +static void secp256k1_default_illegal_callback_fn(const char* str, void* data) { + (void)data; + fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str); + abort(); +} +static void secp256k1_default_error_callback_fn(const char* str, void* data) { + (void)data; + fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str); + abort(); +} +#else +void secp256k1_default_illegal_callback_fn(const char* str, void* data); +void secp256k1_default_error_callback_fn(const char* str, void* data); +#endif + +static const secp256k1_callback default_illegal_callback = { + secp256k1_default_illegal_callback_fn, + NULL +}; + +static const secp256k1_callback default_error_callback = { + secp256k1_default_error_callback_fn, + NULL +}; + +struct secp256k1_context_struct { + secp256k1_ecmult_context ecmult_ctx; + secp256k1_ecmult_gen_context ecmult_gen_ctx; + secp256k1_callback illegal_callback; + secp256k1_callback error_callback; +}; + +static const secp256k1_context secp256k1_context_no_precomp_ = { + { 0 }, + { 0 }, + { secp256k1_default_illegal_callback_fn, 0 }, + { secp256k1_default_error_callback_fn, 0 } +}; +const secp256k1_context *secp256k1_context_no_precomp = &secp256k1_context_no_precomp_; + +size_t secp256k1_context_preallocated_size(unsigned int flags) { + size_t ret = ROUND_TO_ALIGN(sizeof(secp256k1_context)); + + if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { + secp256k1_callback_call(&default_illegal_callback, + "Invalid flags"); + return 0; + } + + if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) { + ret += SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; + } + if (flags & SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) { + ret += SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; + } + return ret; +} + +size_t secp256k1_context_preallocated_clone_size(const secp256k1_context* ctx) { + size_t ret = ROUND_TO_ALIGN(sizeof(secp256k1_context)); + VERIFY_CHECK(ctx != NULL); + if (secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { + ret += SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; + } + if (secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)) { + ret += SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; + } + return ret; +} + +secp256k1_context* secp256k1_context_preallocated_create(void* prealloc, unsigned int flags) { + void* const base = prealloc; + size_t prealloc_size; + secp256k1_context* ret; + + VERIFY_CHECK(prealloc != NULL); + prealloc_size = secp256k1_context_preallocated_size(flags); + ret = (secp256k1_context*)manual_alloc(&prealloc, sizeof(secp256k1_context), base, prealloc_size); + ret->illegal_callback = default_illegal_callback; + ret->error_callback = default_error_callback; + + if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { + secp256k1_callback_call(&ret->illegal_callback, + "Invalid flags"); + return NULL; + } + + secp256k1_ecmult_context_init(&ret->ecmult_ctx); + secp256k1_ecmult_gen_context_init(&ret->ecmult_gen_ctx); + + if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) { + secp256k1_ecmult_gen_context_build(&ret->ecmult_gen_ctx, &prealloc); + } + if (flags & SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) { + secp256k1_ecmult_context_build(&ret->ecmult_ctx, &prealloc); + } + + return (secp256k1_context*) ret; +} + +secp256k1_context* secp256k1_context_create(unsigned int flags) { + size_t const prealloc_size = secp256k1_context_preallocated_size(flags); + secp256k1_context* ctx = (secp256k1_context*)checked_malloc(&default_error_callback, prealloc_size); + if (EXPECT(secp256k1_context_preallocated_create(ctx, flags) == NULL, 0)) { + free(ctx); + return NULL; + } + + return ctx; +} + +secp256k1_context* secp256k1_context_preallocated_clone(const secp256k1_context* ctx, void* prealloc) { + size_t prealloc_size; + secp256k1_context* ret; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(prealloc != NULL); + + prealloc_size = secp256k1_context_preallocated_clone_size(ctx); + ret = (secp256k1_context*)prealloc; + memcpy(ret, ctx, prealloc_size); + secp256k1_ecmult_gen_context_finalize_memcpy(&ret->ecmult_gen_ctx, &ctx->ecmult_gen_ctx); + secp256k1_ecmult_context_finalize_memcpy(&ret->ecmult_ctx, &ctx->ecmult_ctx); + return ret; +} + +secp256k1_context* secp256k1_context_clone(const secp256k1_context* ctx) { + secp256k1_context* ret; + size_t prealloc_size; + + VERIFY_CHECK(ctx != NULL); + prealloc_size = secp256k1_context_preallocated_clone_size(ctx); + ret = (secp256k1_context*)checked_malloc(&ctx->error_callback, prealloc_size); + ret = secp256k1_context_preallocated_clone(ctx, ret); + return ret; +} + +void secp256k1_context_preallocated_destroy(secp256k1_context* ctx) { + ARG_CHECK_NO_RETURN(ctx != secp256k1_context_no_precomp); + if (ctx != NULL) { + secp256k1_ecmult_context_clear(&ctx->ecmult_ctx); + secp256k1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); + } +} + +void secp256k1_context_destroy(secp256k1_context* ctx) { + if (ctx != NULL) { + secp256k1_context_preallocated_destroy(ctx); + free(ctx); + } +} + +void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { + ARG_CHECK_NO_RETURN(ctx != secp256k1_context_no_precomp); + if (fun == NULL) { + fun = secp256k1_default_illegal_callback_fn; + } + ctx->illegal_callback.fn = fun; + ctx->illegal_callback.data = data; +} + +void secp256k1_context_set_error_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { + ARG_CHECK_NO_RETURN(ctx != secp256k1_context_no_precomp); + if (fun == NULL) { + fun = secp256k1_default_error_callback_fn; + } + ctx->error_callback.fn = fun; + ctx->error_callback.data = data; +} + +secp256k1_scratch_space* secp256k1_scratch_space_create(const secp256k1_context* ctx, size_t max_size) { + VERIFY_CHECK(ctx != NULL); + return secp256k1_scratch_create(&ctx->error_callback, max_size); +} + +void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space* scratch) { + VERIFY_CHECK(ctx != NULL); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); +} + +static int secp256k1_pubkey_load(const secp256k1_context* ctx, secp256k1_ge* ge, const secp256k1_pubkey* pubkey) { + if (sizeof(secp256k1_ge_storage) == 64) { + /* When the secp256k1_ge_storage type is exactly 64 byte, use its + * representation inside secp256k1_pubkey, as conversion is very fast. + * Note that secp256k1_pubkey_save must use the same representation. */ + secp256k1_ge_storage s; + memcpy(&s, &pubkey->data[0], sizeof(s)); + secp256k1_ge_from_storage(ge, &s); + } else { + /* Otherwise, fall back to 32-byte big endian for X and Y. */ + secp256k1_fe x, y; + secp256k1_fe_set_b32(&x, pubkey->data); + secp256k1_fe_set_b32(&y, pubkey->data + 32); + secp256k1_ge_set_xy(ge, &x, &y); + } + ARG_CHECK(!secp256k1_fe_is_zero(&ge->x)); + return 1; +} + +static void secp256k1_pubkey_save(secp256k1_pubkey* pubkey, secp256k1_ge* ge) { + if (sizeof(secp256k1_ge_storage) == 64) { + secp256k1_ge_storage s; + secp256k1_ge_to_storage(&s, ge); + memcpy(&pubkey->data[0], &s, sizeof(s)); + } else { + VERIFY_CHECK(!secp256k1_ge_is_infinity(ge)); + secp256k1_fe_normalize_var(&ge->x); + secp256k1_fe_normalize_var(&ge->y); + secp256k1_fe_get_b32(pubkey->data, &ge->x); + secp256k1_fe_get_b32(pubkey->data + 32, &ge->y); + } +} + +int secp256k1_ec_pubkey_parse(const secp256k1_context* ctx, secp256k1_pubkey* pubkey, const unsigned char *input, size_t inputlen) { + secp256k1_ge Q; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(pubkey != NULL); + memset(pubkey, 0, sizeof(*pubkey)); + ARG_CHECK(input != NULL); + if (!secp256k1_eckey_pubkey_parse(&Q, input, inputlen)) { + return 0; + } + secp256k1_pubkey_save(pubkey, &Q); + secp256k1_ge_clear(&Q); + return 1; +} + +int secp256k1_ec_pubkey_serialize(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey* pubkey, unsigned int flags) { + secp256k1_ge Q; + size_t len; + int ret = 0; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(outputlen != NULL); + ARG_CHECK(*outputlen >= ((flags & SECP256K1_FLAGS_BIT_COMPRESSION) ? 33 : 65)); + len = *outputlen; + *outputlen = 0; + ARG_CHECK(output != NULL); + memset(output, 0, len); + ARG_CHECK(pubkey != NULL); + ARG_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_COMPRESSION); + if (secp256k1_pubkey_load(ctx, &Q, pubkey)) { + ret = secp256k1_eckey_pubkey_serialize(&Q, output, &len, flags & SECP256K1_FLAGS_BIT_COMPRESSION); + if (ret) { + *outputlen = len; + } + } + return ret; +} + +static void secp256k1_ecdsa_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_ecdsa_signature* sig) { + (void)ctx; + if (sizeof(secp256k1_scalar) == 32) { + /* When the secp256k1_scalar type is exactly 32 byte, use its + * representation inside secp256k1_ecdsa_signature, as conversion is very fast. + * Note that secp256k1_ecdsa_signature_save must use the same representation. */ + memcpy(r, &sig->data[0], 32); + memcpy(s, &sig->data[32], 32); + } else { + secp256k1_scalar_set_b32(r, &sig->data[0], NULL); + secp256k1_scalar_set_b32(s, &sig->data[32], NULL); + } +} + +static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature* sig, const secp256k1_scalar* r, const secp256k1_scalar* s) { + if (sizeof(secp256k1_scalar) == 32) { + memcpy(&sig->data[0], r, 32); + memcpy(&sig->data[32], s, 32); + } else { + secp256k1_scalar_get_b32(&sig->data[0], r); + secp256k1_scalar_get_b32(&sig->data[32], s); + } +} + +int secp256k1_ecdsa_signature_parse_der(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { + secp256k1_scalar r, s; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(sig != NULL); + ARG_CHECK(input != NULL); + + if (secp256k1_ecdsa_sig_parse(&r, &s, input, inputlen)) { + secp256k1_ecdsa_signature_save(sig, &r, &s); + return 1; + } else { + memset(sig, 0, sizeof(*sig)); + return 0; + } +} + +int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input64) { + secp256k1_scalar r, s; + int ret = 1; + int overflow = 0; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(sig != NULL); + ARG_CHECK(input64 != NULL); + + secp256k1_scalar_set_b32(&r, &input64[0], &overflow); + ret &= !overflow; + secp256k1_scalar_set_b32(&s, &input64[32], &overflow); + ret &= !overflow; + if (ret) { + secp256k1_ecdsa_signature_save(sig, &r, &s); + } else { + memset(sig, 0, sizeof(*sig)); + } + return ret; +} + +int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature* sig) { + secp256k1_scalar r, s; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(output != NULL); + ARG_CHECK(outputlen != NULL); + ARG_CHECK(sig != NULL); + + secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); + return secp256k1_ecdsa_sig_serialize(output, outputlen, &r, &s); +} + +int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, const secp256k1_ecdsa_signature* sig) { + secp256k1_scalar r, s; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(output64 != NULL); + ARG_CHECK(sig != NULL); + + secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); + secp256k1_scalar_get_b32(&output64[0], &r); + secp256k1_scalar_get_b32(&output64[32], &s); + return 1; +} + +int secp256k1_ecdsa_signature_normalize(const secp256k1_context* ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) { + secp256k1_scalar r, s; + int ret = 0; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(sigin != NULL); + + secp256k1_ecdsa_signature_load(ctx, &r, &s, sigin); + ret = secp256k1_scalar_is_high(&s); + if (sigout != NULL) { + if (ret) { + secp256k1_scalar_negate(&s, &s); + } + secp256k1_ecdsa_signature_save(sigout, &r, &s); + } + + return ret; +} + +int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey) { + secp256k1_ge q; + secp256k1_scalar r, s; + secp256k1_scalar m; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(msg32 != NULL); + ARG_CHECK(sig != NULL); + ARG_CHECK(pubkey != NULL); + + secp256k1_scalar_set_b32(&m, msg32, NULL); + secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); + return (!secp256k1_scalar_is_high(&s) && + secp256k1_pubkey_load(ctx, &q, pubkey) && + secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m)); +} + +static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) { + memcpy(buf + *offset, data, len); + *offset += len; +} + +static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { + unsigned char keydata[112]; + unsigned int offset = 0; + secp256k1_rfc6979_hmac_sha256 rng; + unsigned int i; + /* We feed a byte array to the PRNG as input, consisting of: + * - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d. + * - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data. + * - optionally 16 extra bytes with the algorithm name. + * Because the arguments have distinct fixed lengths it is not possible for + * different argument mixtures to emulate each other and result in the same + * nonces. + */ + buffer_append(keydata, &offset, key32, 32); + buffer_append(keydata, &offset, msg32, 32); + if (data != NULL) { + buffer_append(keydata, &offset, data, 32); + } + if (algo16 != NULL) { + buffer_append(keydata, &offset, algo16, 16); + } + secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, offset); + memset(keydata, 0, sizeof(keydata)); + for (i = 0; i <= counter; i++) { + secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + } + secp256k1_rfc6979_hmac_sha256_finalize(&rng); + return 1; +} + +const secp256k1_nonce_function secp256k1_nonce_function_rfc6979 = nonce_function_rfc6979; +const secp256k1_nonce_function secp256k1_nonce_function_default = nonce_function_rfc6979; + +int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { + secp256k1_scalar r, s; + secp256k1_scalar sec, non, msg; + int ret = 0; + int overflow = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(msg32 != NULL); + ARG_CHECK(signature != NULL); + ARG_CHECK(seckey != NULL); + if (noncefp == NULL) { + noncefp = secp256k1_nonce_function_default; + } + + secp256k1_scalar_set_b32(&sec, seckey, &overflow); + /* Fail if the secret key is invalid. */ + if (!overflow && !secp256k1_scalar_is_zero(&sec)) { + unsigned char nonce32[32]; + unsigned int count = 0; + secp256k1_scalar_set_b32(&msg, msg32, NULL); + while (1) { + ret = noncefp(nonce32, msg32, seckey, NULL, (void*)noncedata, count); + if (!ret) { + break; + } + secp256k1_scalar_set_b32(&non, nonce32, &overflow); + if (!overflow && !secp256k1_scalar_is_zero(&non)) { + if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &r, &s, &sec, &msg, &non, NULL)) { + break; + } + } + count++; + } + memset(nonce32, 0, 32); + secp256k1_scalar_clear(&msg); + secp256k1_scalar_clear(&non); + secp256k1_scalar_clear(&sec); + } + if (ret) { + secp256k1_ecdsa_signature_save(signature, &r, &s); + } else { + memset(signature, 0, sizeof(*signature)); + } + return ret; +} + +int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey) { + secp256k1_scalar sec; + int ret; + int overflow; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(seckey != NULL); + + secp256k1_scalar_set_b32(&sec, seckey, &overflow); + ret = !overflow && !secp256k1_scalar_is_zero(&sec); + secp256k1_scalar_clear(&sec); + return ret; +} + +int secp256k1_ec_pubkey_create(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) { + secp256k1_gej pj; + secp256k1_ge p; + secp256k1_scalar sec; + int overflow; + int ret = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(pubkey != NULL); + memset(pubkey, 0, sizeof(*pubkey)); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(seckey != NULL); + + secp256k1_scalar_set_b32(&sec, seckey, &overflow); + ret = !overflow && !secp256k1_scalar_is_zero(&sec); + if (ret) { + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pj, &sec); + secp256k1_ge_set_gej(&p, &pj); + secp256k1_pubkey_save(pubkey, &p); + } + secp256k1_scalar_clear(&sec); + return ret; +} + +int secp256k1_ec_privkey_negate(const secp256k1_context* ctx, unsigned char *seckey) { + secp256k1_scalar sec; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(seckey != NULL); + + secp256k1_scalar_set_b32(&sec, seckey, NULL); + secp256k1_scalar_negate(&sec, &sec); + secp256k1_scalar_get_b32(seckey, &sec); + + secp256k1_scalar_clear(&sec); + return 1; +} + +int secp256k1_ec_pubkey_negate(const secp256k1_context* ctx, secp256k1_pubkey *pubkey) { + int ret = 0; + secp256k1_ge p; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(pubkey != NULL); + + ret = secp256k1_pubkey_load(ctx, &p, pubkey); + memset(pubkey, 0, sizeof(*pubkey)); + if (ret) { + secp256k1_ge_neg(&p, &p); + secp256k1_pubkey_save(pubkey, &p); + } + return ret; +} + +int secp256k1_ec_privkey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { + secp256k1_scalar term; + secp256k1_scalar sec; + int ret = 0; + int overflow = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(seckey != NULL); + ARG_CHECK(tweak != NULL); + + secp256k1_scalar_set_b32(&term, tweak, &overflow); + secp256k1_scalar_set_b32(&sec, seckey, NULL); + + ret = !overflow && secp256k1_eckey_privkey_tweak_add(&sec, &term); + memset(seckey, 0, 32); + if (ret) { + secp256k1_scalar_get_b32(seckey, &sec); + } + + secp256k1_scalar_clear(&sec); + secp256k1_scalar_clear(&term); + return ret; +} + +int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) { + secp256k1_ge p; + secp256k1_scalar term; + int ret = 0; + int overflow = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(pubkey != NULL); + ARG_CHECK(tweak != NULL); + + secp256k1_scalar_set_b32(&term, tweak, &overflow); + ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey); + memset(pubkey, 0, sizeof(*pubkey)); + if (ret) { + if (secp256k1_eckey_pubkey_tweak_add(&ctx->ecmult_ctx, &p, &term)) { + secp256k1_pubkey_save(pubkey, &p); + } else { + ret = 0; + } + } + + return ret; +} + +int secp256k1_ec_privkey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { + secp256k1_scalar factor; + secp256k1_scalar sec; + int ret = 0; + int overflow = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(seckey != NULL); + ARG_CHECK(tweak != NULL); + + secp256k1_scalar_set_b32(&factor, tweak, &overflow); + secp256k1_scalar_set_b32(&sec, seckey, NULL); + ret = !overflow && secp256k1_eckey_privkey_tweak_mul(&sec, &factor); + memset(seckey, 0, 32); + if (ret) { + secp256k1_scalar_get_b32(seckey, &sec); + } + + secp256k1_scalar_clear(&sec); + secp256k1_scalar_clear(&factor); + return ret; +} + +int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) { + secp256k1_ge p; + secp256k1_scalar factor; + int ret = 0; + int overflow = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(pubkey != NULL); + ARG_CHECK(tweak != NULL); + + secp256k1_scalar_set_b32(&factor, tweak, &overflow); + ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey); + memset(pubkey, 0, sizeof(*pubkey)); + if (ret) { + if (secp256k1_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) { + secp256k1_pubkey_save(pubkey, &p); + } else { + ret = 0; + } + } + + return ret; +} + +int secp256k1_context_randomize(secp256k1_context* ctx, const unsigned char *seed32) { + VERIFY_CHECK(ctx != NULL); + if (secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { + secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); + } + return 1; +} + +int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey *pubnonce, const secp256k1_pubkey * const *pubnonces, size_t n) { + size_t i; + secp256k1_gej Qj; + secp256k1_ge Q; + + ARG_CHECK(pubnonce != NULL); + memset(pubnonce, 0, sizeof(*pubnonce)); + ARG_CHECK(n >= 1); + ARG_CHECK(pubnonces != NULL); + + secp256k1_gej_set_infinity(&Qj); + + for (i = 0; i < n; i++) { + secp256k1_pubkey_load(ctx, &Q, pubnonces[i]); + secp256k1_gej_add_ge(&Qj, &Qj, &Q); + } + if (secp256k1_gej_is_infinity(&Qj)) { + return 0; + } + secp256k1_ge_set_gej(&Q, &Qj); + secp256k1_pubkey_save(pubnonce, &Q); + return 1; +} + +#ifdef ENABLE_MODULE_ECDH +# include "modules/ecdh/main_impl.h" +#endif + +#ifdef ENABLE_MODULE_RECOVERY +# include "modules/recovery/main_impl.h" +#endif diff --git a/deps/secp256k1/src/testrand.h b/deps/secp256k1/src/testrand.h new file mode 100644 index 000000000..f1f9be077 --- /dev/null +++ b/deps/secp256k1/src/testrand.h @@ -0,0 +1,38 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_TESTRAND_H +#define SECP256K1_TESTRAND_H + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +/* A non-cryptographic RNG used only for test infrastructure. */ + +/** Seed the pseudorandom number generator for testing. */ +SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16); + +/** Generate a pseudorandom number in the range [0..2**32-1]. */ +static uint32_t secp256k1_rand32(void); + +/** Generate a pseudorandom number in the range [0..2**bits-1]. Bits must be 1 or + * more. */ +static uint32_t secp256k1_rand_bits(int bits); + +/** Generate a pseudorandom number in the range [0..range-1]. */ +static uint32_t secp256k1_rand_int(uint32_t range); + +/** Generate a pseudorandom 32-byte array. */ +static void secp256k1_rand256(unsigned char *b32); + +/** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */ +static void secp256k1_rand256_test(unsigned char *b32); + +/** Generate pseudorandom bytes with long sequences of zero and one bits. */ +static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len); + +#endif /* SECP256K1_TESTRAND_H */ diff --git a/deps/secp256k1/src/testrand_impl.h b/deps/secp256k1/src/testrand_impl.h new file mode 100644 index 000000000..30a91e529 --- /dev/null +++ b/deps/secp256k1/src/testrand_impl.h @@ -0,0 +1,110 @@ +/********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_TESTRAND_IMPL_H +#define SECP256K1_TESTRAND_IMPL_H + +#include +#include + +#include "testrand.h" +#include "hash.h" + +static secp256k1_rfc6979_hmac_sha256 secp256k1_test_rng; +static uint32_t secp256k1_test_rng_precomputed[8]; +static int secp256k1_test_rng_precomputed_used = 8; +static uint64_t secp256k1_test_rng_integer; +static int secp256k1_test_rng_integer_bits_left = 0; + +SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16) { + secp256k1_rfc6979_hmac_sha256_initialize(&secp256k1_test_rng, seed16, 16); +} + +SECP256K1_INLINE static uint32_t secp256k1_rand32(void) { + if (secp256k1_test_rng_precomputed_used == 8) { + secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, (unsigned char*)(&secp256k1_test_rng_precomputed[0]), sizeof(secp256k1_test_rng_precomputed)); + secp256k1_test_rng_precomputed_used = 0; + } + return secp256k1_test_rng_precomputed[secp256k1_test_rng_precomputed_used++]; +} + +static uint32_t secp256k1_rand_bits(int bits) { + uint32_t ret; + if (secp256k1_test_rng_integer_bits_left < bits) { + secp256k1_test_rng_integer |= (((uint64_t)secp256k1_rand32()) << secp256k1_test_rng_integer_bits_left); + secp256k1_test_rng_integer_bits_left += 32; + } + ret = secp256k1_test_rng_integer; + secp256k1_test_rng_integer >>= bits; + secp256k1_test_rng_integer_bits_left -= bits; + ret &= ((~((uint32_t)0)) >> (32 - bits)); + return ret; +} + +static uint32_t secp256k1_rand_int(uint32_t range) { + /* We want a uniform integer between 0 and range-1, inclusive. + * B is the smallest number such that range <= 2**B. + * two mechanisms implemented here: + * - generate B bits numbers until one below range is found, and return it + * - find the largest multiple M of range that is <= 2**(B+A), generate B+A + * bits numbers until one below M is found, and return it modulo range + * The second mechanism consumes A more bits of entropy in every iteration, + * but may need fewer iterations due to M being closer to 2**(B+A) then + * range is to 2**B. The array below (indexed by B) contains a 0 when the + * first mechanism is to be used, and the number A otherwise. + */ + static const int addbits[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 1, 0}; + uint32_t trange, mult; + int bits = 0; + if (range <= 1) { + return 0; + } + trange = range - 1; + while (trange > 0) { + trange >>= 1; + bits++; + } + if (addbits[bits]) { + bits = bits + addbits[bits]; + mult = ((~((uint32_t)0)) >> (32 - bits)) / range; + trange = range * mult; + } else { + trange = range; + mult = 1; + } + while(1) { + uint32_t x = secp256k1_rand_bits(bits); + if (x < trange) { + return (mult == 1) ? x : (x % range); + } + } +} + +static void secp256k1_rand256(unsigned char *b32) { + secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, b32, 32); +} + +static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len) { + size_t bits = 0; + memset(bytes, 0, len); + while (bits < len * 8) { + int now; + uint32_t val; + now = 1 + (secp256k1_rand_bits(6) * secp256k1_rand_bits(5) + 16) / 31; + val = secp256k1_rand_bits(1); + while (now > 0 && bits < len * 8) { + bytes[bits / 8] |= val << (bits % 8); + now--; + bits++; + } + } +} + +static void secp256k1_rand256_test(unsigned char *b32) { + secp256k1_rand_bytes_test(b32, 32); +} + +#endif /* SECP256K1_TESTRAND_IMPL_H */ diff --git a/deps/secp256k1/src/tests.c b/deps/secp256k1/src/tests.c new file mode 100644 index 000000000..d408a5c30 --- /dev/null +++ b/deps/secp256k1/src/tests.c @@ -0,0 +1,5301 @@ +/********************************************************************** + * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include +#include +#include + +#include + +#include "secp256k1.c" +#include "include/secp256k1.h" +#include "include/secp256k1_preallocated.h" +#include "testrand_impl.h" + +#ifdef ENABLE_OPENSSL_TESTS +#include "openssl/bn.h" +#include "openssl/ec.h" +#include "openssl/ecdsa.h" +#include "openssl/obj_mac.h" +# if OPENSSL_VERSION_NUMBER < 0x10100000L +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {*pr = sig->r; *ps = sig->s;} +# endif +#endif + +#include "contrib/lax_der_parsing.c" +#include "contrib/lax_der_privatekey_parsing.c" + +#if !defined(VG_CHECK) +# if defined(VALGRIND) +# include +# define VG_UNDEF(x,y) VALGRIND_MAKE_MEM_UNDEFINED((x),(y)) +# define VG_CHECK(x,y) VALGRIND_CHECK_MEM_IS_DEFINED((x),(y)) +# else +# define VG_UNDEF(x,y) +# define VG_CHECK(x,y) +# endif +#endif + +static int count = 64; +static secp256k1_context *ctx = NULL; + +static void counting_illegal_callback_fn(const char* str, void* data) { + /* Dummy callback function that just counts. */ + int32_t *p; + (void)str; + p = data; + (*p)++; +} + +static void uncounting_illegal_callback_fn(const char* str, void* data) { + /* Dummy callback function that just counts (backwards). */ + int32_t *p; + (void)str; + p = data; + (*p)--; +} + +void random_field_element_test(secp256k1_fe *fe) { + do { + unsigned char b32[32]; + secp256k1_rand256_test(b32); + if (secp256k1_fe_set_b32(fe, b32)) { + break; + } + } while(1); +} + +void random_field_element_magnitude(secp256k1_fe *fe) { + secp256k1_fe zero; + int n = secp256k1_rand_int(9); + secp256k1_fe_normalize(fe); + if (n == 0) { + return; + } + secp256k1_fe_clear(&zero); + secp256k1_fe_negate(&zero, &zero, 0); + secp256k1_fe_mul_int(&zero, n - 1); + secp256k1_fe_add(fe, &zero); +#ifdef VERIFY + CHECK(fe->magnitude == n); +#endif +} + +void random_group_element_test(secp256k1_ge *ge) { + secp256k1_fe fe; + do { + random_field_element_test(&fe); + if (secp256k1_ge_set_xo_var(ge, &fe, secp256k1_rand_bits(1))) { + secp256k1_fe_normalize(&ge->y); + break; + } + } while(1); +} + +void random_group_element_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge) { + secp256k1_fe z2, z3; + do { + random_field_element_test(&gej->z); + if (!secp256k1_fe_is_zero(&gej->z)) { + break; + } + } while(1); + secp256k1_fe_sqr(&z2, &gej->z); + secp256k1_fe_mul(&z3, &z2, &gej->z); + secp256k1_fe_mul(&gej->x, &ge->x, &z2); + secp256k1_fe_mul(&gej->y, &ge->y, &z3); + gej->infinity = ge->infinity; +} + +void random_scalar_order_test(secp256k1_scalar *num) { + do { + unsigned char b32[32]; + int overflow = 0; + secp256k1_rand256_test(b32); + secp256k1_scalar_set_b32(num, b32, &overflow); + if (overflow || secp256k1_scalar_is_zero(num)) { + continue; + } + break; + } while(1); +} + +void random_scalar_order(secp256k1_scalar *num) { + do { + unsigned char b32[32]; + int overflow = 0; + secp256k1_rand256(b32); + secp256k1_scalar_set_b32(num, b32, &overflow); + if (overflow || secp256k1_scalar_is_zero(num)) { + continue; + } + break; + } while(1); +} + +void run_context_tests(int use_prealloc) { + secp256k1_pubkey pubkey; + secp256k1_pubkey zero_pubkey; + secp256k1_ecdsa_signature sig; + unsigned char ctmp[32]; + int32_t ecount; + int32_t ecount2; + secp256k1_context *none; + secp256k1_context *sign; + secp256k1_context *vrfy; + secp256k1_context *both; + void *none_prealloc = NULL; + void *sign_prealloc = NULL; + void *vrfy_prealloc = NULL; + void *both_prealloc = NULL; + + secp256k1_gej pubj; + secp256k1_ge pub; + secp256k1_scalar msg, key, nonce; + secp256k1_scalar sigr, sigs; + + if (use_prealloc) { + none_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + sign_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); + vrfy_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); + both_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); + CHECK(none_prealloc != NULL); + CHECK(sign_prealloc != NULL); + CHECK(vrfy_prealloc != NULL); + CHECK(both_prealloc != NULL); + none = secp256k1_context_preallocated_create(none_prealloc, SECP256K1_CONTEXT_NONE); + sign = secp256k1_context_preallocated_create(sign_prealloc, SECP256K1_CONTEXT_SIGN); + vrfy = secp256k1_context_preallocated_create(vrfy_prealloc, SECP256K1_CONTEXT_VERIFY); + both = secp256k1_context_preallocated_create(both_prealloc, SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + } else { + none = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + sign = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); + vrfy = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); + both = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + } + + memset(&zero_pubkey, 0, sizeof(zero_pubkey)); + + ecount = 0; + ecount2 = 10; + secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount2); + secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, NULL); + CHECK(vrfy->error_callback.fn != sign->error_callback.fn); + + /* check if sizes for cloning are consistent */ + CHECK(secp256k1_context_preallocated_clone_size(none) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + CHECK(secp256k1_context_preallocated_clone_size(sign) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); + CHECK(secp256k1_context_preallocated_clone_size(vrfy) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); + CHECK(secp256k1_context_preallocated_clone_size(both) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); + + /*** clone and destroy all of them to make sure cloning was complete ***/ + { + secp256k1_context *ctx_tmp; + + if (use_prealloc) { + /* clone into a non-preallocated context and then again into a new preallocated one. */ + ctx_tmp = none; none = secp256k1_context_clone(none); secp256k1_context_preallocated_destroy(ctx_tmp); + free(none_prealloc); none_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(none_prealloc != NULL); + ctx_tmp = none; none = secp256k1_context_preallocated_clone(none, none_prealloc); secp256k1_context_destroy(ctx_tmp); + + ctx_tmp = sign; sign = secp256k1_context_clone(sign); secp256k1_context_preallocated_destroy(ctx_tmp); + free(sign_prealloc); sign_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); CHECK(sign_prealloc != NULL); + ctx_tmp = sign; sign = secp256k1_context_preallocated_clone(sign, sign_prealloc); secp256k1_context_destroy(ctx_tmp); + + ctx_tmp = vrfy; vrfy = secp256k1_context_clone(vrfy); secp256k1_context_preallocated_destroy(ctx_tmp); + free(vrfy_prealloc); vrfy_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); CHECK(vrfy_prealloc != NULL); + ctx_tmp = vrfy; vrfy = secp256k1_context_preallocated_clone(vrfy, vrfy_prealloc); secp256k1_context_destroy(ctx_tmp); + + ctx_tmp = both; both = secp256k1_context_clone(both); secp256k1_context_preallocated_destroy(ctx_tmp); + free(both_prealloc); both_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(both_prealloc != NULL); + ctx_tmp = both; both = secp256k1_context_preallocated_clone(both, both_prealloc); secp256k1_context_destroy(ctx_tmp); + } else { + /* clone into a preallocated context and then again into a new non-preallocated one. */ + void *prealloc_tmp; + + prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(prealloc_tmp != NULL); + ctx_tmp = none; none = secp256k1_context_preallocated_clone(none, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); + ctx_tmp = none; none = secp256k1_context_clone(none); secp256k1_context_preallocated_destroy(ctx_tmp); + free(prealloc_tmp); + + prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); CHECK(prealloc_tmp != NULL); + ctx_tmp = sign; sign = secp256k1_context_preallocated_clone(sign, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); + ctx_tmp = sign; sign = secp256k1_context_clone(sign); secp256k1_context_preallocated_destroy(ctx_tmp); + free(prealloc_tmp); + + prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); CHECK(prealloc_tmp != NULL); + ctx_tmp = vrfy; vrfy = secp256k1_context_preallocated_clone(vrfy, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); + ctx_tmp = vrfy; vrfy = secp256k1_context_clone(vrfy); secp256k1_context_preallocated_destroy(ctx_tmp); + free(prealloc_tmp); + + prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(prealloc_tmp != NULL); + ctx_tmp = both; both = secp256k1_context_preallocated_clone(both, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); + ctx_tmp = both; both = secp256k1_context_clone(both); secp256k1_context_preallocated_destroy(ctx_tmp); + free(prealloc_tmp); + } + } + + /* Verify that the error callback makes it across the clone. */ + CHECK(vrfy->error_callback.fn != sign->error_callback.fn); + /* And that it resets back to default. */ + secp256k1_context_set_error_callback(sign, NULL, NULL); + CHECK(vrfy->error_callback.fn == sign->error_callback.fn); + + /*** attempt to use them ***/ + random_scalar_order_test(&msg); + random_scalar_order_test(&key); + secp256k1_ecmult_gen(&both->ecmult_gen_ctx, &pubj, &key); + secp256k1_ge_set_gej(&pub, &pubj); + + /* Verify context-type checking illegal-argument errors. */ + memset(ctmp, 1, 32); + CHECK(secp256k1_ec_pubkey_create(vrfy, &pubkey, ctmp) == 0); + CHECK(ecount == 1); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(sign, &pubkey, ctmp) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ecdsa_sign(vrfy, &sig, ctmp, ctmp, NULL, NULL) == 0); + CHECK(ecount == 2); + VG_UNDEF(&sig, sizeof(sig)); + CHECK(secp256k1_ecdsa_sign(sign, &sig, ctmp, ctmp, NULL, NULL) == 1); + VG_CHECK(&sig, sizeof(sig)); + CHECK(ecount2 == 10); + CHECK(secp256k1_ecdsa_verify(sign, &sig, ctmp, &pubkey) == 0); + CHECK(ecount2 == 11); + CHECK(secp256k1_ecdsa_verify(vrfy, &sig, ctmp, &pubkey) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_tweak_add(sign, &pubkey, ctmp) == 0); + CHECK(ecount2 == 12); + CHECK(secp256k1_ec_pubkey_tweak_add(vrfy, &pubkey, ctmp) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_tweak_mul(sign, &pubkey, ctmp) == 0); + CHECK(ecount2 == 13); + CHECK(secp256k1_ec_pubkey_negate(vrfy, &pubkey) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_negate(sign, &pubkey) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_negate(sign, NULL) == 0); + CHECK(ecount2 == 14); + CHECK(secp256k1_ec_pubkey_negate(vrfy, &zero_pubkey) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ec_pubkey_tweak_mul(vrfy, &pubkey, ctmp) == 1); + CHECK(ecount == 3); + CHECK(secp256k1_context_randomize(vrfy, ctmp) == 1); + CHECK(ecount == 3); + CHECK(secp256k1_context_randomize(vrfy, NULL) == 1); + CHECK(ecount == 3); + CHECK(secp256k1_context_randomize(sign, ctmp) == 1); + CHECK(ecount2 == 14); + CHECK(secp256k1_context_randomize(sign, NULL) == 1); + CHECK(ecount2 == 14); + secp256k1_context_set_illegal_callback(vrfy, NULL, NULL); + secp256k1_context_set_illegal_callback(sign, NULL, NULL); + + /* obtain a working nonce */ + do { + random_scalar_order_test(&nonce); + } while(!secp256k1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + + /* try signing */ + CHECK(secp256k1_ecdsa_sig_sign(&sign->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + CHECK(secp256k1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + + /* try verifying */ + CHECK(secp256k1_ecdsa_sig_verify(&vrfy->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + CHECK(secp256k1_ecdsa_sig_verify(&both->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + + /* cleanup */ + if (use_prealloc) { + secp256k1_context_preallocated_destroy(none); + secp256k1_context_preallocated_destroy(sign); + secp256k1_context_preallocated_destroy(vrfy); + secp256k1_context_preallocated_destroy(both); + free(none_prealloc); + free(sign_prealloc); + free(vrfy_prealloc); + free(both_prealloc); + } else { + secp256k1_context_destroy(none); + secp256k1_context_destroy(sign); + secp256k1_context_destroy(vrfy); + secp256k1_context_destroy(both); + } + /* Defined as no-op. */ + secp256k1_context_destroy(NULL); + secp256k1_context_preallocated_destroy(NULL); + +} + +void run_scratch_tests(void) { + const size_t adj_alloc = ((500 + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT; + + int32_t ecount = 0; + size_t checkpoint; + size_t checkpoint_2; + secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + secp256k1_scratch_space *scratch; + secp256k1_scratch_space local_scratch; + + /* Test public API */ + secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); + + scratch = secp256k1_scratch_space_create(none, 1000); + CHECK(scratch != NULL); + CHECK(ecount == 0); + + /* Test internal API */ + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - (ALIGNMENT - 1)); + CHECK(scratch->alloc_size == 0); + CHECK(scratch->alloc_size % ALIGNMENT == 0); + + /* Allocating 500 bytes succeeds */ + checkpoint = secp256k1_scratch_checkpoint(&none->error_callback, scratch); + CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) != NULL); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000 - adj_alloc); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); + CHECK(scratch->alloc_size != 0); + CHECK(scratch->alloc_size % ALIGNMENT == 0); + + /* Allocating another 500 bytes fails */ + CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) == NULL); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000 - adj_alloc); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); + CHECK(scratch->alloc_size != 0); + CHECK(scratch->alloc_size % ALIGNMENT == 0); + + /* ...but it succeeds once we apply the checkpoint to undo it */ + secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint); + CHECK(scratch->alloc_size == 0); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000); + CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) != NULL); + CHECK(scratch->alloc_size != 0); + + /* try to apply a bad checkpoint */ + checkpoint_2 = secp256k1_scratch_checkpoint(&none->error_callback, scratch); + secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint); + CHECK(ecount == 0); + secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint_2); /* checkpoint_2 is after checkpoint */ + CHECK(ecount == 1); + secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, (size_t) -1); /* this is just wildly invalid */ + CHECK(ecount == 2); + + /* try to use badly initialized scratch space */ + secp256k1_scratch_space_destroy(none, scratch); + memset(&local_scratch, 0, sizeof(local_scratch)); + scratch = &local_scratch; + CHECK(!secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0)); + CHECK(ecount == 3); + CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) == NULL); + CHECK(ecount == 4); + secp256k1_scratch_space_destroy(none, scratch); + CHECK(ecount == 5); + + /* cleanup */ + secp256k1_scratch_space_destroy(none, NULL); /* no-op */ + secp256k1_context_destroy(none); +} + +/***** HASH TESTS *****/ + +void run_sha256_tests(void) { + static const char *inputs[8] = { + "", "abc", "message digest", "secure hash algorithm", "SHA256 is considered to be safe", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "For this sample, this 63-byte string will be used as input data", + "This is exactly 64 bytes long, not counting the terminating byte" + }; + static const unsigned char outputs[8][32] = { + {0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}, + {0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, + {0xf7, 0x84, 0x6f, 0x55, 0xcf, 0x23, 0xe1, 0x4e, 0xeb, 0xea, 0xb5, 0xb4, 0xe1, 0x55, 0x0c, 0xad, 0x5b, 0x50, 0x9e, 0x33, 0x48, 0xfb, 0xc4, 0xef, 0xa3, 0xa1, 0x41, 0x3d, 0x39, 0x3c, 0xb6, 0x50}, + {0xf3, 0x0c, 0xeb, 0x2b, 0xb2, 0x82, 0x9e, 0x79, 0xe4, 0xca, 0x97, 0x53, 0xd3, 0x5a, 0x8e, 0xcc, 0x00, 0x26, 0x2d, 0x16, 0x4c, 0xc0, 0x77, 0x08, 0x02, 0x95, 0x38, 0x1c, 0xbd, 0x64, 0x3f, 0x0d}, + {0x68, 0x19, 0xd9, 0x15, 0xc7, 0x3f, 0x4d, 0x1e, 0x77, 0xe4, 0xe1, 0xb5, 0x2d, 0x1f, 0xa0, 0xf9, 0xcf, 0x9b, 0xea, 0xea, 0xd3, 0x93, 0x9f, 0x15, 0x87, 0x4b, 0xd9, 0x88, 0xe2, 0xa2, 0x36, 0x30}, + {0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1}, + {0xf0, 0x8a, 0x78, 0xcb, 0xba, 0xee, 0x08, 0x2b, 0x05, 0x2a, 0xe0, 0x70, 0x8f, 0x32, 0xfa, 0x1e, 0x50, 0xc5, 0xc4, 0x21, 0xaa, 0x77, 0x2b, 0xa5, 0xdb, 0xb4, 0x06, 0xa2, 0xea, 0x6b, 0xe3, 0x42}, + {0xab, 0x64, 0xef, 0xf7, 0xe8, 0x8e, 0x2e, 0x46, 0x16, 0x5e, 0x29, 0xf2, 0xbc, 0xe4, 0x18, 0x26, 0xbd, 0x4c, 0x7b, 0x35, 0x52, 0xf6, 0xb3, 0x82, 0xa9, 0xe7, 0xd3, 0xaf, 0x47, 0xc2, 0x45, 0xf8} + }; + int i; + for (i = 0; i < 8; i++) { + unsigned char out[32]; + secp256k1_sha256 hasher; + secp256k1_sha256_initialize(&hasher); + secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); + secp256k1_sha256_finalize(&hasher, out); + CHECK(memcmp(out, outputs[i], 32) == 0); + if (strlen(inputs[i]) > 0) { + int split = secp256k1_rand_int(strlen(inputs[i])); + secp256k1_sha256_initialize(&hasher); + secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); + secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); + secp256k1_sha256_finalize(&hasher, out); + CHECK(memcmp(out, outputs[i], 32) == 0); + } + } +} + +void run_hmac_sha256_tests(void) { + static const char *keys[6] = { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", + "\x4a\x65\x66\x65", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + }; + static const char *inputs[6] = { + "\x48\x69\x20\x54\x68\x65\x72\x65", + "\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20\x6e\x6f\x74\x68\x69\x6e\x67\x3f", + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", + "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd", + "\x54\x65\x73\x74\x20\x55\x73\x69\x6e\x67\x20\x4c\x61\x72\x67\x65\x72\x20\x54\x68\x61\x6e\x20\x42\x6c\x6f\x63\x6b\x2d\x53\x69\x7a\x65\x20\x4b\x65\x79\x20\x2d\x20\x48\x61\x73\x68\x20\x4b\x65\x79\x20\x46\x69\x72\x73\x74", + "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x20\x75\x73\x69\x6e\x67\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x2e" + }; + static const unsigned char outputs[6][32] = { + {0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, + {0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43}, + {0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe}, + {0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b}, + {0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54}, + {0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2} + }; + int i; + for (i = 0; i < 6; i++) { + secp256k1_hmac_sha256 hasher; + unsigned char out[32]; + secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); + secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); + secp256k1_hmac_sha256_finalize(&hasher, out); + CHECK(memcmp(out, outputs[i], 32) == 0); + if (strlen(inputs[i]) > 0) { + int split = secp256k1_rand_int(strlen(inputs[i])); + secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); + secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); + secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); + secp256k1_hmac_sha256_finalize(&hasher, out); + CHECK(memcmp(out, outputs[i], 32) == 0); + } + } +} + +void run_rfc6979_hmac_sha256_tests(void) { + static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0}; + static const unsigned char out1[3][32] = { + {0x4f, 0xe2, 0x95, 0x25, 0xb2, 0x08, 0x68, 0x09, 0x15, 0x9a, 0xcd, 0xf0, 0x50, 0x6e, 0xfb, 0x86, 0xb0, 0xec, 0x93, 0x2c, 0x7b, 0xa4, 0x42, 0x56, 0xab, 0x32, 0x1e, 0x42, 0x1e, 0x67, 0xe9, 0xfb}, + {0x2b, 0xf0, 0xff, 0xf1, 0xd3, 0xc3, 0x78, 0xa2, 0x2d, 0xc5, 0xde, 0x1d, 0x85, 0x65, 0x22, 0x32, 0x5c, 0x65, 0xb5, 0x04, 0x49, 0x1a, 0x0c, 0xbd, 0x01, 0xcb, 0x8f, 0x3a, 0xa6, 0x7f, 0xfd, 0x4a}, + {0xf5, 0x28, 0xb4, 0x10, 0xcb, 0x54, 0x1f, 0x77, 0x00, 0x0d, 0x7a, 0xfb, 0x6c, 0x5b, 0x53, 0xc5, 0xc4, 0x71, 0xea, 0xb4, 0x3e, 0x46, 0x6d, 0x9a, 0xc5, 0x19, 0x0c, 0x39, 0xc8, 0x2f, 0xd8, 0x2e} + }; + + static const unsigned char key2[64] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}; + static const unsigned char out2[3][32] = { + {0x9c, 0x23, 0x6c, 0x16, 0x5b, 0x82, 0xae, 0x0c, 0xd5, 0x90, 0x65, 0x9e, 0x10, 0x0b, 0x6b, 0xab, 0x30, 0x36, 0xe7, 0xba, 0x8b, 0x06, 0x74, 0x9b, 0xaf, 0x69, 0x81, 0xe1, 0x6f, 0x1a, 0x2b, 0x95}, + {0xdf, 0x47, 0x10, 0x61, 0x62, 0x5b, 0xc0, 0xea, 0x14, 0xb6, 0x82, 0xfe, 0xee, 0x2c, 0x9c, 0x02, 0xf2, 0x35, 0xda, 0x04, 0x20, 0x4c, 0x1d, 0x62, 0xa1, 0x53, 0x6c, 0x6e, 0x17, 0xae, 0xd7, 0xa9}, + {0x75, 0x97, 0x88, 0x7c, 0xbd, 0x76, 0x32, 0x1f, 0x32, 0xe3, 0x04, 0x40, 0x67, 0x9a, 0x22, 0xcf, 0x7f, 0x8d, 0x9d, 0x2e, 0xac, 0x39, 0x0e, 0x58, 0x1f, 0xea, 0x09, 0x1c, 0xe2, 0x02, 0xba, 0x94} + }; + + secp256k1_rfc6979_hmac_sha256 rng; + unsigned char out[32]; + int i; + + secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 64); + for (i = 0; i < 3; i++) { + secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(memcmp(out, out1[i], 32) == 0); + } + secp256k1_rfc6979_hmac_sha256_finalize(&rng); + + secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 65); + for (i = 0; i < 3; i++) { + secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(memcmp(out, out1[i], 32) != 0); + } + secp256k1_rfc6979_hmac_sha256_finalize(&rng); + + secp256k1_rfc6979_hmac_sha256_initialize(&rng, key2, 64); + for (i = 0; i < 3; i++) { + secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(memcmp(out, out2[i], 32) == 0); + } + secp256k1_rfc6979_hmac_sha256_finalize(&rng); +} + +/***** RANDOM TESTS *****/ + +void test_rand_bits(int rand32, int bits) { + /* (1-1/2^B)^rounds[B] < 1/10^9, so rounds is the number of iterations to + * get a false negative chance below once in a billion */ + static const unsigned int rounds[7] = {1, 30, 73, 156, 322, 653, 1316}; + /* We try multiplying the results with various odd numbers, which shouldn't + * influence the uniform distribution modulo a power of 2. */ + static const uint32_t mults[6] = {1, 3, 21, 289, 0x9999, 0x80402011}; + /* We only select up to 6 bits from the output to analyse */ + unsigned int usebits = bits > 6 ? 6 : bits; + unsigned int maxshift = bits - usebits; + /* For each of the maxshift+1 usebits-bit sequences inside a bits-bit + number, track all observed outcomes, one per bit in a uint64_t. */ + uint64_t x[6][27] = {{0}}; + unsigned int i, shift, m; + /* Multiply the output of all rand calls with the odd number m, which + should not change the uniformity of its distribution. */ + for (i = 0; i < rounds[usebits]; i++) { + uint32_t r = (rand32 ? secp256k1_rand32() : secp256k1_rand_bits(bits)); + CHECK((((uint64_t)r) >> bits) == 0); + for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { + uint32_t rm = r * mults[m]; + for (shift = 0; shift <= maxshift; shift++) { + x[m][shift] |= (((uint64_t)1) << ((rm >> shift) & ((1 << usebits) - 1))); + } + } + } + for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { + for (shift = 0; shift <= maxshift; shift++) { + /* Test that the lower usebits bits of x[shift] are 1 */ + CHECK(((~x[m][shift]) << (64 - (1 << usebits))) == 0); + } + } +} + +/* Subrange must be a whole divisor of range, and at most 64 */ +void test_rand_int(uint32_t range, uint32_t subrange) { + /* (1-1/subrange)^rounds < 1/10^9 */ + int rounds = (subrange * 2073) / 100; + int i; + uint64_t x = 0; + CHECK((range % subrange) == 0); + for (i = 0; i < rounds; i++) { + uint32_t r = secp256k1_rand_int(range); + CHECK(r < range); + r = r % subrange; + x |= (((uint64_t)1) << r); + } + /* Test that the lower subrange bits of x are 1. */ + CHECK(((~x) << (64 - subrange)) == 0); +} + +void run_rand_bits(void) { + size_t b; + test_rand_bits(1, 32); + for (b = 1; b <= 32; b++) { + test_rand_bits(0, b); + } +} + +void run_rand_int(void) { + static const uint32_t ms[] = {1, 3, 17, 1000, 13771, 999999, 33554432}; + static const uint32_t ss[] = {1, 3, 6, 9, 13, 31, 64}; + unsigned int m, s; + for (m = 0; m < sizeof(ms) / sizeof(ms[0]); m++) { + for (s = 0; s < sizeof(ss) / sizeof(ss[0]); s++) { + test_rand_int(ms[m] * ss[s], ss[s]); + } + } +} + +/***** NUM TESTS *****/ + +#ifndef USE_NUM_NONE +void random_num_negate(secp256k1_num *num) { + if (secp256k1_rand_bits(1)) { + secp256k1_num_negate(num); + } +} + +void random_num_order_test(secp256k1_num *num) { + secp256k1_scalar sc; + random_scalar_order_test(&sc); + secp256k1_scalar_get_num(num, &sc); +} + +void random_num_order(secp256k1_num *num) { + secp256k1_scalar sc; + random_scalar_order(&sc); + secp256k1_scalar_get_num(num, &sc); +} + +void test_num_negate(void) { + secp256k1_num n1; + secp256k1_num n2; + random_num_order_test(&n1); /* n1 = R */ + random_num_negate(&n1); + secp256k1_num_copy(&n2, &n1); /* n2 = R */ + secp256k1_num_sub(&n1, &n2, &n1); /* n1 = n2-n1 = 0 */ + CHECK(secp256k1_num_is_zero(&n1)); + secp256k1_num_copy(&n1, &n2); /* n1 = R */ + secp256k1_num_negate(&n1); /* n1 = -R */ + CHECK(!secp256k1_num_is_zero(&n1)); + secp256k1_num_add(&n1, &n2, &n1); /* n1 = n2+n1 = 0 */ + CHECK(secp256k1_num_is_zero(&n1)); + secp256k1_num_copy(&n1, &n2); /* n1 = R */ + secp256k1_num_negate(&n1); /* n1 = -R */ + CHECK(secp256k1_num_is_neg(&n1) != secp256k1_num_is_neg(&n2)); + secp256k1_num_negate(&n1); /* n1 = R */ + CHECK(secp256k1_num_eq(&n1, &n2)); +} + +void test_num_add_sub(void) { + int i; + secp256k1_scalar s; + secp256k1_num n1; + secp256k1_num n2; + secp256k1_num n1p2, n2p1, n1m2, n2m1; + random_num_order_test(&n1); /* n1 = R1 */ + if (secp256k1_rand_bits(1)) { + random_num_negate(&n1); + } + random_num_order_test(&n2); /* n2 = R2 */ + if (secp256k1_rand_bits(1)) { + random_num_negate(&n2); + } + secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = R1 + R2 */ + secp256k1_num_add(&n2p1, &n2, &n1); /* n2p1 = R2 + R1 */ + secp256k1_num_sub(&n1m2, &n1, &n2); /* n1m2 = R1 - R2 */ + secp256k1_num_sub(&n2m1, &n2, &n1); /* n2m1 = R2 - R1 */ + CHECK(secp256k1_num_eq(&n1p2, &n2p1)); + CHECK(!secp256k1_num_eq(&n1p2, &n1m2)); + secp256k1_num_negate(&n2m1); /* n2m1 = -R2 + R1 */ + CHECK(secp256k1_num_eq(&n2m1, &n1m2)); + CHECK(!secp256k1_num_eq(&n2m1, &n1)); + secp256k1_num_add(&n2m1, &n2m1, &n2); /* n2m1 = -R2 + R1 + R2 = R1 */ + CHECK(secp256k1_num_eq(&n2m1, &n1)); + CHECK(!secp256k1_num_eq(&n2p1, &n1)); + secp256k1_num_sub(&n2p1, &n2p1, &n2); /* n2p1 = R2 + R1 - R2 = R1 */ + CHECK(secp256k1_num_eq(&n2p1, &n1)); + + /* check is_one */ + secp256k1_scalar_set_int(&s, 1); + secp256k1_scalar_get_num(&n1, &s); + CHECK(secp256k1_num_is_one(&n1)); + /* check that 2^n + 1 is never 1 */ + secp256k1_scalar_get_num(&n2, &s); + for (i = 0; i < 250; ++i) { + secp256k1_num_add(&n1, &n1, &n1); /* n1 *= 2 */ + secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = n1 + 1 */ + CHECK(!secp256k1_num_is_one(&n1p2)); + } +} + +void test_num_mod(void) { + int i; + secp256k1_scalar s; + secp256k1_num order, n; + + /* check that 0 mod anything is 0 */ + random_scalar_order_test(&s); + secp256k1_scalar_get_num(&order, &s); + secp256k1_scalar_set_int(&s, 0); + secp256k1_scalar_get_num(&n, &s); + secp256k1_num_mod(&n, &order); + CHECK(secp256k1_num_is_zero(&n)); + + /* check that anything mod 1 is 0 */ + secp256k1_scalar_set_int(&s, 1); + secp256k1_scalar_get_num(&order, &s); + secp256k1_scalar_get_num(&n, &s); + secp256k1_num_mod(&n, &order); + CHECK(secp256k1_num_is_zero(&n)); + + /* check that increasing the number past 2^256 does not break this */ + random_scalar_order_test(&s); + secp256k1_scalar_get_num(&n, &s); + /* multiply by 2^8, which'll test this case with high probability */ + for (i = 0; i < 8; ++i) { + secp256k1_num_add(&n, &n, &n); + } + secp256k1_num_mod(&n, &order); + CHECK(secp256k1_num_is_zero(&n)); +} + +void test_num_jacobi(void) { + secp256k1_scalar sqr; + secp256k1_scalar small; + secp256k1_scalar five; /* five is not a quadratic residue */ + secp256k1_num order, n; + int i; + /* squares mod 5 are 1, 4 */ + const int jacobi5[10] = { 0, 1, -1, -1, 1, 0, 1, -1, -1, 1 }; + + /* check some small values with 5 as the order */ + secp256k1_scalar_set_int(&five, 5); + secp256k1_scalar_get_num(&order, &five); + for (i = 0; i < 10; ++i) { + secp256k1_scalar_set_int(&small, i); + secp256k1_scalar_get_num(&n, &small); + CHECK(secp256k1_num_jacobi(&n, &order) == jacobi5[i]); + } + + /** test large values with 5 as group order */ + secp256k1_scalar_get_num(&order, &five); + /* we first need a scalar which is not a multiple of 5 */ + do { + secp256k1_num fiven; + random_scalar_order_test(&sqr); + secp256k1_scalar_get_num(&fiven, &five); + secp256k1_scalar_get_num(&n, &sqr); + secp256k1_num_mod(&n, &fiven); + } while (secp256k1_num_is_zero(&n)); + /* next force it to be a residue. 2 is a nonresidue mod 5 so we can + * just multiply by two, i.e. add the number to itself */ + if (secp256k1_num_jacobi(&n, &order) == -1) { + secp256k1_num_add(&n, &n, &n); + } + + /* test residue */ + CHECK(secp256k1_num_jacobi(&n, &order) == 1); + /* test nonresidue */ + secp256k1_num_add(&n, &n, &n); + CHECK(secp256k1_num_jacobi(&n, &order) == -1); + + /** test with secp group order as order */ + secp256k1_scalar_order_get_num(&order); + random_scalar_order_test(&sqr); + secp256k1_scalar_sqr(&sqr, &sqr); + /* test residue */ + secp256k1_scalar_get_num(&n, &sqr); + CHECK(secp256k1_num_jacobi(&n, &order) == 1); + /* test nonresidue */ + secp256k1_scalar_mul(&sqr, &sqr, &five); + secp256k1_scalar_get_num(&n, &sqr); + CHECK(secp256k1_num_jacobi(&n, &order) == -1); + /* test multiple of the order*/ + CHECK(secp256k1_num_jacobi(&order, &order) == 0); + + /* check one less than the order */ + secp256k1_scalar_set_int(&small, 1); + secp256k1_scalar_get_num(&n, &small); + secp256k1_num_sub(&n, &order, &n); + CHECK(secp256k1_num_jacobi(&n, &order) == 1); /* sage confirms this is 1 */ +} + +void run_num_smalltests(void) { + int i; + for (i = 0; i < 100*count; i++) { + test_num_negate(); + test_num_add_sub(); + test_num_mod(); + test_num_jacobi(); + } +} +#endif + +/***** SCALAR TESTS *****/ + +void scalar_test(void) { + secp256k1_scalar s; + secp256k1_scalar s1; + secp256k1_scalar s2; +#ifndef USE_NUM_NONE + secp256k1_num snum, s1num, s2num; + secp256k1_num order, half_order; +#endif + unsigned char c[32]; + + /* Set 's' to a random scalar, with value 'snum'. */ + random_scalar_order_test(&s); + + /* Set 's1' to a random scalar, with value 's1num'. */ + random_scalar_order_test(&s1); + + /* Set 's2' to a random scalar, with value 'snum2', and byte array representation 'c'. */ + random_scalar_order_test(&s2); + secp256k1_scalar_get_b32(c, &s2); + +#ifndef USE_NUM_NONE + secp256k1_scalar_get_num(&snum, &s); + secp256k1_scalar_get_num(&s1num, &s1); + secp256k1_scalar_get_num(&s2num, &s2); + + secp256k1_scalar_order_get_num(&order); + half_order = order; + secp256k1_num_shift(&half_order, 1); +#endif + + { + int i; + /* Test that fetching groups of 4 bits from a scalar and recursing n(i)=16*n(i-1)+p(i) reconstructs it. */ + secp256k1_scalar n; + secp256k1_scalar_set_int(&n, 0); + for (i = 0; i < 256; i += 4) { + secp256k1_scalar t; + int j; + secp256k1_scalar_set_int(&t, secp256k1_scalar_get_bits(&s, 256 - 4 - i, 4)); + for (j = 0; j < 4; j++) { + secp256k1_scalar_add(&n, &n, &n); + } + secp256k1_scalar_add(&n, &n, &t); + } + CHECK(secp256k1_scalar_eq(&n, &s)); + } + + { + /* Test that fetching groups of randomly-sized bits from a scalar and recursing n(i)=b*n(i-1)+p(i) reconstructs it. */ + secp256k1_scalar n; + int i = 0; + secp256k1_scalar_set_int(&n, 0); + while (i < 256) { + secp256k1_scalar t; + int j; + int now = secp256k1_rand_int(15) + 1; + if (now + i > 256) { + now = 256 - i; + } + secp256k1_scalar_set_int(&t, secp256k1_scalar_get_bits_var(&s, 256 - now - i, now)); + for (j = 0; j < now; j++) { + secp256k1_scalar_add(&n, &n, &n); + } + secp256k1_scalar_add(&n, &n, &t); + i += now; + } + CHECK(secp256k1_scalar_eq(&n, &s)); + } + +#ifndef USE_NUM_NONE + { + /* Test that adding the scalars together is equal to adding their numbers together modulo the order. */ + secp256k1_num rnum; + secp256k1_num r2num; + secp256k1_scalar r; + secp256k1_num_add(&rnum, &snum, &s2num); + secp256k1_num_mod(&rnum, &order); + secp256k1_scalar_add(&r, &s, &s2); + secp256k1_scalar_get_num(&r2num, &r); + CHECK(secp256k1_num_eq(&rnum, &r2num)); + } + + { + /* Test that multiplying the scalars is equal to multiplying their numbers modulo the order. */ + secp256k1_scalar r; + secp256k1_num r2num; + secp256k1_num rnum; + secp256k1_num_mul(&rnum, &snum, &s2num); + secp256k1_num_mod(&rnum, &order); + secp256k1_scalar_mul(&r, &s, &s2); + secp256k1_scalar_get_num(&r2num, &r); + CHECK(secp256k1_num_eq(&rnum, &r2num)); + /* The result can only be zero if at least one of the factors was zero. */ + CHECK(secp256k1_scalar_is_zero(&r) == (secp256k1_scalar_is_zero(&s) || secp256k1_scalar_is_zero(&s2))); + /* The results can only be equal to one of the factors if that factor was zero, or the other factor was one. */ + CHECK(secp256k1_num_eq(&rnum, &snum) == (secp256k1_scalar_is_zero(&s) || secp256k1_scalar_is_one(&s2))); + CHECK(secp256k1_num_eq(&rnum, &s2num) == (secp256k1_scalar_is_zero(&s2) || secp256k1_scalar_is_one(&s))); + } + + { + secp256k1_scalar neg; + secp256k1_num negnum; + secp256k1_num negnum2; + /* Check that comparison with zero matches comparison with zero on the number. */ + CHECK(secp256k1_num_is_zero(&snum) == secp256k1_scalar_is_zero(&s)); + /* Check that comparison with the half order is equal to testing for high scalar. */ + CHECK(secp256k1_scalar_is_high(&s) == (secp256k1_num_cmp(&snum, &half_order) > 0)); + secp256k1_scalar_negate(&neg, &s); + secp256k1_num_sub(&negnum, &order, &snum); + secp256k1_num_mod(&negnum, &order); + /* Check that comparison with the half order is equal to testing for high scalar after negation. */ + CHECK(secp256k1_scalar_is_high(&neg) == (secp256k1_num_cmp(&negnum, &half_order) > 0)); + /* Negating should change the high property, unless the value was already zero. */ + CHECK((secp256k1_scalar_is_high(&s) == secp256k1_scalar_is_high(&neg)) == secp256k1_scalar_is_zero(&s)); + secp256k1_scalar_get_num(&negnum2, &neg); + /* Negating a scalar should be equal to (order - n) mod order on the number. */ + CHECK(secp256k1_num_eq(&negnum, &negnum2)); + secp256k1_scalar_add(&neg, &neg, &s); + /* Adding a number to its negation should result in zero. */ + CHECK(secp256k1_scalar_is_zero(&neg)); + secp256k1_scalar_negate(&neg, &neg); + /* Negating zero should still result in zero. */ + CHECK(secp256k1_scalar_is_zero(&neg)); + } + + { + /* Test secp256k1_scalar_mul_shift_var. */ + secp256k1_scalar r; + secp256k1_num one; + secp256k1_num rnum; + secp256k1_num rnum2; + unsigned char cone[1] = {0x01}; + unsigned int shift = 256 + secp256k1_rand_int(257); + secp256k1_scalar_mul_shift_var(&r, &s1, &s2, shift); + secp256k1_num_mul(&rnum, &s1num, &s2num); + secp256k1_num_shift(&rnum, shift - 1); + secp256k1_num_set_bin(&one, cone, 1); + secp256k1_num_add(&rnum, &rnum, &one); + secp256k1_num_shift(&rnum, 1); + secp256k1_scalar_get_num(&rnum2, &r); + CHECK(secp256k1_num_eq(&rnum, &rnum2)); + } + + { + /* test secp256k1_scalar_shr_int */ + secp256k1_scalar r; + int i; + random_scalar_order_test(&r); + for (i = 0; i < 100; ++i) { + int low; + int shift = 1 + secp256k1_rand_int(15); + int expected = r.d[0] % (1 << shift); + low = secp256k1_scalar_shr_int(&r, shift); + CHECK(expected == low); + } + } +#endif + + { + /* Test that scalar inverses are equal to the inverse of their number modulo the order. */ + if (!secp256k1_scalar_is_zero(&s)) { + secp256k1_scalar inv; +#ifndef USE_NUM_NONE + secp256k1_num invnum; + secp256k1_num invnum2; +#endif + secp256k1_scalar_inverse(&inv, &s); +#ifndef USE_NUM_NONE + secp256k1_num_mod_inverse(&invnum, &snum, &order); + secp256k1_scalar_get_num(&invnum2, &inv); + CHECK(secp256k1_num_eq(&invnum, &invnum2)); +#endif + secp256k1_scalar_mul(&inv, &inv, &s); + /* Multiplying a scalar with its inverse must result in one. */ + CHECK(secp256k1_scalar_is_one(&inv)); + secp256k1_scalar_inverse(&inv, &inv); + /* Inverting one must result in one. */ + CHECK(secp256k1_scalar_is_one(&inv)); +#ifndef USE_NUM_NONE + secp256k1_scalar_get_num(&invnum, &inv); + CHECK(secp256k1_num_is_one(&invnum)); +#endif + } + } + + { + /* Test commutativity of add. */ + secp256k1_scalar r1, r2; + secp256k1_scalar_add(&r1, &s1, &s2); + secp256k1_scalar_add(&r2, &s2, &s1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + secp256k1_scalar r1, r2; + secp256k1_scalar b; + int i; + /* Test add_bit. */ + int bit = secp256k1_rand_bits(8); + secp256k1_scalar_set_int(&b, 1); + CHECK(secp256k1_scalar_is_one(&b)); + for (i = 0; i < bit; i++) { + secp256k1_scalar_add(&b, &b, &b); + } + r1 = s1; + r2 = s1; + if (!secp256k1_scalar_add(&r1, &r1, &b)) { + /* No overflow happened. */ + secp256k1_scalar_cadd_bit(&r2, bit, 1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + /* cadd is a noop when flag is zero */ + secp256k1_scalar_cadd_bit(&r2, bit, 0); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + } + + { + /* Test commutativity of mul. */ + secp256k1_scalar r1, r2; + secp256k1_scalar_mul(&r1, &s1, &s2); + secp256k1_scalar_mul(&r2, &s2, &s1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + /* Test associativity of add. */ + secp256k1_scalar r1, r2; + secp256k1_scalar_add(&r1, &s1, &s2); + secp256k1_scalar_add(&r1, &r1, &s); + secp256k1_scalar_add(&r2, &s2, &s); + secp256k1_scalar_add(&r2, &s1, &r2); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + /* Test associativity of mul. */ + secp256k1_scalar r1, r2; + secp256k1_scalar_mul(&r1, &s1, &s2); + secp256k1_scalar_mul(&r1, &r1, &s); + secp256k1_scalar_mul(&r2, &s2, &s); + secp256k1_scalar_mul(&r2, &s1, &r2); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + /* Test distributitivity of mul over add. */ + secp256k1_scalar r1, r2, t; + secp256k1_scalar_add(&r1, &s1, &s2); + secp256k1_scalar_mul(&r1, &r1, &s); + secp256k1_scalar_mul(&r2, &s1, &s); + secp256k1_scalar_mul(&t, &s2, &s); + secp256k1_scalar_add(&r2, &r2, &t); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + /* Test square. */ + secp256k1_scalar r1, r2; + secp256k1_scalar_sqr(&r1, &s1); + secp256k1_scalar_mul(&r2, &s1, &s1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + /* Test multiplicative identity. */ + secp256k1_scalar r1, v1; + secp256k1_scalar_set_int(&v1,1); + secp256k1_scalar_mul(&r1, &s1, &v1); + CHECK(secp256k1_scalar_eq(&r1, &s1)); + } + + { + /* Test additive identity. */ + secp256k1_scalar r1, v0; + secp256k1_scalar_set_int(&v0,0); + secp256k1_scalar_add(&r1, &s1, &v0); + CHECK(secp256k1_scalar_eq(&r1, &s1)); + } + + { + /* Test zero product property. */ + secp256k1_scalar r1, v0; + secp256k1_scalar_set_int(&v0,0); + secp256k1_scalar_mul(&r1, &s1, &v0); + CHECK(secp256k1_scalar_eq(&r1, &v0)); + } + +} + +void run_scalar_tests(void) { + int i; + for (i = 0; i < 128 * count; i++) { + scalar_test(); + } + + { + /* (-1)+1 should be zero. */ + secp256k1_scalar s, o; + secp256k1_scalar_set_int(&s, 1); + CHECK(secp256k1_scalar_is_one(&s)); + secp256k1_scalar_negate(&o, &s); + secp256k1_scalar_add(&o, &o, &s); + CHECK(secp256k1_scalar_is_zero(&o)); + secp256k1_scalar_negate(&o, &o); + CHECK(secp256k1_scalar_is_zero(&o)); + } + +#ifndef USE_NUM_NONE + { + /* A scalar with value of the curve order should be 0. */ + secp256k1_num order; + secp256k1_scalar zero; + unsigned char bin[32]; + int overflow = 0; + secp256k1_scalar_order_get_num(&order); + secp256k1_num_get_bin(bin, 32, &order); + secp256k1_scalar_set_b32(&zero, bin, &overflow); + CHECK(overflow == 1); + CHECK(secp256k1_scalar_is_zero(&zero)); + } +#endif + + { + /* Does check_overflow check catch all ones? */ + static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL + ); + CHECK(secp256k1_scalar_check_overflow(&overflowed)); + } + + { + /* Static test vectors. + * These were reduced from ~10^12 random vectors based on comparison-decision + * and edge-case coverage on 32-bit and 64-bit implementations. + * The responses were generated with Sage 5.9. + */ + secp256k1_scalar x; + secp256k1_scalar y; + secp256k1_scalar z; + secp256k1_scalar zz; + secp256k1_scalar one; + secp256k1_scalar r1; + secp256k1_scalar r2; +#if defined(USE_SCALAR_INV_NUM) + secp256k1_scalar zzv; +#endif + int overflow; + unsigned char chal[33][2][32] = { + {{0xff, 0xff, 0x03, 0x07, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, + 0xff, 0xff, 0x03, 0x00, 0xc0, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff}}, + {{0xef, 0xff, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, + 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x80, 0xff}}, + {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, + 0x80, 0x00, 0x00, 0x80, 0xff, 0x3f, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0x00}, + {0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0xe0, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x1e, 0xf8, 0xff, 0xff, 0xff, 0xfd, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, + 0x00, 0x00, 0x00, 0xf8, 0xff, 0x03, 0x00, 0xe0, + 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0xf0, 0xff, + 0xf3, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x1c, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00, + 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x1f, 0x00, 0x00, 0x80, 0xff, 0xff, 0x3f, + 0x00, 0xfe, 0xff, 0xff, 0xff, 0xdf, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0xff, 0x00, 0x0f, 0xfc, 0x9f, + 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0x0f, 0xfc, 0xff, 0x7f, 0x00, 0x00, 0x00, + 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, + {0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0xf8, 0xff, 0x0f, 0xc0, 0xff, 0xff, + 0xff, 0x1f, 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x07, 0x80, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, + 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, + 0xf7, 0xff, 0xff, 0xef, 0xff, 0xff, 0xff, 0x00, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xf0}, + {0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, + {{0x00, 0xf8, 0xff, 0x03, 0xff, 0xff, 0xff, 0x00, + 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x03, 0xc0, 0xff, 0x0f, 0xfc, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, + 0xff, 0x01, 0x00, 0x00, 0x00, 0x3f, 0x00, 0xc0, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, + {{0x8f, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x7f, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x03, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x80, 0xff, 0x7f}, + {0xff, 0xcf, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00, + 0x00, 0xc0, 0xff, 0xcf, 0xff, 0xff, 0xff, 0xff, + 0xbf, 0xff, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x80, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xff, 0xff, + 0xff, 0xff, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0x01, 0xfc, 0xff, 0x01, 0x00, 0xfe, 0xff}, + {0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00}}, + {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x7f, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0xf8, 0xff, 0x01, 0x00, 0xf0, 0xff, 0xff, + 0xe0, 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, + 0xfc, 0xff, 0xff, 0x3f, 0xf0, 0xff, 0xff, 0x3f, + 0x00, 0x00, 0xf8, 0x07, 0x00, 0x00, 0x00, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x0f, 0x7e, 0x00, 0x00}}, + {{0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x1f, 0x00, 0x00, 0xfe, 0x07, 0x00}, + {0x00, 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xfb, 0xff, 0x07, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60}}, + {{0xff, 0x01, 0x00, 0xff, 0xff, 0xff, 0x0f, 0x00, + 0x80, 0x7f, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0x1f, 0x00, 0xf0, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00, 0x00}}, + {{0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf1, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, + 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xc0, 0xff, 0xff, 0xcf, 0xff, 0x1f, 0x00, 0x00, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x7e, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7c, 0x00}, + {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0xff, 0xff, 0x7f, 0x00, 0x80, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, + {0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x80, + 0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, + 0xff, 0x7f, 0xf8, 0xff, 0xff, 0x1f, 0x00, 0xfe}}, + {{0xff, 0xff, 0xff, 0x3f, 0xf8, 0xff, 0xff, 0xff, + 0xff, 0x03, 0xfe, 0x01, 0x00, 0x00, 0x00, 0x00, + 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0x01, 0x80, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0xc0, + 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, + 0xf0, 0xff, 0xff, 0xff, 0xff, 0x07, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x01, 0xff, 0xff, 0xff}}, + {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x7e, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x07, 0x00, + 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, + 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0x01, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xf0, 0xff, 0xff, 0xff, 0xff, 0x00, + 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, + 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, + 0xff, 0xff, 0x3f, 0x00, 0xf8, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x3f, 0x00, 0x00, 0xc0, 0xf1, 0x7f, 0x00}}, + {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00}, + {0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, + 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0x80, 0x1f, + 0x00, 0x00, 0xfc, 0xff, 0xff, 0x01, 0xff, 0xff}}, + {{0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x80, 0x00, 0x00, 0x80, 0xff, 0x03, 0xe0, 0x01, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0xfc, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xfe, 0xff, 0xff, 0xf0, 0x07, 0x00, 0x3c, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x07, 0xe0, 0xff, 0x00, 0x00, 0x00}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07, 0xf8, + 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x0c, 0x80, 0x00, + 0x00, 0x00, 0x00, 0xc0, 0x7f, 0xfe, 0xff, 0x1f, + 0x00, 0xfe, 0xff, 0x03, 0x00, 0x00, 0xfe, 0xff}}, + {{0xff, 0xff, 0x81, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x83, + 0xff, 0xff, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0xf0}, + {0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x00, + 0xf8, 0x07, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xc7, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff}}, + {{0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, + 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb, + 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03}, + {0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, + 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb, + 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03}} + }; + unsigned char res[33][2][32] = { + {{0x0c, 0x3b, 0x0a, 0xca, 0x8d, 0x1a, 0x2f, 0xb9, + 0x8a, 0x7b, 0x53, 0x5a, 0x1f, 0xc5, 0x22, 0xa1, + 0x07, 0x2a, 0x48, 0xea, 0x02, 0xeb, 0xb3, 0xd6, + 0x20, 0x1e, 0x86, 0xd0, 0x95, 0xf6, 0x92, 0x35}, + {0xdc, 0x90, 0x7a, 0x07, 0x2e, 0x1e, 0x44, 0x6d, + 0xf8, 0x15, 0x24, 0x5b, 0x5a, 0x96, 0x37, 0x9c, + 0x37, 0x7b, 0x0d, 0xac, 0x1b, 0x65, 0x58, 0x49, + 0x43, 0xb7, 0x31, 0xbb, 0xa7, 0xf4, 0x97, 0x15}}, + {{0xf1, 0xf7, 0x3a, 0x50, 0xe6, 0x10, 0xba, 0x22, + 0x43, 0x4d, 0x1f, 0x1f, 0x7c, 0x27, 0xca, 0x9c, + 0xb8, 0xb6, 0xa0, 0xfc, 0xd8, 0xc0, 0x05, 0x2f, + 0xf7, 0x08, 0xe1, 0x76, 0xdd, 0xd0, 0x80, 0xc8}, + {0xe3, 0x80, 0x80, 0xb8, 0xdb, 0xe3, 0xa9, 0x77, + 0x00, 0xb0, 0xf5, 0x2e, 0x27, 0xe2, 0x68, 0xc4, + 0x88, 0xe8, 0x04, 0xc1, 0x12, 0xbf, 0x78, 0x59, + 0xe6, 0xa9, 0x7c, 0xe1, 0x81, 0xdd, 0xb9, 0xd5}}, + {{0x96, 0xe2, 0xee, 0x01, 0xa6, 0x80, 0x31, 0xef, + 0x5c, 0xd0, 0x19, 0xb4, 0x7d, 0x5f, 0x79, 0xab, + 0xa1, 0x97, 0xd3, 0x7e, 0x33, 0xbb, 0x86, 0x55, + 0x60, 0x20, 0x10, 0x0d, 0x94, 0x2d, 0x11, 0x7c}, + {0xcc, 0xab, 0xe0, 0xe8, 0x98, 0x65, 0x12, 0x96, + 0x38, 0x5a, 0x1a, 0xf2, 0x85, 0x23, 0x59, 0x5f, + 0xf9, 0xf3, 0xc2, 0x81, 0x70, 0x92, 0x65, 0x12, + 0x9c, 0x65, 0x1e, 0x96, 0x00, 0xef, 0xe7, 0x63}}, + {{0xac, 0x1e, 0x62, 0xc2, 0x59, 0xfc, 0x4e, 0x5c, + 0x83, 0xb0, 0xd0, 0x6f, 0xce, 0x19, 0xf6, 0xbf, + 0xa4, 0xb0, 0xe0, 0x53, 0x66, 0x1f, 0xbf, 0xc9, + 0x33, 0x47, 0x37, 0xa9, 0x3d, 0x5d, 0xb0, 0x48}, + {0x86, 0xb9, 0x2a, 0x7f, 0x8e, 0xa8, 0x60, 0x42, + 0x26, 0x6d, 0x6e, 0x1c, 0xa2, 0xec, 0xe0, 0xe5, + 0x3e, 0x0a, 0x33, 0xbb, 0x61, 0x4c, 0x9f, 0x3c, + 0xd1, 0xdf, 0x49, 0x33, 0xcd, 0x72, 0x78, 0x18}}, + {{0xf7, 0xd3, 0xcd, 0x49, 0x5c, 0x13, 0x22, 0xfb, + 0x2e, 0xb2, 0x2f, 0x27, 0xf5, 0x8a, 0x5d, 0x74, + 0xc1, 0x58, 0xc5, 0xc2, 0x2d, 0x9f, 0x52, 0xc6, + 0x63, 0x9f, 0xba, 0x05, 0x76, 0x45, 0x7a, 0x63}, + {0x8a, 0xfa, 0x55, 0x4d, 0xdd, 0xa3, 0xb2, 0xc3, + 0x44, 0xfd, 0xec, 0x72, 0xde, 0xef, 0xc0, 0x99, + 0xf5, 0x9f, 0xe2, 0x52, 0xb4, 0x05, 0x32, 0x58, + 0x57, 0xc1, 0x8f, 0xea, 0xc3, 0x24, 0x5b, 0x94}}, + {{0x05, 0x83, 0xee, 0xdd, 0x64, 0xf0, 0x14, 0x3b, + 0xa0, 0x14, 0x4a, 0x3a, 0x41, 0x82, 0x7c, 0xa7, + 0x2c, 0xaa, 0xb1, 0x76, 0xbb, 0x59, 0x64, 0x5f, + 0x52, 0xad, 0x25, 0x29, 0x9d, 0x8f, 0x0b, 0xb0}, + {0x7e, 0xe3, 0x7c, 0xca, 0xcd, 0x4f, 0xb0, 0x6d, + 0x7a, 0xb2, 0x3e, 0xa0, 0x08, 0xb9, 0xa8, 0x2d, + 0xc2, 0xf4, 0x99, 0x66, 0xcc, 0xac, 0xd8, 0xb9, + 0x72, 0x2a, 0x4a, 0x3e, 0x0f, 0x7b, 0xbf, 0xf4}}, + {{0x8c, 0x9c, 0x78, 0x2b, 0x39, 0x61, 0x7e, 0xf7, + 0x65, 0x37, 0x66, 0x09, 0x38, 0xb9, 0x6f, 0x70, + 0x78, 0x87, 0xff, 0xcf, 0x93, 0xca, 0x85, 0x06, + 0x44, 0x84, 0xa7, 0xfe, 0xd3, 0xa4, 0xe3, 0x7e}, + {0xa2, 0x56, 0x49, 0x23, 0x54, 0xa5, 0x50, 0xe9, + 0x5f, 0xf0, 0x4d, 0xe7, 0xdc, 0x38, 0x32, 0x79, + 0x4f, 0x1c, 0xb7, 0xe4, 0xbb, 0xf8, 0xbb, 0x2e, + 0x40, 0x41, 0x4b, 0xcc, 0xe3, 0x1e, 0x16, 0x36}}, + {{0x0c, 0x1e, 0xd7, 0x09, 0x25, 0x40, 0x97, 0xcb, + 0x5c, 0x46, 0xa8, 0xda, 0xef, 0x25, 0xd5, 0xe5, + 0x92, 0x4d, 0xcf, 0xa3, 0xc4, 0x5d, 0x35, 0x4a, + 0xe4, 0x61, 0x92, 0xf3, 0xbf, 0x0e, 0xcd, 0xbe}, + {0xe4, 0xaf, 0x0a, 0xb3, 0x30, 0x8b, 0x9b, 0x48, + 0x49, 0x43, 0xc7, 0x64, 0x60, 0x4a, 0x2b, 0x9e, + 0x95, 0x5f, 0x56, 0xe8, 0x35, 0xdc, 0xeb, 0xdc, + 0xc7, 0xc4, 0xfe, 0x30, 0x40, 0xc7, 0xbf, 0xa4}}, + {{0xd4, 0xa0, 0xf5, 0x81, 0x49, 0x6b, 0xb6, 0x8b, + 0x0a, 0x69, 0xf9, 0xfe, 0xa8, 0x32, 0xe5, 0xe0, + 0xa5, 0xcd, 0x02, 0x53, 0xf9, 0x2c, 0xe3, 0x53, + 0x83, 0x36, 0xc6, 0x02, 0xb5, 0xeb, 0x64, 0xb8}, + {0x1d, 0x42, 0xb9, 0xf9, 0xe9, 0xe3, 0x93, 0x2c, + 0x4c, 0xee, 0x6c, 0x5a, 0x47, 0x9e, 0x62, 0x01, + 0x6b, 0x04, 0xfe, 0xa4, 0x30, 0x2b, 0x0d, 0x4f, + 0x71, 0x10, 0xd3, 0x55, 0xca, 0xf3, 0x5e, 0x80}}, + {{0x77, 0x05, 0xf6, 0x0c, 0x15, 0x9b, 0x45, 0xe7, + 0xb9, 0x11, 0xb8, 0xf5, 0xd6, 0xda, 0x73, 0x0c, + 0xda, 0x92, 0xea, 0xd0, 0x9d, 0xd0, 0x18, 0x92, + 0xce, 0x9a, 0xaa, 0xee, 0x0f, 0xef, 0xde, 0x30}, + {0xf1, 0xf1, 0xd6, 0x9b, 0x51, 0xd7, 0x77, 0x62, + 0x52, 0x10, 0xb8, 0x7a, 0x84, 0x9d, 0x15, 0x4e, + 0x07, 0xdc, 0x1e, 0x75, 0x0d, 0x0c, 0x3b, 0xdb, + 0x74, 0x58, 0x62, 0x02, 0x90, 0x54, 0x8b, 0x43}}, + {{0xa6, 0xfe, 0x0b, 0x87, 0x80, 0x43, 0x67, 0x25, + 0x57, 0x5d, 0xec, 0x40, 0x50, 0x08, 0xd5, 0x5d, + 0x43, 0xd7, 0xe0, 0xaa, 0xe0, 0x13, 0xb6, 0xb0, + 0xc0, 0xd4, 0xe5, 0x0d, 0x45, 0x83, 0xd6, 0x13}, + {0x40, 0x45, 0x0a, 0x92, 0x31, 0xea, 0x8c, 0x60, + 0x8c, 0x1f, 0xd8, 0x76, 0x45, 0xb9, 0x29, 0x00, + 0x26, 0x32, 0xd8, 0xa6, 0x96, 0x88, 0xe2, 0xc4, + 0x8b, 0xdb, 0x7f, 0x17, 0x87, 0xcc, 0xc8, 0xf2}}, + {{0xc2, 0x56, 0xe2, 0xb6, 0x1a, 0x81, 0xe7, 0x31, + 0x63, 0x2e, 0xbb, 0x0d, 0x2f, 0x81, 0x67, 0xd4, + 0x22, 0xe2, 0x38, 0x02, 0x25, 0x97, 0xc7, 0x88, + 0x6e, 0xdf, 0xbe, 0x2a, 0xa5, 0x73, 0x63, 0xaa}, + {0x50, 0x45, 0xe2, 0xc3, 0xbd, 0x89, 0xfc, 0x57, + 0xbd, 0x3c, 0xa3, 0x98, 0x7e, 0x7f, 0x36, 0x38, + 0x92, 0x39, 0x1f, 0x0f, 0x81, 0x1a, 0x06, 0x51, + 0x1f, 0x8d, 0x6a, 0xff, 0x47, 0x16, 0x06, 0x9c}}, + {{0x33, 0x95, 0xa2, 0x6f, 0x27, 0x5f, 0x9c, 0x9c, + 0x64, 0x45, 0xcb, 0xd1, 0x3c, 0xee, 0x5e, 0x5f, + 0x48, 0xa6, 0xaf, 0xe3, 0x79, 0xcf, 0xb1, 0xe2, + 0xbf, 0x55, 0x0e, 0xa2, 0x3b, 0x62, 0xf0, 0xe4}, + {0x14, 0xe8, 0x06, 0xe3, 0xbe, 0x7e, 0x67, 0x01, + 0xc5, 0x21, 0x67, 0xd8, 0x54, 0xb5, 0x7f, 0xa4, + 0xf9, 0x75, 0x70, 0x1c, 0xfd, 0x79, 0xdb, 0x86, + 0xad, 0x37, 0x85, 0x83, 0x56, 0x4e, 0xf0, 0xbf}}, + {{0xbc, 0xa6, 0xe0, 0x56, 0x4e, 0xef, 0xfa, 0xf5, + 0x1d, 0x5d, 0x3f, 0x2a, 0x5b, 0x19, 0xab, 0x51, + 0xc5, 0x8b, 0xdd, 0x98, 0x28, 0x35, 0x2f, 0xc3, + 0x81, 0x4f, 0x5c, 0xe5, 0x70, 0xb9, 0xeb, 0x62}, + {0xc4, 0x6d, 0x26, 0xb0, 0x17, 0x6b, 0xfe, 0x6c, + 0x12, 0xf8, 0xe7, 0xc1, 0xf5, 0x2f, 0xfa, 0x91, + 0x13, 0x27, 0xbd, 0x73, 0xcc, 0x33, 0x31, 0x1c, + 0x39, 0xe3, 0x27, 0x6a, 0x95, 0xcf, 0xc5, 0xfb}}, + {{0x30, 0xb2, 0x99, 0x84, 0xf0, 0x18, 0x2a, 0x6e, + 0x1e, 0x27, 0xed, 0xa2, 0x29, 0x99, 0x41, 0x56, + 0xe8, 0xd4, 0x0d, 0xef, 0x99, 0x9c, 0xf3, 0x58, + 0x29, 0x55, 0x1a, 0xc0, 0x68, 0xd6, 0x74, 0xa4}, + {0x07, 0x9c, 0xe7, 0xec, 0xf5, 0x36, 0x73, 0x41, + 0xa3, 0x1c, 0xe5, 0x93, 0x97, 0x6a, 0xfd, 0xf7, + 0x53, 0x18, 0xab, 0xaf, 0xeb, 0x85, 0xbd, 0x92, + 0x90, 0xab, 0x3c, 0xbf, 0x30, 0x82, 0xad, 0xf6}}, + {{0xc6, 0x87, 0x8a, 0x2a, 0xea, 0xc0, 0xa9, 0xec, + 0x6d, 0xd3, 0xdc, 0x32, 0x23, 0xce, 0x62, 0x19, + 0xa4, 0x7e, 0xa8, 0xdd, 0x1c, 0x33, 0xae, 0xd3, + 0x4f, 0x62, 0x9f, 0x52, 0xe7, 0x65, 0x46, 0xf4}, + {0x97, 0x51, 0x27, 0x67, 0x2d, 0xa2, 0x82, 0x87, + 0x98, 0xd3, 0xb6, 0x14, 0x7f, 0x51, 0xd3, 0x9a, + 0x0b, 0xd0, 0x76, 0x81, 0xb2, 0x4f, 0x58, 0x92, + 0xa4, 0x86, 0xa1, 0xa7, 0x09, 0x1d, 0xef, 0x9b}}, + {{0xb3, 0x0f, 0x2b, 0x69, 0x0d, 0x06, 0x90, 0x64, + 0xbd, 0x43, 0x4c, 0x10, 0xe8, 0x98, 0x1c, 0xa3, + 0xe1, 0x68, 0xe9, 0x79, 0x6c, 0x29, 0x51, 0x3f, + 0x41, 0xdc, 0xdf, 0x1f, 0xf3, 0x60, 0xbe, 0x33}, + {0xa1, 0x5f, 0xf7, 0x1d, 0xb4, 0x3e, 0x9b, 0x3c, + 0xe7, 0xbd, 0xb6, 0x06, 0xd5, 0x60, 0x06, 0x6d, + 0x50, 0xd2, 0xf4, 0x1a, 0x31, 0x08, 0xf2, 0xea, + 0x8e, 0xef, 0x5f, 0x7d, 0xb6, 0xd0, 0xc0, 0x27}}, + {{0x62, 0x9a, 0xd9, 0xbb, 0x38, 0x36, 0xce, 0xf7, + 0x5d, 0x2f, 0x13, 0xec, 0xc8, 0x2d, 0x02, 0x8a, + 0x2e, 0x72, 0xf0, 0xe5, 0x15, 0x9d, 0x72, 0xae, + 0xfc, 0xb3, 0x4f, 0x02, 0xea, 0xe1, 0x09, 0xfe}, + {0x00, 0x00, 0x00, 0x00, 0xfa, 0x0a, 0x3d, 0xbc, + 0xad, 0x16, 0x0c, 0xb6, 0xe7, 0x7c, 0x8b, 0x39, + 0x9a, 0x43, 0xbb, 0xe3, 0xc2, 0x55, 0x15, 0x14, + 0x75, 0xac, 0x90, 0x9b, 0x7f, 0x9a, 0x92, 0x00}}, + {{0x8b, 0xac, 0x70, 0x86, 0x29, 0x8f, 0x00, 0x23, + 0x7b, 0x45, 0x30, 0xaa, 0xb8, 0x4c, 0xc7, 0x8d, + 0x4e, 0x47, 0x85, 0xc6, 0x19, 0xe3, 0x96, 0xc2, + 0x9a, 0xa0, 0x12, 0xed, 0x6f, 0xd7, 0x76, 0x16}, + {0x45, 0xaf, 0x7e, 0x33, 0xc7, 0x7f, 0x10, 0x6c, + 0x7c, 0x9f, 0x29, 0xc1, 0xa8, 0x7e, 0x15, 0x84, + 0xe7, 0x7d, 0xc0, 0x6d, 0xab, 0x71, 0x5d, 0xd0, + 0x6b, 0x9f, 0x97, 0xab, 0xcb, 0x51, 0x0c, 0x9f}}, + {{0x9e, 0xc3, 0x92, 0xb4, 0x04, 0x9f, 0xc8, 0xbb, + 0xdd, 0x9e, 0xc6, 0x05, 0xfd, 0x65, 0xec, 0x94, + 0x7f, 0x2c, 0x16, 0xc4, 0x40, 0xac, 0x63, 0x7b, + 0x7d, 0xb8, 0x0c, 0xe4, 0x5b, 0xe3, 0xa7, 0x0e}, + {0x43, 0xf4, 0x44, 0xe8, 0xcc, 0xc8, 0xd4, 0x54, + 0x33, 0x37, 0x50, 0xf2, 0x87, 0x42, 0x2e, 0x00, + 0x49, 0x60, 0x62, 0x02, 0xfd, 0x1a, 0x7c, 0xdb, + 0x29, 0x6c, 0x6d, 0x54, 0x53, 0x08, 0xd1, 0xc8}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}, + {{0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1, + 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0, + 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59, + 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}, + {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1, + 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0, + 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59, + 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}}, + {{0x28, 0x56, 0xac, 0x0e, 0x4f, 0x98, 0x09, 0xf0, + 0x49, 0xfa, 0x7f, 0x84, 0xac, 0x7e, 0x50, 0x5b, + 0x17, 0x43, 0x14, 0x89, 0x9c, 0x53, 0xa8, 0x94, + 0x30, 0xf2, 0x11, 0x4d, 0x92, 0x14, 0x27, 0xe8}, + {0x39, 0x7a, 0x84, 0x56, 0x79, 0x9d, 0xec, 0x26, + 0x2c, 0x53, 0xc1, 0x94, 0xc9, 0x8d, 0x9e, 0x9d, + 0x32, 0x1f, 0xdd, 0x84, 0x04, 0xe8, 0xe2, 0x0a, + 0x6b, 0xbe, 0xbb, 0x42, 0x40, 0x67, 0x30, 0x6c}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, + 0x40, 0x2d, 0xa1, 0x73, 0x2f, 0xc9, 0xbe, 0xbd}, + {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1, + 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0, + 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59, + 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}, + {{0x1c, 0xc4, 0xf7, 0xda, 0x0f, 0x65, 0xca, 0x39, + 0x70, 0x52, 0x92, 0x8e, 0xc3, 0xc8, 0x15, 0xea, + 0x7f, 0x10, 0x9e, 0x77, 0x4b, 0x6e, 0x2d, 0xdf, + 0xe8, 0x30, 0x9d, 0xda, 0xe8, 0x9a, 0x65, 0xae}, + {0x02, 0xb0, 0x16, 0xb1, 0x1d, 0xc8, 0x57, 0x7b, + 0xa2, 0x3a, 0xa2, 0xa3, 0x38, 0x5c, 0x8f, 0xeb, + 0x66, 0x37, 0x91, 0xa8, 0x5f, 0xef, 0x04, 0xf6, + 0x59, 0x75, 0xe1, 0xee, 0x92, 0xf6, 0x0e, 0x30}}, + {{0x8d, 0x76, 0x14, 0xa4, 0x14, 0x06, 0x9f, 0x9a, + 0xdf, 0x4a, 0x85, 0xa7, 0x6b, 0xbf, 0x29, 0x6f, + 0xbc, 0x34, 0x87, 0x5d, 0xeb, 0xbb, 0x2e, 0xa9, + 0xc9, 0x1f, 0x58, 0xd6, 0x9a, 0x82, 0xa0, 0x56}, + {0xd4, 0xb9, 0xdb, 0x88, 0x1d, 0x04, 0xe9, 0x93, + 0x8d, 0x3f, 0x20, 0xd5, 0x86, 0xa8, 0x83, 0x07, + 0xdb, 0x09, 0xd8, 0x22, 0x1f, 0x7f, 0xf1, 0x71, + 0xc8, 0xe7, 0x5d, 0x47, 0xaf, 0x8b, 0x72, 0xe9}}, + {{0x83, 0xb9, 0x39, 0xb2, 0xa4, 0xdf, 0x46, 0x87, + 0xc2, 0xb8, 0xf1, 0xe6, 0x4c, 0xd1, 0xe2, 0xa9, + 0xe4, 0x70, 0x30, 0x34, 0xbc, 0x52, 0x7c, 0x55, + 0xa6, 0xec, 0x80, 0xa4, 0xe5, 0xd2, 0xdc, 0x73}, + {0x08, 0xf1, 0x03, 0xcf, 0x16, 0x73, 0xe8, 0x7d, + 0xb6, 0x7e, 0x9b, 0xc0, 0xb4, 0xc2, 0xa5, 0x86, + 0x02, 0x77, 0xd5, 0x27, 0x86, 0xa5, 0x15, 0xfb, + 0xae, 0x9b, 0x8c, 0xa9, 0xf9, 0xf8, 0xa8, 0x4a}}, + {{0x8b, 0x00, 0x49, 0xdb, 0xfa, 0xf0, 0x1b, 0xa2, + 0xed, 0x8a, 0x9a, 0x7a, 0x36, 0x78, 0x4a, 0xc7, + 0xf7, 0xad, 0x39, 0xd0, 0x6c, 0x65, 0x7a, 0x41, + 0xce, 0xd6, 0xd6, 0x4c, 0x20, 0x21, 0x6b, 0xc7}, + {0xc6, 0xca, 0x78, 0x1d, 0x32, 0x6c, 0x6c, 0x06, + 0x91, 0xf2, 0x1a, 0xe8, 0x43, 0x16, 0xea, 0x04, + 0x3c, 0x1f, 0x07, 0x85, 0xf7, 0x09, 0x22, 0x08, + 0xba, 0x13, 0xfd, 0x78, 0x1e, 0x3f, 0x6f, 0x62}}, + {{0x25, 0x9b, 0x7c, 0xb0, 0xac, 0x72, 0x6f, 0xb2, + 0xe3, 0x53, 0x84, 0x7a, 0x1a, 0x9a, 0x98, 0x9b, + 0x44, 0xd3, 0x59, 0xd0, 0x8e, 0x57, 0x41, 0x40, + 0x78, 0xa7, 0x30, 0x2f, 0x4c, 0x9c, 0xb9, 0x68}, + {0xb7, 0x75, 0x03, 0x63, 0x61, 0xc2, 0x48, 0x6e, + 0x12, 0x3d, 0xbf, 0x4b, 0x27, 0xdf, 0xb1, 0x7a, + 0xff, 0x4e, 0x31, 0x07, 0x83, 0xf4, 0x62, 0x5b, + 0x19, 0xa5, 0xac, 0xa0, 0x32, 0x58, 0x0d, 0xa7}}, + {{0x43, 0x4f, 0x10, 0xa4, 0xca, 0xdb, 0x38, 0x67, + 0xfa, 0xae, 0x96, 0xb5, 0x6d, 0x97, 0xff, 0x1f, + 0xb6, 0x83, 0x43, 0xd3, 0xa0, 0x2d, 0x70, 0x7a, + 0x64, 0x05, 0x4c, 0xa7, 0xc1, 0xa5, 0x21, 0x51}, + {0xe4, 0xf1, 0x23, 0x84, 0xe1, 0xb5, 0x9d, 0xf2, + 0xb8, 0x73, 0x8b, 0x45, 0x2b, 0x35, 0x46, 0x38, + 0x10, 0x2b, 0x50, 0xf8, 0x8b, 0x35, 0xcd, 0x34, + 0xc8, 0x0e, 0xf6, 0xdb, 0x09, 0x35, 0xf0, 0xda}}, + {{0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34, + 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13, + 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46, + 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}, + {0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34, + 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13, + 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46, + 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}} + }; + secp256k1_scalar_set_int(&one, 1); + for (i = 0; i < 33; i++) { + secp256k1_scalar_set_b32(&x, chal[i][0], &overflow); + CHECK(!overflow); + secp256k1_scalar_set_b32(&y, chal[i][1], &overflow); + CHECK(!overflow); + secp256k1_scalar_set_b32(&r1, res[i][0], &overflow); + CHECK(!overflow); + secp256k1_scalar_set_b32(&r2, res[i][1], &overflow); + CHECK(!overflow); + secp256k1_scalar_mul(&z, &x, &y); + CHECK(!secp256k1_scalar_check_overflow(&z)); + CHECK(secp256k1_scalar_eq(&r1, &z)); + if (!secp256k1_scalar_is_zero(&y)) { + secp256k1_scalar_inverse(&zz, &y); + CHECK(!secp256k1_scalar_check_overflow(&zz)); +#if defined(USE_SCALAR_INV_NUM) + secp256k1_scalar_inverse_var(&zzv, &y); + CHECK(secp256k1_scalar_eq(&zzv, &zz)); +#endif + secp256k1_scalar_mul(&z, &z, &zz); + CHECK(!secp256k1_scalar_check_overflow(&z)); + CHECK(secp256k1_scalar_eq(&x, &z)); + secp256k1_scalar_mul(&zz, &zz, &y); + CHECK(!secp256k1_scalar_check_overflow(&zz)); + CHECK(secp256k1_scalar_eq(&one, &zz)); + } + secp256k1_scalar_mul(&z, &x, &x); + CHECK(!secp256k1_scalar_check_overflow(&z)); + secp256k1_scalar_sqr(&zz, &x); + CHECK(!secp256k1_scalar_check_overflow(&zz)); + CHECK(secp256k1_scalar_eq(&zz, &z)); + CHECK(secp256k1_scalar_eq(&r2, &zz)); + } + } +} + +/***** FIELD TESTS *****/ + +void random_fe(secp256k1_fe *x) { + unsigned char bin[32]; + do { + secp256k1_rand256(bin); + if (secp256k1_fe_set_b32(x, bin)) { + return; + } + } while(1); +} + +void random_fe_test(secp256k1_fe *x) { + unsigned char bin[32]; + do { + secp256k1_rand256_test(bin); + if (secp256k1_fe_set_b32(x, bin)) { + return; + } + } while(1); +} + +void random_fe_non_zero(secp256k1_fe *nz) { + int tries = 10; + while (--tries >= 0) { + random_fe(nz); + secp256k1_fe_normalize(nz); + if (!secp256k1_fe_is_zero(nz)) { + break; + } + } + /* Infinitesimal probability of spurious failure here */ + CHECK(tries >= 0); +} + +void random_fe_non_square(secp256k1_fe *ns) { + secp256k1_fe r; + random_fe_non_zero(ns); + if (secp256k1_fe_sqrt(&r, ns)) { + secp256k1_fe_negate(ns, ns, 1); + } +} + +int check_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b) { + secp256k1_fe an = *a; + secp256k1_fe bn = *b; + secp256k1_fe_normalize_weak(&an); + secp256k1_fe_normalize_var(&bn); + return secp256k1_fe_equal_var(&an, &bn); +} + +int check_fe_inverse(const secp256k1_fe *a, const secp256k1_fe *ai) { + secp256k1_fe x; + secp256k1_fe one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_fe_mul(&x, a, ai); + return check_fe_equal(&x, &one); +} + +void run_field_convert(void) { + static const unsigned char b32[32] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, + 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40 + }; + static const secp256k1_fe_storage fes = SECP256K1_FE_STORAGE_CONST( + 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, + 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL + ); + static const secp256k1_fe fe = SECP256K1_FE_CONST( + 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, + 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL + ); + secp256k1_fe fe2; + unsigned char b322[32]; + secp256k1_fe_storage fes2; + /* Check conversions to fe. */ + CHECK(secp256k1_fe_set_b32(&fe2, b32)); + CHECK(secp256k1_fe_equal_var(&fe, &fe2)); + secp256k1_fe_from_storage(&fe2, &fes); + CHECK(secp256k1_fe_equal_var(&fe, &fe2)); + /* Check conversion from fe. */ + secp256k1_fe_get_b32(b322, &fe); + CHECK(memcmp(b322, b32, 32) == 0); + secp256k1_fe_to_storage(&fes2, &fe); + CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0); +} + +int fe_memcmp(const secp256k1_fe *a, const secp256k1_fe *b) { + secp256k1_fe t = *b; +#ifdef VERIFY + t.magnitude = a->magnitude; + t.normalized = a->normalized; +#endif + return memcmp(a, &t, sizeof(secp256k1_fe)); +} + +void run_field_misc(void) { + secp256k1_fe x; + secp256k1_fe y; + secp256k1_fe z; + secp256k1_fe q; + secp256k1_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); + int i, j; + for (i = 0; i < 5*count; i++) { + secp256k1_fe_storage xs, ys, zs; + random_fe(&x); + random_fe_non_zero(&y); + /* Test the fe equality and comparison operations. */ + CHECK(secp256k1_fe_cmp_var(&x, &x) == 0); + CHECK(secp256k1_fe_equal_var(&x, &x)); + z = x; + secp256k1_fe_add(&z,&y); + /* Test fe conditional move; z is not normalized here. */ + q = x; + secp256k1_fe_cmov(&x, &z, 0); +#ifdef VERIFY + CHECK(!x.normalized && x.magnitude == z.magnitude); +#endif + secp256k1_fe_cmov(&x, &x, 1); + CHECK(fe_memcmp(&x, &z) != 0); + CHECK(fe_memcmp(&x, &q) == 0); + secp256k1_fe_cmov(&q, &z, 1); +#ifdef VERIFY + CHECK(!q.normalized && q.magnitude == z.magnitude); +#endif + CHECK(fe_memcmp(&q, &z) == 0); + secp256k1_fe_normalize_var(&x); + secp256k1_fe_normalize_var(&z); + CHECK(!secp256k1_fe_equal_var(&x, &z)); + secp256k1_fe_normalize_var(&q); + secp256k1_fe_cmov(&q, &z, (i&1)); +#ifdef VERIFY + CHECK(q.normalized && q.magnitude == 1); +#endif + for (j = 0; j < 6; j++) { + secp256k1_fe_negate(&z, &z, j+1); + secp256k1_fe_normalize_var(&q); + secp256k1_fe_cmov(&q, &z, (j&1)); +#ifdef VERIFY + CHECK(!q.normalized && q.magnitude == (j+2)); +#endif + } + secp256k1_fe_normalize_var(&z); + /* Test storage conversion and conditional moves. */ + secp256k1_fe_to_storage(&xs, &x); + secp256k1_fe_to_storage(&ys, &y); + secp256k1_fe_to_storage(&zs, &z); + secp256k1_fe_storage_cmov(&zs, &xs, 0); + secp256k1_fe_storage_cmov(&zs, &zs, 1); + CHECK(memcmp(&xs, &zs, sizeof(xs)) != 0); + secp256k1_fe_storage_cmov(&ys, &xs, 1); + CHECK(memcmp(&xs, &ys, sizeof(xs)) == 0); + secp256k1_fe_from_storage(&x, &xs); + secp256k1_fe_from_storage(&y, &ys); + secp256k1_fe_from_storage(&z, &zs); + /* Test that mul_int, mul, and add agree. */ + secp256k1_fe_add(&y, &x); + secp256k1_fe_add(&y, &x); + z = x; + secp256k1_fe_mul_int(&z, 3); + CHECK(check_fe_equal(&y, &z)); + secp256k1_fe_add(&y, &x); + secp256k1_fe_add(&z, &x); + CHECK(check_fe_equal(&z, &y)); + z = x; + secp256k1_fe_mul_int(&z, 5); + secp256k1_fe_mul(&q, &x, &fe5); + CHECK(check_fe_equal(&z, &q)); + secp256k1_fe_negate(&x, &x, 1); + secp256k1_fe_add(&z, &x); + secp256k1_fe_add(&q, &x); + CHECK(check_fe_equal(&y, &z)); + CHECK(check_fe_equal(&q, &y)); + } +} + +void run_field_inv(void) { + secp256k1_fe x, xi, xii; + int i; + for (i = 0; i < 10*count; i++) { + random_fe_non_zero(&x); + secp256k1_fe_inv(&xi, &x); + CHECK(check_fe_inverse(&x, &xi)); + secp256k1_fe_inv(&xii, &xi); + CHECK(check_fe_equal(&x, &xii)); + } +} + +void run_field_inv_var(void) { + secp256k1_fe x, xi, xii; + int i; + for (i = 0; i < 10*count; i++) { + random_fe_non_zero(&x); + secp256k1_fe_inv_var(&xi, &x); + CHECK(check_fe_inverse(&x, &xi)); + secp256k1_fe_inv_var(&xii, &xi); + CHECK(check_fe_equal(&x, &xii)); + } +} + +void run_field_inv_all_var(void) { + secp256k1_fe x[16], xi[16], xii[16]; + int i; + /* Check it's safe to call for 0 elements */ + secp256k1_fe_inv_all_var(xi, x, 0); + for (i = 0; i < count; i++) { + size_t j; + size_t len = secp256k1_rand_int(15) + 1; + for (j = 0; j < len; j++) { + random_fe_non_zero(&x[j]); + } + secp256k1_fe_inv_all_var(xi, x, len); + for (j = 0; j < len; j++) { + CHECK(check_fe_inverse(&x[j], &xi[j])); + } + secp256k1_fe_inv_all_var(xii, xi, len); + for (j = 0; j < len; j++) { + CHECK(check_fe_equal(&x[j], &xii[j])); + } + } +} + +void run_sqr(void) { + secp256k1_fe x, s; + + { + int i; + secp256k1_fe_set_int(&x, 1); + secp256k1_fe_negate(&x, &x, 1); + + for (i = 1; i <= 512; ++i) { + secp256k1_fe_mul_int(&x, 2); + secp256k1_fe_normalize(&x); + secp256k1_fe_sqr(&s, &x); + } + } +} + +void test_sqrt(const secp256k1_fe *a, const secp256k1_fe *k) { + secp256k1_fe r1, r2; + int v = secp256k1_fe_sqrt(&r1, a); + CHECK((v == 0) == (k == NULL)); + + if (k != NULL) { + /* Check that the returned root is +/- the given known answer */ + secp256k1_fe_negate(&r2, &r1, 1); + secp256k1_fe_add(&r1, k); secp256k1_fe_add(&r2, k); + secp256k1_fe_normalize(&r1); secp256k1_fe_normalize(&r2); + CHECK(secp256k1_fe_is_zero(&r1) || secp256k1_fe_is_zero(&r2)); + } +} + +void run_sqrt(void) { + secp256k1_fe ns, x, s, t; + int i; + + /* Check sqrt(0) is 0 */ + secp256k1_fe_set_int(&x, 0); + secp256k1_fe_sqr(&s, &x); + test_sqrt(&s, &x); + + /* Check sqrt of small squares (and their negatives) */ + for (i = 1; i <= 100; i++) { + secp256k1_fe_set_int(&x, i); + secp256k1_fe_sqr(&s, &x); + test_sqrt(&s, &x); + secp256k1_fe_negate(&t, &s, 1); + test_sqrt(&t, NULL); + } + + /* Consistency checks for large random values */ + for (i = 0; i < 10; i++) { + int j; + random_fe_non_square(&ns); + for (j = 0; j < count; j++) { + random_fe(&x); + secp256k1_fe_sqr(&s, &x); + test_sqrt(&s, &x); + secp256k1_fe_negate(&t, &s, 1); + test_sqrt(&t, NULL); + secp256k1_fe_mul(&t, &s, &ns); + test_sqrt(&t, NULL); + } + } +} + +/***** GROUP TESTS *****/ + +void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) { + CHECK(a->infinity == b->infinity); + if (a->infinity) { + return; + } + CHECK(secp256k1_fe_equal_var(&a->x, &b->x)); + CHECK(secp256k1_fe_equal_var(&a->y, &b->y)); +} + +/* This compares jacobian points including their Z, not just their geometric meaning. */ +int gej_xyz_equals_gej(const secp256k1_gej *a, const secp256k1_gej *b) { + secp256k1_gej a2; + secp256k1_gej b2; + int ret = 1; + ret &= a->infinity == b->infinity; + if (ret && !a->infinity) { + a2 = *a; + b2 = *b; + secp256k1_fe_normalize(&a2.x); + secp256k1_fe_normalize(&a2.y); + secp256k1_fe_normalize(&a2.z); + secp256k1_fe_normalize(&b2.x); + secp256k1_fe_normalize(&b2.y); + secp256k1_fe_normalize(&b2.z); + ret &= secp256k1_fe_cmp_var(&a2.x, &b2.x) == 0; + ret &= secp256k1_fe_cmp_var(&a2.y, &b2.y) == 0; + ret &= secp256k1_fe_cmp_var(&a2.z, &b2.z) == 0; + } + return ret; +} + +void ge_equals_gej(const secp256k1_ge *a, const secp256k1_gej *b) { + secp256k1_fe z2s; + secp256k1_fe u1, u2, s1, s2; + CHECK(a->infinity == b->infinity); + if (a->infinity) { + return; + } + /* Check a.x * b.z^2 == b.x && a.y * b.z^3 == b.y, to avoid inverses. */ + secp256k1_fe_sqr(&z2s, &b->z); + secp256k1_fe_mul(&u1, &a->x, &z2s); + u2 = b->x; secp256k1_fe_normalize_weak(&u2); + secp256k1_fe_mul(&s1, &a->y, &z2s); secp256k1_fe_mul(&s1, &s1, &b->z); + s2 = b->y; secp256k1_fe_normalize_weak(&s2); + CHECK(secp256k1_fe_equal_var(&u1, &u2)); + CHECK(secp256k1_fe_equal_var(&s1, &s2)); +} + +void test_ge(void) { + int i, i1; +#ifdef USE_ENDOMORPHISM + int runs = 6; +#else + int runs = 4; +#endif + /* Points: (infinity, p1, p1, -p1, -p1, p2, p2, -p2, -p2, p3, p3, -p3, -p3, p4, p4, -p4, -p4). + * The second in each pair of identical points uses a random Z coordinate in the Jacobian form. + * All magnitudes are randomized. + * All 17*17 combinations of points are added to each other, using all applicable methods. + * + * When the endomorphism code is compiled in, p5 = lambda*p1 and p6 = lambda^2*p1 are added as well. + */ + secp256k1_ge *ge = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * (1 + 4 * runs)); + secp256k1_gej *gej = (secp256k1_gej *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_gej) * (1 + 4 * runs)); + secp256k1_fe *zinv = (secp256k1_fe *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_fe) * (1 + 4 * runs)); + secp256k1_fe zf; + secp256k1_fe zfi2, zfi3; + + secp256k1_gej_set_infinity(&gej[0]); + secp256k1_ge_clear(&ge[0]); + secp256k1_ge_set_gej_var(&ge[0], &gej[0]); + for (i = 0; i < runs; i++) { + int j; + secp256k1_ge g; + random_group_element_test(&g); +#ifdef USE_ENDOMORPHISM + if (i >= runs - 2) { + secp256k1_ge_mul_lambda(&g, &ge[1]); + } + if (i >= runs - 1) { + secp256k1_ge_mul_lambda(&g, &g); + } +#endif + ge[1 + 4 * i] = g; + ge[2 + 4 * i] = g; + secp256k1_ge_neg(&ge[3 + 4 * i], &g); + secp256k1_ge_neg(&ge[4 + 4 * i], &g); + secp256k1_gej_set_ge(&gej[1 + 4 * i], &ge[1 + 4 * i]); + random_group_element_jacobian_test(&gej[2 + 4 * i], &ge[2 + 4 * i]); + secp256k1_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]); + random_group_element_jacobian_test(&gej[4 + 4 * i], &ge[4 + 4 * i]); + for (j = 0; j < 4; j++) { + random_field_element_magnitude(&ge[1 + j + 4 * i].x); + random_field_element_magnitude(&ge[1 + j + 4 * i].y); + random_field_element_magnitude(&gej[1 + j + 4 * i].x); + random_field_element_magnitude(&gej[1 + j + 4 * i].y); + random_field_element_magnitude(&gej[1 + j + 4 * i].z); + } + } + + /* Compute z inverses. */ + { + secp256k1_fe *zs = checked_malloc(&ctx->error_callback, sizeof(secp256k1_fe) * (1 + 4 * runs)); + for (i = 0; i < 4 * runs + 1; i++) { + if (i == 0) { + /* The point at infinity does not have a meaningful z inverse. Any should do. */ + do { + random_field_element_test(&zs[i]); + } while(secp256k1_fe_is_zero(&zs[i])); + } else { + zs[i] = gej[i].z; + } + } + secp256k1_fe_inv_all_var(zinv, zs, 4 * runs + 1); + free(zs); + } + + /* Generate random zf, and zfi2 = 1/zf^2, zfi3 = 1/zf^3 */ + do { + random_field_element_test(&zf); + } while(secp256k1_fe_is_zero(&zf)); + random_field_element_magnitude(&zf); + secp256k1_fe_inv_var(&zfi3, &zf); + secp256k1_fe_sqr(&zfi2, &zfi3); + secp256k1_fe_mul(&zfi3, &zfi3, &zfi2); + + for (i1 = 0; i1 < 1 + 4 * runs; i1++) { + int i2; + for (i2 = 0; i2 < 1 + 4 * runs; i2++) { + /* Compute reference result using gej + gej (var). */ + secp256k1_gej refj, resj; + secp256k1_ge ref; + secp256k1_fe zr; + secp256k1_gej_add_var(&refj, &gej[i1], &gej[i2], secp256k1_gej_is_infinity(&gej[i1]) ? NULL : &zr); + /* Check Z ratio. */ + if (!secp256k1_gej_is_infinity(&gej[i1]) && !secp256k1_gej_is_infinity(&refj)) { + secp256k1_fe zrz; secp256k1_fe_mul(&zrz, &zr, &gej[i1].z); + CHECK(secp256k1_fe_equal_var(&zrz, &refj.z)); + } + secp256k1_ge_set_gej_var(&ref, &refj); + + /* Test gej + ge with Z ratio result (var). */ + secp256k1_gej_add_ge_var(&resj, &gej[i1], &ge[i2], secp256k1_gej_is_infinity(&gej[i1]) ? NULL : &zr); + ge_equals_gej(&ref, &resj); + if (!secp256k1_gej_is_infinity(&gej[i1]) && !secp256k1_gej_is_infinity(&resj)) { + secp256k1_fe zrz; secp256k1_fe_mul(&zrz, &zr, &gej[i1].z); + CHECK(secp256k1_fe_equal_var(&zrz, &resj.z)); + } + + /* Test gej + ge (var, with additional Z factor). */ + { + secp256k1_ge ge2_zfi = ge[i2]; /* the second term with x and y rescaled for z = 1/zf */ + secp256k1_fe_mul(&ge2_zfi.x, &ge2_zfi.x, &zfi2); + secp256k1_fe_mul(&ge2_zfi.y, &ge2_zfi.y, &zfi3); + random_field_element_magnitude(&ge2_zfi.x); + random_field_element_magnitude(&ge2_zfi.y); + secp256k1_gej_add_zinv_var(&resj, &gej[i1], &ge2_zfi, &zf); + ge_equals_gej(&ref, &resj); + } + + /* Test gej + ge (const). */ + if (i2 != 0) { + /* secp256k1_gej_add_ge does not support its second argument being infinity. */ + secp256k1_gej_add_ge(&resj, &gej[i1], &ge[i2]); + ge_equals_gej(&ref, &resj); + } + + /* Test doubling (var). */ + if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 == ((i2 + 3)%4)/2)) { + secp256k1_fe zr2; + /* Normal doubling with Z ratio result. */ + secp256k1_gej_double_var(&resj, &gej[i1], &zr2); + ge_equals_gej(&ref, &resj); + /* Check Z ratio. */ + secp256k1_fe_mul(&zr2, &zr2, &gej[i1].z); + CHECK(secp256k1_fe_equal_var(&zr2, &resj.z)); + /* Normal doubling. */ + secp256k1_gej_double_var(&resj, &gej[i2], NULL); + ge_equals_gej(&ref, &resj); + } + + /* Test adding opposites. */ + if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 != ((i2 + 3)%4)/2)) { + CHECK(secp256k1_ge_is_infinity(&ref)); + } + + /* Test adding infinity. */ + if (i1 == 0) { + CHECK(secp256k1_ge_is_infinity(&ge[i1])); + CHECK(secp256k1_gej_is_infinity(&gej[i1])); + ge_equals_gej(&ref, &gej[i2]); + } + if (i2 == 0) { + CHECK(secp256k1_ge_is_infinity(&ge[i2])); + CHECK(secp256k1_gej_is_infinity(&gej[i2])); + ge_equals_gej(&ref, &gej[i1]); + } + } + } + + /* Test adding all points together in random order equals infinity. */ + { + secp256k1_gej sum = SECP256K1_GEJ_CONST_INFINITY; + secp256k1_gej *gej_shuffled = (secp256k1_gej *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_gej)); + for (i = 0; i < 4 * runs + 1; i++) { + gej_shuffled[i] = gej[i]; + } + for (i = 0; i < 4 * runs + 1; i++) { + int swap = i + secp256k1_rand_int(4 * runs + 1 - i); + if (swap != i) { + secp256k1_gej t = gej_shuffled[i]; + gej_shuffled[i] = gej_shuffled[swap]; + gej_shuffled[swap] = t; + } + } + for (i = 0; i < 4 * runs + 1; i++) { + secp256k1_gej_add_var(&sum, &sum, &gej_shuffled[i], NULL); + } + CHECK(secp256k1_gej_is_infinity(&sum)); + free(gej_shuffled); + } + + /* Test batch gej -> ge conversion with and without known z ratios. */ + { + secp256k1_fe *zr = (secp256k1_fe *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_fe)); + secp256k1_ge *ge_set_all = (secp256k1_ge *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_ge)); + for (i = 0; i < 4 * runs + 1; i++) { + /* Compute gej[i + 1].z / gez[i].z (with gej[n].z taken to be 1). */ + if (i < 4 * runs) { + secp256k1_fe_mul(&zr[i + 1], &zinv[i], &gej[i + 1].z); + } + } + secp256k1_ge_set_all_gej_var(ge_set_all, gej, 4 * runs + 1); + for (i = 0; i < 4 * runs + 1; i++) { + secp256k1_fe s; + random_fe_non_zero(&s); + secp256k1_gej_rescale(&gej[i], &s); + ge_equals_gej(&ge_set_all[i], &gej[i]); + } + free(ge_set_all); + free(zr); + } + + /* Test batch gej -> ge conversion with many infinities. */ + for (i = 0; i < 4 * runs + 1; i++) { + random_group_element_test(&ge[i]); + /* randomly set half the points to infinity */ + if(secp256k1_fe_is_odd(&ge[i].x)) { + secp256k1_ge_set_infinity(&ge[i]); + } + secp256k1_gej_set_ge(&gej[i], &ge[i]); + } + /* batch invert */ + secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1); + /* check result */ + for (i = 0; i < 4 * runs + 1; i++) { + ge_equals_gej(&ge[i], &gej[i]); + } + + free(ge); + free(gej); + free(zinv); +} + +void test_add_neg_y_diff_x(void) { + /* The point of this test is to check that we can add two points + * whose y-coordinates are negatives of each other but whose x + * coordinates differ. If the x-coordinates were the same, these + * points would be negatives of each other and their sum is + * infinity. This is cool because it "covers up" any degeneracy + * in the addition algorithm that would cause the xy coordinates + * of the sum to be wrong (since infinity has no xy coordinates). + * HOWEVER, if the x-coordinates are different, infinity is the + * wrong answer, and such degeneracies are exposed. This is the + * root of https://github.com/bitcoin-core/secp256k1/issues/257 + * which this test is a regression test for. + * + * These points were generated in sage as + * # secp256k1 params + * F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) + * C = EllipticCurve ([F (0), F (7)]) + * G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798) + * N = FiniteField(G.order()) + * + * # endomorphism values (lambda is 1^{1/3} in N, beta is 1^{1/3} in F) + * x = polygen(N) + * lam = (1 - x^3).roots()[1][0] + * + * # random "bad pair" + * P = C.random_element() + * Q = -int(lam) * P + * print " P: %x %x" % P.xy() + * print " Q: %x %x" % Q.xy() + * print "P + Q: %x %x" % (P + Q).xy() + */ + secp256k1_gej aj = SECP256K1_GEJ_CONST( + 0x8d24cd95, 0x0a355af1, 0x3c543505, 0x44238d30, + 0x0643d79f, 0x05a59614, 0x2f8ec030, 0xd58977cb, + 0x001e337a, 0x38093dcd, 0x6c0f386d, 0x0b1293a8, + 0x4d72c879, 0xd7681924, 0x44e6d2f3, 0x9190117d + ); + secp256k1_gej bj = SECP256K1_GEJ_CONST( + 0xc7b74206, 0x1f788cd9, 0xabd0937d, 0x164a0d86, + 0x95f6ff75, 0xf19a4ce9, 0xd013bd7b, 0xbf92d2a7, + 0xffe1cc85, 0xc7f6c232, 0x93f0c792, 0xf4ed6c57, + 0xb28d3786, 0x2897e6db, 0xbb192d0b, 0x6e6feab2 + ); + secp256k1_gej sumj = SECP256K1_GEJ_CONST( + 0x671a63c0, 0x3efdad4c, 0x389a7798, 0x24356027, + 0xb3d69010, 0x278625c3, 0x5c86d390, 0x184a8f7a, + 0x5f6409c2, 0x2ce01f2b, 0x511fd375, 0x25071d08, + 0xda651801, 0x70e95caf, 0x8f0d893c, 0xbed8fbbe + ); + secp256k1_ge b; + secp256k1_gej resj; + secp256k1_ge res; + secp256k1_ge_set_gej(&b, &bj); + + secp256k1_gej_add_var(&resj, &aj, &bj, NULL); + secp256k1_ge_set_gej(&res, &resj); + ge_equals_gej(&res, &sumj); + + secp256k1_gej_add_ge(&resj, &aj, &b); + secp256k1_ge_set_gej(&res, &resj); + ge_equals_gej(&res, &sumj); + + secp256k1_gej_add_ge_var(&resj, &aj, &b, NULL); + secp256k1_ge_set_gej(&res, &resj); + ge_equals_gej(&res, &sumj); +} + +void run_ge(void) { + int i; + for (i = 0; i < count * 32; i++) { + test_ge(); + } + test_add_neg_y_diff_x(); +} + +void test_ec_combine(void) { + secp256k1_scalar sum = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + secp256k1_pubkey data[6]; + const secp256k1_pubkey* d[6]; + secp256k1_pubkey sd; + secp256k1_pubkey sd2; + secp256k1_gej Qj; + secp256k1_ge Q; + int i; + for (i = 1; i <= 6; i++) { + secp256k1_scalar s; + random_scalar_order_test(&s); + secp256k1_scalar_add(&sum, &sum, &s); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &s); + secp256k1_ge_set_gej(&Q, &Qj); + secp256k1_pubkey_save(&data[i - 1], &Q); + d[i - 1] = &data[i - 1]; + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &sum); + secp256k1_ge_set_gej(&Q, &Qj); + secp256k1_pubkey_save(&sd, &Q); + CHECK(secp256k1_ec_pubkey_combine(ctx, &sd2, d, i) == 1); + CHECK(memcmp(&sd, &sd2, sizeof(sd)) == 0); + } +} + +void run_ec_combine(void) { + int i; + for (i = 0; i < count * 8; i++) { + test_ec_combine(); + } +} + +void test_group_decompress(const secp256k1_fe* x) { + /* The input itself, normalized. */ + secp256k1_fe fex = *x; + secp256k1_fe fez; + /* Results of set_xquad_var, set_xo_var(..., 0), set_xo_var(..., 1). */ + secp256k1_ge ge_quad, ge_even, ge_odd; + secp256k1_gej gej_quad; + /* Return values of the above calls. */ + int res_quad, res_even, res_odd; + + secp256k1_fe_normalize_var(&fex); + + res_quad = secp256k1_ge_set_xquad(&ge_quad, &fex); + res_even = secp256k1_ge_set_xo_var(&ge_even, &fex, 0); + res_odd = secp256k1_ge_set_xo_var(&ge_odd, &fex, 1); + + CHECK(res_quad == res_even); + CHECK(res_quad == res_odd); + + if (res_quad) { + secp256k1_fe_normalize_var(&ge_quad.x); + secp256k1_fe_normalize_var(&ge_odd.x); + secp256k1_fe_normalize_var(&ge_even.x); + secp256k1_fe_normalize_var(&ge_quad.y); + secp256k1_fe_normalize_var(&ge_odd.y); + secp256k1_fe_normalize_var(&ge_even.y); + + /* No infinity allowed. */ + CHECK(!ge_quad.infinity); + CHECK(!ge_even.infinity); + CHECK(!ge_odd.infinity); + + /* Check that the x coordinates check out. */ + CHECK(secp256k1_fe_equal_var(&ge_quad.x, x)); + CHECK(secp256k1_fe_equal_var(&ge_even.x, x)); + CHECK(secp256k1_fe_equal_var(&ge_odd.x, x)); + + /* Check that the Y coordinate result in ge_quad is a square. */ + CHECK(secp256k1_fe_is_quad_var(&ge_quad.y)); + + /* Check odd/even Y in ge_odd, ge_even. */ + CHECK(secp256k1_fe_is_odd(&ge_odd.y)); + CHECK(!secp256k1_fe_is_odd(&ge_even.y)); + + /* Check secp256k1_gej_has_quad_y_var. */ + secp256k1_gej_set_ge(&gej_quad, &ge_quad); + CHECK(secp256k1_gej_has_quad_y_var(&gej_quad)); + do { + random_fe_test(&fez); + } while (secp256k1_fe_is_zero(&fez)); + secp256k1_gej_rescale(&gej_quad, &fez); + CHECK(secp256k1_gej_has_quad_y_var(&gej_quad)); + secp256k1_gej_neg(&gej_quad, &gej_quad); + CHECK(!secp256k1_gej_has_quad_y_var(&gej_quad)); + do { + random_fe_test(&fez); + } while (secp256k1_fe_is_zero(&fez)); + secp256k1_gej_rescale(&gej_quad, &fez); + CHECK(!secp256k1_gej_has_quad_y_var(&gej_quad)); + secp256k1_gej_neg(&gej_quad, &gej_quad); + CHECK(secp256k1_gej_has_quad_y_var(&gej_quad)); + } +} + +void run_group_decompress(void) { + int i; + for (i = 0; i < count * 4; i++) { + secp256k1_fe fe; + random_fe_test(&fe); + test_group_decompress(&fe); + } +} + +/***** ECMULT TESTS *****/ + +void run_ecmult_chain(void) { + /* random starting point A (on the curve) */ + secp256k1_gej a = SECP256K1_GEJ_CONST( + 0x8b30bbe9, 0xae2a9906, 0x96b22f67, 0x0709dff3, + 0x727fd8bc, 0x04d3362c, 0x6c7bf458, 0xe2846004, + 0xa357ae91, 0x5c4a6528, 0x1309edf2, 0x0504740f, + 0x0eb33439, 0x90216b4f, 0x81063cb6, 0x5f2f7e0f + ); + /* two random initial factors xn and gn */ + secp256k1_scalar xn = SECP256K1_SCALAR_CONST( + 0x84cc5452, 0xf7fde1ed, 0xb4d38a8c, 0xe9b1b84c, + 0xcef31f14, 0x6e569be9, 0x705d357a, 0x42985407 + ); + secp256k1_scalar gn = SECP256K1_SCALAR_CONST( + 0xa1e58d22, 0x553dcd42, 0xb2398062, 0x5d4c57a9, + 0x6e9323d4, 0x2b3152e5, 0xca2c3990, 0xedc7c9de + ); + /* two small multipliers to be applied to xn and gn in every iteration: */ + static const secp256k1_scalar xf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x1337); + static const secp256k1_scalar gf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x7113); + /* accumulators with the resulting coefficients to A and G */ + secp256k1_scalar ae = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_scalar ge = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + /* actual points */ + secp256k1_gej x; + secp256k1_gej x2; + int i; + + /* the point being computed */ + x = a; + for (i = 0; i < 200*count; i++) { + /* in each iteration, compute X = xn*X + gn*G; */ + secp256k1_ecmult(&ctx->ecmult_ctx, &x, &x, &xn, &gn); + /* also compute ae and ge: the actual accumulated factors for A and G */ + /* if X was (ae*A+ge*G), xn*X + gn*G results in (xn*ae*A + (xn*ge+gn)*G) */ + secp256k1_scalar_mul(&ae, &ae, &xn); + secp256k1_scalar_mul(&ge, &ge, &xn); + secp256k1_scalar_add(&ge, &ge, &gn); + /* modify xn and gn */ + secp256k1_scalar_mul(&xn, &xn, &xf); + secp256k1_scalar_mul(&gn, &gn, &gf); + + /* verify */ + if (i == 19999) { + /* expected result after 19999 iterations */ + secp256k1_gej rp = SECP256K1_GEJ_CONST( + 0xD6E96687, 0xF9B10D09, 0x2A6F3543, 0x9D86CEBE, + 0xA4535D0D, 0x409F5358, 0x6440BD74, 0xB933E830, + 0xB95CBCA2, 0xC77DA786, 0x539BE8FD, 0x53354D2D, + 0x3B4F566A, 0xE6580454, 0x07ED6015, 0xEE1B2A88 + ); + + secp256k1_gej_neg(&rp, &rp); + secp256k1_gej_add_var(&rp, &rp, &x, NULL); + CHECK(secp256k1_gej_is_infinity(&rp)); + } + } + /* redo the computation, but directly with the resulting ae and ge coefficients: */ + secp256k1_ecmult(&ctx->ecmult_ctx, &x2, &a, &ae, &ge); + secp256k1_gej_neg(&x2, &x2); + secp256k1_gej_add_var(&x2, &x2, &x, NULL); + CHECK(secp256k1_gej_is_infinity(&x2)); +} + +void test_point_times_order(const secp256k1_gej *point) { + /* X * (point + G) + (order-X) * (pointer + G) = 0 */ + secp256k1_scalar x; + secp256k1_scalar nx; + secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_gej res1, res2; + secp256k1_ge res3; + unsigned char pub[65]; + size_t psize = 65; + random_scalar_order_test(&x); + secp256k1_scalar_negate(&nx, &x); + secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &x, &x); /* calc res1 = x * point + x * G; */ + secp256k1_ecmult(&ctx->ecmult_ctx, &res2, point, &nx, &nx); /* calc res2 = (order - x) * point + (order - x) * G; */ + secp256k1_gej_add_var(&res1, &res1, &res2, NULL); + CHECK(secp256k1_gej_is_infinity(&res1)); + CHECK(secp256k1_gej_is_valid_var(&res1) == 0); + secp256k1_ge_set_gej(&res3, &res1); + CHECK(secp256k1_ge_is_infinity(&res3)); + CHECK(secp256k1_ge_is_valid_var(&res3) == 0); + CHECK(secp256k1_eckey_pubkey_serialize(&res3, pub, &psize, 0) == 0); + psize = 65; + CHECK(secp256k1_eckey_pubkey_serialize(&res3, pub, &psize, 1) == 0); + /* check zero/one edge cases */ + secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &zero, &zero); + secp256k1_ge_set_gej(&res3, &res1); + CHECK(secp256k1_ge_is_infinity(&res3)); + secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &one, &zero); + secp256k1_ge_set_gej(&res3, &res1); + ge_equals_gej(&res3, point); + secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &zero, &one); + secp256k1_ge_set_gej(&res3, &res1); + ge_equals_ge(&res3, &secp256k1_ge_const_g); +} + +void run_point_times_order(void) { + int i; + secp256k1_fe x = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 2); + static const secp256k1_fe xr = SECP256K1_FE_CONST( + 0x7603CB59, 0xB0EF6C63, 0xFE608479, 0x2A0C378C, + 0xDB3233A8, 0x0F8A9A09, 0xA877DEAD, 0x31B38C45 + ); + for (i = 0; i < 500; i++) { + secp256k1_ge p; + if (secp256k1_ge_set_xo_var(&p, &x, 1)) { + secp256k1_gej j; + CHECK(secp256k1_ge_is_valid_var(&p)); + secp256k1_gej_set_ge(&j, &p); + CHECK(secp256k1_gej_is_valid_var(&j)); + test_point_times_order(&j); + } + secp256k1_fe_sqr(&x, &x); + } + secp256k1_fe_normalize_var(&x); + CHECK(secp256k1_fe_equal_var(&x, &xr)); +} + +void ecmult_const_random_mult(void) { + /* random starting point A (on the curve) */ + secp256k1_ge a = SECP256K1_GE_CONST( + 0x6d986544, 0x57ff52b8, 0xcf1b8126, 0x5b802a5b, + 0xa97f9263, 0xb1e88044, 0x93351325, 0x91bc450a, + 0x535c59f7, 0x325e5d2b, 0xc391fbe8, 0x3c12787c, + 0x337e4a98, 0xe82a9011, 0x0123ba37, 0xdd769c7d + ); + /* random initial factor xn */ + secp256k1_scalar xn = SECP256K1_SCALAR_CONST( + 0x649d4f77, 0xc4242df7, 0x7f2079c9, 0x14530327, + 0xa31b876a, 0xd2d8ce2a, 0x2236d5c6, 0xd7b2029b + ); + /* expected xn * A (from sage) */ + secp256k1_ge expected_b = SECP256K1_GE_CONST( + 0x23773684, 0x4d209dc7, 0x098a786f, 0x20d06fcd, + 0x070a38bf, 0xc11ac651, 0x03004319, 0x1e2a8786, + 0xed8c3b8e, 0xc06dd57b, 0xd06ea66e, 0x45492b0f, + 0xb84e4e1b, 0xfb77e21f, 0x96baae2a, 0x63dec956 + ); + secp256k1_gej b; + secp256k1_ecmult_const(&b, &a, &xn, 256); + + CHECK(secp256k1_ge_is_valid_var(&a)); + ge_equals_gej(&expected_b, &b); +} + +void ecmult_const_commutativity(void) { + secp256k1_scalar a; + secp256k1_scalar b; + secp256k1_gej res1; + secp256k1_gej res2; + secp256k1_ge mid1; + secp256k1_ge mid2; + random_scalar_order_test(&a); + random_scalar_order_test(&b); + + secp256k1_ecmult_const(&res1, &secp256k1_ge_const_g, &a, 256); + secp256k1_ecmult_const(&res2, &secp256k1_ge_const_g, &b, 256); + secp256k1_ge_set_gej(&mid1, &res1); + secp256k1_ge_set_gej(&mid2, &res2); + secp256k1_ecmult_const(&res1, &mid1, &b, 256); + secp256k1_ecmult_const(&res2, &mid2, &a, 256); + secp256k1_ge_set_gej(&mid1, &res1); + secp256k1_ge_set_gej(&mid2, &res2); + ge_equals_ge(&mid1, &mid2); +} + +void ecmult_const_mult_zero_one(void) { + secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_scalar negone; + secp256k1_gej res1; + secp256k1_ge res2; + secp256k1_ge point; + secp256k1_scalar_negate(&negone, &one); + + random_group_element_test(&point); + secp256k1_ecmult_const(&res1, &point, &zero, 3); + secp256k1_ge_set_gej(&res2, &res1); + CHECK(secp256k1_ge_is_infinity(&res2)); + secp256k1_ecmult_const(&res1, &point, &one, 2); + secp256k1_ge_set_gej(&res2, &res1); + ge_equals_ge(&res2, &point); + secp256k1_ecmult_const(&res1, &point, &negone, 256); + secp256k1_gej_neg(&res1, &res1); + secp256k1_ge_set_gej(&res2, &res1); + ge_equals_ge(&res2, &point); +} + +void ecmult_const_chain_multiply(void) { + /* Check known result (randomly generated test problem from sage) */ + const secp256k1_scalar scalar = SECP256K1_SCALAR_CONST( + 0x4968d524, 0x2abf9b7a, 0x466abbcf, 0x34b11b6d, + 0xcd83d307, 0x827bed62, 0x05fad0ce, 0x18fae63b + ); + const secp256k1_gej expected_point = SECP256K1_GEJ_CONST( + 0x5494c15d, 0x32099706, 0xc2395f94, 0x348745fd, + 0x757ce30e, 0x4e8c90fb, 0xa2bad184, 0xf883c69f, + 0x5d195d20, 0xe191bf7f, 0x1be3e55f, 0x56a80196, + 0x6071ad01, 0xf1462f66, 0xc997fa94, 0xdb858435 + ); + secp256k1_gej point; + secp256k1_ge res; + int i; + + secp256k1_gej_set_ge(&point, &secp256k1_ge_const_g); + for (i = 0; i < 100; ++i) { + secp256k1_ge tmp; + secp256k1_ge_set_gej(&tmp, &point); + secp256k1_ecmult_const(&point, &tmp, &scalar, 256); + } + secp256k1_ge_set_gej(&res, &point); + ge_equals_gej(&res, &expected_point); +} + +void run_ecmult_const_tests(void) { + ecmult_const_mult_zero_one(); + ecmult_const_random_mult(); + ecmult_const_commutativity(); + ecmult_const_chain_multiply(); +} + +typedef struct { + secp256k1_scalar *sc; + secp256k1_ge *pt; +} ecmult_multi_data; + +static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { + ecmult_multi_data *data = (ecmult_multi_data*) cbdata; + *sc = data->sc[idx]; + *pt = data->pt[idx]; + return 1; +} + +static int ecmult_multi_false_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { + (void)sc; + (void)pt; + (void)idx; + (void)cbdata; + return 0; +} + +void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func ecmult_multi) { + int ncount; + secp256k1_scalar szero; + secp256k1_scalar sc[32]; + secp256k1_ge pt[32]; + secp256k1_gej r; + secp256k1_gej r2; + ecmult_multi_data data; + + data.sc = sc; + data.pt = pt; + secp256k1_scalar_set_int(&szero, 0); + + /* No points to multiply */ + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, NULL, ecmult_multi_callback, &data, 0)); + + /* Check 1- and 2-point multiplies against ecmult */ + for (ncount = 0; ncount < count; ncount++) { + secp256k1_ge ptg; + secp256k1_gej ptgj; + random_scalar_order(&sc[0]); + random_scalar_order(&sc[1]); + + random_group_element_test(&ptg); + secp256k1_gej_set_ge(&ptgj, &ptg); + pt[0] = ptg; + pt[1] = secp256k1_ge_const_g; + + /* only G scalar */ + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &szero, &sc[0]); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &sc[0], ecmult_multi_callback, &data, 0)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + + /* 1-point */ + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &szero); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 1)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + + /* Try to multiply 1 point, but callback returns false */ + CHECK(!ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_false_callback, &data, 1)); + + /* 2-point */ + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &sc[1]); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 2)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + + /* 2-point with G scalar */ + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &sc[1]); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &sc[1], ecmult_multi_callback, &data, 1)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + /* Check infinite outputs of various forms */ + for (ncount = 0; ncount < count; ncount++) { + secp256k1_ge ptg; + size_t i, j; + size_t sizes[] = { 2, 10, 32 }; + + for (j = 0; j < 3; j++) { + for (i = 0; i < 32; i++) { + random_scalar_order(&sc[i]); + secp256k1_ge_set_infinity(&pt[i]); + } + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + for (j = 0; j < 3; j++) { + for (i = 0; i < 32; i++) { + random_group_element_test(&ptg); + pt[i] = ptg; + secp256k1_scalar_set_int(&sc[i], 0); + } + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + for (j = 0; j < 3; j++) { + random_group_element_test(&ptg); + for (i = 0; i < 16; i++) { + random_scalar_order(&sc[2*i]); + secp256k1_scalar_negate(&sc[2*i + 1], &sc[2*i]); + pt[2 * i] = ptg; + pt[2 * i + 1] = ptg; + } + + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); + + random_scalar_order(&sc[0]); + for (i = 0; i < 16; i++) { + random_group_element_test(&ptg); + + sc[2*i] = sc[0]; + sc[2*i+1] = sc[0]; + pt[2 * i] = ptg; + secp256k1_ge_neg(&pt[2*i+1], &pt[2*i]); + } + + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + random_group_element_test(&ptg); + secp256k1_scalar_set_int(&sc[0], 0); + pt[0] = ptg; + for (i = 1; i < 32; i++) { + pt[i] = ptg; + + random_scalar_order(&sc[i]); + secp256k1_scalar_add(&sc[0], &sc[0], &sc[i]); + secp256k1_scalar_negate(&sc[i], &sc[i]); + } + + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 32)); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + /* Check random points, constant scalar */ + for (ncount = 0; ncount < count; ncount++) { + size_t i; + secp256k1_gej_set_infinity(&r); + + random_scalar_order(&sc[0]); + for (i = 0; i < 20; i++) { + secp256k1_ge ptg; + sc[i] = sc[0]; + random_group_element_test(&ptg); + pt[i] = ptg; + secp256k1_gej_add_ge_var(&r, &r, &pt[i], NULL); + } + + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &r, &sc[0], &szero); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + /* Check random scalars, constant point */ + for (ncount = 0; ncount < count; ncount++) { + size_t i; + secp256k1_ge ptg; + secp256k1_gej p0j; + secp256k1_scalar rs; + secp256k1_scalar_set_int(&rs, 0); + + random_group_element_test(&ptg); + for (i = 0; i < 20; i++) { + random_scalar_order(&sc[i]); + pt[i] = ptg; + secp256k1_scalar_add(&rs, &rs, &sc[i]); + } + + secp256k1_gej_set_ge(&p0j, &pt[0]); + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &p0j, &rs, &szero); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + /* Sanity check that zero scalars don't cause problems */ + for (ncount = 0; ncount < 20; ncount++) { + random_scalar_order(&sc[ncount]); + random_group_element_test(&pt[ncount]); + } + + secp256k1_scalar_clear(&sc[0]); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); + secp256k1_scalar_clear(&sc[1]); + secp256k1_scalar_clear(&sc[2]); + secp256k1_scalar_clear(&sc[3]); + secp256k1_scalar_clear(&sc[4]); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 6)); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 5)); + CHECK(secp256k1_gej_is_infinity(&r)); + + /* Run through s0*(t0*P) + s1*(t1*P) exhaustively for many small values of s0, s1, t0, t1 */ + { + const size_t TOP = 8; + size_t s0i, s1i; + size_t t0i, t1i; + secp256k1_ge ptg; + secp256k1_gej ptgj; + + random_group_element_test(&ptg); + secp256k1_gej_set_ge(&ptgj, &ptg); + + for(t0i = 0; t0i < TOP; t0i++) { + for(t1i = 0; t1i < TOP; t1i++) { + secp256k1_gej t0p, t1p; + secp256k1_scalar t0, t1; + + secp256k1_scalar_set_int(&t0, (t0i + 1) / 2); + secp256k1_scalar_cond_negate(&t0, t0i & 1); + secp256k1_scalar_set_int(&t1, (t1i + 1) / 2); + secp256k1_scalar_cond_negate(&t1, t1i & 1); + + secp256k1_ecmult(&ctx->ecmult_ctx, &t0p, &ptgj, &t0, &szero); + secp256k1_ecmult(&ctx->ecmult_ctx, &t1p, &ptgj, &t1, &szero); + + for(s0i = 0; s0i < TOP; s0i++) { + for(s1i = 0; s1i < TOP; s1i++) { + secp256k1_scalar tmp1, tmp2; + secp256k1_gej expected, actual; + + secp256k1_ge_set_gej(&pt[0], &t0p); + secp256k1_ge_set_gej(&pt[1], &t1p); + + secp256k1_scalar_set_int(&sc[0], (s0i + 1) / 2); + secp256k1_scalar_cond_negate(&sc[0], s0i & 1); + secp256k1_scalar_set_int(&sc[1], (s1i + 1) / 2); + secp256k1_scalar_cond_negate(&sc[1], s1i & 1); + + secp256k1_scalar_mul(&tmp1, &t0, &sc[0]); + secp256k1_scalar_mul(&tmp2, &t1, &sc[1]); + secp256k1_scalar_add(&tmp1, &tmp1, &tmp2); + + secp256k1_ecmult(&ctx->ecmult_ctx, &expected, &ptgj, &tmp1, &szero); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &actual, &szero, ecmult_multi_callback, &data, 2)); + secp256k1_gej_neg(&expected, &expected); + secp256k1_gej_add_var(&actual, &actual, &expected, NULL); + CHECK(secp256k1_gej_is_infinity(&actual)); + } + } + } + } + } +} + +void test_ecmult_multi_batch_single(secp256k1_ecmult_multi_func ecmult_multi) { + secp256k1_scalar szero; + secp256k1_scalar sc[32]; + secp256k1_ge pt[32]; + secp256k1_gej r; + ecmult_multi_data data; + secp256k1_scratch *scratch_empty; + + data.sc = sc; + data.pt = pt; + secp256k1_scalar_set_int(&szero, 0); + + /* Try to multiply 1 point, but scratch space is empty.*/ + scratch_empty = secp256k1_scratch_create(&ctx->error_callback, 0); + CHECK(!ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch_empty, &r, &szero, ecmult_multi_callback, &data, 1)); + secp256k1_scratch_destroy(&ctx->error_callback, scratch_empty); +} + +void test_secp256k1_pippenger_bucket_window_inv(void) { + int i; + + CHECK(secp256k1_pippenger_bucket_window_inv(0) == 0); + for(i = 1; i <= PIPPENGER_MAX_BUCKET_WINDOW; i++) { +#ifdef USE_ENDOMORPHISM + /* Bucket_window of 8 is not used with endo */ + if (i == 8) { + continue; + } +#endif + CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)) == i); + if (i != PIPPENGER_MAX_BUCKET_WINDOW) { + CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)+1) > i); + } + } +} + +/** + * Probabilistically test the function returning the maximum number of possible points + * for a given scratch space. + */ +void test_ecmult_multi_pippenger_max_points(void) { + size_t scratch_size = secp256k1_rand_int(256); + size_t max_size = secp256k1_pippenger_scratch_size(secp256k1_pippenger_bucket_window_inv(PIPPENGER_MAX_BUCKET_WINDOW-1)+512, 12); + secp256k1_scratch *scratch; + size_t n_points_supported; + int bucket_window = 0; + + for(; scratch_size < max_size; scratch_size+=256) { + size_t i; + size_t total_alloc; + size_t checkpoint; + scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size); + CHECK(scratch != NULL); + checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch); + n_points_supported = secp256k1_pippenger_max_points(&ctx->error_callback, scratch); + if (n_points_supported == 0) { + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + continue; + } + bucket_window = secp256k1_pippenger_bucket_window(n_points_supported); + /* allocate `total_alloc` bytes over `PIPPENGER_SCRATCH_OBJECTS` many allocations */ + total_alloc = secp256k1_pippenger_scratch_size(n_points_supported, bucket_window); + for (i = 0; i < PIPPENGER_SCRATCH_OBJECTS - 1; i++) { + CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, 1)); + total_alloc--; + } + CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, total_alloc)); + secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + } + CHECK(bucket_window == PIPPENGER_MAX_BUCKET_WINDOW); +} + +void test_ecmult_multi_batch_size_helper(void) { + size_t n_batches, n_batch_points, max_n_batch_points, n; + + max_n_batch_points = 0; + n = 1; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 0); + + max_n_batch_points = 1; + n = 0; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == 0); + CHECK(n_batch_points == 0); + + max_n_batch_points = 2; + n = 5; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == 3); + CHECK(n_batch_points == 2); + + max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH; + n = ECMULT_MAX_POINTS_PER_BATCH; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == 1); + CHECK(n_batch_points == ECMULT_MAX_POINTS_PER_BATCH); + + max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH + 1; + n = ECMULT_MAX_POINTS_PER_BATCH + 1; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == 2); + CHECK(n_batch_points == ECMULT_MAX_POINTS_PER_BATCH/2 + 1); + + max_n_batch_points = 1; + n = SIZE_MAX; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == SIZE_MAX); + CHECK(n_batch_points == 1); + + max_n_batch_points = 2; + n = SIZE_MAX; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == SIZE_MAX/2 + 1); + CHECK(n_batch_points == 2); +} + +/** + * Run secp256k1_ecmult_multi_var with num points and a scratch space restricted to + * 1 <= i <= num points. + */ +void test_ecmult_multi_batching(void) { + static const int n_points = 2*ECMULT_PIPPENGER_THRESHOLD; + secp256k1_scalar scG; + secp256k1_scalar szero; + secp256k1_scalar *sc = (secp256k1_scalar *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_scalar) * n_points); + secp256k1_ge *pt = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * n_points); + secp256k1_gej r; + secp256k1_gej r2; + ecmult_multi_data data; + int i; + secp256k1_scratch *scratch; + + secp256k1_gej_set_infinity(&r2); + secp256k1_scalar_set_int(&szero, 0); + + /* Get random scalars and group elements and compute result */ + random_scalar_order(&scG); + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &r2, &szero, &scG); + for(i = 0; i < n_points; i++) { + secp256k1_ge ptg; + secp256k1_gej ptgj; + random_group_element_test(&ptg); + secp256k1_gej_set_ge(&ptgj, &ptg); + pt[i] = ptg; + random_scalar_order(&sc[i]); + secp256k1_ecmult(&ctx->ecmult_ctx, &ptgj, &ptgj, &sc[i], NULL); + secp256k1_gej_add_var(&r2, &r2, &ptgj, NULL); + } + data.sc = sc; + data.pt = pt; + secp256k1_gej_neg(&r2, &r2); + + /* Test with empty scratch space. It should compute the correct result using + * ecmult_mult_simple algorithm which doesn't require a scratch space. */ + scratch = secp256k1_scratch_create(&ctx->error_callback, 0); + CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + + /* Test with space for 1 point in pippenger. That's not enough because + * ecmult_multi selects strauss which requires more memory. It should + * therefore select the simple algorithm. */ + scratch = secp256k1_scratch_create(&ctx->error_callback, secp256k1_pippenger_scratch_size(1, 1) + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); + CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + + for(i = 1; i <= n_points; i++) { + if (i > ECMULT_PIPPENGER_THRESHOLD) { + int bucket_window = secp256k1_pippenger_bucket_window(i); + size_t scratch_size = secp256k1_pippenger_scratch_size(i, bucket_window); + scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); + } else { + size_t scratch_size = secp256k1_strauss_scratch_size(i); + scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); + } + CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + } + free(sc); + free(pt); +} + +void run_ecmult_multi_tests(void) { + secp256k1_scratch *scratch; + + test_secp256k1_pippenger_bucket_window_inv(); + test_ecmult_multi_pippenger_max_points(); + scratch = secp256k1_scratch_create(&ctx->error_callback, 819200); + test_ecmult_multi(scratch, secp256k1_ecmult_multi_var); + test_ecmult_multi(NULL, secp256k1_ecmult_multi_var); + test_ecmult_multi(scratch, secp256k1_ecmult_pippenger_batch_single); + test_ecmult_multi_batch_single(secp256k1_ecmult_pippenger_batch_single); + test_ecmult_multi(scratch, secp256k1_ecmult_strauss_batch_single); + test_ecmult_multi_batch_single(secp256k1_ecmult_strauss_batch_single); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + + /* Run test_ecmult_multi with space for exactly one point */ + scratch = secp256k1_scratch_create(&ctx->error_callback, secp256k1_strauss_scratch_size(1) + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); + test_ecmult_multi(scratch, secp256k1_ecmult_multi_var); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + + test_ecmult_multi_batch_size_helper(); + test_ecmult_multi_batching(); +} + +void test_wnaf(const secp256k1_scalar *number, int w) { + secp256k1_scalar x, two, t; + int wnaf[256]; + int zeroes = -1; + int i; + int bits; + secp256k1_scalar_set_int(&x, 0); + secp256k1_scalar_set_int(&two, 2); + bits = secp256k1_ecmult_wnaf(wnaf, 256, number, w); + CHECK(bits <= 256); + for (i = bits-1; i >= 0; i--) { + int v = wnaf[i]; + secp256k1_scalar_mul(&x, &x, &two); + if (v) { + CHECK(zeroes == -1 || zeroes >= w-1); /* check that distance between non-zero elements is at least w-1 */ + zeroes=0; + CHECK((v & 1) == 1); /* check non-zero elements are odd */ + CHECK(v <= (1 << (w-1)) - 1); /* check range below */ + CHECK(v >= -(1 << (w-1)) - 1); /* check range above */ + } else { + CHECK(zeroes != -1); /* check that no unnecessary zero padding exists */ + zeroes++; + } + if (v >= 0) { + secp256k1_scalar_set_int(&t, v); + } else { + secp256k1_scalar_set_int(&t, -v); + secp256k1_scalar_negate(&t, &t); + } + secp256k1_scalar_add(&x, &x, &t); + } + CHECK(secp256k1_scalar_eq(&x, number)); /* check that wnaf represents number */ +} + +void test_constant_wnaf_negate(const secp256k1_scalar *number) { + secp256k1_scalar neg1 = *number; + secp256k1_scalar neg2 = *number; + int sign1 = 1; + int sign2 = 1; + + if (!secp256k1_scalar_get_bits(&neg1, 0, 1)) { + secp256k1_scalar_negate(&neg1, &neg1); + sign1 = -1; + } + sign2 = secp256k1_scalar_cond_negate(&neg2, secp256k1_scalar_is_even(&neg2)); + CHECK(sign1 == sign2); + CHECK(secp256k1_scalar_eq(&neg1, &neg2)); +} + +void test_constant_wnaf(const secp256k1_scalar *number, int w) { + secp256k1_scalar x, shift; + int wnaf[256] = {0}; + int i; + int skew; + int bits = 256; + secp256k1_scalar num = *number; + + secp256k1_scalar_set_int(&x, 0); + secp256k1_scalar_set_int(&shift, 1 << w); + /* With USE_ENDOMORPHISM on we only consider 128-bit numbers */ +#ifdef USE_ENDOMORPHISM + for (i = 0; i < 16; ++i) { + secp256k1_scalar_shr_int(&num, 8); + } + bits = 128; +#endif + skew = secp256k1_wnaf_const(wnaf, &num, w, bits); + + for (i = WNAF_SIZE_BITS(bits, w); i >= 0; --i) { + secp256k1_scalar t; + int v = wnaf[i]; + CHECK(v != 0); /* check nonzero */ + CHECK(v & 1); /* check parity */ + CHECK(v > -(1 << w)); /* check range above */ + CHECK(v < (1 << w)); /* check range below */ + + secp256k1_scalar_mul(&x, &x, &shift); + if (v >= 0) { + secp256k1_scalar_set_int(&t, v); + } else { + secp256k1_scalar_set_int(&t, -v); + secp256k1_scalar_negate(&t, &t); + } + secp256k1_scalar_add(&x, &x, &t); + } + /* Skew num because when encoding numbers as odd we use an offset */ + secp256k1_scalar_cadd_bit(&num, skew == 2, 1); + CHECK(secp256k1_scalar_eq(&x, &num)); +} + +void test_fixed_wnaf(const secp256k1_scalar *number, int w) { + secp256k1_scalar x, shift; + int wnaf[256] = {0}; + int i; + int skew; + secp256k1_scalar num = *number; + + secp256k1_scalar_set_int(&x, 0); + secp256k1_scalar_set_int(&shift, 1 << w); + /* With USE_ENDOMORPHISM on we only consider 128-bit numbers */ +#ifdef USE_ENDOMORPHISM + for (i = 0; i < 16; ++i) { + secp256k1_scalar_shr_int(&num, 8); + } +#endif + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + + for (i = WNAF_SIZE(w)-1; i >= 0; --i) { + secp256k1_scalar t; + int v = wnaf[i]; + CHECK(v == 0 || v & 1); /* check parity */ + CHECK(v > -(1 << w)); /* check range above */ + CHECK(v < (1 << w)); /* check range below */ + + secp256k1_scalar_mul(&x, &x, &shift); + if (v >= 0) { + secp256k1_scalar_set_int(&t, v); + } else { + secp256k1_scalar_set_int(&t, -v); + secp256k1_scalar_negate(&t, &t); + } + secp256k1_scalar_add(&x, &x, &t); + } + /* If skew is 1 then add 1 to num */ + secp256k1_scalar_cadd_bit(&num, 0, skew == 1); + CHECK(secp256k1_scalar_eq(&x, &num)); +} + +/* Checks that the first 8 elements of wnaf are equal to wnaf_expected and the + * rest is 0.*/ +void test_fixed_wnaf_small_helper(int *wnaf, int *wnaf_expected, int w) { + int i; + for (i = WNAF_SIZE(w)-1; i >= 8; --i) { + CHECK(wnaf[i] == 0); + } + for (i = 7; i >= 0; --i) { + CHECK(wnaf[i] == wnaf_expected[i]); + } +} + +void test_fixed_wnaf_small(void) { + int w = 4; + int wnaf[256] = {0}; + int i; + int skew; + secp256k1_scalar num; + + secp256k1_scalar_set_int(&num, 0); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + for (i = WNAF_SIZE(w)-1; i >= 0; --i) { + int v = wnaf[i]; + CHECK(v == 0); + } + CHECK(skew == 0); + + secp256k1_scalar_set_int(&num, 1); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + for (i = WNAF_SIZE(w)-1; i >= 1; --i) { + int v = wnaf[i]; + CHECK(v == 0); + } + CHECK(wnaf[0] == 1); + CHECK(skew == 0); + + { + int wnaf_expected[8] = { 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf }; + secp256k1_scalar_set_int(&num, 0xffffffff); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); + CHECK(skew == 0); + } + { + int wnaf_expected[8] = { -1, -1, -1, -1, -1, -1, -1, 0xf }; + secp256k1_scalar_set_int(&num, 0xeeeeeeee); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); + CHECK(skew == 1); + } + { + int wnaf_expected[8] = { 1, 0, 1, 0, 1, 0, 1, 0 }; + secp256k1_scalar_set_int(&num, 0x01010101); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); + CHECK(skew == 0); + } + { + int wnaf_expected[8] = { -0xf, 0, 0xf, -0xf, 0, 0xf, 1, 0 }; + secp256k1_scalar_set_int(&num, 0x01ef1ef1); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); + CHECK(skew == 0); + } +} + +void run_wnaf(void) { + int i; + secp256k1_scalar n = {{0}}; + + /* Sanity check: 1 and 2 are the smallest odd and even numbers and should + * have easier-to-diagnose failure modes */ + n.d[0] = 1; + test_constant_wnaf(&n, 4); + n.d[0] = 2; + test_constant_wnaf(&n, 4); + /* Test 0 */ + test_fixed_wnaf_small(); + /* Random tests */ + for (i = 0; i < count; i++) { + random_scalar_order(&n); + test_wnaf(&n, 4+(i%10)); + test_constant_wnaf_negate(&n); + test_constant_wnaf(&n, 4 + (i % 10)); + test_fixed_wnaf(&n, 4 + (i % 10)); + } + secp256k1_scalar_set_int(&n, 0); + CHECK(secp256k1_scalar_cond_negate(&n, 1) == -1); + CHECK(secp256k1_scalar_is_zero(&n)); + CHECK(secp256k1_scalar_cond_negate(&n, 0) == 1); + CHECK(secp256k1_scalar_is_zero(&n)); +} + +void test_ecmult_constants(void) { + /* Test ecmult_gen() for [0..36) and [order-36..0). */ + secp256k1_scalar x; + secp256k1_gej r; + secp256k1_ge ng; + int i; + int j; + secp256k1_ge_neg(&ng, &secp256k1_ge_const_g); + for (i = 0; i < 36; i++ ) { + secp256k1_scalar_set_int(&x, i); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &r, &x); + for (j = 0; j < i; j++) { + if (j == i - 1) { + ge_equals_gej(&secp256k1_ge_const_g, &r); + } + secp256k1_gej_add_ge(&r, &r, &ng); + } + CHECK(secp256k1_gej_is_infinity(&r)); + } + for (i = 1; i <= 36; i++ ) { + secp256k1_scalar_set_int(&x, i); + secp256k1_scalar_negate(&x, &x); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &r, &x); + for (j = 0; j < i; j++) { + if (j == i - 1) { + ge_equals_gej(&ng, &r); + } + secp256k1_gej_add_ge(&r, &r, &secp256k1_ge_const_g); + } + CHECK(secp256k1_gej_is_infinity(&r)); + } +} + +void run_ecmult_constants(void) { + test_ecmult_constants(); +} + +void test_ecmult_gen_blind(void) { + /* Test ecmult_gen() blinding and confirm that the blinding changes, the affine points match, and the z's don't match. */ + secp256k1_scalar key; + secp256k1_scalar b; + unsigned char seed32[32]; + secp256k1_gej pgej; + secp256k1_gej pgej2; + secp256k1_gej i; + secp256k1_ge pge; + random_scalar_order_test(&key); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej, &key); + secp256k1_rand256(seed32); + b = ctx->ecmult_gen_ctx.blind; + i = ctx->ecmult_gen_ctx.initial; + secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); + CHECK(!secp256k1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej2, &key); + CHECK(!gej_xyz_equals_gej(&pgej, &pgej2)); + CHECK(!gej_xyz_equals_gej(&i, &ctx->ecmult_gen_ctx.initial)); + secp256k1_ge_set_gej(&pge, &pgej); + ge_equals_gej(&pge, &pgej2); +} + +void test_ecmult_gen_blind_reset(void) { + /* Test ecmult_gen() blinding reset and confirm that the blinding is consistent. */ + secp256k1_scalar b; + secp256k1_gej initial; + secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); + b = ctx->ecmult_gen_ctx.blind; + initial = ctx->ecmult_gen_ctx.initial; + secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); + CHECK(secp256k1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); + CHECK(gej_xyz_equals_gej(&initial, &ctx->ecmult_gen_ctx.initial)); +} + +void run_ecmult_gen_blind(void) { + int i; + test_ecmult_gen_blind_reset(); + for (i = 0; i < 10; i++) { + test_ecmult_gen_blind(); + } +} + +#ifdef USE_ENDOMORPHISM +/***** ENDOMORPHISH TESTS *****/ +void test_scalar_split(void) { + secp256k1_scalar full; + secp256k1_scalar s1, slam; + const unsigned char zero[32] = {0}; + unsigned char tmp[32]; + + random_scalar_order_test(&full); + secp256k1_scalar_split_lambda(&s1, &slam, &full); + + /* check that both are <= 128 bits in size */ + if (secp256k1_scalar_is_high(&s1)) { + secp256k1_scalar_negate(&s1, &s1); + } + if (secp256k1_scalar_is_high(&slam)) { + secp256k1_scalar_negate(&slam, &slam); + } + + secp256k1_scalar_get_b32(tmp, &s1); + CHECK(memcmp(zero, tmp, 16) == 0); + secp256k1_scalar_get_b32(tmp, &slam); + CHECK(memcmp(zero, tmp, 16) == 0); +} + +void run_endomorphism_tests(void) { + test_scalar_split(); +} +#endif + +void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) { + unsigned char pubkeyc[65]; + secp256k1_pubkey pubkey; + secp256k1_ge ge; + size_t pubkeyclen; + int32_t ecount; + ecount = 0; + secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) { + /* Smaller sizes are tested exhaustively elsewhere. */ + int32_t i; + memcpy(&pubkeyc[1], input, 64); + VG_UNDEF(&pubkeyc[pubkeyclen], 65 - pubkeyclen); + for (i = 0; i < 256; i++) { + /* Try all type bytes. */ + int xpass; + int ypass; + int ysign; + pubkeyc[0] = i; + /* What sign does this point have? */ + ysign = (input[63] & 1) + 2; + /* For the current type (i) do we expect parsing to work? Handled all of compressed/uncompressed/hybrid. */ + xpass = xvalid && (pubkeyclen == 33) && ((i & 254) == 2); + /* Do we expect a parse and re-serialize as uncompressed to give a matching y? */ + ypass = xvalid && yvalid && ((i & 4) == ((pubkeyclen == 65) << 2)) && + ((i == 4) || ((i & 251) == ysign)) && ((pubkeyclen == 33) || (pubkeyclen == 65)); + if (xpass || ypass) { + /* These cases must parse. */ + unsigned char pubkeyo[65]; + size_t outl; + memset(&pubkey, 0, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + ecount = 0; + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + outl = 65; + VG_UNDEF(pubkeyo, 65); + CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + VG_CHECK(pubkeyo, outl); + CHECK(outl == 33); + CHECK(memcmp(&pubkeyo[1], &pubkeyc[1], 32) == 0); + CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0])); + if (ypass) { + /* This test isn't always done because we decode with alternative signs, so the y won't match. */ + CHECK(pubkeyo[0] == ysign); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); + memset(&pubkey, 0, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + secp256k1_pubkey_save(&pubkey, &ge); + VG_CHECK(&pubkey, sizeof(pubkey)); + outl = 65; + VG_UNDEF(pubkeyo, 65); + CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); + VG_CHECK(pubkeyo, outl); + CHECK(outl == 65); + CHECK(pubkeyo[0] == 4); + CHECK(memcmp(&pubkeyo[1], input, 64) == 0); + } + CHECK(ecount == 0); + } else { + /* These cases must fail to parse. */ + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + } + } + } + secp256k1_context_set_illegal_callback(ctx, NULL, NULL); +} + +void run_ec_pubkey_parse_test(void) { +#define SECP256K1_EC_PARSE_TEST_NVALID (12) + const unsigned char valid[SECP256K1_EC_PARSE_TEST_NVALID][64] = { + { + /* Point with leading and trailing zeros in x and y serialization. */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x52, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x64, 0xef, 0xa1, 0x7b, 0x77, 0x61, 0xe1, 0xe4, 0x27, 0x06, 0x98, 0x9f, 0xb4, 0x83, + 0xb8, 0xd2, 0xd4, 0x9b, 0xf7, 0x8f, 0xae, 0x98, 0x03, 0xf0, 0x99, 0xb8, 0x34, 0xed, 0xeb, 0x00 + }, + { + /* Point with x equal to a 3rd root of unity.*/ + 0x7a, 0xe9, 0x6a, 0x2b, 0x65, 0x7c, 0x07, 0x10, 0x6e, 0x64, 0x47, 0x9e, 0xac, 0x34, 0x34, 0xe9, + 0x9c, 0xf0, 0x49, 0x75, 0x12, 0xf5, 0x89, 0x95, 0xc1, 0x39, 0x6c, 0x28, 0x71, 0x95, 0x01, 0xee, + 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14, + 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee, + }, + { + /* Point with largest x. (1/2) */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c, + 0x0e, 0x99, 0x4b, 0x14, 0xea, 0x72, 0xf8, 0xc3, 0xeb, 0x95, 0xc7, 0x1e, 0xf6, 0x92, 0x57, 0x5e, + 0x77, 0x50, 0x58, 0x33, 0x2d, 0x7e, 0x52, 0xd0, 0x99, 0x5c, 0xf8, 0x03, 0x88, 0x71, 0xb6, 0x7d, + }, + { + /* Point with largest x. (2/2) */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c, + 0xf1, 0x66, 0xb4, 0xeb, 0x15, 0x8d, 0x07, 0x3c, 0x14, 0x6a, 0x38, 0xe1, 0x09, 0x6d, 0xa8, 0xa1, + 0x88, 0xaf, 0xa7, 0xcc, 0xd2, 0x81, 0xad, 0x2f, 0x66, 0xa3, 0x07, 0xfb, 0x77, 0x8e, 0x45, 0xb2, + }, + { + /* Point with smallest x. (1/2) */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14, + 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee, + }, + { + /* Point with smallest x. (2/2) */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb, + 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41, + }, + { + /* Point with largest y. (1/3) */ + 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6, + 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, + }, + { + /* Point with largest y. (2/3) */ + 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c, + 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, + }, + { + /* Point with largest y. (3/3) */ + 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc, + 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, + }, + { + /* Point with smallest y. (1/3) */ + 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6, + 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + { + /* Point with smallest y. (2/3) */ + 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c, + 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + { + /* Point with smallest y. (3/3) */ + 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc, + 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 + } + }; +#define SECP256K1_EC_PARSE_TEST_NXVALID (4) + const unsigned char onlyxvalid[SECP256K1_EC_PARSE_TEST_NXVALID][64] = { + { + /* Valid if y overflow ignored (y = 1 mod p). (1/3) */ + 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6, + 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, + }, + { + /* Valid if y overflow ignored (y = 1 mod p). (2/3) */ + 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c, + 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, + }, + { + /* Valid if y overflow ignored (y = 1 mod p). (3/3)*/ + 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc, + 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, + }, + { + /* x on curve, y is from y^2 = x^3 + 8. */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 + } + }; +#define SECP256K1_EC_PARSE_TEST_NINVALID (7) + const unsigned char invalid[SECP256K1_EC_PARSE_TEST_NINVALID][64] = { + { + /* x is third root of -8, y is -1 * (x^3+7); also on the curve for y^2 = x^3 + 9. */ + 0x0a, 0x2d, 0x2b, 0xa9, 0x35, 0x07, 0xf1, 0xdf, 0x23, 0x37, 0x70, 0xc2, 0xa7, 0x97, 0x96, 0x2c, + 0xc6, 0x1f, 0x6d, 0x15, 0xda, 0x14, 0xec, 0xd4, 0x7d, 0x8d, 0x27, 0xae, 0x1c, 0xd5, 0xf8, 0x53, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + { + /* Valid if x overflow ignored (x = 1 mod p). */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, + 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14, + 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee, + }, + { + /* Valid if x overflow ignored (x = 1 mod p). */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, + 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb, + 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41, + }, + { + /* x is -1, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 5. */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, + 0xf4, 0x84, 0x14, 0x5c, 0xb0, 0x14, 0x9b, 0x82, 0x5d, 0xff, 0x41, 0x2f, 0xa0, 0x52, 0xa8, 0x3f, + 0xcb, 0x72, 0xdb, 0x61, 0xd5, 0x6f, 0x37, 0x70, 0xce, 0x06, 0x6b, 0x73, 0x49, 0xa2, 0xaa, 0x28, + }, + { + /* x is -1, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 5. */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, + 0x0b, 0x7b, 0xeb, 0xa3, 0x4f, 0xeb, 0x64, 0x7d, 0xa2, 0x00, 0xbe, 0xd0, 0x5f, 0xad, 0x57, 0xc0, + 0x34, 0x8d, 0x24, 0x9e, 0x2a, 0x90, 0xc8, 0x8f, 0x31, 0xf9, 0x94, 0x8b, 0xb6, 0x5d, 0x52, 0x07, + }, + { + /* x is zero, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 7. */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x8f, 0x53, 0x7e, 0xef, 0xdf, 0xc1, 0x60, 0x6a, 0x07, 0x27, 0xcd, 0x69, 0xb4, 0xa7, 0x33, 0x3d, + 0x38, 0xed, 0x44, 0xe3, 0x93, 0x2a, 0x71, 0x79, 0xee, 0xcb, 0x4b, 0x6f, 0xba, 0x93, 0x60, 0xdc, + }, + { + /* x is zero, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 7. */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x70, 0xac, 0x81, 0x10, 0x20, 0x3e, 0x9f, 0x95, 0xf8, 0xd8, 0x32, 0x96, 0x4b, 0x58, 0xcc, 0xc2, + 0xc7, 0x12, 0xbb, 0x1c, 0x6c, 0xd5, 0x8e, 0x86, 0x11, 0x34, 0xb4, 0x8f, 0x45, 0x6c, 0x9b, 0x53 + } + }; + const unsigned char pubkeyc[66] = { + /* Serialization of G. */ + 0x04, 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B, + 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, + 0x98, 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08, + 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, + 0xB8, 0x00 + }; + unsigned char sout[65]; + unsigned char shortkey[2]; + secp256k1_ge ge; + secp256k1_pubkey pubkey; + size_t len; + int32_t i; + int32_t ecount; + int32_t ecount2; + ecount = 0; + /* Nothing should be reading this far into pubkeyc. */ + VG_UNDEF(&pubkeyc[65], 1); + secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + /* Zero length claimed, fail, zeroize, no illegal arg error. */ + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(shortkey, 2); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 0) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + /* Length one claimed, fail, zeroize, no illegal arg error. */ + for (i = 0; i < 256 ; i++) { + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + shortkey[0] = i; + VG_UNDEF(&shortkey[1], 1); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 1) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + } + /* Length two claimed, fail, zeroize, no illegal arg error. */ + for (i = 0; i < 65536 ; i++) { + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + shortkey[0] = i & 255; + shortkey[1] = i >> 8; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 2) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + } + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + /* 33 bytes claimed on otherwise valid input starting with 0x04, fail, zeroize output, no illegal arg error. */ + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 33) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + /* NULL pubkey, illegal arg error. Pubkey isn't rewritten before this step, since it's NULL into the parser. */ + CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, pubkeyc, 65) == 0); + CHECK(ecount == 2); + /* NULL input string. Illegal arg and zeroize output. */ + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, NULL, 65) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 1); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 2); + /* 64 bytes claimed on input starting with 0x04, fail, zeroize output, no illegal arg error. */ + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 64) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + /* 66 bytes claimed, fail, zeroize output, no illegal arg error. */ + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 66) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + /* Valid parse. */ + memset(&pubkey, 0, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 65) == 1); + CHECK(secp256k1_ec_pubkey_parse(secp256k1_context_no_precomp, &pubkey, pubkeyc, 65) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + VG_UNDEF(&ge, sizeof(ge)); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); + VG_CHECK(&ge.x, sizeof(ge.x)); + VG_CHECK(&ge.y, sizeof(ge.y)); + VG_CHECK(&ge.infinity, sizeof(ge.infinity)); + ge_equals_ge(&secp256k1_ge_const_g, &ge); + CHECK(ecount == 0); + /* secp256k1_ec_pubkey_serialize illegal args. */ + ecount = 0; + len = 65; + CHECK(secp256k1_ec_pubkey_serialize(ctx, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); + CHECK(ecount == 1); + CHECK(len == 0); + CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); + CHECK(ecount == 2); + len = 65; + VG_UNDEF(sout, 65); + CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED) == 0); + VG_CHECK(sout, 65); + CHECK(ecount == 3); + CHECK(len == 0); + len = 65; + CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, &pubkey, ~0) == 0); + CHECK(ecount == 4); + CHECK(len == 0); + len = 65; + VG_UNDEF(sout, 65); + CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); + VG_CHECK(sout, 65); + CHECK(ecount == 4); + CHECK(len == 65); + /* Multiple illegal args. Should still set arg error only once. */ + ecount = 0; + ecount2 = 11; + CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); + CHECK(ecount == 1); + /* Does the illegal arg callback actually change the behavior? */ + secp256k1_context_set_illegal_callback(ctx, uncounting_illegal_callback_fn, &ecount2); + CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); + CHECK(ecount == 1); + CHECK(ecount2 == 10); + secp256k1_context_set_illegal_callback(ctx, NULL, NULL); + /* Try a bunch of prefabbed points with all possible encodings. */ + for (i = 0; i < SECP256K1_EC_PARSE_TEST_NVALID; i++) { + ec_pubkey_parse_pointtest(valid[i], 1, 1); + } + for (i = 0; i < SECP256K1_EC_PARSE_TEST_NXVALID; i++) { + ec_pubkey_parse_pointtest(onlyxvalid[i], 1, 0); + } + for (i = 0; i < SECP256K1_EC_PARSE_TEST_NINVALID; i++) { + ec_pubkey_parse_pointtest(invalid[i], 0, 0); + } +} + +void run_eckey_edge_case_test(void) { + const unsigned char orderc[32] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 + }; + const unsigned char zeros[sizeof(secp256k1_pubkey)] = {0x00}; + unsigned char ctmp[33]; + unsigned char ctmp2[33]; + secp256k1_pubkey pubkey; + secp256k1_pubkey pubkey2; + secp256k1_pubkey pubkey_one; + secp256k1_pubkey pubkey_negone; + const secp256k1_pubkey *pubkeys[3]; + size_t len; + int32_t ecount; + /* Group order is too large, reject. */ + CHECK(secp256k1_ec_seckey_verify(ctx, orderc) == 0); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, orderc) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* Maximum value is too large, reject. */ + memset(ctmp, 255, 32); + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); + memset(&pubkey, 1, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* Zero is too small, reject. */ + memset(ctmp, 0, 32); + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); + memset(&pubkey, 1, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* One must be accepted. */ + ctmp[31] = 0x01; + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); + memset(&pubkey, 0, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); + pubkey_one = pubkey; + /* Group order + 1 is too large, reject. */ + memcpy(ctmp, orderc, 32); + ctmp[31] = 0x42; + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); + memset(&pubkey, 1, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* -1 must be accepted. */ + ctmp[31] = 0x40; + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); + memset(&pubkey, 0, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); + pubkey_negone = pubkey; + /* Tweak of zero leaves the value unchanged. */ + memset(ctmp2, 0, 32); + CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, ctmp2) == 1); + CHECK(memcmp(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); + memcpy(&pubkey2, &pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + /* Multiply tweak of zero zeroizes the output. */ + CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, ctmp2) == 0); + CHECK(memcmp(zeros, ctmp, 32) == 0); + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); + CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + memcpy(&pubkey, &pubkey2, sizeof(pubkey)); + /* Overflowing key tweak zeroizes. */ + memcpy(ctmp, orderc, 32); + ctmp[31] = 0x40; + CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, orderc) == 0); + CHECK(memcmp(zeros, ctmp, 32) == 0); + memcpy(ctmp, orderc, 32); + ctmp[31] = 0x40; + CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, orderc) == 0); + CHECK(memcmp(zeros, ctmp, 32) == 0); + memcpy(ctmp, orderc, 32); + ctmp[31] = 0x40; + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); + CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + memcpy(&pubkey, &pubkey2, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); + CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + memcpy(&pubkey, &pubkey2, sizeof(pubkey)); + /* Private key tweaks results in a key of zero. */ + ctmp2[31] = 1; + CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp2, ctmp) == 0); + CHECK(memcmp(zeros, ctmp2, 32) == 0); + ctmp2[31] = 1; + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); + CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + memcpy(&pubkey, &pubkey2, sizeof(pubkey)); + /* Tweak computation wraps and results in a key of 1. */ + ctmp2[31] = 2; + CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp2, ctmp) == 1); + CHECK(memcmp(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); + ctmp2[31] = 2; + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + ctmp2[31] = 1; + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); + CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + /* Tweak mul * 2 = 1+1. */ + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + ctmp2[31] = 2; + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 1); + CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + /* Test argument errors. */ + ecount = 0; + secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + CHECK(ecount == 0); + /* Zeroize pubkey on parse error. */ + memset(&pubkey, 0, 32); + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); + CHECK(ecount == 1); + CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + memcpy(&pubkey, &pubkey2, sizeof(pubkey)); + memset(&pubkey2, 0, 32); + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 0); + CHECK(ecount == 2); + CHECK(memcmp(&pubkey2, zeros, sizeof(pubkey2)) == 0); + /* Plain argument errors. */ + ecount = 0; + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); + CHECK(ecount == 0); + CHECK(secp256k1_ec_seckey_verify(ctx, NULL) == 0); + CHECK(ecount == 1); + ecount = 0; + memset(ctmp2, 0, 32); + ctmp2[31] = 4; + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, NULL, ctmp2) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, NULL) == 0); + CHECK(ecount == 2); + ecount = 0; + memset(ctmp2, 0, 32); + ctmp2[31] = 4; + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, NULL, ctmp2) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, NULL) == 0); + CHECK(ecount == 2); + ecount = 0; + memset(ctmp2, 0, 32); + CHECK(secp256k1_ec_privkey_tweak_add(ctx, NULL, ctmp2) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, NULL) == 0); + CHECK(ecount == 2); + ecount = 0; + memset(ctmp2, 0, 32); + ctmp2[31] = 1; + CHECK(secp256k1_ec_privkey_tweak_mul(ctx, NULL, ctmp2) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, NULL) == 0); + CHECK(ecount == 2); + ecount = 0; + CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0); + CHECK(ecount == 1); + memset(&pubkey, 1, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); + CHECK(ecount == 2); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* secp256k1_ec_pubkey_combine tests. */ + ecount = 0; + pubkeys[0] = &pubkey_one; + VG_UNDEF(&pubkeys[0], sizeof(secp256k1_pubkey *)); + VG_UNDEF(&pubkeys[1], sizeof(secp256k1_pubkey *)); + VG_UNDEF(&pubkeys[2], sizeof(secp256k1_pubkey *)); + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 0) == 0); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ec_pubkey_combine(ctx, NULL, pubkeys, 1) == 0); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + CHECK(ecount == 2); + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, NULL, 1) == 0); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + CHECK(ecount == 3); + pubkeys[0] = &pubkey_negone; + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 1) == 1); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); + CHECK(ecount == 3); + len = 33; + CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); + CHECK(memcmp(ctmp, ctmp2, 33) == 0); + /* Result is infinity. */ + pubkeys[0] = &pubkey_one; + pubkeys[1] = &pubkey_negone; + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 0); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + CHECK(ecount == 3); + /* Passes through infinity but comes out one. */ + pubkeys[2] = &pubkey_one; + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 3) == 1); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); + CHECK(ecount == 3); + len = 33; + CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); + CHECK(memcmp(ctmp, ctmp2, 33) == 0); + /* Adds to two. */ + pubkeys[1] = &pubkey_one; + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); + CHECK(ecount == 3); + secp256k1_context_set_illegal_callback(ctx, NULL, NULL); +} + +void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) { + secp256k1_scalar nonce; + do { + random_scalar_order_test(&nonce); + } while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); +} + +void test_ecdsa_sign_verify(void) { + secp256k1_gej pubj; + secp256k1_ge pub; + secp256k1_scalar one; + secp256k1_scalar msg, key; + secp256k1_scalar sigr, sigs; + int recid; + int getrec; + random_scalar_order_test(&msg); + random_scalar_order_test(&key); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key); + secp256k1_ge_set_gej(&pub, &pubj); + getrec = secp256k1_rand_bits(1); + random_sign(&sigr, &sigs, &key, &msg, getrec?&recid:NULL); + if (getrec) { + CHECK(recid >= 0 && recid < 4); + } + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + secp256k1_scalar_set_int(&one, 1); + secp256k1_scalar_add(&msg, &msg, &one); + CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); +} + +void run_ecdsa_sign_verify(void) { + int i; + for (i = 0; i < 10*count; i++) { + test_ecdsa_sign_verify(); + } +} + +/** Dummy nonce generation function that just uses a precomputed nonce, and fails if it is not accepted. Use only for testing. */ +static int precomputed_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { + (void)msg32; + (void)key32; + (void)algo16; + memcpy(nonce32, data, 32); + return (counter == 0); +} + +static int nonce_function_test_fail(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { + /* Dummy nonce generator that has a fatal error on the first counter value. */ + if (counter == 0) { + return 0; + } + return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 1); +} + +static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { + /* Dummy nonce generator that produces unacceptable nonces for the first several counter values. */ + if (counter < 3) { + memset(nonce32, counter==0 ? 0 : 255, 32); + if (counter == 2) { + nonce32[31]--; + } + return 1; + } + if (counter < 5) { + static const unsigned char order[] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, + 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41 + }; + memcpy(nonce32, order, 32); + if (counter == 4) { + nonce32[31]++; + } + return 1; + } + /* Retry rate of 6979 is negligible esp. as we only call this in deterministic tests. */ + /* If someone does fine a case where it retries for secp256k1, we'd like to know. */ + if (counter > 5) { + return 0; + } + return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 5); +} + +int is_empty_signature(const secp256k1_ecdsa_signature *sig) { + static const unsigned char res[sizeof(secp256k1_ecdsa_signature)] = {0}; + return memcmp(sig, res, sizeof(secp256k1_ecdsa_signature)) == 0; +} + +void test_ecdsa_end_to_end(void) { + unsigned char extra[32] = {0x00}; + unsigned char privkey[32]; + unsigned char message[32]; + unsigned char privkey2[32]; + secp256k1_ecdsa_signature signature[6]; + secp256k1_scalar r, s; + unsigned char sig[74]; + size_t siglen = 74; + unsigned char pubkeyc[65]; + size_t pubkeyclen = 65; + secp256k1_pubkey pubkey; + secp256k1_pubkey pubkey_tmp; + unsigned char seckey[300]; + size_t seckeylen = 300; + + /* Generate a random key and message. */ + { + secp256k1_scalar msg, key; + random_scalar_order_test(&msg); + random_scalar_order_test(&key); + secp256k1_scalar_get_b32(privkey, &key); + secp256k1_scalar_get_b32(message, &msg); + } + + /* Construct and verify corresponding public key. */ + CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + + /* Verify exporting and importing public key. */ + CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_rand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); + memset(&pubkey, 0, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); + + /* Verify negation changes the key and changes it back */ + memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); + CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); + CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); + CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); + + /* Verify private key import and export. */ + CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_rand_bits(1) == 1)); + CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); + CHECK(memcmp(privkey, privkey2, 32) == 0); + + /* Optionally tweak the keys using addition. */ + if (secp256k1_rand_int(3) == 0) { + int ret1; + int ret2; + unsigned char rnd[32]; + secp256k1_pubkey pubkey2; + secp256k1_rand256_test(rnd); + ret1 = secp256k1_ec_privkey_tweak_add(ctx, privkey, rnd); + ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); + CHECK(ret1 == ret2); + if (ret1 == 0) { + return; + } + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); + CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + } + + /* Optionally tweak the keys using multiplication. */ + if (secp256k1_rand_int(3) == 0) { + int ret1; + int ret2; + unsigned char rnd[32]; + secp256k1_pubkey pubkey2; + secp256k1_rand256_test(rnd); + ret1 = secp256k1_ec_privkey_tweak_mul(ctx, privkey, rnd); + ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); + CHECK(ret1 == ret2); + if (ret1 == 0) { + return; + } + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); + CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + } + + /* Sign. */ + CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); + extra[31] = 1; + CHECK(secp256k1_ecdsa_sign(ctx, &signature[2], message, privkey, NULL, extra) == 1); + extra[31] = 0; + extra[0] = 1; + CHECK(secp256k1_ecdsa_sign(ctx, &signature[3], message, privkey, NULL, extra) == 1); + CHECK(memcmp(&signature[0], &signature[4], sizeof(signature[0])) == 0); + CHECK(memcmp(&signature[0], &signature[1], sizeof(signature[0])) != 0); + CHECK(memcmp(&signature[0], &signature[2], sizeof(signature[0])) != 0); + CHECK(memcmp(&signature[0], &signature[3], sizeof(signature[0])) != 0); + CHECK(memcmp(&signature[1], &signature[2], sizeof(signature[0])) != 0); + CHECK(memcmp(&signature[1], &signature[3], sizeof(signature[0])) != 0); + CHECK(memcmp(&signature[2], &signature[3], sizeof(signature[0])) != 0); + /* Verify. */ + CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[1], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[2], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[3], message, &pubkey) == 1); + /* Test lower-S form, malleate, verify and fail, test again, malleate again */ + CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[0])); + secp256k1_ecdsa_signature_load(ctx, &r, &s, &signature[0]); + secp256k1_scalar_negate(&s, &s); + secp256k1_ecdsa_signature_save(&signature[5], &r, &s); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 0); + CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); + CHECK(secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); + CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); + CHECK(!secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); + secp256k1_scalar_negate(&s, &s); + secp256k1_ecdsa_signature_save(&signature[5], &r, &s); + CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); + CHECK(memcmp(&signature[5], &signature[0], 64) == 0); + + /* Serialize/parse DER and verify again */ + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); + memset(&signature[0], 0, sizeof(signature[0])); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); + /* Serialize/destroy/parse DER and verify again. */ + siglen = 74; + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); + sig[secp256k1_rand_int(siglen)] += 1 + secp256k1_rand_int(255); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 0 || + secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 0); +} + +void test_random_pubkeys(void) { + secp256k1_ge elem; + secp256k1_ge elem2; + unsigned char in[65]; + /* Generate some randomly sized pubkeys. */ + size_t len = secp256k1_rand_bits(2) == 0 ? 65 : 33; + if (secp256k1_rand_bits(2) == 0) { + len = secp256k1_rand_bits(6); + } + if (len == 65) { + in[0] = secp256k1_rand_bits(1) ? 4 : (secp256k1_rand_bits(1) ? 6 : 7); + } else { + in[0] = secp256k1_rand_bits(1) ? 2 : 3; + } + if (secp256k1_rand_bits(3) == 0) { + in[0] = secp256k1_rand_bits(8); + } + if (len > 1) { + secp256k1_rand256(&in[1]); + } + if (len > 33) { + secp256k1_rand256(&in[33]); + } + if (secp256k1_eckey_pubkey_parse(&elem, in, len)) { + unsigned char out[65]; + unsigned char firstb; + int res; + size_t size = len; + firstb = in[0]; + /* If the pubkey can be parsed, it should round-trip... */ + CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, len == 33)); + CHECK(size == len); + CHECK(memcmp(&in[1], &out[1], len-1) == 0); + /* ... except for the type of hybrid inputs. */ + if ((in[0] != 6) && (in[0] != 7)) { + CHECK(in[0] == out[0]); + } + size = 65; + CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0)); + CHECK(size == 65); + CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size)); + ge_equals_ge(&elem,&elem2); + /* Check that the X9.62 hybrid type is checked. */ + in[0] = secp256k1_rand_bits(1) ? 6 : 7; + res = secp256k1_eckey_pubkey_parse(&elem2, in, size); + if (firstb == 2 || firstb == 3) { + if (in[0] == firstb + 4) { + CHECK(res); + } else { + CHECK(!res); + } + } + if (res) { + ge_equals_ge(&elem,&elem2); + CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, 0)); + CHECK(memcmp(&in[1], &out[1], 64) == 0); + } + } +} + +void run_random_pubkeys(void) { + int i; + for (i = 0; i < 10*count; i++) { + test_random_pubkeys(); + } +} + +void run_ecdsa_end_to_end(void) { + int i; + for (i = 0; i < 64*count; i++) { + test_ecdsa_end_to_end(); + } +} + +int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_der, int certainly_not_der) { + static const unsigned char zeroes[32] = {0}; +#ifdef ENABLE_OPENSSL_TESTS + static const unsigned char max_scalar[32] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40 + }; +#endif + + int ret = 0; + + secp256k1_ecdsa_signature sig_der; + unsigned char roundtrip_der[2048]; + unsigned char compact_der[64]; + size_t len_der = 2048; + int parsed_der = 0, valid_der = 0, roundtrips_der = 0; + + secp256k1_ecdsa_signature sig_der_lax; + unsigned char roundtrip_der_lax[2048]; + unsigned char compact_der_lax[64]; + size_t len_der_lax = 2048; + int parsed_der_lax = 0, valid_der_lax = 0, roundtrips_der_lax = 0; + +#ifdef ENABLE_OPENSSL_TESTS + ECDSA_SIG *sig_openssl; + const BIGNUM *r = NULL, *s = NULL; + const unsigned char *sigptr; + unsigned char roundtrip_openssl[2048]; + int len_openssl = 2048; + int parsed_openssl, valid_openssl = 0, roundtrips_openssl = 0; +#endif + + parsed_der = secp256k1_ecdsa_signature_parse_der(ctx, &sig_der, sig, siglen); + if (parsed_der) { + ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der, &sig_der)) << 0; + valid_der = (memcmp(compact_der, zeroes, 32) != 0) && (memcmp(compact_der + 32, zeroes, 32) != 0); + } + if (valid_der) { + ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der, &len_der, &sig_der)) << 1; + roundtrips_der = (len_der == siglen) && memcmp(roundtrip_der, sig, siglen) == 0; + } + + parsed_der_lax = ecdsa_signature_parse_der_lax(ctx, &sig_der_lax, sig, siglen); + if (parsed_der_lax) { + ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der_lax, &sig_der_lax)) << 10; + valid_der_lax = (memcmp(compact_der_lax, zeroes, 32) != 0) && (memcmp(compact_der_lax + 32, zeroes, 32) != 0); + } + if (valid_der_lax) { + ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; + roundtrips_der_lax = (len_der_lax == siglen) && memcmp(roundtrip_der_lax, sig, siglen) == 0; + } + + if (certainly_der) { + ret |= (!parsed_der) << 2; + } + if (certainly_not_der) { + ret |= (parsed_der) << 17; + } + if (valid_der) { + ret |= (!roundtrips_der) << 3; + } + + if (valid_der) { + ret |= (!roundtrips_der_lax) << 12; + ret |= (len_der != len_der_lax) << 13; + ret |= ((len_der != len_der_lax) || (memcmp(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14; + } + ret |= (roundtrips_der != roundtrips_der_lax) << 15; + if (parsed_der) { + ret |= (!parsed_der_lax) << 16; + } + +#ifdef ENABLE_OPENSSL_TESTS + sig_openssl = ECDSA_SIG_new(); + sigptr = sig; + parsed_openssl = (d2i_ECDSA_SIG(&sig_openssl, &sigptr, siglen) != NULL); + if (parsed_openssl) { + ECDSA_SIG_get0(sig_openssl, &r, &s); + valid_openssl = !BN_is_negative(r) && !BN_is_negative(s) && BN_num_bits(r) > 0 && BN_num_bits(r) <= 256 && BN_num_bits(s) > 0 && BN_num_bits(s) <= 256; + if (valid_openssl) { + unsigned char tmp[32] = {0}; + BN_bn2bin(r, tmp + 32 - BN_num_bytes(r)); + valid_openssl = memcmp(tmp, max_scalar, 32) < 0; + } + if (valid_openssl) { + unsigned char tmp[32] = {0}; + BN_bn2bin(s, tmp + 32 - BN_num_bytes(s)); + valid_openssl = memcmp(tmp, max_scalar, 32) < 0; + } + } + len_openssl = i2d_ECDSA_SIG(sig_openssl, NULL); + if (len_openssl <= 2048) { + unsigned char *ptr = roundtrip_openssl; + CHECK(i2d_ECDSA_SIG(sig_openssl, &ptr) == len_openssl); + roundtrips_openssl = valid_openssl && ((size_t)len_openssl == siglen) && (memcmp(roundtrip_openssl, sig, siglen) == 0); + } else { + len_openssl = 0; + } + ECDSA_SIG_free(sig_openssl); + + ret |= (parsed_der && !parsed_openssl) << 4; + ret |= (valid_der && !valid_openssl) << 5; + ret |= (roundtrips_openssl && !parsed_der) << 6; + ret |= (roundtrips_der != roundtrips_openssl) << 7; + if (roundtrips_openssl) { + ret |= (len_der != (size_t)len_openssl) << 8; + ret |= ((len_der != (size_t)len_openssl) || (memcmp(roundtrip_der, roundtrip_openssl, len_der) != 0)) << 9; + } +#endif + return ret; +} + +static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val) { + size_t i; + for (i = 0; i < ptrlen; i++) { + int shift = ptrlen - 1 - i; + if (shift >= 4) { + ptr[i] = 0; + } else { + ptr[i] = (val >> shift) & 0xFF; + } + } +} + +static void damage_array(unsigned char *sig, size_t *len) { + int pos; + int action = secp256k1_rand_bits(3); + if (action < 1 && *len > 3) { + /* Delete a byte. */ + pos = secp256k1_rand_int(*len); + memmove(sig + pos, sig + pos + 1, *len - pos - 1); + (*len)--; + return; + } else if (action < 2 && *len < 2048) { + /* Insert a byte. */ + pos = secp256k1_rand_int(1 + *len); + memmove(sig + pos + 1, sig + pos, *len - pos); + sig[pos] = secp256k1_rand_bits(8); + (*len)++; + return; + } else if (action < 4) { + /* Modify a byte. */ + sig[secp256k1_rand_int(*len)] += 1 + secp256k1_rand_int(255); + return; + } else { /* action < 8 */ + /* Modify a bit. */ + sig[secp256k1_rand_int(*len)] ^= 1 << secp256k1_rand_bits(3); + return; + } +} + +static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly_der, int* certainly_not_der) { + int der; + int nlow[2], nlen[2], nlenlen[2], nhbit[2], nhbyte[2], nzlen[2]; + size_t tlen, elen, glen; + int indet; + int n; + + *len = 0; + der = secp256k1_rand_bits(2) == 0; + *certainly_der = der; + *certainly_not_der = 0; + indet = der ? 0 : secp256k1_rand_int(10) == 0; + + for (n = 0; n < 2; n++) { + /* We generate two classes of numbers: nlow==1 "low" ones (up to 32 bytes), nlow==0 "high" ones (32 bytes with 129 top bits set, or larger than 32 bytes) */ + nlow[n] = der ? 1 : (secp256k1_rand_bits(3) != 0); + /* The length of the number in bytes (the first byte of which will always be nonzero) */ + nlen[n] = nlow[n] ? secp256k1_rand_int(33) : 32 + secp256k1_rand_int(200) * secp256k1_rand_int(8) / 8; + CHECK(nlen[n] <= 232); + /* The top bit of the number. */ + nhbit[n] = (nlow[n] == 0 && nlen[n] == 32) ? 1 : (nlen[n] == 0 ? 0 : secp256k1_rand_bits(1)); + /* The top byte of the number (after the potential hardcoded 16 0xFF characters for "high" 32 bytes numbers) */ + nhbyte[n] = nlen[n] == 0 ? 0 : (nhbit[n] ? 128 + secp256k1_rand_bits(7) : 1 + secp256k1_rand_int(127)); + /* The number of zero bytes in front of the number (which is 0 or 1 in case of DER, otherwise we extend up to 300 bytes) */ + nzlen[n] = der ? ((nlen[n] == 0 || nhbit[n]) ? 1 : 0) : (nlow[n] ? secp256k1_rand_int(3) : secp256k1_rand_int(300 - nlen[n]) * secp256k1_rand_int(8) / 8); + if (nzlen[n] > ((nlen[n] == 0 || nhbit[n]) ? 1 : 0)) { + *certainly_not_der = 1; + } + CHECK(nlen[n] + nzlen[n] <= 300); + /* The length of the length descriptor for the number. 0 means short encoding, anything else is long encoding. */ + nlenlen[n] = nlen[n] + nzlen[n] < 128 ? 0 : (nlen[n] + nzlen[n] < 256 ? 1 : 2); + if (!der) { + /* nlenlen[n] max 127 bytes */ + int add = secp256k1_rand_int(127 - nlenlen[n]) * secp256k1_rand_int(16) * secp256k1_rand_int(16) / 256; + nlenlen[n] += add; + if (add != 0) { + *certainly_not_der = 1; + } + } + CHECK(nlen[n] + nzlen[n] + nlenlen[n] <= 427); + } + + /* The total length of the data to go, so far */ + tlen = 2 + nlenlen[0] + nlen[0] + nzlen[0] + 2 + nlenlen[1] + nlen[1] + nzlen[1]; + CHECK(tlen <= 856); + + /* The length of the garbage inside the tuple. */ + elen = (der || indet) ? 0 : secp256k1_rand_int(980 - tlen) * secp256k1_rand_int(8) / 8; + if (elen != 0) { + *certainly_not_der = 1; + } + tlen += elen; + CHECK(tlen <= 980); + + /* The length of the garbage after the end of the tuple. */ + glen = der ? 0 : secp256k1_rand_int(990 - tlen) * secp256k1_rand_int(8) / 8; + if (glen != 0) { + *certainly_not_der = 1; + } + CHECK(tlen + glen <= 990); + + /* Write the tuple header. */ + sig[(*len)++] = 0x30; + if (indet) { + /* Indeterminate length */ + sig[(*len)++] = 0x80; + *certainly_not_der = 1; + } else { + int tlenlen = tlen < 128 ? 0 : (tlen < 256 ? 1 : 2); + if (!der) { + int add = secp256k1_rand_int(127 - tlenlen) * secp256k1_rand_int(16) * secp256k1_rand_int(16) / 256; + tlenlen += add; + if (add != 0) { + *certainly_not_der = 1; + } + } + if (tlenlen == 0) { + /* Short length notation */ + sig[(*len)++] = tlen; + } else { + /* Long length notation */ + sig[(*len)++] = 128 + tlenlen; + assign_big_endian(sig + *len, tlenlen, tlen); + *len += tlenlen; + } + tlen += tlenlen; + } + tlen += 2; + CHECK(tlen + glen <= 1119); + + for (n = 0; n < 2; n++) { + /* Write the integer header. */ + sig[(*len)++] = 0x02; + if (nlenlen[n] == 0) { + /* Short length notation */ + sig[(*len)++] = nlen[n] + nzlen[n]; + } else { + /* Long length notation. */ + sig[(*len)++] = 128 + nlenlen[n]; + assign_big_endian(sig + *len, nlenlen[n], nlen[n] + nzlen[n]); + *len += nlenlen[n]; + } + /* Write zero padding */ + while (nzlen[n] > 0) { + sig[(*len)++] = 0x00; + nzlen[n]--; + } + if (nlen[n] == 32 && !nlow[n]) { + /* Special extra 16 0xFF bytes in "high" 32-byte numbers */ + int i; + for (i = 0; i < 16; i++) { + sig[(*len)++] = 0xFF; + } + nlen[n] -= 16; + } + /* Write first byte of number */ + if (nlen[n] > 0) { + sig[(*len)++] = nhbyte[n]; + nlen[n]--; + } + /* Generate remaining random bytes of number */ + secp256k1_rand_bytes_test(sig + *len, nlen[n]); + *len += nlen[n]; + nlen[n] = 0; + } + + /* Generate random garbage inside tuple. */ + secp256k1_rand_bytes_test(sig + *len, elen); + *len += elen; + + /* Generate end-of-contents bytes. */ + if (indet) { + sig[(*len)++] = 0; + sig[(*len)++] = 0; + tlen += 2; + } + CHECK(tlen + glen <= 1121); + + /* Generate random garbage outside tuple. */ + secp256k1_rand_bytes_test(sig + *len, glen); + *len += glen; + tlen += glen; + CHECK(tlen <= 1121); + CHECK(tlen == *len); +} + +void run_ecdsa_der_parse(void) { + int i,j; + for (i = 0; i < 200 * count; i++) { + unsigned char buffer[2048]; + size_t buflen = 0; + int certainly_der = 0; + int certainly_not_der = 0; + random_ber_signature(buffer, &buflen, &certainly_der, &certainly_not_der); + CHECK(buflen <= 2048); + for (j = 0; j < 16; j++) { + int ret = 0; + if (j > 0) { + damage_array(buffer, &buflen); + /* We don't know anything anymore about the DERness of the result */ + certainly_der = 0; + certainly_not_der = 0; + } + ret = test_ecdsa_der_parse(buffer, buflen, certainly_der, certainly_not_der); + if (ret != 0) { + size_t k; + fprintf(stderr, "Failure %x on ", ret); + for (k = 0; k < buflen; k++) { + fprintf(stderr, "%02x ", buffer[k]); + } + fprintf(stderr, "\n"); + } + CHECK(ret == 0); + } + } +} + +/* Tests several edge cases. */ +void test_ecdsa_edge_cases(void) { + int t; + secp256k1_ecdsa_signature sig; + + /* Test the case where ECDSA recomputes a point that is infinity. */ + { + secp256k1_gej keyj; + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_negate(&ss, &ss); + secp256k1_scalar_inverse(&ss, &ss); + secp256k1_scalar_set_int(&sr, 1); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &keyj, &sr); + secp256k1_ge_set_gej(&key, &keyj); + msg = ss; + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + } + + /* Verify signature with r of zero fails. */ + { + const unsigned char pubkey_mods_zero[33] = { + 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, + 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, + 0x41 + }; + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_set_int(&msg, 0); + secp256k1_scalar_set_int(&sr, 0); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey_mods_zero, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + } + + /* Verify signature with s of zero fails. */ + { + const unsigned char pubkey[33] = { + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01 + }; + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 0); + secp256k1_scalar_set_int(&msg, 0); + secp256k1_scalar_set_int(&sr, 1); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + } + + /* Verify signature with message 0 passes. */ + { + const unsigned char pubkey[33] = { + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02 + }; + const unsigned char pubkey2[33] = { + 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, + 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, + 0x43 + }; + secp256k1_ge key; + secp256k1_ge key2; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 2); + secp256k1_scalar_set_int(&msg, 0); + secp256k1_scalar_set_int(&sr, 2); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_eckey_pubkey_parse(&key2, pubkey2, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_negate(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_set_int(&ss, 1); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 0); + } + + /* Verify signature with message 1 passes. */ + { + const unsigned char pubkey[33] = { + 0x02, 0x14, 0x4e, 0x5a, 0x58, 0xef, 0x5b, 0x22, + 0x6f, 0xd2, 0xe2, 0x07, 0x6a, 0x77, 0xcf, 0x05, + 0xb4, 0x1d, 0xe7, 0x4a, 0x30, 0x98, 0x27, 0x8c, + 0x93, 0xe6, 0xe6, 0x3c, 0x0b, 0xc4, 0x73, 0x76, + 0x25 + }; + const unsigned char pubkey2[33] = { + 0x02, 0x8a, 0xd5, 0x37, 0xed, 0x73, 0xd9, 0x40, + 0x1d, 0xa0, 0x33, 0xd2, 0xdc, 0xf0, 0xaf, 0xae, + 0x34, 0xcf, 0x5f, 0x96, 0x4c, 0x73, 0x28, 0x0f, + 0x92, 0xc0, 0xf6, 0x9d, 0xd9, 0xb2, 0x09, 0x10, + 0x62 + }; + const unsigned char csr[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, + 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xeb + }; + secp256k1_ge key; + secp256k1_ge key2; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_set_int(&msg, 1); + secp256k1_scalar_set_b32(&sr, csr, NULL); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_eckey_pubkey_parse(&key2, pubkey2, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_negate(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_set_int(&ss, 2); + secp256k1_scalar_inverse_var(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 0); + } + + /* Verify signature with message -1 passes. */ + { + const unsigned char pubkey[33] = { + 0x03, 0xaf, 0x97, 0xff, 0x7d, 0x3a, 0xf6, 0xa0, + 0x02, 0x94, 0xbd, 0x9f, 0x4b, 0x2e, 0xd7, 0x52, + 0x28, 0xdb, 0x49, 0x2a, 0x65, 0xcb, 0x1e, 0x27, + 0x57, 0x9c, 0xba, 0x74, 0x20, 0xd5, 0x1d, 0x20, + 0xf1 + }; + const unsigned char csr[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, + 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xee + }; + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_set_int(&msg, 1); + secp256k1_scalar_negate(&msg, &msg); + secp256k1_scalar_set_b32(&sr, csr, NULL); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + secp256k1_scalar_negate(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + secp256k1_scalar_set_int(&ss, 3); + secp256k1_scalar_inverse_var(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + } + + /* Signature where s would be zero. */ + { + secp256k1_pubkey pubkey; + size_t siglen; + int32_t ecount; + unsigned char signature[72]; + static const unsigned char nonce[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }; + static const unsigned char nonce2[32] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, + 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40 + }; + const unsigned char key[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }; + unsigned char msg[32] = { + 0x86, 0x41, 0x99, 0x81, 0x06, 0x23, 0x44, 0x53, + 0xaa, 0x5f, 0x9d, 0x6a, 0x31, 0x78, 0xf4, 0xf7, + 0xb8, 0x12, 0xe0, 0x0b, 0x81, 0x7a, 0x77, 0x62, + 0x65, 0xdf, 0xdd, 0x31, 0xb9, 0x3e, 0x29, 0xa9, + }; + ecount = 0; + secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 0); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 0); + msg[31] = 0xaa; + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 1); + CHECK(ecount == 0); + CHECK(secp256k1_ecdsa_sign(ctx, NULL, msg, key, precomputed_nonce_function, nonce2) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, NULL, key, precomputed_nonce_function, nonce2) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, NULL, precomputed_nonce_function, nonce2) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 1); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, key) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, NULL, msg, &pubkey) == 0); + CHECK(ecount == 4); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, NULL, &pubkey) == 0); + CHECK(ecount == 5); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, NULL) == 0); + CHECK(ecount == 6); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 1); + CHECK(ecount == 6); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); + CHECK(ecount == 7); + /* That pubkeyload fails via an ARGCHECK is a little odd but makes sense because pubkeys are an opaque data type. */ + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 0); + CHECK(ecount == 8); + siglen = 72; + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, NULL, &siglen, &sig) == 0); + CHECK(ecount == 9); + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, NULL, &sig) == 0); + CHECK(ecount == 10); + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, NULL) == 0); + CHECK(ecount == 11); + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 1); + CHECK(ecount == 11); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, NULL, signature, siglen) == 0); + CHECK(ecount == 12); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, NULL, siglen) == 0); + CHECK(ecount == 13); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, signature, siglen) == 1); + CHECK(ecount == 13); + siglen = 10; + /* Too little room for a signature does not fail via ARGCHECK. */ + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 0); + CHECK(ecount == 13); + ecount = 0; + CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, NULL) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, NULL, &sig) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, signature, NULL) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, signature, &sig) == 1); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, NULL, signature) == 0); + CHECK(ecount == 4); + CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, NULL) == 0); + CHECK(ecount == 5); + CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, signature) == 1); + CHECK(ecount == 5); + memset(signature, 255, 64); + CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, signature) == 0); + CHECK(ecount == 5); + secp256k1_context_set_illegal_callback(ctx, NULL, NULL); + } + + /* Nonce function corner cases. */ + for (t = 0; t < 2; t++) { + static const unsigned char zero[32] = {0x00}; + int i; + unsigned char key[32]; + unsigned char msg[32]; + secp256k1_ecdsa_signature sig2; + secp256k1_scalar sr[512], ss; + const unsigned char *extra; + extra = t == 0 ? NULL : zero; + memset(msg, 0, 32); + msg[31] = 1; + /* High key results in signature failure. */ + memset(key, 0xFF, 32); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); + CHECK(is_empty_signature(&sig)); + /* Zero key results in signature failure. */ + memset(key, 0, 32); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); + CHECK(is_empty_signature(&sig)); + /* Nonce function failure results in signature failure. */ + key[31] = 1; + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_fail, extra) == 0); + CHECK(is_empty_signature(&sig)); + /* The retry loop successfully makes its way to the first good value. */ + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_retry, extra) == 1); + CHECK(!is_empty_signature(&sig)); + CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); + CHECK(!is_empty_signature(&sig2)); + CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); + /* The default nonce function is deterministic. */ + CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(!is_empty_signature(&sig2)); + CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); + /* The default nonce function changes output with different messages. */ + for(i = 0; i < 256; i++) { + int j; + msg[0] = i; + CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(!is_empty_signature(&sig2)); + secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); + for (j = 0; j < i; j++) { + CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); + } + } + msg[0] = 0; + msg[31] = 2; + /* The default nonce function changes output with different keys. */ + for(i = 256; i < 512; i++) { + int j; + key[0] = i - 256; + CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(!is_empty_signature(&sig2)); + secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); + for (j = 0; j < i; j++) { + CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); + } + } + key[0] = 0; + } + + { + /* Check that optional nonce arguments do not have equivalent effect. */ + const unsigned char zeros[32] = {0}; + unsigned char nonce[32]; + unsigned char nonce2[32]; + unsigned char nonce3[32]; + unsigned char nonce4[32]; + VG_UNDEF(nonce,32); + VG_UNDEF(nonce2,32); + VG_UNDEF(nonce3,32); + VG_UNDEF(nonce4,32); + CHECK(nonce_function_rfc6979(nonce, zeros, zeros, NULL, NULL, 0) == 1); + VG_CHECK(nonce,32); + CHECK(nonce_function_rfc6979(nonce2, zeros, zeros, zeros, NULL, 0) == 1); + VG_CHECK(nonce2,32); + CHECK(nonce_function_rfc6979(nonce3, zeros, zeros, NULL, (void *)zeros, 0) == 1); + VG_CHECK(nonce3,32); + CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1); + VG_CHECK(nonce4,32); + CHECK(memcmp(nonce, nonce2, 32) != 0); + CHECK(memcmp(nonce, nonce3, 32) != 0); + CHECK(memcmp(nonce, nonce4, 32) != 0); + CHECK(memcmp(nonce2, nonce3, 32) != 0); + CHECK(memcmp(nonce2, nonce4, 32) != 0); + CHECK(memcmp(nonce3, nonce4, 32) != 0); + } + + + /* Privkey export where pubkey is the point at infinity. */ + { + unsigned char privkey[300]; + unsigned char seckey[32] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41, + }; + size_t outlen = 300; + CHECK(!ec_privkey_export_der(ctx, privkey, &outlen, seckey, 0)); + outlen = 300; + CHECK(!ec_privkey_export_der(ctx, privkey, &outlen, seckey, 1)); + } +} + +void run_ecdsa_edge_cases(void) { + test_ecdsa_edge_cases(); +} + +#ifdef ENABLE_OPENSSL_TESTS +EC_KEY *get_openssl_key(const unsigned char *key32) { + unsigned char privkey[300]; + size_t privkeylen; + const unsigned char* pbegin = privkey; + int compr = secp256k1_rand_bits(1); + EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_secp256k1); + CHECK(ec_privkey_export_der(ctx, privkey, &privkeylen, key32, compr)); + CHECK(d2i_ECPrivateKey(&ec_key, &pbegin, privkeylen)); + CHECK(EC_KEY_check_key(ec_key)); + return ec_key; +} + +void test_ecdsa_openssl(void) { + secp256k1_gej qj; + secp256k1_ge q; + secp256k1_scalar sigr, sigs; + secp256k1_scalar one; + secp256k1_scalar msg2; + secp256k1_scalar key, msg; + EC_KEY *ec_key; + unsigned int sigsize = 80; + size_t secp_sigsize = 80; + unsigned char message[32]; + unsigned char signature[80]; + unsigned char key32[32]; + secp256k1_rand256_test(message); + secp256k1_scalar_set_b32(&msg, message, NULL); + random_scalar_order_test(&key); + secp256k1_scalar_get_b32(key32, &key); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &qj, &key); + secp256k1_ge_set_gej(&q, &qj); + ec_key = get_openssl_key(key32); + CHECK(ec_key != NULL); + CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); + CHECK(secp256k1_ecdsa_sig_parse(&sigr, &sigs, signature, sigsize)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg)); + secp256k1_scalar_set_int(&one, 1); + secp256k1_scalar_add(&msg2, &msg, &one); + CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg2)); + + random_sign(&sigr, &sigs, &key, &msg, NULL); + CHECK(secp256k1_ecdsa_sig_serialize(signature, &secp_sigsize, &sigr, &sigs)); + CHECK(ECDSA_verify(0, message, sizeof(message), signature, secp_sigsize, ec_key) == 1); + + EC_KEY_free(ec_key); +} + +void run_ecdsa_openssl(void) { + int i; + for (i = 0; i < 10*count; i++) { + test_ecdsa_openssl(); + } +} +#endif + +#ifdef ENABLE_MODULE_ECDH +# include "modules/ecdh/tests_impl.h" +#endif + +#ifdef ENABLE_MODULE_RECOVERY +# include "modules/recovery/tests_impl.h" +#endif + +int main(int argc, char **argv) { + unsigned char seed16[16] = {0}; + unsigned char run32[32] = {0}; + /* find iteration count */ + if (argc > 1) { + count = strtol(argv[1], NULL, 0); + } + + /* find random seed */ + if (argc > 2) { + int pos = 0; + const char* ch = argv[2]; + while (pos < 16 && ch[0] != 0 && ch[1] != 0) { + unsigned short sh; + if ((sscanf(ch, "%2hx", &sh)) == 1) { + seed16[pos] = sh; + } else { + break; + } + ch += 2; + pos++; + } + } else { + FILE *frand = fopen("/dev/urandom", "r"); + if ((frand == NULL) || fread(&seed16, 1, sizeof(seed16), frand) != sizeof(seed16)) { + uint64_t t = time(NULL) * (uint64_t)1337; + fprintf(stderr, "WARNING: could not read 16 bytes from /dev/urandom; falling back to insecure PRNG\n"); + seed16[0] ^= t; + seed16[1] ^= t >> 8; + seed16[2] ^= t >> 16; + seed16[3] ^= t >> 24; + seed16[4] ^= t >> 32; + seed16[5] ^= t >> 40; + seed16[6] ^= t >> 48; + seed16[7] ^= t >> 56; + } + if (frand) { + fclose(frand); + } + } + secp256k1_rand_seed(seed16); + + printf("test count = %i\n", count); + printf("random seed = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", seed16[0], seed16[1], seed16[2], seed16[3], seed16[4], seed16[5], seed16[6], seed16[7], seed16[8], seed16[9], seed16[10], seed16[11], seed16[12], seed16[13], seed16[14], seed16[15]); + + /* initialize */ + run_context_tests(0); + run_context_tests(1); + run_scratch_tests(); + ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + if (secp256k1_rand_bits(1)) { + secp256k1_rand256(run32); + CHECK(secp256k1_context_randomize(ctx, secp256k1_rand_bits(1) ? run32 : NULL)); + } + + run_rand_bits(); + run_rand_int(); + + run_sha256_tests(); + run_hmac_sha256_tests(); + run_rfc6979_hmac_sha256_tests(); + +#ifndef USE_NUM_NONE + /* num tests */ + run_num_smalltests(); +#endif + + /* scalar tests */ + run_scalar_tests(); + + /* field tests */ + run_field_inv(); + run_field_inv_var(); + run_field_inv_all_var(); + run_field_misc(); + run_field_convert(); + run_sqr(); + run_sqrt(); + + /* group tests */ + run_ge(); + run_group_decompress(); + + /* ecmult tests */ + run_wnaf(); + run_point_times_order(); + run_ecmult_chain(); + run_ecmult_constants(); + run_ecmult_gen_blind(); + run_ecmult_const_tests(); + run_ecmult_multi_tests(); + run_ec_combine(); + + /* endomorphism tests */ +#ifdef USE_ENDOMORPHISM + run_endomorphism_tests(); +#endif + + /* EC point parser test */ + run_ec_pubkey_parse_test(); + + /* EC key edge cases */ + run_eckey_edge_case_test(); + +#ifdef ENABLE_MODULE_ECDH + /* ecdh tests */ + run_ecdh_tests(); +#endif + + /* ecdsa tests */ + run_random_pubkeys(); + run_ecdsa_der_parse(); + run_ecdsa_sign_verify(); + run_ecdsa_end_to_end(); + run_ecdsa_edge_cases(); +#ifdef ENABLE_OPENSSL_TESTS + run_ecdsa_openssl(); +#endif + +#ifdef ENABLE_MODULE_RECOVERY + /* ECDSA pubkey recovery tests */ + run_recovery_tests(); +#endif + + secp256k1_rand256(run32); + printf("random run = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", run32[0], run32[1], run32[2], run32[3], run32[4], run32[5], run32[6], run32[7], run32[8], run32[9], run32[10], run32[11], run32[12], run32[13], run32[14], run32[15]); + + /* shutdown */ + secp256k1_context_destroy(ctx); + + printf("no problems found\n"); + return 0; +} diff --git a/deps/secp256k1/src/tests_exhaustive.c b/deps/secp256k1/src/tests_exhaustive.c new file mode 100644 index 000000000..b44e357cb --- /dev/null +++ b/deps/secp256k1/src/tests_exhaustive.c @@ -0,0 +1,511 @@ +/*********************************************************************** + * Copyright (c) 2016 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include +#include + +#include + +#undef USE_ECMULT_STATIC_PRECOMPUTATION + +#ifndef EXHAUSTIVE_TEST_ORDER +/* see group_impl.h for allowable values */ +#define EXHAUSTIVE_TEST_ORDER 13 +#define EXHAUSTIVE_TEST_LAMBDA 9 /* cube root of 1 mod 13 */ +#endif + +#include "include/secp256k1.h" +#include "group.h" +#include "secp256k1.c" +#include "testrand_impl.h" + +#ifdef ENABLE_MODULE_RECOVERY +#include "src/modules/recovery/main_impl.h" +#include "include/secp256k1_recovery.h" +#endif + +/** stolen from tests.c */ +void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) { + CHECK(a->infinity == b->infinity); + if (a->infinity) { + return; + } + CHECK(secp256k1_fe_equal_var(&a->x, &b->x)); + CHECK(secp256k1_fe_equal_var(&a->y, &b->y)); +} + +void ge_equals_gej(const secp256k1_ge *a, const secp256k1_gej *b) { + secp256k1_fe z2s; + secp256k1_fe u1, u2, s1, s2; + CHECK(a->infinity == b->infinity); + if (a->infinity) { + return; + } + /* Check a.x * b.z^2 == b.x && a.y * b.z^3 == b.y, to avoid inverses. */ + secp256k1_fe_sqr(&z2s, &b->z); + secp256k1_fe_mul(&u1, &a->x, &z2s); + u2 = b->x; secp256k1_fe_normalize_weak(&u2); + secp256k1_fe_mul(&s1, &a->y, &z2s); secp256k1_fe_mul(&s1, &s1, &b->z); + s2 = b->y; secp256k1_fe_normalize_weak(&s2); + CHECK(secp256k1_fe_equal_var(&u1, &u2)); + CHECK(secp256k1_fe_equal_var(&s1, &s2)); +} + +void random_fe(secp256k1_fe *x) { + unsigned char bin[32]; + do { + secp256k1_rand256(bin); + if (secp256k1_fe_set_b32(x, bin)) { + return; + } + } while(1); +} +/** END stolen from tests.c */ + +int secp256k1_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32, + const unsigned char *key32, const unsigned char *algo16, + void *data, unsigned int attempt) { + secp256k1_scalar s; + int *idata = data; + (void)msg32; + (void)key32; + (void)algo16; + /* Some nonces cannot be used because they'd cause s and/or r to be zero. + * The signing function has retry logic here that just re-calls the nonce + * function with an increased `attempt`. So if attempt > 0 this means we + * need to change the nonce to avoid an infinite loop. */ + if (attempt > 0) { + *idata = (*idata + 1) % EXHAUSTIVE_TEST_ORDER; + } + secp256k1_scalar_set_int(&s, *idata); + secp256k1_scalar_get_b32(nonce32, &s); + return 1; +} + +#ifdef USE_ENDOMORPHISM +void test_exhaustive_endomorphism(const secp256k1_ge *group, int order) { + int i; + for (i = 0; i < order; i++) { + secp256k1_ge res; + secp256k1_ge_mul_lambda(&res, &group[i]); + ge_equals_ge(&group[i * EXHAUSTIVE_TEST_LAMBDA % EXHAUSTIVE_TEST_ORDER], &res); + } +} +#endif + +void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_gej *groupj, int order) { + int i, j; + + /* Sanity-check (and check infinity functions) */ + CHECK(secp256k1_ge_is_infinity(&group[0])); + CHECK(secp256k1_gej_is_infinity(&groupj[0])); + for (i = 1; i < order; i++) { + CHECK(!secp256k1_ge_is_infinity(&group[i])); + CHECK(!secp256k1_gej_is_infinity(&groupj[i])); + } + + /* Check all addition formulae */ + for (j = 0; j < order; j++) { + secp256k1_fe fe_inv; + secp256k1_fe_inv(&fe_inv, &groupj[j].z); + for (i = 0; i < order; i++) { + secp256k1_ge zless_gej; + secp256k1_gej tmp; + /* add_var */ + secp256k1_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL); + ge_equals_gej(&group[(i + j) % order], &tmp); + /* add_ge */ + if (j > 0) { + secp256k1_gej_add_ge(&tmp, &groupj[i], &group[j]); + ge_equals_gej(&group[(i + j) % order], &tmp); + } + /* add_ge_var */ + secp256k1_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL); + ge_equals_gej(&group[(i + j) % order], &tmp); + /* add_zinv_var */ + zless_gej.infinity = groupj[j].infinity; + zless_gej.x = groupj[j].x; + zless_gej.y = groupj[j].y; + secp256k1_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv); + ge_equals_gej(&group[(i + j) % order], &tmp); + } + } + + /* Check doubling */ + for (i = 0; i < order; i++) { + secp256k1_gej tmp; + if (i > 0) { + secp256k1_gej_double_nonzero(&tmp, &groupj[i], NULL); + ge_equals_gej(&group[(2 * i) % order], &tmp); + } + secp256k1_gej_double_var(&tmp, &groupj[i], NULL); + ge_equals_gej(&group[(2 * i) % order], &tmp); + } + + /* Check negation */ + for (i = 1; i < order; i++) { + secp256k1_ge tmp; + secp256k1_gej tmpj; + secp256k1_ge_neg(&tmp, &group[i]); + ge_equals_ge(&group[order - i], &tmp); + secp256k1_gej_neg(&tmpj, &groupj[i]); + ge_equals_gej(&group[order - i], &tmpj); + } +} + +void test_exhaustive_ecmult(const secp256k1_context *ctx, const secp256k1_ge *group, const secp256k1_gej *groupj, int order) { + int i, j, r_log; + for (r_log = 1; r_log < order; r_log++) { + for (j = 0; j < order; j++) { + for (i = 0; i < order; i++) { + secp256k1_gej tmp; + secp256k1_scalar na, ng; + secp256k1_scalar_set_int(&na, i); + secp256k1_scalar_set_int(&ng, j); + + secp256k1_ecmult(&ctx->ecmult_ctx, &tmp, &groupj[r_log], &na, &ng); + ge_equals_gej(&group[(i * r_log + j) % order], &tmp); + + if (i > 0) { + secp256k1_ecmult_const(&tmp, &group[i], &ng, 256); + ge_equals_gej(&group[(i * j) % order], &tmp); + } + } + } + } +} + +typedef struct { + secp256k1_scalar sc[2]; + secp256k1_ge pt[2]; +} ecmult_multi_data; + +static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { + ecmult_multi_data *data = (ecmult_multi_data*) cbdata; + *sc = data->sc[idx]; + *pt = data->pt[idx]; + return 1; +} + +void test_exhaustive_ecmult_multi(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { + int i, j, k, x, y; + secp256k1_scratch *scratch = secp256k1_scratch_create(&ctx->error_callback, 4096); + for (i = 0; i < order; i++) { + for (j = 0; j < order; j++) { + for (k = 0; k < order; k++) { + for (x = 0; x < order; x++) { + for (y = 0; y < order; y++) { + secp256k1_gej tmp; + secp256k1_scalar g_sc; + ecmult_multi_data data; + + secp256k1_scalar_set_int(&data.sc[0], i); + secp256k1_scalar_set_int(&data.sc[1], j); + secp256k1_scalar_set_int(&g_sc, k); + data.pt[0] = group[x]; + data.pt[1] = group[y]; + + secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &tmp, &g_sc, ecmult_multi_callback, &data, 2); + ge_equals_gej(&group[(i * x + j * y + k) % order], &tmp); + } + } + } + } + } + secp256k1_scratch_destroy(&ctx->error_callback, scratch); +} + +void r_from_k(secp256k1_scalar *r, const secp256k1_ge *group, int k) { + secp256k1_fe x; + unsigned char x_bin[32]; + k %= EXHAUSTIVE_TEST_ORDER; + x = group[k].x; + secp256k1_fe_normalize(&x); + secp256k1_fe_get_b32(x_bin, &x); + secp256k1_scalar_set_b32(r, x_bin, NULL); +} + +void test_exhaustive_verify(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { + int s, r, msg, key; + for (s = 1; s < order; s++) { + for (r = 1; r < order; r++) { + for (msg = 1; msg < order; msg++) { + for (key = 1; key < order; key++) { + secp256k1_ge nonconst_ge; + secp256k1_ecdsa_signature sig; + secp256k1_pubkey pk; + secp256k1_scalar sk_s, msg_s, r_s, s_s; + secp256k1_scalar s_times_k_s, msg_plus_r_times_sk_s; + int k, should_verify; + unsigned char msg32[32]; + + secp256k1_scalar_set_int(&s_s, s); + secp256k1_scalar_set_int(&r_s, r); + secp256k1_scalar_set_int(&msg_s, msg); + secp256k1_scalar_set_int(&sk_s, key); + + /* Verify by hand */ + /* Run through every k value that gives us this r and check that *one* works. + * Note there could be none, there could be multiple, ECDSA is weird. */ + should_verify = 0; + for (k = 0; k < order; k++) { + secp256k1_scalar check_x_s; + r_from_k(&check_x_s, group, k); + if (r_s == check_x_s) { + secp256k1_scalar_set_int(&s_times_k_s, k); + secp256k1_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); + secp256k1_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); + secp256k1_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); + should_verify |= secp256k1_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); + } + } + /* nb we have a "high s" rule */ + should_verify &= !secp256k1_scalar_is_high(&s_s); + + /* Verify by calling verify */ + secp256k1_ecdsa_signature_save(&sig, &r_s, &s_s); + memcpy(&nonconst_ge, &group[sk_s], sizeof(nonconst_ge)); + secp256k1_pubkey_save(&pk, &nonconst_ge); + secp256k1_scalar_get_b32(msg32, &msg_s); + CHECK(should_verify == + secp256k1_ecdsa_verify(ctx, &sig, msg32, &pk)); + } + } + } + } +} + +void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { + int i, j, k; + + /* Loop */ + for (i = 1; i < order; i++) { /* message */ + for (j = 1; j < order; j++) { /* key */ + for (k = 1; k < order; k++) { /* nonce */ + const int starting_k = k; + secp256k1_ecdsa_signature sig; + secp256k1_scalar sk, msg, r, s, expected_r; + unsigned char sk32[32], msg32[32]; + secp256k1_scalar_set_int(&msg, i); + secp256k1_scalar_set_int(&sk, j); + secp256k1_scalar_get_b32(sk32, &sk); + secp256k1_scalar_get_b32(msg32, &msg); + + secp256k1_ecdsa_sign(ctx, &sig, msg32, sk32, secp256k1_nonce_function_smallint, &k); + + secp256k1_ecdsa_signature_load(ctx, &r, &s, &sig); + /* Note that we compute expected_r *after* signing -- this is important + * because our nonce-computing function function might change k during + * signing. */ + r_from_k(&expected_r, group, k); + CHECK(r == expected_r); + CHECK((k * s) % order == (i + r * j) % order || + (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); + + /* Overflow means we've tried every possible nonce */ + if (k < starting_k) { + break; + } + } + } + } + + /* We would like to verify zero-knowledge here by counting how often every + * possible (s, r) tuple appears, but because the group order is larger + * than the field order, when coercing the x-values to scalar values, some + * appear more often than others, so we are actually not zero-knowledge. + * (This effect also appears in the real code, but the difference is on the + * order of 1/2^128th the field order, so the deviation is not useful to a + * computationally bounded attacker.) + */ +} + +#ifdef ENABLE_MODULE_RECOVERY +void test_exhaustive_recovery_sign(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { + int i, j, k; + + /* Loop */ + for (i = 1; i < order; i++) { /* message */ + for (j = 1; j < order; j++) { /* key */ + for (k = 1; k < order; k++) { /* nonce */ + const int starting_k = k; + secp256k1_fe r_dot_y_normalized; + secp256k1_ecdsa_recoverable_signature rsig; + secp256k1_ecdsa_signature sig; + secp256k1_scalar sk, msg, r, s, expected_r; + unsigned char sk32[32], msg32[32]; + int expected_recid; + int recid; + secp256k1_scalar_set_int(&msg, i); + secp256k1_scalar_set_int(&sk, j); + secp256k1_scalar_get_b32(sk32, &sk); + secp256k1_scalar_get_b32(msg32, &msg); + + secp256k1_ecdsa_sign_recoverable(ctx, &rsig, msg32, sk32, secp256k1_nonce_function_smallint, &k); + + /* Check directly */ + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, &rsig); + r_from_k(&expected_r, group, k); + CHECK(r == expected_r); + CHECK((k * s) % order == (i + r * j) % order || + (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); + /* In computing the recid, there is an overflow condition that is disabled in + * scalar_low_impl.h `secp256k1_scalar_set_b32` because almost every r.y value + * will exceed the group order, and our signing code always holds out for r + * values that don't overflow, so with a proper overflow check the tests would + * loop indefinitely. */ + r_dot_y_normalized = group[k].y; + secp256k1_fe_normalize(&r_dot_y_normalized); + /* Also the recovery id is flipped depending if we hit the low-s branch */ + if ((k * s) % order == (i + r * j) % order) { + expected_recid = secp256k1_fe_is_odd(&r_dot_y_normalized) ? 1 : 0; + } else { + expected_recid = secp256k1_fe_is_odd(&r_dot_y_normalized) ? 0 : 1; + } + CHECK(recid == expected_recid); + + /* Convert to a standard sig then check */ + secp256k1_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); + secp256k1_ecdsa_signature_load(ctx, &r, &s, &sig); + /* Note that we compute expected_r *after* signing -- this is important + * because our nonce-computing function function might change k during + * signing. */ + r_from_k(&expected_r, group, k); + CHECK(r == expected_r); + CHECK((k * s) % order == (i + r * j) % order || + (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); + + /* Overflow means we've tried every possible nonce */ + if (k < starting_k) { + break; + } + } + } + } +} + +void test_exhaustive_recovery_verify(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { + /* This is essentially a copy of test_exhaustive_verify, with recovery added */ + int s, r, msg, key; + for (s = 1; s < order; s++) { + for (r = 1; r < order; r++) { + for (msg = 1; msg < order; msg++) { + for (key = 1; key < order; key++) { + secp256k1_ge nonconst_ge; + secp256k1_ecdsa_recoverable_signature rsig; + secp256k1_ecdsa_signature sig; + secp256k1_pubkey pk; + secp256k1_scalar sk_s, msg_s, r_s, s_s; + secp256k1_scalar s_times_k_s, msg_plus_r_times_sk_s; + int recid = 0; + int k, should_verify; + unsigned char msg32[32]; + + secp256k1_scalar_set_int(&s_s, s); + secp256k1_scalar_set_int(&r_s, r); + secp256k1_scalar_set_int(&msg_s, msg); + secp256k1_scalar_set_int(&sk_s, key); + secp256k1_scalar_get_b32(msg32, &msg_s); + + /* Verify by hand */ + /* Run through every k value that gives us this r and check that *one* works. + * Note there could be none, there could be multiple, ECDSA is weird. */ + should_verify = 0; + for (k = 0; k < order; k++) { + secp256k1_scalar check_x_s; + r_from_k(&check_x_s, group, k); + if (r_s == check_x_s) { + secp256k1_scalar_set_int(&s_times_k_s, k); + secp256k1_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); + secp256k1_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); + secp256k1_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); + should_verify |= secp256k1_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); + } + } + /* nb we have a "high s" rule */ + should_verify &= !secp256k1_scalar_is_high(&s_s); + + /* We would like to try recovering the pubkey and checking that it matches, + * but pubkey recovery is impossible in the exhaustive tests (the reason + * being that there are 12 nonzero r values, 12 nonzero points, and no + * overlap between the sets, so there are no valid signatures). */ + + /* Verify by converting to a standard signature and calling verify */ + secp256k1_ecdsa_recoverable_signature_save(&rsig, &r_s, &s_s, recid); + secp256k1_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); + memcpy(&nonconst_ge, &group[sk_s], sizeof(nonconst_ge)); + secp256k1_pubkey_save(&pk, &nonconst_ge); + CHECK(should_verify == + secp256k1_ecdsa_verify(ctx, &sig, msg32, &pk)); + } + } + } + } +} +#endif + +int main(void) { + int i; + secp256k1_gej groupj[EXHAUSTIVE_TEST_ORDER]; + secp256k1_ge group[EXHAUSTIVE_TEST_ORDER]; + + /* Build context */ + secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + + /* TODO set z = 1, then do num_tests runs with random z values */ + + /* Generate the entire group */ + secp256k1_gej_set_infinity(&groupj[0]); + secp256k1_ge_set_gej(&group[0], &groupj[0]); + for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { + /* Set a different random z-value for each Jacobian point */ + secp256k1_fe z; + random_fe(&z); + + secp256k1_gej_add_ge(&groupj[i], &groupj[i - 1], &secp256k1_ge_const_g); + secp256k1_ge_set_gej(&group[i], &groupj[i]); + secp256k1_gej_rescale(&groupj[i], &z); + + /* Verify against ecmult_gen */ + { + secp256k1_scalar scalar_i; + secp256k1_gej generatedj; + secp256k1_ge generated; + + secp256k1_scalar_set_int(&scalar_i, i); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); + secp256k1_ge_set_gej(&generated, &generatedj); + + CHECK(group[i].infinity == 0); + CHECK(generated.infinity == 0); + CHECK(secp256k1_fe_equal_var(&generated.x, &group[i].x)); + CHECK(secp256k1_fe_equal_var(&generated.y, &group[i].y)); + } + } + + /* Run the tests */ +#ifdef USE_ENDOMORPHISM + test_exhaustive_endomorphism(group, EXHAUSTIVE_TEST_ORDER); +#endif + test_exhaustive_addition(group, groupj, EXHAUSTIVE_TEST_ORDER); + test_exhaustive_ecmult(ctx, group, groupj, EXHAUSTIVE_TEST_ORDER); + test_exhaustive_ecmult_multi(ctx, group, EXHAUSTIVE_TEST_ORDER); + test_exhaustive_sign(ctx, group, EXHAUSTIVE_TEST_ORDER); + test_exhaustive_verify(ctx, group, EXHAUSTIVE_TEST_ORDER); + +#ifdef ENABLE_MODULE_RECOVERY + test_exhaustive_recovery_sign(ctx, group, EXHAUSTIVE_TEST_ORDER); + test_exhaustive_recovery_verify(ctx, group, EXHAUSTIVE_TEST_ORDER); +#endif + + secp256k1_context_destroy(ctx); + return 0; +} + diff --git a/deps/secp256k1/src/util.h b/deps/secp256k1/src/util.h new file mode 100644 index 000000000..9deb61bc5 --- /dev/null +++ b/deps/secp256k1/src/util.h @@ -0,0 +1,162 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_UTIL_H +#define SECP256K1_UTIL_H + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include +#include +#include + +typedef struct { + void (*fn)(const char *text, void* data); + const void* data; +} secp256k1_callback; + +static SECP256K1_INLINE void secp256k1_callback_call(const secp256k1_callback * const cb, const char * const text) { + cb->fn(text, (void*)cb->data); +} + +#ifdef DETERMINISTIC +#define TEST_FAILURE(msg) do { \ + fprintf(stderr, "%s\n", msg); \ + abort(); \ +} while(0); +#else +#define TEST_FAILURE(msg) do { \ + fprintf(stderr, "%s:%d: %s\n", __FILE__, __LINE__, msg); \ + abort(); \ +} while(0) +#endif + +#if SECP256K1_GNUC_PREREQ(3, 0) +#define EXPECT(x,c) __builtin_expect((x),(c)) +#else +#define EXPECT(x,c) (x) +#endif + +#ifdef DETERMINISTIC +#define CHECK(cond) do { \ + if (EXPECT(!(cond), 0)) { \ + TEST_FAILURE("test condition failed"); \ + } \ +} while(0) +#else +#define CHECK(cond) do { \ + if (EXPECT(!(cond), 0)) { \ + TEST_FAILURE("test condition failed: " #cond); \ + } \ +} while(0) +#endif + +/* Like assert(), but when VERIFY is defined, and side-effect safe. */ +#if defined(COVERAGE) +#define VERIFY_CHECK(check) +#define VERIFY_SETUP(stmt) +#elif defined(VERIFY) +#define VERIFY_CHECK CHECK +#define VERIFY_SETUP(stmt) do { stmt; } while(0) +#else +#define VERIFY_CHECK(cond) do { (void)(cond); } while(0) +#define VERIFY_SETUP(stmt) +#endif + +static SECP256K1_INLINE void *checked_malloc(const secp256k1_callback* cb, size_t size) { + void *ret = malloc(size); + if (ret == NULL) { + secp256k1_callback_call(cb, "Out of memory"); + } + return ret; +} + +static SECP256K1_INLINE void *checked_realloc(const secp256k1_callback* cb, void *ptr, size_t size) { + void *ret = realloc(ptr, size); + if (ret == NULL) { + secp256k1_callback_call(cb, "Out of memory"); + } + return ret; +} + +#if defined(__BIGGEST_ALIGNMENT__) +#define ALIGNMENT __BIGGEST_ALIGNMENT__ +#else +/* Using 16 bytes alignment because common architectures never have alignment + * requirements above 8 for any of the types we care about. In addition we + * leave some room because currently we don't care about a few bytes. */ +#define ALIGNMENT 16 +#endif + +#define ROUND_TO_ALIGN(size) (((size + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT) + +/* Assume there is a contiguous memory object with bounds [base, base + max_size) + * of which the memory range [base, *prealloc_ptr) is already allocated for usage, + * where *prealloc_ptr is an aligned pointer. In that setting, this functions + * reserves the subobject [*prealloc_ptr, *prealloc_ptr + alloc_size) of + * alloc_size bytes by increasing *prealloc_ptr accordingly, taking into account + * alignment requirements. + * + * The function returns an aligned pointer to the newly allocated subobject. + * + * This is useful for manual memory management: if we're simply given a block + * [base, base + max_size), the caller can use this function to allocate memory + * in this block and keep track of the current allocation state with *prealloc_ptr. + * + * It is VERIFY_CHECKed that there is enough space left in the memory object and + * *prealloc_ptr is aligned relative to base. + */ +static SECP256K1_INLINE void *manual_alloc(void** prealloc_ptr, size_t alloc_size, void* base, size_t max_size) { + size_t aligned_alloc_size = ROUND_TO_ALIGN(alloc_size); + void* ret; + VERIFY_CHECK(prealloc_ptr != NULL); + VERIFY_CHECK(*prealloc_ptr != NULL); + VERIFY_CHECK(base != NULL); + VERIFY_CHECK((unsigned char*)*prealloc_ptr >= (unsigned char*)base); + VERIFY_CHECK(((unsigned char*)*prealloc_ptr - (unsigned char*)base) % ALIGNMENT == 0); + VERIFY_CHECK((unsigned char*)*prealloc_ptr - (unsigned char*)base + aligned_alloc_size <= max_size); + ret = *prealloc_ptr; + *((unsigned char**)prealloc_ptr) += aligned_alloc_size; + return ret; +} + +/* Macro for restrict, when available and not in a VERIFY build. */ +#if defined(SECP256K1_BUILD) && defined(VERIFY) +# define SECP256K1_RESTRICT +#else +# if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) ) +# if SECP256K1_GNUC_PREREQ(3,0) +# define SECP256K1_RESTRICT __restrict__ +# elif (defined(_MSC_VER) && _MSC_VER >= 1400) +# define SECP256K1_RESTRICT __restrict +# else +# define SECP256K1_RESTRICT +# endif +# else +# define SECP256K1_RESTRICT restrict +# endif +#endif + +#if defined(_WIN32) +# define I64FORMAT "I64d" +# define I64uFORMAT "I64u" +#else +# define I64FORMAT "lld" +# define I64uFORMAT "llu" +#endif + +#if defined(HAVE___INT128) +# if defined(__GNUC__) +# define SECP256K1_GNUC_EXT __extension__ +# else +# define SECP256K1_GNUC_EXT +# endif +SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t; +#endif + +#endif /* SECP256K1_UTIL_H */ diff --git a/docs/changes.txt b/docs/changes.txt index 719c86069..53c623494 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -24,7 +24,7 @@ - Added hash-mode: BitShares v0.x - Added hash-mode: Blockchain, My Wallet, Second Password (SHA256) - Added hash-mode: DiskCryptor -- Added hash-mode: Electrum Wallet (Salt-Type 3) +- Added hash-mode: Electrum Wallet (Salt-Type 3-5) - Added hash-mode: Huawei Router sha1(md5($pass).$salt) - Added hash-mode: Java Object hashCode() - Added hash-mode: Kerberos 5 Pre-Auth etype 17 (AES128-CTS-HMAC-SHA1-96) diff --git a/docs/credits.txt b/docs/credits.txt index e89ffe2a3..d897e2113 100644 --- a/docs/credits.txt +++ b/docs/credits.txt @@ -56,6 +56,7 @@ Other contributors to hashcat * LZMA-SDK by Igor Pavlov * zlib by Jean-loup Gailly and Mark Adler * win-iconv by Yukihiro Nakadaira +* secp256k1 library by Pieter Wuille # Furthermore the following persons helped the project: diff --git a/docs/readme.txt b/docs/readme.txt index dc1da35d9..d55f14f4d 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -274,7 +274,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - LastPass + LastPass sniffed - KeePass 1 (AES/Twofish) and KeePass 2 (AES) - Bitcoin/Litecoin wallet.dat -- Electrum Wallet (Salt-Type 1-3) +- Electrum Wallet (Salt-Type 1-5) - Blockchain, My Wallet - Blockchain, My Wallet, V2 - Blockchain, My Wallet, Second Password (SHA256) diff --git a/include/ext_secp256k1.h b/include/ext_secp256k1.h new file mode 100644 index 000000000..689a75300 --- /dev/null +++ b/include/ext_secp256k1.h @@ -0,0 +1,13 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#ifndef _EXT_SECP256K1_H + +#include "secp256k1.h" + +bool hc_secp256k1_pubkey_parse (secp256k1_pubkey *pubkey, u8 *buf, size_t length); +bool hc_secp256k1_pubkey_tweak_mul (secp256k1_pubkey *pubkey, u8 *buf, size_t length); + +#endif // _EXT_SECP256K1_H diff --git a/src/Makefile b/src/Makefile index c61078a4a..8c826f833 100644 --- a/src/Makefile +++ b/src/Makefile @@ -10,6 +10,7 @@ PRODUCTION_VERSION := v5.1.0 ENABLE_BRAIN := 1 USE_SYSTEM_LZMA := 0 USE_SYSTEM_ZLIB := 0 +USE_SYSTEM_LIBSECP256K1 := 0 USE_SYSTEM_OPENCL := 0 USE_SYSTEM_XXHASH := 0 @@ -120,6 +121,12 @@ else DEPS_ZLIB_PATH := $(LIBRARY_DEV_ROOT_FOLDER)/ endif +ifeq ($(USE_SYSTEM_LIBSECP256K1),0) +DEPS_LIBSECP256K1_PATH := deps/secp256k1/ +else +DEPS_LIBSECP256K1_PATH := $(LIBRARY_DEV_ROOT_FOLDER)/ +endif + ifeq ($(USE_SYSTEM_OPENCL),0) DEPS_OPENCL_PATH := deps/OpenCL-Headers else @@ -184,6 +191,11 @@ CFLAGS_ZLIB += -Wno-unused-parameter CFLAGS_ZLIB += -DIOAPI_NO_64 endif +## because LIBSECP256K1 (Electrum 4/5) +CFLAGS_LIBSECP256K1 += -Wno-unused-parameter +CFLAGS_LIBSECP256K1 += -Wno-unused-function +CFLAGS_LIBSECP256K1 += -Wno-nonnull-compare + ifeq ($(DEBUG),0) CFLAGS += -O2 ifneq ($(UNAME),Darwin) @@ -222,6 +234,24 @@ ifeq ($(USE_SYSTEM_ZLIB),1) LFLAGS += -lz endif +# LIBSECP256K1 + +ifeq ($(USE_SYSTEM_LIBSECP256K1),1) +LFLAGS += -lsecp256k1 +CFLAGS_LIBSECP256K1 += -DWITH_LIBSECP256K1 + +# NOT working if used only in CFLAGS_LIBSECP256K1 because we need to include secp256k1.h in the module too +CFLAGS += -I$(DEPS_LIBSECP256K1_PATH) +else +CFLAGS_LIBSECP256K1 += -I$(DEPS_LIBSECP256K1_PATH)/src/ + +# files in deps/secp256k1/ include "include/secp256k1.h" so we need the parent folder too +CFLAGS_LIBSECP256K1 += -I$(DEPS_LIBSECP256K1_PATH) + +# NOT working if used only in CFLAGS_LIBSECP256K1 because we need to include secp256k1.h in the module too +CFLAGS += -I$(DEPS_LIBSECP256K1_PATH)/include/ +endif + # OpenCL CFLAGS += -I$(DEPS_OPENCL_PATH) @@ -302,7 +332,7 @@ EMU_OBJS_ALL += emu_inc_truecrypt_crc32 emu_inc_truecrypt_keyfile emu EMU_OBJS_ALL += emu_inc_hash_md4 emu_inc_hash_md5 emu_inc_hash_ripemd160 emu_inc_hash_sha1 emu_inc_hash_sha256 emu_inc_hash_sha384 emu_inc_hash_sha512 emu_inc_hash_streebog256 emu_inc_hash_streebog512 EMU_OBJS_ALL += emu_inc_cipher_aes emu_inc_cipher_camellia emu_inc_cipher_des emu_inc_cipher_kuznyechik emu_inc_cipher_serpent emu_inc_cipher_twofish -OBJS_ALL := affinity autotune backend benchmark bitmap bitops combinator common convert cpt cpu_crc32 debugfile dictstat dispatch dynloader event ext_ADL ext_cuda ext_nvapi ext_nvml ext_nvrtc ext_OpenCL ext_sysfs ext_lzma filehandling folder hashcat hashes hlfmt hwmon induct interface keyboard_layout locking logfile loopback memory monitor mpsp outfile_check outfile pidfile potfile restore rp rp_cpu selftest slow_candidates shared status stdout straight terminal thread timer tuningdb usage user_options wordlist $(EMU_OBJS_ALL) +OBJS_ALL := affinity autotune backend benchmark bitmap bitops combinator common convert cpt cpu_crc32 debugfile dictstat dispatch dynloader event ext_ADL ext_cuda ext_nvapi ext_nvml ext_nvrtc ext_OpenCL ext_sysfs ext_lzma ext_secp256k1 filehandling folder hashcat hashes hlfmt hwmon induct interface keyboard_layout locking logfile loopback memory monitor mpsp outfile_check outfile pidfile potfile restore rp rp_cpu selftest slow_candidates shared status stdout straight terminal thread timer tuningdb usage user_options wordlist $(EMU_OBJS_ALL) ifeq ($(ENABLE_BRAIN),1) OBJS_ALL += brain @@ -483,6 +513,9 @@ obj/%.NATIVE.o: $(DEPS_ZLIB_PATH)/%.c $(CC) -c $(CFLAGS_NATIVE) $(CFLAGS_ZLIB) $< -o $@ -fpic endif +obj/ext_secp256k1.NATIVE.o: src/ext_secp256k1.c + $(CC) -c $(CFLAGS_NATIVE) $(CFLAGS_LIBSECP256K1) $< -o $@ -fpic + ifeq ($(USE_SYSTEM_XXHASH),0) ifeq ($(ENABLE_BRAIN),1) obj/%.NATIVE.o: $(DEPS_XXHASH_PATH)/%.c @@ -645,6 +678,12 @@ obj/%.WIN.o: $(DEPS_XXHASH_PATH)/%.c endif endif +obj/ext_secp256k1.LINUX.o: src/ext_secp256k1.c + $(CC_LINUX) $(CFLAGS_CROSS_LINUX) $(CFLAGS_LIBSECP256K1) -c -o $@ $< + +obj/ext_secp256k1.WIN.o: src/ext_secp256k1.c + $(CC_WIN) $(CFLAGS_CROSS_WIN) $(CFLAGS_LIBSECP256K1) -c -o $@ $< + obj/combined.LINUX.a: $(LINUX_OBJS) $(AR_LINUX) rcs $@ $^ diff --git a/src/ext_secp256k1.c b/src/ext_secp256k1.c new file mode 100644 index 000000000..f333d9ce6 --- /dev/null +++ b/src/ext_secp256k1.c @@ -0,0 +1,77 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "types.h" +#include "common.h" + +#include "ext_secp256k1.h" + + +#if !defined (WITH_LIBSECP256K1) + +// some macros needed for secp256k1 header and source code includes: + +// is this a good 64-bit support check ? +#if !defined(__LP64__) && !defined(_WIN64) && !defined(__x86_64__) + +#define USE_SCALAR_8X32 +#define USE_FIELD_10X26 + +#else + +#define HAVE___INT128 +#define USE_ASM_X86_64 +// doesn't change speed much: #define USE_ECMULT_STATIC_PRECOMPUTATION + +#define USE_SCALAR_4X64 +#define USE_FIELD_5X52 + +#endif + +#define USE_SCALAR_INV_BUILTIN +#define USE_FIELD_INV_BUILTIN + +#define ECMULT_WINDOW_SIZE 15 +#define ECMULT_GEN_PREC_BITS 4 + +#define USE_NUM_NONE + +#include "secp256k1.c" + +#endif + +bool hc_secp256k1_pubkey_parse (secp256k1_pubkey *pubkey, u8 *buf, size_t length) +{ + secp256k1_context *t_ctx = secp256k1_context_create (SECP256K1_CONTEXT_NONE); + + if (secp256k1_ec_pubkey_parse (t_ctx, pubkey, buf, length) == 0) + { + secp256k1_context_destroy (t_ctx); + + return false; + } + + secp256k1_context_destroy (t_ctx); + + return true; +} + +bool hc_secp256k1_pubkey_tweak_mul (secp256k1_pubkey *pubkey, u8 *buf, size_t length) +{ + secp256k1_context *sctx = secp256k1_context_create (SECP256K1_CONTEXT_VERIFY); + + if (secp256k1_ec_pubkey_tweak_mul (sctx, pubkey, buf) == 0) + { + secp256k1_context_destroy (sctx); + + return false; + } + + secp256k1_ec_pubkey_serialize (sctx, buf, &length, pubkey, SECP256K1_EC_COMPRESSED); + + secp256k1_context_destroy (sctx); + + return true; +} diff --git a/src/modules/module_21700.c b/src/modules/module_21700.c new file mode 100644 index 000000000..63e2c4e1f --- /dev/null +++ b/src/modules/module_21700.c @@ -0,0 +1,401 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "ext_secp256k1.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER; +static const char *HASH_NAME = "Electrum Wallet (Salt-Type 4)"; +static const u64 KERN_TYPE = 21700; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_HOOK23; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$electrum$4*03eae309d8bda5dcbddaae8145469193152763894b7260a6c4ba181b3ac2ed5653*8c594086a64dc87a9c1f8a69f646e31e8d3182c3c722def4427aa20684776ac26092c6f60bf2762e27adfa93fe1e952dcb8d6362224b9a371953aa3a2edb596ce5eb4c0879c4353f2cc515ec6c9e7a6defa26c5df346d18a62e9d40fcc606bc8c34322bf2212f77770a683788db0baf4cb43595c2a27fe5ff8bdcb1fd915bcd725149d8ee8f14c71635fecb04da5dde97584f4581ceb7d907dceed80ae5daa8352dda20b25fd6001e99a96b7cf839a36cd3f5656304e6998c18e03dd2fb720cb41386c52910c9cb83272c3d50f3a6ff362ab8389b0c21c75133c971df0a75b331796371b060b32fe1673f4a041d7ae08bbdeffb45d706eaf65f99573c07972701c97766b4d7a8a03bba0f885eb3845dfd9152286e1de1f93e25ce04c54712509166dda80a84c2d34652f68e6c01e662f8b1cc7c15103a4502c29332a4fdbdda470c875809e15aab3f2fcb061ee96992ad7e8ab9da88203e35f47d6e88b07a13b0e70ef76de3be20dc06facbddc1e47206b16b44573f57396265116b4d243e77d1c98bc2b28aa3ec0f8d959764a54ecdd03d8360ff2823577fe2183e618aac15b30c1d20986841e3d83c0bfabcedb7c27ddc436eb7113db927e0beae7522b04566631a090b214660152a4f4a90e19356e66ee7309a0671b2e7bfde82667538d193fc7e397442052c6c611b6bf0a04f629a1dc7fa9eb44bfad1bfc6a0bce9f0564c3b483737e447720b7fd038c9a961a25e9594b76bf8c8071c83fcacd689c7469f698ee4aee4d4f626a73e21ce4967e705e4d83e1145b4260330367d8341c84723a1b02567ffbab26aac3afd1079887b4391f05d09780fc65f8b4f68cd51391c06593919d7eafd0775f83045b8f5c2e59cef902ff500654ea29b7623c7594ab2cc0e05ffe3f10abc46c9c5dac824673c307dcbff5bc5f3774141ff99f6a34ec4dd8a58d154a1c72636a2422b8fafdef399dec350d2b91947448582d52291f2261d264d29399ae3c92dc61769a49224af9e7c98d74190f93eb49a44db7587c1a2afb5e1a4bec5cdeb8ad2aac9728d5ae95600c52e9f063c11cdb32b7c1d8435ce76fcf1fa562bd38f14bf6c303c70fb373d951b8a691ab793f12c0f3336d6191378bccaed32923bba81868148f029e3d5712a2fb9f610997549710716db37f7400690c8dfbed12ff0a683d8e4d0079b380e2fd856eeafb8c6eedfac8fb54dacd6bd8a96e9f8d23ea87252c1a7c2b53efc6e6aa1f0cc30fbaaf68ee7d46666afc15856669cd9baebf9397ff9f322cce5285e68a985f3b6aadce5e8f14e9f9dd16764bc4e9f62168aa265d8634ab706ed40b0809023f141c36717bd6ccef9ec6aa6bfd2d00bda9375c2fee9ebba49590a166*1b0997cf64bb2c2ff88cb87bcacd9729d404bd46db18117c20d94e67c946fedc"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct electrum +{ + u32 data_buf[4096]; + u32 data_len; + +} electrum_t; + +typedef struct electrum_tmp +{ + u64 ipad[8]; + u64 opad[8]; + + u64 dgst[8]; + u64 out[8]; + +} electrum_tmp_t; + +typedef struct +{ + u32 ukey[8]; + + u32 pubkey[9]; // 32 + 1 bytes (for sign of the curve point) + + u32 hook_success; + +} electrum_hook_t; + +typedef struct electrum_hook_salt +{ + u8 ephemeral_pubkey_raw[33]; + + secp256k1_pubkey ephemeral_pubkey_struct; + +} electrum_hook_salt_t; + +static const char *SIGNATURE_ELECTRUM = "$electrum$4*"; + +void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos) +{ + electrum_hook_t *hook_items = (electrum_hook_t *) device_param->hooks_buf; + + electrum_hook_salt_t *electrums = (electrum_hook_salt_t *) hook_salts_buf; + electrum_hook_salt_t *electrum = &electrums[salt_pos]; + + // we need to copy it because the secp256k1_ec_pubkey_tweak_mul () function has side effects + + secp256k1_pubkey ephemeral_pubkey = electrum->ephemeral_pubkey_struct; // shallow copy is safe ! + + // this hook data needs to be updated (the "hook_success" variable): + + electrum_hook_t *hook_item = &hook_items[pw_pos]; + + hook_item->hook_success = 0; + + u32 *hook_pubkey = hook_item->pubkey; + + hook_pubkey[0] = hook_item->ukey[0]; + hook_pubkey[1] = hook_item->ukey[1]; + hook_pubkey[2] = hook_item->ukey[2]; + hook_pubkey[3] = hook_item->ukey[3]; + hook_pubkey[4] = hook_item->ukey[4]; + hook_pubkey[5] = hook_item->ukey[5]; + hook_pubkey[6] = hook_item->ukey[6]; + hook_pubkey[7] = hook_item->ukey[7]; + hook_pubkey[8] = 0; + + /* + * Start with Elliptic Curve Cryptography (ECC) + */ + + const size_t length = 33; // NOT a bug (32 + 1 for the sign) + + bool multiply_success = hc_secp256k1_pubkey_tweak_mul (&ephemeral_pubkey, (u8 *) hook_pubkey, length); + + if (multiply_success == false) return; + + // in this case hook_success set to 1 doesn't mean that we've cracked it, but just that there were + // no problems detected by secp256k1_ec_pubkey_tweak_mul () + + hook_item->hook_success = 1; +} + +u64 module_hook_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 hook_size = (const u64) sizeof (electrum_hook_t); + + return hook_size; +} + +u64 module_hook_salt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 hook_salt_size = (const u64) sizeof (electrum_hook_salt_t); + + return hook_salt_size; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (electrum_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (electrum_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = PW_MAX; + + return pw_max; +} + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + + return jit_build_options; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + electrum_t *esalt = (electrum_t *) esalt_buf; + + electrum_hook_salt_t *hook = (electrum_hook_salt_t *) hook_salt_buf; + + token_t token; + + token.token_cnt = 4; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_ELECTRUM; + + token.len[0] = 12; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '*'; + token.len_min[1] = 66; + token.len_max[1] = 66; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[2] = '*'; + token.len_min[2] = 128; + token.len_max[2] = 32768; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = '*'; + token.len_min[3] = 64; + token.len_max[3] = 64; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *ephemeral_pos = token.buf[1]; + const u8 *data_buf_pos = token.buf[2]; + const u8 *mac_pos = token.buf[3]; + + const u32 data_len = token.len[2] / 2; + + /** + * store data + */ + + // data_len: + + esalt->data_len = data_len; + + // ephemeral pubkey: + + for (u32 i = 0, j = 0; j < 66; i += 1, j += 2) + { + hook->ephemeral_pubkey_raw[i] = hex_to_u8 (ephemeral_pos + j); + } + + size_t length = 33; + + bool parse_success = hc_secp256k1_pubkey_parse (&hook->ephemeral_pubkey_struct, hook->ephemeral_pubkey_raw, length); + + if (parse_success == false) return (PARSER_SALT_VALUE); + + // data buf: + + u8* data_buf_ptr = (u8 *) esalt->data_buf; + + memset (data_buf_ptr, 0, sizeof (esalt->data_buf)); + + for (u32 i = 0, j = 0; j < data_len * 2; i += 1, j += 2) + { + data_buf_ptr[i] = hex_to_u8 (data_buf_pos + j); + } + + // digest / mac: + + for (u32 i = 0, j = 0; j < 64; i += 1, j += 8) + { + digest[i] = hex_to_u32 (mac_pos + j); + + digest[i] = byte_swap_32 (digest[i]); + } + + // fake salt + + salt->salt_buf[0] = esalt->data_buf[0]; + salt->salt_buf[1] = esalt->data_buf[1]; + salt->salt_buf[2] = esalt->data_buf[2]; + salt->salt_buf[3] = esalt->data_buf[3]; + + salt->salt_len = 16; + + salt->salt_iter = 1024 - 1; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + u32 *digest = (u32 *) digest_buf; + + electrum_t *esalt = (electrum_t *) esalt_buf; + + electrum_hook_salt_t *hook = (electrum_hook_salt_t *) hook_salt_buf; + + // ephemeral pubkey: + + char ephemeral[66 + 1]; + + memset (ephemeral, 0, sizeof (ephemeral)); + + for (u32 i = 0, j = 0; i < 33; i += 1, j += 2) + { + const u8 *ptr = (const u8 *) hook->ephemeral_pubkey_raw; + + snprintf (ephemeral + j, 66 + 1 - j, "%02x", ptr[i]); + } + + // data buf: + + char data_buf[32768 + 1]; + + memset (data_buf, 0, sizeof (data_buf)); + + for (u32 i = 0, j = 0; i < esalt->data_len; i += 1, j += 2) + { + const u8 *ptr = (const u8 *) esalt->data_buf; + + snprintf (data_buf + j, 32768 + 1 - j, "%02x", ptr[i]); + } + + // digest / mac: + + char mac[64 + 1]; + + memset (mac, 0, sizeof (mac)); + + for (u32 i = 0, j = 0; i < 8; i += 1, j += 8) + { + snprintf (mac + j, 64 + 1 - j, "%08x", digest[i]); + } + + int bytes_written = snprintf (line_buf, line_size, "%s%s*%s*%s", + SIGNATURE_ELECTRUM, + ephemeral, + data_buf, + mac); + + return bytes_written; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = module_hook23; + module_ctx->module_hook_salt_size = module_hook_salt_size; + module_ctx->module_hook_size = module_hook_size; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_21800.c b/src/modules/module_21800.c new file mode 100644 index 000000000..d092ef0dd --- /dev/null +++ b/src/modules/module_21800.c @@ -0,0 +1,529 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" +#include "emu_inc_hash_sha512.h" +#include "emu_inc_hash_sha256.h" +#include "emu_inc_cipher_aes.h" +#include "ext_secp256k1.h" +#include "zlib.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER; +static const char *HASH_NAME = "Electrum Wallet (Salt-Type 5)"; +static const u64 KERN_TYPE = 21800; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_HOOK23; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$electrum$5*02170fee7c35f1ef3b229edc90fbd0793b688a0d6f41137a97aab2343d315cce16*94cf72d8f5d774932b414a3344984859e43721268d2eb35fa531de5a2fc7024b463c730a54f4f46229dd9fede5034b19ac415c2916e9c16b02094f845795df0c397ff76d597886b1f9e014ad1a8f64a3f617d9900aa645b3ba86f16ce542251fc22c41d93fa6bc118be96d9582917e19d2a299743331804cfc7ce2c035367b4cbcfb70adfb1e10a0f2795769f2165d8fd13daa8b45eeac495b5b63e91a87f63b42e483f84a881e49adecacf6519cb564694b42dd9fe80fcbc6cdb63cf5ae33f35255266f5c2524dd93d3cc15eba0f2ccdc3c109cc2d7e8f711b8b440f168caf8b005e8bcdfe694148e94a04d2a738f09349a96600bd8e8edae793b26ebae231022f24e96cb158db141ac40400a9e9ef099e673cfe017281537c57f82fb45c62bdb64462235a6eefb594961d5eb2c46537958e4d04250804c6e9f343ab7a0db07af6b8a9d1a6c5cfcd311b8fb8383ac9ed9d98d427d526c2f517fc97473bd87cb59899bd0e8fb8c57fa0f7e0d53daa57c972cf92764af4b1725a5fb8f504b663ec519731929b3caaa793d8ee74293eee27d0e208a60e26290bc546e6fa9ed865076e13febfea249729218c1b5752e912055fbf993fbac5df2cca2b37c5e0f9c30789858ceeb3c482a8db123966775aeed2eee2fc34efb160d164929f51589bff748ca773f38978bff3508d5a7591fb2d2795df983504a788071f469d78c88fd7899cabbc5804f458653d0206b82771a59522e1fa794d7de1536c51a437f5d6df5efd6654678e5794ca429b5752e1103340ed80786f1e9da7f5b39af628b2212e4d88cd36b8a7136d50a6b6e275ab406ba7c57cc70d77d01c4c16e9363901164fa92dc9e9b99219d5376f24862e775968605001e71b000e2c7123b4b43f3ca40db17efd729388782e46e64d43ccb947db4eb1473ff1a3836b74fe312cd1a33b73b8b8d80c087088932277773c329f2f66a01d6b3fc1e651c56959ebbed7b14a21b977f3acdedf1a0d98d519a74b50c39b3052d840106da4145345d86ec0461cddafacc2a4f0dd646457ad05bf04dcbcc80516a5c5ed14d2d639a70e77b686f19cbfb63f546d81ae19cc8ba35cce3f3b5b9602df25b678e14411fecec87b8347f5047513df415c6b1a3d39871a6bcb0f67d9cf8311596deae45fd1d84a04fd58f1fd55c5156b7309af09094c99a53674809cb87a45f95a2d69f9997a38085519cb4e056f9efd56672a2c1fe927d5ea8eec25b8aff6e56f9a2310f1a481daf407b8adf16201da267c59973920fd21bb087b88123ef98709839d6a3ee34efb8ccd5c15ed0e46cff3172682769531164b66c8689c35a26299dd26d09233d1f64f9667474141cf9c6a6de7f2bc52c3bb44cfe679ff4b912c06df406283836b3581773cb76d375304f46239da5996594a8d03b14c02f1b35a432dc44a96331242ae31174*33a7ee59d6d17ed1ee99dc0a71771227e6f3734b17ba36eb589bdced56244135"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct electrum_tmp +{ + u64 ipad[8]; + u64 opad[8]; + + u64 dgst[8]; + u64 out[8]; + +} electrum_tmp_t; + +typedef struct +{ + u32 ukey[8]; + + u32 hook_success; + +} electrum_hook_t; + +typedef struct electrum_hook_salt +{ + u32 data_buf[256]; + + u8 ephemeral_pubkey_raw[33]; + + secp256k1_pubkey ephemeral_pubkey_struct; + +} electrum_hook_salt_t; + +static const char *SIGNATURE_ELECTRUM = "$electrum$5*"; + +void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos) +{ + electrum_hook_t *hook_items = (electrum_hook_t *) device_param->hooks_buf; + + electrum_hook_salt_t *electrums = (electrum_hook_salt_t *) hook_salts_buf; + electrum_hook_salt_t *electrum = &electrums[salt_pos]; + + u32 *data_buf = electrum->data_buf; + + // we need to copy it because the secp256k1_ec_pubkey_tweak_mul () function has side effects + + secp256k1_pubkey ephemeral_pubkey = electrum->ephemeral_pubkey_struct; // shallow copy is safe ! + + // this hook data needs to be updated (the "hook_success" variable): + + electrum_hook_t *hook_item = &hook_items[pw_pos]; + + hook_item->hook_success = 0; + + u32 ukey[9]; // (32 + 1) + 3 = 9 * 4 = 36 bytes (+1 for holding the "sign" of the curve point) + + ukey[0] = hook_item->ukey[0]; + ukey[1] = hook_item->ukey[1]; + ukey[2] = hook_item->ukey[2]; + ukey[3] = hook_item->ukey[3]; + ukey[4] = hook_item->ukey[4]; + ukey[5] = hook_item->ukey[5]; + ukey[6] = hook_item->ukey[6]; + ukey[7] = hook_item->ukey[7]; + ukey[8] = 0; + + /* + * Start with Elliptic Curve Cryptography (ECC) + */ + + u8 *tmp_buf = (u8 *) ukey; + + const size_t length = 33; // NOT a bug (32 + 1 for the sign) + + bool multiply_success = hc_secp256k1_pubkey_tweak_mul (&ephemeral_pubkey, tmp_buf, length); + + if (multiply_success == false) return; + + u32 input[64] = { 0 }; + + memcpy (input, tmp_buf, length); + + sha512_ctx_t sha512_ctx; + + sha512_init (&sha512_ctx); + sha512_update_swap (&sha512_ctx, input, length); + sha512_final (&sha512_ctx); + + // ... now we have the result in sha512_ctx.h[0]...sha512_ctx.h[7] + + u32 iv[4]; + + iv[0] = v32b_from_v64 (sha512_ctx.h[0]); + iv[1] = v32a_from_v64 (sha512_ctx.h[0]); + iv[2] = v32b_from_v64 (sha512_ctx.h[1]); + iv[3] = v32a_from_v64 (sha512_ctx.h[1]); + + iv[0] = byte_swap_32 (iv[0]); + iv[1] = byte_swap_32 (iv[1]); + iv[2] = byte_swap_32 (iv[2]); + iv[3] = byte_swap_32 (iv[3]); + + u32 key[4]; + + key[0] = v32b_from_v64 (sha512_ctx.h[2]); + key[1] = v32a_from_v64 (sha512_ctx.h[2]); + key[2] = v32b_from_v64 (sha512_ctx.h[3]); + key[3] = v32a_from_v64 (sha512_ctx.h[3]); + + key[0] = byte_swap_32 (key[0]); + key[1] = byte_swap_32 (key[1]); + key[2] = byte_swap_32 (key[2]); + key[3] = byte_swap_32 (key[3]); + + // init AES + + AES_KEY aes_key; + + memset (&aes_key, 0, sizeof (aes_key)); + + aes128_set_decrypt_key (aes_key.rdk, key, (u32 *) te0, (u32 *) te1, (u32 *) te2, (u32 *) te3, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3); + + int aes_len = 1024; // in my tests (very few) it also worked with only 128 input bytes ! + // int aes_len = 128; + + u32 data[4]; + u32 out[4]; + + u32 out_full[256]; // 1024 / 4 + + // we need to run it at least once: + + data[0] = data_buf[0]; + data[1] = data_buf[1]; + data[2] = data_buf[2]; + data[3] = data_buf[3]; + + aes128_decrypt (aes_key.rdk, data, out, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3, (u32 *) td4); + + out[0] ^= iv[0]; + + // early reject + + if ((out[0] & 0x0007ffff) != 0x00059c78) return; + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + out_full[0] = out[0]; + out_full[1] = out[1]; + out_full[2] = out[2]; + out_full[3] = out[3]; + + iv[0] = data[0]; + iv[1] = data[1]; + iv[2] = data[2]; + iv[3] = data[3]; + + // for aes_len > 16 we need to loop + + for (int i = 16, j = 4; i < aes_len; i += 16, j += 4) + { + data[0] = data_buf[j + 0]; + data[1] = data_buf[j + 1]; + data[2] = data_buf[j + 2]; + data[3] = data_buf[j + 3]; + + aes128_decrypt (aes_key.rdk, data, out, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3, (u32 *) td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + iv[0] = data[0]; + iv[1] = data[1]; + iv[2] = data[2]; + iv[3] = data[3]; + + out_full[j + 0] = out[0]; + out_full[j + 1] = out[1]; + out_full[j + 2] = out[2]; + out_full[j + 3] = out[3]; + } + + // decompress with zlib: + + size_t compressed_data_len = aes_len; + u8 *compressed_data = (u8 *) out_full; + + size_t decompressed_data_len = 16; // we do NOT need more than the first bytes for validation + u8 *decompressed_data = (unsigned char *) hcmalloc (decompressed_data_len); + + z_stream inf; + + inf.zalloc = Z_NULL; + inf.zfree = Z_NULL; + inf.opaque = Z_NULL; + + inf.next_in = compressed_data; + inf.avail_in = compressed_data_len; + + inf.next_out = decompressed_data; + inf.avail_out = decompressed_data_len; + + // inflate: + + inflateInit2 (&inf, MAX_WBITS); + + int zlib_ret = inflate (&inf, Z_NO_FLUSH); + + inflateEnd (&inf); + + if ((zlib_ret != Z_OK) && (zlib_ret != Z_STREAM_END)) + { + hcfree (decompressed_data); + + return; + } + + if ((memcmp (decompressed_data, "{\n \"", 7) == 0) || + (memcmp (decompressed_data, "{\r\n \"", 8) == 0)) + { + hook_item->hook_success = 1; + } + + hcfree (decompressed_data); +} + +u64 module_hook_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 hook_size = (const u64) sizeof (electrum_hook_t); + + return hook_size; +} + +u64 module_hook_salt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 hook_salt_size = (const u64) sizeof (electrum_hook_salt_t); + + return hook_salt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (electrum_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = PW_MAX; + + return pw_max; +} + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + + return jit_build_options; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + electrum_hook_salt_t *electrum = (electrum_hook_salt_t *) hook_salt_buf; + + token_t token; + + token.token_cnt = 4; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_ELECTRUM; + + token.len[0] = 12; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '*'; + token.len_min[1] = 66; + token.len_max[1] = 66; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[2] = '*'; + token.len_min[2] = 2048; + token.len_max[2] = 2048; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = '*'; + token.len_min[3] = 64; + token.len_max[3] = 64; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *ephemeral_pos = token.buf[1]; + const u8 *data_buf_pos = token.buf[2]; + const u8 *mac_pos = token.buf[3]; + + /** + * store data + */ + + // ephemeral pubkey: + + for (u32 i = 0, j = 0; j < 66; i += 1, j += 2) + { + electrum->ephemeral_pubkey_raw[i] = hex_to_u8 (ephemeral_pos + j); + } + + size_t length = 33; + + bool parse_success = hc_secp256k1_pubkey_parse (&electrum->ephemeral_pubkey_struct, electrum->ephemeral_pubkey_raw, length); + + if (parse_success == false) return (PARSER_SALT_VALUE); + + // data buf: + + u8* data_buf_ptr = (u8 *) electrum->data_buf; + + for (u32 i = 0, j = 0; j < 2048; i += 1, j += 2) + { + data_buf_ptr[i] = hex_to_u8 (data_buf_pos + j); + } + + // digest / mac: + + for (u32 i = 0, j = 0; j < 64; i += 1, j += 8) + { + digest[i] = hex_to_u32 (mac_pos + j); + + digest[i] = byte_swap_32 (digest[i]); + } + + // fake salt + + salt->salt_buf[0] = electrum->data_buf[0]; + salt->salt_buf[1] = electrum->data_buf[1]; + salt->salt_buf[2] = electrum->data_buf[2]; + salt->salt_buf[3] = electrum->data_buf[3]; + + salt->salt_len = 16; + + salt->salt_iter = 1024 - 1; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + u32 *digest = (u32 *) digest_buf; + + electrum_hook_salt_t *electrum = (electrum_hook_salt_t *) hook_salt_buf; + + // ephemeral pubkey: + + char ephemeral[66 + 1]; + + memset (ephemeral, 0, sizeof (ephemeral)); + + for (u32 i = 0, j = 0; i < 33; i += 1, j += 2) + { + const u8 *ptr = (const u8 *) electrum->ephemeral_pubkey_raw; + + snprintf (ephemeral + j, 66 + 1 - j, "%02x", ptr[i]); + } + + // data buf: + + char data_buf[2048 + 1]; + + memset (data_buf, 0, sizeof (data_buf)); + + for (u32 i = 0, j = 0; i < 1024; i += 1, j += 2) + { + const u8 *ptr = (const u8 *) electrum->data_buf; + + snprintf (data_buf + j, 2048 + 1 - j, "%02x", ptr[i]); + } + + // mac: + + char mac[64 + 1]; + + memset (mac, 0, sizeof (mac)); + + for (u32 i = 0, j = 0; i < 8; i += 1, j += 8) + { + snprintf (mac + j, 64 + 1 - j, "%08x", digest[i]); + } + + int bytes_written = snprintf (line_buf, line_size, "%s%s*%s*%s", + SIGNATURE_ELECTRUM, + ephemeral, + data_buf, + mac); + + return bytes_written; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = module_hook23; + module_ctx->module_hook_salt_size = module_hook_salt_size; + module_ctx->module_hook_size = module_hook_size; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/install_modules.sh b/tools/install_modules.sh index 823079177..804960f82 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -14,6 +14,7 @@ cpan install Authen::Passphrase::LANManager \ Authen::Passphrase::MySQL323 \ Authen::Passphrase::NTHash \ Authen::Passphrase::PHPass \ + Compress::Zlib \ Convert::EBCDIC \ Crypt::CBC \ Crypt::DES \ @@ -25,6 +26,8 @@ cpan install Authen::Passphrase::LANManager \ Crypt::Mode::ECB \ Crypt::MySQL \ Crypt::OpenSSH::ChachaPoly \ + Crypt::OpenSSL::EC \ + Crypt::OpenSSL::Bignum::CTX \ Crypt::PBKDF2 \ Crypt::RC4 \ Crypt::Rijndael \ diff --git a/tools/test_modules/m21700.pm b/tools/test_modules/m21700.pm new file mode 100644 index 000000000..fc0f8a617 --- /dev/null +++ b/tools/test_modules/m21700.pm @@ -0,0 +1,284 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::PBKDF2; +use Crypt::OpenSSL::EC; +use Crypt::OpenSSL::Bignum::CTX; + +use Digest::SHA qw (sha256 sha512); +use Digest::HMAC qw (hmac_hex); + +use Crypt::CBC; +use Compress::Zlib; + +sub module_constraints { [[0, 256], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +my $MAX_DATA_LEN = 16384; + +# helper function: key derivation from password and one point on the curve (public key) + +sub generate_key +{ + my $word = shift; + my $ephemeral_pubkey = shift; + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512), + iterations => 1024, + output_len => 64 + ); + + my $private_key = $pbkdf2->PBKDF2 ("", $word); + + my $method = Crypt::OpenSSL::EC::EC_GFp_simple_method (); # or Crypt::OpenSSL::EC::EC_GFp_mont_method () + + my $group = Crypt::OpenSSL::EC::EC_GROUP::new ($method); + + # secp256k1 elliptic curve parameters + + my $p = Crypt::OpenSSL::Bignum->new_from_hex ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"); + my $a = Crypt::OpenSSL::Bignum->new_from_hex ("0000000000000000000000000000000000000000000000000000000000000000"); + my $b = Crypt::OpenSSL::Bignum->new_from_hex ("0000000000000000000000000000000000000000000000000000000000000007"); + + my $ctx = Crypt::OpenSSL::Bignum::CTX->new (); + + Crypt::OpenSSL::EC::EC_GROUP::set_curve_GFp ($group, $p, $a, $b, $ctx); + + my $Gx = Crypt::OpenSSL::Bignum->new_from_hex ("79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"); + my $Gy = Crypt::OpenSSL::Bignum->new_from_hex ("483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"); + + my $G = Crypt::OpenSSL::EC::EC_POINT::new ($group); + + Crypt::OpenSSL::EC::EC_POINT::set_affine_coordinates_GFp ($group, $G, $Gx, $Gy, $ctx); + + my $order = Crypt::OpenSSL::Bignum->new_from_hex ("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"); + my $cofactor = Crypt::OpenSSL::Bignum->new_from_hex ("0000000000000000000000000000000000000000000000000000000000000001"); + + Crypt::OpenSSL::EC::EC_GROUP::set_generator ($group, $G, $order, $cofactor); # or cofactor = Crypt::OpenSSL::Bignum->one () + + + # scalar + + # hash mod GROUP_ORDER + + my $m = Crypt::OpenSSL::Bignum->new_from_hex (unpack ("H*", $private_key)); + + + # point (public key, ephemeral_pubkey) + + my $Q = Crypt::OpenSSL::EC::EC_POINT::new ($group); + + my $ret = Crypt::OpenSSL::EC::EC_POINT::oct2point ($group, $Q, $ephemeral_pubkey, $ctx); + + if ($ret == 0) + { + return; + } + + # multiply + + my $result = Crypt::OpenSSL::EC::EC_POINT::new ($group); + + my $n = Crypt::OpenSSL::Bignum->zero (); + + Crypt::OpenSSL::EC::EC_POINT::mul ($group, $result, $n, $Q, $m, $ctx); + + # get compressed public/shared key format + + my $public_key = Crypt::OpenSSL::EC::EC_POINT::point2oct ($group, $result, &Crypt::OpenSSL::EC::POINT_CONVERSION_COMPRESSED, $ctx); + + + # hash the compressed public key with sha512 () + + return sha512 ($public_key); +} + +sub module_generate_hash +{ + my $word = shift; + + my $ephemeral_pubkey = ""; + my $key = ""; + + my $valid_point = 0; + + while ($valid_point == 0) + { + my $sign_of_curve_point = int (rand (2)); # 2 possibilities: 02... or 03... ephemeral public keys + + $ephemeral_pubkey = pack ("H*", "0" . ($sign_of_curve_point + 2) . random_hex_string (64)); + + $key = generate_key ($word, $ephemeral_pubkey); + + if (defined ($key)) + { + $valid_point = 1; + } + } + + my $valid_compression_rate = 0; + + my $compressed_data = ""; + + while ($valid_compression_rate == 0) + { + my $data_buf = "{\r\n \""; + + if (int (rand (2)) == 1) # alternative with different line break + { + $data_buf = "{\n \""; + } + + # we assume a compression rate of 30% (smaller if compressed) + + my $data_length = 64 + int (rand (int ($MAX_DATA_LEN * 1.30 + 1))); + + my $random_length = $data_length - length ($data_buf); + + if ($random_length > 0) + { + $data_buf .= random_string ($random_length); # or random_bytes ($random_length); + } + + # compress/deflate the data: + + my $deflator = deflateInit (-WindowBits => MAX_WBITS); + + my $header = $deflator->deflate ($data_buf); + + $compressed_data = $deflator->flush (); + + $compressed_data = $header . $compressed_data; + + # check if data is valid: + + my $compressed_data_len = length ($compressed_data); + + if ($compressed_data_len < 64) # minimum length required by hashcat's tokenizer + { + next; + } + + if (($compressed_data_len + 15) > $MAX_DATA_LEN) # version 5 is not supported in -m 21700 + { + next; + } + + $valid_compression_rate = 1; + } + + + # encrypt the data with AES128: + + my $iv = substr ($key, 0, 16); + my $aes_key = substr ($key, 16, 16); + + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::Rijndael", + keysize => 16, + literal_key => 1, + header => "none", + iv => $iv, + key => $aes_key + }); + + my $encrypted_data = $aes->encrypt ($compressed_data); + + + # MAC: + + my $hmac_key = substr ($key, 32, 32); + + my $mac = hmac_hex ($encrypted_data, $hmac_key, \&sha256); + + # format the hash: + + my $hash = sprintf ("\$electrum\$4*%s*%s*%s", + unpack ("H*", $ephemeral_pubkey), + unpack ("H*", $encrypted_data), + $mac + ); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $index1 = index ($line, ":"); + + return if $index1 < 1; + + my $hash_in = substr ($line, 0, $index1); + + my $word = substr ($line, $index1 + 1); + + return if (substr ($hash_in, 0, 10) ne "\$electrum\$"); + + + # version: + + my $index2 = index ($hash_in, "*"); + + return if $index2 < 1; + + my $version = substr ($hash_in, 10, $index2 - 10); + + return if ($version ne "4"); + + + # public key: + + $index1 = index ($line, "*", $index2 + 1); + + return if $index1 < 1; + + my $ephemeral_pubkey = substr ($hash_in, $index2 + 1, $index1 - $index2 - 1); + + $ephemeral_pubkey = pack ("H*", $ephemeral_pubkey); + + + # data: + + $index2 = index ($hash_in, "*", $index1 + 1); + + return if $index2 < 1; + + my $data_buf = substr ($hash_in, $index1 + 1, $index2 - $index1 - 1); + + $data_buf = pack ("H*", $data_buf); + + + # MAC: + + my $mac = substr ($hash_in, $index2 + 1); + + + # Start: + + my $new_hash = ""; + + my $key = generate_key ($word, $ephemeral_pubkey); + + my $hmac_key = substr ($key, 32, 32); + + my $mac_gen = hmac_hex ($data_buf, $hmac_key, \&sha256); + + if ($mac_gen eq $mac) + { + $new_hash = $hash_in; + } + + return ($new_hash, $word); +} + +1; diff --git a/tools/test_modules/m21800.pm b/tools/test_modules/m21800.pm new file mode 100644 index 000000000..e72770003 --- /dev/null +++ b/tools/test_modules/m21800.pm @@ -0,0 +1,338 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::PBKDF2; +use Crypt::OpenSSL::EC; +use Crypt::OpenSSL::Bignum::CTX; + +use Digest::SHA qw (sha256 sha512); +use Digest::HMAC qw (hmac_hex); + +use Crypt::CBC; +use Compress::Zlib; + +sub module_constraints { [[0, 256], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +my $MAX_DATA_LEN = 16384; +my $TRUNCATE_DATA_LEN = 1024; + +# helper function: key derivation from password and one point on the curve (public key) + +sub generate_key +{ + my $word = shift; + my $ephemeral_pubkey = shift; + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512), + iterations => 1024, + output_len => 64 + ); + + my $private_key = $pbkdf2->PBKDF2 ("", $word); + + my $method = Crypt::OpenSSL::EC::EC_GFp_simple_method (); # or Crypt::OpenSSL::EC::EC_GFp_mont_method () + + my $group = Crypt::OpenSSL::EC::EC_GROUP::new ($method); + + # secp256k1 elliptic curve parameters + + my $p = Crypt::OpenSSL::Bignum->new_from_hex ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"); + my $a = Crypt::OpenSSL::Bignum->new_from_hex ("0000000000000000000000000000000000000000000000000000000000000000"); + my $b = Crypt::OpenSSL::Bignum->new_from_hex ("0000000000000000000000000000000000000000000000000000000000000007"); + + my $ctx = Crypt::OpenSSL::Bignum::CTX->new (); + + Crypt::OpenSSL::EC::EC_GROUP::set_curve_GFp ($group, $p, $a, $b, $ctx); + + my $Gx = Crypt::OpenSSL::Bignum->new_from_hex ("79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"); + my $Gy = Crypt::OpenSSL::Bignum->new_from_hex ("483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"); + + my $G = Crypt::OpenSSL::EC::EC_POINT::new ($group); + + Crypt::OpenSSL::EC::EC_POINT::set_affine_coordinates_GFp ($group, $G, $Gx, $Gy, $ctx); + + my $order = Crypt::OpenSSL::Bignum->new_from_hex ("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"); + my $cofactor = Crypt::OpenSSL::Bignum->new_from_hex ("0000000000000000000000000000000000000000000000000000000000000001"); + + Crypt::OpenSSL::EC::EC_GROUP::set_generator ($group, $G, $order, $cofactor); # or cofactor = Crypt::OpenSSL::Bignum->one () + + + # scalar + + # hash mod GROUP_ORDER + + my $m = Crypt::OpenSSL::Bignum->new_from_hex (unpack ("H*", $private_key)); + + + # point (public key, ephemeral_pubkey) + + my $Q = Crypt::OpenSSL::EC::EC_POINT::new ($group); + + my $ret = Crypt::OpenSSL::EC::EC_POINT::oct2point ($group, $Q, $ephemeral_pubkey, $ctx); + + if ($ret == 0) + { + return; + } + + # multiply + + my $result = Crypt::OpenSSL::EC::EC_POINT::new ($group); + + my $n = Crypt::OpenSSL::Bignum->zero (); + + Crypt::OpenSSL::EC::EC_POINT::mul ($group, $result, $n, $Q, $m, $ctx); + + # get compressed public/shared key format + + my $public_key = Crypt::OpenSSL::EC::EC_POINT::point2oct ($group, $result, &Crypt::OpenSSL::EC::POINT_CONVERSION_COMPRESSED, $ctx); + + + # hash the compressed public key with sha512 () + + return sha512 ($public_key); +} + +sub module_generate_hash +{ + my $word = shift; + + my $ephemeral_pubkey = ""; + my $key = ""; + + my $valid_point = 0; + + while ($valid_point == 0) + { + my $sign_of_curve_point = int (rand (2)); # 2 possibilities: 02... or 03... ephemeral public keys + + $ephemeral_pubkey = pack ("H*", "0" . ($sign_of_curve_point + 2) . random_hex_string (64)); + + $key = generate_key ($word, $ephemeral_pubkey); + + if (defined ($key)) + { + $valid_point = 1; + } + } + + my $valid_compression_rate = 0; + + my $compressed_data = ""; + + while ($valid_compression_rate == 0) + { + my $data_buf = "{\r\n \""; + + if (int (rand (2)) == 1) # alternative with different line break + { + $data_buf = "{\n \""; + } + + # we assume a compression rate of 30% (smaller if compressed) + + my $data_length = $MAX_DATA_LEN + int (rand (int ($MAX_DATA_LEN * 1.30 + 1))); + + my $random_length = $data_length - length ($data_buf); + + if ($random_length > 0) + { + $data_buf .= random_string ($random_length); # or random_bytes ($random_length); + } + + # compress/deflate the data: + + my $deflator = deflateInit (-WindowBits => MAX_WBITS); + + my $header = $deflator->deflate ($data_buf); + + $compressed_data = $deflator->flush (); + + $compressed_data = $header . $compressed_data; + + # check if data is valid: + + if ((length ($compressed_data) + 15) <= $MAX_DATA_LEN) + { + next; + } + + my $zlib_rate = ord (substr ($compressed_data, 2, 1)) & 0x07; + + if ($zlib_rate != 0x05) + { + next; + } + + $valid_compression_rate = 1; + } + + + # encrypt the data with AES128: + + my $iv = substr ($key, 0, 16); + my $aes_key = substr ($key, 16, 16); + + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::Rijndael", + keysize => 16, + literal_key => 1, + header => "none", + iv => $iv, + key => $aes_key + }); + + my $encrypted_data = $aes->encrypt ($compressed_data); + + + # MAC: + + my $hmac_key = substr ($key, 32, 32); + + my $mac = hmac_hex ($encrypted_data, $hmac_key, \&sha256); + + # truncate for version 5: + + $encrypted_data = substr ($encrypted_data, 0, $TRUNCATE_DATA_LEN); + + # format the hash: + + my $hash = sprintf ("\$electrum\$5*%s*%s*%s", + unpack ("H*", $ephemeral_pubkey), + unpack ("H*", $encrypted_data), + $mac + ); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $index1 = index ($line, ":"); + + return if $index1 < 1; + + my $hash_in = substr ($line, 0, $index1); + + my $word = substr ($line, $index1 + 1); + + return if (substr ($hash_in, 0, 10) ne "\$electrum\$"); + + + # version: + + my $index2 = index ($hash_in, "*"); + + return if $index2 < 1; + + my $version = substr ($hash_in, 10, $index2 - 10); + + return if ($version ne "5"); + + + # public key: + + $index1 = index ($line, "*", $index2 + 1); + + return if $index1 < 1; + + my $ephemeral_pubkey = substr ($hash_in, $index2 + 1, $index1 - $index2 - 1); + + $ephemeral_pubkey = pack ("H*", $ephemeral_pubkey); + + + # data: + + $index2 = index ($hash_in, "*", $index1 + 1); + + return if $index2 < 1; + + my $data_buf = substr ($hash_in, $index1 + 1, $index2 - $index1 - 1); + + $data_buf = pack ("H*", $data_buf); + + + # MAC: + + my $mac = substr ($hash_in, $index2 + 1); + + + # Start: + + my $new_hash = ""; + + my $key = generate_key ($word, $ephemeral_pubkey); + + + # decrypt the data with AES128 + + my $iv = substr ($key, 0, 16); + my $aes_key = substr ($key, 16, 16); + + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::Rijndael", + keysize => 16, + literal_key => 1, + header => "none", + iv => $iv, + key => $aes_key + }); + + my $decrypted_data = $aes->decrypt ($data_buf); + + + # some early reject/validation steps: + + # first test: + + if (substr ($decrypted_data, 0, 2) ne "\x78\x9c") + { + return ($new_hash, $word); + } + + # second test: + + if ((ord (substr ($decrypted_data, 2, 1)) & 0x07) != 0x05) + { + return ($new_hash, $word); + } + + + # decompress/inflate: + + my $inflator = inflateInit (-WindowBits => MAX_WBITS); + + my ($decompressed_data, $status) = $inflator->inflate ($decrypted_data); + + + # final validation of data: + + if (length ($status) > 0) + { + return ($new_hash, $word); + } + + if ((substr ($decompressed_data, 0, 7) ne "{\n \"") && + (substr ($decompressed_data, 0, 8) ne "{\r\n \"")) + { + return ($new_hash, $word); + } + + $new_hash = $hash_in; + + + return ($new_hash, $word); +} + +1; From 53e96a12a0232821e42053b662d4828d0a79f38b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 16 Nov 2019 11:48:25 +0100 Subject: [PATCH 035/300] Improve automatic calculation of hook threads value --- src/backend.c | 13 +++++++++++++ src/hashcat.c | 6 ------ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/src/backend.c b/src/backend.c index c0b7734e0..fb68dbcb7 100644 --- a/src/backend.c +++ b/src/backend.c @@ -6252,6 +6252,19 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) return -1; } + // now we can calculate the number of parallel running hook threads based on + // the number cpu cores and the number of active compute devices + // unless overwritten by the user + + if (user_options->hook_threads == HOOK_THREADS) + { + const u32 processor_count = hc_get_processor_count (); + + const u32 processor_count_cu = CEILDIV (processor_count, backend_ctx->backend_devices_active); // should never reach 0 + + user_options->hook_threads = processor_count_cu; + } + // additional check to see if the user has chosen a device that is not within the range of available devices (i.e. larger than devices_cnt) if (backend_ctx->backend_devices_filter != (u64) -1) diff --git a/src/hashcat.c b/src/hashcat.c index eaf16a24a..01a069ab7 100644 --- a/src/hashcat.c +++ b/src/hashcat.c @@ -1043,12 +1043,6 @@ int hashcat_session_init (hashcat_ctx_t *hashcat_ctx, const char *install_folder setup_umask (); - /** - * Find number of physical CPU cores - */ - - user_options->hook_threads = hc_get_processor_count (); - /** * tuning db */ From d0ad5164229e2e6f4d1dd4d8ff8f79acbe40742b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 16 Nov 2019 12:41:59 +0100 Subject: [PATCH 036/300] Add some accel and thread limits to -m 21700 and -m 21800 for a smoother benchmark and checkpoint experience --- src/modules/module_21700.c | 21 +++++++++++++++++++-- src/modules/module_21800.c | 21 +++++++++++++++++++-- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/src/modules/module_21700.c b/src/modules/module_21700.c index 63e2c4e1f..277eb9af5 100644 --- a/src/modules/module_21700.c +++ b/src/modules/module_21700.c @@ -82,6 +82,23 @@ typedef struct electrum_hook_salt static const char *SIGNATURE_ELECTRUM = "$electrum$4*"; +#define M21700_MAX_ACCEL 1 +#define M21700_MAX_THREADS 8 + +u32 module_kernel_accel_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_accel_max = (user_options->kernel_accel_chgd == true) ? user_options->kernel_accel : M21700_MAX_ACCEL; + + return kernel_accel_max; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = (user_options->kernel_threads_chgd == true) ? user_options->kernel_threads : M21700_MAX_THREADS; + + return kernel_threads_max; +} + void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos) { electrum_hook_t *hook_items = (electrum_hook_t *) device_param->hooks_buf; @@ -371,11 +388,11 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook_size = module_hook_size; module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; - module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = module_kernel_accel_max; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; module_ctx->module_kernel_loops_max = MODULE_DEFAULT; module_ctx->module_kernel_loops_min = MODULE_DEFAULT; - module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; module_ctx->module_kernel_threads_min = MODULE_DEFAULT; module_ctx->module_kern_type = module_kern_type; module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; diff --git a/src/modules/module_21800.c b/src/modules/module_21800.c index d092ef0dd..0b7550087 100644 --- a/src/modules/module_21800.c +++ b/src/modules/module_21800.c @@ -79,6 +79,23 @@ typedef struct electrum_hook_salt static const char *SIGNATURE_ELECTRUM = "$electrum$5*"; +#define M21800_MAX_ACCEL 1 +#define M21800_MAX_THREADS 8 + +u32 module_kernel_accel_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_accel_max = (user_options->kernel_accel_chgd == true) ? user_options->kernel_accel : M21800_MAX_ACCEL; + + return kernel_accel_max; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = (user_options->kernel_threads_chgd == true) ? user_options->kernel_threads : M21800_MAX_THREADS; + + return kernel_threads_max; +} + void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos) { electrum_hook_t *hook_items = (electrum_hook_t *) device_param->hooks_buf; @@ -499,11 +516,11 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook_size = module_hook_size; module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; - module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = module_kernel_accel_max; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; module_ctx->module_kernel_loops_max = MODULE_DEFAULT; module_ctx->module_kernel_loops_min = MODULE_DEFAULT; - module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; module_ctx->module_kernel_threads_min = MODULE_DEFAULT; module_ctx->module_kern_type = module_kern_type; module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; From c4dd020685e5085e4db076c69e4494c03e4cf63a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 16 Nov 2019 17:27:35 +0100 Subject: [PATCH 037/300] Add support for NVIDIA Jetson AGX Xavier developer kit --- src/backend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend.c b/src/backend.c index fb68dbcb7..4ba4aef86 100644 --- a/src/backend.c +++ b/src/backend.c @@ -4792,7 +4792,7 @@ int backend_ctx_init (hashcat_ctx_t *hashcat_ctx) // some pre-check - if ((nvrtc_driver_version < 10010) || (cuda_driver_version < 10010)) + if ((nvrtc_driver_version < 10000) || (cuda_driver_version < 10000)) { event_log_error (hashcat_ctx, "Outdated NVIDIA CUDA Toolkit version '%d' detected!", cuda_driver_version); From 8839504daaa3084023e31fafb009cebda0c90241 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Sat, 16 Nov 2019 20:53:28 +0100 Subject: [PATCH 038/300] electrum 4/5 improve speed by avoiding secp256k1_ec_pubkey_serialize --- src/ext_secp256k1.c | 42 +++++++++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/src/ext_secp256k1.c b/src/ext_secp256k1.c index f333d9ce6..b46449d82 100644 --- a/src/ext_secp256k1.c +++ b/src/ext_secp256k1.c @@ -60,17 +60,45 @@ bool hc_secp256k1_pubkey_parse (secp256k1_pubkey *pubkey, u8 *buf, size_t length bool hc_secp256k1_pubkey_tweak_mul (secp256k1_pubkey *pubkey, u8 *buf, size_t length) { - secp256k1_context *sctx = secp256k1_context_create (SECP256K1_CONTEXT_VERIFY); + secp256k1_context *sctx = secp256k1_context_create (SECP256K1_CONTEXT_NONE); - if (secp256k1_ec_pubkey_tweak_mul (sctx, pubkey, buf) == 0) - { - secp256k1_context_destroy (sctx); + secp256k1_gej res; + secp256k1_ge pt; - return false; - } + // load the public key: - secp256k1_ec_pubkey_serialize (sctx, buf, &length, pubkey, SECP256K1_EC_COMPRESSED); + secp256k1_pubkey_load (sctx, &pt, pubkey); + int overflow = 0; + + secp256k1_scalar s; + + secp256k1_scalar_set_b32 (&s, buf, &overflow); + + if (overflow) return false; + if (secp256k1_scalar_is_zero (&s)) return false; + + + // main multiply operation: + + const size_t scalar_size = (length - 1) * 8; + + secp256k1_ecmult_const (&res, &pt, &s, scalar_size); + secp256k1_ge_set_gej (&pt, &res); + secp256k1_fe_normalize (&pt.x); + secp256k1_fe_normalize (&pt.y); + + + // output: + + buf[0] = 0x02 | secp256k1_fe_is_odd (&pt.y); + + secp256k1_fe_get_b32 (buf + 1, &pt.x); + + + // cleanup: + + secp256k1_scalar_clear (&s); secp256k1_context_destroy (sctx); return true; From b618a72bd78263360a65923229a2b86e9a80e298 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 16 Nov 2019 21:09:56 +0100 Subject: [PATCH 039/300] Update accel and thread modifiers for -m 21700 and -m 21800 --- src/modules/module_21700.c | 4 ++-- src/modules/module_21800.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/modules/module_21700.c b/src/modules/module_21700.c index 277eb9af5..c6fa73ecd 100644 --- a/src/modules/module_21700.c +++ b/src/modules/module_21700.c @@ -82,8 +82,8 @@ typedef struct electrum_hook_salt static const char *SIGNATURE_ELECTRUM = "$electrum$4*"; -#define M21700_MAX_ACCEL 1 -#define M21700_MAX_THREADS 8 +#define M21700_MAX_ACCEL 16 +#define M21700_MAX_THREADS 64 u32 module_kernel_accel_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { diff --git a/src/modules/module_21800.c b/src/modules/module_21800.c index 0b7550087..30d3a4d1d 100644 --- a/src/modules/module_21800.c +++ b/src/modules/module_21800.c @@ -79,8 +79,8 @@ typedef struct electrum_hook_salt static const char *SIGNATURE_ELECTRUM = "$electrum$5*"; -#define M21800_MAX_ACCEL 1 -#define M21800_MAX_THREADS 8 +#define M21800_MAX_ACCEL 16 +#define M21800_MAX_THREADS 64 u32 module_kernel_accel_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { From 31d8445c3774aa43adc773854fa04394a1f25aff Mon Sep 17 00:00:00 2001 From: philsmd Date: Sun, 17 Nov 2019 13:11:19 +0100 Subject: [PATCH 040/300] re-enable USE_SYSTEM_LIBSECP256K1 = 1 --- src/Makefile | 3 +++ src/ext_secp256k1.c | 54 +++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 53 insertions(+), 4 deletions(-) diff --git a/src/Makefile b/src/Makefile index 8c826f833..77deb6640 100644 --- a/src/Makefile +++ b/src/Makefile @@ -14,6 +14,9 @@ USE_SYSTEM_LIBSECP256K1 := 0 USE_SYSTEM_OPENCL := 0 USE_SYSTEM_XXHASH := 0 +# NOTE: USE_SYSTEM_LIBSECP256K1 set to 1 can come with a huge performance hit for Electrum 4-5 +# this is due to the public API (secp256k1.h) not exposing all the faster ECC operations we need + ## ## Detect Operating System ## diff --git a/src/ext_secp256k1.c b/src/ext_secp256k1.c index b46449d82..ad081af54 100644 --- a/src/ext_secp256k1.c +++ b/src/ext_secp256k1.c @@ -14,7 +14,7 @@ // some macros needed for secp256k1 header and source code includes: // is this a good 64-bit support check ? -#if !defined(__LP64__) && !defined(_WIN64) && !defined(__x86_64__) +#if !defined (__LP64__) && !defined (_WIN64) && !defined (__x86_64__) #define USE_SCALAR_8X32 #define USE_FIELD_10X26 @@ -60,12 +60,14 @@ bool hc_secp256k1_pubkey_parse (secp256k1_pubkey *pubkey, u8 *buf, size_t length bool hc_secp256k1_pubkey_tweak_mul (secp256k1_pubkey *pubkey, u8 *buf, size_t length) { + #if !defined (WITH_LIBSECP256K1) + secp256k1_context *sctx = secp256k1_context_create (SECP256K1_CONTEXT_NONE); secp256k1_gej res; secp256k1_ge pt; - // load the public key: + // load the public key and 32 byte scalar: secp256k1_pubkey_load (sctx, &pt, pubkey); @@ -75,8 +77,23 @@ bool hc_secp256k1_pubkey_tweak_mul (secp256k1_pubkey *pubkey, u8 *buf, size_t le secp256k1_scalar_set_b32 (&s, buf, &overflow); - if (overflow) return false; - if (secp256k1_scalar_is_zero (&s)) return false; + if (overflow != 0) + { + secp256k1_scalar_clear (&s); + + secp256k1_context_destroy (sctx); + + return false; + } + + if (secp256k1_scalar_is_zero (&s)) + { + secp256k1_scalar_clear (&s); + + secp256k1_context_destroy (sctx); + + return false; + } // main multiply operation: @@ -99,7 +116,36 @@ bool hc_secp256k1_pubkey_tweak_mul (secp256k1_pubkey *pubkey, u8 *buf, size_t le // cleanup: secp256k1_scalar_clear (&s); + secp256k1_context_destroy (sctx); + #else + + // ATTENTION: this way to multiply was much slower in our tests + + secp256k1_context *sctx = secp256k1_context_create (SECP256K1_CONTEXT_VERIFY); + + + // main multiply operation: + + if (secp256k1_ec_pubkey_tweak_mul (sctx, pubkey, buf) == 0) + { + secp256k1_context_destroy (sctx); + + return false; + } + + + // output: + + secp256k1_ec_pubkey_serialize (sctx, buf, &length, pubkey, SECP256K1_EC_COMPRESSED); + + + // cleanup: + + secp256k1_context_destroy (sctx); + + #endif + return true; } From f7c3ced548a4700761aabfb7b388efb7d585f756 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 17 Nov 2019 19:59:23 +0100 Subject: [PATCH 041/300] Fix use of calloc() in backend.c --- src/backend.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend.c b/src/backend.c index 4ba4aef86..2236c5a11 100644 --- a/src/backend.c +++ b/src/backend.c @@ -2902,7 +2902,7 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, hook_thread_param->pws_cnt = pws_cnt; } - hc_thread_t *c_threads = (hc_thread_t *) calloc (hook_threads, sizeof (hc_thread_t)); + hc_thread_t *c_threads = (hc_thread_t *) hccalloc (hook_threads, sizeof (hc_thread_t)); for (int i = 0; i < hook_threads; i++) { @@ -3018,7 +3018,7 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, hook_thread_param->pws_cnt = pws_cnt; } - hc_thread_t *c_threads = (hc_thread_t *) calloc (hook_threads, sizeof (hc_thread_t)); + hc_thread_t *c_threads = (hc_thread_t *) hccalloc (hook_threads, sizeof (hc_thread_t)); for (int i = 0; i < hook_threads; i++) { From b1016aee6219f8f5087aa811a475db9c8a38a0f7 Mon Sep 17 00:00:00 2001 From: Chick3nman Date: Sun, 17 Nov 2019 15:12:27 -0600 Subject: [PATCH 042/300] Update Terminal.c Increase verbosity for `--force` usage --- src/terminal.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/src/terminal.c b/src/terminal.c index 0ed13723f..dbe11c693 100644 --- a/src/terminal.c +++ b/src/terminal.c @@ -1138,17 +1138,36 @@ void status_display (hashcat_ctx_t *hashcat_ctx) event_log_info (hashcat_ctx, "Hash.Target......: %s", hashcat_status->hash_target); - - event_log_info (hashcat_ctx, + + if (user_options->force == true) + { + event_log_info (hashcat_ctx, + "Time.Started.....: %s, (%s)", + hashcat_status->time_started_absolute, + hashcat_status->time_started_relative); + } + else + { + event_log_info (hashcat_ctx, "Time.Started.....: %s (%s)", hashcat_status->time_started_absolute, hashcat_status->time_started_relative); - - event_log_info (hashcat_ctx, + } + if (user_options->force == true) + { + event_log_info (hashcat_ctx, + "Time.Estimated...: %s, (%s)", + hashcat_status->time_estimated_absolute, + hashcat_status->time_estimated_relative); + } + else + { + event_log_info (hashcat_ctx, "Time.Estimated...: %s (%s)", hashcat_status->time_estimated_absolute, hashcat_status->time_estimated_relative); - + } + switch (hashcat_status->guess_mode) { case GUESS_MODE_STRAIGHT_FILE: From bc4fa934016464e6093ce2bac58b43d11531a140 Mon Sep 17 00:00:00 2001 From: Chick3nman Date: Mon, 18 Nov 2019 01:26:13 -0600 Subject: [PATCH 043/300] Add a few missing changes --- docs/changes.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changes.txt b/docs/changes.txt index 53c623494..c3d4af0d0 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -66,6 +66,7 @@ - Fixed cracking of NetNTLMv1 passwords in mask-attack mode if mask > length 16 (optimized kernels only) - Fixed cracking raw Streebog-HMAC 256 and 512 hashes with password of length >= 64 - Fixed cracking raw Whirlpool hashes cracking with password of length >= 32 +- Fixed cracking multiple Office hashes(modes 9500, 9600) with the same salt - Fixed incorrect progress-only result in a special race condition - Fixed invalid call of mp_css_utf16le_expand()/mp_css_utf16be_expand() in a slow-candidate session - Fixed invalid password truncation in attack-mode 1 if final password is longer than 32 character @@ -104,6 +105,7 @@ - Startup Checks: Prevent the user to modify options which are overwritten automatically in benchmark mode - Startup Checks: Improved the pidfile check: Do not just check for existing PID but also check executable filename - Startup Screen: Add extra warning when using --force +- Startup Screen: Add extra warning when using --keep-guessing - Startup Screen: Provide an estimate of host memory requirements for the requested attack - Status Screen: Added brain status for all devices - Status Screen: Added remaining counts and changed recovered count logic @@ -133,6 +135,7 @@ - Hash-Mode 8300 (DNSSEC (NSEC3)) specific: Allow empty salt - Keep Guessing: No longer automatically activate --keep-guessing for modes 9720, 9820, 14900 and 18100 - Kernel Cache: Reactivate OpenCL runtime specific kernel caches +- Keep Guessing: No longer mark hashes as cracked/removed when in potfile - Kernel Compile: Removed -cl-std= from all kernel build options since we're compatible to all OpenCL versions - OpenCL Kernels: Fix OpenCL compiler warning on double precision constants - OpenCL Options: Removed --opencl-platforms filter in order to force backend device numbers to stay constant From 424777ae28cb605e9997d890e3efef813b2f5fa0 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 19 Nov 2019 17:59:50 +0100 Subject: [PATCH 044/300] Add kernel accel limiter based on kernel threads to reduce host memory requirements --- src/backend.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/backend.c b/src/backend.c index 2236c5a11..66cb6a640 100644 --- a/src/backend.c +++ b/src/backend.c @@ -9405,6 +9405,17 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) u32 kernel_accel_min = device_param->kernel_accel_min; u32 kernel_accel_max = device_param->kernel_accel_max; + /** + * We need a kernel accel limiter otherwise we will allocate too much memory (Example 4* GTX1080): + * 4 (gpus) * 260 (sizeof pw_t) * 3 (pws, pws_comp, pw_pre) * 20 (MCU) * 1024 (threads) * 1024 (accel) = 65,431,142,400 bytes RAM!! + */ + + const u32 accel_limit = CEILDIV ((64 * 1024), kernel_threads); // this should result in less than 4GB per GPU, but allow higher accel in case user reduces the threads manually using -T + + kernel_accel_max = MIN (kernel_accel_max, accel_limit); + + kernel_accel_min = MIN (kernel_accel_min, kernel_accel_max); + // find out if we would request too much memory on memory blocks which are based on kernel_accel u64 size_pws = 4; From 00b9f4c55728db861ae723ae88350e4ea4f053d9 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 19 Nov 2019 20:38:31 +0100 Subject: [PATCH 045/300] Add kernel accel minimum limit check --- src/backend.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/backend.c b/src/backend.c index 66cb6a640..4970412e1 100644 --- a/src/backend.c +++ b/src/backend.c @@ -9414,7 +9414,12 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) kernel_accel_max = MIN (kernel_accel_max, accel_limit); - kernel_accel_min = MIN (kernel_accel_min, kernel_accel_max); + if (kernel_accel_min > kernel_accel_max) + { + event_log_error (hashcat_ctx, "* Device #%u: Too many compute units to keep minimum kernel accel limit. Retry with lower --backend-kernel-threads value.", device_id + 1); + + return -1; + } // find out if we would request too much memory on memory blocks which are based on kernel_accel From 270210a8ab4c4a6b5f28efdd0a9bbbb720a683c8 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 20 Nov 2019 14:35:47 +0100 Subject: [PATCH 046/300] Fix out-of-boundary read in rule engines --- OpenCL/inc_rp.cl | 3 ++- OpenCL/inc_rp_optimized.cl | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/OpenCL/inc_rp.cl b/OpenCL/inc_rp.cl index d67127317..7cf9d0278 100644 --- a/OpenCL/inc_rp.cl +++ b/OpenCL/inc_rp.cl @@ -769,7 +769,8 @@ DECLSPEC int apply_rules (CONSTANT_AS const u32 *cmds, u32 *buf, const int in_le const u8 p0 = (cmd >> 8) & 0xff; const u8 p1 = (cmd >> 16) & 0xff; - out_len = apply_rule (name, p0, p1, buf, out_len); + // we need to guarantee input length < 256 otherwise functions like rule_op_mangle_switch_last() and others will read out of boundary + out_len = apply_rule (name, p0, p1, buf, out_len & 255); } return out_len; diff --git a/OpenCL/inc_rp_optimized.cl b/OpenCL/inc_rp_optimized.cl index 6a21bd688..e0ae0b515 100644 --- a/OpenCL/inc_rp_optimized.cl +++ b/OpenCL/inc_rp_optimized.cl @@ -2349,7 +2349,8 @@ DECLSPEC u32 apply_rules_optimized (CONSTANT_AS const u32 *cmds, u32 *buf0, u32 const u32 p0 = (cmd >> 8) & 0xff; const u32 p1 = (cmd >> 16) & 0xff; - out_len = apply_rule_optimized (name, p0, p1, buf0, buf1, out_len); + // we need to guarantee input length < 32 otherwise functions like rule_op_mangle_switch_last() and others will read out of boundary + out_len = apply_rule_optimized (name, p0, p1, buf0, buf1, out_len & 31); } return out_len; From 588e0ed294465ad86fb0033ecd110d4320428234 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 21 Nov 2019 09:03:06 +0100 Subject: [PATCH 047/300] Show information about minimum and maximum password- and salt-length before the hash parser starts --- include/types.h | 92 +++++++++++++++++++++++++------------------------ src/hashcat.c | 4 +++ src/interface.c | 4 +-- src/main.c | 48 ++++++++++++++++---------- 4 files changed, 83 insertions(+), 65 deletions(-) diff --git a/include/types.h b/include/types.h index c9a25cd8e..66071088a 100644 --- a/include/types.h +++ b/include/types.h @@ -112,51 +112,53 @@ typedef enum event_identifier EVENT_CRACKER_FINISHED = 0x00000030, EVENT_CRACKER_HASH_CRACKED = 0x00000031, EVENT_CRACKER_STARTING = 0x00000032, - EVENT_HASHLIST_COUNT_LINES_POST = 0x00000040, - EVENT_HASHLIST_COUNT_LINES_PRE = 0x00000041, - EVENT_HASHLIST_PARSE_HASH = 0x00000042, - EVENT_HASHLIST_SORT_HASH_POST = 0x00000043, - EVENT_HASHLIST_SORT_HASH_PRE = 0x00000044, - EVENT_HASHLIST_SORT_SALT_POST = 0x00000045, - EVENT_HASHLIST_SORT_SALT_PRE = 0x00000046, - EVENT_HASHLIST_UNIQUE_HASH_POST = 0x00000047, - EVENT_HASHLIST_UNIQUE_HASH_PRE = 0x00000048, - EVENT_INNERLOOP1_FINISHED = 0x00000050, - EVENT_INNERLOOP1_STARTING = 0x00000051, - EVENT_INNERLOOP2_FINISHED = 0x00000060, - EVENT_INNERLOOP2_STARTING = 0x00000061, - EVENT_LOG_ERROR = 0x00000070, - EVENT_LOG_INFO = 0x00000071, - EVENT_LOG_WARNING = 0x00000072, - EVENT_LOG_ADVICE = 0x00000073, - EVENT_MONITOR_RUNTIME_LIMIT = 0x00000080, - EVENT_MONITOR_STATUS_REFRESH = 0x00000081, - EVENT_MONITOR_TEMP_ABORT = 0x00000082, - EVENT_MONITOR_THROTTLE1 = 0x00000083, - EVENT_MONITOR_THROTTLE2 = 0x00000084, - EVENT_MONITOR_THROTTLE3 = 0x00000085, - EVENT_MONITOR_PERFORMANCE_HINT = 0x00000086, - EVENT_MONITOR_NOINPUT_HINT = 0x00000087, - EVENT_MONITOR_NOINPUT_ABORT = 0x00000088, - EVENT_BACKEND_SESSION_POST = 0x00000090, - EVENT_BACKEND_SESSION_PRE = 0x00000091, - EVENT_BACKEND_SESSION_HOSTMEM = 0x00000092, - EVENT_BACKEND_DEVICE_INIT_POST = 0x00000093, - EVENT_BACKEND_DEVICE_INIT_PRE = 0x00000094, - EVENT_OUTERLOOP_FINISHED = 0x000000a0, - EVENT_OUTERLOOP_MAINSCREEN = 0x000000a1, - EVENT_OUTERLOOP_STARTING = 0x000000a2, - EVENT_POTFILE_ALL_CRACKED = 0x000000b0, - EVENT_POTFILE_HASH_LEFT = 0x000000b1, - EVENT_POTFILE_HASH_SHOW = 0x000000b2, - EVENT_POTFILE_NUM_CRACKED = 0x000000b3, - EVENT_POTFILE_REMOVE_PARSE_POST = 0x000000b4, - EVENT_POTFILE_REMOVE_PARSE_PRE = 0x000000b5, - EVENT_SELFTEST_FINISHED = 0x000000c0, - EVENT_SELFTEST_STARTING = 0x000000c1, - EVENT_SET_KERNEL_POWER_FINAL = 0x000000d0, - EVENT_WORDLIST_CACHE_GENERATE = 0x000000e0, - EVENT_WORDLIST_CACHE_HIT = 0x000000e1, + EVENT_HASHCONFIG_PRE = 0x00000040, + EVENT_HASHCONFIG_POST = 0x00000041, + EVENT_HASHLIST_COUNT_LINES_POST = 0x00000050, + EVENT_HASHLIST_COUNT_LINES_PRE = 0x00000051, + EVENT_HASHLIST_PARSE_HASH = 0x00000052, + EVENT_HASHLIST_SORT_HASH_POST = 0x00000053, + EVENT_HASHLIST_SORT_HASH_PRE = 0x00000054, + EVENT_HASHLIST_SORT_SALT_POST = 0x00000055, + EVENT_HASHLIST_SORT_SALT_PRE = 0x00000056, + EVENT_HASHLIST_UNIQUE_HASH_POST = 0x00000057, + EVENT_HASHLIST_UNIQUE_HASH_PRE = 0x00000058, + EVENT_INNERLOOP1_FINISHED = 0x00000060, + EVENT_INNERLOOP1_STARTING = 0x00000061, + EVENT_INNERLOOP2_FINISHED = 0x00000070, + EVENT_INNERLOOP2_STARTING = 0x00000071, + EVENT_LOG_ERROR = 0x00000080, + EVENT_LOG_INFO = 0x00000081, + EVENT_LOG_WARNING = 0x00000082, + EVENT_LOG_ADVICE = 0x00000083, + EVENT_MONITOR_RUNTIME_LIMIT = 0x00000090, + EVENT_MONITOR_STATUS_REFRESH = 0x00000091, + EVENT_MONITOR_TEMP_ABORT = 0x00000092, + EVENT_MONITOR_THROTTLE1 = 0x00000093, + EVENT_MONITOR_THROTTLE2 = 0x00000094, + EVENT_MONITOR_THROTTLE3 = 0x00000095, + EVENT_MONITOR_PERFORMANCE_HINT = 0x00000096, + EVENT_MONITOR_NOINPUT_HINT = 0x00000097, + EVENT_MONITOR_NOINPUT_ABORT = 0x00000098, + EVENT_BACKEND_SESSION_POST = 0x000000a0, + EVENT_BACKEND_SESSION_PRE = 0x000000a1, + EVENT_BACKEND_SESSION_HOSTMEM = 0x000000a2, + EVENT_BACKEND_DEVICE_INIT_POST = 0x000000a3, + EVENT_BACKEND_DEVICE_INIT_PRE = 0x000000a4, + EVENT_OUTERLOOP_FINISHED = 0x000000b0, + EVENT_OUTERLOOP_MAINSCREEN = 0x000000b1, + EVENT_OUTERLOOP_STARTING = 0x000000b2, + EVENT_POTFILE_ALL_CRACKED = 0x000000c0, + EVENT_POTFILE_HASH_LEFT = 0x000000c1, + EVENT_POTFILE_HASH_SHOW = 0x000000c2, + EVENT_POTFILE_NUM_CRACKED = 0x000000c3, + EVENT_POTFILE_REMOVE_PARSE_POST = 0x000000c4, + EVENT_POTFILE_REMOVE_PARSE_PRE = 0x000000c5, + EVENT_SELFTEST_FINISHED = 0x000000d0, + EVENT_SELFTEST_STARTING = 0x000000d1, + EVENT_SET_KERNEL_POWER_FINAL = 0x000000e0, + EVENT_WORDLIST_CACHE_GENERATE = 0x000000f0, + EVENT_WORDLIST_CACHE_HIT = 0x000000f1, // there will be much more event types soon diff --git a/src/hashcat.c b/src/hashcat.c index 01a069ab7..fb7006d91 100644 --- a/src/hashcat.c +++ b/src/hashcat.c @@ -444,6 +444,8 @@ static int outer_loop (hashcat_ctx_t *hashcat_ctx) * setup variables and buffers depending on hash_mode */ + EVENT (EVENT_HASHCONFIG_PRE); + if (hashconfig_init (hashcat_ctx) == -1) { event_log_error (hashcat_ctx, "Invalid hash-mode '%u' selected.", user_options->hash_mode); @@ -451,6 +453,8 @@ static int outer_loop (hashcat_ctx_t *hashcat_ctx) return -1; } + EVENT (EVENT_HASHCONFIG_POST); + /** * generate hashlist filename for later use */ diff --git a/src/interface.c b/src/interface.c index 7c7732ee9..68be9f796 100644 --- a/src/interface.c +++ b/src/interface.c @@ -132,7 +132,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) // check for missing pointer assignements #define CHECK_DEFINED(func) \ - if ((func) == NULL) \ + if ((func) == NULL) \ { \ event_log_error (hashcat_ctx, "Missing symbol definitions. Old template?"); \ \ @@ -211,7 +211,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) // mandatory functions check #define CHECK_MANDATORY(func) \ - if ((func) == MODULE_DEFAULT) \ + if ((func) == MODULE_DEFAULT) \ { \ event_log_error (hashcat_ctx, "Missing mandatory symbol definitions"); \ \ diff --git a/src/main.c b/src/main.c index d7d1f14bf..4eddd624c 100644 --- a/src/main.c +++ b/src/main.c @@ -484,24 +484,6 @@ static void main_outerloop_mainscreen (MAYBE_UNUSED hashcat_ctx_t *hashcat_ctx, event_log_info (hashcat_ctx, NULL); - /** - * Optimizer constraints - */ - - event_log_info (hashcat_ctx, "Minimum password length supported by kernel: %u", hashconfig->pw_min); - event_log_info (hashcat_ctx, "Maximum password length supported by kernel: %u", hashconfig->pw_max); - - if (hashconfig->is_salted == true) - { - if (hashconfig->opti_type & OPTI_TYPE_RAW_HASH) - { - event_log_info (hashcat_ctx, "Minimim salt length supported by kernel: %u", hashconfig->salt_min); - event_log_info (hashcat_ctx, "Maximum salt length supported by kernel: %u", hashconfig->salt_max); - } - } - - event_log_info (hashcat_ctx, NULL); - if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 0) { if (hashconfig->has_optimized_kernel == true) @@ -898,6 +880,34 @@ static void main_wordlist_cache_generate (MAYBE_UNUSED hashcat_ctx_t *hashcat_ct } } +static void main_hashconfig_pre (MAYBE_UNUSED hashcat_ctx_t *hashcat_ctx, MAYBE_UNUSED const void *buf, MAYBE_UNUSED const size_t len) +{ + +} + +static void main_hashconfig_post (MAYBE_UNUSED hashcat_ctx_t *hashcat_ctx, MAYBE_UNUSED const void *buf, MAYBE_UNUSED const size_t len) +{ + const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; + + /** + * Optimizer constraints + */ + + event_log_info (hashcat_ctx, "Minimum password length supported by kernel: %u", hashconfig->pw_min); + event_log_info (hashcat_ctx, "Maximum password length supported by kernel: %u", hashconfig->pw_max); + + if (hashconfig->is_salted == true) + { + if (hashconfig->opti_type & OPTI_TYPE_RAW_HASH) + { + event_log_info (hashcat_ctx, "Minimim salt length supported by kernel: %u", hashconfig->salt_min); + event_log_info (hashcat_ctx, "Maximum salt length supported by kernel: %u", hashconfig->salt_max); + } + } + + event_log_info (hashcat_ctx, NULL); +} + static void main_hashlist_count_lines_pre (MAYBE_UNUSED hashcat_ctx_t *hashcat_ctx, MAYBE_UNUSED const void *buf, MAYBE_UNUSED const size_t len) { const user_options_t *user_options = hashcat_ctx->user_options; @@ -1006,6 +1016,8 @@ static void event (const u32 id, hashcat_ctx_t *hashcat_ctx, const void *buf, co case EVENT_CRACKER_FINISHED: main_cracker_finished (hashcat_ctx, buf, len); break; case EVENT_CRACKER_HASH_CRACKED: main_cracker_hash_cracked (hashcat_ctx, buf, len); break; case EVENT_CRACKER_STARTING: main_cracker_starting (hashcat_ctx, buf, len); break; + case EVENT_HASHCONFIG_PRE: main_hashconfig_pre (hashcat_ctx, buf, len); break; + case EVENT_HASHCONFIG_POST: main_hashconfig_post (hashcat_ctx, buf, len); break; case EVENT_HASHLIST_COUNT_LINES_POST: main_hashlist_count_lines_post (hashcat_ctx, buf, len); break; case EVENT_HASHLIST_COUNT_LINES_PRE: main_hashlist_count_lines_pre (hashcat_ctx, buf, len); break; case EVENT_HASHLIST_PARSE_HASH: main_hashlist_parse_hash (hashcat_ctx, buf, len); break; From 13dcae6879bfecfd981a7d9a16b6c8f83c9a4d40 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 21 Nov 2019 09:39:07 +0100 Subject: [PATCH 048/300] Fix -m 15400 selftest-pair, benchmark-mask and unit-test --- src/modules/module_15400.c | 6 +++--- tools/test_modules/m15400.pm | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/modules/module_15400.c b/src/modules/module_15400.c index 0660d13b6..505530ff6 100644 --- a/src/modules/module_15400.c +++ b/src/modules/module_15400.c @@ -24,8 +24,8 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_RAW_HASH; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; -static const char *ST_PASS = "hashcat"; -static const char *ST_HASH = "$chacha20$*0400000000000003*35*0200000000000001*3961626364656667*8a152c57a7a856a8"; +static const char *ST_PASS = "hashcat_hashcat_hashcat_hashcat_"; +static const char *ST_HASH = "$chacha20$*0400000000000003*16*0200000000000001*5152535455565758*6b05fe554b0bc3b3"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } @@ -55,7 +55,7 @@ static const char *SIGNATURE_CHACHA20 = "$chacha20$"; const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const char *mask = "?a?a?a?a?a?a?a?axxxxxxxxxxxxxxxxxxxxxxxxx"; + const char *mask = "?a?a?a?a?a?a?a?axxxxxxxxxxxxxxxxxxxxxxxx"; return mask; } diff --git a/tools/test_modules/m15400.pm b/tools/test_modules/m15400.pm index eb8395170..67c6d4641 100644 --- a/tools/test_modules/m15400.pm +++ b/tools/test_modules/m15400.pm @@ -10,7 +10,7 @@ use warnings; use Crypt::OpenSSH::ChachaPoly; -sub module_constraints { [[-1, -1], [-1, -1], [32, 32], [-1, -1], [-1, -1]] } +sub module_constraints { [[32, 32], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } sub module_generate_hash { @@ -40,8 +40,9 @@ sub module_generate_hash my $plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz0a2b4c6d8e"; my $eight_byte_iv = pack ("H*", $iv); my $eight_byte_counter = pack ("H*", $counter); - my $pad_len = 32 - length ($word); - my $key = $word . "\0" x $pad_len; + #my $pad_len = 32 - length ($word); + #my $key = $word . "\0" x $pad_len; + my $key = $word; my $cipher = Crypt::OpenSSH::ChachaPoly->new ($key); From c4617924603dfecb656a3bae6977c08792e547f5 Mon Sep 17 00:00:00 2001 From: philsmd Date: Thu, 21 Nov 2019 10:32:42 +0100 Subject: [PATCH 049/300] electrum 4/5: fix and speed up modulo code --- OpenCL/m21700-pure.cl | 137 ++++++++++++++++++++++++++++++++---------- OpenCL/m21800-pure.cl | 137 ++++++++++++++++++++++++++++++++---------- 2 files changed, 212 insertions(+), 62 deletions(-) diff --git a/OpenCL/m21700-pure.cl b/OpenCL/m21700-pure.cl index 178b28402..03b899701 100644 --- a/OpenCL/m21700-pure.cl +++ b/OpenCL/m21700-pure.cl @@ -428,21 +428,59 @@ KERNEL_FQ void m21700_hook23 (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electr while (a[0] >= b[0]) { - if (a[ 0] == b[ 0]) if (a[ 1] < b[ 1]) break; - if (a[ 1] == b[ 1]) if (a[ 2] < b[ 2]) break; - if (a[ 2] == b[ 2]) if (a[ 3] < b[ 3]) break; - if (a[ 3] == b[ 3]) if (a[ 4] < b[ 4]) break; - if (a[ 4] == b[ 4]) if (a[ 5] < b[ 5]) break; - if (a[ 5] == b[ 5]) if (a[ 6] < b[ 6]) break; - if (a[ 6] == b[ 6]) if (a[ 7] < b[ 7]) break; - if (a[ 7] == b[ 7]) if (a[ 8] < b[ 8]) break; - if (a[ 8] == b[ 8]) if (a[ 9] < b[ 9]) break; - if (a[ 9] == b[ 9]) if (a[10] < b[10]) break; - if (a[10] == b[10]) if (a[11] < b[11]) break; - if (a[11] == b[11]) if (a[12] < b[12]) break; - if (a[12] == b[12]) if (a[13] < b[13]) break; - if (a[13] == b[13]) if (a[14] < b[14]) break; - if (a[14] == b[14]) if (a[15] < b[15]) break; + const u32 l1 = (a[ 0] < b[ 0]) << 0 + | (a[ 1] < b[ 1]) << 1 + | (a[ 2] < b[ 2]) << 2 + | (a[ 3] < b[ 3]) << 3 + | (a[ 4] < b[ 4]) << 4 + | (a[ 5] < b[ 5]) << 5 + | (a[ 6] < b[ 6]) << 6 + | (a[ 7] < b[ 7]) << 7 + | (a[ 8] < b[ 8]) << 8 + | (a[ 9] < b[ 9]) << 9 + | (a[10] < b[10]) << 10 + | (a[11] < b[11]) << 11 + | (a[12] < b[12]) << 12 + | (a[13] < b[13]) << 13 + | (a[14] < b[14]) << 14 + | (a[15] < b[15]) << 15; + + const u32 e1 = (a[ 0] == b[ 0]) << 0 + | (a[ 1] == b[ 1]) << 1 + | (a[ 2] == b[ 2]) << 2 + | (a[ 3] == b[ 3]) << 3 + | (a[ 4] == b[ 4]) << 4 + | (a[ 5] == b[ 5]) << 5 + | (a[ 6] == b[ 6]) << 6 + | (a[ 7] == b[ 7]) << 7 + | (a[ 8] == b[ 8]) << 8 + | (a[ 9] == b[ 9]) << 9 + | (a[10] == b[10]) << 10 + | (a[11] == b[11]) << 11 + | (a[12] == b[12]) << 12 + | (a[13] == b[13]) << 13 + | (a[14] == b[14]) << 14 + | (a[15] == b[15]) << 15; + + if (l1) + { + if (l1 & 0x0001) break; + if (l1 & 0x0002) if ((e1 & 0x0001) == 0x0001) break; + if (l1 & 0x0004) if ((e1 & 0x0003) == 0x0003) break; + if (l1 & 0x0008) if ((e1 & 0x0007) == 0x0007) break; + if (l1 & 0x0010) if ((e1 & 0x000f) == 0x000f) break; + if (l1 & 0x0020) if ((e1 & 0x001f) == 0x001f) break; + if (l1 & 0x0040) if ((e1 & 0x003f) == 0x003f) break; + if (l1 & 0x0080) if ((e1 & 0x007f) == 0x007f) break; + if (l1 & 0x0100) if ((e1 & 0x00ff) == 0x00ff) break; + if (l1 & 0x0200) if ((e1 & 0x01ff) == 0x01ff) break; + if (l1 & 0x0400) if ((e1 & 0x03ff) == 0x03ff) break; + if (l1 & 0x0800) if ((e1 & 0x07ff) == 0x07ff) break; + if (l1 & 0x1000) if ((e1 & 0x0fff) == 0x0fff) break; + if (l1 & 0x2000) if ((e1 & 0x1fff) == 0x1fff) break; + if (l1 & 0x4000) if ((e1 & 0x3fff) == 0x3fff) break; + if (l1 & 0x8000) if ((e1 & 0x7fff) == 0x7fff) break; + } // r = x (copy it to have the original values for the subtraction) @@ -486,22 +524,59 @@ KERNEL_FQ void m21700_hook23 (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electr // if (a >= r) a -= r; - if (a[ 0] < r[ 0]) continue; - if (a[ 0] == r[ 0]) if (a[ 1] < r[ 1]) continue; - if (a[ 1] == r[ 1]) if (a[ 2] < r[ 2]) continue; - if (a[ 2] == r[ 2]) if (a[ 3] < r[ 3]) continue; - if (a[ 3] == r[ 3]) if (a[ 4] < r[ 4]) continue; - if (a[ 4] == r[ 4]) if (a[ 5] < r[ 5]) continue; - if (a[ 5] == r[ 5]) if (a[ 6] < r[ 6]) continue; - if (a[ 6] == r[ 6]) if (a[ 7] < r[ 7]) continue; - if (a[ 7] == r[ 7]) if (a[ 8] < r[ 8]) continue; - if (a[ 8] == r[ 8]) if (a[ 9] < r[ 9]) continue; - if (a[ 9] == r[ 9]) if (a[10] < r[10]) continue; - if (a[10] == r[10]) if (a[11] < r[11]) continue; - if (a[11] == r[11]) if (a[12] < r[12]) continue; - if (a[12] == r[12]) if (a[13] < r[13]) continue; - if (a[13] == r[13]) if (a[14] < r[14]) continue; - if (a[14] == r[14]) if (a[15] < r[15]) continue; + const u32 l2 = (a[ 0] < r[ 0]) << 0 + | (a[ 1] < r[ 1]) << 1 + | (a[ 2] < r[ 2]) << 2 + | (a[ 3] < r[ 3]) << 3 + | (a[ 4] < r[ 4]) << 4 + | (a[ 5] < r[ 5]) << 5 + | (a[ 6] < r[ 6]) << 6 + | (a[ 7] < r[ 7]) << 7 + | (a[ 8] < r[ 8]) << 8 + | (a[ 9] < r[ 9]) << 9 + | (a[10] < r[10]) << 10 + | (a[11] < r[11]) << 11 + | (a[12] < r[12]) << 12 + | (a[13] < r[13]) << 13 + | (a[14] < r[14]) << 14 + | (a[15] < r[15]) << 15; + + const u32 e2 = (a[ 0] == r[ 0]) << 0 + | (a[ 1] == r[ 1]) << 1 + | (a[ 2] == r[ 2]) << 2 + | (a[ 3] == r[ 3]) << 3 + | (a[ 4] == r[ 4]) << 4 + | (a[ 5] == r[ 5]) << 5 + | (a[ 6] == r[ 6]) << 6 + | (a[ 7] == r[ 7]) << 7 + | (a[ 8] == r[ 8]) << 8 + | (a[ 9] == r[ 9]) << 9 + | (a[10] == r[10]) << 10 + | (a[11] == r[11]) << 11 + | (a[12] == r[12]) << 12 + | (a[13] == r[13]) << 13 + | (a[14] == r[14]) << 14 + | (a[15] == r[15]) << 15; + + if (l2) + { + if (l2 & 0x0001) continue; + if (l2 & 0x0002) if ((e2 & 0x0001) == 0x0001) continue; + if (l2 & 0x0004) if ((e2 & 0x0003) == 0x0003) continue; + if (l2 & 0x0008) if ((e2 & 0x0007) == 0x0007) continue; + if (l2 & 0x0010) if ((e2 & 0x000f) == 0x000f) continue; + if (l2 & 0x0020) if ((e2 & 0x001f) == 0x001f) continue; + if (l2 & 0x0040) if ((e2 & 0x003f) == 0x003f) continue; + if (l2 & 0x0080) if ((e2 & 0x007f) == 0x007f) continue; + if (l2 & 0x0100) if ((e2 & 0x00ff) == 0x00ff) continue; + if (l2 & 0x0200) if ((e2 & 0x01ff) == 0x01ff) continue; + if (l2 & 0x0400) if ((e2 & 0x03ff) == 0x03ff) continue; + if (l2 & 0x0800) if ((e2 & 0x07ff) == 0x07ff) continue; + if (l2 & 0x1000) if ((e2 & 0x0fff) == 0x0fff) continue; + if (l2 & 0x2000) if ((e2 & 0x1fff) == 0x1fff) continue; + if (l2 & 0x4000) if ((e2 & 0x3fff) == 0x3fff) continue; + if (l2 & 0x8000) if ((e2 & 0x7fff) == 0x7fff) continue; + } // substract (a -= r): diff --git a/OpenCL/m21800-pure.cl b/OpenCL/m21800-pure.cl index f90bbaba9..3658721e2 100644 --- a/OpenCL/m21800-pure.cl +++ b/OpenCL/m21800-pure.cl @@ -416,21 +416,59 @@ KERNEL_FQ void m21800_hook23 (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hoo while (a[0] >= b[0]) { - if (a[ 0] == b[ 0]) if (a[ 1] < b[ 1]) break; - if (a[ 1] == b[ 1]) if (a[ 2] < b[ 2]) break; - if (a[ 2] == b[ 2]) if (a[ 3] < b[ 3]) break; - if (a[ 3] == b[ 3]) if (a[ 4] < b[ 4]) break; - if (a[ 4] == b[ 4]) if (a[ 5] < b[ 5]) break; - if (a[ 5] == b[ 5]) if (a[ 6] < b[ 6]) break; - if (a[ 6] == b[ 6]) if (a[ 7] < b[ 7]) break; - if (a[ 7] == b[ 7]) if (a[ 8] < b[ 8]) break; - if (a[ 8] == b[ 8]) if (a[ 9] < b[ 9]) break; - if (a[ 9] == b[ 9]) if (a[10] < b[10]) break; - if (a[10] == b[10]) if (a[11] < b[11]) break; - if (a[11] == b[11]) if (a[12] < b[12]) break; - if (a[12] == b[12]) if (a[13] < b[13]) break; - if (a[13] == b[13]) if (a[14] < b[14]) break; - if (a[14] == b[14]) if (a[15] < b[15]) break; + const u32 l1 = (a[ 0] < b[ 0]) << 0 + | (a[ 1] < b[ 1]) << 1 + | (a[ 2] < b[ 2]) << 2 + | (a[ 3] < b[ 3]) << 3 + | (a[ 4] < b[ 4]) << 4 + | (a[ 5] < b[ 5]) << 5 + | (a[ 6] < b[ 6]) << 6 + | (a[ 7] < b[ 7]) << 7 + | (a[ 8] < b[ 8]) << 8 + | (a[ 9] < b[ 9]) << 9 + | (a[10] < b[10]) << 10 + | (a[11] < b[11]) << 11 + | (a[12] < b[12]) << 12 + | (a[13] < b[13]) << 13 + | (a[14] < b[14]) << 14 + | (a[15] < b[15]) << 15; + + const u32 e1 = (a[ 0] == b[ 0]) << 0 + | (a[ 1] == b[ 1]) << 1 + | (a[ 2] == b[ 2]) << 2 + | (a[ 3] == b[ 3]) << 3 + | (a[ 4] == b[ 4]) << 4 + | (a[ 5] == b[ 5]) << 5 + | (a[ 6] == b[ 6]) << 6 + | (a[ 7] == b[ 7]) << 7 + | (a[ 8] == b[ 8]) << 8 + | (a[ 9] == b[ 9]) << 9 + | (a[10] == b[10]) << 10 + | (a[11] == b[11]) << 11 + | (a[12] == b[12]) << 12 + | (a[13] == b[13]) << 13 + | (a[14] == b[14]) << 14 + | (a[15] == b[15]) << 15; + + if (l1) + { + if (l1 & 0x0001) break; + if (l1 & 0x0002) if ((e1 & 0x0001) == 0x0001) break; + if (l1 & 0x0004) if ((e1 & 0x0003) == 0x0003) break; + if (l1 & 0x0008) if ((e1 & 0x0007) == 0x0007) break; + if (l1 & 0x0010) if ((e1 & 0x000f) == 0x000f) break; + if (l1 & 0x0020) if ((e1 & 0x001f) == 0x001f) break; + if (l1 & 0x0040) if ((e1 & 0x003f) == 0x003f) break; + if (l1 & 0x0080) if ((e1 & 0x007f) == 0x007f) break; + if (l1 & 0x0100) if ((e1 & 0x00ff) == 0x00ff) break; + if (l1 & 0x0200) if ((e1 & 0x01ff) == 0x01ff) break; + if (l1 & 0x0400) if ((e1 & 0x03ff) == 0x03ff) break; + if (l1 & 0x0800) if ((e1 & 0x07ff) == 0x07ff) break; + if (l1 & 0x1000) if ((e1 & 0x0fff) == 0x0fff) break; + if (l1 & 0x2000) if ((e1 & 0x1fff) == 0x1fff) break; + if (l1 & 0x4000) if ((e1 & 0x3fff) == 0x3fff) break; + if (l1 & 0x8000) if ((e1 & 0x7fff) == 0x7fff) break; + } // r = x (copy it to have the original values for the subtraction) @@ -474,22 +512,59 @@ KERNEL_FQ void m21800_hook23 (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hoo // if (a >= r) a -= r; - if (a[ 0] < r[ 0]) continue; - if (a[ 0] == r[ 0]) if (a[ 1] < r[ 1]) continue; - if (a[ 1] == r[ 1]) if (a[ 2] < r[ 2]) continue; - if (a[ 2] == r[ 2]) if (a[ 3] < r[ 3]) continue; - if (a[ 3] == r[ 3]) if (a[ 4] < r[ 4]) continue; - if (a[ 4] == r[ 4]) if (a[ 5] < r[ 5]) continue; - if (a[ 5] == r[ 5]) if (a[ 6] < r[ 6]) continue; - if (a[ 6] == r[ 6]) if (a[ 7] < r[ 7]) continue; - if (a[ 7] == r[ 7]) if (a[ 8] < r[ 8]) continue; - if (a[ 8] == r[ 8]) if (a[ 9] < r[ 9]) continue; - if (a[ 9] == r[ 9]) if (a[10] < r[10]) continue; - if (a[10] == r[10]) if (a[11] < r[11]) continue; - if (a[11] == r[11]) if (a[12] < r[12]) continue; - if (a[12] == r[12]) if (a[13] < r[13]) continue; - if (a[13] == r[13]) if (a[14] < r[14]) continue; - if (a[14] == r[14]) if (a[15] < r[15]) continue; + const u32 l2 = (a[ 0] < r[ 0]) << 0 + | (a[ 1] < r[ 1]) << 1 + | (a[ 2] < r[ 2]) << 2 + | (a[ 3] < r[ 3]) << 3 + | (a[ 4] < r[ 4]) << 4 + | (a[ 5] < r[ 5]) << 5 + | (a[ 6] < r[ 6]) << 6 + | (a[ 7] < r[ 7]) << 7 + | (a[ 8] < r[ 8]) << 8 + | (a[ 9] < r[ 9]) << 9 + | (a[10] < r[10]) << 10 + | (a[11] < r[11]) << 11 + | (a[12] < r[12]) << 12 + | (a[13] < r[13]) << 13 + | (a[14] < r[14]) << 14 + | (a[15] < r[15]) << 15; + + const u32 e2 = (a[ 0] == r[ 0]) << 0 + | (a[ 1] == r[ 1]) << 1 + | (a[ 2] == r[ 2]) << 2 + | (a[ 3] == r[ 3]) << 3 + | (a[ 4] == r[ 4]) << 4 + | (a[ 5] == r[ 5]) << 5 + | (a[ 6] == r[ 6]) << 6 + | (a[ 7] == r[ 7]) << 7 + | (a[ 8] == r[ 8]) << 8 + | (a[ 9] == r[ 9]) << 9 + | (a[10] == r[10]) << 10 + | (a[11] == r[11]) << 11 + | (a[12] == r[12]) << 12 + | (a[13] == r[13]) << 13 + | (a[14] == r[14]) << 14 + | (a[15] == r[15]) << 15; + + if (l2) + { + if (l2 & 0x0001) continue; + if (l2 & 0x0002) if ((e2 & 0x0001) == 0x0001) continue; + if (l2 & 0x0004) if ((e2 & 0x0003) == 0x0003) continue; + if (l2 & 0x0008) if ((e2 & 0x0007) == 0x0007) continue; + if (l2 & 0x0010) if ((e2 & 0x000f) == 0x000f) continue; + if (l2 & 0x0020) if ((e2 & 0x001f) == 0x001f) continue; + if (l2 & 0x0040) if ((e2 & 0x003f) == 0x003f) continue; + if (l2 & 0x0080) if ((e2 & 0x007f) == 0x007f) continue; + if (l2 & 0x0100) if ((e2 & 0x00ff) == 0x00ff) continue; + if (l2 & 0x0200) if ((e2 & 0x01ff) == 0x01ff) continue; + if (l2 & 0x0400) if ((e2 & 0x03ff) == 0x03ff) continue; + if (l2 & 0x0800) if ((e2 & 0x07ff) == 0x07ff) continue; + if (l2 & 0x1000) if ((e2 & 0x0fff) == 0x0fff) continue; + if (l2 & 0x2000) if ((e2 & 0x1fff) == 0x1fff) continue; + if (l2 & 0x4000) if ((e2 & 0x3fff) == 0x3fff) continue; + if (l2 & 0x8000) if ((e2 & 0x7fff) == 0x7fff) continue; + } // substract (a -= r): From 4ecaae7cc544be023db73dd777b7d3755f675877 Mon Sep 17 00:00:00 2001 From: philsmd Date: Thu, 21 Nov 2019 10:42:36 +0100 Subject: [PATCH 050/300] formatting: remove extra block/identation for -m 11300 --- OpenCL/m11300-pure.cl | 48 +++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/OpenCL/m11300-pure.cl b/OpenCL/m11300-pure.cl index 1145fd7ba..994721f3b 100644 --- a/OpenCL/m11300-pure.cl +++ b/OpenCL/m11300-pure.cl @@ -302,34 +302,32 @@ KERNEL_FQ void m11300_comp (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ AES256_set_decrypt_key (ks, key, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + u32 i = esalt_bufs[digests_offset].cry_master_len - 32; + + u32 iv[4]; + + iv[0] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 0]); + iv[1] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 1]); + iv[2] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 2]); + iv[3] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 3]); + + i += 16; + + u32 data[4]; + + data[0] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 0]); + data[1] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 1]); + data[2] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 2]); + data[3] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 3]); + u32 out[4]; - { - u32 i = esalt_bufs[digests_offset].cry_master_len - 32; + AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 0]); - iv[1] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 1]); - iv[2] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 2]); - iv[3] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 3]); - - i += 16; - - u32 data[4]; - - data[0] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 0]); - data[1] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 1]); - data[2] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 2]); - data[3] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 3]); - - AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); - - out[0] ^= iv[0]; - out[1] ^= iv[1]; - out[2] ^= iv[2]; - out[3] ^= iv[3]; - } + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; u32 pad = 0; From 9264560a28fd2f0b197beb625fafcb5b3a7c514b Mon Sep 17 00:00:00 2001 From: philsmd Date: Thu, 21 Nov 2019 10:47:07 +0100 Subject: [PATCH 051/300] formatting: remove extra whitespace in terminal.c --- src/terminal.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/terminal.c b/src/terminal.c index dbe11c693..d1e8834e8 100644 --- a/src/terminal.c +++ b/src/terminal.c @@ -1138,7 +1138,7 @@ void status_display (hashcat_ctx_t *hashcat_ctx) event_log_info (hashcat_ctx, "Hash.Target......: %s", hashcat_status->hash_target); - + if (user_options->force == true) { event_log_info (hashcat_ctx, @@ -1152,7 +1152,8 @@ void status_display (hashcat_ctx_t *hashcat_ctx) "Time.Started.....: %s (%s)", hashcat_status->time_started_absolute, hashcat_status->time_started_relative); - } + } + if (user_options->force == true) { event_log_info (hashcat_ctx, @@ -1167,7 +1168,7 @@ void status_display (hashcat_ctx_t *hashcat_ctx) hashcat_status->time_estimated_absolute, hashcat_status->time_estimated_relative); } - + switch (hashcat_status->guess_mode) { case GUESS_MODE_STRAIGHT_FILE: From f152f6a16c51ec1c88f89e435155d8e540163b13 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 22 Nov 2019 19:10:56 +0100 Subject: [PATCH 052/300] Fix missing --quiet check in password/salt min/max info on startup --- src/main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main.c b/src/main.c index 4eddd624c..8a17a4e1e 100644 --- a/src/main.c +++ b/src/main.c @@ -882,12 +882,14 @@ static void main_wordlist_cache_generate (MAYBE_UNUSED hashcat_ctx_t *hashcat_ct static void main_hashconfig_pre (MAYBE_UNUSED hashcat_ctx_t *hashcat_ctx, MAYBE_UNUSED const void *buf, MAYBE_UNUSED const size_t len) { - } static void main_hashconfig_post (MAYBE_UNUSED hashcat_ctx_t *hashcat_ctx, MAYBE_UNUSED const void *buf, MAYBE_UNUSED const size_t len) { - const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; + const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; + const user_options_t *user_options = hashcat_ctx->user_options; + + if (user_options->quiet == true) return; /** * Optimizer constraints From a6c18f48ba92e26820fc7e61f21fc2416a5c957e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 22 Nov 2019 23:12:57 +0100 Subject: [PATCH 053/300] Remove some double code --- OpenCL/inc_common.cl | 28 ---------------------------- 1 file changed, 28 deletions(-) diff --git a/OpenCL/inc_common.cl b/OpenCL/inc_common.cl index 09946e52f..64300e80a 100644 --- a/OpenCL/inc_common.cl +++ b/OpenCL/inc_common.cl @@ -854,17 +854,11 @@ DECLSPEC u32x hc_byte_perm (const u32x a, const u32x b, const int c) #endif #if VECT_SIZE >= 4 - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s0) : "v"(b.s0), "v"(a.s0), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s1) : "v"(b.s1), "v"(a.s1), "v"(c)); __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s2) : "v"(b.s2), "v"(a.s2), "v"(c)); __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s3) : "v"(b.s3), "v"(a.s3), "v"(c)); #endif #if VECT_SIZE >= 8 - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s0) : "v"(b.s0), "v"(a.s0), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s1) : "v"(b.s1), "v"(a.s1), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s2) : "v"(b.s2), "v"(a.s2), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s3) : "v"(b.s3), "v"(a.s3), "v"(c)); __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s4) : "v"(b.s4), "v"(a.s4), "v"(c)); __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s5) : "v"(b.s5), "v"(a.s5), "v"(c)); __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s6) : "v"(b.s6), "v"(a.s6), "v"(c)); @@ -872,14 +866,6 @@ DECLSPEC u32x hc_byte_perm (const u32x a, const u32x b, const int c) #endif #if VECT_SIZE >= 16 - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s0) : "v"(b.s0), "v"(a.s0), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s1) : "v"(b.s1), "v"(a.s1), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s2) : "v"(b.s2), "v"(a.s2), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s3) : "v"(b.s3), "v"(a.s3), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s4) : "v"(b.s4), "v"(a.s4), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s5) : "v"(b.s5), "v"(a.s5), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s6) : "v"(b.s6), "v"(a.s6), "v"(c)); - __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s7) : "v"(b.s7), "v"(a.s7), "v"(c)); __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s8) : "v"(b.s8), "v"(a.s8), "v"(c)); __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.s9) : "v"(b.s9), "v"(a.s9), "v"(c)); __asm__ __volatile__ ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r.sa) : "v"(b.sa), "v"(a.sa), "v"(c)); @@ -919,17 +905,11 @@ DECLSPEC u32x hc_add3 (const u32x a, const u32x b, const u32x c) #endif #if VECT_SIZE >= 4 - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s0) : "v"(b.s0), "v"(a.s0), "v"(c.s0)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s1) : "v"(b.s1), "v"(a.s1), "v"(c.s1)); __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s2) : "v"(b.s2), "v"(a.s2), "v"(c.s2)); __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s3) : "v"(b.s3), "v"(a.s3), "v"(c.s3)); #endif #if VECT_SIZE >= 8 - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s0) : "v"(b.s0), "v"(a.s0), "v"(c.s0)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s1) : "v"(b.s1), "v"(a.s1), "v"(c.s1)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s2) : "v"(b.s2), "v"(a.s2), "v"(c.s2)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s3) : "v"(b.s3), "v"(a.s3), "v"(c.s3)); __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s4) : "v"(b.s4), "v"(a.s4), "v"(c.s4)); __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s5) : "v"(b.s5), "v"(a.s5), "v"(c.s5)); __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s6) : "v"(b.s6), "v"(a.s6), "v"(c.s6)); @@ -937,14 +917,6 @@ DECLSPEC u32x hc_add3 (const u32x a, const u32x b, const u32x c) #endif #if VECT_SIZE >= 16 - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s0) : "v"(b.s0), "v"(a.s0), "v"(c.s0)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s1) : "v"(b.s1), "v"(a.s1), "v"(c.s1)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s2) : "v"(b.s2), "v"(a.s2), "v"(c.s2)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s3) : "v"(b.s3), "v"(a.s3), "v"(c.s3)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s4) : "v"(b.s4), "v"(a.s4), "v"(c.s4)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s5) : "v"(b.s5), "v"(a.s5), "v"(c.s5)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s6) : "v"(b.s6), "v"(a.s6), "v"(c.s6)); - __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s7) : "v"(b.s7), "v"(a.s7), "v"(c.s7)); __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s8) : "v"(b.s8), "v"(a.s8), "v"(c.s8)); __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.s9) : "v"(b.s9), "v"(a.s9), "v"(c.s9)); __asm__ __volatile__ ("V_ADD3_U32 %0, %1, %2, %3;" : "=v"(r.sa) : "v"(b.sa), "v"(a.sa), "v"(c.sa)); From 9f719e68016c3c334c33d3cce0f2c8542ab6abd3 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 23 Nov 2019 11:05:30 +0100 Subject: [PATCH 054/300] Add external hashcat benchmarking tool --- tools/benchmark_deep.pl | 488 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 488 insertions(+) create mode 100755 tools/benchmark_deep.pl diff --git a/tools/benchmark_deep.pl b/tools/benchmark_deep.pl new file mode 100755 index 000000000..279faa568 --- /dev/null +++ b/tools/benchmark_deep.pl @@ -0,0 +1,488 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +my $nvidia_cache = "~/.nv"; +my $amd_cache = "~/.AMD"; +my $hashcat_path = "."; +my $kernels_cache = "$hashcat_path/kernels"; +my $hashcat_bin = "$hashcat_path/hashcat"; +my $device = 1; +my $workload_profile = 3; +my $runtime = 24; +my $sleep_sec = 12; +my $default_mask = "?b?b?b?b?b?b?b"; +my $result = "result.txt"; +my $old_hashcat = 0; # requires to have ran with new hashcat before to create the hashfiles +my $repeats = 1; +my $cpu_benchmark = 0; + +print "\nHardware preparations... You may need to adjust some settings and probably can ignore some of the error\n\n"; + +system ("echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor"); + +if ($cpu_benchmark == 1) +{ + system ("echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo"); ## for CPU benchmark Intel + system ("echo 0 > /sys/devices/system/cpu/cpufreq/boost"); ## for CPU benchmark AMD +} +else +{ + system ("rocm-smi --resetprofile --resetclocks --resetfans"); + system ("rocm-smi --setfan 100% --setperflevel high"); + + system ("nvidia-smi -rac"); + system ("nvidia-smi -pm ENABLED"); + system ("nvidia-smi -acp UNRESTRICTED"); + system ("nvidia-smi -pl 1"); ## needs per-gpu adjust + system ("nvidia-settings -a GPUPowerMizerMode=1 -a GPUFanControlState=1 -a GPUTargetFanSpeed=100"); +} + +print "\n\nStarting...\n\n"; + +system ("rm -rf $nvidia_cache"); +system ("rm -rf $amd_cache"); +system ("rm -rf $kernels_cache"); + +my @hash_types_selection = +( + 0, + 100, + 1400, + 1700, + 16800, + 1000, + 3000, + 5500, + 5600, + 1500, + 500, + 3200, + 1800, + 7500, + 13100, + 15300, + 15900, + 7100, + 11600, + 12500, + 13000, + 6241, + 13400, + 6800, + 11300, +); + +my @hash_types = +( + 0, + 20, + 50, + 60, + 100, + 120, + 150, + 160, + 200, + 300, + 400, + 500, + 600, + 900, + 1000, + 1100, + 1300, + 1400, + 1420, + 1450, + 1460, + 1500, + 1600, + 1700, + 1720, + 1750, + 1760, + 1800, + 2100, + 2400, + 2410, + 2500, + 2501, + 2611, + 2711, + 2811, + 3000, + 3100, + 3200, + 3710, + 3800, + 3910, + 4010, + 4110, + 4300, + 4400, + 4500, + 4520, + 4700, + 4800, + 4900, + 5100, + 5200, + 5300, + 5400, + 5500, + 5600, + 5800, + 6000, + 6100, + 6211, + 6221, + 6231, + 6241, + 6300, + 6400, + 6500, + 6600, + 6700, + 6800, + 6900, + 7000, + 7100, + 7300, + 7400, + 7500, + 7700, + 7701, + 7800, + 7801, + 7900, + 8000, + 8100, + 8200, + 8300, + 8400, + 8500, + 8600, + 8700, + 8800, + 8900, + 9000, + 9100, + 9400, + 9500, + 9600, + 9700, + 9710, + 9720, + 9800, + 9810, + 9820, + 9900, + 10100, + 10300, + 10400, + 10410, + 10420, + 10500, + 10700, + 10800, + 10900, + 11000, + 11100, + 11200, + 11300, + 11400, + 11500, + 11600, + 11700, + 11750, + 11760, + 11800, + 11850, + 11860, + 11900, + 12000, + 12200, + 12300, + 12400, + 12500, + 12600, + 12700, + 12800, + 12900, + 13000, + 13100, + 13200, + 13300, + 13400, + 13500, + 13600, + 13711, + 13721, + 13731, + 13741, + 13751, + 13761, + 13771, + 13800, + 13900, + 14000, + 14100, + 14400, + 14700, + 14800, + 14900, + 15000, + 15100, + 15300, + 15400, + 15500, + 15600, + 15900, + 16000, + 16100, + 16200, + 16300, + 16400, + 16600, + 16800, + 16801, + 16900, + 17300, + 17400, + 17500, + 17600, + 17700, + 17800, + 17900, + 18000, + 18100, + 18200, + 18300, + 18400, + 18500, + 18600, + 18700, + 18800, + 18900, + 19000, + 19100, + 19200, + 19300, + 19500, + 19600, + 19700, + 19800, + 19900, + 20011, + 20012, + 20013, + 20500, + 20510, +); + +if (scalar @ARGV) +{ + @hash_types = @ARGV; +} + +unlink ($result); + +chdir ($hashcat_path); + +for my $hash_type (@hash_types) +{ + # banchmark always in optimized mode with single hash and mask! + + my $mask = $default_mask; + + if ($old_hashcat == 0) + { + my $module = get_module ($hash_type); + + my $st_hash = $module->{"st_hash"}; + my $is_binary = $module->{"is_binary"}; + + open (OUT, ">", "tmp.hash.$hash_type") or die; + + if ($is_binary) + { + print OUT pack ("H*", $st_hash), "\n"; + } + else + { + print OUT "$st_hash\n"; + } + + close (OUT); + + $mask = $module->{"mask"}; + } + + my @command = + ( + $hashcat_bin, + "--quiet", + "tmp.hash.$hash_type", + "--keep-guessing", + "--self-test-disable", + "--markov-disable", + "--restore-disable", + "--outfile-autohex-disable", + "--wordlist-autohex-disable", + "--potfile-disable", + "--logfile-disable", + "--hwmon-disable", + "--status", + "--status-timer", 1, + "--runtime", $runtime, + "--machine-readable", + "--optimized-kernel-enable", + "--workload-profile", $workload_profile, + "--hash-type", $hash_type, + "--attack-mode", 3, + $mask + ); + + if ($cpu_benchmark == 1) + { + push (@command, "--opencl-device-types", 1); + } + else + { + push (@command, "--backend-devices", $device); + } + + print "Executing command: ", join (" ", @command), "\n"; + + my $final_speed = 0; + + for (my $i = 0; $i <= $repeats; $i++) + { + printf ("Run #%d\n", $i); + + open (IN, "-|", @command, "--runtime", 1); + close (IN); + + my $was_slower = 0; + + my $speed = 0; + + my $sample = 0; + + open (IN, "-|", @command); + + while (my $line = ) + { + chomp $line; + + print "$line\n"; + + my @data = split "\t", $line; + + next unless defined $data[1]; + + next if ($data[1] != '3'); + + $sample++; + + if ($sample > 5) + { + if ($data[3] > $speed) + { + $speed = $data[3]; + } + else + { + $was_slower++; + + last if ($was_slower == 3); + } + } + } + + close (IN); + + sleep ($sleep_sec); + + $final_speed = $speed if ($speed > $final_speed); + } + + open (OUT, ">>", $result) or die; + print OUT $final_speed, "\n"; + close (OUT); +} + +sub get_module +{ + my $hash_type = shift; + + my $st_hash = undef; + my $is_binary = 0; + my $pw_min = -1; + my $pw_max = -1; + + my $path = sprintf ("src/modules/module_%05d.c", $hash_type); + + open (IN, $path) or die; + + while (my $line = ) + { + chomp $line; + + if ($line =~ /OPTS_TYPE_BINARY_HASHFILE/) + { + $is_binary = 1; + } + + if ($line =~ /ST_HASH *= \"(.*)\"/) + { + $st_hash = $1; + } + + if ($line =~ /const u32 pw_min = (\d+);/) + { + $pw_min = $1; + } + + if ($line =~ /const u32 pw_max = (\d+);/) + { + $pw_max = $1; + } + } + + close (IN); + + my $mask = $default_mask; + + if ($pw_min != -1) + { + if ($pw_min < 7) + { + $mask = substr ($mask, 0, $pw_min * 2); + } + else + { + my $left = $pw_min - 7; + + $mask .= "x" x $left; + } + } + elsif ($pw_max != -1) + { + if ($pw_max < 7) + { + $mask = substr ($mask, 0, $pw_min * 2); + } + } + + my $module = + { + "is_binary" => $is_binary, + "st_hash" => $st_hash, + "mask" => $mask, + }; + + return $module; +} From d518bd39036bb0a0d13781adde23c2278ba0fdef Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 23 Nov 2019 13:26:40 +0100 Subject: [PATCH 055/300] Unlock all threads for -m 600 --- src/modules/module_00600.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/modules/module_00600.c b/src/modules/module_00600.c index 6fd67c51f..3a2b13610 100644 --- a/src/modules/module_00600.c +++ b/src/modules/module_00600.c @@ -54,13 +54,6 @@ typedef struct blake2 static const char *SIGNATURE_BLAKE2B = "$BLAKE2$"; -u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u32 kernel_threads_max = 64; // performance only optimization - - return kernel_threads_max; -} - u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (blake2_t); @@ -198,7 +191,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_kernel_accel_min = MODULE_DEFAULT; module_ctx->module_kernel_loops_max = MODULE_DEFAULT; module_ctx->module_kernel_loops_min = MODULE_DEFAULT; - module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; module_ctx->module_kernel_threads_min = MODULE_DEFAULT; module_ctx->module_kern_type = module_kern_type; module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; From d315f61414ef06126ad019607e7c577b59a831fa Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 24 Nov 2019 08:50:31 +0100 Subject: [PATCH 056/300] Fix -m 1800 speed on ROCM --- src/modules/module_01800.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/modules/module_01800.c b/src/modules/module_01800.c index 9b6d0c196..4b1540dd7 100644 --- a/src/modules/module_01800.c +++ b/src/modules/module_01800.c @@ -434,7 +434,14 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY { char *jit_build_options = NULL; - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + // unroll is faster on rocm in this kernel + } + else + { + hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + } return jit_build_options; } From ce17418b2758bd3382a208015431068344e62c74 Mon Sep 17 00:00:00 2001 From: Jamie R Date: Sun, 24 Nov 2019 14:49:13 +0000 Subject: [PATCH 057/300] add web2py pbkdf2-hmac-sha512 variant --- OpenCL/m21600-pure.cl | 353 +++++++++++++++++++++++++++++++++++++ docs/changes.txt | 1 + docs/credits.txt | 3 + docs/readme.txt | 1 + src/modules/module_21600.c | 308 ++++++++++++++++++++++++++++++++ 5 files changed, 666 insertions(+) create mode 100644 OpenCL/m21600-pure.cl create mode 100644 src/modules/module_21600.c diff --git a/OpenCL/m21600-pure.cl b/OpenCL/m21600-pure.cl new file mode 100644 index 000000000..ad4fe7f9c --- /dev/null +++ b/OpenCL/m21600-pure.cl @@ -0,0 +1,353 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha512.cl" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +typedef struct pbkdf2_sha512_tmp +{ + u64 ipad[8]; + u64 opad[8]; + + u64 dgst[16]; + u64 out[16]; + +} pbkdf2_sha512_tmp_t; + +typedef struct pbkdf2_sha512 +{ + u32 salt_buf[64]; + u32 hash_buf[64]; + u32 salt_iter; + u32 salt_len; + u32 hash_len; + +} pbkdf2_sha512_t; + +DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w4, u32x *w5, u32x *w6, u32x *w7, u64x *ipad, u64x *opad, u64x *digest) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + digest[5] = ipad[5]; + digest[6] = ipad[6]; + digest[7] = ipad[7]; + + sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest); + + w0[0] = h32_from_64 (digest[0]); + w0[1] = l32_from_64 (digest[0]); + w0[2] = h32_from_64 (digest[1]); + w0[3] = l32_from_64 (digest[1]); + w1[0] = h32_from_64 (digest[2]); + w1[1] = l32_from_64 (digest[2]); + w1[2] = h32_from_64 (digest[3]); + w1[3] = l32_from_64 (digest[3]); + w2[0] = h32_from_64 (digest[4]); + w2[1] = l32_from_64 (digest[4]); + w2[2] = h32_from_64 (digest[5]); + w2[3] = l32_from_64 (digest[5]); + w3[0] = h32_from_64 (digest[6]); + w3[1] = l32_from_64 (digest[6]); + w3[2] = h32_from_64 (digest[7]); + w3[3] = l32_from_64 (digest[7]); + w4[0] = 0x80000000; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = (128 + 64) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + digest[5] = opad[5]; + digest[6] = opad[6]; + digest[7] = opad[7]; + + sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest); +} + +KERNEL_FQ void m21600_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha512_tmp_t, pbkdf2_sha512_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + sha512_hmac_ctx_t sha512_hmac_ctx; + + sha512_hmac_init_global_swap (&sha512_hmac_ctx, pws[gid].i, pws[gid].pw_len); + + tmps[gid].ipad[0] = sha512_hmac_ctx.ipad.h[0]; + tmps[gid].ipad[1] = sha512_hmac_ctx.ipad.h[1]; + tmps[gid].ipad[2] = sha512_hmac_ctx.ipad.h[2]; + tmps[gid].ipad[3] = sha512_hmac_ctx.ipad.h[3]; + tmps[gid].ipad[4] = sha512_hmac_ctx.ipad.h[4]; + tmps[gid].ipad[5] = sha512_hmac_ctx.ipad.h[5]; + tmps[gid].ipad[6] = sha512_hmac_ctx.ipad.h[6]; + tmps[gid].ipad[7] = sha512_hmac_ctx.ipad.h[7]; + + tmps[gid].opad[0] = sha512_hmac_ctx.opad.h[0]; + tmps[gid].opad[1] = sha512_hmac_ctx.opad.h[1]; + tmps[gid].opad[2] = sha512_hmac_ctx.opad.h[2]; + tmps[gid].opad[3] = sha512_hmac_ctx.opad.h[3]; + tmps[gid].opad[4] = sha512_hmac_ctx.opad.h[4]; + tmps[gid].opad[5] = sha512_hmac_ctx.opad.h[5]; + tmps[gid].opad[6] = sha512_hmac_ctx.opad.h[6]; + tmps[gid].opad[7] = sha512_hmac_ctx.opad.h[7]; + + sha512_hmac_update_global_swap (&sha512_hmac_ctx, esalt_bufs[digests_offset].salt_buf, salt_bufs[salt_pos].salt_len); + + for (u32 i = 0, j = 1; i < 8; i += 8, j += 1) + { + sha512_hmac_ctx_t sha512_hmac_ctx2 = sha512_hmac_ctx; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + u32 w4[4]; + u32 w5[4]; + u32 w6[4]; + u32 w7[4]; + + w0[0] = j; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + w4[0] = 0; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = 0; + + sha512_hmac_update_128 (&sha512_hmac_ctx2, w0, w1, w2, w3, w4, w5, w6, w7, 4); + + sha512_hmac_final (&sha512_hmac_ctx2); + + tmps[gid].dgst[i + 0] = sha512_hmac_ctx2.opad.h[0]; + tmps[gid].dgst[i + 1] = sha512_hmac_ctx2.opad.h[1]; + tmps[gid].dgst[i + 2] = sha512_hmac_ctx2.opad.h[2]; + tmps[gid].dgst[i + 3] = sha512_hmac_ctx2.opad.h[3]; + tmps[gid].dgst[i + 4] = sha512_hmac_ctx2.opad.h[4]; + tmps[gid].dgst[i + 5] = sha512_hmac_ctx2.opad.h[5]; + tmps[gid].dgst[i + 6] = sha512_hmac_ctx2.opad.h[6]; + tmps[gid].dgst[i + 7] = sha512_hmac_ctx2.opad.h[7]; + + tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; + tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; + tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; + tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; + tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; + tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5]; + tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6]; + tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7]; + } +} + +KERNEL_FQ void m21600_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha512_tmp_t, pbkdf2_sha512_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= gid_max) return; + + u64x ipad[8]; + u64x opad[8]; + + ipad[0] = pack64v (tmps, ipad, gid, 0); + ipad[1] = pack64v (tmps, ipad, gid, 1); + ipad[2] = pack64v (tmps, ipad, gid, 2); + ipad[3] = pack64v (tmps, ipad, gid, 3); + ipad[4] = pack64v (tmps, ipad, gid, 4); + ipad[5] = pack64v (tmps, ipad, gid, 5); + ipad[6] = pack64v (tmps, ipad, gid, 6); + ipad[7] = pack64v (tmps, ipad, gid, 7); + + opad[0] = pack64v (tmps, opad, gid, 0); + opad[1] = pack64v (tmps, opad, gid, 1); + opad[2] = pack64v (tmps, opad, gid, 2); + opad[3] = pack64v (tmps, opad, gid, 3); + opad[4] = pack64v (tmps, opad, gid, 4); + opad[5] = pack64v (tmps, opad, gid, 5); + opad[6] = pack64v (tmps, opad, gid, 6); + opad[7] = pack64v (tmps, opad, gid, 7); + + for (u32 i = 0; i < 8; i += 8) + { + u64x dgst[8]; + u64x out[8]; + + dgst[0] = pack64v (tmps, dgst, gid, i + 0); + dgst[1] = pack64v (tmps, dgst, gid, i + 1); + dgst[2] = pack64v (tmps, dgst, gid, i + 2); + dgst[3] = pack64v (tmps, dgst, gid, i + 3); + dgst[4] = pack64v (tmps, dgst, gid, i + 4); + dgst[5] = pack64v (tmps, dgst, gid, i + 5); + dgst[6] = pack64v (tmps, dgst, gid, i + 6); + dgst[7] = pack64v (tmps, dgst, gid, i + 7); + + out[0] = pack64v (tmps, out, gid, i + 0); + out[1] = pack64v (tmps, out, gid, i + 1); + out[2] = pack64v (tmps, out, gid, i + 2); + out[3] = pack64v (tmps, out, gid, i + 3); + out[4] = pack64v (tmps, out, gid, i + 4); + out[5] = pack64v (tmps, out, gid, i + 5); + out[6] = pack64v (tmps, out, gid, i + 6); + out[7] = pack64v (tmps, out, gid, i + 7); + + for (u32 j = 0; j < loop_cnt; j++) + { + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + u32x w4[4]; + u32x w5[4]; + u32x w6[4]; + u32x w7[4]; + + w0[0] = h32_from_64 (dgst[0]); + w0[1] = l32_from_64 (dgst[0]); + w0[2] = h32_from_64 (dgst[1]); + w0[3] = l32_from_64 (dgst[1]); + w1[0] = h32_from_64 (dgst[2]); + w1[1] = l32_from_64 (dgst[2]); + w1[2] = h32_from_64 (dgst[3]); + w1[3] = l32_from_64 (dgst[3]); + w2[0] = h32_from_64 (dgst[4]); + w2[1] = l32_from_64 (dgst[4]); + w2[2] = h32_from_64 (dgst[5]); + w2[3] = l32_from_64 (dgst[5]); + w3[0] = h32_from_64 (dgst[6]); + w3[1] = l32_from_64 (dgst[6]); + w3[2] = h32_from_64 (dgst[7]); + w3[3] = l32_from_64 (dgst[7]); + w4[0] = 0x80000000; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = (128 + 64) * 8; + + hmac_sha512_run_V (w0, w1, w2, w3, w4, w5, w6, w7, ipad, opad, dgst); + + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + out[5] ^= dgst[5]; + out[6] ^= dgst[6]; + out[7] ^= dgst[7]; + } + + unpack64v (tmps, dgst, gid, i + 0, dgst[0]); + unpack64v (tmps, dgst, gid, i + 1, dgst[1]); + unpack64v (tmps, dgst, gid, i + 2, dgst[2]); + unpack64v (tmps, dgst, gid, i + 3, dgst[3]); + unpack64v (tmps, dgst, gid, i + 4, dgst[4]); + unpack64v (tmps, dgst, gid, i + 5, dgst[5]); + unpack64v (tmps, dgst, gid, i + 6, dgst[6]); + unpack64v (tmps, dgst, gid, i + 7, dgst[7]); + + unpack64v (tmps, out, gid, i + 0, out[0]); + unpack64v (tmps, out, gid, i + 1, out[1]); + unpack64v (tmps, out, gid, i + 2, out[2]); + unpack64v (tmps, out, gid, i + 3, out[3]); + unpack64v (tmps, out, gid, i + 4, out[4]); + unpack64v (tmps, out, gid, i + 5, out[5]); + unpack64v (tmps, out, gid, i + 6, out[6]); + unpack64v (tmps, out, gid, i + 7, out[7]); + } +} + +KERNEL_FQ void m21600_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha512_tmp_t, pbkdf2_sha512_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + const u64 lid = get_local_id (0); + + const u64 a = tmps[gid].out[0]; + const u64 b = tmps[gid].out[1]; + + const u32 r0 = l32_from_64_S (a); + const u32 r1 = h32_from_64_S (a); + const u32 r2 = l32_from_64_S (b); + const u32 r3 = h32_from_64_S (b); + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} diff --git a/docs/changes.txt b/docs/changes.txt index c3d4af0d0..a0b48234d 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -54,6 +54,7 @@ - Added hash-mode: sha256(md5($pass)) - Added hash-mode: sha256(sha256_bin(pass)) - Added hash-mode: sha256(sha256($pass).$salt) +- Added hash-mode: pbkdf2(iter,20,sha512) (web2py variant) ## ## Bugs diff --git a/docs/credits.txt b/docs/credits.txt index d897e2113..4802d4024 100644 --- a/docs/credits.txt +++ b/docs/credits.txt @@ -78,4 +78,7 @@ Rick "Minga" Redman and KoreLogic (@CrackMeIfYouCan) Brandon Chalk (@brandoncasaba) * Kerberos Pre-Auth 17/18 kernel module, ported from @Fist0urs TGS kernel modules +Jamie Riden +* module_21600.c - web2py pbkdf2 variant + !!! All the package maintainer of hashcat !!! diff --git a/docs/readme.txt b/docs/readme.txt index d55f14f4d..a9027bea1 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -133,6 +133,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - PBKDF2-HMAC-SHA1 - PBKDF2-HMAC-SHA256 - PBKDF2-HMAC-SHA512 +- web2py variant of PBKDF2-HMAC-SHA512 - scrypt - phpass - Ansible Vault diff --git a/src/modules/module_21600.c b/src/modules/module_21600.c new file mode 100644 index 000000000..e42f5f186 --- /dev/null +++ b/src/modules/module_21600.c @@ -0,0 +1,308 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_8_16; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FRAMEWORK; +static const char *HASH_NAME = "web2py PBKDF2-HMAC-SHA512"; +static const u64 KERN_TYPE = 21600; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP ; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE ; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "mysecret"; +static const char *ST_HASH = "pbkdf2(1000,20,sha512)$a2a2ca127df6bc19$77bb5a3d129e2ce710daaefeefef8356c4c827ff"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +static const char *SIGNATURE_WEB2PY = "pbkdf2"; +static const char *SIGNATURE_WEB2PY_PARAMS = "20,sha512)"; + +typedef struct pbkdf2_sha512 +{ + u32 salt_buf[64]; + u32 hash_buf[64]; + u32 salt_iter; + u32 salt_len; + u32 hash_len; + +} pbkdf2_sha512_t; + +typedef struct pbkdf2_sha512_tmp +{ + u64 ipad[8]; + u64 opad[8]; + + u64 dgst[16]; + u64 out[16]; + +} pbkdf2_sha512_tmp_t; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pbkdf2_sha512_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pbkdf2_sha512_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) + { + hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + } + + return jit_build_options; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u64 *digest = (u64 *) digest_buf; + + pbkdf2_sha512_t *pbkdf2_sha512 = (pbkdf2_sha512_t *) esalt_buf; + + token_t token; + + token.token_cnt = 4; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_WEB2PY; + + token.len_min[0] = 6; + token.len_max[0] = 6; + token.sep[0] = '('; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + // skip the rest + token.sep[1] = '$'; + token.len_min[1] = 2; + token.len_max[1] = 280; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH ; + + token.sep[2] = '$'; + token.len_min[2] = SALT_MIN; + token.len_max[2] = SALT_MAX; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH ; + + token.len_min[3] = 16; + token.len_max[3] = 256; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // iteration count + + const u8 *iter_pos = token.buf[0] + 7; + + u8* trail; + + const u32 iter = hc_strtoul ((const char *) iter_pos, (char**) &trail, 10); + + salt->salt_iter = iter - 1; + + pbkdf2_sha512->salt_iter = salt->salt_iter; + + // match "20,sha512" for next bit after the iterator + if (strncmp((const char*) trail+1,SIGNATURE_WEB2PY_PARAMS,10)!=0) + { + return (PARSER_SIGNATURE_UNMATCHED); + } + + // salt + + const u8 *salt_pos = token.buf[2]; + const int salt_len = token.len[2]; + + memcpy (pbkdf2_sha512->salt_buf, salt_pos, salt_len); + + pbkdf2_sha512->salt_len=salt_len; + + salt->salt_len = salt_len; + + salt->salt_buf[0] = pbkdf2_sha512->salt_buf[0]; + salt->salt_buf[1] = pbkdf2_sha512->salt_buf[1]; + salt->salt_buf[2] = pbkdf2_sha512->salt_buf[2]; + salt->salt_buf[3] = pbkdf2_sha512->salt_buf[3]; + salt->salt_buf[4] = pbkdf2_sha512->salt_buf[4]; + salt->salt_buf[5] = pbkdf2_sha512->salt_buf[5]; + salt->salt_buf[6] = pbkdf2_sha512->salt_buf[6]; + salt->salt_buf[7] = pbkdf2_sha512->salt_buf[7]; + + // hash + + const u8 *hash_pos = token.buf[3]; + const int hash_len = token.len[3]; + + digest[0] = hex_to_u64 (hash_pos + 0); + digest[1] = hex_to_u64 (hash_pos + 16); + digest[2] = hex_to_u64 (hash_pos + 32); + digest[3] = hex_to_u64 (hash_pos + 48); + digest[4] = hex_to_u64 (hash_pos + 64); + digest[5] = hex_to_u64 (hash_pos + 80); + digest[6] = hex_to_u64 (hash_pos + 96); + digest[7] = hex_to_u64 (hash_pos + 112); + + digest[0] = byte_swap_64 (digest[0]); + digest[1] = byte_swap_64 (digest[1]); + digest[2] = byte_swap_64 (digest[2]); + digest[3] = byte_swap_64 (digest[3]); + digest[4] = byte_swap_64 (digest[4]); + digest[5] = byte_swap_64 (digest[5]); + digest[6] = byte_swap_64 (digest[6]); + digest[7] = byte_swap_64 (digest[7]); + + memcpy (pbkdf2_sha512->hash_buf, hash_pos, hash_len); + + pbkdf2_sha512->hash_len=hash_len; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + + pbkdf2_sha512_t *pbkdf2_sha512 = (pbkdf2_sha512_t *) esalt_buf; + + int line_len = snprintf(line_buf, line_size, "pbkdf2(%d,20,sha512)$", pbkdf2_sha512->salt_iter+1); + + u8 *salt_pos = (u8*) pbkdf2_sha512->salt_buf; + + for (u32 i = 0; i < pbkdf2_sha512->salt_len; i++) + { + line_len += snprintf (line_buf + line_len, line_size, "%c", *salt_pos++); + } + + line_len += snprintf (line_buf + line_len, line_size, "$"); + + u8 *hash_pos = (u8*) pbkdf2_sha512->hash_buf; + + for (u32 i = 0; i < pbkdf2_sha512->hash_len; i++) + { + line_len += snprintf (line_buf + line_len, line_size - line_len, "%c", *hash_pos++); + } + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} From d4ec5161fed6cb84888fed39983c67a3b1270e4a Mon Sep 17 00:00:00 2001 From: Jamie R Date: Sun, 24 Nov 2019 15:00:13 +0000 Subject: [PATCH 058/300] add web2py pbkdf2-hmac-sha512 variant --- tools/test_modules/m21600.pm | 70 ++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 tools/test_modules/m21600.pm diff --git a/tools/test_modules/m21600.pm b/tools/test_modules/m21600.pm new file mode 100644 index 000000000..0a805e97d --- /dev/null +++ b/tools/test_modules/m21600.pm @@ -0,0 +1,70 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use MIME::Base64 qw (encode_base64 decode_base64); +use Crypt::PBKDF2; + +sub module_constraints { [[0, 256], [1, 15], [-1, -1], [-1, -1], [-1, -1]] } + +#pbkdf2(1000,20,sha512)$a2a2ca127df6bc19$77bb5a3d129e2ce710daaefeefef8356c4c827ff"; + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $iterations = shift // 1000; + my $out_len = shift // 16; + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512), + iterations => $iterations, + output_len => $out_len + ); + + my $digest = $pbkdf2->PBKDF2 ($salt, $word); + my $digest_hex = unpack "H*", $digest; + + my $hash = sprintf ('pbkdf2(%i,20,sha512)$%s$%s', $iterations, $salt, $digest_hex); + + return $hash; +} + +#pbkdf2(1000,20,sha512)$a2a2ca127df6bc19$77bb5a3d129e2ce710daaefeefef8356c4c827ff"; + +sub module_verify_hash +{ + my $line = shift; + + my ($digest, $word) = split (/:([^:]+)$/, $line); + + return unless defined $digest; + return unless defined $word; + + my ($intro, $salt, $hash_encoded) = split ('$', $digest); + my ($signature, $iterations, $len, $prf) = split (m/[\(\),]/, $digest); + + return unless ($signature eq 'pbkdf2'); + return unless ($prf eq 'sha512'); + return unless defined $iterations; + return unless defined $hash_encoded; + + my $hash = pack 'H*',$hash_encoded; + + my $out_len = length ($hash); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt, $iterations, $out_len); + + return ($new_hash, $word); +} + +1; From 2884bded320271d2ba681c004a5175b947a3e274 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 26 Nov 2019 10:55:57 +0100 Subject: [PATCH 059/300] Initialize some variable to make scan-build happy --- src/backend.c | 2 ++ src/hashes.c | 2 +- src/selftest.c | 3 ++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/backend.c b/src/backend.c index 4970412e1..1cc3af167 100644 --- a/src/backend.c +++ b/src/backend.c @@ -3394,6 +3394,8 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con } } + if (kernel_threads == 0) kernel_threads = 1; + num_elements = CEILDIV (num_elements, kernel_threads); if ((hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) && (user_options->attack_mode == ATTACK_MODE_BF)) diff --git a/src/hashes.c b/src/hashes.c index 159ae47ac..51abdb6c2 100644 --- a/src/hashes.c +++ b/src/hashes.c @@ -470,7 +470,7 @@ int check_cracked (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, salt_t *salt_buf = &hashes->salts_buf[salt_pos]; - u32 num_cracked; + u32 num_cracked = 0; int CU_rc; int CL_rc; diff --git a/src/selftest.c b/src/selftest.c index 9e9e40f8e..84eb88542 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -569,7 +569,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param // check : check if cracked - u32 num_cracked; + u32 num_cracked = 0; if (device_param->is_cuda == true) { @@ -677,6 +677,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param if (num_cracked == 0) { hc_thread_mutex_lock (status_ctx->mux_display); + if (device_param->is_opencl == true) { event_log_error (hashcat_ctx, "* Device #%u: ATTENTION! OpenCL kernel self-test failed.", device_param->device_id + 1); From d9a92afecceaf8cf477f7a1aeb51963f8cf21629 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 26 Nov 2019 11:26:56 +0100 Subject: [PATCH 060/300] Change out-of-boundary fix in order to re-enable password length 256 with rules in pure kernel mode --- OpenCL/inc_rp.cl | 2 +- OpenCL/inc_rp_optimized.cl | 2 +- src/slow_candidates.c | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/OpenCL/inc_rp.cl b/OpenCL/inc_rp.cl index 7cf9d0278..80abaf1ee 100644 --- a/OpenCL/inc_rp.cl +++ b/OpenCL/inc_rp.cl @@ -770,7 +770,7 @@ DECLSPEC int apply_rules (CONSTANT_AS const u32 *cmds, u32 *buf, const int in_le const u8 p1 = (cmd >> 16) & 0xff; // we need to guarantee input length < 256 otherwise functions like rule_op_mangle_switch_last() and others will read out of boundary - out_len = apply_rule (name, p0, p1, buf, out_len & 255); + out_len = apply_rule (name, p0, p1, buf, out_len); } return out_len; diff --git a/OpenCL/inc_rp_optimized.cl b/OpenCL/inc_rp_optimized.cl index e0ae0b515..36ee6263b 100644 --- a/OpenCL/inc_rp_optimized.cl +++ b/OpenCL/inc_rp_optimized.cl @@ -2350,7 +2350,7 @@ DECLSPEC u32 apply_rules_optimized (CONSTANT_AS const u32 *cmds, u32 *buf0, u32 const u32 p1 = (cmd >> 16) & 0xff; // we need to guarantee input length < 32 otherwise functions like rule_op_mangle_switch_last() and others will read out of boundary - out_len = apply_rule_optimized (name, p0, p1, buf0, buf1, out_len & 31); + out_len = apply_rule_optimized (name, p0, p1, buf0, buf1, out_len); } return out_len; diff --git a/src/slow_candidates.c b/src/slow_candidates.c index 1f067f889..45af658e8 100644 --- a/src/slow_candidates.c +++ b/src/slow_candidates.c @@ -218,10 +218,14 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info) if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) { + extra_info_straight->out_len = MIN (extra_info_straight->out_len, 31); // max length supported by apply_rules_optimized() + extra_info_straight->out_len = apply_rules_optimized (straight_ctx->kernel_rules_buf[extra_info_straight->rule_pos].cmds, &out_ptr[0], &out_ptr[4], extra_info_straight->out_len); } else { + extra_info_straight->out_len = MIN (extra_info_straight->out_len, 256); // max length supported by apply_rules() + extra_info_straight->out_len = apply_rules (straight_ctx->kernel_rules_buf[extra_info_straight->rule_pos].cmds, out_ptr, extra_info_straight->out_len); } From a63aa679d33f490987412672e8a1f508c40d79c9 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 26 Nov 2019 17:16:18 +0100 Subject: [PATCH 061/300] Few changes to -m 21600 and move -m 124 and -m 10000 to pure Framework category --- OpenCL/m21600-pure.cl | 22 ++--- docs/changes.txt | 2 +- docs/credits.txt | 2 +- docs/readme.txt | 6 +- include/types.h | 3 +- src/modules/module_00124.c | 2 +- src/modules/module_10000.c | 2 +- src/modules/module_21600.c | 174 +++++++++++++------------------------ src/shared.c | 2 +- 9 files changed, 76 insertions(+), 139 deletions(-) diff --git a/OpenCL/m21600-pure.cl b/OpenCL/m21600-pure.cl index ad4fe7f9c..72da070f6 100644 --- a/OpenCL/m21600-pure.cl +++ b/OpenCL/m21600-pure.cl @@ -17,7 +17,7 @@ #define COMPARE_S "inc_comp_single.cl" #define COMPARE_M "inc_comp_multi.cl" -typedef struct pbkdf2_sha512_tmp +typedef struct web2py_sha512_tmp { u64 ipad[8]; u64 opad[8]; @@ -25,17 +25,7 @@ typedef struct pbkdf2_sha512_tmp u64 dgst[16]; u64 out[16]; -} pbkdf2_sha512_tmp_t; - -typedef struct pbkdf2_sha512 -{ - u32 salt_buf[64]; - u32 hash_buf[64]; - u32 salt_iter; - u32 salt_len; - u32 hash_len; - -} pbkdf2_sha512_t; +} web2py_sha512_tmp_t; DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w4, u32x *w5, u32x *w6, u32x *w7, u64x *ipad, u64x *opad, u64x *digest) { @@ -95,7 +85,7 @@ DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest); } -KERNEL_FQ void m21600_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha512_tmp_t, pbkdf2_sha512_t)) +KERNEL_FQ void m21600_init (KERN_ATTR_TMPS (web2py_sha512_tmp_t)) { /** * base @@ -127,7 +117,7 @@ KERNEL_FQ void m21600_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha512_tmp_t, pbkdf2_sh tmps[gid].opad[6] = sha512_hmac_ctx.opad.h[6]; tmps[gid].opad[7] = sha512_hmac_ctx.opad.h[7]; - sha512_hmac_update_global_swap (&sha512_hmac_ctx, esalt_bufs[digests_offset].salt_buf, salt_bufs[salt_pos].salt_len); + sha512_hmac_update_global_swap (&sha512_hmac_ctx, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); for (u32 i = 0, j = 1; i < 8; i += 8, j += 1) { @@ -199,7 +189,7 @@ KERNEL_FQ void m21600_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha512_tmp_t, pbkdf2_sh } } -KERNEL_FQ void m21600_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha512_tmp_t, pbkdf2_sha512_t)) +KERNEL_FQ void m21600_loop (KERN_ATTR_TMPS (web2py_sha512_tmp_t)) { const u64 gid = get_global_id (0); @@ -325,7 +315,7 @@ KERNEL_FQ void m21600_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha512_tmp_t, pbkdf2_sh } } -KERNEL_FQ void m21600_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha512_tmp_t, pbkdf2_sha512_t)) +KERNEL_FQ void m21600_comp (KERN_ATTR_TMPS (web2py_sha512_tmp_t)) { /** * base diff --git a/docs/changes.txt b/docs/changes.txt index a0b48234d..66596c268 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -54,7 +54,7 @@ - Added hash-mode: sha256(md5($pass)) - Added hash-mode: sha256(sha256_bin(pass)) - Added hash-mode: sha256(sha256($pass).$salt) -- Added hash-mode: pbkdf2(iter,20,sha512) (web2py variant) +- Added hash-mode: Web2py pbkdf2-sha512 ## ## Bugs diff --git a/docs/credits.txt b/docs/credits.txt index 4802d4024..71ad760fa 100644 --- a/docs/credits.txt +++ b/docs/credits.txt @@ -79,6 +79,6 @@ Brandon Chalk (@brandoncasaba) * Kerberos Pre-Auth 17/18 kernel module, ported from @Fist0urs TGS kernel modules Jamie Riden -* module_21600.c - web2py pbkdf2 variant +* Web2py pbkdf2-sha512 plugin !!! All the package maintainer of hashcat !!! diff --git a/docs/readme.txt b/docs/readme.txt index a9027bea1..f1fdeb7e2 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -133,7 +133,6 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - PBKDF2-HMAC-SHA1 - PBKDF2-HMAC-SHA256 - PBKDF2-HMAC-SHA512 -- web2py variant of PBKDF2-HMAC-SHA512 - scrypt - phpass - Ansible Vault @@ -305,8 +304,6 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - SMF (Simple Machines Forum) > v1.1 - MediaWiki B type - Redmine -- Django (PBKDF2-SHA256) -- Django (SHA-1) - Joomla < 2.5.18 - OpenCart - PrestaShop @@ -315,6 +312,9 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - osCommerce, xt:Commerce - PunBB - MyBB 1.2+, IPB2+ (Invision Power Board) +- Django (PBKDF2-SHA256) +- Django (SHA-1) +- Web2py pbkdf2-sha512 - TOTP (HMAC-SHA1) ## diff --git a/include/types.h b/include/types.h index 66071088a..8b4901b64 100644 --- a/include/types.h +++ b/include/types.h @@ -431,7 +431,7 @@ typedef enum opts_type typedef enum dgst_size { DGST_SIZE_4_2 = (2 * sizeof (u32)), // 8 - DGST_SIZE_4_4 = (4 * sizeof (u32)), // 16 + DGST_SIZE_4_4 = (4 * sizeof (u32)), // 16 !!! DGST_SIZE_4_5 = (5 * sizeof (u32)), // 20 DGST_SIZE_4_6 = (6 * sizeof (u32)), // 24 DGST_SIZE_4_7 = (7 * sizeof (u32)), // 28 @@ -439,6 +439,7 @@ typedef enum dgst_size DGST_SIZE_4_16 = (16 * sizeof (u32)), // 64 !!! DGST_SIZE_4_32 = (32 * sizeof (u32)), // 128 !!! DGST_SIZE_4_64 = (64 * sizeof (u32)), // 256 + DGST_SIZE_8_2 = (2 * sizeof (u64)), // 16 !!! DGST_SIZE_8_8 = (8 * sizeof (u64)), // 64 !!! DGST_SIZE_8_16 = (16 * sizeof (u64)), // 128 !!! DGST_SIZE_8_25 = (25 * sizeof (u64)) // 200 diff --git a/src/modules/module_00124.c b/src/modules/module_00124.c index aadcd4d27..8587d8ca8 100644 --- a/src/modules/module_00124.c +++ b/src/modules/module_00124.c @@ -16,7 +16,7 @@ static const u32 DGST_POS1 = 4; static const u32 DGST_POS2 = 2; static const u32 DGST_POS3 = 1; static const u32 DGST_SIZE = DGST_SIZE_4_5; -static const u32 HASH_CATEGORY = HASH_CATEGORY_FORUM_SOFTWARE; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FRAMEWORK; static const char *HASH_NAME = "Django (SHA-1)"; static const u64 KERN_TYPE = 120; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE diff --git a/src/modules/module_10000.c b/src/modules/module_10000.c index 8878b3ffe..dff0015e2 100644 --- a/src/modules/module_10000.c +++ b/src/modules/module_10000.c @@ -16,7 +16,7 @@ static const u32 DGST_POS1 = 1; static const u32 DGST_POS2 = 2; static const u32 DGST_POS3 = 3; static const u32 DGST_SIZE = DGST_SIZE_4_32; -static const u32 HASH_CATEGORY = HASH_CATEGORY_FORUM_SOFTWARE; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FRAMEWORK; static const char *HASH_NAME = "Django (PBKDF2-SHA256)"; static const u64 KERN_TYPE = 10900; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE diff --git a/src/modules/module_21600.c b/src/modules/module_21600.c index e42f5f186..27d0a11aa 100644 --- a/src/modules/module_21600.c +++ b/src/modules/module_21600.c @@ -15,17 +15,17 @@ static const u32 DGST_POS0 = 0; static const u32 DGST_POS1 = 1; static const u32 DGST_POS2 = 2; static const u32 DGST_POS3 = 3; -static const u32 DGST_SIZE = DGST_SIZE_8_16; +static const u32 DGST_SIZE = DGST_SIZE_8_2; static const u32 HASH_CATEGORY = HASH_CATEGORY_FRAMEWORK; -static const char *HASH_NAME = "web2py PBKDF2-HMAC-SHA512"; +static const char *HASH_NAME = "Web2py pbkdf2-sha512"; static const u64 KERN_TYPE = 21600; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_USES_BITS_64 - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP ; -static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE ; + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; -static const char *ST_PASS = "mysecret"; -static const char *ST_HASH = "pbkdf2(1000,20,sha512)$a2a2ca127df6bc19$77bb5a3d129e2ce710daaefeefef8356c4c827ff"; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "pbkdf2(1000,20,sha512)$29$6899d434e831b6332b415019ba9b893f"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } @@ -42,20 +42,10 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -static const char *SIGNATURE_WEB2PY = "pbkdf2"; -static const char *SIGNATURE_WEB2PY_PARAMS = "20,sha512)"; +static const char *SIGNATURE_WEB2PY_START = "pbkdf2"; +static const char *SIGNATURE_WEB2PY_STOP = "20,sha512)"; -typedef struct pbkdf2_sha512 -{ - u32 salt_buf[64]; - u32 hash_buf[64]; - u32 salt_iter; - u32 salt_len; - u32 hash_len; - -} pbkdf2_sha512_t; - -typedef struct pbkdf2_sha512_tmp +typedef struct web2py_sha512_tmp { u64 ipad[8]; u64 opad[8]; @@ -63,18 +53,11 @@ typedef struct pbkdf2_sha512_tmp u64 dgst[16]; u64 out[16]; -} pbkdf2_sha512_tmp_t; - -u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u64 esalt_size = (const u64) sizeof (pbkdf2_sha512_t); - - return esalt_size; -} +} web2py_sha512_tmp_t; u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u64 tmp_size = (const u64) sizeof (pbkdf2_sha512_tmp_t); + const u64 tmp_size = (const u64) sizeof (web2py_sha512_tmp_t); return tmp_size; } @@ -105,133 +88,96 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE { u64 *digest = (u64 *) digest_buf; - pbkdf2_sha512_t *pbkdf2_sha512 = (pbkdf2_sha512_t *) esalt_buf; - token_t token; - token.token_cnt = 4; + token.token_cnt = 5; - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_WEB2PY; + token.signatures_cnt = 2; + token.signatures_buf[0] = SIGNATURE_WEB2PY_START; + token.signatures_buf[1] = SIGNATURE_WEB2PY_STOP; + token.sep[0] = '('; token.len_min[0] = 6; token.len_max[0] = 6; - token.sep[0] = '('; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; - // skip the rest - token.sep[1] = '$'; - token.len_min[1] = 2; - token.len_max[1] = 280; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH ; + token.sep[1] = ','; + token.len_min[1] = 1; + token.len_max[1] = 8; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; token.sep[2] = '$'; - token.len_min[2] = SALT_MIN; - token.len_max[2] = SALT_MAX; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH ; + token.len_min[2] = 10; + token.len_max[2] = 10; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; - token.len_min[3] = 16; - token.len_max[3] = 256; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_HEX; + token.sep[3] = '$'; + token.len_min[3] = SALT_MIN; + token.len_max[3] = SALT_MAX; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[4] = 32; + token.len_max[4] = 32; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - // iteration count - - const u8 *iter_pos = token.buf[0] + 7; - - u8* trail; - - const u32 iter = hc_strtoul ((const char *) iter_pos, (char**) &trail, 10); - - salt->salt_iter = iter - 1; - - pbkdf2_sha512->salt_iter = salt->salt_iter; - - // match "20,sha512" for next bit after the iterator - if (strncmp((const char*) trail+1,SIGNATURE_WEB2PY_PARAMS,10)!=0) - { - return (PARSER_SIGNATURE_UNMATCHED); - } - // salt - const u8 *salt_pos = token.buf[2]; - const int salt_len = token.len[2]; + const u8 *salt_pos = token.buf[3]; + const int salt_len = token.len[3]; - memcpy (pbkdf2_sha512->salt_buf, salt_pos, salt_len); + const bool parse_rc = generic_salt_decode (hashconfig, salt_pos, salt_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len); - pbkdf2_sha512->salt_len=salt_len; + if (parse_rc == false) return (PARSER_SALT_LENGTH); - salt->salt_len = salt_len; - - salt->salt_buf[0] = pbkdf2_sha512->salt_buf[0]; - salt->salt_buf[1] = pbkdf2_sha512->salt_buf[1]; - salt->salt_buf[2] = pbkdf2_sha512->salt_buf[2]; - salt->salt_buf[3] = pbkdf2_sha512->salt_buf[3]; - salt->salt_buf[4] = pbkdf2_sha512->salt_buf[4]; - salt->salt_buf[5] = pbkdf2_sha512->salt_buf[5]; - salt->salt_buf[6] = pbkdf2_sha512->salt_buf[6]; - salt->salt_buf[7] = pbkdf2_sha512->salt_buf[7]; + salt->salt_iter = hc_strtoul ((const char *) token.buf[1], NULL, 10) - 1; // hash - const u8 *hash_pos = token.buf[3]; - const int hash_len = token.len[3]; + const u8 *hash_pos = token.buf[4]; - digest[0] = hex_to_u64 (hash_pos + 0); - digest[1] = hex_to_u64 (hash_pos + 16); - digest[2] = hex_to_u64 (hash_pos + 32); - digest[3] = hex_to_u64 (hash_pos + 48); - digest[4] = hex_to_u64 (hash_pos + 64); - digest[5] = hex_to_u64 (hash_pos + 80); - digest[6] = hex_to_u64 (hash_pos + 96); - digest[7] = hex_to_u64 (hash_pos + 112); + digest[0] = hex_to_u64 (hash_pos + 0); + digest[1] = hex_to_u64 (hash_pos + 16); digest[0] = byte_swap_64 (digest[0]); digest[1] = byte_swap_64 (digest[1]); - digest[2] = byte_swap_64 (digest[2]); - digest[3] = byte_swap_64 (digest[3]); - digest[4] = byte_swap_64 (digest[4]); - digest[5] = byte_swap_64 (digest[5]); - digest[6] = byte_swap_64 (digest[6]); - digest[7] = byte_swap_64 (digest[7]); - - memcpy (pbkdf2_sha512->hash_buf, hash_pos, hash_len); - - pbkdf2_sha512->hash_len=hash_len; return (PARSER_OK); } int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) { + const u64 *digest = (const u64 *) digest_buf; - pbkdf2_sha512_t *pbkdf2_sha512 = (pbkdf2_sha512_t *) esalt_buf; + u8 *out_buf = (u8 *) line_buf; - int line_len = snprintf(line_buf, line_size, "pbkdf2(%d,20,sha512)$", pbkdf2_sha512->salt_iter+1); + int out_len = snprintf ((char *) out_buf, line_size, "%s(%d,%s$", SIGNATURE_WEB2PY_START, salt->salt_iter + 1, SIGNATURE_WEB2PY_STOP); - u8 *salt_pos = (u8*) pbkdf2_sha512->salt_buf; + out_len += generic_salt_encode (hashconfig, (const u8 *) salt->salt_buf, (const int) salt->salt_len, out_buf + out_len); - for (u32 i = 0; i < pbkdf2_sha512->salt_len; i++) - { - line_len += snprintf (line_buf + line_len, line_size, "%c", *salt_pos++); - } + out_buf[out_len] = '$'; - line_len += snprintf (line_buf + line_len, line_size, "$"); + out_len += 1; - u8 *hash_pos = (u8*) pbkdf2_sha512->hash_buf; - - for (u32 i = 0; i < pbkdf2_sha512->hash_len; i++) - { - line_len += snprintf (line_buf + line_len, line_size - line_len, "%c", *hash_pos++); - } + u64 tmp[2]; - return line_len; + tmp[0] = digest[0]; + tmp[1] = digest[1]; + + tmp[0] = byte_swap_64 (tmp[0]); + tmp[1] = byte_swap_64 (tmp[1]); + + u64_to_hex (tmp[0], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[1], out_buf + out_len); out_len += 16; + + return out_len; } void module_init (module_ctx_t *module_ctx) @@ -252,7 +198,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_dgst_pos3 = module_dgst_pos3; module_ctx->module_dgst_size = module_dgst_size; module_ctx->module_dictstat_disable = MODULE_DEFAULT; - module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_esalt_size = MODULE_DEFAULT; module_ctx->module_extra_buffer_size = MODULE_DEFAULT; module_ctx->module_extra_tmp_size = MODULE_DEFAULT; module_ctx->module_forced_outfile_format = MODULE_DEFAULT; diff --git a/src/shared.c b/src/shared.c index 504cbd3dd..0cb1323d3 100644 --- a/src/shared.c +++ b/src/shared.c @@ -83,7 +83,7 @@ static const char *HASH_CATEGORY_RAW_HASH_AUTHENTICATED_STR = "Raw Hash, Authent static const char *HASH_CATEGORY_RAW_CIPHER_KPA_STR = "Raw Cipher, Known-Plaintext attack"; static const char *HASH_CATEGORY_GENERIC_KDF_STR = "Generic KDF"; static const char *HASH_CATEGORY_NETWORK_PROTOCOL_STR = "Network Protocols"; -static const char *HASH_CATEGORY_FORUM_SOFTWARE_STR = "Forums, CMS, E-Commerce, Frameworks"; +static const char *HASH_CATEGORY_FORUM_SOFTWARE_STR = "Forums, CMS, E-Commerce"; static const char *HASH_CATEGORY_DATABASE_SERVER_STR = "Database Server"; static const char *HASH_CATEGORY_NETWORK_SERVER_STR = "FTP, HTTP, SMTP, LDAP Server"; static const char *HASH_CATEGORY_RAW_CHECKSUM_STR = "Raw Checksum"; From 86d3f9e9c7b5e1210956c8f362372808110de00a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 27 Nov 2019 09:03:17 +0100 Subject: [PATCH 062/300] Fix -m 21600 default hash length --- OpenCL/m21600-pure.cl | 4 ++-- src/modules/module_21600.c | 25 +++++-------------------- tools/test_modules/m21600.pm | 2 +- 3 files changed, 8 insertions(+), 23 deletions(-) diff --git a/OpenCL/m21600-pure.cl b/OpenCL/m21600-pure.cl index 72da070f6..670e31b57 100644 --- a/OpenCL/m21600-pure.cl +++ b/OpenCL/m21600-pure.cl @@ -327,8 +327,8 @@ KERNEL_FQ void m21600_comp (KERN_ATTR_TMPS (web2py_sha512_tmp_t)) const u64 lid = get_local_id (0); - const u64 a = tmps[gid].out[0]; - const u64 b = tmps[gid].out[1]; + const u64 a = hc_swap64_S (tmps[gid].out[0]); + const u64 b = hc_swap64_S (tmps[gid].out[1]); const u32 r0 = l32_from_64_S (a); const u32 r1 = h32_from_64_S (a); diff --git a/src/modules/module_21600.c b/src/modules/module_21600.c index 27d0a11aa..09d8f64e7 100644 --- a/src/modules/module_21600.c +++ b/src/modules/module_21600.c @@ -25,7 +25,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; -static const char *ST_HASH = "pbkdf2(1000,20,sha512)$29$6899d434e831b6332b415019ba9b893f"; +static const char *ST_HASH = "pbkdf2(1000,20,sha512)$744943$c5f8cdef76e3327c908d8d96d4abdb3d8caba14c"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } @@ -119,8 +119,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.len_max[3] = SALT_MAX; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH; - token.len_min[4] = 32; - token.len_max[4] = 32; + token.len_min[4] = 40; + token.len_max[4] = 40; token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; @@ -141,13 +141,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // hash - const u8 *hash_pos = token.buf[4]; - - digest[0] = hex_to_u64 (hash_pos + 0); - digest[1] = hex_to_u64 (hash_pos + 16); - - digest[0] = byte_swap_64 (digest[0]); - digest[1] = byte_swap_64 (digest[1]); + hex_decode ((const u8 *) token.buf[4], 40, (u8 *) digest); return (PARSER_OK); } @@ -166,16 +160,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE out_len += 1; - u64 tmp[2]; - - tmp[0] = digest[0]; - tmp[1] = digest[1]; - - tmp[0] = byte_swap_64 (tmp[0]); - tmp[1] = byte_swap_64 (tmp[1]); - - u64_to_hex (tmp[0], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[1], out_buf + out_len); out_len += 16; + out_len += hex_encode ((const u8 *) digest, 20, (u8 *) out_buf + out_len); return out_len; } diff --git a/tools/test_modules/m21600.pm b/tools/test_modules/m21600.pm index 0a805e97d..03f480059 100644 --- a/tools/test_modules/m21600.pm +++ b/tools/test_modules/m21600.pm @@ -20,7 +20,7 @@ sub module_generate_hash my $word = shift; my $salt = shift; my $iterations = shift // 1000; - my $out_len = shift // 16; + my $out_len = shift // 20; my $pbkdf2 = Crypt::PBKDF2->new ( From d18ff6fa3d5b903e1aa4c6ece93bd57f9239b80c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 27 Nov 2019 09:07:47 +0100 Subject: [PATCH 063/300] Fix -m 21600 DGST_SIZE --- src/modules/module_21600.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_21600.c b/src/modules/module_21600.c index 09d8f64e7..4a0e5445c 100644 --- a/src/modules/module_21600.c +++ b/src/modules/module_21600.c @@ -15,7 +15,7 @@ static const u32 DGST_POS0 = 0; static const u32 DGST_POS1 = 1; static const u32 DGST_POS2 = 2; static const u32 DGST_POS3 = 3; -static const u32 DGST_SIZE = DGST_SIZE_8_2; +static const u32 DGST_SIZE = DGST_SIZE_8_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_FRAMEWORK; static const char *HASH_NAME = "Web2py pbkdf2-sha512"; static const u64 KERN_TYPE = 21600; From 48f60cc0f5e4143649bab20e7a6be330538fa845 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 27 Nov 2019 09:40:47 +0100 Subject: [PATCH 064/300] Get rid of cast-function-type warnings on newer GCC --- src/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Makefile b/src/Makefile index 77deb6640..6520f928c 100644 --- a/src/Makefile +++ b/src/Makefile @@ -179,6 +179,7 @@ ifeq ($(PRODUCTION),0) CFLAGS += -W CFLAGS += -Wall CFLAGS += -Wextra +CFLAGS += -Wno-cast-function-type endif ## because LZMA SDK From bfd95d42f6f0bf2e8dd765d2a424e60bff8c6e17 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 27 Nov 2019 10:28:12 +0100 Subject: [PATCH 065/300] - OpenCL Runtime: Reenabled support for Intel GPU OpenCL runtime --- docs/changes.txt | 1 + src/backend.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/docs/changes.txt b/docs/changes.txt index 66596c268..7e578881f 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -97,6 +97,7 @@ - OpenCL Runtime: Do not run a shared- and constant-memory size check if their memory type is of type global memory (typically CPU) - OpenCL Runtime: Improve ROCM detection and make sure to not confuse with recent AMDGPU drivers - OpenCL Runtime: Not using amd_bytealign (amd_bitalign is fine) on AMDGPU driver drastically reduces JiT segfaults +- OpenCL Runtime: Reenabled support for Intel GPU OpenCL runtime - OpenCL Runtime: Unlocked maximum thread count - OpenCL Runtime: Update unstable mode warnings for Apple and AMDGPU drivers - OpenCL Runtime: Workaround JiT compiler error on AMDGPU driver compiling WPA-EAPOL-PBKDF2 OpenCL kernel diff --git a/src/backend.c b/src/backend.c index 1cc3af167..c205ae7d0 100644 --- a/src/backend.c +++ b/src/backend.c @@ -5796,7 +5796,12 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) // CL_INVALID_COMMAND_QUEUE and CL_OUT_OF_RESOURCES // Turns out that this is caused by Intel OpenCL runtime handling their GPU devices // Disable such devices unless the user forces to use it + // This is successfully workaround with new threading model and new memory management + // Tested on Windows 10 + // OpenCL.Version.: OpenCL C 2.1 + // Driver.Version.: 23.20.16.4973 + /* #if !defined (__APPLE__) if (opencl_device_type & CL_DEVICE_TYPE_GPU) { @@ -5813,6 +5818,7 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) } } #endif // __APPLE__ + */ // skipped From 9a2c4e341782e347e5b3ebb0bb81b712593aafbd Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 28 Nov 2019 12:21:36 +0100 Subject: [PATCH 066/300] Fix invalid use of TOKEN_ATTR_VERIFY_DIGIT in -m 15500 --- src/modules/module_15500.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_15500.c b/src/modules/module_15500.c index 3c76749ec..6e714bce3 100644 --- a/src/modules/module_15500.c +++ b/src/modules/module_15500.c @@ -121,7 +121,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.len_min[4] = 2; token.len_max[4] = 2; token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_DIGIT; + | TOKEN_ATTR_VERIFY_HEX; token.sep[5] = '*'; token.len_min[5] = 28; From 6d02983f8b2348e28874c30378d907c7766aaa0d Mon Sep 17 00:00:00 2001 From: Paul Date: Fri, 29 Nov 2019 08:10:26 +0100 Subject: [PATCH 067/300] Small optimization for sha1_transform, sha1,transform_vector. --- OpenCL/inc_hash_sha1.cl | 512 +++++++++++++++++++++++++--------------- 1 file changed, 320 insertions(+), 192 deletions(-) diff --git a/OpenCL/inc_hash_sha1.cl b/OpenCL/inc_hash_sha1.cl index 6ec45c6ba..0166bcad5 100644 --- a/OpenCL/inc_hash_sha1.cl +++ b/OpenCL/inc_hash_sha1.cl @@ -22,117 +22,181 @@ DECLSPEC void sha1_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 d = digest[3]; u32 e = digest[4]; - u32 w0_t = w0[0]; - u32 w1_t = w0[1]; - u32 w2_t = w0[2]; - u32 w3_t = w0[3]; - u32 w4_t = w1[0]; - u32 w5_t = w1[1]; - u32 w6_t = w1[2]; - u32 w7_t = w1[3]; - u32 w8_t = w2[0]; - u32 w9_t = w2[1]; - u32 wa_t = w2[2]; - u32 wb_t = w2[3]; - u32 wc_t = w3[0]; - u32 wd_t = w3[1]; - u32 we_t = w3[2]; - u32 wf_t = w3[3]; + u32 w00_t = w0[0]; + u32 w01_t = w0[1]; + u32 w02_t = w0[2]; + u32 w03_t = w0[3]; + u32 w04_t = w1[0]; + u32 w05_t = w1[1]; + u32 w06_t = w1[2]; + u32 w07_t = w1[3]; + u32 w08_t = w2[0]; + u32 w09_t = w2[1]; + u32 w0a_t = w2[2]; + u32 w0b_t = w2[3]; + u32 w0c_t = w3[0]; + u32 w0d_t = w3[1]; + u32 w0e_t = w3[2]; + u32 w0f_t = w3[3]; + u32 w10_t; + u32 w11_t; + u32 w12_t; + u32 w13_t; + u32 w14_t; + u32 w15_t; + u32 w16_t; + u32 w17_t; + u32 w18_t; + u32 w19_t; + u32 w1a_t; + u32 w1b_t; + u32 w1c_t; + u32 w1d_t; + u32 w1e_t; + u32 w1f_t; + u32 w20_t; + u32 w21_t; + u32 w22_t; + u32 w23_t; + u32 w24_t; + u32 w25_t; + u32 w26_t; + u32 w27_t; + u32 w28_t; + u32 w29_t; + u32 w2a_t; + u32 w2b_t; + u32 w2c_t; + u32 w2d_t; + u32 w2e_t; + u32 w2f_t; + u32 w30_t; + u32 w31_t; + u32 w32_t; + u32 w33_t; + u32 w34_t; + u32 w35_t; + u32 w36_t; + u32 w37_t; + u32 w38_t; + u32 w39_t; + u32 w3a_t; + u32 w3b_t; + u32 w3c_t; + u32 w3d_t; + u32 w3e_t; + u32 w3f_t; + u32 w40_t; + u32 w41_t; + u32 w42_t; + u32 w43_t; + u32 w44_t; + u32 w45_t; + u32 w46_t; + u32 w47_t; + u32 w48_t; + u32 w49_t; + u32 w4a_t; + u32 w4b_t; + u32 w4c_t; + u32 w4d_t; + u32 w4e_t; + u32 w4f_t; #define K SHA1C00 - SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w0_t); - SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w1_t); - SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w2_t); - SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w3_t); - SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w4_t); - SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w5_t); - SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w6_t); - SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w7_t); - SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w8_t); - SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w9_t); - SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, wa_t); - SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, wb_t); - SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, wc_t); - SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, wd_t); - SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, we_t); - SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, wf_t); - w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w0_t); - w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w1_t); - w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w2_t); - w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w3_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w00_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w01_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w02_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w03_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w04_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w05_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w06_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w07_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w08_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w09_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w0a_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w0b_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w0c_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w0d_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w0e_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w0f_t); + w10_t = hc_rotl32_S ((w0d_t ^ w08_t ^ w02_t ^ w00_t), 1u); SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w10_t); + w11_t = hc_rotl32_S ((w0e_t ^ w09_t ^ w03_t ^ w01_t), 1u); SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w11_t); + w12_t = hc_rotl32_S ((w0f_t ^ w0a_t ^ w04_t ^ w02_t), 1u); SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w12_t); + w13_t = hc_rotl32_S ((w10_t ^ w0b_t ^ w05_t ^ w03_t), 1u); SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w13_t); #undef K #define K SHA1C01 - w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w4_t); - w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w5_t); - w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w6_t); - w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w7_t); - w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w8_t); - w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w9_t); - wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wa_t); - wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, wb_t); - wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, wc_t); - wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wd_t); - we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, we_t); - wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wf_t); - w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w0_t); - w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w1_t); - w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w2_t); - w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w3_t); - w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w4_t); - w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w5_t); - w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w6_t); - w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w7_t); + w14_t = hc_rotl32_S ((w11_t ^ w0c_t ^ w06_t ^ w04_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w14_t); + w15_t = hc_rotl32_S ((w12_t ^ w0d_t ^ w07_t ^ w05_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w15_t); + w16_t = hc_rotl32_S ((w13_t ^ w0e_t ^ w08_t ^ w06_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w16_t); + w17_t = hc_rotl32_S ((w14_t ^ w0f_t ^ w09_t ^ w07_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w17_t); + w18_t = hc_rotl32_S ((w15_t ^ w10_t ^ w0a_t ^ w08_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w18_t); + w19_t = hc_rotl32_S ((w16_t ^ w11_t ^ w0b_t ^ w09_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w19_t); + w1a_t = hc_rotl32_S ((w17_t ^ w12_t ^ w0c_t ^ w0a_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w1a_t); + w1b_t = hc_rotl32_S ((w18_t ^ w13_t ^ w0d_t ^ w0b_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w1b_t); + w1c_t = hc_rotl32_S ((w19_t ^ w14_t ^ w0e_t ^ w0c_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w1c_t); + w1d_t = hc_rotl32_S ((w1a_t ^ w15_t ^ w0f_t ^ w0d_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w1d_t); + w1e_t = hc_rotl32_S ((w1b_t ^ w16_t ^ w10_t ^ w0e_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w1e_t); + w1f_t = hc_rotl32_S ((w1c_t ^ w17_t ^ w11_t ^ w0f_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w1f_t); + w20_t = hc_rotl32_S ((w1a_t ^ w10_t ^ w04_t ^ w00_t), 2u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w20_t); + w21_t = hc_rotl32_S ((w1b_t ^ w11_t ^ w05_t ^ w01_t), 2u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w21_t); + w22_t = hc_rotl32_S ((w1c_t ^ w12_t ^ w06_t ^ w02_t), 2u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w22_t); + w23_t = hc_rotl32_S ((w1d_t ^ w13_t ^ w07_t ^ w03_t), 2u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w23_t); + w24_t = hc_rotl32_S ((w1e_t ^ w14_t ^ w08_t ^ w04_t), 2u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w24_t); + w25_t = hc_rotl32_S ((w1f_t ^ w15_t ^ w09_t ^ w05_t), 2u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w25_t); + w26_t = hc_rotl32_S ((w20_t ^ w16_t ^ w0a_t ^ w06_t), 2u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w26_t); + w27_t = hc_rotl32_S ((w21_t ^ w17_t ^ w0b_t ^ w07_t), 2u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w27_t); #undef K #define K SHA1C02 - w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w8_t); - w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w9_t); - wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, wa_t); - wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, wb_t); - wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, wc_t); - wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, wd_t); - we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, we_t); - wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, wf_t); - w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w0_t); - w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w1_t); - w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w2_t); - w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w3_t); - w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w4_t); - w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w5_t); - w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w6_t); - w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w7_t); - w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w8_t); - w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w9_t); - wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, wa_t); - wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, wb_t); + w28_t = hc_rotl32_S ((w22_t ^ w18_t ^ w0c_t ^ w08_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w28_t); + w29_t = hc_rotl32_S ((w23_t ^ w19_t ^ w0d_t ^ w09_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w29_t); + w2a_t = hc_rotl32_S ((w24_t ^ w1a_t ^ w0e_t ^ w0a_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w2a_t); + w2b_t = hc_rotl32_S ((w25_t ^ w1b_t ^ w0f_t ^ w0b_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w2b_t); + w2c_t = hc_rotl32_S ((w26_t ^ w1c_t ^ w10_t ^ w0c_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w2c_t); + w2d_t = hc_rotl32_S ((w27_t ^ w1d_t ^ w11_t ^ w0d_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w2d_t); + w2e_t = hc_rotl32_S ((w28_t ^ w1e_t ^ w12_t ^ w0e_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w2e_t); + w2f_t = hc_rotl32_S ((w29_t ^ w1f_t ^ w13_t ^ w0f_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w2f_t); + w30_t = hc_rotl32_S ((w2a_t ^ w20_t ^ w14_t ^ w10_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w30_t); + w31_t = hc_rotl32_S ((w2b_t ^ w21_t ^ w15_t ^ w11_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w31_t); + w32_t = hc_rotl32_S ((w2c_t ^ w22_t ^ w16_t ^ w12_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w32_t); + w33_t = hc_rotl32_S ((w2d_t ^ w23_t ^ w17_t ^ w13_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w33_t); + w34_t = hc_rotl32_S ((w2e_t ^ w24_t ^ w18_t ^ w14_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w34_t); + w35_t = hc_rotl32_S ((w2f_t ^ w25_t ^ w19_t ^ w15_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w35_t); + w36_t = hc_rotl32_S ((w30_t ^ w26_t ^ w1a_t ^ w16_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w36_t); + w37_t = hc_rotl32_S ((w31_t ^ w27_t ^ w1b_t ^ w17_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w37_t); + w38_t = hc_rotl32_S ((w32_t ^ w28_t ^ w1c_t ^ w18_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w38_t); + w39_t = hc_rotl32_S ((w33_t ^ w29_t ^ w1d_t ^ w19_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w39_t); + w3a_t = hc_rotl32_S ((w34_t ^ w2a_t ^ w1e_t ^ w1a_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w3a_t); + w3b_t = hc_rotl32_S ((w35_t ^ w2b_t ^ w1f_t ^ w1b_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w3b_t); #undef K #define K SHA1C03 - wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, wc_t); - wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wd_t); - we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, we_t); - wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, wf_t); - w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w0_t); - w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w1_t); - w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w2_t); - w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w3_t); - w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w4_t); - w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w5_t); - w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w6_t); - w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w7_t); - w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w8_t); - w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w9_t); - wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wa_t); - wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, wb_t); - wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wc_t); - wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, wd_t); - we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, we_t); - wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wf_t); + w3c_t = hc_rotl32_S ((w36_t ^ w2c_t ^ w20_t ^ w1c_t), 2u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w3c_t); + w3d_t = hc_rotl32_S ((w37_t ^ w2d_t ^ w21_t ^ w1d_t), 2u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w3d_t); + w3e_t = hc_rotl32_S ((w38_t ^ w2e_t ^ w22_t ^ w1e_t), 2u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w3e_t); + w3f_t = hc_rotl32_S ((w39_t ^ w2f_t ^ w23_t ^ w1f_t), 2u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w3f_t); + w40_t = hc_rotl32_S ((w34_t ^ w20_t ^ w08_t ^ w00_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w40_t); + w41_t = hc_rotl32_S ((w35_t ^ w21_t ^ w09_t ^ w01_t), 4u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w41_t); + w42_t = hc_rotl32_S ((w36_t ^ w22_t ^ w0a_t ^ w02_t), 4u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w42_t); + w43_t = hc_rotl32_S ((w37_t ^ w23_t ^ w0b_t ^ w03_t), 4u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w43_t); + w44_t = hc_rotl32_S ((w38_t ^ w24_t ^ w0c_t ^ w04_t), 4u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w44_t); + w45_t = hc_rotl32_S ((w39_t ^ w25_t ^ w0d_t ^ w05_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w45_t); + w46_t = hc_rotl32_S ((w3a_t ^ w26_t ^ w0e_t ^ w06_t), 4u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w46_t); + w47_t = hc_rotl32_S ((w3b_t ^ w27_t ^ w0f_t ^ w07_t), 4u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w47_t); + w48_t = hc_rotl32_S ((w3c_t ^ w28_t ^ w10_t ^ w08_t), 4u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w48_t); + w49_t = hc_rotl32_S ((w3d_t ^ w29_t ^ w11_t ^ w09_t), 4u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w49_t); + w4a_t = hc_rotl32_S ((w3e_t ^ w2a_t ^ w12_t ^ w0a_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w4a_t); + w4b_t = hc_rotl32_S ((w3f_t ^ w2b_t ^ w13_t ^ w0b_t), 4u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w4b_t); + w4c_t = hc_rotl32_S ((w40_t ^ w2c_t ^ w14_t ^ w0c_t), 4u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w4c_t); + w4d_t = hc_rotl32_S ((w41_t ^ w2d_t ^ w15_t ^ w0d_t), 4u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w4d_t); + w4e_t = hc_rotl32_S ((w42_t ^ w2e_t ^ w16_t ^ w0e_t), 4u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w4e_t); + w4f_t = hc_rotl32_S ((w43_t ^ w2f_t ^ w17_t ^ w0f_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w4f_t); #undef K @@ -1440,117 +1504,181 @@ DECLSPEC void sha1_transform_vector (const u32x *w0, const u32x *w1, const u32x u32x d = digest[3]; u32x e = digest[4]; - u32x w0_t = w0[0]; - u32x w1_t = w0[1]; - u32x w2_t = w0[2]; - u32x w3_t = w0[3]; - u32x w4_t = w1[0]; - u32x w5_t = w1[1]; - u32x w6_t = w1[2]; - u32x w7_t = w1[3]; - u32x w8_t = w2[0]; - u32x w9_t = w2[1]; - u32x wa_t = w2[2]; - u32x wb_t = w2[3]; - u32x wc_t = w3[0]; - u32x wd_t = w3[1]; - u32x we_t = w3[2]; - u32x wf_t = w3[3]; + u32x w00_t = w0[0]; + u32x w01_t = w0[1]; + u32x w02_t = w0[2]; + u32x w03_t = w0[3]; + u32x w04_t = w1[0]; + u32x w05_t = w1[1]; + u32x w06_t = w1[2]; + u32x w07_t = w1[3]; + u32x w08_t = w2[0]; + u32x w09_t = w2[1]; + u32x w0a_t = w2[2]; + u32x w0b_t = w2[3]; + u32x w0c_t = w3[0]; + u32x w0d_t = w3[1]; + u32x w0e_t = w3[2]; + u32x w0f_t = w3[3]; + u32x w10_t; + u32x w11_t; + u32x w12_t; + u32x w13_t; + u32x w14_t; + u32x w15_t; + u32x w16_t; + u32x w17_t; + u32x w18_t; + u32x w19_t; + u32x w1a_t; + u32x w1b_t; + u32x w1c_t; + u32x w1d_t; + u32x w1e_t; + u32x w1f_t; + u32x w20_t; + u32x w21_t; + u32x w22_t; + u32x w23_t; + u32x w24_t; + u32x w25_t; + u32x w26_t; + u32x w27_t; + u32x w28_t; + u32x w29_t; + u32x w2a_t; + u32x w2b_t; + u32x w2c_t; + u32x w2d_t; + u32x w2e_t; + u32x w2f_t; + u32x w30_t; + u32x w31_t; + u32x w32_t; + u32x w33_t; + u32x w34_t; + u32x w35_t; + u32x w36_t; + u32x w37_t; + u32x w38_t; + u32x w39_t; + u32x w3a_t; + u32x w3b_t; + u32x w3c_t; + u32x w3d_t; + u32x w3e_t; + u32x w3f_t; + u32x w40_t; + u32x w41_t; + u32x w42_t; + u32x w43_t; + u32x w44_t; + u32x w45_t; + u32x w46_t; + u32x w47_t; + u32x w48_t; + u32x w49_t; + u32x w4a_t; + u32x w4b_t; + u32x w4c_t; + u32x w4d_t; + u32x w4e_t; + u32x w4f_t; #define K SHA1C00 - SHA1_STEP (SHA1_F0o, a, b, c, d, e, w0_t); - SHA1_STEP (SHA1_F0o, e, a, b, c, d, w1_t); - SHA1_STEP (SHA1_F0o, d, e, a, b, c, w2_t); - SHA1_STEP (SHA1_F0o, c, d, e, a, b, w3_t); - SHA1_STEP (SHA1_F0o, b, c, d, e, a, w4_t); - SHA1_STEP (SHA1_F0o, a, b, c, d, e, w5_t); - SHA1_STEP (SHA1_F0o, e, a, b, c, d, w6_t); - SHA1_STEP (SHA1_F0o, d, e, a, b, c, w7_t); - SHA1_STEP (SHA1_F0o, c, d, e, a, b, w8_t); - SHA1_STEP (SHA1_F0o, b, c, d, e, a, w9_t); - SHA1_STEP (SHA1_F0o, a, b, c, d, e, wa_t); - SHA1_STEP (SHA1_F0o, e, a, b, c, d, wb_t); - SHA1_STEP (SHA1_F0o, d, e, a, b, c, wc_t); - SHA1_STEP (SHA1_F0o, c, d, e, a, b, wd_t); - SHA1_STEP (SHA1_F0o, b, c, d, e, a, we_t); - SHA1_STEP (SHA1_F0o, a, b, c, d, e, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F0o, e, a, b, c, d, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F0o, d, e, a, b, c, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F0o, c, d, e, a, b, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F0o, b, c, d, e, a, w3_t); + SHA1_STEP (SHA1_F0o, a, b, c, d, e, w00_t); + SHA1_STEP (SHA1_F0o, e, a, b, c, d, w01_t); + SHA1_STEP (SHA1_F0o, d, e, a, b, c, w02_t); + SHA1_STEP (SHA1_F0o, c, d, e, a, b, w03_t); + SHA1_STEP (SHA1_F0o, b, c, d, e, a, w04_t); + SHA1_STEP (SHA1_F0o, a, b, c, d, e, w05_t); + SHA1_STEP (SHA1_F0o, e, a, b, c, d, w06_t); + SHA1_STEP (SHA1_F0o, d, e, a, b, c, w07_t); + SHA1_STEP (SHA1_F0o, c, d, e, a, b, w08_t); + SHA1_STEP (SHA1_F0o, b, c, d, e, a, w09_t); + SHA1_STEP (SHA1_F0o, a, b, c, d, e, w0a_t); + SHA1_STEP (SHA1_F0o, e, a, b, c, d, w0b_t); + SHA1_STEP (SHA1_F0o, d, e, a, b, c, w0c_t); + SHA1_STEP (SHA1_F0o, c, d, e, a, b, w0d_t); + SHA1_STEP (SHA1_F0o, b, c, d, e, a, w0e_t); + SHA1_STEP (SHA1_F0o, a, b, c, d, e, w0f_t); + w10_t = hc_rotl32 ((w0d_t ^ w08_t ^ w02_t ^ w00_t), 1u); SHA1_STEP (SHA1_F0o, e, a, b, c, d, w10_t); + w11_t = hc_rotl32 ((w0e_t ^ w09_t ^ w03_t ^ w01_t), 1u); SHA1_STEP (SHA1_F0o, d, e, a, b, c, w11_t); + w12_t = hc_rotl32 ((w0f_t ^ w0a_t ^ w04_t ^ w02_t), 1u); SHA1_STEP (SHA1_F0o, c, d, e, a, b, w12_t); + w13_t = hc_rotl32 ((w10_t ^ w0b_t ^ w05_t ^ w03_t), 1u); SHA1_STEP (SHA1_F0o, b, c, d, e, a, w13_t); #undef K #define K SHA1C01 - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w7_t); - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, wb_t); - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w3_t); - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w7_t); + w14_t = hc_rotl32 ((w11_t ^ w0c_t ^ w06_t ^ w04_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w14_t); + w15_t = hc_rotl32 ((w12_t ^ w0d_t ^ w07_t ^ w05_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w15_t); + w16_t = hc_rotl32 ((w13_t ^ w0e_t ^ w08_t ^ w06_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w16_t); + w17_t = hc_rotl32 ((w14_t ^ w0f_t ^ w09_t ^ w07_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w17_t); + w18_t = hc_rotl32 ((w15_t ^ w10_t ^ w0a_t ^ w08_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w18_t); + w19_t = hc_rotl32 ((w16_t ^ w11_t ^ w0b_t ^ w09_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w19_t); + w1a_t = hc_rotl32 ((w17_t ^ w12_t ^ w0c_t ^ w0a_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w1a_t); + w1b_t = hc_rotl32 ((w18_t ^ w13_t ^ w0d_t ^ w0b_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w1b_t); + w1c_t = hc_rotl32 ((w19_t ^ w14_t ^ w0e_t ^ w0c_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w1c_t); + w1d_t = hc_rotl32 ((w1a_t ^ w15_t ^ w0f_t ^ w0d_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w1d_t); + w1e_t = hc_rotl32 ((w1b_t ^ w16_t ^ w10_t ^ w0e_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w1e_t); + w1f_t = hc_rotl32 ((w1c_t ^ w17_t ^ w11_t ^ w0f_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w1f_t); + w20_t = hc_rotl32 ((w1a_t ^ w10_t ^ w04_t ^ w00_t), 2u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w20_t); + w21_t = hc_rotl32 ((w1b_t ^ w11_t ^ w05_t ^ w01_t), 2u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w21_t); + w22_t = hc_rotl32 ((w1c_t ^ w12_t ^ w06_t ^ w02_t), 2u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w22_t); + w23_t = hc_rotl32 ((w1d_t ^ w13_t ^ w07_t ^ w03_t), 2u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w23_t); + w24_t = hc_rotl32 ((w1e_t ^ w14_t ^ w08_t ^ w04_t), 2u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w24_t); + w25_t = hc_rotl32 ((w1f_t ^ w15_t ^ w09_t ^ w05_t), 2u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w25_t); + w26_t = hc_rotl32 ((w20_t ^ w16_t ^ w0a_t ^ w06_t), 2u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w26_t); + w27_t = hc_rotl32 ((w21_t ^ w17_t ^ w0b_t ^ w07_t), 2u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w27_t); #undef K #define K SHA1C02 - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, wb_t); - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, w3_t); - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, w7_t); - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, wb_t); + w28_t = hc_rotl32 ((w22_t ^ w18_t ^ w0c_t ^ w08_t), 2u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, w28_t); + w29_t = hc_rotl32 ((w23_t ^ w19_t ^ w0d_t ^ w09_t), 2u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, w29_t); + w2a_t = hc_rotl32 ((w24_t ^ w1a_t ^ w0e_t ^ w0a_t), 2u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, w2a_t); + w2b_t = hc_rotl32 ((w25_t ^ w1b_t ^ w0f_t ^ w0b_t), 2u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, w2b_t); + w2c_t = hc_rotl32 ((w26_t ^ w1c_t ^ w10_t ^ w0c_t), 2u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, w2c_t); + w2d_t = hc_rotl32 ((w27_t ^ w1d_t ^ w11_t ^ w0d_t), 2u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, w2d_t); + w2e_t = hc_rotl32 ((w28_t ^ w1e_t ^ w12_t ^ w0e_t), 2u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, w2e_t); + w2f_t = hc_rotl32 ((w29_t ^ w1f_t ^ w13_t ^ w0f_t), 2u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, w2f_t); + w30_t = hc_rotl32 ((w2a_t ^ w20_t ^ w14_t ^ w10_t), 2u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, w30_t); + w31_t = hc_rotl32 ((w2b_t ^ w21_t ^ w15_t ^ w11_t), 2u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, w31_t); + w32_t = hc_rotl32 ((w2c_t ^ w22_t ^ w16_t ^ w12_t), 2u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, w32_t); + w33_t = hc_rotl32 ((w2d_t ^ w23_t ^ w17_t ^ w13_t), 2u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, w33_t); + w34_t = hc_rotl32 ((w2e_t ^ w24_t ^ w18_t ^ w14_t), 2u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, w34_t); + w35_t = hc_rotl32 ((w2f_t ^ w25_t ^ w19_t ^ w15_t), 2u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, w35_t); + w36_t = hc_rotl32 ((w30_t ^ w26_t ^ w1a_t ^ w16_t), 2u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, w36_t); + w37_t = hc_rotl32 ((w31_t ^ w27_t ^ w1b_t ^ w17_t), 2u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, w37_t); + w38_t = hc_rotl32 ((w32_t ^ w28_t ^ w1c_t ^ w18_t), 2u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, w38_t); + w39_t = hc_rotl32 ((w33_t ^ w29_t ^ w1d_t ^ w19_t), 2u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, w39_t); + w3a_t = hc_rotl32 ((w34_t ^ w2a_t ^ w1e_t ^ w1a_t), 2u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, w3a_t); + w3b_t = hc_rotl32 ((w35_t ^ w2b_t ^ w1f_t ^ w1b_t), 2u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, w3b_t); #undef K #define K SHA1C03 - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w3_t); - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w7_t); - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, wb_t); - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, wf_t); + w3c_t = hc_rotl32 ((w36_t ^ w2c_t ^ w20_t ^ w1c_t), 2u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w3c_t); + w3d_t = hc_rotl32 ((w37_t ^ w2d_t ^ w21_t ^ w1d_t), 2u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w3d_t); + w3e_t = hc_rotl32 ((w38_t ^ w2e_t ^ w22_t ^ w1e_t), 2u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w3e_t); + w3f_t = hc_rotl32 ((w39_t ^ w2f_t ^ w23_t ^ w1f_t), 2u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w3f_t); + w40_t = hc_rotl32 ((w34_t ^ w20_t ^ w08_t ^ w00_t), 4u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w40_t); + w41_t = hc_rotl32 ((w35_t ^ w21_t ^ w09_t ^ w01_t), 4u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w41_t); + w42_t = hc_rotl32 ((w36_t ^ w22_t ^ w0a_t ^ w02_t), 4u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w42_t); + w43_t = hc_rotl32 ((w37_t ^ w23_t ^ w0b_t ^ w03_t), 4u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w43_t); + w44_t = hc_rotl32 ((w38_t ^ w24_t ^ w0c_t ^ w04_t), 4u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w44_t); + w45_t = hc_rotl32 ((w39_t ^ w25_t ^ w0d_t ^ w05_t), 4u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w45_t); + w46_t = hc_rotl32 ((w3a_t ^ w26_t ^ w0e_t ^ w06_t), 4u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w46_t); + w47_t = hc_rotl32 ((w3b_t ^ w27_t ^ w0f_t ^ w07_t), 4u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w47_t); + w48_t = hc_rotl32 ((w3c_t ^ w28_t ^ w10_t ^ w08_t), 4u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w48_t); + w49_t = hc_rotl32 ((w3d_t ^ w29_t ^ w11_t ^ w09_t), 4u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w49_t); + w4a_t = hc_rotl32 ((w3e_t ^ w2a_t ^ w12_t ^ w0a_t), 4u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w4a_t); + w4b_t = hc_rotl32 ((w3f_t ^ w2b_t ^ w13_t ^ w0b_t), 4u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w4b_t); + w4c_t = hc_rotl32 ((w40_t ^ w2c_t ^ w14_t ^ w0c_t), 4u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w4c_t); + w4d_t = hc_rotl32 ((w41_t ^ w2d_t ^ w15_t ^ w0d_t), 4u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w4d_t); + w4e_t = hc_rotl32 ((w42_t ^ w2e_t ^ w16_t ^ w0e_t), 4u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w4e_t); + w4f_t = hc_rotl32 ((w43_t ^ w2f_t ^ w17_t ^ w0f_t), 4u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w4f_t); #undef K From 52e83c2292ee70e86b069ce9c394eeed2529229a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 3 Dec 2019 11:26:33 +0100 Subject: [PATCH 068/300] Fix missing OPTS_TYPE_KEYBOARD_MAPPING in -m 624x --- src/modules/module_06241.c | 3 ++- src/modules/module_06242.c | 3 ++- src/modules/module_06243.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/modules/module_06241.c b/src/modules/module_06241.c index 09c3e8ec7..6154ca84a 100644 --- a/src/modules/module_06241.c +++ b/src/modules/module_06241.c @@ -25,7 +25,8 @@ static const u64 KERN_TYPE = 6211; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; + | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_KEYBOARD_MAPPING; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "2b5da9924119fde5270f712ba3c3e4974460416e8465f222149499908c2fca0a4753b581f26625d11c4d3f49bdeb1c95bc3e17629d7e19ffb66175e5feab90a4fd670194f95d578266f3f54e61b82dc00efc2bb4438e19c3f6d7a92825a7625d88ec6286ab4e1761749edc83dad4340fd167544f09913fd6b03775013ff232fc4dad6f726ef82ad4bd1c5227a7796d7db35a912beeda5b0cdd798bc34d3ac24403c87dc672a983687dd64f920c991840a56105a6311797eed9976014909700366420673f6455242c71151ac75903a353538ec24b4feb967e2b46886395cf3e934e83a6a58ef2c0180273a0c33ba2bd870b1d84afb03d5558dc17bc7fb586404ad9a7e506ed859540110c6ad73f0f1d2be47829bc666e1838ec3f1dc1f610206241ce07fbf2542ecef9348b37aa460815794ca582709697cbf0c90c3dae4cb9dd97b29d3c7d82bd8d0c81d708e74c7007468c6c55a40fd4f803a4f5a75818d7da0d1ef333b8622e7de516fa62a6fa2b8d6d5d23653dfcedffec771456ee204e5c85ee88defbe195462fbe8ce0e2a5a455dab66478b877ec37dfa66f19ab5201c56cd707ba7bee1b10360965d3868c1fdf91dda124b1b0994fee75848083d19369735905bd2864b496c6e35ecf96f6dd4728570a45746bcf8d7d0ec0b9b0b112b28fdc53efcfa7d0558c132cd683a742d62b34304d9f991029c8aedc3d8767da8c"; diff --git a/src/modules/module_06242.c b/src/modules/module_06242.c index 20a239fd0..68a34eeff 100644 --- a/src/modules/module_06242.c +++ b/src/modules/module_06242.c @@ -25,7 +25,8 @@ static const u64 KERN_TYPE = 6212; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; + | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_KEYBOARD_MAPPING; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "debcc3e74a7b2acb4c7eaa4ac86fd6431da1d9579f4f76f0b31f07b3d36e65099daca9e4ae569114b3cb6e64d707b6206a2ab6b31ab0c17b356da3719d0e2fa4058f0349763970855d4c83b02a967bb2969f1b6f3e4fdbce37c6df203efbe87bfdb5ffd8fe376e9ad61862a8f659ef0db39e06ed34c4f80aa856df2219ac6a37ebb0244445db7e412b773f4e28846c5e65129cd4f4ce76979c083f08a7c4e2be30469b8363eaf8579baa870cdcb2bdca6b60e64559cb0def242576b80722bf36eb6d94640d2937b49edf9c9af67f0172f27319448425f86831c35ae35e764b9e69fcc47a42ba7a565d682366023291b1b4cbcd1b7ba6fba75c214e5849a9ba26197f7f010f01301dcbffaa7311f2ab32c2810470d3fe873334ca578adbfd04c5a39cbd53b09755e4d868dbf8a44d76cc91031f4710b8a985c70738b443572b4745ed10e6120852870b0fdb258f0a804d679eec85b5290235c9c526165b961f17ff0fe32d9f597c8f2ab9b84f3d22fef71fec67987e687590de6ab11b33f1b06f23c38ead94c3de419061b6568612c27517b0a3395e401a2c6058fc5f41f0e084e8f2157b6486624314b1f341f74cfdec9deaed7abf89ccf97b47441493e5086f1351f42a5c0929f6431753baadcd2fb347b8835d08250743bb45aaf1c6bb30eed98e911a273074b7e8ebad2174b527b1b84e1961967bf358711346482d9db1c7"; diff --git a/src/modules/module_06243.c b/src/modules/module_06243.c index baa540b0c..4ce623ae2 100644 --- a/src/modules/module_06243.c +++ b/src/modules/module_06243.c @@ -25,7 +25,8 @@ static const u64 KERN_TYPE = 6213; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; + | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_KEYBOARD_MAPPING; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "5e6628907291b0b74a4f43a23fb0693acb71c4379c3a3cc0eafbab40036bbdadfede179e04484aca0f5b6ecf7c7e8abe61d6836be6590838b8f9027da93ba77d076b9a557c958159c5dcddfb70823b7e324bd99b40a8f39410f6afd279df3493b58b9ffce41b65f3afd2fc467f4553a946b85e6ffc74b91c9c38c689d98419339a84d3c6d116274e34482d546407006ee04af03b594998127b2a9716ca4278b1f3050d015af10a9bb11db0465373f3a786c148bb20473377d8e97264b1c4d7ec4179829ce929573b26e5987b59da8591e2dc8e3934830dd0b5ac521c8637e9bb31e4bc084d53bc6a8dc6875e857a4c8c32a577eed3c6cea5beef514160982be2c7d7e2f4d65efa3f4a0e11ac1860ff3160e7cd968e18019abfd0395080a9f8e860c627fc32c63c8b7ef46b203c63cf0f12c05ea65b1f83a5f1fc6ad6cc200a9527151c2b8016a38f1e87be9c960088eaaa98a01d9db8cdacaae26c446a846042a6c0248b666eea7a1be44dc3fc35ce100c3a3eb377e898deb097cfba9246685d7ec8527cdc5e1983c154169178e3d86cd4017606ccc42d25cbdea0aca2b1ac422372cfbb1ad2b7d465449a2c1fbbae35c8e7fdaadd683a7dc991b76aaba08b8706916924407392a2aef458c2e833290dc1ff116f3f49f918e6a133b60728ac7c464e4f3521784cf32866be32877534bb014312c4301d1740781221a5e8758ea4"; From d07f002337f4c4bdb0878ad9ade4a7bfdac63b69 Mon Sep 17 00:00:00 2001 From: philsmd Date: Thu, 5 Dec 2019 10:43:42 +0100 Subject: [PATCH 069/300] electrum 4/5: improve speed (rm hook) --- OpenCL/inc_ecc_secp256k1.cl | 1820 +++++++++++++++++++++++++++++++ OpenCL/inc_ecc_secp256k1.h | 40 + OpenCL/inc_zip_inflate.cl | 39 +- OpenCL/m21700-pure.cl | 352 +----- OpenCL/m21800-pure.cl | 536 +++++---- docs/credits.txt | 2 +- include/emu_inc_ecc_secp256k1.h | 14 + include/ext_secp256k1.h | 13 - src/Makefile | 46 +- src/emu_inc_ecc_secp256k1.c | 13 + src/ext_secp256k1.c | 151 --- src/modules/module_21700.c | 135 +-- src/modules/module_21800.c | 308 +----- 13 files changed, 2268 insertions(+), 1201 deletions(-) create mode 100644 OpenCL/inc_ecc_secp256k1.cl create mode 100644 OpenCL/inc_ecc_secp256k1.h create mode 100644 include/emu_inc_ecc_secp256k1.h delete mode 100644 include/ext_secp256k1.h create mode 100644 src/emu_inc_ecc_secp256k1.c delete mode 100644 src/ext_secp256k1.c diff --git a/OpenCL/inc_ecc_secp256k1.cl b/OpenCL/inc_ecc_secp256k1.cl new file mode 100644 index 000000000..92551d5e5 --- /dev/null +++ b/OpenCL/inc_ecc_secp256k1.cl @@ -0,0 +1,1820 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + * + * Furthermore, since elliptic curve operations are highly researched and optimized, + * we've consulted a lot of online resources to implement this, including several papers and + * example code. + * + * Credits where credits are due: there are a lot of nice projects that explain and/or optimize + * elliptic curve operations (especially elliptic curve multiplications by a scalar). + * + * We want to shout out following projects, which were quite helpful when implementing this: + * - secp256k1 by Pieter Wuille (https://github.com/bitcoin-core/secp256k1/, MIT) + * - secp256k1-cl by hhanh00 (https://github.com/hhanh00/secp256k1-cl/, MIT) + * - ec_pure_c by masterzorag (https://github.com/masterzorag/ec_pure_c/) + * - ecc-gmp by leivaburto (https://github.com/leivaburto/ecc-gmp) + * - micro-ecc by Ken MacKay (https://github.com/kmackay/micro-ecc/, BSD) + * - curve_example by willem (https://gist.github.com/nlitsme/c9031c7b9bf6bb009e5a) + * - py_ecc by Vitalik Buterin (https://github.com/ethereum/py_ecc/, MIT) + * + * + * Some BigNum operations are implemented similar to micro-ecc which is licensed under these terms: + * Copyright 2014 Ken MacKay, 2-Clause BSD License + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * ATTENTION: this code is NOT meant to be used in security critical environments that are at risk + * of side-channel or timing attacks etc, it's only purpose is to make it work fast for GPGPU + * (OpenCL/CUDA). Some attack vectors like side-channel and timing-attacks might be possible, + * because of some optimizations used within this code (non-constant time etc). + */ + +/* + * Implementation considerations: + * point double and point add are implemented similar to algorithms mentioned in this 2011 paper: + * http://eprint.iacr.org/2011/338.pdf + * (Fast and Regular Algorithms for Scalar Multiplication over Elliptic Curves by Matthieu Rivain) + * + * In theory we could use the Jacobian Co-Z enhancement to get rid of the larger buffer caused by + * the z coordinates (and in this way reduce register pressure etc). + * For the Co-Z improvement there are a lot of fast algorithms, but we might still be faster + * with this implementation (b/c we allow non-constant time) without the Brier/Joye Montgomery-like + * ladder. Of course, this claim would need to be verified and tested to see which one is faster + * for our specific scenario at the end. + * + * A speedup could also be possible by using scalars converted to (w)NAF (non-adjacent form) or by + * just using the windowed (precomputed zi) method or similar improvements: + * The general idea of w-NAF would be to pre-compute some zi coefficients like below to reduce the + * costly point additions by using a non-binary ("signed") number system (values other than just + * 0 and 1, but ranging from -2^(w-1)-1 to 2^(w-1)-1). This would work best with the left-to-right + * binary algorithm such that we could just add zi * P when adding point P (pre-compute all the + * possible zi * P values because the x/y coordinates are known before the kernel starts): + * + * // Example with window size w = 2 (i.e. mod 4 => & 3): + * // 173 => 1 0 -1 0 -1 0 -1 0 1 = 2^8 - 2^6 - 2^4 - 2^2 + 1 + * int e = 0b10101101; // 173 + * int z[8 + 1] = { 0 }; // our zi/di, we need one extra slot to make the substract work + * + * int i = 0; + * + * while (e) + * { + * if (e & 1) + * { + * // for window size w = 3 it would be: + * // => 2^(w-0) = 2^3 = 8 + * // => 2^(w-1) = 2^2 = 4 + * + * int bit; // = 2 - (e & 3) for w = 2 + * + * if ((e & 3) >= 2) // e % 4 == e & 3, use (e & 7) >= 4 for w = 3 + * bit = (e & 3) - 4; // (e & 7) - 8 for w = 3 + * else + * bit = e & 3; // e & 7 for w = 3 + * + * z[i] = bit; + * e -= bit; + * } + * + * e >>= 1; // e / 2 + * i++; + * } +*/ + +#include "inc_ecc_secp256k1.h" + +DECLSPEC u32 sub (u32 r[8], const u32 a[8], const u32 b[8]) +{ + u32 c = 0; // carry/borrow + + for (u32 i = 0; i < 8; i++) + { + const u32 diff = a[i] - b[i] - c; + + if (diff != a[i]) c = (diff > a[i]); + + r[i] = diff; + } + + return c; +} + +DECLSPEC u32 add (u32 r[8], const u32 a[8], const u32 b[8]) +{ + u32 c = 0; // carry/borrow + + for (u32 i = 0; i < 8; i++) + { + const u32 t = a[i] + b[i] + c; + + if (t != a[i]) c = (t < a[i]); + + r[i] = t; + } + + return c; +} + +DECLSPEC void sub_mod (u32 r[8], const u32 a[8], const u32 b[8]) +{ + const u32 c = sub (r, a, b); // carry + + if (c) + { + u32 t[8]; + + t[0] = SECP256K1_P0; + t[1] = SECP256K1_P1; + t[2] = SECP256K1_P2; + t[3] = SECP256K1_P3; + t[4] = SECP256K1_P4; + t[5] = SECP256K1_P5; + t[6] = SECP256K1_P6; + t[7] = SECP256K1_P7; + + add (r, r, t); + } +} + +DECLSPEC void add_mod (u32 r[8], const u32 a[8], const u32 b[8]) +{ + const u32 c = add (r, a, b); // carry + + /* + * Modulo operation: + */ + + // note: we could have an early exit in case of c == 1 => sub () + + u32 t[8]; + + t[0] = SECP256K1_P0; + t[1] = SECP256K1_P1; + t[2] = SECP256K1_P2; + t[3] = SECP256K1_P3; + t[4] = SECP256K1_P4; + t[5] = SECP256K1_P5; + t[6] = SECP256K1_P6; + t[7] = SECP256K1_P7; + + // check if modulo operation is needed + + u32 mod = 1; + + if (c == 0) + { + for (int i = 7; i >= 0; i--) + { + if (r[i] < t[i]) + { + mod = 0; + + break; // or return ! (check if faster) + } + + if (r[i] > t[i]) break; + } + } + + if (mod == 1) + { + sub (r, r, t); + } +} + +DECLSPEC void mod_512 (u32 n[16]) +{ + // we need to perform a modulo operation with 512-bit % 256-bit (bignum modulo): + // the modulus is the secp256k1 group order + + // ATTENTION: for this function the byte-order is reversed (most significant bytes + // at the left) + + /* + the general modulo by shift and substract code (a = a % b): + + x = b; + + t = a >> 1; + + while (x <= t) x <<= 1; + + while (a >= b) + { + if (a >= x) a -= x; + + x >>= 1; + } + + return a; // remainder + */ + + u32 a[16]; + + a[ 0] = n[ 0]; + a[ 1] = n[ 1]; + a[ 2] = n[ 2]; + a[ 3] = n[ 3]; + a[ 4] = n[ 4]; + a[ 5] = n[ 5]; + a[ 6] = n[ 6]; + a[ 7] = n[ 7]; + a[ 8] = n[ 8]; + a[ 9] = n[ 9]; + a[10] = n[10]; + a[11] = n[11]; + a[12] = n[12]; + a[13] = n[13]; + a[14] = n[14]; + a[15] = n[15]; + + u32 b[16]; + + b[ 0] = 0x00000000; + b[ 1] = 0x00000000; + b[ 2] = 0x00000000; + b[ 3] = 0x00000000; + b[ 4] = 0x00000000; + b[ 5] = 0x00000000; + b[ 6] = 0x00000000; + b[ 7] = 0x00000000; + b[ 8] = SECP256K1_N7; + b[ 9] = SECP256K1_N6; + b[10] = SECP256K1_N5; + b[11] = SECP256K1_N4; + b[12] = SECP256K1_N3; + b[13] = SECP256K1_N2; + b[14] = SECP256K1_N1; + b[15] = SECP256K1_N0; + + /* + * Start: + */ + + // x = b (but with a fast "shift" trick to avoid the while loop) + + u32 x[16]; + + x[ 0] = b[ 8]; // this is a trick: we just put the group order's most significant bit all the + x[ 1] = b[ 9]; // way to the top to avoid doing the initial: while (x <= t) x <<= 1 + x[ 2] = b[10]; + x[ 3] = b[11]; + x[ 4] = b[12]; + x[ 5] = b[13]; + x[ 6] = b[14]; + x[ 7] = b[15]; + x[ 8] = 0x00000000; + x[ 9] = 0x00000000; + x[10] = 0x00000000; + x[11] = 0x00000000; + x[12] = 0x00000000; + x[13] = 0x00000000; + x[14] = 0x00000000; + x[15] = 0x00000000; + + // a >= b + + while (a[0] >= b[0]) + { + const u32 l1 = (a[ 0] < b[ 0]) << 0 + | (a[ 1] < b[ 1]) << 1 + | (a[ 2] < b[ 2]) << 2 + | (a[ 3] < b[ 3]) << 3 + | (a[ 4] < b[ 4]) << 4 + | (a[ 5] < b[ 5]) << 5 + | (a[ 6] < b[ 6]) << 6 + | (a[ 7] < b[ 7]) << 7 + | (a[ 8] < b[ 8]) << 8 + | (a[ 9] < b[ 9]) << 9 + | (a[10] < b[10]) << 10 + | (a[11] < b[11]) << 11 + | (a[12] < b[12]) << 12 + | (a[13] < b[13]) << 13 + | (a[14] < b[14]) << 14 + | (a[15] < b[15]) << 15; + + const u32 e1 = (a[ 0] == b[ 0]) << 0 + | (a[ 1] == b[ 1]) << 1 + | (a[ 2] == b[ 2]) << 2 + | (a[ 3] == b[ 3]) << 3 + | (a[ 4] == b[ 4]) << 4 + | (a[ 5] == b[ 5]) << 5 + | (a[ 6] == b[ 6]) << 6 + | (a[ 7] == b[ 7]) << 7 + | (a[ 8] == b[ 8]) << 8 + | (a[ 9] == b[ 9]) << 9 + | (a[10] == b[10]) << 10 + | (a[11] == b[11]) << 11 + | (a[12] == b[12]) << 12 + | (a[13] == b[13]) << 13 + | (a[14] == b[14]) << 14 + | (a[15] == b[15]) << 15; + + if (l1) + { + if (l1 & 0x0001) break; + if (l1 & 0x0002) if ((e1 & 0x0001) == 0x0001) break; + if (l1 & 0x0004) if ((e1 & 0x0003) == 0x0003) break; + if (l1 & 0x0008) if ((e1 & 0x0007) == 0x0007) break; + if (l1 & 0x0010) if ((e1 & 0x000f) == 0x000f) break; + if (l1 & 0x0020) if ((e1 & 0x001f) == 0x001f) break; + if (l1 & 0x0040) if ((e1 & 0x003f) == 0x003f) break; + if (l1 & 0x0080) if ((e1 & 0x007f) == 0x007f) break; + if (l1 & 0x0100) if ((e1 & 0x00ff) == 0x00ff) break; + if (l1 & 0x0200) if ((e1 & 0x01ff) == 0x01ff) break; + if (l1 & 0x0400) if ((e1 & 0x03ff) == 0x03ff) break; + if (l1 & 0x0800) if ((e1 & 0x07ff) == 0x07ff) break; + if (l1 & 0x1000) if ((e1 & 0x0fff) == 0x0fff) break; + if (l1 & 0x2000) if ((e1 & 0x1fff) == 0x1fff) break; + if (l1 & 0x4000) if ((e1 & 0x3fff) == 0x3fff) break; + if (l1 & 0x8000) if ((e1 & 0x7fff) == 0x7fff) break; + } + + // r = x (copy it to have the original values for the subtraction) + + u32 r[16]; + + r[ 0] = x[ 0]; + r[ 1] = x[ 1]; + r[ 2] = x[ 2]; + r[ 3] = x[ 3]; + r[ 4] = x[ 4]; + r[ 5] = x[ 5]; + r[ 6] = x[ 6]; + r[ 7] = x[ 7]; + r[ 8] = x[ 8]; + r[ 9] = x[ 9]; + r[10] = x[10]; + r[11] = x[11]; + r[12] = x[12]; + r[13] = x[13]; + r[14] = x[14]; + r[15] = x[15]; + + // x >>= 1 + + x[15] = x[15] >> 1 | (x[14] & 1) << 31; + x[14] = x[14] >> 1 | (x[13] & 1) << 31; + x[13] = x[13] >> 1 | (x[12] & 1) << 31; + x[12] = x[12] >> 1 | (x[11] & 1) << 31; + x[11] = x[11] >> 1 | (x[10] & 1) << 31; + x[10] = x[10] >> 1 | (x[ 9] & 1) << 31; + x[ 9] = x[ 9] >> 1 | (x[ 8] & 1) << 31; + x[ 8] = x[ 8] >> 1 | (x[ 7] & 1) << 31; + x[ 7] = x[ 7] >> 1 | (x[ 6] & 1) << 31; + x[ 6] = x[ 6] >> 1 | (x[ 5] & 1) << 31; + x[ 5] = x[ 5] >> 1 | (x[ 4] & 1) << 31; + x[ 4] = x[ 4] >> 1 | (x[ 3] & 1) << 31; + x[ 3] = x[ 3] >> 1 | (x[ 2] & 1) << 31; + x[ 2] = x[ 2] >> 1 | (x[ 1] & 1) << 31; + x[ 1] = x[ 1] >> 1 | (x[ 0] & 1) << 31; + x[ 0] = x[ 0] >> 1; + + // if (a >= r) a -= r; + + const u32 l2 = (a[ 0] < r[ 0]) << 0 + | (a[ 1] < r[ 1]) << 1 + | (a[ 2] < r[ 2]) << 2 + | (a[ 3] < r[ 3]) << 3 + | (a[ 4] < r[ 4]) << 4 + | (a[ 5] < r[ 5]) << 5 + | (a[ 6] < r[ 6]) << 6 + | (a[ 7] < r[ 7]) << 7 + | (a[ 8] < r[ 8]) << 8 + | (a[ 9] < r[ 9]) << 9 + | (a[10] < r[10]) << 10 + | (a[11] < r[11]) << 11 + | (a[12] < r[12]) << 12 + | (a[13] < r[13]) << 13 + | (a[14] < r[14]) << 14 + | (a[15] < r[15]) << 15; + + const u32 e2 = (a[ 0] == r[ 0]) << 0 + | (a[ 1] == r[ 1]) << 1 + | (a[ 2] == r[ 2]) << 2 + | (a[ 3] == r[ 3]) << 3 + | (a[ 4] == r[ 4]) << 4 + | (a[ 5] == r[ 5]) << 5 + | (a[ 6] == r[ 6]) << 6 + | (a[ 7] == r[ 7]) << 7 + | (a[ 8] == r[ 8]) << 8 + | (a[ 9] == r[ 9]) << 9 + | (a[10] == r[10]) << 10 + | (a[11] == r[11]) << 11 + | (a[12] == r[12]) << 12 + | (a[13] == r[13]) << 13 + | (a[14] == r[14]) << 14 + | (a[15] == r[15]) << 15; + + if (l2) + { + if (l2 & 0x0001) continue; + if (l2 & 0x0002) if ((e2 & 0x0001) == 0x0001) continue; + if (l2 & 0x0004) if ((e2 & 0x0003) == 0x0003) continue; + if (l2 & 0x0008) if ((e2 & 0x0007) == 0x0007) continue; + if (l2 & 0x0010) if ((e2 & 0x000f) == 0x000f) continue; + if (l2 & 0x0020) if ((e2 & 0x001f) == 0x001f) continue; + if (l2 & 0x0040) if ((e2 & 0x003f) == 0x003f) continue; + if (l2 & 0x0080) if ((e2 & 0x007f) == 0x007f) continue; + if (l2 & 0x0100) if ((e2 & 0x00ff) == 0x00ff) continue; + if (l2 & 0x0200) if ((e2 & 0x01ff) == 0x01ff) continue; + if (l2 & 0x0400) if ((e2 & 0x03ff) == 0x03ff) continue; + if (l2 & 0x0800) if ((e2 & 0x07ff) == 0x07ff) continue; + if (l2 & 0x1000) if ((e2 & 0x0fff) == 0x0fff) continue; + if (l2 & 0x2000) if ((e2 & 0x1fff) == 0x1fff) continue; + if (l2 & 0x4000) if ((e2 & 0x3fff) == 0x3fff) continue; + if (l2 & 0x8000) if ((e2 & 0x7fff) == 0x7fff) continue; + } + + // substract (a -= r): + + r[ 0] = a[ 0] - r[ 0]; + r[ 1] = a[ 1] - r[ 1]; + r[ 2] = a[ 2] - r[ 2]; + r[ 3] = a[ 3] - r[ 3]; + r[ 4] = a[ 4] - r[ 4]; + r[ 5] = a[ 5] - r[ 5]; + r[ 6] = a[ 6] - r[ 6]; + r[ 7] = a[ 7] - r[ 7]; + r[ 8] = a[ 8] - r[ 8]; + r[ 9] = a[ 9] - r[ 9]; + r[10] = a[10] - r[10]; + r[11] = a[11] - r[11]; + r[12] = a[12] - r[12]; + r[13] = a[13] - r[13]; + r[14] = a[14] - r[14]; + r[15] = a[15] - r[15]; + + // take care of the "borrow" (we can't do it the other way around 15...1 because r[x] is changed!) + + if (r[ 1] > a[ 1]) r[ 0]--; + if (r[ 2] > a[ 2]) r[ 1]--; + if (r[ 3] > a[ 3]) r[ 2]--; + if (r[ 4] > a[ 4]) r[ 3]--; + if (r[ 5] > a[ 5]) r[ 4]--; + if (r[ 6] > a[ 6]) r[ 5]--; + if (r[ 7] > a[ 7]) r[ 6]--; + if (r[ 8] > a[ 8]) r[ 7]--; + if (r[ 9] > a[ 9]) r[ 8]--; + if (r[10] > a[10]) r[ 9]--; + if (r[11] > a[11]) r[10]--; + if (r[12] > a[12]) r[11]--; + if (r[13] > a[13]) r[12]--; + if (r[14] > a[14]) r[13]--; + if (r[15] > a[15]) r[14]--; + + a[ 0] = r[ 0]; + a[ 1] = r[ 1]; + a[ 2] = r[ 2]; + a[ 3] = r[ 3]; + a[ 4] = r[ 4]; + a[ 5] = r[ 5]; + a[ 6] = r[ 6]; + a[ 7] = r[ 7]; + a[ 8] = r[ 8]; + a[ 9] = r[ 9]; + a[10] = r[10]; + a[11] = r[11]; + a[12] = r[12]; + a[13] = r[13]; + a[14] = r[14]; + a[15] = r[15]; + } + + n[ 0] = a[ 0]; + n[ 1] = a[ 1]; + n[ 2] = a[ 2]; + n[ 3] = a[ 3]; + n[ 4] = a[ 4]; + n[ 5] = a[ 5]; + n[ 6] = a[ 6]; + n[ 7] = a[ 7]; + n[ 8] = a[ 8]; + n[ 9] = a[ 9]; + n[10] = a[10]; + n[11] = a[11]; + n[12] = a[12]; + n[13] = a[13]; + n[14] = a[14]; + n[15] = a[15]; +} + +DECLSPEC void mul_mod (u32 r[8], const u32 a[8], const u32 b[8]) // TODO get rid of u64 ? +{ + u32 t[16] = { 0 }; // we need up to double the space (2 * 8) + + /* + * First start with the basic a * b multiplication: + */ + + u32 t0 = 0; + u32 t1 = 0; + u32 c = 0; + + for (u32 i = 0; i < 8; i++) + { + for (u32 j = 0; j <= i; j++) + { + u64 p = ((u64) a[j]) * b[i - j]; + + u64 d = ((u64) t1) << 32 | t0; + + d += p; + + t0 = (u32) d; + t1 = d >> 32; + + c += d < p; // carry + } + + t[i] = t0; + + t0 = t1; + t1 = c; + + c = 0; + } + + for (u32 i = 8; i < 15; i++) + { + for (u32 j = i - 7; j < 8; j++) + { + u64 p = ((u64) a[j]) * b[i - j]; + + u64 d = ((u64) t1) << 32 | t0; + + d += p; + + t0 = (u32) d; + t1 = d >> 32; + + c += d < p; + } + + t[i] = t0; + + t0 = t1; + t1 = c; + + c = 0; + } + + t[15] = t0; + + + + /* + * Now do the modulo operation: + * (r = t % p) + * + * http://www.isys.uni-klu.ac.at/PDF/2001-0126-MT.pdf (p.354 or p.9 in that document) + */ + + u32 tmp[16] = { 0 }; + + // c = 0; + + // Note: SECP256K1_P = 2^256 - 2^32 - 977 (0x03d1 = 977) + // multiply t[8]...t[15] by omega: + + for (u32 i = 0, j = 8; i < 8; i++, j++) + { + u64 p = ((u64) 0x03d1) * t[j] + c; + + tmp[i] = (u32) p; + + c = p >> 32; + } + + tmp[8] = c; + + c = add (tmp + 1, tmp + 1, t + 8); // modifies tmp[1]...tmp[8] + + tmp[9] = c; + + + // r = t + tmp + + c = add (r, t, tmp); + + // multiply t[0]...t[7] by omega: + + u32 c2 = 0; + + // memset (t, 0, sizeof (t)); + + for (u32 i = 0, j = 8; i < 8; i++, j++) + { + u64 p = ((u64) 0x3d1) * tmp[j] + c2; + + t[i] = (u32) p; + + c2 = p >> 32; + } + + t[8] = c2; + + c2 = add (t + 1, t + 1, tmp + 8); // modifies t[1]...t[8] + + t[9] = c2; + + + // r = r + t + + c2 = add (r, r, t); + + c += c2; + + t[0] = SECP256K1_P0; + t[1] = SECP256K1_P1; + t[2] = SECP256K1_P2; + t[3] = SECP256K1_P3; + t[4] = SECP256K1_P4; + t[5] = SECP256K1_P5; + t[6] = SECP256K1_P6; + t[7] = SECP256K1_P7; + + for (u32 i = c; i > 0; i--) + { + sub (r, r, t); + } + + for (int i = 7; i >= 0; i--) + { + if (r[i] < t[i]) break; + + if (r[i] > t[i]) + { + sub (r, r, t); + + break; + } + } +} + +DECLSPEC void sqrt_mod (u32 r[8]) +{ + // Fermat's Little Theorem + // secp256k1: y^2 = x^3 + 7 % p + // y ^ (p - 1) = 1 + // y ^ (p - 1) = (y^2) ^ ((p - 1) / 2) = 1 => y^2 = (y^2) ^ (((p - 1) / 2) + 1) + // => y = (y^2) ^ ((((p - 1) / 2) + 1) / 2) + // y = (y^2) ^ (((p - 1 + 2) / 2) / 2) = (y^2) ^ ((p + 1) / 4) + + // y1 = (x^3 + 7) ^ ((p + 1) / 4) + // y2 = p - y1 (or y2 = y1 * -1 % p) + + u32 s[8]; + + s[0] = SECP256K1_P0 + 1; // because of (p + 1) / 4 or use add (s, s, 1) + s[1] = SECP256K1_P1; + s[2] = SECP256K1_P2; + s[3] = SECP256K1_P3; + s[4] = SECP256K1_P4; + s[5] = SECP256K1_P5; + s[6] = SECP256K1_P6; + s[7] = SECP256K1_P7; + + u32 t[8] = { 0 }; + + t[0] = 1; + + for (u32 i = 255; i > 1; i--) // we just skip the last 2 multiplications (=> exp / 4) + { + mul_mod (t, t, t); // r * r + + u32 idx = i >> 5; + u32 mask = 1 << (i & 0x1f); + + if (s[idx] & mask) + { + mul_mod (t, t, r); // t * r + } + } + + r[0] = t[0]; + r[1] = t[1]; + r[2] = t[2]; + r[3] = t[3]; + r[4] = t[4]; + r[5] = t[5]; + r[6] = t[6]; + r[7] = t[7]; +} + +// (inverse (a, p) * a) % p == 1 (or think of a * a^-1 = a / a = 1) + +DECLSPEC void inv_mod (u32 a[8]) +{ + // How often does this really happen? it should "almost" never happen (but would be safer) + // if ((a[0] | a[1] | a[2] | a[3] | a[4] | a[5] | a[6] | a[7]) == 0) return; + + u32 t0[8]; + + t0[0] = a[0]; + t0[1] = a[1]; + t0[2] = a[2]; + t0[3] = a[3]; + t0[4] = a[4]; + t0[5] = a[5]; + t0[6] = a[6]; + t0[7] = a[7]; + + u32 p[8]; + + p[0] = SECP256K1_P0; + p[1] = SECP256K1_P1; + p[2] = SECP256K1_P2; + p[3] = SECP256K1_P3; + p[4] = SECP256K1_P4; + p[5] = SECP256K1_P5; + p[6] = SECP256K1_P6; + p[7] = SECP256K1_P7; + + u32 t1[8]; + + t1[0] = SECP256K1_P0; + t1[1] = SECP256K1_P1; + t1[2] = SECP256K1_P2; + t1[3] = SECP256K1_P3; + t1[4] = SECP256K1_P4; + t1[5] = SECP256K1_P5; + t1[6] = SECP256K1_P6; + t1[7] = SECP256K1_P7; + + u32 t2[8] = { 0 }; + + t2[0] = 0x00000001; + + u32 t3[8] = { 0 }; + + u32 b = (t0[0] != t1[0]) + | (t0[1] != t1[1]) + | (t0[2] != t1[2]) + | (t0[3] != t1[3]) + | (t0[4] != t1[4]) + | (t0[5] != t1[5]) + | (t0[6] != t1[6]) + | (t0[7] != t1[7]); + + while (b) + { + if ((t0[0] & 1) == 0) // even + { + t0[0] = t0[0] >> 1 | t0[1] << 31; + t0[1] = t0[1] >> 1 | t0[2] << 31; + t0[2] = t0[2] >> 1 | t0[3] << 31; + t0[3] = t0[3] >> 1 | t0[4] << 31; + t0[4] = t0[4] >> 1 | t0[5] << 31; + t0[5] = t0[5] >> 1 | t0[6] << 31; + t0[6] = t0[6] >> 1 | t0[7] << 31; + t0[7] = t0[7] >> 1; + + u32 c = 0; + + if (t2[0] & 1) c = add (t2, t2, p); + + t2[0] = t2[0] >> 1 | t2[1] << 31; + t2[1] = t2[1] >> 1 | t2[2] << 31; + t2[2] = t2[2] >> 1 | t2[3] << 31; + t2[3] = t2[3] >> 1 | t2[4] << 31; + t2[4] = t2[4] >> 1 | t2[5] << 31; + t2[5] = t2[5] >> 1 | t2[6] << 31; + t2[6] = t2[6] >> 1 | t2[7] << 31; + t2[7] = t2[7] >> 1 | c << 31; + } + else if ((t1[0] & 1) == 0) + { + t1[0] = t1[0] >> 1 | t1[1] << 31; + t1[1] = t1[1] >> 1 | t1[2] << 31; + t1[2] = t1[2] >> 1 | t1[3] << 31; + t1[3] = t1[3] >> 1 | t1[4] << 31; + t1[4] = t1[4] >> 1 | t1[5] << 31; + t1[5] = t1[5] >> 1 | t1[6] << 31; + t1[6] = t1[6] >> 1 | t1[7] << 31; + t1[7] = t1[7] >> 1; + + u32 c = 0; + + if (t3[0] & 1) c = add (t3, t3, p); + + t3[0] = t3[0] >> 1 | t3[1] << 31; + t3[1] = t3[1] >> 1 | t3[2] << 31; + t3[2] = t3[2] >> 1 | t3[3] << 31; + t3[3] = t3[3] >> 1 | t3[4] << 31; + t3[4] = t3[4] >> 1 | t3[5] << 31; + t3[5] = t3[5] >> 1 | t3[6] << 31; + t3[6] = t3[6] >> 1 | t3[7] << 31; + t3[7] = t3[7] >> 1 | c << 31; + } + else + { + u32 gt = 0; + + for (int i = 7; i >= 0; i--) + { + if (t0[i] > t1[i]) + { + gt = 1; + + break; + } + + if (t0[i] < t1[i]) break; + } + + if (gt) + { + sub (t0, t0, t1); + + t0[0] = t0[0] >> 1 | t0[1] << 31; + t0[1] = t0[1] >> 1 | t0[2] << 31; + t0[2] = t0[2] >> 1 | t0[3] << 31; + t0[3] = t0[3] >> 1 | t0[4] << 31; + t0[4] = t0[4] >> 1 | t0[5] << 31; + t0[5] = t0[5] >> 1 | t0[6] << 31; + t0[6] = t0[6] >> 1 | t0[7] << 31; + t0[7] = t0[7] >> 1; + + u32 lt = 0; + + for (int i = 7; i >= 0; i--) + { + if (t2[i] < t3[i]) + { + lt = 1; + + break; + } + + if (t2[i] > t3[i]) break; + } + + if (lt) add (t2, t2, p); + + sub (t2, t2, t3); + + u32 c = 0; + + if (t2[0] & 1) c = add (t2, t2, p); + + t2[0] = t2[0] >> 1 | t2[1] << 31; + t2[1] = t2[1] >> 1 | t2[2] << 31; + t2[2] = t2[2] >> 1 | t2[3] << 31; + t2[3] = t2[3] >> 1 | t2[4] << 31; + t2[4] = t2[4] >> 1 | t2[5] << 31; + t2[5] = t2[5] >> 1 | t2[6] << 31; + t2[6] = t2[6] >> 1 | t2[7] << 31; + t2[7] = t2[7] >> 1 | c << 31; + } + else + { + sub (t1, t1, t0); + + t1[0] = t1[0] >> 1 | t1[1] << 31; + t1[1] = t1[1] >> 1 | t1[2] << 31; + t1[2] = t1[2] >> 1 | t1[3] << 31; + t1[3] = t1[3] >> 1 | t1[4] << 31; + t1[4] = t1[4] >> 1 | t1[5] << 31; + t1[5] = t1[5] >> 1 | t1[6] << 31; + t1[6] = t1[6] >> 1 | t1[7] << 31; + t1[7] = t1[7] >> 1; + + u32 lt = 0; + + for (int i = 7; i >= 0; i--) + { + if (t3[i] < t2[i]) + { + lt = 1; + + break; + } + + if (t3[i] > t2[i]) break; + } + + if (lt) add (t3, t3, p); + + sub (t3, t3, t2); + + u32 c = 0; + + if (t3[0] & 1) c = add (t3, t3, p); + + t3[0] = t3[0] >> 1 | t3[1] << 31; + t3[1] = t3[1] >> 1 | t3[2] << 31; + t3[2] = t3[2] >> 1 | t3[3] << 31; + t3[3] = t3[3] >> 1 | t3[4] << 31; + t3[4] = t3[4] >> 1 | t3[5] << 31; + t3[5] = t3[5] >> 1 | t3[6] << 31; + t3[6] = t3[6] >> 1 | t3[7] << 31; + t3[7] = t3[7] >> 1 | c << 31; + } + } + + // update b: + + b = (t0[0] != t1[0]) + | (t0[1] != t1[1]) + | (t0[2] != t1[2]) + | (t0[3] != t1[3]) + | (t0[4] != t1[4]) + | (t0[5] != t1[5]) + | (t0[6] != t1[6]) + | (t0[7] != t1[7]); + } + + // set result: + + a[0] = t2[0]; + a[1] = t2[1]; + a[2] = t2[2]; + a[3] = t2[3]; + a[4] = t2[4]; + a[5] = t2[5]; + a[6] = t2[6]; + a[7] = t2[7]; +} + +/* + // everything from the formulas below of course MOD the prime: + + // we use this formula: + + X = (3/2 * x^2)^2 - 2 * x * y^2 + Y = (3/2 * x^2) * (x * y^2 - X) - y^4 + Z = y * z + + this is identical to the more frequently used form: + + X = (3 * x^2)^2 - 8 * x * y^2 + Y = 3 * x^2 * (4 * x * y^2 - X) - 8 * y^4 + Z = 2 * y * z +*/ + +DECLSPEC void point_double (u32 x[8], u32 y[8], u32 z[8]) +{ + // How often does this really happen? it should "almost" never happen (but would be safer) + + /* + if ((y[0] | y[1] | y[2] | y[3] | y[4] | y[5] | y[6] | y[7]) == 0) + { + x[0] = 0; + x[1] = 0; + x[2] = 0; + x[3] = 0; + x[4] = 0; + x[5] = 0; + x[6] = 0; + x[7] = 0; + + y[0] = 0; + y[1] = 0; + y[2] = 0; + y[3] = 0; + y[4] = 0; + y[5] = 0; + y[6] = 0; + y[7] = 0; + + z[0] = 0; + z[1] = 0; + z[2] = 0; + z[3] = 0; + z[4] = 0; + z[5] = 0; + z[6] = 0; + z[7] = 0; + + return; + } + */ + + u32 t1[8]; + + t1[0] = x[0]; + t1[1] = x[1]; + t1[2] = x[2]; + t1[3] = x[3]; + t1[4] = x[4]; + t1[5] = x[5]; + t1[6] = x[6]; + t1[7] = x[7]; + + u32 t2[8]; + + t2[0] = y[0]; + t2[1] = y[1]; + t2[2] = y[2]; + t2[3] = y[3]; + t2[4] = y[4]; + t2[5] = y[5]; + t2[6] = y[6]; + t2[7] = y[7]; + + u32 t3[8]; + + t3[0] = z[0]; + t3[1] = z[1]; + t3[2] = z[2]; + t3[3] = z[3]; + t3[4] = z[4]; + t3[5] = z[5]; + t3[6] = z[6]; + t3[7] = z[7]; + + u32 t4[8]; + u32 t5[8]; + u32 t6[8]; + + mul_mod (t4, t1, t1); // t4 = x^2 + + mul_mod (t5, t2, t2); // t5 = y^2 + + mul_mod (t1, t1, t5); // t1 = x*y^2 + + mul_mod (t5, t5, t5); // t5 = t5^2 = y^4 + + // here the z^2 and z^4 is not needed for a = 0 + + mul_mod (t3, t2, t3); // t3 = x * z + + add_mod (t2, t4, t4); // t2 = 2 * t4 = 2 * x^2 + add_mod (t4, t4, t2); // t4 = 3 * t4 = 3 * x^2 + + // a * z^4 = 0 * 1^4 = 0 + + // don't discard the least significant bit it's important too! + + u32 c = 0; + + if (t4[0] & 1) + { + u32 t[8]; + + t[0] = SECP256K1_P0; + t[1] = SECP256K1_P1; + t[2] = SECP256K1_P2; + t[3] = SECP256K1_P3; + t[4] = SECP256K1_P4; + t[5] = SECP256K1_P5; + t[6] = SECP256K1_P6; + t[7] = SECP256K1_P7; + + c = add (t4, t4, t); // t4 + SECP256K1_P + } + + // right shift (t4 / 2): + + t4[0] = t4[0] >> 1 | t4[1] << 31; + t4[1] = t4[1] >> 1 | t4[2] << 31; + t4[2] = t4[2] >> 1 | t4[3] << 31; + t4[3] = t4[3] >> 1 | t4[4] << 31; + t4[4] = t4[4] >> 1 | t4[5] << 31; + t4[5] = t4[5] >> 1 | t4[6] << 31; + t4[6] = t4[6] >> 1 | t4[7] << 31; + t4[7] = t4[7] >> 1 | c << 31; + + mul_mod (t6, t4, t4); // t6 = t4^2 = (3/2 * x^2)^2 + + add_mod (t2, t1, t1); // t2 = 2 * t1 + + sub_mod (t6, t6, t2); // t6 = t6 - t2 + sub_mod (t1, t1, t6); // t1 = t1 - t6 + + mul_mod (t4, t4, t1); // t4 = t4 * t1 + + sub_mod (t1, t4, t5); // t1 = t4 - t5 + + // => x = t6, y = t1, z = t3: + + x[0] = t6[0]; + x[1] = t6[1]; + x[2] = t6[2]; + x[3] = t6[3]; + x[4] = t6[4]; + x[5] = t6[5]; + x[6] = t6[6]; + x[7] = t6[7]; + + y[0] = t1[0]; + y[1] = t1[1]; + y[2] = t1[2]; + y[3] = t1[3]; + y[4] = t1[4]; + y[5] = t1[5]; + y[6] = t1[6]; + y[7] = t1[7]; + + z[0] = t3[0]; + z[1] = t3[1]; + z[2] = t3[2]; + z[3] = t3[3]; + z[4] = t3[4]; + z[5] = t3[5]; + z[6] = t3[6]; + z[7] = t3[7]; +} + +DECLSPEC void point_add (u32 x1[8], u32 y1[8], u32 z1[8], const u32 x2[8], const u32 y2[8], const u32 z2[8]) +{ + // How often does this really happen? it should "almost" never happen (but would be safer) + + /* + if ((y2[0] | y2[1] | y2[2] | y2[3] | y2[4] | y2[5] | y2[6] | y2[7]) == 0) return; + + if ((y1[0] | y1[1] | y1[2] | y1[3] | y1[4] | y1[5] | y1[6] | y1[7]) == 0) + { + x1[0] = x2[0]; + x1[1] = x2[1]; + x1[2] = x2[2]; + x1[3] = x2[3]; + x1[4] = x2[4]; + x1[5] = x2[5]; + x1[6] = x2[6]; + x1[7] = x2[7]; + + y1[0] = y2[0]; + y1[1] = y2[1]; + y1[2] = y2[2]; + y1[3] = y2[3]; + y1[4] = y2[4]; + y1[5] = y2[5]; + y1[6] = y2[6]; + y1[7] = y2[7]; + + z1[0] = z2[0]; + z1[1] = z2[1]; + z1[2] = z2[2]; + z1[3] = z2[3]; + z1[4] = z2[4]; + z1[5] = z2[5]; + z1[6] = z2[6]; + z1[7] = z2[7]; + + return; + } + */ + + // if x1 == x2 and y2 == y2 and z2 == z2 we need to double instead? + + // x1/y1/z1: + + u32 t1[8]; + + t1[0] = x1[0]; + t1[1] = x1[1]; + t1[2] = x1[2]; + t1[3] = x1[3]; + t1[4] = x1[4]; + t1[5] = x1[5]; + t1[6] = x1[6]; + t1[7] = x1[7]; + + u32 t2[8]; + + t2[0] = y1[0]; + t2[1] = y1[1]; + t2[2] = y1[2]; + t2[3] = y1[3]; + t2[4] = y1[4]; + t2[5] = y1[5]; + t2[6] = y1[6]; + t2[7] = y1[7]; + + u32 t3[8]; + + t3[0] = z1[0]; + t3[1] = z1[1]; + t3[2] = z1[2]; + t3[3] = z1[3]; + t3[4] = z1[4]; + t3[5] = z1[5]; + t3[6] = z1[6]; + t3[7] = z1[7]; + + // x2/y2/z2: + + u32 t4[8]; + + t4[0] = x2[0]; + t4[1] = x2[1]; + t4[2] = x2[2]; + t4[3] = x2[3]; + t4[4] = x2[4]; + t4[5] = x2[5]; + t4[6] = x2[6]; + t4[7] = x2[7]; + + u32 t5[8]; + + t5[0] = y2[0]; + t5[1] = y2[1]; + t5[2] = y2[2]; + t5[3] = y2[3]; + t5[4] = y2[4]; + t5[5] = y2[5]; + t5[6] = y2[6]; + t5[7] = y2[7]; + + u32 t6[8]; + + t6[0] = z2[0]; + t6[1] = z2[1]; + t6[2] = z2[2]; + t6[3] = z2[3]; + t6[4] = z2[4]; + t6[5] = z2[5]; + t6[6] = z2[6]; + t6[7] = z2[7]; + + u32 t7[8]; + + mul_mod (t7, t3, t3); // t7 = z1^2 + mul_mod (t4, t4, t7); // t4 = x2 * z1^2 = B + + mul_mod (t5, t5, t3); // t5 = y2 * z1 + mul_mod (t5, t5, t7); // t5 = y2 * z1^3 = D + + mul_mod (t7, t6, t6); // t7 = z2^2 + + mul_mod (t1, t1, t7); // t1 = x1 * z2^2 + + mul_mod (t2, t2, t6); // t2 = y1 * z2 + mul_mod (t2, t2, t7); // t2 = y1 * z2^3 = C + + sub_mod (t1, t1, t4); // t1 = A - B = E + + mul_mod (t3, t6, t3); // t3 = z1 * z2 + mul_mod (t3, t1, t3); // t3 = z1 * z2 * E = Z3 + + sub_mod (t2, t2, t5); // t2 = C - D = F + + mul_mod (t7, t1, t1); // t7 = E^2 + mul_mod (t6, t2, t2); // t6 = F^2 + + mul_mod (t4, t4, t7); // t4 = B * E^2 + mul_mod (t1, t7, t1); // t1 = E^3 + + sub_mod (t6, t6, t1); // t6 = F^2 - E^3 + + add_mod (t7, t4, t4); // t7 = 2 * B * E^2 + + sub_mod (t6, t6, t7); // t6 = F^2 - E^2 - 2 * B * E^2 = X3 + sub_mod (t4, t4, t6); // t4 = B * E^2 - X3 + + mul_mod (t2, t2, t4); // t2 = F * (B * E^2 - X3) + mul_mod (t7, t5, t1); // t7 = D * E^3 + + sub_mod (t7, t2, t7); // t7 = F * (B * E^2 - X3) - D * E^3 = Y3 + + x1[0] = t6[0]; + x1[1] = t6[1]; + x1[2] = t6[2]; + x1[3] = t6[3]; + x1[4] = t6[4]; + x1[5] = t6[5]; + x1[6] = t6[6]; + x1[7] = t6[7]; + + y1[0] = t7[0]; + y1[1] = t7[1]; + y1[2] = t7[2]; + y1[3] = t7[3]; + y1[4] = t7[4]; + y1[5] = t7[5]; + y1[6] = t7[6]; + y1[7] = t7[7]; + + z1[0] = t3[0]; + z1[1] = t3[1]; + z1[2] = t3[2]; + z1[3] = t3[3]; + z1[4] = t3[4]; + z1[5] = t3[5]; + z1[6] = t3[6]; + z1[7] = t3[7]; +} + +DECLSPEC void point_get_coords (secp256k1_t *r, const u32 x[8], const u32 y[8]) +{ + // init the values with x and y: + + u32 x1[8]; + + x1[0] = x[0]; + x1[1] = x[1]; + x1[2] = x[2]; + x1[3] = x[3]; + x1[4] = x[4]; + x1[5] = x[5]; + x1[6] = x[6]; + x1[7] = x[7]; + + u32 y1[8]; + + y1[0] = y[0]; + y1[1] = y[1]; + y1[2] = y[2]; + y1[3] = y[3]; + y1[4] = y[4]; + y1[5] = y[5]; + y1[6] = y[6]; + y1[7] = y[7]; + + u32 t1[8]; + + t1[0] = y[0]; + t1[1] = y[1]; + t1[2] = y[2]; + t1[3] = y[3]; + t1[4] = y[4]; + t1[5] = y[5]; + t1[6] = y[6]; + t1[7] = y[7]; + + // we use jacobian forms and the convertion with z = 1 is basically a NO-OP: + // X = X1 * z^2 = X1, Y = Y1 * z^3 = Y + + // https://eprint.iacr.org/2011/338.pdf + + // initial jacobian doubling + + u32 t2[8]; + u32 t3[8]; + u32 t4[8]; + + mul_mod (t2, x1, x1); // t2 = x1^2 + mul_mod (t3, y1, y1); // t3 = y1^2 + + mul_mod (x1, x1, t3); // x1 = x1*y1^2 + + mul_mod (t3, t3, t3); // t3 = t3^2 = y1^4 + + // here the z^2 and z^4 is not needed for a = 0 (and furthermore we have z = 1) + + add_mod (y1, t2, t2); // y1 = 2 * t2 = 2 * x1^2 + add_mod (t2, y1, t2); // t2 = 3 * t2 = 3 * x1^2 + + // a * z^4 = 0 * 1^4 = 0 + + // don't discard the least significant bit it's important too! + + u32 c = 0; + + if (t2[0] & 1) + { + u32 t[8]; + + t[0] = SECP256K1_P0; + t[1] = SECP256K1_P1; + t[2] = SECP256K1_P2; + t[3] = SECP256K1_P3; + t[4] = SECP256K1_P4; + t[5] = SECP256K1_P5; + t[6] = SECP256K1_P6; + t[7] = SECP256K1_P7; + + c = add (t2, t2, t); // t2 + SECP256K1_P + } + + // right shift (t2 / 2): + + t2[0] = t2[0] >> 1 | t2[1] << 31; + t2[1] = t2[1] >> 1 | t2[2] << 31; + t2[2] = t2[2] >> 1 | t2[3] << 31; + t2[3] = t2[3] >> 1 | t2[4] << 31; + t2[4] = t2[4] >> 1 | t2[5] << 31; + t2[5] = t2[5] >> 1 | t2[6] << 31; + t2[6] = t2[6] >> 1 | t2[7] << 31; + t2[7] = t2[7] >> 1 | c << 31; + + mul_mod (t4, t2, t2); // t4 = t2^2 = (3/2*x1^2)^2 + + add_mod (y1, x1, x1); // y1 = 2 * x1_new + + sub_mod (t4, t4, y1); // t4 = t4 - y1_new + sub_mod (x1, x1, t4); // x1 = x1 - t4 + + mul_mod (t2, t2, x1); // t2 = t2 * x1_new + + sub_mod (x1, t2, t3); // x1 = t2 - t3 + + // => X = t4, Y = x1, Z = t1: + // (and t2, t3 can now be safely reused) + + // convert to affine coordinates (to save some bytes copied around) and store it: + + u32 inv[8]; + + inv[0] = t1[0]; + inv[1] = t1[1]; + inv[2] = t1[2]; + inv[3] = t1[3]; + inv[4] = t1[4]; + inv[5] = t1[5]; + inv[6] = t1[6]; + inv[7] = t1[7]; + + inv_mod (inv); + + mul_mod (t2, inv, inv); // t2 = inv^2 + mul_mod (t3, inv, t2); // t3 = inv^3 + + // output to y1 + + mul_mod (t3, t3, x1); + + r->xy[31] = t3[7]; + r->xy[30] = t3[6]; + r->xy[29] = t3[5]; + r->xy[28] = t3[4]; + r->xy[27] = t3[3]; + r->xy[26] = t3[2]; + r->xy[25] = t3[1]; + r->xy[24] = t3[0]; + + // output to x1 + + mul_mod (t3, t2, t4); + + r->xy[23] = t3[7]; + r->xy[22] = t3[6]; + r->xy[21] = t3[5]; + r->xy[20] = t3[4]; + r->xy[19] = t3[3]; + r->xy[18] = t3[2]; + r->xy[17] = t3[1]; + r->xy[16] = t3[0]; + + // also store orginal x/y: + + r->xy[15] = y[7]; + r->xy[14] = y[6]; + r->xy[13] = y[5]; + r->xy[12] = y[4]; + r->xy[11] = y[3]; + r->xy[10] = y[2]; + r->xy[ 9] = y[1]; + r->xy[ 8] = y[0]; + + r->xy[ 7] = x[7]; + r->xy[ 6] = x[6]; + r->xy[ 5] = x[5]; + r->xy[ 4] = x[4]; + r->xy[ 3] = x[3]; + r->xy[ 2] = x[2]; + r->xy[ 1] = x[1]; + r->xy[ 0] = x[0]; + + + // do the double of the double (i.e. "triple") too, just in case we need it in the main loop: + + point_double (t4, x1, t1); + + // convert to affine coordinates and store it: + + inv_mod (t1); + + mul_mod (t2, t1, t1); // t2 = t1^2 + mul_mod (t3, t1, t2); // t3 = t1^3 + + // output to y1 + + mul_mod (t3, t3, x1); + + r->xy[47] = t3[7]; + r->xy[46] = t3[6]; + r->xy[45] = t3[5]; + r->xy[44] = t3[4]; + r->xy[43] = t3[3]; + r->xy[42] = t3[2]; + r->xy[41] = t3[1]; + r->xy[40] = t3[0]; + + // output to x1 + + mul_mod (t3, t2, t4); + + r->xy[39] = t3[7]; + r->xy[38] = t3[6]; + r->xy[37] = t3[5]; + r->xy[36] = t3[4]; + r->xy[35] = t3[3]; + r->xy[34] = t3[2]; + r->xy[33] = t3[1]; + r->xy[32] = t3[0]; +} + +DECLSPEC void point_mul (u32 r[9], const u32 k[8], GLOBAL_AS const secp256k1_t *tmps) +{ + // first check the position of the least significant bit + + // the following fancy shift operation just checks the last 2 bits, finds the + // least significant bit (set to 1) and updates idx according to this table: + // last bits | idx + // 0bxxxxxx00 | 2 + // 0bxxxxxx01 | 0 + // 0bxxxxxx10 | 1 + // 0bxxxxxx11 | 0 + + const u32 idx = (0x0102 >> ((k[0] & 3) << 2)) & 3; + + const u32 offset = idx << 4; // * (8 + 8) = 16 (=> offset of 16 u32 = 16 * 4 bytes) + + u32 x1[8]; + + x1[0] = tmps->xy[offset + 0]; + x1[1] = tmps->xy[offset + 1]; + x1[2] = tmps->xy[offset + 2]; + x1[3] = tmps->xy[offset + 3]; + x1[4] = tmps->xy[offset + 4]; + x1[5] = tmps->xy[offset + 5]; + x1[6] = tmps->xy[offset + 6]; + x1[7] = tmps->xy[offset + 7]; + + u32 y1[8]; + + y1[0] = tmps->xy[offset + 8]; + y1[1] = tmps->xy[offset + 9]; + y1[2] = tmps->xy[offset + 10]; + y1[3] = tmps->xy[offset + 11]; + y1[4] = tmps->xy[offset + 12]; + y1[5] = tmps->xy[offset + 13]; + y1[6] = tmps->xy[offset + 14]; + y1[7] = tmps->xy[offset + 15]; + + u32 z1[8] = { 0 }; + + z1[0] = 1; + + // do NOT allow to overflow the tmps->xy buffer: + + u32 final_offset = offset; + + if (final_offset > 16) final_offset = 16; + + u32 x2[8]; + + x2[0] = tmps->xy[final_offset + 16]; + x2[1] = tmps->xy[final_offset + 17]; + x2[2] = tmps->xy[final_offset + 18]; + x2[3] = tmps->xy[final_offset + 19]; + x2[4] = tmps->xy[final_offset + 20]; + x2[5] = tmps->xy[final_offset + 21]; + x2[6] = tmps->xy[final_offset + 22]; + x2[7] = tmps->xy[final_offset + 23]; + + u32 y2[8]; + + y2[0] = tmps->xy[final_offset + 24]; + y2[1] = tmps->xy[final_offset + 25]; + y2[2] = tmps->xy[final_offset + 26]; + y2[3] = tmps->xy[final_offset + 27]; + y2[4] = tmps->xy[final_offset + 28]; + y2[5] = tmps->xy[final_offset + 29]; + y2[6] = tmps->xy[final_offset + 30]; + y2[7] = tmps->xy[final_offset + 31]; + + u32 z2[8] = { 0 }; + + z2[0] = 1; + + // ... then find out the position of the most significant bit + + int loop_start = idx; + int loop_end = 255; + + for (int i = 255; i > 0; i--) // or use: i > idx + { + u32 idx = i >> 5; // the current u32 (each consisting of 2^5 = 32 bits) to inspect + + u32 mask = 1 << (i & 0x1f); + + if (k[idx] & mask) break; // found it ! + + loop_end--; + } + + /* + * Start + */ + + // "just" double until we find the first add (where the first bit is set): + + for (int pos = loop_start; pos < loop_end; pos++) + { + const u32 idx = pos >> 5; + + const u32 mask = 1 << (pos & 0x1f); + + if (k[idx] & mask) break; + + point_double (x2, y2, z2); + + loop_start++; + } + + // for case 0 and 1 we can skip the double (we already did it in the host) + + if (idx > 1) + { + x1[0] = x2[0]; + x1[1] = x2[1]; + x1[2] = x2[2]; + x1[3] = x2[3]; + x1[4] = x2[4]; + x1[5] = x2[5]; + x1[6] = x2[6]; + x1[7] = x2[7]; + + y1[0] = y2[0]; + y1[1] = y2[1]; + y1[2] = y2[2]; + y1[3] = y2[3]; + y1[4] = y2[4]; + y1[5] = y2[5]; + y1[6] = y2[6]; + y1[7] = y2[7]; + + z1[0] = z2[0]; + z1[1] = z2[1]; + z1[2] = z2[2]; + z1[3] = z2[3]; + z1[4] = z2[4]; + z1[5] = z2[5]; + z1[6] = z2[6]; + z1[7] = z2[7]; + + point_double (x2, y2, z2); + } + + // main loop (right-to-left binary algorithm): + + for (int pos = loop_start + 1; pos < loop_end; pos++) + { + u32 idx = pos >> 5; + + u32 mask = 1 << (pos & 0x1f); + + // add only if needed: + + if (k[idx] & mask) + { + point_add (x1, y1, z1, x2, y2, z2); + } + + // always double: + + point_double (x2, y2, z2); + } + + // handle last one: + + //const u32 final_idx = loop_end >> 5; + //const u32 mask = 1 << (loop_end & 0x1f); + + //if (k[final_idx] & mask) + //{ + // here we just assume that we have at least 2 bits set (an initial one and one additional bit) + // this could be dangerous/wrong in some situations, but very, very, very unlikely + point_add (x1, y1, z1, x2, y2, z2); + //} + + /* + * Get the corresponding affine coordinates x/y: + * + * Note: + * x1_affine = x1_jacobian / z1^2 = x1_jacobian * z1_inv^2 + * y1_affine = y1_jacobian / z1^2 = y1_jacobian * z1_inv^2 + * + */ + + inv_mod (z1); + + // z2 is just used as temporary storage to keep the unmodified z1 for calculating z1^3: + + mul_mod (z2, z1, z1); // z1^2 + mul_mod (x1, x1, z2); // x1_affine + + mul_mod (z1, z2, z1); // z1^3 + mul_mod (y1, y1, z1); // y1_affine + + /* + * output: + */ + + // shift by 1 byte (8 bits) to make room and add the parity/sign (for odd/even y): + + r[8] = (x1[0] << 24); + r[7] = (x1[0] >> 8) | (x1[1] << 24); + r[6] = (x1[1] >> 8) | (x1[2] << 24); + r[5] = (x1[2] >> 8) | (x1[3] << 24); + r[4] = (x1[3] >> 8) | (x1[4] << 24); + r[3] = (x1[4] >> 8) | (x1[5] << 24); + r[2] = (x1[5] >> 8) | (x1[6] << 24); + r[1] = (x1[6] >> 8) | (x1[7] << 24); + r[0] = (x1[7] >> 8); + + const u32 type = 0x02 | (y1[0] & 1); // (note: 0b10 | 0b01 = 0x03) + + r[0] = r[0] | type << 24; // 0x02 or 0x03 +} + +DECLSPEC u32 parse_public (secp256k1_t *r, const u32 k[9]) +{ + // verify: + + const u32 first_byte = k[0] & 0xff; + + if ((first_byte != '\x02') && (first_byte != '\x03')) + { + return 1; + } + + // load k into x without the first byte: + + u32 x[8]; + + x[0] = (k[7] & 0xff00) << 16 | (k[7] & 0xff0000) | (k[7] & 0xff000000) >> 16 | (k[8] & 0xff); + x[1] = (k[6] & 0xff00) << 16 | (k[6] & 0xff0000) | (k[6] & 0xff000000) >> 16 | (k[7] & 0xff); + x[2] = (k[5] & 0xff00) << 16 | (k[5] & 0xff0000) | (k[5] & 0xff000000) >> 16 | (k[6] & 0xff); + x[3] = (k[4] & 0xff00) << 16 | (k[4] & 0xff0000) | (k[4] & 0xff000000) >> 16 | (k[5] & 0xff); + x[4] = (k[3] & 0xff00) << 16 | (k[3] & 0xff0000) | (k[3] & 0xff000000) >> 16 | (k[4] & 0xff); + x[5] = (k[2] & 0xff00) << 16 | (k[2] & 0xff0000) | (k[2] & 0xff000000) >> 16 | (k[3] & 0xff); + x[6] = (k[1] & 0xff00) << 16 | (k[1] & 0xff0000) | (k[1] & 0xff000000) >> 16 | (k[2] & 0xff); + x[7] = (k[0] & 0xff00) << 16 | (k[0] & 0xff0000) | (k[0] & 0xff000000) >> 16 | (k[1] & 0xff); + + u32 p[8]; + + p[0] = SECP256K1_P0; + p[1] = SECP256K1_P1; + p[2] = SECP256K1_P2; + p[3] = SECP256K1_P3; + p[4] = SECP256K1_P4; + p[5] = SECP256K1_P5; + p[6] = SECP256K1_P6; + p[7] = SECP256K1_P7; + + // x must be smaller than p (because of y ^ 2 = x ^ 3 % p) + + for (int i = 7; i >= 0; i--) + { + if (x[i] < p[i]) break; + if (x[i] > p[i]) return 1; + } + + + // get y^2 = x^3 + 7: + + u32 b[8] = { 0 }; + + b[0] = SECP256K1_B; + + u32 y[8]; + + mul_mod (y, x, x); + mul_mod (y, y, x); + add_mod (y, y, b); + + // get y = sqrt (y^2): + + sqrt_mod (y); + + // check if it's of the correct parity that we want (odd/even): + + if ((first_byte & 1) != (y[0] & 1)) + { + // y2 = p - y1 (or y2 = y1 * -1) + + sub_mod (y, p, y); + } + + // get xy: + + point_get_coords (r, x, y); + + return 0; +} diff --git a/OpenCL/inc_ecc_secp256k1.h b/OpenCL/inc_ecc_secp256k1.h new file mode 100644 index 000000000..501235d4b --- /dev/null +++ b/OpenCL/inc_ecc_secp256k1.h @@ -0,0 +1,40 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#ifndef _INC_ECC_SECP256K1_H +#define _INC_ECC_SECP256K1_H + +// y^2 = x^3 + ax + b with a = 0 and b = 7 => y^2 = x^3 + 7: + +#define SECP256K1_B 7 + +#define SECP256K1_P0 0xfffffc2f +#define SECP256K1_P1 0xfffffffe +#define SECP256K1_P2 0xffffffff +#define SECP256K1_P3 0xffffffff +#define SECP256K1_P4 0xffffffff +#define SECP256K1_P5 0xffffffff +#define SECP256K1_P6 0xffffffff +#define SECP256K1_P7 0xffffffff + +#define SECP256K1_N0 0xd0364141 +#define SECP256K1_N1 0xbfd25e8c +#define SECP256K1_N2 0xaf48a03b +#define SECP256K1_N3 0xbaaedce6 +#define SECP256K1_N4 0xfffffffe +#define SECP256K1_N5 0xffffffff +#define SECP256K1_N6 0xffffffff +#define SECP256K1_N7 0xffffffff + +typedef struct secp256k1 +{ + u32 xy[48]; // all 3 pairs of 32+32 bytes: x,y, x1,y1, x2,y2 + +} secp256k1_t; + +DECLSPEC u32 parse_public (secp256k1_t *r, const u32 k[9]); +DECLSPEC void point_mul (u32 *r, const u32 k[8], GLOBAL_AS const secp256k1_t *tmps); + +#endif // _INC_ECC_SECP256K1_H diff --git a/OpenCL/inc_zip_inflate.cl b/OpenCL/inc_zip_inflate.cl index d43d6bc10..b980e4674 100644 --- a/OpenCL/inc_zip_inflate.cl +++ b/OpenCL/inc_zip_inflate.cl @@ -209,6 +209,15 @@ DECLSPEC void *memset(u8 *s, int c, u32 len){ #define TINFL_MEMSET(p, c, l) memset(p, c, (u32)l) #define MZ_CLEAR_OBJ(obj) memset(&(obj), 0, sizeof(obj)) +// hashcat-patched/hashcat-specific: +#ifdef CRC32_IN_INFLATE +#define M_DICT_SIZE 1 +#define MAYBE_GLOBAL GLOBAL_AS +#else +#define M_DICT_SIZE TINFL_LZ_DICT_SIZE +#define MAYBE_GLOBAL +#endif + #define TINFL_CR_FINISH } #define TINFL_CR_BEGIN \ switch (r->m_state) \ @@ -411,14 +420,16 @@ typedef struct tinfl_decompressor m_decomp; mz_uint m_dict_ofs, m_dict_avail, m_first_call, m_has_flushed; int m_window_bits; - mz_uint8 m_dict[1]; // hashcat-patched: we do not need m_dict because we have our own output buffer + // hashcat-patched: we do not need m_dict in case of CRC32 checksums, + // because we have our own output buffer: + mz_uint8 m_dict[M_DICT_SIZE]; tinfl_status m_last_status; } inflate_state; typedef struct mz_stream_s { - GLOBAL_AS const unsigned char *next_in; /* pointer to next byte to read */ + MAYBE_GLOBAL const unsigned char *next_in; /* pointer to next byte to read */ unsigned int avail_in; /* number of bytes available at next_in */ mz_ulong total_in; /* total number of bytes consumed so far */ @@ -457,9 +468,10 @@ DECLSPEC int mz_inflateEnd(mz_streamp pStream); DECLSPEC int mz_inflateInit2(mz_streamp pStream, int window_bits, inflate_state*); - +// hashcat-patched/hashcat-specific: DECLSPEC const mz_uint8 pIn_xor_byte (const mz_uint8 c, mz_streamp pStream) { + #ifdef CRC32_IN_INFLATE mz_uint8 r = c; u32 key3; @@ -469,18 +481,21 @@ DECLSPEC const mz_uint8 pIn_xor_byte (const mz_uint8 c, mz_streamp pStream) update_key012 (pStream->key0, pStream->key1, pStream->key2, plain, pStream->crc32tab); return (mz_uint8) plain; + #else + return c; + #endif } -DECLSPEC void memcpy_g(void *dest, GLOBAL_AS const void *src, size_t n, mz_streamp pStream){ - GLOBAL_AS char *csrc = (GLOBAL_AS char *)src; +DECLSPEC void memcpy_g(void *dest, MAYBE_GLOBAL const void *src, size_t n, mz_streamp pStream){ + MAYBE_GLOBAL char *csrc = (MAYBE_GLOBAL char *)src; char *cdest = (char *)dest; for (int i=0; iavail_out; status = tinfl_decompress(&pState->m_decomp, pStream->next_in, &in_bytes, pStream->next_out, pStream->next_out, &out_bytes, decomp_flags, pStream); + #ifdef CRC32_IN_INFLATE for (int i = 0; i < out_bytes; i++) { pStream->crc32 = CRC32 (pStream->crc32, pStream->next_out[i], pStream->crc32tab); } + #endif pState->m_last_status = status; pStream->next_in += (mz_uint)in_bytes; @@ -1040,10 +1057,12 @@ DECLSPEC int mz_inflate(mz_streamp pStream, int flush) n = MZ_MIN(pState->m_dict_avail, pStream->avail_out); memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n); + #ifdef CRC32_IN_INFLATE for (int i = 0; i < n; i++) { pStream->crc32 = CRC32 (pStream->crc32, pStream->next_out[i], pStream->crc32tab); } + #endif //pStream->next_out += n; //pStream->avail_out -= n; @@ -1072,10 +1091,12 @@ DECLSPEC int mz_inflate(mz_streamp pStream, int flush) n = MZ_MIN(pState->m_dict_avail, pStream->avail_out); memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n); + #ifdef CRC32_IN_INFLATE for (int i = 0; i < n; i++) { pStream->crc32 = CRC32 (pStream->crc32, pStream->next_out[i], pStream->crc32tab); } + #endif //pStream->next_out += n; //pStream->avail_out -= n; @@ -1158,10 +1179,12 @@ DECLSPEC int hc_inflate (mz_streamp pStream) tinfl_status status = tinfl_decompress (&pState->m_decomp, pStream->next_in, &in_bytes, pStream->next_out, pStream->next_out + pStream->total_out, &out_bytes, decomp_flags, pStream); + #ifdef CRC32_IN_INFLATE for (int i = 0; i < out_bytes; i++) { pStream->crc32 = CRC32 (pStream->crc32, pStream->next_out[pStream->total_out + i], pStream->crc32tab); } + #endif pStream->next_in += (mz_uint) in_bytes; pStream->avail_in -= (mz_uint) in_bytes; diff --git a/OpenCL/m21700-pure.cl b/OpenCL/m21700-pure.cl index 03b899701..45bd04ee0 100644 --- a/OpenCL/m21700-pure.cl +++ b/OpenCL/m21700-pure.cl @@ -13,12 +13,15 @@ #include "inc_simd.cl" #include "inc_hash_sha256.cl" #include "inc_hash_sha512.cl" +#include "inc_ecc_secp256k1.cl" #endif #define COMPARE_M "inc_comp_multi.cl" typedef struct electrum { + secp256k1_t coords; + u32 data_buf[4096]; u32 data_len; @@ -34,16 +37,6 @@ typedef struct electrum_tmp } electrum_tmp_t; -typedef struct -{ - u32 ukey[8]; - - u32 pubkey[9]; // 32 + 1 bytes (for sign of the curve point) - - u32 hook_success; - -} electrum_hook_t; - DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w4, u32x *w5, u32x *w6, u32x *w7, u64x *ipad, u64x *opad, u64x *digest) { digest[0] = ipad[0]; @@ -102,7 +95,7 @@ DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest); } -KERNEL_FQ void m21700_init (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electrum_hook_t, electrum_t)) +KERNEL_FQ void m21700_init (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t)) { /** * base @@ -199,7 +192,7 @@ KERNEL_FQ void m21700_init (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electrum tmps[gid].out[7] = tmps[gid].dgst[7]; } -KERNEL_FQ void m21700_loop (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electrum_hook_t, electrum_t)) +KERNEL_FQ void m21700_loop (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t)) { const u64 gid = get_global_id (0); @@ -322,8 +315,12 @@ KERNEL_FQ void m21700_loop (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electrum unpack64v (tmps, out, gid, 7, out[7]); } -KERNEL_FQ void m21700_hook23 (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electrum_hook_t, electrum_t)) +KERNEL_FQ void m21700_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t)) { + /** + * base + */ + const u64 gid = get_global_id (0); if (gid >= gid_max) return; @@ -339,27 +336,9 @@ KERNEL_FQ void m21700_hook23 (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electr out[6] = tmps[gid].out[6]; out[7] = tmps[gid].out[7]; - // we need to perform a modulo operation with 512-bit % 256-bit (bignum modulo): - // the modulus is the secp256k1 group order - /* - the general modulo by shift and substract code (a = a % b): - - x = b; - - t = a >> 1; - - while (x <= t) x <<= 1; - - while (a >= b) - { - if (a >= x) a -= x; - - x >>= 1; - } - - return a; // remainder - */ + * First calculate the modulo of the pbkdf2 hash with SECP256K1_N: + */ u32 a[16]; @@ -380,302 +359,43 @@ KERNEL_FQ void m21700_hook23 (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electr a[14] = h32_from_64_S (out[7]); a[15] = l32_from_64_S (out[7]); - u32 b[16]; + mod_512 (a); + + // copy the last 256 bit (32 bytes) of modulo (a): + + u32 tweak[8]; + + tweak[0] = a[15]; + tweak[1] = a[14]; + tweak[2] = a[13]; + tweak[3] = a[12]; + tweak[4] = a[11]; + tweak[5] = a[10]; + tweak[6] = a[ 9]; + tweak[7] = a[ 8]; - b[ 0] = 0x00000000; - b[ 1] = 0x00000000; - b[ 2] = 0x00000000; - b[ 3] = 0x00000000; - b[ 4] = 0x00000000; - b[ 5] = 0x00000000; - b[ 6] = 0x00000000; - b[ 7] = 0x00000000; - b[ 8] = 0xffffffff; - b[ 9] = 0xffffffff; - b[10] = 0xffffffff; - b[11] = 0xfffffffe; - b[12] = 0xbaaedce6; - b[13] = 0xaf48a03b; - b[14] = 0xbfd25e8c; - b[15] = 0xd0364141; /* - * Start: + * the main secp256k1 point multiplication by a scalar/tweak: */ - // x = b (but with a fast "shift" trick to avoid the while loop) + GLOBAL_AS secp256k1_t *coords = (GLOBAL_AS secp256k1_t *) &esalt_bufs[digests_offset].coords; - u32 x[16]; + u32 pubkey[64] = { 0 }; // for point_mul () we need: 1 + 32 bytes (for sha512 () we need more) - x[ 0] = b[ 8]; // this is a trick: we just put the group order's most significant bit all the - x[ 1] = b[ 9]; // way to the top to avoid doing the initial: while (x <= t) x <<= 1 - x[ 2] = b[10]; - x[ 3] = b[11]; - x[ 4] = b[12]; - x[ 5] = b[13]; - x[ 6] = b[14]; - x[ 7] = b[15]; - x[ 8] = 0x00000000; - x[ 9] = 0x00000000; - x[10] = 0x00000000; - x[11] = 0x00000000; - x[12] = 0x00000000; - x[13] = 0x00000000; - x[14] = 0x00000000; - x[15] = 0x00000000; + point_mul (pubkey, tweak, coords); - // a >= b - while (a[0] >= b[0]) - { - const u32 l1 = (a[ 0] < b[ 0]) << 0 - | (a[ 1] < b[ 1]) << 1 - | (a[ 2] < b[ 2]) << 2 - | (a[ 3] < b[ 3]) << 3 - | (a[ 4] < b[ 4]) << 4 - | (a[ 5] < b[ 5]) << 5 - | (a[ 6] < b[ 6]) << 6 - | (a[ 7] < b[ 7]) << 7 - | (a[ 8] < b[ 8]) << 8 - | (a[ 9] < b[ 9]) << 9 - | (a[10] < b[10]) << 10 - | (a[11] < b[11]) << 11 - | (a[12] < b[12]) << 12 - | (a[13] < b[13]) << 13 - | (a[14] < b[14]) << 14 - | (a[15] < b[15]) << 15; - - const u32 e1 = (a[ 0] == b[ 0]) << 0 - | (a[ 1] == b[ 1]) << 1 - | (a[ 2] == b[ 2]) << 2 - | (a[ 3] == b[ 3]) << 3 - | (a[ 4] == b[ 4]) << 4 - | (a[ 5] == b[ 5]) << 5 - | (a[ 6] == b[ 6]) << 6 - | (a[ 7] == b[ 7]) << 7 - | (a[ 8] == b[ 8]) << 8 - | (a[ 9] == b[ 9]) << 9 - | (a[10] == b[10]) << 10 - | (a[11] == b[11]) << 11 - | (a[12] == b[12]) << 12 - | (a[13] == b[13]) << 13 - | (a[14] == b[14]) << 14 - | (a[15] == b[15]) << 15; - - if (l1) - { - if (l1 & 0x0001) break; - if (l1 & 0x0002) if ((e1 & 0x0001) == 0x0001) break; - if (l1 & 0x0004) if ((e1 & 0x0003) == 0x0003) break; - if (l1 & 0x0008) if ((e1 & 0x0007) == 0x0007) break; - if (l1 & 0x0010) if ((e1 & 0x000f) == 0x000f) break; - if (l1 & 0x0020) if ((e1 & 0x001f) == 0x001f) break; - if (l1 & 0x0040) if ((e1 & 0x003f) == 0x003f) break; - if (l1 & 0x0080) if ((e1 & 0x007f) == 0x007f) break; - if (l1 & 0x0100) if ((e1 & 0x00ff) == 0x00ff) break; - if (l1 & 0x0200) if ((e1 & 0x01ff) == 0x01ff) break; - if (l1 & 0x0400) if ((e1 & 0x03ff) == 0x03ff) break; - if (l1 & 0x0800) if ((e1 & 0x07ff) == 0x07ff) break; - if (l1 & 0x1000) if ((e1 & 0x0fff) == 0x0fff) break; - if (l1 & 0x2000) if ((e1 & 0x1fff) == 0x1fff) break; - if (l1 & 0x4000) if ((e1 & 0x3fff) == 0x3fff) break; - if (l1 & 0x8000) if ((e1 & 0x7fff) == 0x7fff) break; - } - - // r = x (copy it to have the original values for the subtraction) - - u32 r[16]; - - r[ 0] = x[ 0]; - r[ 1] = x[ 1]; - r[ 2] = x[ 2]; - r[ 3] = x[ 3]; - r[ 4] = x[ 4]; - r[ 5] = x[ 5]; - r[ 6] = x[ 6]; - r[ 7] = x[ 7]; - r[ 8] = x[ 8]; - r[ 9] = x[ 9]; - r[10] = x[10]; - r[11] = x[11]; - r[12] = x[12]; - r[13] = x[13]; - r[14] = x[14]; - r[15] = x[15]; - - // x >>= 1 - - x[15] = x[15] >> 1 | (x[14] & 1) << 31; - x[14] = x[14] >> 1 | (x[13] & 1) << 31; - x[13] = x[13] >> 1 | (x[12] & 1) << 31; - x[12] = x[12] >> 1 | (x[11] & 1) << 31; - x[11] = x[11] >> 1 | (x[10] & 1) << 31; - x[10] = x[10] >> 1 | (x[ 9] & 1) << 31; - x[ 9] = x[ 9] >> 1 | (x[ 8] & 1) << 31; - x[ 8] = x[ 8] >> 1 | (x[ 7] & 1) << 31; - x[ 7] = x[ 7] >> 1 | (x[ 6] & 1) << 31; - x[ 6] = x[ 6] >> 1 | (x[ 5] & 1) << 31; - x[ 5] = x[ 5] >> 1 | (x[ 4] & 1) << 31; - x[ 4] = x[ 4] >> 1 | (x[ 3] & 1) << 31; - x[ 3] = x[ 3] >> 1 | (x[ 2] & 1) << 31; - x[ 2] = x[ 2] >> 1 | (x[ 1] & 1) << 31; - x[ 1] = x[ 1] >> 1 | (x[ 0] & 1) << 31; - x[ 0] = x[ 0] >> 1; - - // if (a >= r) a -= r; - - const u32 l2 = (a[ 0] < r[ 0]) << 0 - | (a[ 1] < r[ 1]) << 1 - | (a[ 2] < r[ 2]) << 2 - | (a[ 3] < r[ 3]) << 3 - | (a[ 4] < r[ 4]) << 4 - | (a[ 5] < r[ 5]) << 5 - | (a[ 6] < r[ 6]) << 6 - | (a[ 7] < r[ 7]) << 7 - | (a[ 8] < r[ 8]) << 8 - | (a[ 9] < r[ 9]) << 9 - | (a[10] < r[10]) << 10 - | (a[11] < r[11]) << 11 - | (a[12] < r[12]) << 12 - | (a[13] < r[13]) << 13 - | (a[14] < r[14]) << 14 - | (a[15] < r[15]) << 15; - - const u32 e2 = (a[ 0] == r[ 0]) << 0 - | (a[ 1] == r[ 1]) << 1 - | (a[ 2] == r[ 2]) << 2 - | (a[ 3] == r[ 3]) << 3 - | (a[ 4] == r[ 4]) << 4 - | (a[ 5] == r[ 5]) << 5 - | (a[ 6] == r[ 6]) << 6 - | (a[ 7] == r[ 7]) << 7 - | (a[ 8] == r[ 8]) << 8 - | (a[ 9] == r[ 9]) << 9 - | (a[10] == r[10]) << 10 - | (a[11] == r[11]) << 11 - | (a[12] == r[12]) << 12 - | (a[13] == r[13]) << 13 - | (a[14] == r[14]) << 14 - | (a[15] == r[15]) << 15; - - if (l2) - { - if (l2 & 0x0001) continue; - if (l2 & 0x0002) if ((e2 & 0x0001) == 0x0001) continue; - if (l2 & 0x0004) if ((e2 & 0x0003) == 0x0003) continue; - if (l2 & 0x0008) if ((e2 & 0x0007) == 0x0007) continue; - if (l2 & 0x0010) if ((e2 & 0x000f) == 0x000f) continue; - if (l2 & 0x0020) if ((e2 & 0x001f) == 0x001f) continue; - if (l2 & 0x0040) if ((e2 & 0x003f) == 0x003f) continue; - if (l2 & 0x0080) if ((e2 & 0x007f) == 0x007f) continue; - if (l2 & 0x0100) if ((e2 & 0x00ff) == 0x00ff) continue; - if (l2 & 0x0200) if ((e2 & 0x01ff) == 0x01ff) continue; - if (l2 & 0x0400) if ((e2 & 0x03ff) == 0x03ff) continue; - if (l2 & 0x0800) if ((e2 & 0x07ff) == 0x07ff) continue; - if (l2 & 0x1000) if ((e2 & 0x0fff) == 0x0fff) continue; - if (l2 & 0x2000) if ((e2 & 0x1fff) == 0x1fff) continue; - if (l2 & 0x4000) if ((e2 & 0x3fff) == 0x3fff) continue; - if (l2 & 0x8000) if ((e2 & 0x7fff) == 0x7fff) continue; - } - - // substract (a -= r): - - r[ 0] = a[ 0] - r[ 0]; - r[ 1] = a[ 1] - r[ 1]; - r[ 2] = a[ 2] - r[ 2]; - r[ 3] = a[ 3] - r[ 3]; - r[ 4] = a[ 4] - r[ 4]; - r[ 5] = a[ 5] - r[ 5]; - r[ 6] = a[ 6] - r[ 6]; - r[ 7] = a[ 7] - r[ 7]; - r[ 8] = a[ 8] - r[ 8]; - r[ 9] = a[ 9] - r[ 9]; - r[10] = a[10] - r[10]; - r[11] = a[11] - r[11]; - r[12] = a[12] - r[12]; - r[13] = a[13] - r[13]; - r[14] = a[14] - r[14]; - r[15] = a[15] - r[15]; - - // take care of the "borrow" (we can't do it the other way around 15...1 because r[x] is changed!) - - if (r[ 1] > a[ 1]) r[ 0]--; - if (r[ 2] > a[ 2]) r[ 1]--; - if (r[ 3] > a[ 3]) r[ 2]--; - if (r[ 4] > a[ 4]) r[ 3]--; - if (r[ 5] > a[ 5]) r[ 4]--; - if (r[ 6] > a[ 6]) r[ 5]--; - if (r[ 7] > a[ 7]) r[ 6]--; - if (r[ 8] > a[ 8]) r[ 7]--; - if (r[ 9] > a[ 9]) r[ 8]--; - if (r[10] > a[10]) r[ 9]--; - if (r[11] > a[11]) r[10]--; - if (r[12] > a[12]) r[11]--; - if (r[13] > a[13]) r[12]--; - if (r[14] > a[14]) r[13]--; - if (r[15] > a[15]) r[14]--; - - a[ 0] = r[ 0]; - a[ 1] = r[ 1]; - a[ 2] = r[ 2]; - a[ 3] = r[ 3]; - a[ 4] = r[ 4]; - a[ 5] = r[ 5]; - a[ 6] = r[ 6]; - a[ 7] = r[ 7]; - a[ 8] = r[ 8]; - a[ 9] = r[ 9]; - a[10] = r[10]; - a[11] = r[11]; - a[12] = r[12]; - a[13] = r[13]; - a[14] = r[14]; - a[15] = r[15]; - } - - /** - * copy the last 256 bit (32 bytes) of modulo (a) to the hook buffer + /* + * sha512 () of the pubkey: */ - hooks[gid].ukey[0] = hc_swap32_S (a[ 8]); - hooks[gid].ukey[1] = hc_swap32_S (a[ 9]); - hooks[gid].ukey[2] = hc_swap32_S (a[10]); - hooks[gid].ukey[3] = hc_swap32_S (a[11]); - hooks[gid].ukey[4] = hc_swap32_S (a[12]); - hooks[gid].ukey[5] = hc_swap32_S (a[13]); - hooks[gid].ukey[6] = hc_swap32_S (a[14]); - hooks[gid].ukey[7] = hc_swap32_S (a[15]); -} - -KERNEL_FQ void m21700_comp (KERN_ATTR_TMPS_HOOKS_ESALT (electrum_tmp_t, electrum_hook_t, electrum_t)) -{ - /** - * base - */ - - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - - if (hooks[gid].hook_success == 0) return; - - u32 pubkey[64] = { 0 }; - - pubkey[0] = hooks[gid].pubkey[0]; - pubkey[1] = hooks[gid].pubkey[1]; - pubkey[2] = hooks[gid].pubkey[2]; - pubkey[3] = hooks[gid].pubkey[3]; - pubkey[4] = hooks[gid].pubkey[4]; - pubkey[5] = hooks[gid].pubkey[5]; - pubkey[6] = hooks[gid].pubkey[6]; - pubkey[7] = hooks[gid].pubkey[7]; - pubkey[8] = hooks[gid].pubkey[8]; - sha512_ctx_t sha512_ctx; - sha512_init (&sha512_ctx); - sha512_update_swap (&sha512_ctx, pubkey, 33); // 33 because of 32 byte curve point + sign - sha512_final (&sha512_ctx); + sha512_init (&sha512_ctx); + sha512_update (&sha512_ctx, pubkey, 33); // 33 because of 32 byte curve point + sign + sha512_final (&sha512_ctx); + /* * sha256-hmac () of the data_buf diff --git a/OpenCL/m21800-pure.cl b/OpenCL/m21800-pure.cl index 3658721e2..ccdf822aa 100644 --- a/OpenCL/m21800-pure.cl +++ b/OpenCL/m21800-pure.cl @@ -12,8 +12,19 @@ #include "inc_common.cl" #include "inc_simd.cl" #include "inc_hash_sha512.cl" +#include "inc_ecc_secp256k1.cl" +#include "inc_cipher_aes.cl" +#include "inc_zip_inflate.cl" #endif +typedef struct electrum +{ + secp256k1_t coords; + + u32 data_buf[256]; + +} electrum_t; + typedef struct electrum_tmp { u64 ipad[8]; @@ -24,14 +35,6 @@ typedef struct electrum_tmp } electrum_tmp_t; -typedef struct -{ - u32 ukey[8]; - - u32 hook_success; - -} electrum_hook_t; - DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w4, u32x *w5, u32x *w6, u32x *w7, u64x *ipad, u64x *opad, u64x *digest) { digest[0] = ipad[0]; @@ -90,7 +93,7 @@ DECLSPEC void hmac_sha512_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *w sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest); } -KERNEL_FQ void m21800_init (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hook_t)) +KERNEL_FQ void m21800_init (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t)) { /** * base @@ -187,7 +190,7 @@ KERNEL_FQ void m21800_init (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hook_ tmps[gid].out[7] = tmps[gid].dgst[7]; } -KERNEL_FQ void m21800_loop (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hook_t)) +KERNEL_FQ void m21800_loop (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t)) { const u64 gid = get_global_id (0); @@ -310,12 +313,70 @@ KERNEL_FQ void m21800_loop (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hook_ unpack64v (tmps, out, gid, 7, out[7]); } -KERNEL_FQ void m21800_hook23 (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hook_t)) +KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t)) { - const u64 gid = get_global_id (0); + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif if (gid >= gid_max) return; + + /* + * Start by copying/aligning the data + */ + u64 out[8]; out[0] = tmps[gid].out[0]; @@ -327,27 +388,9 @@ KERNEL_FQ void m21800_hook23 (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hoo out[6] = tmps[gid].out[6]; out[7] = tmps[gid].out[7]; - // we need to perform a modulo operation with 512-bit % 256-bit (bignum modulo): - // the modulus is the secp256k1 group order - /* - the general modulo by shift and substract code (a = a % b): - - x = b; - - t = a >> 1; - - while (x <= t) x <<= 1; - - while (a >= b) - { - if (a >= x) a -= x; - - x >>= 1; - } - - return a; // remainder - */ + * First calculate the modulo of the pbkdf2 hash with SECP256K1_N: + */ u32 a[16]; @@ -368,284 +411,199 @@ KERNEL_FQ void m21800_hook23 (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hoo a[14] = h32_from_64_S (out[7]); a[15] = l32_from_64_S (out[7]); - u32 b[16]; + mod_512 (a); + + // copy the last 256 bit (32 bytes) of modulo (a): + + u32 tweak[8]; + + tweak[0] = a[15]; + tweak[1] = a[14]; + tweak[2] = a[13]; + tweak[3] = a[12]; + tweak[4] = a[11]; + tweak[5] = a[10]; + tweak[6] = a[ 9]; + tweak[7] = a[ 8]; - b[ 0] = 0x00000000; - b[ 1] = 0x00000000; - b[ 2] = 0x00000000; - b[ 3] = 0x00000000; - b[ 4] = 0x00000000; - b[ 5] = 0x00000000; - b[ 6] = 0x00000000; - b[ 7] = 0x00000000; - b[ 8] = 0xffffffff; - b[ 9] = 0xffffffff; - b[10] = 0xffffffff; - b[11] = 0xfffffffe; - b[12] = 0xbaaedce6; - b[13] = 0xaf48a03b; - b[14] = 0xbfd25e8c; - b[15] = 0xd0364141; /* - * Start: + * the main secp256k1 point multiplication by a scalar/tweak: */ - // x = b (but with a fast "shift" trick to avoid the while loop) + GLOBAL_AS secp256k1_t *coords = (GLOBAL_AS secp256k1_t *) &esalt_bufs[digests_offset].coords; - u32 x[16]; + u32 pubkey[64] = { 0 }; // for point_mul () we need: 1 + 32 bytes (for sha512 () we need more) - x[ 0] = b[ 8]; // this is a trick: we just put the group order's most significant bit all the - x[ 1] = b[ 9]; // way to the top to avoid doing the initial: while (x <= t) x <<= 1 - x[ 2] = b[10]; - x[ 3] = b[11]; - x[ 4] = b[12]; - x[ 5] = b[13]; - x[ 6] = b[14]; - x[ 7] = b[15]; - x[ 8] = 0x00000000; - x[ 9] = 0x00000000; - x[10] = 0x00000000; - x[11] = 0x00000000; - x[12] = 0x00000000; - x[13] = 0x00000000; - x[14] = 0x00000000; - x[15] = 0x00000000; + point_mul (pubkey, tweak, coords); - // a >= b - while (a[0] >= b[0]) + /* + * sha512 () of the pubkey: + */ + + sha512_ctx_t sha512_ctx; + + sha512_init (&sha512_ctx); + sha512_update (&sha512_ctx, pubkey, 33); // 33 because of 32 byte curve point + sign + sha512_final (&sha512_ctx); + + // ... now we have the result in sha512_ctx.h[0]...sha512_ctx.h[7] + + u32 iv[4]; + + iv[0] = h32_from_64_S (sha512_ctx.h[0]); + iv[1] = l32_from_64_S (sha512_ctx.h[0]); + iv[2] = h32_from_64_S (sha512_ctx.h[1]); + iv[3] = l32_from_64_S (sha512_ctx.h[1]); + + iv[0] = hc_swap32_S (iv[0]); + iv[1] = hc_swap32_S (iv[1]); + iv[2] = hc_swap32_S (iv[2]); + iv[3] = hc_swap32_S (iv[3]); + + u32 key[4]; + + key[0] = h32_from_64_S (sha512_ctx.h[2]); + key[1] = l32_from_64_S (sha512_ctx.h[2]); + key[2] = h32_from_64_S (sha512_ctx.h[3]); + key[3] = l32_from_64_S (sha512_ctx.h[3]); + + key[0] = hc_swap32_S (key[0]); + key[1] = hc_swap32_S (key[1]); + key[2] = hc_swap32_S (key[2]); + key[3] = hc_swap32_S (key[3]); + + + /* + * AES decrypt the data_buf + */ + + // init AES + + #define KEYLEN 44 + + u32 ks[KEYLEN]; + + aes128_set_decrypt_key (ks, key, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + // #define AES_LEN 1024 + // in my tests it also worked with only 128 input bytes ! + #define AES_LEN 128 + #define AES_LEN_DIV_4 32 + + u32 buf_full[AES_LEN_DIV_4]; + + // we need to run it at least once: + + GLOBAL_AS u32 *data_buf = (GLOBAL_AS u32 *) esalt_bufs[digests_offset].data_buf; + + u32 data[4]; + + data[0] = data_buf[0]; + data[1] = data_buf[1]; + data[2] = data_buf[2]; + data[3] = data_buf[3]; + + u32 buf[4]; + + aes128_decrypt (ks, data, buf, s_td0, s_td1, s_td2, s_td3, s_td4); + + buf[0] ^= iv[0]; + + // early reject + + if ((buf[0] & 0x0007ffff) != 0x00059c78) return; + + buf[1] ^= iv[1]; + buf[2] ^= iv[2]; + buf[3] ^= iv[3]; + + buf_full[0] = buf[0]; + buf_full[1] = buf[1]; + buf_full[2] = buf[2]; + buf_full[3] = buf[3]; + + iv[0] = data[0]; + iv[1] = data[1]; + iv[2] = data[2]; + iv[3] = data[3]; + + // for AES_LEN > 16 we need to loop + + for (int i = 16, j = 4; i < AES_LEN; i += 16, j += 4) { - const u32 l1 = (a[ 0] < b[ 0]) << 0 - | (a[ 1] < b[ 1]) << 1 - | (a[ 2] < b[ 2]) << 2 - | (a[ 3] < b[ 3]) << 3 - | (a[ 4] < b[ 4]) << 4 - | (a[ 5] < b[ 5]) << 5 - | (a[ 6] < b[ 6]) << 6 - | (a[ 7] < b[ 7]) << 7 - | (a[ 8] < b[ 8]) << 8 - | (a[ 9] < b[ 9]) << 9 - | (a[10] < b[10]) << 10 - | (a[11] < b[11]) << 11 - | (a[12] < b[12]) << 12 - | (a[13] < b[13]) << 13 - | (a[14] < b[14]) << 14 - | (a[15] < b[15]) << 15; + data[0] = data_buf[j + 0]; + data[1] = data_buf[j + 1]; + data[2] = data_buf[j + 2]; + data[3] = data_buf[j + 3]; - const u32 e1 = (a[ 0] == b[ 0]) << 0 - | (a[ 1] == b[ 1]) << 1 - | (a[ 2] == b[ 2]) << 2 - | (a[ 3] == b[ 3]) << 3 - | (a[ 4] == b[ 4]) << 4 - | (a[ 5] == b[ 5]) << 5 - | (a[ 6] == b[ 6]) << 6 - | (a[ 7] == b[ 7]) << 7 - | (a[ 8] == b[ 8]) << 8 - | (a[ 9] == b[ 9]) << 9 - | (a[10] == b[10]) << 10 - | (a[11] == b[11]) << 11 - | (a[12] == b[12]) << 12 - | (a[13] == b[13]) << 13 - | (a[14] == b[14]) << 14 - | (a[15] == b[15]) << 15; + aes128_decrypt (ks, data, buf, s_td0, s_td1, s_td2, s_td3, s_td4); - if (l1) - { - if (l1 & 0x0001) break; - if (l1 & 0x0002) if ((e1 & 0x0001) == 0x0001) break; - if (l1 & 0x0004) if ((e1 & 0x0003) == 0x0003) break; - if (l1 & 0x0008) if ((e1 & 0x0007) == 0x0007) break; - if (l1 & 0x0010) if ((e1 & 0x000f) == 0x000f) break; - if (l1 & 0x0020) if ((e1 & 0x001f) == 0x001f) break; - if (l1 & 0x0040) if ((e1 & 0x003f) == 0x003f) break; - if (l1 & 0x0080) if ((e1 & 0x007f) == 0x007f) break; - if (l1 & 0x0100) if ((e1 & 0x00ff) == 0x00ff) break; - if (l1 & 0x0200) if ((e1 & 0x01ff) == 0x01ff) break; - if (l1 & 0x0400) if ((e1 & 0x03ff) == 0x03ff) break; - if (l1 & 0x0800) if ((e1 & 0x07ff) == 0x07ff) break; - if (l1 & 0x1000) if ((e1 & 0x0fff) == 0x0fff) break; - if (l1 & 0x2000) if ((e1 & 0x1fff) == 0x1fff) break; - if (l1 & 0x4000) if ((e1 & 0x3fff) == 0x3fff) break; - if (l1 & 0x8000) if ((e1 & 0x7fff) == 0x7fff) break; - } + buf[0] ^= iv[0]; + buf[1] ^= iv[1]; + buf[2] ^= iv[2]; + buf[3] ^= iv[3]; - // r = x (copy it to have the original values for the subtraction) + iv[0] = data[0]; + iv[1] = data[1]; + iv[2] = data[2]; + iv[3] = data[3]; - u32 r[16]; - - r[ 0] = x[ 0]; - r[ 1] = x[ 1]; - r[ 2] = x[ 2]; - r[ 3] = x[ 3]; - r[ 4] = x[ 4]; - r[ 5] = x[ 5]; - r[ 6] = x[ 6]; - r[ 7] = x[ 7]; - r[ 8] = x[ 8]; - r[ 9] = x[ 9]; - r[10] = x[10]; - r[11] = x[11]; - r[12] = x[12]; - r[13] = x[13]; - r[14] = x[14]; - r[15] = x[15]; - - // x >>= 1 - - x[15] = x[15] >> 1 | (x[14] & 1) << 31; - x[14] = x[14] >> 1 | (x[13] & 1) << 31; - x[13] = x[13] >> 1 | (x[12] & 1) << 31; - x[12] = x[12] >> 1 | (x[11] & 1) << 31; - x[11] = x[11] >> 1 | (x[10] & 1) << 31; - x[10] = x[10] >> 1 | (x[ 9] & 1) << 31; - x[ 9] = x[ 9] >> 1 | (x[ 8] & 1) << 31; - x[ 8] = x[ 8] >> 1 | (x[ 7] & 1) << 31; - x[ 7] = x[ 7] >> 1 | (x[ 6] & 1) << 31; - x[ 6] = x[ 6] >> 1 | (x[ 5] & 1) << 31; - x[ 5] = x[ 5] >> 1 | (x[ 4] & 1) << 31; - x[ 4] = x[ 4] >> 1 | (x[ 3] & 1) << 31; - x[ 3] = x[ 3] >> 1 | (x[ 2] & 1) << 31; - x[ 2] = x[ 2] >> 1 | (x[ 1] & 1) << 31; - x[ 1] = x[ 1] >> 1 | (x[ 0] & 1) << 31; - x[ 0] = x[ 0] >> 1; - - // if (a >= r) a -= r; - - const u32 l2 = (a[ 0] < r[ 0]) << 0 - | (a[ 1] < r[ 1]) << 1 - | (a[ 2] < r[ 2]) << 2 - | (a[ 3] < r[ 3]) << 3 - | (a[ 4] < r[ 4]) << 4 - | (a[ 5] < r[ 5]) << 5 - | (a[ 6] < r[ 6]) << 6 - | (a[ 7] < r[ 7]) << 7 - | (a[ 8] < r[ 8]) << 8 - | (a[ 9] < r[ 9]) << 9 - | (a[10] < r[10]) << 10 - | (a[11] < r[11]) << 11 - | (a[12] < r[12]) << 12 - | (a[13] < r[13]) << 13 - | (a[14] < r[14]) << 14 - | (a[15] < r[15]) << 15; - - const u32 e2 = (a[ 0] == r[ 0]) << 0 - | (a[ 1] == r[ 1]) << 1 - | (a[ 2] == r[ 2]) << 2 - | (a[ 3] == r[ 3]) << 3 - | (a[ 4] == r[ 4]) << 4 - | (a[ 5] == r[ 5]) << 5 - | (a[ 6] == r[ 6]) << 6 - | (a[ 7] == r[ 7]) << 7 - | (a[ 8] == r[ 8]) << 8 - | (a[ 9] == r[ 9]) << 9 - | (a[10] == r[10]) << 10 - | (a[11] == r[11]) << 11 - | (a[12] == r[12]) << 12 - | (a[13] == r[13]) << 13 - | (a[14] == r[14]) << 14 - | (a[15] == r[15]) << 15; - - if (l2) - { - if (l2 & 0x0001) continue; - if (l2 & 0x0002) if ((e2 & 0x0001) == 0x0001) continue; - if (l2 & 0x0004) if ((e2 & 0x0003) == 0x0003) continue; - if (l2 & 0x0008) if ((e2 & 0x0007) == 0x0007) continue; - if (l2 & 0x0010) if ((e2 & 0x000f) == 0x000f) continue; - if (l2 & 0x0020) if ((e2 & 0x001f) == 0x001f) continue; - if (l2 & 0x0040) if ((e2 & 0x003f) == 0x003f) continue; - if (l2 & 0x0080) if ((e2 & 0x007f) == 0x007f) continue; - if (l2 & 0x0100) if ((e2 & 0x00ff) == 0x00ff) continue; - if (l2 & 0x0200) if ((e2 & 0x01ff) == 0x01ff) continue; - if (l2 & 0x0400) if ((e2 & 0x03ff) == 0x03ff) continue; - if (l2 & 0x0800) if ((e2 & 0x07ff) == 0x07ff) continue; - if (l2 & 0x1000) if ((e2 & 0x0fff) == 0x0fff) continue; - if (l2 & 0x2000) if ((e2 & 0x1fff) == 0x1fff) continue; - if (l2 & 0x4000) if ((e2 & 0x3fff) == 0x3fff) continue; - if (l2 & 0x8000) if ((e2 & 0x7fff) == 0x7fff) continue; - } - - // substract (a -= r): - - r[ 0] = a[ 0] - r[ 0]; - r[ 1] = a[ 1] - r[ 1]; - r[ 2] = a[ 2] - r[ 2]; - r[ 3] = a[ 3] - r[ 3]; - r[ 4] = a[ 4] - r[ 4]; - r[ 5] = a[ 5] - r[ 5]; - r[ 6] = a[ 6] - r[ 6]; - r[ 7] = a[ 7] - r[ 7]; - r[ 8] = a[ 8] - r[ 8]; - r[ 9] = a[ 9] - r[ 9]; - r[10] = a[10] - r[10]; - r[11] = a[11] - r[11]; - r[12] = a[12] - r[12]; - r[13] = a[13] - r[13]; - r[14] = a[14] - r[14]; - r[15] = a[15] - r[15]; - - // take care of the "borrow" (we can't do it the other way around 15...1 because r[x] is changed!) - - if (r[ 1] > a[ 1]) r[ 0]--; - if (r[ 2] > a[ 2]) r[ 1]--; - if (r[ 3] > a[ 3]) r[ 2]--; - if (r[ 4] > a[ 4]) r[ 3]--; - if (r[ 5] > a[ 5]) r[ 4]--; - if (r[ 6] > a[ 6]) r[ 5]--; - if (r[ 7] > a[ 7]) r[ 6]--; - if (r[ 8] > a[ 8]) r[ 7]--; - if (r[ 9] > a[ 9]) r[ 8]--; - if (r[10] > a[10]) r[ 9]--; - if (r[11] > a[11]) r[10]--; - if (r[12] > a[12]) r[11]--; - if (r[13] > a[13]) r[12]--; - if (r[14] > a[14]) r[13]--; - if (r[15] > a[15]) r[14]--; - - a[ 0] = r[ 0]; - a[ 1] = r[ 1]; - a[ 2] = r[ 2]; - a[ 3] = r[ 3]; - a[ 4] = r[ 4]; - a[ 5] = r[ 5]; - a[ 6] = r[ 6]; - a[ 7] = r[ 7]; - a[ 8] = r[ 8]; - a[ 9] = r[ 9]; - a[10] = r[10]; - a[11] = r[11]; - a[12] = r[12]; - a[13] = r[13]; - a[14] = r[14]; - a[15] = r[15]; + buf_full[j + 0] = buf[0]; + buf_full[j + 1] = buf[1]; + buf_full[j + 2] = buf[2]; + buf_full[j + 3] = buf[3]; } - /** - * copy the last 256 bit (32 bytes) of modulo (a) to the hook buffer + + /* + * zlib inflate/decompress: */ - hooks[gid].ukey[0] = hc_swap32_S (a[ 8]); - hooks[gid].ukey[1] = hc_swap32_S (a[ 9]); - hooks[gid].ukey[2] = hc_swap32_S (a[10]); - hooks[gid].ukey[3] = hc_swap32_S (a[11]); - hooks[gid].ukey[4] = hc_swap32_S (a[12]); - hooks[gid].ukey[5] = hc_swap32_S (a[13]); - hooks[gid].ukey[6] = hc_swap32_S (a[14]); - hooks[gid].ukey[7] = hc_swap32_S (a[15]); -} + mz_stream infstream; -KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_HOOKS (electrum_tmp_t, electrum_hook_t)) -{ - /** - * base + infstream.opaque = Z_NULL; + + // input: + + infstream.avail_in = AES_LEN; + infstream.next_in = (u8 *) buf_full; + + // output: + + #define OUT_SIZE 16 + + u8 tmp[OUT_SIZE]; + + infstream.avail_out = OUT_SIZE; + infstream.next_out = tmp; + + + // decompress it: + + inflate_state pStream; + + mz_inflateInit2 (&infstream, MAX_WBITS, &pStream); + + const int zlib_ret = inflate (&infstream, Z_NO_FLUSH); + + if ((zlib_ret != MZ_OK) && (zlib_ret != MZ_STREAM_END)) + { + return; + } + + + /* + * Verify if decompressed data is either: + * - "{\n \"" or + * - "{\r\n \"" */ - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - - if (hooks[gid].hook_success == 1) + if (((tmp[0] == 0x7b) && (tmp[1] == 0x0a) && (tmp[2] == 0x20) && (tmp[3] == 0x20) && + (tmp[4] == 0x20) && (tmp[5] == 0x20) && (tmp[6] == 0x22)) || + ((tmp[0] == 0x7b) && (tmp[1] == 0x0d) && (tmp[2] == 0x0a) && (tmp[3] == 0x20) && + (tmp[4] == 0x20) && (tmp[5] == 0x20) && (tmp[6] == 0x20) && (tmp[7] == 0x22))) { if (atomic_inc (&hashes_shown[digests_offset]) == 0) { diff --git a/docs/credits.txt b/docs/credits.txt index 71ad760fa..403a6f261 100644 --- a/docs/credits.txt +++ b/docs/credits.txt @@ -56,7 +56,7 @@ Other contributors to hashcat * LZMA-SDK by Igor Pavlov * zlib by Jean-loup Gailly and Mark Adler * win-iconv by Yukihiro Nakadaira -* secp256k1 library by Pieter Wuille +* micro-ecc by Ken MacKay (used as reference for some secp256k1 operations) # Furthermore the following persons helped the project: diff --git a/include/emu_inc_ecc_secp256k1.h b/include/emu_inc_ecc_secp256k1.h new file mode 100644 index 000000000..a411dafd1 --- /dev/null +++ b/include/emu_inc_ecc_secp256k1.h @@ -0,0 +1,14 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#ifndef _EMU_INC_ECC_SECP256K1_H +#define _EMU_INC_ECC_SECP256K1_H + +#include "emu_general.h" + +#include "inc_vendor.h" +#include "inc_ecc_secp256k1.h" + +#endif // _EMU_INC_ECC_SECP256K1_H diff --git a/include/ext_secp256k1.h b/include/ext_secp256k1.h deleted file mode 100644 index 689a75300..000000000 --- a/include/ext_secp256k1.h +++ /dev/null @@ -1,13 +0,0 @@ -/** - * Author......: See docs/credits.txt - * License.....: MIT - */ - -#ifndef _EXT_SECP256K1_H - -#include "secp256k1.h" - -bool hc_secp256k1_pubkey_parse (secp256k1_pubkey *pubkey, u8 *buf, size_t length); -bool hc_secp256k1_pubkey_tweak_mul (secp256k1_pubkey *pubkey, u8 *buf, size_t length); - -#endif // _EXT_SECP256K1_H diff --git a/src/Makefile b/src/Makefile index 6520f928c..a922a2362 100644 --- a/src/Makefile +++ b/src/Makefile @@ -10,13 +10,9 @@ PRODUCTION_VERSION := v5.1.0 ENABLE_BRAIN := 1 USE_SYSTEM_LZMA := 0 USE_SYSTEM_ZLIB := 0 -USE_SYSTEM_LIBSECP256K1 := 0 USE_SYSTEM_OPENCL := 0 USE_SYSTEM_XXHASH := 0 -# NOTE: USE_SYSTEM_LIBSECP256K1 set to 1 can come with a huge performance hit for Electrum 4-5 -# this is due to the public API (secp256k1.h) not exposing all the faster ECC operations we need - ## ## Detect Operating System ## @@ -124,12 +120,6 @@ else DEPS_ZLIB_PATH := $(LIBRARY_DEV_ROOT_FOLDER)/ endif -ifeq ($(USE_SYSTEM_LIBSECP256K1),0) -DEPS_LIBSECP256K1_PATH := deps/secp256k1/ -else -DEPS_LIBSECP256K1_PATH := $(LIBRARY_DEV_ROOT_FOLDER)/ -endif - ifeq ($(USE_SYSTEM_OPENCL),0) DEPS_OPENCL_PATH := deps/OpenCL-Headers else @@ -195,11 +185,6 @@ CFLAGS_ZLIB += -Wno-unused-parameter CFLAGS_ZLIB += -DIOAPI_NO_64 endif -## because LIBSECP256K1 (Electrum 4/5) -CFLAGS_LIBSECP256K1 += -Wno-unused-parameter -CFLAGS_LIBSECP256K1 += -Wno-unused-function -CFLAGS_LIBSECP256K1 += -Wno-nonnull-compare - ifeq ($(DEBUG),0) CFLAGS += -O2 ifneq ($(UNAME),Darwin) @@ -238,24 +223,6 @@ ifeq ($(USE_SYSTEM_ZLIB),1) LFLAGS += -lz endif -# LIBSECP256K1 - -ifeq ($(USE_SYSTEM_LIBSECP256K1),1) -LFLAGS += -lsecp256k1 -CFLAGS_LIBSECP256K1 += -DWITH_LIBSECP256K1 - -# NOT working if used only in CFLAGS_LIBSECP256K1 because we need to include secp256k1.h in the module too -CFLAGS += -I$(DEPS_LIBSECP256K1_PATH) -else -CFLAGS_LIBSECP256K1 += -I$(DEPS_LIBSECP256K1_PATH)/src/ - -# files in deps/secp256k1/ include "include/secp256k1.h" so we need the parent folder too -CFLAGS_LIBSECP256K1 += -I$(DEPS_LIBSECP256K1_PATH) - -# NOT working if used only in CFLAGS_LIBSECP256K1 because we need to include secp256k1.h in the module too -CFLAGS += -I$(DEPS_LIBSECP256K1_PATH)/include/ -endif - # OpenCL CFLAGS += -I$(DEPS_OPENCL_PATH) @@ -333,10 +300,10 @@ endif # MSYS2 EMU_OBJS_ALL := emu_general emu_inc_common emu_inc_platform emu_inc_scalar emu_inc_simd EMU_OBJS_ALL += emu_inc_rp emu_inc_rp_optimized EMU_OBJS_ALL += emu_inc_truecrypt_crc32 emu_inc_truecrypt_keyfile emu_inc_truecrypt_xts emu_inc_veracrypt_xts -EMU_OBJS_ALL += emu_inc_hash_md4 emu_inc_hash_md5 emu_inc_hash_ripemd160 emu_inc_hash_sha1 emu_inc_hash_sha256 emu_inc_hash_sha384 emu_inc_hash_sha512 emu_inc_hash_streebog256 emu_inc_hash_streebog512 +EMU_OBJS_ALL += emu_inc_hash_md4 emu_inc_hash_md5 emu_inc_hash_ripemd160 emu_inc_hash_sha1 emu_inc_hash_sha256 emu_inc_hash_sha384 emu_inc_hash_sha512 emu_inc_hash_streebog256 emu_inc_hash_streebog512 emu_inc_ecc_secp256k1 EMU_OBJS_ALL += emu_inc_cipher_aes emu_inc_cipher_camellia emu_inc_cipher_des emu_inc_cipher_kuznyechik emu_inc_cipher_serpent emu_inc_cipher_twofish -OBJS_ALL := affinity autotune backend benchmark bitmap bitops combinator common convert cpt cpu_crc32 debugfile dictstat dispatch dynloader event ext_ADL ext_cuda ext_nvapi ext_nvml ext_nvrtc ext_OpenCL ext_sysfs ext_lzma ext_secp256k1 filehandling folder hashcat hashes hlfmt hwmon induct interface keyboard_layout locking logfile loopback memory monitor mpsp outfile_check outfile pidfile potfile restore rp rp_cpu selftest slow_candidates shared status stdout straight terminal thread timer tuningdb usage user_options wordlist $(EMU_OBJS_ALL) +OBJS_ALL := affinity autotune backend benchmark bitmap bitops combinator common convert cpt cpu_crc32 debugfile dictstat dispatch dynloader event ext_ADL ext_cuda ext_nvapi ext_nvml ext_nvrtc ext_OpenCL ext_sysfs ext_lzma filehandling folder hashcat hashes hlfmt hwmon induct interface keyboard_layout locking logfile loopback memory monitor mpsp outfile_check outfile pidfile potfile restore rp rp_cpu selftest slow_candidates shared status stdout straight terminal thread timer tuningdb usage user_options wordlist $(EMU_OBJS_ALL) ifeq ($(ENABLE_BRAIN),1) OBJS_ALL += brain @@ -517,9 +484,6 @@ obj/%.NATIVE.o: $(DEPS_ZLIB_PATH)/%.c $(CC) -c $(CFLAGS_NATIVE) $(CFLAGS_ZLIB) $< -o $@ -fpic endif -obj/ext_secp256k1.NATIVE.o: src/ext_secp256k1.c - $(CC) -c $(CFLAGS_NATIVE) $(CFLAGS_LIBSECP256K1) $< -o $@ -fpic - ifeq ($(USE_SYSTEM_XXHASH),0) ifeq ($(ENABLE_BRAIN),1) obj/%.NATIVE.o: $(DEPS_XXHASH_PATH)/%.c @@ -682,12 +646,6 @@ obj/%.WIN.o: $(DEPS_XXHASH_PATH)/%.c endif endif -obj/ext_secp256k1.LINUX.o: src/ext_secp256k1.c - $(CC_LINUX) $(CFLAGS_CROSS_LINUX) $(CFLAGS_LIBSECP256K1) -c -o $@ $< - -obj/ext_secp256k1.WIN.o: src/ext_secp256k1.c - $(CC_WIN) $(CFLAGS_CROSS_WIN) $(CFLAGS_LIBSECP256K1) -c -o $@ $< - obj/combined.LINUX.a: $(LINUX_OBJS) $(AR_LINUX) rcs $@ $^ diff --git a/src/emu_inc_ecc_secp256k1.c b/src/emu_inc_ecc_secp256k1.c new file mode 100644 index 000000000..934824312 --- /dev/null +++ b/src/emu_inc_ecc_secp256k1.c @@ -0,0 +1,13 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "types.h" +#include "common.h" +#include "emu_general.h" + +#include "inc_vendor.h" +#include "inc_platform.h" +#include "inc_ecc_secp256k1.cl" + diff --git a/src/ext_secp256k1.c b/src/ext_secp256k1.c deleted file mode 100644 index ad081af54..000000000 --- a/src/ext_secp256k1.c +++ /dev/null @@ -1,151 +0,0 @@ -/** - * Author......: See docs/credits.txt - * License.....: MIT - */ - -#include "types.h" -#include "common.h" - -#include "ext_secp256k1.h" - - -#if !defined (WITH_LIBSECP256K1) - -// some macros needed for secp256k1 header and source code includes: - -// is this a good 64-bit support check ? -#if !defined (__LP64__) && !defined (_WIN64) && !defined (__x86_64__) - -#define USE_SCALAR_8X32 -#define USE_FIELD_10X26 - -#else - -#define HAVE___INT128 -#define USE_ASM_X86_64 -// doesn't change speed much: #define USE_ECMULT_STATIC_PRECOMPUTATION - -#define USE_SCALAR_4X64 -#define USE_FIELD_5X52 - -#endif - -#define USE_SCALAR_INV_BUILTIN -#define USE_FIELD_INV_BUILTIN - -#define ECMULT_WINDOW_SIZE 15 -#define ECMULT_GEN_PREC_BITS 4 - -#define USE_NUM_NONE - -#include "secp256k1.c" - -#endif - -bool hc_secp256k1_pubkey_parse (secp256k1_pubkey *pubkey, u8 *buf, size_t length) -{ - secp256k1_context *t_ctx = secp256k1_context_create (SECP256K1_CONTEXT_NONE); - - if (secp256k1_ec_pubkey_parse (t_ctx, pubkey, buf, length) == 0) - { - secp256k1_context_destroy (t_ctx); - - return false; - } - - secp256k1_context_destroy (t_ctx); - - return true; -} - -bool hc_secp256k1_pubkey_tweak_mul (secp256k1_pubkey *pubkey, u8 *buf, size_t length) -{ - #if !defined (WITH_LIBSECP256K1) - - secp256k1_context *sctx = secp256k1_context_create (SECP256K1_CONTEXT_NONE); - - secp256k1_gej res; - secp256k1_ge pt; - - // load the public key and 32 byte scalar: - - secp256k1_pubkey_load (sctx, &pt, pubkey); - - int overflow = 0; - - secp256k1_scalar s; - - secp256k1_scalar_set_b32 (&s, buf, &overflow); - - if (overflow != 0) - { - secp256k1_scalar_clear (&s); - - secp256k1_context_destroy (sctx); - - return false; - } - - if (secp256k1_scalar_is_zero (&s)) - { - secp256k1_scalar_clear (&s); - - secp256k1_context_destroy (sctx); - - return false; - } - - - // main multiply operation: - - const size_t scalar_size = (length - 1) * 8; - - secp256k1_ecmult_const (&res, &pt, &s, scalar_size); - secp256k1_ge_set_gej (&pt, &res); - secp256k1_fe_normalize (&pt.x); - secp256k1_fe_normalize (&pt.y); - - - // output: - - buf[0] = 0x02 | secp256k1_fe_is_odd (&pt.y); - - secp256k1_fe_get_b32 (buf + 1, &pt.x); - - - // cleanup: - - secp256k1_scalar_clear (&s); - - secp256k1_context_destroy (sctx); - - #else - - // ATTENTION: this way to multiply was much slower in our tests - - secp256k1_context *sctx = secp256k1_context_create (SECP256K1_CONTEXT_VERIFY); - - - // main multiply operation: - - if (secp256k1_ec_pubkey_tweak_mul (sctx, pubkey, buf) == 0) - { - secp256k1_context_destroy (sctx); - - return false; - } - - - // output: - - secp256k1_ec_pubkey_serialize (sctx, buf, &length, pubkey, SECP256K1_EC_COMPRESSED); - - - // cleanup: - - secp256k1_context_destroy (sctx); - - #endif - - return true; -} diff --git a/src/modules/module_21700.c b/src/modules/module_21700.c index c6fa73ecd..49155aabe 100644 --- a/src/modules/module_21700.c +++ b/src/modules/module_21700.c @@ -10,7 +10,7 @@ #include "convert.h" #include "shared.h" #include "memory.h" -#include "ext_secp256k1.h" +#include "emu_inc_ecc_secp256k1.h" static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; static const u32 DGST_POS0 = 0; @@ -24,8 +24,7 @@ static const u64 KERN_TYPE = 21700; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_USES_BITS_64 | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; -static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_HOOK23; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "$electrum$4*03eae309d8bda5dcbddaae8145469193152763894b7260a6c4ba181b3ac2ed5653*8c594086a64dc87a9c1f8a69f646e31e8d3182c3c722def4427aa20684776ac26092c6f60bf2762e27adfa93fe1e952dcb8d6362224b9a371953aa3a2edb596ce5eb4c0879c4353f2cc515ec6c9e7a6defa26c5df346d18a62e9d40fcc606bc8c34322bf2212f77770a683788db0baf4cb43595c2a27fe5ff8bdcb1fd915bcd725149d8ee8f14c71635fecb04da5dde97584f4581ceb7d907dceed80ae5daa8352dda20b25fd6001e99a96b7cf839a36cd3f5656304e6998c18e03dd2fb720cb41386c52910c9cb83272c3d50f3a6ff362ab8389b0c21c75133c971df0a75b331796371b060b32fe1673f4a041d7ae08bbdeffb45d706eaf65f99573c07972701c97766b4d7a8a03bba0f885eb3845dfd9152286e1de1f93e25ce04c54712509166dda80a84c2d34652f68e6c01e662f8b1cc7c15103a4502c29332a4fdbdda470c875809e15aab3f2fcb061ee96992ad7e8ab9da88203e35f47d6e88b07a13b0e70ef76de3be20dc06facbddc1e47206b16b44573f57396265116b4d243e77d1c98bc2b28aa3ec0f8d959764a54ecdd03d8360ff2823577fe2183e618aac15b30c1d20986841e3d83c0bfabcedb7c27ddc436eb7113db927e0beae7522b04566631a090b214660152a4f4a90e19356e66ee7309a0671b2e7bfde82667538d193fc7e397442052c6c611b6bf0a04f629a1dc7fa9eb44bfad1bfc6a0bce9f0564c3b483737e447720b7fd038c9a961a25e9594b76bf8c8071c83fcacd689c7469f698ee4aee4d4f626a73e21ce4967e705e4d83e1145b4260330367d8341c84723a1b02567ffbab26aac3afd1079887b4391f05d09780fc65f8b4f68cd51391c06593919d7eafd0775f83045b8f5c2e59cef902ff500654ea29b7623c7594ab2cc0e05ffe3f10abc46c9c5dac824673c307dcbff5bc5f3774141ff99f6a34ec4dd8a58d154a1c72636a2422b8fafdef399dec350d2b91947448582d52291f2261d264d29399ae3c92dc61769a49224af9e7c98d74190f93eb49a44db7587c1a2afb5e1a4bec5cdeb8ad2aac9728d5ae95600c52e9f063c11cdb32b7c1d8435ce76fcf1fa562bd38f14bf6c303c70fb373d951b8a691ab793f12c0f3336d6191378bccaed32923bba81868148f029e3d5712a2fb9f610997549710716db37f7400690c8dfbed12ff0a683d8e4d0079b380e2fd856eeafb8c6eedfac8fb54dacd6bd8a96e9f8d23ea87252c1a7c2b53efc6e6aa1f0cc30fbaaf68ee7d46666afc15856669cd9baebf9397ff9f322cce5285e68a985f3b6aadce5e8f14e9f9dd16764bc4e9f62168aa265d8634ab706ed40b0809023f141c36717bd6ccef9ec6aa6bfd2d00bda9375c2fee9ebba49590a166*1b0997cf64bb2c2ff88cb87bcacd9729d404bd46db18117c20d94e67c946fedc"; @@ -47,6 +46,8 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, typedef struct electrum { + secp256k1_t coords; + u32 data_buf[4096]; u32 data_len; @@ -62,102 +63,8 @@ typedef struct electrum_tmp } electrum_tmp_t; -typedef struct -{ - u32 ukey[8]; - - u32 pubkey[9]; // 32 + 1 bytes (for sign of the curve point) - - u32 hook_success; - -} electrum_hook_t; - -typedef struct electrum_hook_salt -{ - u8 ephemeral_pubkey_raw[33]; - - secp256k1_pubkey ephemeral_pubkey_struct; - -} electrum_hook_salt_t; - static const char *SIGNATURE_ELECTRUM = "$electrum$4*"; -#define M21700_MAX_ACCEL 16 -#define M21700_MAX_THREADS 64 - -u32 module_kernel_accel_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u32 kernel_accel_max = (user_options->kernel_accel_chgd == true) ? user_options->kernel_accel : M21700_MAX_ACCEL; - - return kernel_accel_max; -} - -u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u32 kernel_threads_max = (user_options->kernel_threads_chgd == true) ? user_options->kernel_threads : M21700_MAX_THREADS; - - return kernel_threads_max; -} - -void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos) -{ - electrum_hook_t *hook_items = (electrum_hook_t *) device_param->hooks_buf; - - electrum_hook_salt_t *electrums = (electrum_hook_salt_t *) hook_salts_buf; - electrum_hook_salt_t *electrum = &electrums[salt_pos]; - - // we need to copy it because the secp256k1_ec_pubkey_tweak_mul () function has side effects - - secp256k1_pubkey ephemeral_pubkey = electrum->ephemeral_pubkey_struct; // shallow copy is safe ! - - // this hook data needs to be updated (the "hook_success" variable): - - electrum_hook_t *hook_item = &hook_items[pw_pos]; - - hook_item->hook_success = 0; - - u32 *hook_pubkey = hook_item->pubkey; - - hook_pubkey[0] = hook_item->ukey[0]; - hook_pubkey[1] = hook_item->ukey[1]; - hook_pubkey[2] = hook_item->ukey[2]; - hook_pubkey[3] = hook_item->ukey[3]; - hook_pubkey[4] = hook_item->ukey[4]; - hook_pubkey[5] = hook_item->ukey[5]; - hook_pubkey[6] = hook_item->ukey[6]; - hook_pubkey[7] = hook_item->ukey[7]; - hook_pubkey[8] = 0; - - /* - * Start with Elliptic Curve Cryptography (ECC) - */ - - const size_t length = 33; // NOT a bug (32 + 1 for the sign) - - bool multiply_success = hc_secp256k1_pubkey_tweak_mul (&ephemeral_pubkey, (u8 *) hook_pubkey, length); - - if (multiply_success == false) return; - - // in this case hook_success set to 1 doesn't mean that we've cracked it, but just that there were - // no problems detected by secp256k1_ec_pubkey_tweak_mul () - - hook_item->hook_success = 1; -} - -u64 module_hook_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u64 hook_size = (const u64) sizeof (electrum_hook_t); - - return hook_size; -} - -u64 module_hook_salt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u64 hook_salt_size = (const u64) sizeof (electrum_hook_salt_t); - - return hook_salt_size; -} - u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (electrum_t); @@ -194,8 +101,6 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE electrum_t *esalt = (electrum_t *) esalt_buf; - electrum_hook_salt_t *hook = (electrum_hook_salt_t *) hook_salt_buf; - token_t token; token.token_cnt = 4; @@ -245,16 +150,20 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // ephemeral pubkey: + u32 ephemeral_pubkey[9] = { 0 }; + + u8 *ephemeral_pubkey_ptr = (u8 *) ephemeral_pubkey; + for (u32 i = 0, j = 0; j < 66; i += 1, j += 2) { - hook->ephemeral_pubkey_raw[i] = hex_to_u8 (ephemeral_pos + j); + ephemeral_pubkey_ptr[i] = hex_to_u8 (ephemeral_pos + j); } - size_t length = 33; + secp256k1_t *coords = &esalt->coords; - bool parse_success = hc_secp256k1_pubkey_parse (&hook->ephemeral_pubkey_struct, hook->ephemeral_pubkey_raw, length); + u32 parse_success = parse_public (coords, ephemeral_pubkey); - if (parse_success == false) return (PARSER_SALT_VALUE); + if (parse_success != 0) return (PARSER_SALT_VALUE); // data buf: @@ -296,17 +205,19 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE electrum_t *esalt = (electrum_t *) esalt_buf; - electrum_hook_salt_t *hook = (electrum_hook_salt_t *) hook_salt_buf; - // ephemeral pubkey: char ephemeral[66 + 1]; memset (ephemeral, 0, sizeof (ephemeral)); - for (u32 i = 0, j = 0; i < 33; i += 1, j += 2) + u8 type = 0x02 | (esalt->coords.xy[8] & 1); // odd or even y coordinate + + snprintf (ephemeral, 66 + 1, "%02x", type); + + for (int i = 31, j = 2; i >= 0; i -= 1, j += 2) { - const u8 *ptr = (const u8 *) hook->ephemeral_pubkey_raw; + const u8 *ptr = (const u8 *) esalt->coords.xy; snprintf (ephemeral + j, 66 + 1 - j, "%02x", ptr[i]); } @@ -383,16 +294,16 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hashes_count_max = MODULE_DEFAULT; module_ctx->module_hlfmt_disable = MODULE_DEFAULT; module_ctx->module_hook12 = MODULE_DEFAULT; - module_ctx->module_hook23 = module_hook23; - module_ctx->module_hook_salt_size = module_hook_salt_size; - module_ctx->module_hook_size = module_hook_size; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; - module_ctx->module_kernel_accel_max = module_kernel_accel_max; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; module_ctx->module_kernel_loops_max = MODULE_DEFAULT; module_ctx->module_kernel_loops_min = MODULE_DEFAULT; - module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; module_ctx->module_kernel_threads_min = MODULE_DEFAULT; module_ctx->module_kern_type = module_kern_type; module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; diff --git a/src/modules/module_21800.c b/src/modules/module_21800.c index 30d3a4d1d..12ffbd834 100644 --- a/src/modules/module_21800.c +++ b/src/modules/module_21800.c @@ -10,11 +10,7 @@ #include "convert.h" #include "shared.h" #include "memory.h" -#include "emu_inc_hash_sha512.h" -#include "emu_inc_hash_sha256.h" -#include "emu_inc_cipher_aes.h" -#include "ext_secp256k1.h" -#include "zlib.h" +#include "emu_inc_ecc_secp256k1.h" static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; static const u32 DGST_POS0 = 0; @@ -28,8 +24,7 @@ static const u64 KERN_TYPE = 21800; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_USES_BITS_64 | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; -static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_HOOK23; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "$electrum$5*02170fee7c35f1ef3b229edc90fbd0793b688a0d6f41137a97aab2343d315cce16*94cf72d8f5d774932b414a3344984859e43721268d2eb35fa531de5a2fc7024b463c730a54f4f46229dd9fede5034b19ac415c2916e9c16b02094f845795df0c397ff76d597886b1f9e014ad1a8f64a3f617d9900aa645b3ba86f16ce542251fc22c41d93fa6bc118be96d9582917e19d2a299743331804cfc7ce2c035367b4cbcfb70adfb1e10a0f2795769f2165d8fd13daa8b45eeac495b5b63e91a87f63b42e483f84a881e49adecacf6519cb564694b42dd9fe80fcbc6cdb63cf5ae33f35255266f5c2524dd93d3cc15eba0f2ccdc3c109cc2d7e8f711b8b440f168caf8b005e8bcdfe694148e94a04d2a738f09349a96600bd8e8edae793b26ebae231022f24e96cb158db141ac40400a9e9ef099e673cfe017281537c57f82fb45c62bdb64462235a6eefb594961d5eb2c46537958e4d04250804c6e9f343ab7a0db07af6b8a9d1a6c5cfcd311b8fb8383ac9ed9d98d427d526c2f517fc97473bd87cb59899bd0e8fb8c57fa0f7e0d53daa57c972cf92764af4b1725a5fb8f504b663ec519731929b3caaa793d8ee74293eee27d0e208a60e26290bc546e6fa9ed865076e13febfea249729218c1b5752e912055fbf993fbac5df2cca2b37c5e0f9c30789858ceeb3c482a8db123966775aeed2eee2fc34efb160d164929f51589bff748ca773f38978bff3508d5a7591fb2d2795df983504a788071f469d78c88fd7899cabbc5804f458653d0206b82771a59522e1fa794d7de1536c51a437f5d6df5efd6654678e5794ca429b5752e1103340ed80786f1e9da7f5b39af628b2212e4d88cd36b8a7136d50a6b6e275ab406ba7c57cc70d77d01c4c16e9363901164fa92dc9e9b99219d5376f24862e775968605001e71b000e2c7123b4b43f3ca40db17efd729388782e46e64d43ccb947db4eb1473ff1a3836b74fe312cd1a33b73b8b8d80c087088932277773c329f2f66a01d6b3fc1e651c56959ebbed7b14a21b977f3acdedf1a0d98d519a74b50c39b3052d840106da4145345d86ec0461cddafacc2a4f0dd646457ad05bf04dcbcc80516a5c5ed14d2d639a70e77b686f19cbfb63f546d81ae19cc8ba35cce3f3b5b9602df25b678e14411fecec87b8347f5047513df415c6b1a3d39871a6bcb0f67d9cf8311596deae45fd1d84a04fd58f1fd55c5156b7309af09094c99a53674809cb87a45f95a2d69f9997a38085519cb4e056f9efd56672a2c1fe927d5ea8eec25b8aff6e56f9a2310f1a481daf407b8adf16201da267c59973920fd21bb087b88123ef98709839d6a3ee34efb8ccd5c15ed0e46cff3172682769531164b66c8689c35a26299dd26d09233d1f64f9667474141cf9c6a6de7f2bc52c3bb44cfe679ff4b912c06df406283836b3581773cb76d375304f46239da5996594a8d03b14c02f1b35a432dc44a96331242ae31174*33a7ee59d6d17ed1ee99dc0a71771227e6f3734b17ba36eb589bdced56244135"; @@ -49,6 +44,14 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +typedef struct electrum +{ + secp256k1_t coords; + + u32 data_buf[256]; + +} electrum_t; + typedef struct electrum_tmp { u64 ipad[8]; @@ -59,250 +62,13 @@ typedef struct electrum_tmp } electrum_tmp_t; -typedef struct -{ - u32 ukey[8]; - - u32 hook_success; - -} electrum_hook_t; - -typedef struct electrum_hook_salt -{ - u32 data_buf[256]; - - u8 ephemeral_pubkey_raw[33]; - - secp256k1_pubkey ephemeral_pubkey_struct; - -} electrum_hook_salt_t; - static const char *SIGNATURE_ELECTRUM = "$electrum$5*"; -#define M21800_MAX_ACCEL 16 -#define M21800_MAX_THREADS 64 - -u32 module_kernel_accel_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 kernel_accel_max = (user_options->kernel_accel_chgd == true) ? user_options->kernel_accel : M21800_MAX_ACCEL; + const u64 esalt_size = (const u64) sizeof (electrum_t); - return kernel_accel_max; -} - -u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u32 kernel_threads_max = (user_options->kernel_threads_chgd == true) ? user_options->kernel_threads : M21800_MAX_THREADS; - - return kernel_threads_max; -} - -void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos) -{ - electrum_hook_t *hook_items = (electrum_hook_t *) device_param->hooks_buf; - - electrum_hook_salt_t *electrums = (electrum_hook_salt_t *) hook_salts_buf; - electrum_hook_salt_t *electrum = &electrums[salt_pos]; - - u32 *data_buf = electrum->data_buf; - - // we need to copy it because the secp256k1_ec_pubkey_tweak_mul () function has side effects - - secp256k1_pubkey ephemeral_pubkey = electrum->ephemeral_pubkey_struct; // shallow copy is safe ! - - // this hook data needs to be updated (the "hook_success" variable): - - electrum_hook_t *hook_item = &hook_items[pw_pos]; - - hook_item->hook_success = 0; - - u32 ukey[9]; // (32 + 1) + 3 = 9 * 4 = 36 bytes (+1 for holding the "sign" of the curve point) - - ukey[0] = hook_item->ukey[0]; - ukey[1] = hook_item->ukey[1]; - ukey[2] = hook_item->ukey[2]; - ukey[3] = hook_item->ukey[3]; - ukey[4] = hook_item->ukey[4]; - ukey[5] = hook_item->ukey[5]; - ukey[6] = hook_item->ukey[6]; - ukey[7] = hook_item->ukey[7]; - ukey[8] = 0; - - /* - * Start with Elliptic Curve Cryptography (ECC) - */ - - u8 *tmp_buf = (u8 *) ukey; - - const size_t length = 33; // NOT a bug (32 + 1 for the sign) - - bool multiply_success = hc_secp256k1_pubkey_tweak_mul (&ephemeral_pubkey, tmp_buf, length); - - if (multiply_success == false) return; - - u32 input[64] = { 0 }; - - memcpy (input, tmp_buf, length); - - sha512_ctx_t sha512_ctx; - - sha512_init (&sha512_ctx); - sha512_update_swap (&sha512_ctx, input, length); - sha512_final (&sha512_ctx); - - // ... now we have the result in sha512_ctx.h[0]...sha512_ctx.h[7] - - u32 iv[4]; - - iv[0] = v32b_from_v64 (sha512_ctx.h[0]); - iv[1] = v32a_from_v64 (sha512_ctx.h[0]); - iv[2] = v32b_from_v64 (sha512_ctx.h[1]); - iv[3] = v32a_from_v64 (sha512_ctx.h[1]); - - iv[0] = byte_swap_32 (iv[0]); - iv[1] = byte_swap_32 (iv[1]); - iv[2] = byte_swap_32 (iv[2]); - iv[3] = byte_swap_32 (iv[3]); - - u32 key[4]; - - key[0] = v32b_from_v64 (sha512_ctx.h[2]); - key[1] = v32a_from_v64 (sha512_ctx.h[2]); - key[2] = v32b_from_v64 (sha512_ctx.h[3]); - key[3] = v32a_from_v64 (sha512_ctx.h[3]); - - key[0] = byte_swap_32 (key[0]); - key[1] = byte_swap_32 (key[1]); - key[2] = byte_swap_32 (key[2]); - key[3] = byte_swap_32 (key[3]); - - // init AES - - AES_KEY aes_key; - - memset (&aes_key, 0, sizeof (aes_key)); - - aes128_set_decrypt_key (aes_key.rdk, key, (u32 *) te0, (u32 *) te1, (u32 *) te2, (u32 *) te3, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3); - - int aes_len = 1024; // in my tests (very few) it also worked with only 128 input bytes ! - // int aes_len = 128; - - u32 data[4]; - u32 out[4]; - - u32 out_full[256]; // 1024 / 4 - - // we need to run it at least once: - - data[0] = data_buf[0]; - data[1] = data_buf[1]; - data[2] = data_buf[2]; - data[3] = data_buf[3]; - - aes128_decrypt (aes_key.rdk, data, out, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3, (u32 *) td4); - - out[0] ^= iv[0]; - - // early reject - - if ((out[0] & 0x0007ffff) != 0x00059c78) return; - - out[1] ^= iv[1]; - out[2] ^= iv[2]; - out[3] ^= iv[3]; - - out_full[0] = out[0]; - out_full[1] = out[1]; - out_full[2] = out[2]; - out_full[3] = out[3]; - - iv[0] = data[0]; - iv[1] = data[1]; - iv[2] = data[2]; - iv[3] = data[3]; - - // for aes_len > 16 we need to loop - - for (int i = 16, j = 4; i < aes_len; i += 16, j += 4) - { - data[0] = data_buf[j + 0]; - data[1] = data_buf[j + 1]; - data[2] = data_buf[j + 2]; - data[3] = data_buf[j + 3]; - - aes128_decrypt (aes_key.rdk, data, out, (u32 *) td0, (u32 *) td1, (u32 *) td2, (u32 *) td3, (u32 *) td4); - - out[0] ^= iv[0]; - out[1] ^= iv[1]; - out[2] ^= iv[2]; - out[3] ^= iv[3]; - - iv[0] = data[0]; - iv[1] = data[1]; - iv[2] = data[2]; - iv[3] = data[3]; - - out_full[j + 0] = out[0]; - out_full[j + 1] = out[1]; - out_full[j + 2] = out[2]; - out_full[j + 3] = out[3]; - } - - // decompress with zlib: - - size_t compressed_data_len = aes_len; - u8 *compressed_data = (u8 *) out_full; - - size_t decompressed_data_len = 16; // we do NOT need more than the first bytes for validation - u8 *decompressed_data = (unsigned char *) hcmalloc (decompressed_data_len); - - z_stream inf; - - inf.zalloc = Z_NULL; - inf.zfree = Z_NULL; - inf.opaque = Z_NULL; - - inf.next_in = compressed_data; - inf.avail_in = compressed_data_len; - - inf.next_out = decompressed_data; - inf.avail_out = decompressed_data_len; - - // inflate: - - inflateInit2 (&inf, MAX_WBITS); - - int zlib_ret = inflate (&inf, Z_NO_FLUSH); - - inflateEnd (&inf); - - if ((zlib_ret != Z_OK) && (zlib_ret != Z_STREAM_END)) - { - hcfree (decompressed_data); - - return; - } - - if ((memcmp (decompressed_data, "{\n \"", 7) == 0) || - (memcmp (decompressed_data, "{\r\n \"", 8) == 0)) - { - hook_item->hook_success = 1; - } - - hcfree (decompressed_data); -} - -u64 module_hook_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u64 hook_size = (const u64) sizeof (electrum_hook_t); - - return hook_size; -} - -u64 module_hook_salt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u64 hook_salt_size = (const u64) sizeof (electrum_hook_salt_t); - - return hook_salt_size; + return esalt_size; } u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) @@ -332,7 +98,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE { u32 *digest = (u32 *) digest_buf; - electrum_hook_salt_t *electrum = (electrum_hook_salt_t *) hook_salt_buf; + electrum_t *esalt = (electrum_t *) esalt_buf; token_t token; @@ -377,20 +143,24 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // ephemeral pubkey: + u32 ephemeral_pubkey[9] = { 0 }; + + u8 *ephemeral_pubkey_ptr = (u8 *) ephemeral_pubkey; + for (u32 i = 0, j = 0; j < 66; i += 1, j += 2) { - electrum->ephemeral_pubkey_raw[i] = hex_to_u8 (ephemeral_pos + j); + ephemeral_pubkey_ptr[i] = hex_to_u8 (ephemeral_pos + j); } - size_t length = 33; + secp256k1_t *coords = &esalt->coords; - bool parse_success = hc_secp256k1_pubkey_parse (&electrum->ephemeral_pubkey_struct, electrum->ephemeral_pubkey_raw, length); + u32 parse_success = parse_public (coords, ephemeral_pubkey); - if (parse_success == false) return (PARSER_SALT_VALUE); + if (parse_success != 0) return (PARSER_SALT_VALUE); // data buf: - u8* data_buf_ptr = (u8 *) electrum->data_buf; + u8* data_buf_ptr = (u8 *) esalt->data_buf; for (u32 i = 0, j = 0; j < 2048; i += 1, j += 2) { @@ -408,10 +178,10 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // fake salt - salt->salt_buf[0] = electrum->data_buf[0]; - salt->salt_buf[1] = electrum->data_buf[1]; - salt->salt_buf[2] = electrum->data_buf[2]; - salt->salt_buf[3] = electrum->data_buf[3]; + salt->salt_buf[0] = esalt->data_buf[0]; + salt->salt_buf[1] = esalt->data_buf[1]; + salt->salt_buf[2] = esalt->data_buf[2]; + salt->salt_buf[3] = esalt->data_buf[3]; salt->salt_len = 16; @@ -424,7 +194,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE { u32 *digest = (u32 *) digest_buf; - electrum_hook_salt_t *electrum = (electrum_hook_salt_t *) hook_salt_buf; + electrum_t *esalt = (electrum_t *) esalt_buf; // ephemeral pubkey: @@ -432,9 +202,13 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE memset (ephemeral, 0, sizeof (ephemeral)); - for (u32 i = 0, j = 0; i < 33; i += 1, j += 2) + u8 type = 0x02 | (esalt->coords.xy[8] & 1); // odd or even y coordinate + + snprintf (ephemeral, 66 + 1, "%02x", type); + + for (int i = 31, j = 2; i >= 0; i -= 1, j += 2) { - const u8 *ptr = (const u8 *) electrum->ephemeral_pubkey_raw; + const u8 *ptr = (const u8 *) esalt->coords.xy; snprintf (ephemeral + j, 66 + 1 - j, "%02x", ptr[i]); } @@ -447,7 +221,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE for (u32 i = 0, j = 0; i < 1024; i += 1, j += 2) { - const u8 *ptr = (const u8 *) electrum->data_buf; + const u8 *ptr = (const u8 *) esalt->data_buf; snprintf (data_buf + j, 2048 + 1 - j, "%02x", ptr[i]); } @@ -490,7 +264,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_dgst_pos3 = module_dgst_pos3; module_ctx->module_dgst_size = module_dgst_size; module_ctx->module_dictstat_disable = MODULE_DEFAULT; - module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; module_ctx->module_extra_buffer_size = MODULE_DEFAULT; module_ctx->module_extra_tmp_size = MODULE_DEFAULT; module_ctx->module_forced_outfile_format = MODULE_DEFAULT; @@ -511,16 +285,16 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hashes_count_max = MODULE_DEFAULT; module_ctx->module_hlfmt_disable = MODULE_DEFAULT; module_ctx->module_hook12 = MODULE_DEFAULT; - module_ctx->module_hook23 = module_hook23; - module_ctx->module_hook_salt_size = module_hook_salt_size; - module_ctx->module_hook_size = module_hook_size; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; - module_ctx->module_kernel_accel_max = module_kernel_accel_max; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; module_ctx->module_kernel_loops_max = MODULE_DEFAULT; module_ctx->module_kernel_loops_min = MODULE_DEFAULT; - module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; module_ctx->module_kernel_threads_min = MODULE_DEFAULT; module_ctx->module_kern_type = module_kern_type; module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; From 9cbeab97935888a7c18f1d1af2e1aa78722daa97 Mon Sep 17 00:00:00 2001 From: philsmd Date: Thu, 5 Dec 2019 10:44:49 +0100 Subject: [PATCH 070/300] electrum 4/5: rm secp256k1 dependency --- deps/secp256k1/.gitignore | 50 - deps/secp256k1/COPYING | 19 - deps/secp256k1/Makefile.am | 183 - deps/secp256k1/README.md | 73 - deps/secp256k1/TODO | 3 - deps/secp256k1/autogen.sh | 3 - .../build-aux/m4/ax_jni_include_dir.m4 | 145 - .../build-aux/m4/ax_prog_cc_for_build.m4 | 125 - deps/secp256k1/build-aux/m4/bitcoin_secp.m4 | 68 - deps/secp256k1/configure.ac | 591 -- deps/secp256k1/contrib/lax_der_parsing.c | 150 - deps/secp256k1/contrib/lax_der_parsing.h | 91 - .../contrib/lax_der_privatekey_parsing.c | 113 - .../contrib/lax_der_privatekey_parsing.h | 90 - deps/secp256k1/include/secp256k1.h | 708 --- deps/secp256k1/include/secp256k1_ecdh.h | 55 - .../include/secp256k1_preallocated.h | 128 - deps/secp256k1/include/secp256k1_recovery.h | 110 - deps/secp256k1/libsecp256k1.pc.in | 13 - deps/secp256k1/obj/.gitignore | 0 deps/secp256k1/sage/group_prover.sage | 322 - deps/secp256k1/sage/secp256k1.sage | 306 - deps/secp256k1/sage/weierstrass_prover.sage | 264 - deps/secp256k1/src/asm/field_10x26_arm.s | 913 --- deps/secp256k1/src/basic-config.h | 38 - deps/secp256k1/src/bench.h | 82 - deps/secp256k1/src/bench_ecdh.c | 54 - deps/secp256k1/src/bench_ecmult.c | 207 - deps/secp256k1/src/bench_internal.c | 369 -- deps/secp256k1/src/bench_recover.c | 60 - deps/secp256k1/src/bench_sign.c | 56 - deps/secp256k1/src/bench_verify.c | 112 - deps/secp256k1/src/ecdsa.h | 21 - deps/secp256k1/src/ecdsa_impl.h | 319 - deps/secp256k1/src/eckey.h | 25 - deps/secp256k1/src/eckey_impl.h | 100 - deps/secp256k1/src/ecmult.h | 48 - deps/secp256k1/src/ecmult_const.h | 20 - deps/secp256k1/src/ecmult_const_impl.h | 261 - deps/secp256k1/src/ecmult_gen.h | 50 - deps/secp256k1/src/ecmult_gen_impl.h | 211 - deps/secp256k1/src/ecmult_impl.h | 1216 ---- deps/secp256k1/src/field.h | 132 - deps/secp256k1/src/field_10x26.h | 50 - deps/secp256k1/src/field_10x26_impl.h | 1162 ---- deps/secp256k1/src/field_5x52.h | 49 - deps/secp256k1/src/field_5x52_asm_impl.h | 502 -- deps/secp256k1/src/field_5x52_impl.h | 496 -- deps/secp256k1/src/field_5x52_int128_impl.h | 279 - deps/secp256k1/src/field_impl.h | 318 - deps/secp256k1/src/gen_context.c | 87 - deps/secp256k1/src/group.h | 142 - deps/secp256k1/src/group_impl.h | 705 --- deps/secp256k1/src/hash.h | 41 - deps/secp256k1/src/hash_impl.h | 283 - .../src/java/org/bitcoin/NativeSecp256k1.java | 446 -- .../java/org/bitcoin/NativeSecp256k1Test.java | 225 - .../java/org/bitcoin/NativeSecp256k1Util.java | 45 - .../java/org/bitcoin/Secp256k1Context.java | 51 - .../src/java/org_bitcoin_NativeSecp256k1.c | 379 -- .../src/java/org_bitcoin_NativeSecp256k1.h | 119 - .../src/java/org_bitcoin_Secp256k1Context.c | 15 - .../src/java/org_bitcoin_Secp256k1Context.h | 22 - .../src/modules/ecdh/Makefile.am.include | 8 - deps/secp256k1/src/modules/ecdh/main_impl.h | 67 - deps/secp256k1/src/modules/ecdh/tests_impl.h | 132 - .../src/modules/recovery/Makefile.am.include | 8 - .../src/modules/recovery/main_impl.h | 193 - .../src/modules/recovery/tests_impl.h | 393 -- deps/secp256k1/src/num.h | 74 - deps/secp256k1/src/num_gmp.h | 20 - deps/secp256k1/src/num_gmp_impl.h | 288 - deps/secp256k1/src/num_impl.h | 24 - deps/secp256k1/src/scalar.h | 106 - deps/secp256k1/src/scalar_4x64.h | 19 - deps/secp256k1/src/scalar_4x64_impl.h | 949 --- deps/secp256k1/src/scalar_8x32.h | 19 - deps/secp256k1/src/scalar_8x32_impl.h | 721 --- deps/secp256k1/src/scalar_impl.h | 333 -- deps/secp256k1/src/scalar_low.h | 15 - deps/secp256k1/src/scalar_low_impl.h | 117 - deps/secp256k1/src/scratch.h | 42 - deps/secp256k1/src/scratch_impl.h | 88 - deps/secp256k1/src/secp256k1.c | 690 --- deps/secp256k1/src/testrand.h | 38 - deps/secp256k1/src/testrand_impl.h | 110 - deps/secp256k1/src/tests.c | 5301 ----------------- deps/secp256k1/src/tests_exhaustive.c | 511 -- deps/secp256k1/src/util.h | 162 - 89 files changed, 23748 deletions(-) delete mode 100644 deps/secp256k1/.gitignore delete mode 100644 deps/secp256k1/COPYING delete mode 100644 deps/secp256k1/Makefile.am delete mode 100644 deps/secp256k1/README.md delete mode 100644 deps/secp256k1/TODO delete mode 100755 deps/secp256k1/autogen.sh delete mode 100644 deps/secp256k1/build-aux/m4/ax_jni_include_dir.m4 delete mode 100644 deps/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 delete mode 100644 deps/secp256k1/build-aux/m4/bitcoin_secp.m4 delete mode 100644 deps/secp256k1/configure.ac delete mode 100644 deps/secp256k1/contrib/lax_der_parsing.c delete mode 100644 deps/secp256k1/contrib/lax_der_parsing.h delete mode 100644 deps/secp256k1/contrib/lax_der_privatekey_parsing.c delete mode 100644 deps/secp256k1/contrib/lax_der_privatekey_parsing.h delete mode 100644 deps/secp256k1/include/secp256k1.h delete mode 100644 deps/secp256k1/include/secp256k1_ecdh.h delete mode 100644 deps/secp256k1/include/secp256k1_preallocated.h delete mode 100644 deps/secp256k1/include/secp256k1_recovery.h delete mode 100644 deps/secp256k1/libsecp256k1.pc.in delete mode 100644 deps/secp256k1/obj/.gitignore delete mode 100644 deps/secp256k1/sage/group_prover.sage delete mode 100644 deps/secp256k1/sage/secp256k1.sage delete mode 100644 deps/secp256k1/sage/weierstrass_prover.sage delete mode 100644 deps/secp256k1/src/asm/field_10x26_arm.s delete mode 100644 deps/secp256k1/src/basic-config.h delete mode 100644 deps/secp256k1/src/bench.h delete mode 100644 deps/secp256k1/src/bench_ecdh.c delete mode 100644 deps/secp256k1/src/bench_ecmult.c delete mode 100644 deps/secp256k1/src/bench_internal.c delete mode 100644 deps/secp256k1/src/bench_recover.c delete mode 100644 deps/secp256k1/src/bench_sign.c delete mode 100644 deps/secp256k1/src/bench_verify.c delete mode 100644 deps/secp256k1/src/ecdsa.h delete mode 100644 deps/secp256k1/src/ecdsa_impl.h delete mode 100644 deps/secp256k1/src/eckey.h delete mode 100644 deps/secp256k1/src/eckey_impl.h delete mode 100644 deps/secp256k1/src/ecmult.h delete mode 100644 deps/secp256k1/src/ecmult_const.h delete mode 100644 deps/secp256k1/src/ecmult_const_impl.h delete mode 100644 deps/secp256k1/src/ecmult_gen.h delete mode 100644 deps/secp256k1/src/ecmult_gen_impl.h delete mode 100644 deps/secp256k1/src/ecmult_impl.h delete mode 100644 deps/secp256k1/src/field.h delete mode 100644 deps/secp256k1/src/field_10x26.h delete mode 100644 deps/secp256k1/src/field_10x26_impl.h delete mode 100644 deps/secp256k1/src/field_5x52.h delete mode 100644 deps/secp256k1/src/field_5x52_asm_impl.h delete mode 100644 deps/secp256k1/src/field_5x52_impl.h delete mode 100644 deps/secp256k1/src/field_5x52_int128_impl.h delete mode 100644 deps/secp256k1/src/field_impl.h delete mode 100644 deps/secp256k1/src/gen_context.c delete mode 100644 deps/secp256k1/src/group.h delete mode 100644 deps/secp256k1/src/group_impl.h delete mode 100644 deps/secp256k1/src/hash.h delete mode 100644 deps/secp256k1/src/hash_impl.h delete mode 100644 deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1.java delete mode 100644 deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Test.java delete mode 100644 deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Util.java delete mode 100644 deps/secp256k1/src/java/org/bitcoin/Secp256k1Context.java delete mode 100644 deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.c delete mode 100644 deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.h delete mode 100644 deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.c delete mode 100644 deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.h delete mode 100644 deps/secp256k1/src/modules/ecdh/Makefile.am.include delete mode 100644 deps/secp256k1/src/modules/ecdh/main_impl.h delete mode 100644 deps/secp256k1/src/modules/ecdh/tests_impl.h delete mode 100644 deps/secp256k1/src/modules/recovery/Makefile.am.include delete mode 100755 deps/secp256k1/src/modules/recovery/main_impl.h delete mode 100644 deps/secp256k1/src/modules/recovery/tests_impl.h delete mode 100644 deps/secp256k1/src/num.h delete mode 100644 deps/secp256k1/src/num_gmp.h delete mode 100644 deps/secp256k1/src/num_gmp_impl.h delete mode 100644 deps/secp256k1/src/num_impl.h delete mode 100644 deps/secp256k1/src/scalar.h delete mode 100644 deps/secp256k1/src/scalar_4x64.h delete mode 100644 deps/secp256k1/src/scalar_4x64_impl.h delete mode 100644 deps/secp256k1/src/scalar_8x32.h delete mode 100644 deps/secp256k1/src/scalar_8x32_impl.h delete mode 100644 deps/secp256k1/src/scalar_impl.h delete mode 100644 deps/secp256k1/src/scalar_low.h delete mode 100644 deps/secp256k1/src/scalar_low_impl.h delete mode 100644 deps/secp256k1/src/scratch.h delete mode 100644 deps/secp256k1/src/scratch_impl.h delete mode 100644 deps/secp256k1/src/secp256k1.c delete mode 100644 deps/secp256k1/src/testrand.h delete mode 100644 deps/secp256k1/src/testrand_impl.h delete mode 100644 deps/secp256k1/src/tests.c delete mode 100644 deps/secp256k1/src/tests_exhaustive.c delete mode 100644 deps/secp256k1/src/util.h diff --git a/deps/secp256k1/.gitignore b/deps/secp256k1/.gitignore deleted file mode 100644 index 55d325aee..000000000 --- a/deps/secp256k1/.gitignore +++ /dev/null @@ -1,50 +0,0 @@ -bench_inv -bench_ecdh -bench_ecmult -bench_sign -bench_verify -bench_schnorr_verify -bench_recover -bench_internal -tests -exhaustive_tests -gen_context -*.exe -*.so -*.a -!.gitignore - -Makefile -configure -.libs/ -Makefile.in -aclocal.m4 -autom4te.cache/ -config.log -config.status -*.tar.gz -*.la -libtool -.deps/ -.dirstamp -*.lo -*.o -*~ -src/libsecp256k1-config.h -src/libsecp256k1-config.h.in -src/ecmult_static_context.h -build-aux/config.guess -build-aux/config.sub -build-aux/depcomp -build-aux/install-sh -build-aux/ltmain.sh -build-aux/m4/libtool.m4 -build-aux/m4/lt~obsolete.m4 -build-aux/m4/ltoptions.m4 -build-aux/m4/ltsugar.m4 -build-aux/m4/ltversion.m4 -build-aux/missing -build-aux/compile -build-aux/test-driver -src/stamp-h1 -libsecp256k1.pc diff --git a/deps/secp256k1/COPYING b/deps/secp256k1/COPYING deleted file mode 100644 index 4522a5990..000000000 --- a/deps/secp256k1/COPYING +++ /dev/null @@ -1,19 +0,0 @@ -Copyright (c) 2013 Pieter Wuille - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/deps/secp256k1/Makefile.am b/deps/secp256k1/Makefile.am deleted file mode 100644 index f420944e8..000000000 --- a/deps/secp256k1/Makefile.am +++ /dev/null @@ -1,183 +0,0 @@ -ACLOCAL_AMFLAGS = -I build-aux/m4 - -lib_LTLIBRARIES = libsecp256k1.la -if USE_JNI -JNI_LIB = libsecp256k1_jni.la -noinst_LTLIBRARIES = $(JNI_LIB) -else -JNI_LIB = -endif -include_HEADERS = include/secp256k1.h -include_HEADERS += include/secp256k1_preallocated.h -noinst_HEADERS = -noinst_HEADERS += src/scalar.h -noinst_HEADERS += src/scalar_4x64.h -noinst_HEADERS += src/scalar_8x32.h -noinst_HEADERS += src/scalar_low.h -noinst_HEADERS += src/scalar_impl.h -noinst_HEADERS += src/scalar_4x64_impl.h -noinst_HEADERS += src/scalar_8x32_impl.h -noinst_HEADERS += src/scalar_low_impl.h -noinst_HEADERS += src/group.h -noinst_HEADERS += src/group_impl.h -noinst_HEADERS += src/num_gmp.h -noinst_HEADERS += src/num_gmp_impl.h -noinst_HEADERS += src/ecdsa.h -noinst_HEADERS += src/ecdsa_impl.h -noinst_HEADERS += src/eckey.h -noinst_HEADERS += src/eckey_impl.h -noinst_HEADERS += src/ecmult.h -noinst_HEADERS += src/ecmult_impl.h -noinst_HEADERS += src/ecmult_const.h -noinst_HEADERS += src/ecmult_const_impl.h -noinst_HEADERS += src/ecmult_gen.h -noinst_HEADERS += src/ecmult_gen_impl.h -noinst_HEADERS += src/num.h -noinst_HEADERS += src/num_impl.h -noinst_HEADERS += src/field_10x26.h -noinst_HEADERS += src/field_10x26_impl.h -noinst_HEADERS += src/field_5x52.h -noinst_HEADERS += src/field_5x52_impl.h -noinst_HEADERS += src/field_5x52_int128_impl.h -noinst_HEADERS += src/field_5x52_asm_impl.h -noinst_HEADERS += src/java/org_bitcoin_NativeSecp256k1.h -noinst_HEADERS += src/java/org_bitcoin_Secp256k1Context.h -noinst_HEADERS += src/util.h -noinst_HEADERS += src/scratch.h -noinst_HEADERS += src/scratch_impl.h -noinst_HEADERS += src/testrand.h -noinst_HEADERS += src/testrand_impl.h -noinst_HEADERS += src/hash.h -noinst_HEADERS += src/hash_impl.h -noinst_HEADERS += src/field.h -noinst_HEADERS += src/field_impl.h -noinst_HEADERS += src/bench.h -noinst_HEADERS += contrib/lax_der_parsing.h -noinst_HEADERS += contrib/lax_der_parsing.c -noinst_HEADERS += contrib/lax_der_privatekey_parsing.h -noinst_HEADERS += contrib/lax_der_privatekey_parsing.c - -if USE_EXTERNAL_ASM -COMMON_LIB = libsecp256k1_common.la -noinst_LTLIBRARIES = $(COMMON_LIB) -else -COMMON_LIB = -endif - -pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = libsecp256k1.pc - -if USE_EXTERNAL_ASM -if USE_ASM_ARM -libsecp256k1_common_la_SOURCES = src/asm/field_10x26_arm.s -endif -endif - -libsecp256k1_la_SOURCES = src/secp256k1.c -libsecp256k1_la_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/include -I$(top_srcdir)/src $(SECP_INCLUDES) -libsecp256k1_la_LIBADD = $(JNI_LIB) $(SECP_LIBS) $(COMMON_LIB) - -libsecp256k1_jni_la_SOURCES = src/java/org_bitcoin_NativeSecp256k1.c src/java/org_bitcoin_Secp256k1Context.c -libsecp256k1_jni_la_CPPFLAGS = -DSECP256K1_BUILD $(JNI_INCLUDES) - -noinst_PROGRAMS = -if USE_BENCHMARK -noinst_PROGRAMS += bench_verify bench_sign bench_internal bench_ecmult -bench_verify_SOURCES = src/bench_verify.c -bench_verify_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) -bench_sign_SOURCES = src/bench_sign.c -bench_sign_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) -bench_internal_SOURCES = src/bench_internal.c -bench_internal_LDADD = $(SECP_LIBS) $(COMMON_LIB) -bench_internal_CPPFLAGS = -DSECP256K1_BUILD $(SECP_INCLUDES) -bench_ecmult_SOURCES = src/bench_ecmult.c -bench_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB) -bench_ecmult_CPPFLAGS = -DSECP256K1_BUILD $(SECP_INCLUDES) -endif - -TESTS = -if USE_TESTS -noinst_PROGRAMS += tests -tests_SOURCES = src/tests.c -tests_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/src -I$(top_srcdir)/include $(SECP_INCLUDES) $(SECP_TEST_INCLUDES) -if !ENABLE_COVERAGE -tests_CPPFLAGS += -DVERIFY -endif -tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) -tests_LDFLAGS = -static -TESTS += tests -endif - -if USE_EXHAUSTIVE_TESTS -noinst_PROGRAMS += exhaustive_tests -exhaustive_tests_SOURCES = src/tests_exhaustive.c -exhaustive_tests_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/src $(SECP_INCLUDES) -if !ENABLE_COVERAGE -exhaustive_tests_CPPFLAGS += -DVERIFY -endif -exhaustive_tests_LDADD = $(SECP_LIBS) $(COMMON_LIB) -exhaustive_tests_LDFLAGS = -static -TESTS += exhaustive_tests -endif - -JAVAROOT=src/java -JAVAORG=org/bitcoin -JAVA_GUAVA=$(srcdir)/$(JAVAROOT)/guava/guava-18.0.jar -CLASSPATH_ENV=CLASSPATH=$(JAVA_GUAVA) -JAVA_FILES= \ - $(JAVAROOT)/$(JAVAORG)/NativeSecp256k1.java \ - $(JAVAROOT)/$(JAVAORG)/NativeSecp256k1Test.java \ - $(JAVAROOT)/$(JAVAORG)/NativeSecp256k1Util.java \ - $(JAVAROOT)/$(JAVAORG)/Secp256k1Context.java - -if USE_JNI - -$(JAVA_GUAVA): - @echo Guava is missing. Fetch it via: \ - wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/18.0/guava-18.0.jar -O $(@) - @false - -.stamp-java: $(JAVA_FILES) - @echo Compiling $^ - $(AM_V_at)$(CLASSPATH_ENV) javac $^ - @touch $@ - -if USE_TESTS - -check-java: libsecp256k1.la $(JAVA_GUAVA) .stamp-java - $(AM_V_at)java -Djava.library.path="./:./src:./src/.libs:.libs/" -cp "$(JAVA_GUAVA):$(JAVAROOT)" $(JAVAORG)/NativeSecp256k1Test - -endif -endif - -if USE_ECMULT_STATIC_PRECOMPUTATION -CPPFLAGS_FOR_BUILD +=-I$(top_srcdir) -I$(builddir)/src - -gen_context_OBJECTS = gen_context.o -gen_context_BIN = gen_context$(BUILD_EXEEXT) -gen_%.o: src/gen_%.c src/libsecp256k1-config.h - $(CC_FOR_BUILD) $(CPPFLAGS_FOR_BUILD) $(CFLAGS_FOR_BUILD) -c $< -o $@ - -$(gen_context_BIN): $(gen_context_OBJECTS) - $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $(LDFLAGS_FOR_BUILD) $^ -o $@ - -$(libsecp256k1_la_OBJECTS): src/ecmult_static_context.h -$(tests_OBJECTS): src/ecmult_static_context.h -$(bench_internal_OBJECTS): src/ecmult_static_context.h -$(bench_ecmult_OBJECTS): src/ecmult_static_context.h - -src/ecmult_static_context.h: $(gen_context_BIN) - ./$(gen_context_BIN) - -CLEANFILES = $(gen_context_BIN) src/ecmult_static_context.h $(JAVAROOT)/$(JAVAORG)/*.class .stamp-java -endif - -EXTRA_DIST = autogen.sh src/gen_context.c src/basic-config.h $(JAVA_FILES) - -if ENABLE_MODULE_ECDH -include src/modules/ecdh/Makefile.am.include -endif - -if ENABLE_MODULE_RECOVERY -include src/modules/recovery/Makefile.am.include -endif diff --git a/deps/secp256k1/README.md b/deps/secp256k1/README.md deleted file mode 100644 index 84c048790..000000000 --- a/deps/secp256k1/README.md +++ /dev/null @@ -1,73 +0,0 @@ -libsecp256k1 -============ - -[![Build Status](https://travis-ci.org/bitcoin-core/secp256k1.svg?branch=master)](https://travis-ci.org/bitcoin-core/secp256k1) - -Optimized C library for EC operations on curve secp256k1. - -This library is a work in progress and is being used to research best practices. Use at your own risk. - -Features: -* secp256k1 ECDSA signing/verification and key generation. -* Adding/multiplying private/public keys. -* Serialization/parsing of private keys, public keys, signatures. -* Constant time, constant memory access signing and pubkey generation. -* Derandomized DSA (via RFC6979 or with a caller provided function.) -* Very efficient implementation. - -Implementation details ----------------------- - -* General - * No runtime heap allocation. - * Extensive testing infrastructure. - * Structured to facilitate review and analysis. - * Intended to be portable to any system with a C89 compiler and uint64_t support. - * No use of floating types, except in benchmarks. - * Expose only higher level interfaces to minimize the API surface and improve application security. ("Be difficult to use insecurely.") -* Field operations - * Optimized implementation of arithmetic modulo the curve's field size (2^256 - 0x1000003D1). - * Using 5 52-bit limbs (including hand-optimized assembly for x86_64, by Diederik Huys). - * Using 10 26-bit limbs. - * Field inverses and square roots using a sliding window over blocks of 1s (by Peter Dettman). -* Scalar operations - * Optimized implementation without data-dependent branches of arithmetic modulo the curve's order. - * Using 4 64-bit limbs (relying on __int128 support in the compiler). - * Using 8 32-bit limbs. -* Group operations - * Point addition formula specifically simplified for the curve equation (y^2 = x^3 + 7). - * Use addition between points in Jacobian and affine coordinates where possible. - * Use a unified addition/doubling formula where necessary to avoid data-dependent branches. - * Point/x comparison without a field inversion by comparison in the Jacobian coordinate space. -* Point multiplication for verification (a*P + b*G). - * Use wNAF notation for point multiplicands. - * Use a much larger window for multiples of G, using precomputed multiples. - * Use Shamir's trick to do the multiplication with the public key and the generator simultaneously. - * Optionally (off by default) use secp256k1's efficiently-computable endomorphism to split the P multiplicand into 2 half-sized ones. -* Point multiplication for signing - * Use a precomputed table of multiples of powers of 16 multiplied with the generator, so general multiplication becomes a series of additions. - * Intended to be completely free of timing sidechannels for secret-key operations (on reasonable hardware/toolchains) - * Access the table with branch-free conditional moves so memory access is uniform. - * No data-dependent branches - * Optional runtime blinding which attempts to frustrate differential power analysis. - * The precomputed tables add and eventually subtract points for which no known scalar (private key) is known, preventing even an attacker with control over the private key used to control the data internally. - -Build steps ------------ - -libsecp256k1 is built using autotools: - - $ ./autogen.sh - $ ./configure - $ make - $ make check - $ sudo make install # optional - -Exhaustive tests ------------ - - $ ./exhaustive_tests - -With valgrind, you might need to increase the max stack size: - - $ valgrind --max-stackframe=2500000 ./exhaustive_tests diff --git a/deps/secp256k1/TODO b/deps/secp256k1/TODO deleted file mode 100644 index a300e1c5e..000000000 --- a/deps/secp256k1/TODO +++ /dev/null @@ -1,3 +0,0 @@ -* Unit tests for fieldelem/groupelem, including ones intended to - trigger fieldelem's boundary cases. -* Complete constant-time operations for signing/keygen diff --git a/deps/secp256k1/autogen.sh b/deps/secp256k1/autogen.sh deleted file mode 100755 index 65286b935..000000000 --- a/deps/secp256k1/autogen.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -set -e -autoreconf -if --warnings=all diff --git a/deps/secp256k1/build-aux/m4/ax_jni_include_dir.m4 b/deps/secp256k1/build-aux/m4/ax_jni_include_dir.m4 deleted file mode 100644 index cdc78d87d..000000000 --- a/deps/secp256k1/build-aux/m4/ax_jni_include_dir.m4 +++ /dev/null @@ -1,145 +0,0 @@ -# =========================================================================== -# https://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html -# =========================================================================== -# -# SYNOPSIS -# -# AX_JNI_INCLUDE_DIR -# -# DESCRIPTION -# -# AX_JNI_INCLUDE_DIR finds include directories needed for compiling -# programs using the JNI interface. -# -# JNI include directories are usually in the Java distribution. This is -# deduced from the value of $JAVA_HOME, $JAVAC, or the path to "javac", in -# that order. When this macro completes, a list of directories is left in -# the variable JNI_INCLUDE_DIRS. -# -# Example usage follows: -# -# AX_JNI_INCLUDE_DIR -# -# for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS -# do -# CPPFLAGS="$CPPFLAGS -I$JNI_INCLUDE_DIR" -# done -# -# If you want to force a specific compiler: -# -# - at the configure.in level, set JAVAC=yourcompiler before calling -# AX_JNI_INCLUDE_DIR -# -# - at the configure level, setenv JAVAC -# -# Note: This macro can work with the autoconf M4 macros for Java programs. -# This particular macro is not part of the original set of macros. -# -# LICENSE -# -# Copyright (c) 2008 Don Anderson -# -# Copying and distribution of this file, with or without modification, are -# permitted in any medium without royalty provided the copyright notice -# and this notice are preserved. This file is offered as-is, without any -# warranty. - -#serial 14 - -AU_ALIAS([AC_JNI_INCLUDE_DIR], [AX_JNI_INCLUDE_DIR]) -AC_DEFUN([AX_JNI_INCLUDE_DIR],[ - -JNI_INCLUDE_DIRS="" - -if test "x$JAVA_HOME" != x; then - _JTOPDIR="$JAVA_HOME" -else - if test "x$JAVAC" = x; then - JAVAC=javac - fi - AC_PATH_PROG([_ACJNI_JAVAC], [$JAVAC], [no]) - if test "x$_ACJNI_JAVAC" = xno; then - AC_MSG_WARN([cannot find JDK; try setting \$JAVAC or \$JAVA_HOME]) - fi - _ACJNI_FOLLOW_SYMLINKS("$_ACJNI_JAVAC") - _JTOPDIR=`echo "$_ACJNI_FOLLOWED" | sed -e 's://*:/:g' -e 's:/[[^/]]*$::'` -fi - -case "$host_os" in - darwin*) # Apple Java headers are inside the Xcode bundle. - macos_version=$(sw_vers -productVersion | sed -n -e 's/^@<:@0-9@:>@*.\(@<:@0-9@:>@*\).@<:@0-9@:>@*/\1/p') - if @<:@ "$macos_version" -gt "7" @:>@; then - _JTOPDIR="$(xcrun --show-sdk-path)/System/Library/Frameworks/JavaVM.framework" - _JINC="$_JTOPDIR/Headers" - else - _JTOPDIR="/System/Library/Frameworks/JavaVM.framework" - _JINC="$_JTOPDIR/Headers" - fi - ;; - *) _JINC="$_JTOPDIR/include";; -esac -_AS_ECHO_LOG([_JTOPDIR=$_JTOPDIR]) -_AS_ECHO_LOG([_JINC=$_JINC]) - -# On Mac OS X 10.6.4, jni.h is a symlink: -# /System/Library/Frameworks/JavaVM.framework/Versions/Current/Headers/jni.h -# -> ../../CurrentJDK/Headers/jni.h. -AC_CACHE_CHECK(jni headers, ac_cv_jni_header_path, -[ - if test -f "$_JINC/jni.h"; then - ac_cv_jni_header_path="$_JINC" - JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $ac_cv_jni_header_path" - else - _JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'` - if test -f "$_JTOPDIR/include/jni.h"; then - ac_cv_jni_header_path="$_JTOPDIR/include" - JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $ac_cv_jni_header_path" - else - ac_cv_jni_header_path=none - fi - fi -]) - -# get the likely subdirectories for system specific java includes -case "$host_os" in -bsdi*) _JNI_INC_SUBDIRS="bsdos";; -freebsd*) _JNI_INC_SUBDIRS="freebsd";; -darwin*) _JNI_INC_SUBDIRS="darwin";; -linux*) _JNI_INC_SUBDIRS="linux genunix";; -osf*) _JNI_INC_SUBDIRS="alpha";; -solaris*) _JNI_INC_SUBDIRS="solaris";; -mingw*) _JNI_INC_SUBDIRS="win32";; -cygwin*) _JNI_INC_SUBDIRS="win32";; -*) _JNI_INC_SUBDIRS="genunix";; -esac - -if test "x$ac_cv_jni_header_path" != "xnone"; then - # add any subdirectories that are present - for JINCSUBDIR in $_JNI_INC_SUBDIRS - do - if test -d "$_JTOPDIR/include/$JINCSUBDIR"; then - JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JTOPDIR/include/$JINCSUBDIR" - fi - done -fi -]) - -# _ACJNI_FOLLOW_SYMLINKS -# Follows symbolic links on , -# finally setting variable _ACJNI_FOLLOWED -# ---------------------------------------- -AC_DEFUN([_ACJNI_FOLLOW_SYMLINKS],[ -# find the include directory relative to the javac executable -_cur="$1" -while ls -ld "$_cur" 2>/dev/null | grep " -> " >/dev/null; do - AC_MSG_CHECKING([symlink for $_cur]) - _slink=`ls -ld "$_cur" | sed 's/.* -> //'` - case "$_slink" in - /*) _cur="$_slink";; - # 'X' avoids triggering unwanted echo options. - *) _cur=`echo "X$_cur" | sed -e 's/^X//' -e 's:[[^/]]*$::'`"$_slink";; - esac - AC_MSG_RESULT([$_cur]) -done -_ACJNI_FOLLOWED="$_cur" -])# _ACJNI diff --git a/deps/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 b/deps/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 deleted file mode 100644 index 77fd346a7..000000000 --- a/deps/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 +++ /dev/null @@ -1,125 +0,0 @@ -# =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html -# =========================================================================== -# -# SYNOPSIS -# -# AX_PROG_CC_FOR_BUILD -# -# DESCRIPTION -# -# This macro searches for a C compiler that generates native executables, -# that is a C compiler that surely is not a cross-compiler. This can be -# useful if you have to generate source code at compile-time like for -# example GCC does. -# -# The macro sets the CC_FOR_BUILD and CPP_FOR_BUILD macros to anything -# needed to compile or link (CC_FOR_BUILD) and preprocess (CPP_FOR_BUILD). -# The value of these variables can be overridden by the user by specifying -# a compiler with an environment variable (like you do for standard CC). -# -# It also sets BUILD_EXEEXT and BUILD_OBJEXT to the executable and object -# file extensions for the build platform, and GCC_FOR_BUILD to `yes' if -# the compiler we found is GCC. All these variables but GCC_FOR_BUILD are -# substituted in the Makefile. -# -# LICENSE -# -# Copyright (c) 2008 Paolo Bonzini -# -# Copying and distribution of this file, with or without modification, are -# permitted in any medium without royalty provided the copyright notice -# and this notice are preserved. This file is offered as-is, without any -# warranty. - -#serial 8 - -AU_ALIAS([AC_PROG_CC_FOR_BUILD], [AX_PROG_CC_FOR_BUILD]) -AC_DEFUN([AX_PROG_CC_FOR_BUILD], [dnl -AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([AC_PROG_CPP])dnl -AC_REQUIRE([AC_EXEEXT])dnl -AC_REQUIRE([AC_CANONICAL_HOST])dnl - -dnl Use the standard macros, but make them use other variable names -dnl -pushdef([ac_cv_prog_CPP], ac_cv_build_prog_CPP)dnl -pushdef([ac_cv_prog_gcc], ac_cv_build_prog_gcc)dnl -pushdef([ac_cv_prog_cc_works], ac_cv_build_prog_cc_works)dnl -pushdef([ac_cv_prog_cc_cross], ac_cv_build_prog_cc_cross)dnl -pushdef([ac_cv_prog_cc_g], ac_cv_build_prog_cc_g)dnl -pushdef([ac_cv_exeext], ac_cv_build_exeext)dnl -pushdef([ac_cv_objext], ac_cv_build_objext)dnl -pushdef([ac_exeext], ac_build_exeext)dnl -pushdef([ac_objext], ac_build_objext)dnl -pushdef([CC], CC_FOR_BUILD)dnl -pushdef([CPP], CPP_FOR_BUILD)dnl -pushdef([CFLAGS], CFLAGS_FOR_BUILD)dnl -pushdef([CPPFLAGS], CPPFLAGS_FOR_BUILD)dnl -pushdef([LDFLAGS], LDFLAGS_FOR_BUILD)dnl -pushdef([host], build)dnl -pushdef([host_alias], build_alias)dnl -pushdef([host_cpu], build_cpu)dnl -pushdef([host_vendor], build_vendor)dnl -pushdef([host_os], build_os)dnl -pushdef([ac_cv_host], ac_cv_build)dnl -pushdef([ac_cv_host_alias], ac_cv_build_alias)dnl -pushdef([ac_cv_host_cpu], ac_cv_build_cpu)dnl -pushdef([ac_cv_host_vendor], ac_cv_build_vendor)dnl -pushdef([ac_cv_host_os], ac_cv_build_os)dnl -pushdef([ac_cpp], ac_build_cpp)dnl -pushdef([ac_compile], ac_build_compile)dnl -pushdef([ac_link], ac_build_link)dnl - -save_cross_compiling=$cross_compiling -save_ac_tool_prefix=$ac_tool_prefix -cross_compiling=no -ac_tool_prefix= - -AC_PROG_CC -AC_PROG_CPP -AC_EXEEXT - -ac_tool_prefix=$save_ac_tool_prefix -cross_compiling=$save_cross_compiling - -dnl Restore the old definitions -dnl -popdef([ac_link])dnl -popdef([ac_compile])dnl -popdef([ac_cpp])dnl -popdef([ac_cv_host_os])dnl -popdef([ac_cv_host_vendor])dnl -popdef([ac_cv_host_cpu])dnl -popdef([ac_cv_host_alias])dnl -popdef([ac_cv_host])dnl -popdef([host_os])dnl -popdef([host_vendor])dnl -popdef([host_cpu])dnl -popdef([host_alias])dnl -popdef([host])dnl -popdef([LDFLAGS])dnl -popdef([CPPFLAGS])dnl -popdef([CFLAGS])dnl -popdef([CPP])dnl -popdef([CC])dnl -popdef([ac_objext])dnl -popdef([ac_exeext])dnl -popdef([ac_cv_objext])dnl -popdef([ac_cv_exeext])dnl -popdef([ac_cv_prog_cc_g])dnl -popdef([ac_cv_prog_cc_cross])dnl -popdef([ac_cv_prog_cc_works])dnl -popdef([ac_cv_prog_gcc])dnl -popdef([ac_cv_prog_CPP])dnl - -dnl Finally, set Makefile variables -dnl -BUILD_EXEEXT=$ac_build_exeext -BUILD_OBJEXT=$ac_build_objext -AC_SUBST(BUILD_EXEEXT)dnl -AC_SUBST(BUILD_OBJEXT)dnl -AC_SUBST([CFLAGS_FOR_BUILD])dnl -AC_SUBST([CPPFLAGS_FOR_BUILD])dnl -AC_SUBST([LDFLAGS_FOR_BUILD])dnl -]) diff --git a/deps/secp256k1/build-aux/m4/bitcoin_secp.m4 b/deps/secp256k1/build-aux/m4/bitcoin_secp.m4 deleted file mode 100644 index 3b3975cbd..000000000 --- a/deps/secp256k1/build-aux/m4/bitcoin_secp.m4 +++ /dev/null @@ -1,68 +0,0 @@ -dnl libsecp25k1 helper checks -AC_DEFUN([SECP_INT128_CHECK],[ -has_int128=$ac_cv_type___int128 -]) - -dnl escape "$0x" below using the m4 quadrigaph @S|@, and escape it again with a \ for the shell. -AC_DEFUN([SECP_64BIT_ASM_CHECK],[ -AC_MSG_CHECKING(for x86_64 assembly availability) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - #include ]],[[ - uint64_t a = 11, tmp; - __asm__ __volatile__("movq \@S|@0x100000000,%1; mulq %%rsi" : "+a"(a) : "S"(tmp) : "cc", "%rdx"); - ]])],[has_64bit_asm=yes],[has_64bit_asm=no]) -AC_MSG_RESULT([$has_64bit_asm]) -]) - -dnl -AC_DEFUN([SECP_OPENSSL_CHECK],[ - has_libcrypto=no - m4_ifdef([PKG_CHECK_MODULES],[ - PKG_CHECK_MODULES([CRYPTO], [libcrypto], [has_libcrypto=yes],[has_libcrypto=no]) - if test x"$has_libcrypto" = x"yes"; then - TEMP_LIBS="$LIBS" - LIBS="$LIBS $CRYPTO_LIBS" - AC_CHECK_LIB(crypto, main,[AC_DEFINE(HAVE_LIBCRYPTO,1,[Define this symbol if libcrypto is installed])],[has_libcrypto=no]) - LIBS="$TEMP_LIBS" - fi - ]) - if test x$has_libcrypto = xno; then - AC_CHECK_HEADER(openssl/crypto.h,[ - AC_CHECK_LIB(crypto, main,[ - has_libcrypto=yes - CRYPTO_LIBS=-lcrypto - AC_DEFINE(HAVE_LIBCRYPTO,1,[Define this symbol if libcrypto is installed]) - ]) - ]) - LIBS= - fi -if test x"$has_libcrypto" = x"yes" && test x"$has_openssl_ec" = x; then - AC_MSG_CHECKING(for EC functions in libcrypto) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - #include - #include - #include ]],[[ - EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1); - ECDSA_sign(0, NULL, 0, NULL, NULL, eckey); - ECDSA_verify(0, NULL, 0, NULL, 0, eckey); - EC_KEY_free(eckey); - ECDSA_SIG *sig_openssl; - sig_openssl = ECDSA_SIG_new(); - ECDSA_SIG_free(sig_openssl); - ]])],[has_openssl_ec=yes],[has_openssl_ec=no]) - AC_MSG_RESULT([$has_openssl_ec]) -fi -]) - -dnl -AC_DEFUN([SECP_GMP_CHECK],[ -if test x"$has_gmp" != x"yes"; then - CPPFLAGS_TEMP="$CPPFLAGS" - CPPFLAGS="$GMP_CPPFLAGS $CPPFLAGS" - LIBS_TEMP="$LIBS" - LIBS="$GMP_LIBS $LIBS" - AC_CHECK_HEADER(gmp.h,[AC_CHECK_LIB(gmp, __gmpz_init,[has_gmp=yes; GMP_LIBS="$GMP_LIBS -lgmp"; AC_DEFINE(HAVE_LIBGMP,1,[Define this symbol if libgmp is installed])])]) - CPPFLAGS="$CPPFLAGS_TEMP" - LIBS="$LIBS_TEMP" -fi -]) diff --git a/deps/secp256k1/configure.ac b/deps/secp256k1/configure.ac deleted file mode 100644 index 2a8db0a51..000000000 --- a/deps/secp256k1/configure.ac +++ /dev/null @@ -1,591 +0,0 @@ -AC_PREREQ([2.60]) -AC_INIT([libsecp256k1],[0.1]) -AC_CONFIG_AUX_DIR([build-aux]) -AC_CONFIG_MACRO_DIR([build-aux/m4]) -AC_CANONICAL_HOST -AH_TOP([#ifndef LIBSECP256K1_CONFIG_H]) -AH_TOP([#define LIBSECP256K1_CONFIG_H]) -AH_BOTTOM([#endif /*LIBSECP256K1_CONFIG_H*/]) -AM_INIT_AUTOMAKE([foreign subdir-objects]) -LT_INIT - -dnl make the compilation flags quiet unless V=1 is used -m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) - -PKG_PROG_PKG_CONFIG - -AC_PATH_TOOL(AR, ar) -AC_PATH_TOOL(RANLIB, ranlib) -AC_PATH_TOOL(STRIP, strip) -AX_PROG_CC_FOR_BUILD - -if test "x$CFLAGS" = "x"; then - CFLAGS="-g" -fi - -AM_PROG_CC_C_O - -AC_PROG_CC_C89 -if test x"$ac_cv_prog_cc_c89" = x"no"; then - AC_MSG_ERROR([c89 compiler support required]) -fi -AM_PROG_AS - -case $host_os in - *darwin*) - if test x$cross_compiling != xyes; then - AC_PATH_PROG([BREW],brew,) - if test x$BREW != x; then - dnl These Homebrew packages may be keg-only, meaning that they won't be found - dnl in expected paths because they may conflict with system files. Ask - dnl Homebrew where each one is located, then adjust paths accordingly. - - openssl_prefix=`$BREW --prefix openssl 2>/dev/null` - gmp_prefix=`$BREW --prefix gmp 2>/dev/null` - if test x$openssl_prefix != x; then - PKG_CONFIG_PATH="$openssl_prefix/lib/pkgconfig:$PKG_CONFIG_PATH" - export PKG_CONFIG_PATH - fi - if test x$gmp_prefix != x; then - GMP_CPPFLAGS="-I$gmp_prefix/include" - GMP_LIBS="-L$gmp_prefix/lib" - fi - else - AC_PATH_PROG([PORT],port,) - dnl if homebrew isn't installed and macports is, add the macports default paths - dnl as a last resort. - if test x$PORT != x; then - CPPFLAGS="$CPPFLAGS -isystem /opt/local/include" - LDFLAGS="$LDFLAGS -L/opt/local/lib" - fi - fi - fi - ;; -esac - -CFLAGS="$CFLAGS -W" - -warn_CFLAGS="-std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function -Wno-long-long -Wno-overlength-strings" -saved_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS $warn_CFLAGS" -AC_MSG_CHECKING([if ${CC} supports ${warn_CFLAGS}]) -AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - CFLAGS="$saved_CFLAGS" - ]) - -saved_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -fvisibility=hidden" -AC_MSG_CHECKING([if ${CC} supports -fvisibility=hidden]) -AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - CFLAGS="$saved_CFLAGS" - ]) - -AC_ARG_ENABLE(benchmark, - AS_HELP_STRING([--enable-benchmark],[compile benchmark [default=yes]]), - [use_benchmark=$enableval], - [use_benchmark=yes]) - -AC_ARG_ENABLE(coverage, - AS_HELP_STRING([--enable-coverage],[enable compiler flags to support kcov coverage analysis [default=no]]), - [enable_coverage=$enableval], - [enable_coverage=no]) - -AC_ARG_ENABLE(tests, - AS_HELP_STRING([--enable-tests],[compile tests [default=yes]]), - [use_tests=$enableval], - [use_tests=yes]) - -AC_ARG_ENABLE(openssl_tests, - AS_HELP_STRING([--enable-openssl-tests],[enable OpenSSL tests [default=auto]]), - [enable_openssl_tests=$enableval], - [enable_openssl_tests=auto]) - -AC_ARG_ENABLE(experimental, - AS_HELP_STRING([--enable-experimental],[allow experimental configure options [default=no]]), - [use_experimental=$enableval], - [use_experimental=no]) - -AC_ARG_ENABLE(exhaustive_tests, - AS_HELP_STRING([--enable-exhaustive-tests],[compile exhaustive tests [default=yes]]), - [use_exhaustive_tests=$enableval], - [use_exhaustive_tests=yes]) - -AC_ARG_ENABLE(endomorphism, - AS_HELP_STRING([--enable-endomorphism],[enable endomorphism [default=no]]), - [use_endomorphism=$enableval], - [use_endomorphism=no]) - -AC_ARG_ENABLE(ecmult_static_precomputation, - AS_HELP_STRING([--enable-ecmult-static-precomputation],[enable precomputed ecmult table for signing [default=auto]]), - [use_ecmult_static_precomputation=$enableval], - [use_ecmult_static_precomputation=auto]) - -AC_ARG_ENABLE(module_ecdh, - AS_HELP_STRING([--enable-module-ecdh],[enable ECDH shared secret computation (experimental)]), - [enable_module_ecdh=$enableval], - [enable_module_ecdh=no]) - -AC_ARG_ENABLE(module_recovery, - AS_HELP_STRING([--enable-module-recovery],[enable ECDSA pubkey recovery module [default=no]]), - [enable_module_recovery=$enableval], - [enable_module_recovery=no]) - -AC_ARG_ENABLE(external_default_callbacks, - AS_HELP_STRING([--enable-external-default-callbacks],[enable external default callback functions [default=no]]), - [use_external_default_callbacks=$enableval], - [use_external_default_callbacks=no]) - -AC_ARG_ENABLE(jni, - AS_HELP_STRING([--enable-jni],[enable libsecp256k1_jni [default=no]]), - [use_jni=$enableval], - [use_jni=no]) - -AC_ARG_WITH([field], [AS_HELP_STRING([--with-field=64bit|32bit|auto], -[finite field implementation to use [default=auto]])],[req_field=$withval], [req_field=auto]) - -AC_ARG_WITH([bignum], [AS_HELP_STRING([--with-bignum=gmp|no|auto], -[bignum implementation to use [default=auto]])],[req_bignum=$withval], [req_bignum=auto]) - -AC_ARG_WITH([scalar], [AS_HELP_STRING([--with-scalar=64bit|32bit|auto], -[scalar implementation to use [default=auto]])],[req_scalar=$withval], [req_scalar=auto]) - -AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|arm|no|auto], -[assembly optimizations to use (experimental: arm) [default=auto]])],[req_asm=$withval], [req_asm=auto]) - -AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE|auto], -[window size for ecmult precomputation for verification, specified as integer in range [2..24].] -[Larger values result in possibly better performance at the cost of an exponentially larger precomputed table.] -[The table will store 2^(SIZE-2) * 64 bytes of data but can be larger in memory due to platform-specific padding and alignment.] -[If the endomorphism optimization is enabled, two tables of this size are used instead of only one.] -["auto" is a reasonable setting for desktop machines (currently 15). [default=auto]] -)], -[req_ecmult_window=$withval], [req_ecmult_window=auto]) - -AC_ARG_WITH([ecmult-gen-precision], [AS_HELP_STRING([--with-ecmult-gen-precision=2|4|8|auto], -[Precision bits to tune the precomputed table size for signing.] -[The size of the table is 32kB for 2 bits, 64kB for 4 bits, 512kB for 8 bits of precision.] -[A larger table size usually results in possible faster signing.] -["auto" is a reasonable setting for desktop machines (currently 4). [default=auto]] -)], -[req_ecmult_gen_precision=$withval], [req_ecmult_gen_precision=auto]) - -AC_CHECK_TYPES([__int128]) - -if test x"$enable_coverage" = x"yes"; then - AC_DEFINE(COVERAGE, 1, [Define this symbol to compile out all VERIFY code]) - CFLAGS="$CFLAGS -O0 --coverage" - LDFLAGS="$LDFLAGS --coverage" -else - CFLAGS="$CFLAGS -O3" -fi - -if test x"$use_ecmult_static_precomputation" != x"no"; then - # Temporarily switch to an environment for the native compiler - save_cross_compiling=$cross_compiling - cross_compiling=no - SAVE_CC="$CC" - CC="$CC_FOR_BUILD" - SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS_FOR_BUILD" - SAVE_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS_FOR_BUILD" - SAVE_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS_FOR_BUILD" - - warn_CFLAGS_FOR_BUILD="-Wall -Wextra -Wno-unused-function" - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $warn_CFLAGS_FOR_BUILD" - AC_MSG_CHECKING([if native ${CC_FOR_BUILD} supports ${warn_CFLAGS_FOR_BUILD}]) - AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - CFLAGS="$saved_CFLAGS" - ]) - - AC_MSG_CHECKING([for working native compiler: ${CC_FOR_BUILD}]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([], [])], - [working_native_cc=yes], - [working_native_cc=no],[dnl]) - - CFLAGS_FOR_BUILD="$CFLAGS" - - # Restore the environment - cross_compiling=$save_cross_compiling - CC="$SAVE_CC" - CFLAGS="$SAVE_CFLAGS" - CPPFLAGS="$SAVE_CPPFLAGS" - LDFLAGS="$SAVE_LDFLAGS" - - if test x"$working_native_cc" = x"no"; then - AC_MSG_RESULT([no]) - set_precomp=no - m4_define([please_set_for_build], [Please set CC_FOR_BUILD, CFLAGS_FOR_BUILD, CPPFLAGS_FOR_BUILD, and/or LDFLAGS_FOR_BUILD.]) - if test x"$use_ecmult_static_precomputation" = x"yes"; then - AC_MSG_ERROR([native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build]) - else - AC_MSG_WARN([Disabling statically generated ecmult table because the native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build]) - fi - else - AC_MSG_RESULT([yes]) - set_precomp=yes - fi -else - set_precomp=no -fi - -if test x"$req_asm" = x"auto"; then - SECP_64BIT_ASM_CHECK - if test x"$has_64bit_asm" = x"yes"; then - set_asm=x86_64 - fi - if test x"$set_asm" = x; then - set_asm=no - fi -else - set_asm=$req_asm - case $set_asm in - x86_64) - SECP_64BIT_ASM_CHECK - if test x"$has_64bit_asm" != x"yes"; then - AC_MSG_ERROR([x86_64 assembly optimization requested but not available]) - fi - ;; - arm) - ;; - no) - ;; - *) - AC_MSG_ERROR([invalid assembly optimization selection]) - ;; - esac -fi - -if test x"$req_field" = x"auto"; then - if test x"set_asm" = x"x86_64"; then - set_field=64bit - fi - if test x"$set_field" = x; then - SECP_INT128_CHECK - if test x"$has_int128" = x"yes"; then - set_field=64bit - fi - fi - if test x"$set_field" = x; then - set_field=32bit - fi -else - set_field=$req_field - case $set_field in - 64bit) - if test x"$set_asm" != x"x86_64"; then - SECP_INT128_CHECK - if test x"$has_int128" != x"yes"; then - AC_MSG_ERROR([64bit field explicitly requested but neither __int128 support or x86_64 assembly available]) - fi - fi - ;; - 32bit) - ;; - *) - AC_MSG_ERROR([invalid field implementation selection]) - ;; - esac -fi - -if test x"$req_scalar" = x"auto"; then - SECP_INT128_CHECK - if test x"$has_int128" = x"yes"; then - set_scalar=64bit - fi - if test x"$set_scalar" = x; then - set_scalar=32bit - fi -else - set_scalar=$req_scalar - case $set_scalar in - 64bit) - SECP_INT128_CHECK - if test x"$has_int128" != x"yes"; then - AC_MSG_ERROR([64bit scalar explicitly requested but __int128 support not available]) - fi - ;; - 32bit) - ;; - *) - AC_MSG_ERROR([invalid scalar implementation selected]) - ;; - esac -fi - -if test x"$req_bignum" = x"auto"; then - SECP_GMP_CHECK - if test x"$has_gmp" = x"yes"; then - set_bignum=gmp - fi - - if test x"$set_bignum" = x; then - set_bignum=no - fi -else - set_bignum=$req_bignum - case $set_bignum in - gmp) - SECP_GMP_CHECK - if test x"$has_gmp" != x"yes"; then - AC_MSG_ERROR([gmp bignum explicitly requested but libgmp not available]) - fi - ;; - no) - ;; - *) - AC_MSG_ERROR([invalid bignum implementation selection]) - ;; - esac -fi - -# select assembly optimization -use_external_asm=no - -case $set_asm in -x86_64) - AC_DEFINE(USE_ASM_X86_64, 1, [Define this symbol to enable x86_64 assembly optimizations]) - ;; -arm) - use_external_asm=yes - ;; -no) - ;; -*) - AC_MSG_ERROR([invalid assembly optimizations]) - ;; -esac - -# select field implementation -case $set_field in -64bit) - AC_DEFINE(USE_FIELD_5X52, 1, [Define this symbol to use the FIELD_5X52 implementation]) - ;; -32bit) - AC_DEFINE(USE_FIELD_10X26, 1, [Define this symbol to use the FIELD_10X26 implementation]) - ;; -*) - AC_MSG_ERROR([invalid field implementation]) - ;; -esac - -# select bignum implementation -case $set_bignum in -gmp) - AC_DEFINE(HAVE_LIBGMP, 1, [Define this symbol if libgmp is installed]) - AC_DEFINE(USE_NUM_GMP, 1, [Define this symbol to use the gmp implementation for num]) - AC_DEFINE(USE_FIELD_INV_NUM, 1, [Define this symbol to use the num-based field inverse implementation]) - AC_DEFINE(USE_SCALAR_INV_NUM, 1, [Define this symbol to use the num-based scalar inverse implementation]) - ;; -no) - AC_DEFINE(USE_NUM_NONE, 1, [Define this symbol to use no num implementation]) - AC_DEFINE(USE_FIELD_INV_BUILTIN, 1, [Define this symbol to use the native field inverse implementation]) - AC_DEFINE(USE_SCALAR_INV_BUILTIN, 1, [Define this symbol to use the native scalar inverse implementation]) - ;; -*) - AC_MSG_ERROR([invalid bignum implementation]) - ;; -esac - -#select scalar implementation -case $set_scalar in -64bit) - AC_DEFINE(USE_SCALAR_4X64, 1, [Define this symbol to use the 4x64 scalar implementation]) - ;; -32bit) - AC_DEFINE(USE_SCALAR_8X32, 1, [Define this symbol to use the 8x32 scalar implementation]) - ;; -*) - AC_MSG_ERROR([invalid scalar implementation]) - ;; -esac - -#set ecmult window size -if test x"$req_ecmult_window" = x"auto"; then - set_ecmult_window=15 -else - set_ecmult_window=$req_ecmult_window -fi - -error_window_size=['window size for ecmult precomputation not an integer in range [2..24] or "auto"'] -case $set_ecmult_window in -''|*[[!0-9]]*) - # no valid integer - AC_MSG_ERROR($error_window_size) - ;; -*) - if test "$set_ecmult_window" -lt 2 -o "$set_ecmult_window" -gt 24 ; then - # not in range - AC_MSG_ERROR($error_window_size) - fi - AC_DEFINE_UNQUOTED(ECMULT_WINDOW_SIZE, $set_ecmult_window, [Set window size for ecmult precomputation]) - ;; -esac - -#set ecmult gen precision -if test x"$req_ecmult_gen_precision" = x"auto"; then - set_ecmult_gen_precision=4 -else - set_ecmult_gen_precision=$req_ecmult_gen_precision -fi - -case $set_ecmult_gen_precision in -2|4|8) - AC_DEFINE_UNQUOTED(ECMULT_GEN_PREC_BITS, $set_ecmult_gen_precision, [Set ecmult gen precision bits]) - ;; -*) - AC_MSG_ERROR(['ecmult gen precision not 2, 4, 8 or "auto"']) - ;; -esac - -if test x"$use_tests" = x"yes"; then - SECP_OPENSSL_CHECK - if test x"$has_openssl_ec" = x"yes"; then - if test x"$enable_openssl_tests" != x"no"; then - AC_DEFINE(ENABLE_OPENSSL_TESTS, 1, [Define this symbol if OpenSSL EC functions are available]) - SECP_TEST_INCLUDES="$SSL_CFLAGS $CRYPTO_CFLAGS" - SECP_TEST_LIBS="$CRYPTO_LIBS" - - case $host in - *mingw*) - SECP_TEST_LIBS="$SECP_TEST_LIBS -lgdi32" - ;; - esac - fi - else - if test x"$enable_openssl_tests" = x"yes"; then - AC_MSG_ERROR([OpenSSL tests requested but OpenSSL with EC support is not available]) - fi - fi -else - if test x"$enable_openssl_tests" = x"yes"; then - AC_MSG_ERROR([OpenSSL tests requested but tests are not enabled]) - fi -fi - -if test x"$use_jni" != x"no"; then - AX_JNI_INCLUDE_DIR - have_jni_dependencies=yes - if test x"$enable_module_ecdh" = x"no"; then - have_jni_dependencies=no - fi - if test "x$JNI_INCLUDE_DIRS" = "x"; then - have_jni_dependencies=no - fi - if test "x$have_jni_dependencies" = "xno"; then - if test x"$use_jni" = x"yes"; then - AC_MSG_ERROR([jni support explicitly requested but headers/dependencies were not found. Enable ECDH and try again.]) - fi - AC_MSG_WARN([jni headers/dependencies not found. jni support disabled]) - use_jni=no - else - use_jni=yes - for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS; do - JNI_INCLUDES="$JNI_INCLUDES -I$JNI_INCLUDE_DIR" - done - fi -fi - -if test x"$set_bignum" = x"gmp"; then - SECP_LIBS="$SECP_LIBS $GMP_LIBS" - SECP_INCLUDES="$SECP_INCLUDES $GMP_CPPFLAGS" -fi - -if test x"$use_endomorphism" = x"yes"; then - AC_DEFINE(USE_ENDOMORPHISM, 1, [Define this symbol to use endomorphism optimization]) -fi - -if test x"$set_precomp" = x"yes"; then - AC_DEFINE(USE_ECMULT_STATIC_PRECOMPUTATION, 1, [Define this symbol to use a statically generated ecmult table]) -fi - -if test x"$enable_module_ecdh" = x"yes"; then - AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module]) -fi - -if test x"$enable_module_recovery" = x"yes"; then - AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module]) -fi - -AC_C_BIGENDIAN() - -if test x"$use_external_asm" = x"yes"; then - AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used]) -fi - -if test x"$use_external_default_callbacks" = x"yes"; then - AC_DEFINE(USE_EXTERNAL_DEFAULT_CALLBACKS, 1, [Define this symbol if an external implementation of the default callbacks is used]) -fi - -if test x"$enable_experimental" = x"yes"; then - AC_MSG_NOTICE([******]) - AC_MSG_NOTICE([WARNING: experimental build]) - AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.]) - AC_MSG_NOTICE([Building ECDH module: $enable_module_ecdh]) - AC_MSG_NOTICE([******]) -else - if test x"$enable_module_ecdh" = x"yes"; then - AC_MSG_ERROR([ECDH module is experimental. Use --enable-experimental to allow.]) - fi - if test x"$set_asm" = x"arm"; then - AC_MSG_ERROR([ARM assembly optimization is experimental. Use --enable-experimental to allow.]) - fi -fi - -AC_CONFIG_HEADERS([src/libsecp256k1-config.h]) -AC_CONFIG_FILES([Makefile libsecp256k1.pc]) -AC_SUBST(JNI_INCLUDES) -AC_SUBST(SECP_INCLUDES) -AC_SUBST(SECP_LIBS) -AC_SUBST(SECP_TEST_LIBS) -AC_SUBST(SECP_TEST_INCLUDES) -AM_CONDITIONAL([ENABLE_COVERAGE], [test x"$enable_coverage" = x"yes"]) -AM_CONDITIONAL([USE_TESTS], [test x"$use_tests" != x"no"]) -AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$use_exhaustive_tests" != x"no"]) -AM_CONDITIONAL([USE_BENCHMARK], [test x"$use_benchmark" = x"yes"]) -AM_CONDITIONAL([USE_ECMULT_STATIC_PRECOMPUTATION], [test x"$set_precomp" = x"yes"]) -AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"]) -AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"]) -AM_CONDITIONAL([USE_JNI], [test x"$use_jni" = x"yes"]) -AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$use_external_asm" = x"yes"]) -AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"]) - -dnl make sure nothing new is exported so that we don't break the cache -PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH" -unset PKG_CONFIG_PATH -PKG_CONFIG_PATH="$PKGCONFIG_PATH_TEMP" - -AC_OUTPUT - -echo -echo "Build Options:" -echo " with endomorphism = $use_endomorphism" -echo " with ecmult precomp = $set_precomp" -echo " with external callbacks = $use_external_default_callbacks" -echo " with jni = $use_jni" -echo " with benchmarks = $use_benchmark" -echo " with coverage = $enable_coverage" -echo " module ecdh = $enable_module_ecdh" -echo " module recovery = $enable_module_recovery" -echo -echo " asm = $set_asm" -echo " bignum = $set_bignum" -echo " field = $set_field" -echo " scalar = $set_scalar" -echo " ecmult window size = $set_ecmult_window" -echo " ecmult gen prec. bits = $set_ecmult_gen_precision" -echo -echo " CC = $CC" -echo " CFLAGS = $CFLAGS" -echo " CPPFLAGS = $CPPFLAGS" -echo " LDFLAGS = $LDFLAGS" -echo diff --git a/deps/secp256k1/contrib/lax_der_parsing.c b/deps/secp256k1/contrib/lax_der_parsing.c deleted file mode 100644 index e177a0562..000000000 --- a/deps/secp256k1/contrib/lax_der_parsing.c +++ /dev/null @@ -1,150 +0,0 @@ -/********************************************************************** - * Copyright (c) 2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#include -#include - -#include "lax_der_parsing.h" - -int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { - size_t rpos, rlen, spos, slen; - size_t pos = 0; - size_t lenbyte; - unsigned char tmpsig[64] = {0}; - int overflow = 0; - - /* Hack to initialize sig with a correctly-parsed but invalid signature. */ - secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); - - /* Sequence tag byte */ - if (pos == inputlen || input[pos] != 0x30) { - return 0; - } - pos++; - - /* Sequence length bytes */ - if (pos == inputlen) { - return 0; - } - lenbyte = input[pos++]; - if (lenbyte & 0x80) { - lenbyte -= 0x80; - if (lenbyte > inputlen - pos) { - return 0; - } - pos += lenbyte; - } - - /* Integer tag byte for R */ - if (pos == inputlen || input[pos] != 0x02) { - return 0; - } - pos++; - - /* Integer length for R */ - if (pos == inputlen) { - return 0; - } - lenbyte = input[pos++]; - if (lenbyte & 0x80) { - lenbyte -= 0x80; - if (lenbyte > inputlen - pos) { - return 0; - } - while (lenbyte > 0 && input[pos] == 0) { - pos++; - lenbyte--; - } - if (lenbyte >= sizeof(size_t)) { - return 0; - } - rlen = 0; - while (lenbyte > 0) { - rlen = (rlen << 8) + input[pos]; - pos++; - lenbyte--; - } - } else { - rlen = lenbyte; - } - if (rlen > inputlen - pos) { - return 0; - } - rpos = pos; - pos += rlen; - - /* Integer tag byte for S */ - if (pos == inputlen || input[pos] != 0x02) { - return 0; - } - pos++; - - /* Integer length for S */ - if (pos == inputlen) { - return 0; - } - lenbyte = input[pos++]; - if (lenbyte & 0x80) { - lenbyte -= 0x80; - if (lenbyte > inputlen - pos) { - return 0; - } - while (lenbyte > 0 && input[pos] == 0) { - pos++; - lenbyte--; - } - if (lenbyte >= sizeof(size_t)) { - return 0; - } - slen = 0; - while (lenbyte > 0) { - slen = (slen << 8) + input[pos]; - pos++; - lenbyte--; - } - } else { - slen = lenbyte; - } - if (slen > inputlen - pos) { - return 0; - } - spos = pos; - pos += slen; - - /* Ignore leading zeroes in R */ - while (rlen > 0 && input[rpos] == 0) { - rlen--; - rpos++; - } - /* Copy R value */ - if (rlen > 32) { - overflow = 1; - } else { - memcpy(tmpsig + 32 - rlen, input + rpos, rlen); - } - - /* Ignore leading zeroes in S */ - while (slen > 0 && input[spos] == 0) { - slen--; - spos++; - } - /* Copy S value */ - if (slen > 32) { - overflow = 1; - } else { - memcpy(tmpsig + 64 - slen, input + spos, slen); - } - - if (!overflow) { - overflow = !secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); - } - if (overflow) { - memset(tmpsig, 0, 64); - secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); - } - return 1; -} - diff --git a/deps/secp256k1/contrib/lax_der_parsing.h b/deps/secp256k1/contrib/lax_der_parsing.h deleted file mode 100644 index 7eaf63bf6..000000000 --- a/deps/secp256k1/contrib/lax_der_parsing.h +++ /dev/null @@ -1,91 +0,0 @@ -/********************************************************************** - * Copyright (c) 2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -/**** - * Please do not link this file directly. It is not part of the libsecp256k1 - * project and does not promise any stability in its API, functionality or - * presence. Projects which use this code should instead copy this header - * and its accompanying .c file directly into their codebase. - ****/ - -/* This file defines a function that parses DER with various errors and - * violations. This is not a part of the library itself, because the allowed - * violations are chosen arbitrarily and do not follow or establish any - * standard. - * - * In many places it matters that different implementations do not only accept - * the same set of valid signatures, but also reject the same set of signatures. - * The only means to accomplish that is by strictly obeying a standard, and not - * accepting anything else. - * - * Nonetheless, sometimes there is a need for compatibility with systems that - * use signatures which do not strictly obey DER. The snippet below shows how - * certain violations are easily supported. You may need to adapt it. - * - * Do not use this for new systems. Use well-defined DER or compact signatures - * instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and - * secp256k1_ecdsa_signature_parse_compact). - * - * The supported violations are: - * - All numbers are parsed as nonnegative integers, even though X.609-0207 - * section 8.3.3 specifies that integers are always encoded as two's - * complement. - * - Integers can have length 0, even though section 8.3.1 says they can't. - * - Integers with overly long padding are accepted, violation section - * 8.3.2. - * - 127-byte long length descriptors are accepted, even though section - * 8.1.3.5.c says that they are not. - * - Trailing garbage data inside or after the signature is ignored. - * - The length descriptor of the sequence is ignored. - * - * Compared to for example OpenSSL, many violations are NOT supported: - * - Using overly long tag descriptors for the sequence or integers inside, - * violating section 8.1.2.2. - * - Encoding primitive integers as constructed values, violating section - * 8.3.1. - */ - -#ifndef SECP256K1_CONTRIB_LAX_DER_PARSING_H -#define SECP256K1_CONTRIB_LAX_DER_PARSING_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** Parse a signature in "lax DER" format - * - * Returns: 1 when the signature could be parsed, 0 otherwise. - * Args: ctx: a secp256k1 context object - * Out: sig: a pointer to a signature object - * In: input: a pointer to the signature to be parsed - * inputlen: the length of the array pointed to be input - * - * This function will accept any valid DER encoded signature, even if the - * encoded numbers are out of range. In addition, it will accept signatures - * which violate the DER spec in various ways. Its purpose is to allow - * validation of the Bitcoin blockchain, which includes non-DER signatures - * from before the network rules were updated to enforce DER. Note that - * the set of supported violations is a strict subset of what OpenSSL will - * accept. - * - * After the call, sig will always be initialized. If parsing failed or the - * encoded numbers are out of range, signature validation with it is - * guaranteed to fail for every message and public key. - */ -int ecdsa_signature_parse_der_lax( - const secp256k1_context* ctx, - secp256k1_ecdsa_signature* sig, - const unsigned char *input, - size_t inputlen -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -#ifdef __cplusplus -} -#endif - -#endif /* SECP256K1_CONTRIB_LAX_DER_PARSING_H */ diff --git a/deps/secp256k1/contrib/lax_der_privatekey_parsing.c b/deps/secp256k1/contrib/lax_der_privatekey_parsing.c deleted file mode 100644 index c2e63b4b8..000000000 --- a/deps/secp256k1/contrib/lax_der_privatekey_parsing.c +++ /dev/null @@ -1,113 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014, 2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#include -#include - -#include "lax_der_privatekey_parsing.h" - -int ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) { - const unsigned char *end = privkey + privkeylen; - int lenb = 0; - int len = 0; - memset(out32, 0, 32); - /* sequence header */ - if (end < privkey+1 || *privkey != 0x30) { - return 0; - } - privkey++; - /* sequence length constructor */ - if (end < privkey+1 || !(*privkey & 0x80)) { - return 0; - } - lenb = *privkey & ~0x80; privkey++; - if (lenb < 1 || lenb > 2) { - return 0; - } - if (end < privkey+lenb) { - return 0; - } - /* sequence length */ - len = privkey[lenb-1] | (lenb > 1 ? privkey[lenb-2] << 8 : 0); - privkey += lenb; - if (end < privkey+len) { - return 0; - } - /* sequence element 0: version number (=1) */ - if (end < privkey+3 || privkey[0] != 0x02 || privkey[1] != 0x01 || privkey[2] != 0x01) { - return 0; - } - privkey += 3; - /* sequence element 1: octet string, up to 32 bytes */ - if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1]) { - return 0; - } - memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]); - if (!secp256k1_ec_seckey_verify(ctx, out32)) { - memset(out32, 0, 32); - return 0; - } - return 1; -} - -int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) { - secp256k1_pubkey pubkey; - size_t pubkeylen = 0; - if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) { - *privkeylen = 0; - return 0; - } - if (compressed) { - static const unsigned char begin[] = { - 0x30,0x81,0xD3,0x02,0x01,0x01,0x04,0x20 - }; - static const unsigned char middle[] = { - 0xA0,0x81,0x85,0x30,0x81,0x82,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48, - 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04, - 0x21,0x02,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87, - 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8, - 0x17,0x98,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E, - 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x24,0x03,0x22,0x00 - }; - unsigned char *ptr = privkey; - memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); - memcpy(ptr, key32, 32); ptr += 32; - memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); - pubkeylen = 33; - secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED); - ptr += pubkeylen; - *privkeylen = ptr - privkey; - } else { - static const unsigned char begin[] = { - 0x30,0x82,0x01,0x13,0x02,0x01,0x01,0x04,0x20 - }; - static const unsigned char middle[] = { - 0xA0,0x81,0xA5,0x30,0x81,0xA2,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48, - 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04, - 0x41,0x04,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87, - 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8, - 0x17,0x98,0x48,0x3A,0xDA,0x77,0x26,0xA3,0xC4,0x65,0x5D,0xA4,0xFB,0xFC,0x0E,0x11, - 0x08,0xA8,0xFD,0x17,0xB4,0x48,0xA6,0x85,0x54,0x19,0x9C,0x47,0xD0,0x8F,0xFB,0x10, - 0xD4,0xB8,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E, - 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x44,0x03,0x42,0x00 - }; - unsigned char *ptr = privkey; - memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); - memcpy(ptr, key32, 32); ptr += 32; - memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); - pubkeylen = 65; - secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED); - ptr += pubkeylen; - *privkeylen = ptr - privkey; - } - return 1; -} diff --git a/deps/secp256k1/contrib/lax_der_privatekey_parsing.h b/deps/secp256k1/contrib/lax_der_privatekey_parsing.h deleted file mode 100644 index fece261fb..000000000 --- a/deps/secp256k1/contrib/lax_der_privatekey_parsing.h +++ /dev/null @@ -1,90 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014, 2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -/**** - * Please do not link this file directly. It is not part of the libsecp256k1 - * project and does not promise any stability in its API, functionality or - * presence. Projects which use this code should instead copy this header - * and its accompanying .c file directly into their codebase. - ****/ - -/* This file contains code snippets that parse DER private keys with - * various errors and violations. This is not a part of the library - * itself, because the allowed violations are chosen arbitrarily and - * do not follow or establish any standard. - * - * It also contains code to serialize private keys in a compatible - * manner. - * - * These functions are meant for compatibility with applications - * that require BER encoded keys. When working with secp256k1-specific - * code, the simple 32-byte private keys normally used by the - * library are sufficient. - */ - -#ifndef SECP256K1_CONTRIB_BER_PRIVATEKEY_H -#define SECP256K1_CONTRIB_BER_PRIVATEKEY_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** Export a private key in DER format. - * - * Returns: 1 if the private key was valid. - * Args: ctx: pointer to a context object, initialized for signing (cannot - * be NULL) - * Out: privkey: pointer to an array for storing the private key in BER. - * Should have space for 279 bytes, and cannot be NULL. - * privkeylen: Pointer to an int where the length of the private key in - * privkey will be stored. - * In: seckey: pointer to a 32-byte secret key to export. - * compressed: 1 if the key should be exported in - * compressed format, 0 otherwise - * - * This function is purely meant for compatibility with applications that - * require BER encoded keys. When working with secp256k1-specific code, the - * simple 32-byte private keys are sufficient. - * - * Note that this function does not guarantee correct DER output. It is - * guaranteed to be parsable by secp256k1_ec_privkey_import_der - */ -SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der( - const secp256k1_context* ctx, - unsigned char *privkey, - size_t *privkeylen, - const unsigned char *seckey, - int compressed -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); - -/** Import a private key in DER format. - * Returns: 1 if a private key was extracted. - * Args: ctx: pointer to a context object (cannot be NULL). - * Out: seckey: pointer to a 32-byte array for storing the private key. - * (cannot be NULL). - * In: privkey: pointer to a private key in DER format (cannot be NULL). - * privkeylen: length of the DER private key pointed to be privkey. - * - * This function will accept more than just strict DER, and even allow some BER - * violations. The public key stored inside the DER-encoded private key is not - * verified for correctness, nor are the curve parameters. Use this function - * only if you know in advance it is supposed to contain a secp256k1 private - * key. - */ -SECP256K1_WARN_UNUSED_RESULT int ec_privkey_import_der( - const secp256k1_context* ctx, - unsigned char *seckey, - const unsigned char *privkey, - size_t privkeylen -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -#ifdef __cplusplus -} -#endif - -#endif /* SECP256K1_CONTRIB_BER_PRIVATEKEY_H */ diff --git a/deps/secp256k1/include/secp256k1.h b/deps/secp256k1/include/secp256k1.h deleted file mode 100644 index 36020e516..000000000 --- a/deps/secp256k1/include/secp256k1.h +++ /dev/null @@ -1,708 +0,0 @@ -#ifndef SECP256K1_H -#define SECP256K1_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -/* These rules specify the order of arguments in API calls: - * - * 1. Context pointers go first, followed by output arguments, combined - * output/input arguments, and finally input-only arguments. - * 2. Array lengths always immediately the follow the argument whose length - * they describe, even if this violates rule 1. - * 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated - * later go first. This means: signatures, public nonces, private nonces, - * messages, public keys, secret keys, tweaks. - * 4. Arguments that are not data pointers go last, from more complex to less - * complex: function pointers, algorithm names, messages, void pointers, - * counts, flags, booleans. - * 5. Opaque data pointers follow the function pointer they are to be passed to. - */ - -/** Opaque data structure that holds context information (precomputed tables etc.). - * - * The purpose of context structures is to cache large precomputed data tables - * that are expensive to construct, and also to maintain the randomization data - * for blinding. - * - * Do not create a new context object for each operation, as construction is - * far slower than all other API calls (~100 times slower than an ECDSA - * verification). - * - * A constructed context can safely be used from multiple threads - * simultaneously, but API calls that take a non-const pointer to a context - * need exclusive access to it. In particular this is the case for - * secp256k1_context_destroy, secp256k1_context_preallocated_destroy, - * and secp256k1_context_randomize. - * - * Regarding randomization, either do it once at creation time (in which case - * you do not need any locking for the other calls), or use a read-write lock. - */ -typedef struct secp256k1_context_struct secp256k1_context; - -/** Opaque data structure that holds rewriteable "scratch space" - * - * The purpose of this structure is to replace dynamic memory allocations, - * because we target architectures where this may not be available. It is - * essentially a resizable (within specified parameters) block of bytes, - * which is initially created either by memory allocation or TODO as a pointer - * into some fixed rewritable space. - * - * Unlike the context object, this cannot safely be shared between threads - * without additional synchronization logic. - */ -typedef struct secp256k1_scratch_space_struct secp256k1_scratch_space; - -/** Opaque data structure that holds a parsed and valid public key. - * - * The exact representation of data inside is implementation defined and not - * guaranteed to be portable between different platforms or versions. It is - * however guaranteed to be 64 bytes in size, and can be safely copied/moved. - * If you need to convert to a format suitable for storage, transmission, or - * comparison, use secp256k1_ec_pubkey_serialize and secp256k1_ec_pubkey_parse. - */ -typedef struct { - unsigned char data[64]; -} secp256k1_pubkey; - -/** Opaque data structured that holds a parsed ECDSA signature. - * - * The exact representation of data inside is implementation defined and not - * guaranteed to be portable between different platforms or versions. It is - * however guaranteed to be 64 bytes in size, and can be safely copied/moved. - * If you need to convert to a format suitable for storage, transmission, or - * comparison, use the secp256k1_ecdsa_signature_serialize_* and - * secp256k1_ecdsa_signature_parse_* functions. - */ -typedef struct { - unsigned char data[64]; -} secp256k1_ecdsa_signature; - -/** A pointer to a function to deterministically generate a nonce. - * - * Returns: 1 if a nonce was successfully generated. 0 will cause signing to fail. - * Out: nonce32: pointer to a 32-byte array to be filled by the function. - * In: msg32: the 32-byte message hash being verified (will not be NULL) - * key32: pointer to a 32-byte secret key (will not be NULL) - * algo16: pointer to a 16-byte array describing the signature - * algorithm (will be NULL for ECDSA for compatibility). - * data: Arbitrary data pointer that is passed through. - * attempt: how many iterations we have tried to find a nonce. - * This will almost always be 0, but different attempt values - * are required to result in a different nonce. - * - * Except for test cases, this function should compute some cryptographic hash of - * the message, the algorithm, the key and the attempt. - */ -typedef int (*secp256k1_nonce_function)( - unsigned char *nonce32, - const unsigned char *msg32, - const unsigned char *key32, - const unsigned char *algo16, - void *data, - unsigned int attempt -); - -# if !defined(SECP256K1_GNUC_PREREQ) -# if defined(__GNUC__)&&defined(__GNUC_MINOR__) -# define SECP256K1_GNUC_PREREQ(_maj,_min) \ - ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min)) -# else -# define SECP256K1_GNUC_PREREQ(_maj,_min) 0 -# endif -# endif - -# if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) ) -# if SECP256K1_GNUC_PREREQ(2,7) -# define SECP256K1_INLINE __inline__ -# elif (defined(_MSC_VER)) -# define SECP256K1_INLINE __inline -# else -# define SECP256K1_INLINE -# endif -# else -# define SECP256K1_INLINE inline -# endif - -#ifndef SECP256K1_API -# if defined(_WIN32) -# ifdef SECP256K1_BUILD -# define SECP256K1_API __declspec(dllexport) -# else -# define SECP256K1_API -# endif -# elif defined(__GNUC__) && defined(SECP256K1_BUILD) -# define SECP256K1_API __attribute__ ((visibility ("default"))) -# else -# define SECP256K1_API -# endif -#endif - -/**Warning attributes - * NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out - * some paranoid null checks. */ -# if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4) -# define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__)) -# else -# define SECP256K1_WARN_UNUSED_RESULT -# endif -# if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4) -# define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x))) -# else -# define SECP256K1_ARG_NONNULL(_x) -# endif - -/** All flags' lower 8 bits indicate what they're for. Do not use directly. */ -#define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1) -#define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0) -#define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1) -/** The higher bits contain the actual data. Do not use directly. */ -#define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8) -#define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9) -#define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8) - -/** Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and - * secp256k1_context_preallocated_create. */ -#define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) -#define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN) -#define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT) - -/** Flag to pass to secp256k1_ec_pubkey_serialize. */ -#define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION) -#define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION) - -/** Prefix byte used to tag various encoded curvepoints for specific purposes */ -#define SECP256K1_TAG_PUBKEY_EVEN 0x02 -#define SECP256K1_TAG_PUBKEY_ODD 0x03 -#define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04 -#define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06 -#define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07 - -/** A simple secp256k1 context object with no precomputed tables. These are useful for - * type serialization/parsing functions which require a context object to maintain - * API consistency, but currently do not require expensive precomputations or dynamic - * allocations. - */ -SECP256K1_API extern const secp256k1_context *secp256k1_context_no_precomp; - -/** Create a secp256k1 context object (in dynamically allocated memory). - * - * This function uses malloc to allocate memory. It is guaranteed that malloc is - * called at most once for every call of this function. If you need to avoid dynamic - * memory allocation entirely, see the functions in secp256k1_preallocated.h. - * - * Returns: a newly created context object. - * In: flags: which parts of the context to initialize. - * - * See also secp256k1_context_randomize. - */ -SECP256K1_API secp256k1_context* secp256k1_context_create( - unsigned int flags -) SECP256K1_WARN_UNUSED_RESULT; - -/** Copy a secp256k1 context object (into dynamically allocated memory). - * - * This function uses malloc to allocate memory. It is guaranteed that malloc is - * called at most once for every call of this function. If you need to avoid dynamic - * memory allocation entirely, see the functions in secp256k1_preallocated.h. - * - * Returns: a newly created context object. - * Args: ctx: an existing context to copy (cannot be NULL) - */ -SECP256K1_API secp256k1_context* secp256k1_context_clone( - const secp256k1_context* ctx -) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; - -/** Destroy a secp256k1 context object (created in dynamically allocated memory). - * - * The context pointer may not be used afterwards. - * - * The context to destroy must have been created using secp256k1_context_create - * or secp256k1_context_clone. If the context has instead been created using - * secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone, the - * behaviour is undefined. In that case, secp256k1_context_preallocated_destroy must - * be used instead. - * - * Args: ctx: an existing context to destroy, constructed using - * secp256k1_context_create or secp256k1_context_clone - */ -SECP256K1_API void secp256k1_context_destroy( - secp256k1_context* ctx -); - -/** Set a callback function to be called when an illegal argument is passed to - * an API call. It will only trigger for violations that are mentioned - * explicitly in the header. - * - * The philosophy is that these shouldn't be dealt with through a - * specific return value, as calling code should not have branches to deal with - * the case that this code itself is broken. - * - * On the other hand, during debug stage, one would want to be informed about - * such mistakes, and the default (crashing) may be inadvisable. - * When this callback is triggered, the API function called is guaranteed not - * to cause a crash, though its return value and output arguments are - * undefined. - * - * When this function has not been called (or called with fn==NULL), then the - * default handler will be used. The library provides a default handler which - * writes the message to stderr and calls abort. This default handler can be - * replaced at link time if the preprocessor macro - * USE_EXTERNAL_DEFAULT_CALLBACKS is defined, which is the case if the build - * has been configured with --enable-external-default-callbacks. Then the - * following two symbols must be provided to link against: - * - void secp256k1_default_illegal_callback_fn(const char* message, void* data); - * - void secp256k1_default_error_callback_fn(const char* message, void* data); - * The library can call these default handlers even before a proper callback data - * pointer could have been set using secp256k1_context_set_illegal_callback or - * secp256k1_context_set_error_callback, e.g., when the creation of a context - * fails. In this case, the corresponding default handler will be called with - * the data pointer argument set to NULL. - * - * Args: ctx: an existing context object (cannot be NULL) - * In: fun: a pointer to a function to call when an illegal argument is - * passed to the API, taking a message and an opaque pointer. - * (NULL restores the default handler.) - * data: the opaque pointer to pass to fun above. - * - * See also secp256k1_context_set_error_callback. - */ -SECP256K1_API void secp256k1_context_set_illegal_callback( - secp256k1_context* ctx, - void (*fun)(const char* message, void* data), - const void* data -) SECP256K1_ARG_NONNULL(1); - -/** Set a callback function to be called when an internal consistency check - * fails. The default is crashing. - * - * This can only trigger in case of a hardware failure, miscompilation, - * memory corruption, serious bug in the library, or other error would can - * otherwise result in undefined behaviour. It will not trigger due to mere - * incorrect usage of the API (see secp256k1_context_set_illegal_callback - * for that). After this callback returns, anything may happen, including - * crashing. - * - * Args: ctx: an existing context object (cannot be NULL) - * In: fun: a pointer to a function to call when an internal error occurs, - * taking a message and an opaque pointer (NULL restores the - * default handler, see secp256k1_context_set_illegal_callback - * for details). - * data: the opaque pointer to pass to fun above. - * - * See also secp256k1_context_set_illegal_callback. - */ -SECP256K1_API void secp256k1_context_set_error_callback( - secp256k1_context* ctx, - void (*fun)(const char* message, void* data), - const void* data -) SECP256K1_ARG_NONNULL(1); - -/** Create a secp256k1 scratch space object. - * - * Returns: a newly created scratch space. - * Args: ctx: an existing context object (cannot be NULL) - * In: size: amount of memory to be available as scratch space. Some extra - * (<100 bytes) will be allocated for extra accounting. - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space* secp256k1_scratch_space_create( - const secp256k1_context* ctx, - size_t size -) SECP256K1_ARG_NONNULL(1); - -/** Destroy a secp256k1 scratch space. - * - * The pointer may not be used afterwards. - * Args: ctx: a secp256k1 context object. - * scratch: space to destroy - */ -SECP256K1_API void secp256k1_scratch_space_destroy( - const secp256k1_context* ctx, - secp256k1_scratch_space* scratch -) SECP256K1_ARG_NONNULL(1); - -/** Parse a variable-length public key into the pubkey object. - * - * Returns: 1 if the public key was fully valid. - * 0 if the public key could not be parsed or is invalid. - * Args: ctx: a secp256k1 context object. - * Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a - * parsed version of input. If not, its value is undefined. - * In: input: pointer to a serialized public key - * inputlen: length of the array pointed to by input - * - * This function supports parsing compressed (33 bytes, header byte 0x02 or - * 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header - * byte 0x06 or 0x07) format public keys. - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse( - const secp256k1_context* ctx, - secp256k1_pubkey* pubkey, - const unsigned char *input, - size_t inputlen -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Serialize a pubkey object into a serialized byte sequence. - * - * Returns: 1 always. - * Args: ctx: a secp256k1 context object. - * Out: output: a pointer to a 65-byte (if compressed==0) or 33-byte (if - * compressed==1) byte array to place the serialized key - * in. - * In/Out: outputlen: a pointer to an integer which is initially set to the - * size of output, and is overwritten with the written - * size. - * In: pubkey: a pointer to a secp256k1_pubkey containing an - * initialized public key. - * flags: SECP256K1_EC_COMPRESSED if serialization should be in - * compressed format, otherwise SECP256K1_EC_UNCOMPRESSED. - */ -SECP256K1_API int secp256k1_ec_pubkey_serialize( - const secp256k1_context* ctx, - unsigned char *output, - size_t *outputlen, - const secp256k1_pubkey* pubkey, - unsigned int flags -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); - -/** Parse an ECDSA signature in compact (64 bytes) format. - * - * Returns: 1 when the signature could be parsed, 0 otherwise. - * Args: ctx: a secp256k1 context object - * Out: sig: a pointer to a signature object - * In: input64: a pointer to the 64-byte array to parse - * - * The signature must consist of a 32-byte big endian R value, followed by a - * 32-byte big endian S value. If R or S fall outside of [0..order-1], the - * encoding is invalid. R and S with value 0 are allowed in the encoding. - * - * After the call, sig will always be initialized. If parsing failed or R or - * S are zero, the resulting sig value is guaranteed to fail validation for any - * message and public key. - */ -SECP256K1_API int secp256k1_ecdsa_signature_parse_compact( - const secp256k1_context* ctx, - secp256k1_ecdsa_signature* sig, - const unsigned char *input64 -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Parse a DER ECDSA signature. - * - * Returns: 1 when the signature could be parsed, 0 otherwise. - * Args: ctx: a secp256k1 context object - * Out: sig: a pointer to a signature object - * In: input: a pointer to the signature to be parsed - * inputlen: the length of the array pointed to be input - * - * This function will accept any valid DER encoded signature, even if the - * encoded numbers are out of range. - * - * After the call, sig will always be initialized. If parsing failed or the - * encoded numbers are out of range, signature validation with it is - * guaranteed to fail for every message and public key. - */ -SECP256K1_API int secp256k1_ecdsa_signature_parse_der( - const secp256k1_context* ctx, - secp256k1_ecdsa_signature* sig, - const unsigned char *input, - size_t inputlen -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Serialize an ECDSA signature in DER format. - * - * Returns: 1 if enough space was available to serialize, 0 otherwise - * Args: ctx: a secp256k1 context object - * Out: output: a pointer to an array to store the DER serialization - * In/Out: outputlen: a pointer to a length integer. Initially, this integer - * should be set to the length of output. After the call - * it will be set to the length of the serialization (even - * if 0 was returned). - * In: sig: a pointer to an initialized signature object - */ -SECP256K1_API int secp256k1_ecdsa_signature_serialize_der( - const secp256k1_context* ctx, - unsigned char *output, - size_t *outputlen, - const secp256k1_ecdsa_signature* sig -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); - -/** Serialize an ECDSA signature in compact (64 byte) format. - * - * Returns: 1 - * Args: ctx: a secp256k1 context object - * Out: output64: a pointer to a 64-byte array to store the compact serialization - * In: sig: a pointer to an initialized signature object - * - * See secp256k1_ecdsa_signature_parse_compact for details about the encoding. - */ -SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact( - const secp256k1_context* ctx, - unsigned char *output64, - const secp256k1_ecdsa_signature* sig -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Verify an ECDSA signature. - * - * Returns: 1: correct signature - * 0: incorrect or unparseable signature - * Args: ctx: a secp256k1 context object, initialized for verification. - * In: sig: the signature being verified (cannot be NULL) - * msg32: the 32-byte message hash being verified (cannot be NULL) - * pubkey: pointer to an initialized public key to verify with (cannot be NULL) - * - * To avoid accepting malleable signatures, only ECDSA signatures in lower-S - * form are accepted. - * - * If you need to accept ECDSA signatures from sources that do not obey this - * rule, apply secp256k1_ecdsa_signature_normalize to the signature prior to - * validation, but be aware that doing so results in malleable signatures. - * - * For details, see the comments for that function. - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify( - const secp256k1_context* ctx, - const secp256k1_ecdsa_signature *sig, - const unsigned char *msg32, - const secp256k1_pubkey *pubkey -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); - -/** Convert a signature to a normalized lower-S form. - * - * Returns: 1 if sigin was not normalized, 0 if it already was. - * Args: ctx: a secp256k1 context object - * Out: sigout: a pointer to a signature to fill with the normalized form, - * or copy if the input was already normalized. (can be NULL if - * you're only interested in whether the input was already - * normalized). - * In: sigin: a pointer to a signature to check/normalize (cannot be NULL, - * can be identical to sigout) - * - * With ECDSA a third-party can forge a second distinct signature of the same - * message, given a single initial signature, but without knowing the key. This - * is done by negating the S value modulo the order of the curve, 'flipping' - * the sign of the random point R which is not included in the signature. - * - * Forgery of the same message isn't universally problematic, but in systems - * where message malleability or uniqueness of signatures is important this can - * cause issues. This forgery can be blocked by all verifiers forcing signers - * to use a normalized form. - * - * The lower-S form reduces the size of signatures slightly on average when - * variable length encodings (such as DER) are used and is cheap to verify, - * making it a good choice. Security of always using lower-S is assured because - * anyone can trivially modify a signature after the fact to enforce this - * property anyway. - * - * The lower S value is always between 0x1 and - * 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, - * inclusive. - * - * No other forms of ECDSA malleability are known and none seem likely, but - * there is no formal proof that ECDSA, even with this additional restriction, - * is free of other malleability. Commonly used serialization schemes will also - * accept various non-unique encodings, so care should be taken when this - * property is required for an application. - * - * The secp256k1_ecdsa_sign function will by default create signatures in the - * lower-S form, and secp256k1_ecdsa_verify will not accept others. In case - * signatures come from a system that cannot enforce this property, - * secp256k1_ecdsa_signature_normalize must be called before verification. - */ -SECP256K1_API int secp256k1_ecdsa_signature_normalize( - const secp256k1_context* ctx, - secp256k1_ecdsa_signature *sigout, - const secp256k1_ecdsa_signature *sigin -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3); - -/** An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function. - * If a data pointer is passed, it is assumed to be a pointer to 32 bytes of - * extra entropy. - */ -SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_rfc6979; - -/** A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979). */ -SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_default; - -/** Create an ECDSA signature. - * - * Returns: 1: signature created - * 0: the nonce generation function failed, or the private key was invalid. - * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) - * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) - * In: msg32: the 32-byte message hash being signed (cannot be NULL) - * seckey: pointer to a 32-byte secret key (cannot be NULL) - * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used - * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) - * - * The created signature is always in lower-S form. See - * secp256k1_ecdsa_signature_normalize for more details. - */ -SECP256K1_API int secp256k1_ecdsa_sign( - const secp256k1_context* ctx, - secp256k1_ecdsa_signature *sig, - const unsigned char *msg32, - const unsigned char *seckey, - secp256k1_nonce_function noncefp, - const void *ndata -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); - -/** Verify an ECDSA secret key. - * - * Returns: 1: secret key is valid - * 0: secret key is invalid - * Args: ctx: pointer to a context object (cannot be NULL) - * In: seckey: pointer to a 32-byte secret key (cannot be NULL) - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify( - const secp256k1_context* ctx, - const unsigned char *seckey -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); - -/** Compute the public key for a secret key. - * - * Returns: 1: secret was valid, public key stores - * 0: secret was invalid, try again - * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) - * Out: pubkey: pointer to the created public key (cannot be NULL) - * In: seckey: pointer to a 32-byte private key (cannot be NULL) - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create( - const secp256k1_context* ctx, - secp256k1_pubkey *pubkey, - const unsigned char *seckey -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Negates a private key in place. - * - * Returns: 1 always - * Args: ctx: pointer to a context object - * In/Out: seckey: pointer to the 32-byte private key to be negated (cannot be NULL) - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate( - const secp256k1_context* ctx, - unsigned char *seckey -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); - -/** Negates a public key in place. - * - * Returns: 1 always - * Args: ctx: pointer to a context object - * In/Out: pubkey: pointer to the public key to be negated (cannot be NULL) - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate( - const secp256k1_context* ctx, - secp256k1_pubkey *pubkey -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); - -/** Tweak a private key by adding tweak to it. - * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for - * uniformly random 32-byte arrays, or if the resulting private key - * would be invalid (only when the tweak is the complement of the - * private key). 1 otherwise. - * Args: ctx: pointer to a context object (cannot be NULL). - * In/Out: seckey: pointer to a 32-byte private key. - * In: tweak: pointer to a 32-byte tweak. - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add( - const secp256k1_context* ctx, - unsigned char *seckey, - const unsigned char *tweak -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Tweak a public key by adding tweak times the generator to it. - * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for - * uniformly random 32-byte arrays, or if the resulting public key - * would be invalid (only when the tweak is the complement of the - * corresponding private key). 1 otherwise. - * Args: ctx: pointer to a context object initialized for validation - * (cannot be NULL). - * In/Out: pubkey: pointer to a public key object. - * In: tweak: pointer to a 32-byte tweak. - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add( - const secp256k1_context* ctx, - secp256k1_pubkey *pubkey, - const unsigned char *tweak -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Tweak a private key by multiplying it by a tweak. - * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for - * uniformly random 32-byte arrays, or equal to zero. 1 otherwise. - * Args: ctx: pointer to a context object (cannot be NULL). - * In/Out: seckey: pointer to a 32-byte private key. - * In: tweak: pointer to a 32-byte tweak. - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul( - const secp256k1_context* ctx, - unsigned char *seckey, - const unsigned char *tweak -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Tweak a public key by multiplying it by a tweak value. - * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for - * uniformly random 32-byte arrays, or equal to zero. 1 otherwise. - * Args: ctx: pointer to a context object initialized for validation - * (cannot be NULL). - * In/Out: pubkey: pointer to a public key object. - * In: tweak: pointer to a 32-byte tweak. - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul( - const secp256k1_context* ctx, - secp256k1_pubkey *pubkey, - const unsigned char *tweak -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Updates the context randomization to protect against side-channel leakage. - * Returns: 1: randomization successfully updated or nothing to randomize - * 0: error - * Args: ctx: pointer to a context object (cannot be NULL) - * In: seed32: pointer to a 32-byte random seed (NULL resets to initial state) - * - * While secp256k1 code is written to be constant-time no matter what secret - * values are, it's possible that a future compiler may output code which isn't, - * and also that the CPU may not emit the same radio frequencies or draw the same - * amount power for all values. - * - * This function provides a seed which is combined into the blinding value: that - * blinding value is added before each multiplication (and removed afterwards) so - * that it does not affect function results, but shields against attacks which - * rely on any input-dependent behaviour. - * - * This function has currently an effect only on contexts initialized for signing - * because randomization is currently used only for signing. However, this is not - * guaranteed and may change in the future. It is safe to call this function on - * contexts not initialized for signing; then it will have no effect and return 1. - * - * You should call this after secp256k1_context_create or - * secp256k1_context_clone (and secp256k1_context_preallocated_create or - * secp256k1_context_clone, resp.), and you may call this repeatedly afterwards. - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize( - secp256k1_context* ctx, - const unsigned char *seed32 -) SECP256K1_ARG_NONNULL(1); - -/** Add a number of public keys together. - * Returns: 1: the sum of the public keys is valid. - * 0: the sum of the public keys is not valid. - * Args: ctx: pointer to a context object - * Out: out: pointer to a public key object for placing the resulting public key - * (cannot be NULL) - * In: ins: pointer to array of pointers to public keys (cannot be NULL) - * n: the number of public keys to add together (must be at least 1) - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine( - const secp256k1_context* ctx, - secp256k1_pubkey *out, - const secp256k1_pubkey * const * ins, - size_t n -) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -#ifdef __cplusplus -} -#endif - -#endif /* SECP256K1_H */ diff --git a/deps/secp256k1/include/secp256k1_ecdh.h b/deps/secp256k1/include/secp256k1_ecdh.h deleted file mode 100644 index df5fde235..000000000 --- a/deps/secp256k1/include/secp256k1_ecdh.h +++ /dev/null @@ -1,55 +0,0 @@ -#ifndef SECP256K1_ECDH_H -#define SECP256K1_ECDH_H - -#include "secp256k1.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** A pointer to a function that applies hash function to a point - * - * Returns: 1 if a point was successfully hashed. 0 will cause ecdh to fail - * Out: output: pointer to an array to be filled by the function - * In: x: pointer to a 32-byte x coordinate - * y: pointer to a 32-byte y coordinate - * data: Arbitrary data pointer that is passed through - */ -typedef int (*secp256k1_ecdh_hash_function)( - unsigned char *output, - const unsigned char *x, - const unsigned char *y, - void *data -); - -/** An implementation of SHA256 hash function that applies to compressed public key. */ -SECP256K1_API extern const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256; - -/** A default ecdh hash function (currently equal to secp256k1_ecdh_hash_function_sha256). */ -SECP256K1_API extern const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default; - -/** Compute an EC Diffie-Hellman secret in constant time - * Returns: 1: exponentiation was successful - * 0: scalar was invalid (zero or overflow) - * Args: ctx: pointer to a context object (cannot be NULL) - * Out: output: pointer to an array to be filled by the function - * In: pubkey: a pointer to a secp256k1_pubkey containing an - * initialized public key - * privkey: a 32-byte scalar with which to multiply the point - * hashfp: pointer to a hash function. If NULL, secp256k1_ecdh_hash_function_sha256 is used - * data: Arbitrary data pointer that is passed through - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh( - const secp256k1_context* ctx, - unsigned char *output, - const secp256k1_pubkey *pubkey, - const unsigned char *privkey, - secp256k1_ecdh_hash_function hashfp, - void *data -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); - -#ifdef __cplusplus -} -#endif - -#endif /* SECP256K1_ECDH_H */ diff --git a/deps/secp256k1/include/secp256k1_preallocated.h b/deps/secp256k1/include/secp256k1_preallocated.h deleted file mode 100644 index a9ae15d5a..000000000 --- a/deps/secp256k1/include/secp256k1_preallocated.h +++ /dev/null @@ -1,128 +0,0 @@ -#ifndef SECP256K1_PREALLOCATED_H -#define SECP256K1_PREALLOCATED_H - -#include "secp256k1.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* The module provided by this header file is intended for settings in which it - * is not possible or desirable to rely on dynamic memory allocation. It provides - * functions for creating, cloning, and destroying secp256k1 context objects in a - * contiguous fixed-size block of memory provided by the caller. - * - * Context objects created by functions in this module can be used like contexts - * objects created by functions in secp256k1.h, i.e., they can be passed to any - * API function that expects a context object (see secp256k1.h for details). The - * only exception is that context objects created by functions in this module - * must be destroyed using secp256k1_context_preallocated_destroy (in this - * module) instead of secp256k1_context_destroy (in secp256k1.h). - * - * It is guaranteed that functions in this module will not call malloc or its - * friends realloc, calloc, and free. - */ - -/** Determine the memory size of a secp256k1 context object to be created in - * caller-provided memory. - * - * The purpose of this function is to determine how much memory must be provided - * to secp256k1_context_preallocated_create. - * - * Returns: the required size of the caller-provided memory block - * In: flags: which parts of the context to initialize. - */ -SECP256K1_API size_t secp256k1_context_preallocated_size( - unsigned int flags -) SECP256K1_WARN_UNUSED_RESULT; - -/** Create a secp256k1 context object in caller-provided memory. - * - * The caller must provide a pointer to a rewritable contiguous block of memory - * of size at least secp256k1_context_preallocated_size(flags) bytes, suitably - * aligned to hold an object of any type. - * - * The block of memory is exclusively owned by the created context object during - * the lifetime of this context object, which begins with the call to this - * function and ends when a call to secp256k1_context_preallocated_destroy - * (which destroys the context object again) returns. During the lifetime of the - * context object, the caller is obligated not to access this block of memory, - * i.e., the caller may not read or write the memory, e.g., by copying the memory - * contents to a different location or trying to create a second context object - * in the memory. In simpler words, the prealloc pointer (or any pointer derived - * from it) should not be used during the lifetime of the context object. - * - * Returns: a newly created context object. - * In: prealloc: a pointer to a rewritable contiguous block of memory of - * size at least secp256k1_context_preallocated_size(flags) - * bytes, as detailed above (cannot be NULL) - * flags: which parts of the context to initialize. - * - * See also secp256k1_context_randomize (in secp256k1.h) - * and secp256k1_context_preallocated_destroy. - */ -SECP256K1_API secp256k1_context* secp256k1_context_preallocated_create( - void* prealloc, - unsigned int flags -) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; - -/** Determine the memory size of a secp256k1 context object to be copied into - * caller-provided memory. - * - * Returns: the required size of the caller-provided memory block. - * In: ctx: an existing context to copy (cannot be NULL) - */ -SECP256K1_API size_t secp256k1_context_preallocated_clone_size( - const secp256k1_context* ctx -) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; - -/** Copy a secp256k1 context object into caller-provided memory. - * - * The caller must provide a pointer to a rewritable contiguous block of memory - * of size at least secp256k1_context_preallocated_size(flags) bytes, suitably - * aligned to hold an object of any type. - * - * The block of memory is exclusively owned by the created context object during - * the lifetime of this context object, see the description of - * secp256k1_context_preallocated_create for details. - * - * Returns: a newly created context object. - * Args: ctx: an existing context to copy (cannot be NULL) - * In: prealloc: a pointer to a rewritable contiguous block of memory of - * size at least secp256k1_context_preallocated_size(flags) - * bytes, as detailed above (cannot be NULL) - */ -SECP256K1_API secp256k1_context* secp256k1_context_preallocated_clone( - const secp256k1_context* ctx, - void* prealloc -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_WARN_UNUSED_RESULT; - -/** Destroy a secp256k1 context object that has been created in - * caller-provided memory. - * - * The context pointer may not be used afterwards. - * - * The context to destroy must have been created using - * secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone. - * If the context has instead been created using secp256k1_context_create or - * secp256k1_context_clone, the behaviour is undefined. In that case, - * secp256k1_context_destroy must be used instead. - * - * If required, it is the responsibility of the caller to deallocate the block - * of memory properly after this function returns, e.g., by calling free on the - * preallocated pointer given to secp256k1_context_preallocated_create or - * secp256k1_context_preallocated_clone. - * - * Args: ctx: an existing context to destroy, constructed using - * secp256k1_context_preallocated_create or - * secp256k1_context_preallocated_clone (cannot be NULL) - */ -SECP256K1_API void secp256k1_context_preallocated_destroy( - secp256k1_context* ctx -); - -#ifdef __cplusplus -} -#endif - -#endif /* SECP256K1_PREALLOCATED_H */ diff --git a/deps/secp256k1/include/secp256k1_recovery.h b/deps/secp256k1/include/secp256k1_recovery.h deleted file mode 100644 index cf6c5ed7f..000000000 --- a/deps/secp256k1/include/secp256k1_recovery.h +++ /dev/null @@ -1,110 +0,0 @@ -#ifndef SECP256K1_RECOVERY_H -#define SECP256K1_RECOVERY_H - -#include "secp256k1.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** Opaque data structured that holds a parsed ECDSA signature, - * supporting pubkey recovery. - * - * The exact representation of data inside is implementation defined and not - * guaranteed to be portable between different platforms or versions. It is - * however guaranteed to be 65 bytes in size, and can be safely copied/moved. - * If you need to convert to a format suitable for storage or transmission, use - * the secp256k1_ecdsa_signature_serialize_* and - * secp256k1_ecdsa_signature_parse_* functions. - * - * Furthermore, it is guaranteed that identical signatures (including their - * recoverability) will have identical representation, so they can be - * memcmp'ed. - */ -typedef struct { - unsigned char data[65]; -} secp256k1_ecdsa_recoverable_signature; - -/** Parse a compact ECDSA signature (64 bytes + recovery id). - * - * Returns: 1 when the signature could be parsed, 0 otherwise - * Args: ctx: a secp256k1 context object - * Out: sig: a pointer to a signature object - * In: input64: a pointer to a 64-byte compact signature - * recid: the recovery id (0, 1, 2 or 3) - */ -SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact( - const secp256k1_context* ctx, - secp256k1_ecdsa_recoverable_signature* sig, - const unsigned char *input64, - int recid -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Convert a recoverable signature into a normal signature. - * - * Returns: 1 - * Out: sig: a pointer to a normal signature (cannot be NULL). - * In: sigin: a pointer to a recoverable signature (cannot be NULL). - */ -SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert( - const secp256k1_context* ctx, - secp256k1_ecdsa_signature* sig, - const secp256k1_ecdsa_recoverable_signature* sigin -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); - -/** Serialize an ECDSA signature in compact format (64 bytes + recovery id). - * - * Returns: 1 - * Args: ctx: a secp256k1 context object - * Out: output64: a pointer to a 64-byte array of the compact signature (cannot be NULL) - * recid: a pointer to an integer to hold the recovery id (can be NULL). - * In: sig: a pointer to an initialized signature object (cannot be NULL) - */ -SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact( - const secp256k1_context* ctx, - unsigned char *output64, - int *recid, - const secp256k1_ecdsa_recoverable_signature* sig -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); - -/** Create a recoverable ECDSA signature. - * - * Returns: 1: signature created - * 0: the nonce generation function failed, or the private key was invalid. - * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) - * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) - * In: msg32: the 32-byte message hash being signed (cannot be NULL) - * seckey: pointer to a 32-byte secret key (cannot be NULL) - * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used - * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) - */ -SECP256K1_API int secp256k1_ecdsa_sign_recoverable( - const secp256k1_context* ctx, - secp256k1_ecdsa_recoverable_signature *sig, - const unsigned char *msg32, - const unsigned char *seckey, - secp256k1_nonce_function noncefp, - const void *ndata -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); - -/** Recover an ECDSA public key from a signature. - * - * Returns: 1: public key successfully recovered (which guarantees a correct signature). - * 0: otherwise. - * Args: ctx: pointer to a context object, initialized for verification (cannot be NULL) - * Out: pubkey: pointer to the recovered public key (cannot be NULL) - * In: sig: pointer to initialized signature that supports pubkey recovery (cannot be NULL) - * msg32: the 32-byte message hash assumed to be signed (cannot be NULL) - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover( - const secp256k1_context* ctx, - secp256k1_pubkey *pubkey, - const secp256k1_ecdsa_recoverable_signature *sig, - const unsigned char *msg32 -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); - -#ifdef __cplusplus -} -#endif - -#endif /* SECP256K1_RECOVERY_H */ diff --git a/deps/secp256k1/libsecp256k1.pc.in b/deps/secp256k1/libsecp256k1.pc.in deleted file mode 100644 index 694e98eef..000000000 --- a/deps/secp256k1/libsecp256k1.pc.in +++ /dev/null @@ -1,13 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: libsecp256k1 -Description: Optimized C library for EC operations on curve secp256k1 -URL: https://github.com/bitcoin-core/secp256k1 -Version: @PACKAGE_VERSION@ -Cflags: -I${includedir} -Libs: -L${libdir} -lsecp256k1 -Libs.private: @SECP_LIBS@ - diff --git a/deps/secp256k1/obj/.gitignore b/deps/secp256k1/obj/.gitignore deleted file mode 100644 index e69de29bb..000000000 diff --git a/deps/secp256k1/sage/group_prover.sage b/deps/secp256k1/sage/group_prover.sage deleted file mode 100644 index 8521f0799..000000000 --- a/deps/secp256k1/sage/group_prover.sage +++ /dev/null @@ -1,322 +0,0 @@ -# This code supports verifying group implementations which have branches -# or conditional statements (like cmovs), by allowing each execution path -# to independently set assumptions on input or intermediary variables. -# -# The general approach is: -# * A constraint is a tuple of two sets of symbolic expressions: -# the first of which are required to evaluate to zero, the second of which -# are required to evaluate to nonzero. -# - A constraint is said to be conflicting if any of its nonzero expressions -# is in the ideal with basis the zero expressions (in other words: when the -# zero expressions imply that one of the nonzero expressions are zero). -# * There is a list of laws that describe the intended behaviour, including -# laws for addition and doubling. Each law is called with the symbolic point -# coordinates as arguments, and returns: -# - A constraint describing the assumptions under which it is applicable, -# called "assumeLaw" -# - A constraint describing the requirements of the law, called "require" -# * Implementations are transliterated into functions that operate as well on -# algebraic input points, and are called once per combination of branches -# executed. Each execution returns: -# - A constraint describing the assumptions this implementation requires -# (such as Z1=1), called "assumeFormula" -# - A constraint describing the assumptions this specific branch requires, -# but which is by construction guaranteed to cover the entire space by -# merging the results from all branches, called "assumeBranch" -# - The result of the computation -# * All combinations of laws with implementation branches are tried, and: -# - If the combination of assumeLaw, assumeFormula, and assumeBranch results -# in a conflict, it means this law does not apply to this branch, and it is -# skipped. -# - For others, we try to prove the require constraints hold, assuming the -# information in assumeLaw + assumeFormula + assumeBranch, and if this does -# not succeed, we fail. -# + To prove an expression is zero, we check whether it belongs to the -# ideal with the assumed zero expressions as basis. This test is exact. -# + To prove an expression is nonzero, we check whether each of its -# factors is contained in the set of nonzero assumptions' factors. -# This test is not exact, so various combinations of original and -# reduced expressions' factors are tried. -# - If we succeed, we print out the assumptions from assumeFormula that -# weren't implied by assumeLaw already. Those from assumeBranch are skipped, -# as we assume that all constraints in it are complementary with each other. -# -# Based on the sage verification scripts used in the Explicit-Formulas Database -# by Tanja Lange and others, see http://hyperelliptic.org/EFD - -class fastfrac: - """Fractions over rings.""" - - def __init__(self,R,top,bot=1): - """Construct a fractional, given a ring, a numerator, and denominator.""" - self.R = R - if parent(top) == ZZ or parent(top) == R: - self.top = R(top) - self.bot = R(bot) - elif top.__class__ == fastfrac: - self.top = top.top - self.bot = top.bot * bot - else: - self.top = R(numerator(top)) - self.bot = R(denominator(top)) * bot - - def iszero(self,I): - """Return whether this fraction is zero given an ideal.""" - return self.top in I and self.bot not in I - - def reduce(self,assumeZero): - zero = self.R.ideal(map(numerator, assumeZero)) - return fastfrac(self.R, zero.reduce(self.top)) / fastfrac(self.R, zero.reduce(self.bot)) - - def __add__(self,other): - """Add two fractions.""" - if parent(other) == ZZ: - return fastfrac(self.R,self.top + self.bot * other,self.bot) - if other.__class__ == fastfrac: - return fastfrac(self.R,self.top * other.bot + self.bot * other.top,self.bot * other.bot) - return NotImplemented - - def __sub__(self,other): - """Subtract two fractions.""" - if parent(other) == ZZ: - return fastfrac(self.R,self.top - self.bot * other,self.bot) - if other.__class__ == fastfrac: - return fastfrac(self.R,self.top * other.bot - self.bot * other.top,self.bot * other.bot) - return NotImplemented - - def __neg__(self): - """Return the negation of a fraction.""" - return fastfrac(self.R,-self.top,self.bot) - - def __mul__(self,other): - """Multiply two fractions.""" - if parent(other) == ZZ: - return fastfrac(self.R,self.top * other,self.bot) - if other.__class__ == fastfrac: - return fastfrac(self.R,self.top * other.top,self.bot * other.bot) - return NotImplemented - - def __rmul__(self,other): - """Multiply something else with a fraction.""" - return self.__mul__(other) - - def __div__(self,other): - """Divide two fractions.""" - if parent(other) == ZZ: - return fastfrac(self.R,self.top,self.bot * other) - if other.__class__ == fastfrac: - return fastfrac(self.R,self.top * other.bot,self.bot * other.top) - return NotImplemented - - def __pow__(self,other): - """Compute a power of a fraction.""" - if parent(other) == ZZ: - if other < 0: - # Negative powers require flipping top and bottom - return fastfrac(self.R,self.bot ^ (-other),self.top ^ (-other)) - else: - return fastfrac(self.R,self.top ^ other,self.bot ^ other) - return NotImplemented - - def __str__(self): - return "fastfrac((" + str(self.top) + ") / (" + str(self.bot) + "))" - def __repr__(self): - return "%s" % self - - def numerator(self): - return self.top - -class constraints: - """A set of constraints, consisting of zero and nonzero expressions. - - Constraints can either be used to express knowledge or a requirement. - - Both the fields zero and nonzero are maps from expressions to description - strings. The expressions that are the keys in zero are required to be zero, - and the expressions that are the keys in nonzero are required to be nonzero. - - Note that (a != 0) and (b != 0) is the same as (a*b != 0), so all keys in - nonzero could be multiplied into a single key. This is often much less - efficient to work with though, so we keep them separate inside the - constraints. This allows higher-level code to do fast checks on the individual - nonzero elements, or combine them if needed for stronger checks. - - We can't multiply the different zero elements, as it would suffice for one of - the factors to be zero, instead of all of them. Instead, the zero elements are - typically combined into an ideal first. - """ - - def __init__(self, **kwargs): - if 'zero' in kwargs: - self.zero = dict(kwargs['zero']) - else: - self.zero = dict() - if 'nonzero' in kwargs: - self.nonzero = dict(kwargs['nonzero']) - else: - self.nonzero = dict() - - def negate(self): - return constraints(zero=self.nonzero, nonzero=self.zero) - - def __add__(self, other): - zero = self.zero.copy() - zero.update(other.zero) - nonzero = self.nonzero.copy() - nonzero.update(other.nonzero) - return constraints(zero=zero, nonzero=nonzero) - - def __str__(self): - return "constraints(zero=%s,nonzero=%s)" % (self.zero, self.nonzero) - - def __repr__(self): - return "%s" % self - - -def conflicts(R, con): - """Check whether any of the passed non-zero assumptions is implied by the zero assumptions""" - zero = R.ideal(map(numerator, con.zero)) - if 1 in zero: - return True - # First a cheap check whether any of the individual nonzero terms conflict on - # their own. - for nonzero in con.nonzero: - if nonzero.iszero(zero): - return True - # It can be the case that entries in the nonzero set do not individually - # conflict with the zero set, but their combination does. For example, knowing - # that either x or y is zero is equivalent to having x*y in the zero set. - # Having x or y individually in the nonzero set is not a conflict, but both - # simultaneously is, so that is the right thing to check for. - if reduce(lambda a,b: a * b, con.nonzero, fastfrac(R, 1)).iszero(zero): - return True - return False - - -def get_nonzero_set(R, assume): - """Calculate a simple set of nonzero expressions""" - zero = R.ideal(map(numerator, assume.zero)) - nonzero = set() - for nz in map(numerator, assume.nonzero): - for (f,n) in nz.factor(): - nonzero.add(f) - rnz = zero.reduce(nz) - for (f,n) in rnz.factor(): - nonzero.add(f) - return nonzero - - -def prove_nonzero(R, exprs, assume): - """Check whether an expression is provably nonzero, given assumptions""" - zero = R.ideal(map(numerator, assume.zero)) - nonzero = get_nonzero_set(R, assume) - expl = set() - ok = True - for expr in exprs: - if numerator(expr) in zero: - return (False, [exprs[expr]]) - allexprs = reduce(lambda a,b: numerator(a)*numerator(b), exprs, 1) - for (f, n) in allexprs.factor(): - if f not in nonzero: - ok = False - if ok: - return (True, None) - ok = True - for (f, n) in zero.reduce(numerator(allexprs)).factor(): - if f not in nonzero: - ok = False - if ok: - return (True, None) - ok = True - for expr in exprs: - for (f,n) in numerator(expr).factor(): - if f not in nonzero: - ok = False - if ok: - return (True, None) - ok = True - for expr in exprs: - for (f,n) in zero.reduce(numerator(expr)).factor(): - if f not in nonzero: - expl.add(exprs[expr]) - if expl: - return (False, list(expl)) - else: - return (True, None) - - -def prove_zero(R, exprs, assume): - """Check whether all of the passed expressions are provably zero, given assumptions""" - r, e = prove_nonzero(R, dict(map(lambda x: (fastfrac(R, x.bot, 1), exprs[x]), exprs)), assume) - if not r: - return (False, map(lambda x: "Possibly zero denominator: %s" % x, e)) - zero = R.ideal(map(numerator, assume.zero)) - nonzero = prod(x for x in assume.nonzero) - expl = [] - for expr in exprs: - if not expr.iszero(zero): - expl.append(exprs[expr]) - if not expl: - return (True, None) - return (False, expl) - - -def describe_extra(R, assume, assumeExtra): - """Describe what assumptions are added, given existing assumptions""" - zerox = assume.zero.copy() - zerox.update(assumeExtra.zero) - zero = R.ideal(map(numerator, assume.zero)) - zeroextra = R.ideal(map(numerator, zerox)) - nonzero = get_nonzero_set(R, assume) - ret = set() - # Iterate over the extra zero expressions - for base in assumeExtra.zero: - if base not in zero: - add = [] - for (f, n) in numerator(base).factor(): - if f not in nonzero: - add += ["%s" % f] - if add: - ret.add((" * ".join(add)) + " = 0 [%s]" % assumeExtra.zero[base]) - # Iterate over the extra nonzero expressions - for nz in assumeExtra.nonzero: - nzr = zeroextra.reduce(numerator(nz)) - if nzr not in zeroextra: - for (f,n) in nzr.factor(): - if zeroextra.reduce(f) not in nonzero: - ret.add("%s != 0" % zeroextra.reduce(f)) - return ", ".join(x for x in ret) - - -def check_symbolic(R, assumeLaw, assumeAssert, assumeBranch, require): - """Check a set of zero and nonzero requirements, given a set of zero and nonzero assumptions""" - assume = assumeLaw + assumeAssert + assumeBranch - - if conflicts(R, assume): - # This formula does not apply - return None - - describe = describe_extra(R, assumeLaw + assumeBranch, assumeAssert) - - ok, msg = prove_zero(R, require.zero, assume) - if not ok: - return "FAIL, %s fails (assuming %s)" % (str(msg), describe) - - res, expl = prove_nonzero(R, require.nonzero, assume) - if not res: - return "FAIL, %s fails (assuming %s)" % (str(expl), describe) - - if describe != "": - return "OK (assuming %s)" % describe - else: - return "OK" - - -def concrete_verify(c): - for k in c.zero: - if k != 0: - return (False, c.zero[k]) - for k in c.nonzero: - if k == 0: - return (False, c.nonzero[k]) - return (True, None) diff --git a/deps/secp256k1/sage/secp256k1.sage b/deps/secp256k1/sage/secp256k1.sage deleted file mode 100644 index a97e732f7..000000000 --- a/deps/secp256k1/sage/secp256k1.sage +++ /dev/null @@ -1,306 +0,0 @@ -# Test libsecp256k1' group operation implementations using prover.sage - -import sys - -load("group_prover.sage") -load("weierstrass_prover.sage") - -def formula_secp256k1_gej_double_var(a): - """libsecp256k1's secp256k1_gej_double_var, used by various addition functions""" - rz = a.Z * a.Y - rz = rz * 2 - t1 = a.X^2 - t1 = t1 * 3 - t2 = t1^2 - t3 = a.Y^2 - t3 = t3 * 2 - t4 = t3^2 - t4 = t4 * 2 - t3 = t3 * a.X - rx = t3 - rx = rx * 4 - rx = -rx - rx = rx + t2 - t2 = -t2 - t3 = t3 * 6 - t3 = t3 + t2 - ry = t1 * t3 - t2 = -t4 - ry = ry + t2 - return jacobianpoint(rx, ry, rz) - -def formula_secp256k1_gej_add_var(branch, a, b): - """libsecp256k1's secp256k1_gej_add_var""" - if branch == 0: - return (constraints(), constraints(nonzero={a.Infinity : 'a_infinite'}), b) - if branch == 1: - return (constraints(), constraints(zero={a.Infinity : 'a_finite'}, nonzero={b.Infinity : 'b_infinite'}), a) - z22 = b.Z^2 - z12 = a.Z^2 - u1 = a.X * z22 - u2 = b.X * z12 - s1 = a.Y * z22 - s1 = s1 * b.Z - s2 = b.Y * z12 - s2 = s2 * a.Z - h = -u1 - h = h + u2 - i = -s1 - i = i + s2 - if branch == 2: - r = formula_secp256k1_gej_double_var(a) - return (constraints(), constraints(zero={h : 'h=0', i : 'i=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}), r) - if branch == 3: - return (constraints(), constraints(zero={h : 'h=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={i : 'i!=0'}), point_at_infinity()) - i2 = i^2 - h2 = h^2 - h3 = h2 * h - h = h * b.Z - rz = a.Z * h - t = u1 * h2 - rx = t - rx = rx * 2 - rx = rx + h3 - rx = -rx - rx = rx + i2 - ry = -rx - ry = ry + t - ry = ry * i - h3 = h3 * s1 - h3 = -h3 - ry = ry + h3 - return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) - -def formula_secp256k1_gej_add_ge_var(branch, a, b): - """libsecp256k1's secp256k1_gej_add_ge_var, which assume bz==1""" - if branch == 0: - return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(nonzero={a.Infinity : 'a_infinite'}), b) - if branch == 1: - return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite'}, nonzero={b.Infinity : 'b_infinite'}), a) - z12 = a.Z^2 - u1 = a.X - u2 = b.X * z12 - s1 = a.Y - s2 = b.Y * z12 - s2 = s2 * a.Z - h = -u1 - h = h + u2 - i = -s1 - i = i + s2 - if (branch == 2): - r = formula_secp256k1_gej_double_var(a) - return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r) - if (branch == 3): - return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity()) - i2 = i^2 - h2 = h^2 - h3 = h * h2 - rz = a.Z * h - t = u1 * h2 - rx = t - rx = rx * 2 - rx = rx + h3 - rx = -rx - rx = rx + i2 - ry = -rx - ry = ry + t - ry = ry * i - h3 = h3 * s1 - h3 = -h3 - ry = ry + h3 - return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) - -def formula_secp256k1_gej_add_zinv_var(branch, a, b): - """libsecp256k1's secp256k1_gej_add_zinv_var""" - bzinv = b.Z^(-1) - if branch == 0: - return (constraints(), constraints(nonzero={b.Infinity : 'b_infinite'}), a) - if branch == 1: - bzinv2 = bzinv^2 - bzinv3 = bzinv2 * bzinv - rx = b.X * bzinv2 - ry = b.Y * bzinv3 - rz = 1 - return (constraints(), constraints(zero={b.Infinity : 'b_finite'}, nonzero={a.Infinity : 'a_infinite'}), jacobianpoint(rx, ry, rz)) - azz = a.Z * bzinv - z12 = azz^2 - u1 = a.X - u2 = b.X * z12 - s1 = a.Y - s2 = b.Y * z12 - s2 = s2 * azz - h = -u1 - h = h + u2 - i = -s1 - i = i + s2 - if branch == 2: - r = formula_secp256k1_gej_double_var(a) - return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r) - if branch == 3: - return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity()) - i2 = i^2 - h2 = h^2 - h3 = h * h2 - rz = a.Z - rz = rz * h - t = u1 * h2 - rx = t - rx = rx * 2 - rx = rx + h3 - rx = -rx - rx = rx + i2 - ry = -rx - ry = ry + t - ry = ry * i - h3 = h3 * s1 - h3 = -h3 - ry = ry + h3 - return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) - -def formula_secp256k1_gej_add_ge(branch, a, b): - """libsecp256k1's secp256k1_gej_add_ge""" - zeroes = {} - nonzeroes = {} - a_infinity = False - if (branch & 4) != 0: - nonzeroes.update({a.Infinity : 'a_infinite'}) - a_infinity = True - else: - zeroes.update({a.Infinity : 'a_finite'}) - zz = a.Z^2 - u1 = a.X - u2 = b.X * zz - s1 = a.Y - s2 = b.Y * zz - s2 = s2 * a.Z - t = u1 - t = t + u2 - m = s1 - m = m + s2 - rr = t^2 - m_alt = -u2 - tt = u1 * m_alt - rr = rr + tt - degenerate = (branch & 3) == 3 - if (branch & 1) != 0: - zeroes.update({m : 'm_zero'}) - else: - nonzeroes.update({m : 'm_nonzero'}) - if (branch & 2) != 0: - zeroes.update({rr : 'rr_zero'}) - else: - nonzeroes.update({rr : 'rr_nonzero'}) - rr_alt = s1 - rr_alt = rr_alt * 2 - m_alt = m_alt + u1 - if not degenerate: - rr_alt = rr - m_alt = m - n = m_alt^2 - q = n * t - n = n^2 - if degenerate: - n = m - t = rr_alt^2 - rz = a.Z * m_alt - infinity = False - if (branch & 8) != 0: - if not a_infinity: - infinity = True - zeroes.update({rz : 'r.z=0'}) - else: - nonzeroes.update({rz : 'r.z!=0'}) - rz = rz * 2 - q = -q - t = t + q - rx = t - t = t * 2 - t = t + q - t = t * rr_alt - t = t + n - ry = -t - rx = rx * 4 - ry = ry * 4 - if a_infinity: - rx = b.X - ry = b.Y - rz = 1 - if infinity: - return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zeroes, nonzero=nonzeroes), point_at_infinity()) - return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zeroes, nonzero=nonzeroes), jacobianpoint(rx, ry, rz)) - -def formula_secp256k1_gej_add_ge_old(branch, a, b): - """libsecp256k1's old secp256k1_gej_add_ge, which fails when ay+by=0 but ax!=bx""" - a_infinity = (branch & 1) != 0 - zero = {} - nonzero = {} - if a_infinity: - nonzero.update({a.Infinity : 'a_infinite'}) - else: - zero.update({a.Infinity : 'a_finite'}) - zz = a.Z^2 - u1 = a.X - u2 = b.X * zz - s1 = a.Y - s2 = b.Y * zz - s2 = s2 * a.Z - z = a.Z - t = u1 - t = t + u2 - m = s1 - m = m + s2 - n = m^2 - q = n * t - n = n^2 - rr = t^2 - t = u1 * u2 - t = -t - rr = rr + t - t = rr^2 - rz = m * z - infinity = False - if (branch & 2) != 0: - if not a_infinity: - infinity = True - else: - return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(nonzero={z : 'conflict_a'}, zero={z : 'conflict_b'}), point_at_infinity()) - zero.update({rz : 'r.z=0'}) - else: - nonzero.update({rz : 'r.z!=0'}) - rz = rz * (0 if a_infinity else 2) - rx = t - q = -q - rx = rx + q - q = q * 3 - t = t * 2 - t = t + q - t = t * rr - t = t + n - ry = -t - rx = rx * (0 if a_infinity else 4) - ry = ry * (0 if a_infinity else 4) - t = b.X - t = t * (1 if a_infinity else 0) - rx = rx + t - t = b.Y - t = t * (1 if a_infinity else 0) - ry = ry + t - t = (1 if a_infinity else 0) - rz = rz + t - if infinity: - return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zero, nonzero=nonzero), point_at_infinity()) - return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zero, nonzero=nonzero), jacobianpoint(rx, ry, rz)) - -if __name__ == "__main__": - check_symbolic_jacobian_weierstrass("secp256k1_gej_add_var", 0, 7, 5, formula_secp256k1_gej_add_var) - check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge_var", 0, 7, 5, formula_secp256k1_gej_add_ge_var) - check_symbolic_jacobian_weierstrass("secp256k1_gej_add_zinv_var", 0, 7, 5, formula_secp256k1_gej_add_zinv_var) - check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge", 0, 7, 16, formula_secp256k1_gej_add_ge) - check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge_old [should fail]", 0, 7, 4, formula_secp256k1_gej_add_ge_old) - - if len(sys.argv) >= 2 and sys.argv[1] == "--exhaustive": - check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_var", 0, 7, 5, formula_secp256k1_gej_add_var, 43) - check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge_var", 0, 7, 5, formula_secp256k1_gej_add_ge_var, 43) - check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_zinv_var", 0, 7, 5, formula_secp256k1_gej_add_zinv_var, 43) - check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge", 0, 7, 16, formula_secp256k1_gej_add_ge, 43) - check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge_old [should fail]", 0, 7, 4, formula_secp256k1_gej_add_ge_old, 43) diff --git a/deps/secp256k1/sage/weierstrass_prover.sage b/deps/secp256k1/sage/weierstrass_prover.sage deleted file mode 100644 index 03ef2ec90..000000000 --- a/deps/secp256k1/sage/weierstrass_prover.sage +++ /dev/null @@ -1,264 +0,0 @@ -# Prover implementation for Weierstrass curves of the form -# y^2 = x^3 + A * x + B, specifically with a = 0 and b = 7, with group laws -# operating on affine and Jacobian coordinates, including the point at infinity -# represented by a 4th variable in coordinates. - -load("group_prover.sage") - - -class affinepoint: - def __init__(self, x, y, infinity=0): - self.x = x - self.y = y - self.infinity = infinity - def __str__(self): - return "affinepoint(x=%s,y=%s,inf=%s)" % (self.x, self.y, self.infinity) - - -class jacobianpoint: - def __init__(self, x, y, z, infinity=0): - self.X = x - self.Y = y - self.Z = z - self.Infinity = infinity - def __str__(self): - return "jacobianpoint(X=%s,Y=%s,Z=%s,inf=%s)" % (self.X, self.Y, self.Z, self.Infinity) - - -def point_at_infinity(): - return jacobianpoint(1, 1, 1, 1) - - -def negate(p): - if p.__class__ == affinepoint: - return affinepoint(p.x, -p.y) - if p.__class__ == jacobianpoint: - return jacobianpoint(p.X, -p.Y, p.Z) - assert(False) - - -def on_weierstrass_curve(A, B, p): - """Return a set of zero-expressions for an affine point to be on the curve""" - return constraints(zero={p.x^3 + A*p.x + B - p.y^2: 'on_curve'}) - - -def tangential_to_weierstrass_curve(A, B, p12, p3): - """Return a set of zero-expressions for ((x12,y12),(x3,y3)) to be a line that is tangential to the curve at (x12,y12)""" - return constraints(zero={ - (p12.y - p3.y) * (p12.y * 2) - (p12.x^2 * 3 + A) * (p12.x - p3.x): 'tangential_to_curve' - }) - - -def colinear(p1, p2, p3): - """Return a set of zero-expressions for ((x1,y1),(x2,y2),(x3,y3)) to be collinear""" - return constraints(zero={ - (p1.y - p2.y) * (p1.x - p3.x) - (p1.y - p3.y) * (p1.x - p2.x): 'colinear_1', - (p2.y - p3.y) * (p2.x - p1.x) - (p2.y - p1.y) * (p2.x - p3.x): 'colinear_2', - (p3.y - p1.y) * (p3.x - p2.x) - (p3.y - p2.y) * (p3.x - p1.x): 'colinear_3' - }) - - -def good_affine_point(p): - return constraints(nonzero={p.x : 'nonzero_x', p.y : 'nonzero_y'}) - - -def good_jacobian_point(p): - return constraints(nonzero={p.X : 'nonzero_X', p.Y : 'nonzero_Y', p.Z^6 : 'nonzero_Z'}) - - -def good_point(p): - return constraints(nonzero={p.Z^6 : 'nonzero_X'}) - - -def finite(p, *affine_fns): - con = good_point(p) + constraints(zero={p.Infinity : 'finite_point'}) - if p.Z != 0: - return con + reduce(lambda a, b: a + b, (f(affinepoint(p.X / p.Z^2, p.Y / p.Z^3)) for f in affine_fns), con) - else: - return con - -def infinite(p): - return constraints(nonzero={p.Infinity : 'infinite_point'}) - - -def law_jacobian_weierstrass_add(A, B, pa, pb, pA, pB, pC): - """Check whether the passed set of coordinates is a valid Jacobian add, given assumptions""" - assumeLaw = (good_affine_point(pa) + - good_affine_point(pb) + - good_jacobian_point(pA) + - good_jacobian_point(pB) + - on_weierstrass_curve(A, B, pa) + - on_weierstrass_curve(A, B, pb) + - finite(pA) + - finite(pB) + - constraints(nonzero={pa.x - pb.x : 'different_x'})) - require = (finite(pC, lambda pc: on_weierstrass_curve(A, B, pc) + - colinear(pa, pb, negate(pc)))) - return (assumeLaw, require) - - -def law_jacobian_weierstrass_double(A, B, pa, pb, pA, pB, pC): - """Check whether the passed set of coordinates is a valid Jacobian doubling, given assumptions""" - assumeLaw = (good_affine_point(pa) + - good_affine_point(pb) + - good_jacobian_point(pA) + - good_jacobian_point(pB) + - on_weierstrass_curve(A, B, pa) + - on_weierstrass_curve(A, B, pb) + - finite(pA) + - finite(pB) + - constraints(zero={pa.x - pb.x : 'equal_x', pa.y - pb.y : 'equal_y'})) - require = (finite(pC, lambda pc: on_weierstrass_curve(A, B, pc) + - tangential_to_weierstrass_curve(A, B, pa, negate(pc)))) - return (assumeLaw, require) - - -def law_jacobian_weierstrass_add_opposites(A, B, pa, pb, pA, pB, pC): - assumeLaw = (good_affine_point(pa) + - good_affine_point(pb) + - good_jacobian_point(pA) + - good_jacobian_point(pB) + - on_weierstrass_curve(A, B, pa) + - on_weierstrass_curve(A, B, pb) + - finite(pA) + - finite(pB) + - constraints(zero={pa.x - pb.x : 'equal_x', pa.y + pb.y : 'opposite_y'})) - require = infinite(pC) - return (assumeLaw, require) - - -def law_jacobian_weierstrass_add_infinite_a(A, B, pa, pb, pA, pB, pC): - assumeLaw = (good_affine_point(pa) + - good_affine_point(pb) + - good_jacobian_point(pA) + - good_jacobian_point(pB) + - on_weierstrass_curve(A, B, pb) + - infinite(pA) + - finite(pB)) - require = finite(pC, lambda pc: constraints(zero={pc.x - pb.x : 'c.x=b.x', pc.y - pb.y : 'c.y=b.y'})) - return (assumeLaw, require) - - -def law_jacobian_weierstrass_add_infinite_b(A, B, pa, pb, pA, pB, pC): - assumeLaw = (good_affine_point(pa) + - good_affine_point(pb) + - good_jacobian_point(pA) + - good_jacobian_point(pB) + - on_weierstrass_curve(A, B, pa) + - infinite(pB) + - finite(pA)) - require = finite(pC, lambda pc: constraints(zero={pc.x - pa.x : 'c.x=a.x', pc.y - pa.y : 'c.y=a.y'})) - return (assumeLaw, require) - - -def law_jacobian_weierstrass_add_infinite_ab(A, B, pa, pb, pA, pB, pC): - assumeLaw = (good_affine_point(pa) + - good_affine_point(pb) + - good_jacobian_point(pA) + - good_jacobian_point(pB) + - infinite(pA) + - infinite(pB)) - require = infinite(pC) - return (assumeLaw, require) - - -laws_jacobian_weierstrass = { - 'add': law_jacobian_weierstrass_add, - 'double': law_jacobian_weierstrass_double, - 'add_opposite': law_jacobian_weierstrass_add_opposites, - 'add_infinite_a': law_jacobian_weierstrass_add_infinite_a, - 'add_infinite_b': law_jacobian_weierstrass_add_infinite_b, - 'add_infinite_ab': law_jacobian_weierstrass_add_infinite_ab -} - - -def check_exhaustive_jacobian_weierstrass(name, A, B, branches, formula, p): - """Verify an implementation of addition of Jacobian points on a Weierstrass curve, by executing and validating the result for every possible addition in a prime field""" - F = Integers(p) - print "Formula %s on Z%i:" % (name, p) - points = [] - for x in xrange(0, p): - for y in xrange(0, p): - point = affinepoint(F(x), F(y)) - r, e = concrete_verify(on_weierstrass_curve(A, B, point)) - if r: - points.append(point) - - for za in xrange(1, p): - for zb in xrange(1, p): - for pa in points: - for pb in points: - for ia in xrange(2): - for ib in xrange(2): - pA = jacobianpoint(pa.x * F(za)^2, pa.y * F(za)^3, F(za), ia) - pB = jacobianpoint(pb.x * F(zb)^2, pb.y * F(zb)^3, F(zb), ib) - for branch in xrange(0, branches): - assumeAssert, assumeBranch, pC = formula(branch, pA, pB) - pC.X = F(pC.X) - pC.Y = F(pC.Y) - pC.Z = F(pC.Z) - pC.Infinity = F(pC.Infinity) - r, e = concrete_verify(assumeAssert + assumeBranch) - if r: - match = False - for key in laws_jacobian_weierstrass: - assumeLaw, require = laws_jacobian_weierstrass[key](A, B, pa, pb, pA, pB, pC) - r, e = concrete_verify(assumeLaw) - if r: - if match: - print " multiple branches for (%s,%s,%s,%s) + (%s,%s,%s,%s)" % (pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity) - else: - match = True - r, e = concrete_verify(require) - if not r: - print " failure in branch %i for (%s,%s,%s,%s) + (%s,%s,%s,%s) = (%s,%s,%s,%s): %s" % (branch, pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity, pC.X, pC.Y, pC.Z, pC.Infinity, e) - print - - -def check_symbolic_function(R, assumeAssert, assumeBranch, f, A, B, pa, pb, pA, pB, pC): - assumeLaw, require = f(A, B, pa, pb, pA, pB, pC) - return check_symbolic(R, assumeLaw, assumeAssert, assumeBranch, require) - -def check_symbolic_jacobian_weierstrass(name, A, B, branches, formula): - """Verify an implementation of addition of Jacobian points on a Weierstrass curve symbolically""" - R. = PolynomialRing(QQ,8,order='invlex') - lift = lambda x: fastfrac(R,x) - ax = lift(ax) - ay = lift(ay) - Az = lift(Az) - bx = lift(bx) - by = lift(by) - Bz = lift(Bz) - Ai = lift(Ai) - Bi = lift(Bi) - - pa = affinepoint(ax, ay, Ai) - pb = affinepoint(bx, by, Bi) - pA = jacobianpoint(ax * Az^2, ay * Az^3, Az, Ai) - pB = jacobianpoint(bx * Bz^2, by * Bz^3, Bz, Bi) - - res = {} - - for key in laws_jacobian_weierstrass: - res[key] = [] - - print ("Formula " + name + ":") - count = 0 - for branch in xrange(branches): - assumeFormula, assumeBranch, pC = formula(branch, pA, pB) - pC.X = lift(pC.X) - pC.Y = lift(pC.Y) - pC.Z = lift(pC.Z) - pC.Infinity = lift(pC.Infinity) - - for key in laws_jacobian_weierstrass: - res[key].append((check_symbolic_function(R, assumeFormula, assumeBranch, laws_jacobian_weierstrass[key], A, B, pa, pb, pA, pB, pC), branch)) - - for key in res: - print " %s:" % key - val = res[key] - for x in val: - if x[0] is not None: - print " branch %i: %s" % (x[1], x[0]) - - print diff --git a/deps/secp256k1/src/asm/field_10x26_arm.s b/deps/secp256k1/src/asm/field_10x26_arm.s deleted file mode 100644 index 9a5bd0672..000000000 --- a/deps/secp256k1/src/asm/field_10x26_arm.s +++ /dev/null @@ -1,913 +0,0 @@ -@ vim: set tabstop=8 softtabstop=8 shiftwidth=8 noexpandtab syntax=armasm: -/********************************************************************** - * Copyright (c) 2014 Wladimir J. van der Laan * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ -/* -ARM implementation of field_10x26 inner loops. - -Note: - -- To avoid unnecessary loads and make use of available registers, two - 'passes' have every time been interleaved, with the odd passes accumulating c' and d' - which will be added to c and d respectively in the even passes - -*/ - - .syntax unified - @ eabi attributes - see readelf -A - .eabi_attribute 24, 1 @ Tag_ABI_align_needed = 8-byte - .eabi_attribute 25, 1 @ Tag_ABI_align_preserved = 8-byte, except leaf SP - .text - - @ Field constants - .set field_R0, 0x3d10 - .set field_R1, 0x400 - .set field_not_M, 0xfc000000 @ ~M = ~0x3ffffff - - .align 2 - .global secp256k1_fe_mul_inner - .type secp256k1_fe_mul_inner, %function - @ Arguments: - @ r0 r Restrict: can overlap with a, not with b - @ r1 a - @ r2 b - @ Stack (total 4+10*4 = 44) - @ sp + #0 saved 'r' pointer - @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 -secp256k1_fe_mul_inner: - stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} - sub sp, sp, #48 @ frame=44 + alignment - str r0, [sp, #0] @ save result address, we need it only at the end - - /****************************************** - * Main computation code. - ****************************************** - - Allocation: - r0,r14,r7,r8 scratch - r1 a (pointer) - r2 b (pointer) - r3:r4 c - r5:r6 d - r11:r12 c' - r9:r10 d' - - Note: do not write to r[] here, it may overlap with a[] - */ - - /* A - interleaved with B */ - ldr r7, [r1, #0*4] @ a[0] - ldr r8, [r2, #9*4] @ b[9] - ldr r0, [r1, #1*4] @ a[1] - umull r5, r6, r7, r8 @ d = a[0] * b[9] - ldr r14, [r2, #8*4] @ b[8] - umull r9, r10, r0, r8 @ d' = a[1] * b[9] - ldr r7, [r1, #2*4] @ a[2] - umlal r5, r6, r0, r14 @ d += a[1] * b[8] - ldr r8, [r2, #7*4] @ b[7] - umlal r9, r10, r7, r14 @ d' += a[2] * b[8] - ldr r0, [r1, #3*4] @ a[3] - umlal r5, r6, r7, r8 @ d += a[2] * b[7] - ldr r14, [r2, #6*4] @ b[6] - umlal r9, r10, r0, r8 @ d' += a[3] * b[7] - ldr r7, [r1, #4*4] @ a[4] - umlal r5, r6, r0, r14 @ d += a[3] * b[6] - ldr r8, [r2, #5*4] @ b[5] - umlal r9, r10, r7, r14 @ d' += a[4] * b[6] - ldr r0, [r1, #5*4] @ a[5] - umlal r5, r6, r7, r8 @ d += a[4] * b[5] - ldr r14, [r2, #4*4] @ b[4] - umlal r9, r10, r0, r8 @ d' += a[5] * b[5] - ldr r7, [r1, #6*4] @ a[6] - umlal r5, r6, r0, r14 @ d += a[5] * b[4] - ldr r8, [r2, #3*4] @ b[3] - umlal r9, r10, r7, r14 @ d' += a[6] * b[4] - ldr r0, [r1, #7*4] @ a[7] - umlal r5, r6, r7, r8 @ d += a[6] * b[3] - ldr r14, [r2, #2*4] @ b[2] - umlal r9, r10, r0, r8 @ d' += a[7] * b[3] - ldr r7, [r1, #8*4] @ a[8] - umlal r5, r6, r0, r14 @ d += a[7] * b[2] - ldr r8, [r2, #1*4] @ b[1] - umlal r9, r10, r7, r14 @ d' += a[8] * b[2] - ldr r0, [r1, #9*4] @ a[9] - umlal r5, r6, r7, r8 @ d += a[8] * b[1] - ldr r14, [r2, #0*4] @ b[0] - umlal r9, r10, r0, r8 @ d' += a[9] * b[1] - ldr r7, [r1, #0*4] @ a[0] - umlal r5, r6, r0, r14 @ d += a[9] * b[0] - @ r7,r14 used in B - - bic r0, r5, field_not_M @ t9 = d & M - str r0, [sp, #4 + 4*9] - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - - /* B */ - umull r3, r4, r7, r14 @ c = a[0] * b[0] - adds r5, r5, r9 @ d += d' - adc r6, r6, r10 - - bic r0, r5, field_not_M @ u0 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u0 * R0 - umlal r3, r4, r0, r14 - - bic r14, r3, field_not_M @ t0 = c & M - str r14, [sp, #4 + 0*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u0 * R1 - umlal r3, r4, r0, r14 - - /* C - interleaved with D */ - ldr r7, [r1, #0*4] @ a[0] - ldr r8, [r2, #2*4] @ b[2] - ldr r14, [r2, #1*4] @ b[1] - umull r11, r12, r7, r8 @ c' = a[0] * b[2] - ldr r0, [r1, #1*4] @ a[1] - umlal r3, r4, r7, r14 @ c += a[0] * b[1] - ldr r8, [r2, #0*4] @ b[0] - umlal r11, r12, r0, r14 @ c' += a[1] * b[1] - ldr r7, [r1, #2*4] @ a[2] - umlal r3, r4, r0, r8 @ c += a[1] * b[0] - ldr r14, [r2, #9*4] @ b[9] - umlal r11, r12, r7, r8 @ c' += a[2] * b[0] - ldr r0, [r1, #3*4] @ a[3] - umlal r5, r6, r7, r14 @ d += a[2] * b[9] - ldr r8, [r2, #8*4] @ b[8] - umull r9, r10, r0, r14 @ d' = a[3] * b[9] - ldr r7, [r1, #4*4] @ a[4] - umlal r5, r6, r0, r8 @ d += a[3] * b[8] - ldr r14, [r2, #7*4] @ b[7] - umlal r9, r10, r7, r8 @ d' += a[4] * b[8] - ldr r0, [r1, #5*4] @ a[5] - umlal r5, r6, r7, r14 @ d += a[4] * b[7] - ldr r8, [r2, #6*4] @ b[6] - umlal r9, r10, r0, r14 @ d' += a[5] * b[7] - ldr r7, [r1, #6*4] @ a[6] - umlal r5, r6, r0, r8 @ d += a[5] * b[6] - ldr r14, [r2, #5*4] @ b[5] - umlal r9, r10, r7, r8 @ d' += a[6] * b[6] - ldr r0, [r1, #7*4] @ a[7] - umlal r5, r6, r7, r14 @ d += a[6] * b[5] - ldr r8, [r2, #4*4] @ b[4] - umlal r9, r10, r0, r14 @ d' += a[7] * b[5] - ldr r7, [r1, #8*4] @ a[8] - umlal r5, r6, r0, r8 @ d += a[7] * b[4] - ldr r14, [r2, #3*4] @ b[3] - umlal r9, r10, r7, r8 @ d' += a[8] * b[4] - ldr r0, [r1, #9*4] @ a[9] - umlal r5, r6, r7, r14 @ d += a[8] * b[3] - ldr r8, [r2, #2*4] @ b[2] - umlal r9, r10, r0, r14 @ d' += a[9] * b[3] - umlal r5, r6, r0, r8 @ d += a[9] * b[2] - - bic r0, r5, field_not_M @ u1 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u1 * R0 - umlal r3, r4, r0, r14 - - bic r14, r3, field_not_M @ t1 = c & M - str r14, [sp, #4 + 1*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u1 * R1 - umlal r3, r4, r0, r14 - - /* D */ - adds r3, r3, r11 @ c += c' - adc r4, r4, r12 - adds r5, r5, r9 @ d += d' - adc r6, r6, r10 - - bic r0, r5, field_not_M @ u2 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u2 * R0 - umlal r3, r4, r0, r14 - - bic r14, r3, field_not_M @ t2 = c & M - str r14, [sp, #4 + 2*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u2 * R1 - umlal r3, r4, r0, r14 - - /* E - interleaved with F */ - ldr r7, [r1, #0*4] @ a[0] - ldr r8, [r2, #4*4] @ b[4] - umull r11, r12, r7, r8 @ c' = a[0] * b[4] - ldr r8, [r2, #3*4] @ b[3] - umlal r3, r4, r7, r8 @ c += a[0] * b[3] - ldr r7, [r1, #1*4] @ a[1] - umlal r11, r12, r7, r8 @ c' += a[1] * b[3] - ldr r8, [r2, #2*4] @ b[2] - umlal r3, r4, r7, r8 @ c += a[1] * b[2] - ldr r7, [r1, #2*4] @ a[2] - umlal r11, r12, r7, r8 @ c' += a[2] * b[2] - ldr r8, [r2, #1*4] @ b[1] - umlal r3, r4, r7, r8 @ c += a[2] * b[1] - ldr r7, [r1, #3*4] @ a[3] - umlal r11, r12, r7, r8 @ c' += a[3] * b[1] - ldr r8, [r2, #0*4] @ b[0] - umlal r3, r4, r7, r8 @ c += a[3] * b[0] - ldr r7, [r1, #4*4] @ a[4] - umlal r11, r12, r7, r8 @ c' += a[4] * b[0] - ldr r8, [r2, #9*4] @ b[9] - umlal r5, r6, r7, r8 @ d += a[4] * b[9] - ldr r7, [r1, #5*4] @ a[5] - umull r9, r10, r7, r8 @ d' = a[5] * b[9] - ldr r8, [r2, #8*4] @ b[8] - umlal r5, r6, r7, r8 @ d += a[5] * b[8] - ldr r7, [r1, #6*4] @ a[6] - umlal r9, r10, r7, r8 @ d' += a[6] * b[8] - ldr r8, [r2, #7*4] @ b[7] - umlal r5, r6, r7, r8 @ d += a[6] * b[7] - ldr r7, [r1, #7*4] @ a[7] - umlal r9, r10, r7, r8 @ d' += a[7] * b[7] - ldr r8, [r2, #6*4] @ b[6] - umlal r5, r6, r7, r8 @ d += a[7] * b[6] - ldr r7, [r1, #8*4] @ a[8] - umlal r9, r10, r7, r8 @ d' += a[8] * b[6] - ldr r8, [r2, #5*4] @ b[5] - umlal r5, r6, r7, r8 @ d += a[8] * b[5] - ldr r7, [r1, #9*4] @ a[9] - umlal r9, r10, r7, r8 @ d' += a[9] * b[5] - ldr r8, [r2, #4*4] @ b[4] - umlal r5, r6, r7, r8 @ d += a[9] * b[4] - - bic r0, r5, field_not_M @ u3 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u3 * R0 - umlal r3, r4, r0, r14 - - bic r14, r3, field_not_M @ t3 = c & M - str r14, [sp, #4 + 3*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u3 * R1 - umlal r3, r4, r0, r14 - - /* F */ - adds r3, r3, r11 @ c += c' - adc r4, r4, r12 - adds r5, r5, r9 @ d += d' - adc r6, r6, r10 - - bic r0, r5, field_not_M @ u4 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u4 * R0 - umlal r3, r4, r0, r14 - - bic r14, r3, field_not_M @ t4 = c & M - str r14, [sp, #4 + 4*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u4 * R1 - umlal r3, r4, r0, r14 - - /* G - interleaved with H */ - ldr r7, [r1, #0*4] @ a[0] - ldr r8, [r2, #6*4] @ b[6] - ldr r14, [r2, #5*4] @ b[5] - umull r11, r12, r7, r8 @ c' = a[0] * b[6] - ldr r0, [r1, #1*4] @ a[1] - umlal r3, r4, r7, r14 @ c += a[0] * b[5] - ldr r8, [r2, #4*4] @ b[4] - umlal r11, r12, r0, r14 @ c' += a[1] * b[5] - ldr r7, [r1, #2*4] @ a[2] - umlal r3, r4, r0, r8 @ c += a[1] * b[4] - ldr r14, [r2, #3*4] @ b[3] - umlal r11, r12, r7, r8 @ c' += a[2] * b[4] - ldr r0, [r1, #3*4] @ a[3] - umlal r3, r4, r7, r14 @ c += a[2] * b[3] - ldr r8, [r2, #2*4] @ b[2] - umlal r11, r12, r0, r14 @ c' += a[3] * b[3] - ldr r7, [r1, #4*4] @ a[4] - umlal r3, r4, r0, r8 @ c += a[3] * b[2] - ldr r14, [r2, #1*4] @ b[1] - umlal r11, r12, r7, r8 @ c' += a[4] * b[2] - ldr r0, [r1, #5*4] @ a[5] - umlal r3, r4, r7, r14 @ c += a[4] * b[1] - ldr r8, [r2, #0*4] @ b[0] - umlal r11, r12, r0, r14 @ c' += a[5] * b[1] - ldr r7, [r1, #6*4] @ a[6] - umlal r3, r4, r0, r8 @ c += a[5] * b[0] - ldr r14, [r2, #9*4] @ b[9] - umlal r11, r12, r7, r8 @ c' += a[6] * b[0] - ldr r0, [r1, #7*4] @ a[7] - umlal r5, r6, r7, r14 @ d += a[6] * b[9] - ldr r8, [r2, #8*4] @ b[8] - umull r9, r10, r0, r14 @ d' = a[7] * b[9] - ldr r7, [r1, #8*4] @ a[8] - umlal r5, r6, r0, r8 @ d += a[7] * b[8] - ldr r14, [r2, #7*4] @ b[7] - umlal r9, r10, r7, r8 @ d' += a[8] * b[8] - ldr r0, [r1, #9*4] @ a[9] - umlal r5, r6, r7, r14 @ d += a[8] * b[7] - ldr r8, [r2, #6*4] @ b[6] - umlal r9, r10, r0, r14 @ d' += a[9] * b[7] - umlal r5, r6, r0, r8 @ d += a[9] * b[6] - - bic r0, r5, field_not_M @ u5 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u5 * R0 - umlal r3, r4, r0, r14 - - bic r14, r3, field_not_M @ t5 = c & M - str r14, [sp, #4 + 5*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u5 * R1 - umlal r3, r4, r0, r14 - - /* H */ - adds r3, r3, r11 @ c += c' - adc r4, r4, r12 - adds r5, r5, r9 @ d += d' - adc r6, r6, r10 - - bic r0, r5, field_not_M @ u6 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u6 * R0 - umlal r3, r4, r0, r14 - - bic r14, r3, field_not_M @ t6 = c & M - str r14, [sp, #4 + 6*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u6 * R1 - umlal r3, r4, r0, r14 - - /* I - interleaved with J */ - ldr r8, [r2, #8*4] @ b[8] - ldr r7, [r1, #0*4] @ a[0] - ldr r14, [r2, #7*4] @ b[7] - umull r11, r12, r7, r8 @ c' = a[0] * b[8] - ldr r0, [r1, #1*4] @ a[1] - umlal r3, r4, r7, r14 @ c += a[0] * b[7] - ldr r8, [r2, #6*4] @ b[6] - umlal r11, r12, r0, r14 @ c' += a[1] * b[7] - ldr r7, [r1, #2*4] @ a[2] - umlal r3, r4, r0, r8 @ c += a[1] * b[6] - ldr r14, [r2, #5*4] @ b[5] - umlal r11, r12, r7, r8 @ c' += a[2] * b[6] - ldr r0, [r1, #3*4] @ a[3] - umlal r3, r4, r7, r14 @ c += a[2] * b[5] - ldr r8, [r2, #4*4] @ b[4] - umlal r11, r12, r0, r14 @ c' += a[3] * b[5] - ldr r7, [r1, #4*4] @ a[4] - umlal r3, r4, r0, r8 @ c += a[3] * b[4] - ldr r14, [r2, #3*4] @ b[3] - umlal r11, r12, r7, r8 @ c' += a[4] * b[4] - ldr r0, [r1, #5*4] @ a[5] - umlal r3, r4, r7, r14 @ c += a[4] * b[3] - ldr r8, [r2, #2*4] @ b[2] - umlal r11, r12, r0, r14 @ c' += a[5] * b[3] - ldr r7, [r1, #6*4] @ a[6] - umlal r3, r4, r0, r8 @ c += a[5] * b[2] - ldr r14, [r2, #1*4] @ b[1] - umlal r11, r12, r7, r8 @ c' += a[6] * b[2] - ldr r0, [r1, #7*4] @ a[7] - umlal r3, r4, r7, r14 @ c += a[6] * b[1] - ldr r8, [r2, #0*4] @ b[0] - umlal r11, r12, r0, r14 @ c' += a[7] * b[1] - ldr r7, [r1, #8*4] @ a[8] - umlal r3, r4, r0, r8 @ c += a[7] * b[0] - ldr r14, [r2, #9*4] @ b[9] - umlal r11, r12, r7, r8 @ c' += a[8] * b[0] - ldr r0, [r1, #9*4] @ a[9] - umlal r5, r6, r7, r14 @ d += a[8] * b[9] - ldr r8, [r2, #8*4] @ b[8] - umull r9, r10, r0, r14 @ d' = a[9] * b[9] - umlal r5, r6, r0, r8 @ d += a[9] * b[8] - - bic r0, r5, field_not_M @ u7 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u7 * R0 - umlal r3, r4, r0, r14 - - bic r14, r3, field_not_M @ t7 = c & M - str r14, [sp, #4 + 7*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u7 * R1 - umlal r3, r4, r0, r14 - - /* J */ - adds r3, r3, r11 @ c += c' - adc r4, r4, r12 - adds r5, r5, r9 @ d += d' - adc r6, r6, r10 - - bic r0, r5, field_not_M @ u8 = d & M - str r0, [sp, #4 + 8*4] - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u8 * R0 - umlal r3, r4, r0, r14 - - /****************************************** - * compute and write back result - ****************************************** - Allocation: - r0 r - r3:r4 c - r5:r6 d - r7 t0 - r8 t1 - r9 t2 - r11 u8 - r12 t9 - r1,r2,r10,r14 scratch - - Note: do not read from a[] after here, it may overlap with r[] - */ - ldr r0, [sp, #0] - add r1, sp, #4 + 3*4 @ r[3..7] = t3..7, r11=u8, r12=t9 - ldmia r1, {r2,r7,r8,r9,r10,r11,r12} - add r1, r0, #3*4 - stmia r1, {r2,r7,r8,r9,r10} - - bic r2, r3, field_not_M @ r[8] = c & M - str r2, [r0, #8*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u8 * R1 - umlal r3, r4, r11, r14 - movw r14, field_R0 @ c += d * R0 - umlal r3, r4, r5, r14 - adds r3, r3, r12 @ c += t9 - adc r4, r4, #0 - - add r1, sp, #4 + 0*4 @ r7,r8,r9 = t0,t1,t2 - ldmia r1, {r7,r8,r9} - - ubfx r2, r3, #0, #22 @ r[9] = c & (M >> 4) - str r2, [r0, #9*4] - mov r3, r3, lsr #22 @ c >>= 22 - orr r3, r3, r4, asl #10 - mov r4, r4, lsr #22 - movw r14, field_R1 << 4 @ c += d * (R1 << 4) - umlal r3, r4, r5, r14 - - movw r14, field_R0 >> 4 @ d = c * (R0 >> 4) + t0 (64x64 multiply+add) - umull r5, r6, r3, r14 @ d = c.lo * (R0 >> 4) - adds r5, r5, r7 @ d.lo += t0 - mla r6, r14, r4, r6 @ d.hi += c.hi * (R0 >> 4) - adc r6, r6, 0 @ d.hi += carry - - bic r2, r5, field_not_M @ r[0] = d & M - str r2, [r0, #0*4] - - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - - movw r14, field_R1 >> 4 @ d += c * (R1 >> 4) + t1 (64x64 multiply+add) - umull r1, r2, r3, r14 @ tmp = c.lo * (R1 >> 4) - adds r5, r5, r8 @ d.lo += t1 - adc r6, r6, #0 @ d.hi += carry - adds r5, r5, r1 @ d.lo += tmp.lo - mla r2, r14, r4, r2 @ tmp.hi += c.hi * (R1 >> 4) - adc r6, r6, r2 @ d.hi += carry + tmp.hi - - bic r2, r5, field_not_M @ r[1] = d & M - str r2, [r0, #1*4] - mov r5, r5, lsr #26 @ d >>= 26 (ignore hi) - orr r5, r5, r6, asl #6 - - add r5, r5, r9 @ d += t2 - str r5, [r0, #2*4] @ r[2] = d - - add sp, sp, #48 - ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} - .size secp256k1_fe_mul_inner, .-secp256k1_fe_mul_inner - - .align 2 - .global secp256k1_fe_sqr_inner - .type secp256k1_fe_sqr_inner, %function - @ Arguments: - @ r0 r Can overlap with a - @ r1 a - @ Stack (total 4+10*4 = 44) - @ sp + #0 saved 'r' pointer - @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 -secp256k1_fe_sqr_inner: - stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} - sub sp, sp, #48 @ frame=44 + alignment - str r0, [sp, #0] @ save result address, we need it only at the end - /****************************************** - * Main computation code. - ****************************************** - - Allocation: - r0,r14,r2,r7,r8 scratch - r1 a (pointer) - r3:r4 c - r5:r6 d - r11:r12 c' - r9:r10 d' - - Note: do not write to r[] here, it may overlap with a[] - */ - /* A interleaved with B */ - ldr r0, [r1, #1*4] @ a[1]*2 - ldr r7, [r1, #0*4] @ a[0] - mov r0, r0, asl #1 - ldr r14, [r1, #9*4] @ a[9] - umull r3, r4, r7, r7 @ c = a[0] * a[0] - ldr r8, [r1, #8*4] @ a[8] - mov r7, r7, asl #1 - umull r5, r6, r7, r14 @ d = a[0]*2 * a[9] - ldr r7, [r1, #2*4] @ a[2]*2 - umull r9, r10, r0, r14 @ d' = a[1]*2 * a[9] - ldr r14, [r1, #7*4] @ a[7] - umlal r5, r6, r0, r8 @ d += a[1]*2 * a[8] - mov r7, r7, asl #1 - ldr r0, [r1, #3*4] @ a[3]*2 - umlal r9, r10, r7, r8 @ d' += a[2]*2 * a[8] - ldr r8, [r1, #6*4] @ a[6] - umlal r5, r6, r7, r14 @ d += a[2]*2 * a[7] - mov r0, r0, asl #1 - ldr r7, [r1, #4*4] @ a[4]*2 - umlal r9, r10, r0, r14 @ d' += a[3]*2 * a[7] - ldr r14, [r1, #5*4] @ a[5] - mov r7, r7, asl #1 - umlal r5, r6, r0, r8 @ d += a[3]*2 * a[6] - umlal r9, r10, r7, r8 @ d' += a[4]*2 * a[6] - umlal r5, r6, r7, r14 @ d += a[4]*2 * a[5] - umlal r9, r10, r14, r14 @ d' += a[5] * a[5] - - bic r0, r5, field_not_M @ t9 = d & M - str r0, [sp, #4 + 9*4] - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - - /* B */ - adds r5, r5, r9 @ d += d' - adc r6, r6, r10 - - bic r0, r5, field_not_M @ u0 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u0 * R0 - umlal r3, r4, r0, r14 - bic r14, r3, field_not_M @ t0 = c & M - str r14, [sp, #4 + 0*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u0 * R1 - umlal r3, r4, r0, r14 - - /* C interleaved with D */ - ldr r0, [r1, #0*4] @ a[0]*2 - ldr r14, [r1, #1*4] @ a[1] - mov r0, r0, asl #1 - ldr r8, [r1, #2*4] @ a[2] - umlal r3, r4, r0, r14 @ c += a[0]*2 * a[1] - mov r7, r8, asl #1 @ a[2]*2 - umull r11, r12, r14, r14 @ c' = a[1] * a[1] - ldr r14, [r1, #9*4] @ a[9] - umlal r11, r12, r0, r8 @ c' += a[0]*2 * a[2] - ldr r0, [r1, #3*4] @ a[3]*2 - ldr r8, [r1, #8*4] @ a[8] - umlal r5, r6, r7, r14 @ d += a[2]*2 * a[9] - mov r0, r0, asl #1 - ldr r7, [r1, #4*4] @ a[4]*2 - umull r9, r10, r0, r14 @ d' = a[3]*2 * a[9] - ldr r14, [r1, #7*4] @ a[7] - umlal r5, r6, r0, r8 @ d += a[3]*2 * a[8] - mov r7, r7, asl #1 - ldr r0, [r1, #5*4] @ a[5]*2 - umlal r9, r10, r7, r8 @ d' += a[4]*2 * a[8] - ldr r8, [r1, #6*4] @ a[6] - mov r0, r0, asl #1 - umlal r5, r6, r7, r14 @ d += a[4]*2 * a[7] - umlal r9, r10, r0, r14 @ d' += a[5]*2 * a[7] - umlal r5, r6, r0, r8 @ d += a[5]*2 * a[6] - umlal r9, r10, r8, r8 @ d' += a[6] * a[6] - - bic r0, r5, field_not_M @ u1 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u1 * R0 - umlal r3, r4, r0, r14 - bic r14, r3, field_not_M @ t1 = c & M - str r14, [sp, #4 + 1*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u1 * R1 - umlal r3, r4, r0, r14 - - /* D */ - adds r3, r3, r11 @ c += c' - adc r4, r4, r12 - adds r5, r5, r9 @ d += d' - adc r6, r6, r10 - - bic r0, r5, field_not_M @ u2 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u2 * R0 - umlal r3, r4, r0, r14 - bic r14, r3, field_not_M @ t2 = c & M - str r14, [sp, #4 + 2*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u2 * R1 - umlal r3, r4, r0, r14 - - /* E interleaved with F */ - ldr r7, [r1, #0*4] @ a[0]*2 - ldr r0, [r1, #1*4] @ a[1]*2 - ldr r14, [r1, #2*4] @ a[2] - mov r7, r7, asl #1 - ldr r8, [r1, #3*4] @ a[3] - ldr r2, [r1, #4*4] - umlal r3, r4, r7, r8 @ c += a[0]*2 * a[3] - mov r0, r0, asl #1 - umull r11, r12, r7, r2 @ c' = a[0]*2 * a[4] - mov r2, r2, asl #1 @ a[4]*2 - umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[3] - ldr r8, [r1, #9*4] @ a[9] - umlal r3, r4, r0, r14 @ c += a[1]*2 * a[2] - ldr r0, [r1, #5*4] @ a[5]*2 - umlal r11, r12, r14, r14 @ c' += a[2] * a[2] - ldr r14, [r1, #8*4] @ a[8] - mov r0, r0, asl #1 - umlal r5, r6, r2, r8 @ d += a[4]*2 * a[9] - ldr r7, [r1, #6*4] @ a[6]*2 - umull r9, r10, r0, r8 @ d' = a[5]*2 * a[9] - mov r7, r7, asl #1 - ldr r8, [r1, #7*4] @ a[7] - umlal r5, r6, r0, r14 @ d += a[5]*2 * a[8] - umlal r9, r10, r7, r14 @ d' += a[6]*2 * a[8] - umlal r5, r6, r7, r8 @ d += a[6]*2 * a[7] - umlal r9, r10, r8, r8 @ d' += a[7] * a[7] - - bic r0, r5, field_not_M @ u3 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u3 * R0 - umlal r3, r4, r0, r14 - bic r14, r3, field_not_M @ t3 = c & M - str r14, [sp, #4 + 3*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u3 * R1 - umlal r3, r4, r0, r14 - - /* F */ - adds r3, r3, r11 @ c += c' - adc r4, r4, r12 - adds r5, r5, r9 @ d += d' - adc r6, r6, r10 - - bic r0, r5, field_not_M @ u4 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u4 * R0 - umlal r3, r4, r0, r14 - bic r14, r3, field_not_M @ t4 = c & M - str r14, [sp, #4 + 4*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u4 * R1 - umlal r3, r4, r0, r14 - - /* G interleaved with H */ - ldr r7, [r1, #0*4] @ a[0]*2 - ldr r0, [r1, #1*4] @ a[1]*2 - mov r7, r7, asl #1 - ldr r8, [r1, #5*4] @ a[5] - ldr r2, [r1, #6*4] @ a[6] - umlal r3, r4, r7, r8 @ c += a[0]*2 * a[5] - ldr r14, [r1, #4*4] @ a[4] - mov r0, r0, asl #1 - umull r11, r12, r7, r2 @ c' = a[0]*2 * a[6] - ldr r7, [r1, #2*4] @ a[2]*2 - umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[5] - mov r7, r7, asl #1 - ldr r8, [r1, #3*4] @ a[3] - umlal r3, r4, r0, r14 @ c += a[1]*2 * a[4] - mov r0, r2, asl #1 @ a[6]*2 - umlal r11, r12, r7, r14 @ c' += a[2]*2 * a[4] - ldr r14, [r1, #9*4] @ a[9] - umlal r3, r4, r7, r8 @ c += a[2]*2 * a[3] - ldr r7, [r1, #7*4] @ a[7]*2 - umlal r11, r12, r8, r8 @ c' += a[3] * a[3] - mov r7, r7, asl #1 - ldr r8, [r1, #8*4] @ a[8] - umlal r5, r6, r0, r14 @ d += a[6]*2 * a[9] - umull r9, r10, r7, r14 @ d' = a[7]*2 * a[9] - umlal r5, r6, r7, r8 @ d += a[7]*2 * a[8] - umlal r9, r10, r8, r8 @ d' += a[8] * a[8] - - bic r0, r5, field_not_M @ u5 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u5 * R0 - umlal r3, r4, r0, r14 - bic r14, r3, field_not_M @ t5 = c & M - str r14, [sp, #4 + 5*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u5 * R1 - umlal r3, r4, r0, r14 - - /* H */ - adds r3, r3, r11 @ c += c' - adc r4, r4, r12 - adds r5, r5, r9 @ d += d' - adc r6, r6, r10 - - bic r0, r5, field_not_M @ u6 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u6 * R0 - umlal r3, r4, r0, r14 - bic r14, r3, field_not_M @ t6 = c & M - str r14, [sp, #4 + 6*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u6 * R1 - umlal r3, r4, r0, r14 - - /* I interleaved with J */ - ldr r7, [r1, #0*4] @ a[0]*2 - ldr r0, [r1, #1*4] @ a[1]*2 - mov r7, r7, asl #1 - ldr r8, [r1, #7*4] @ a[7] - ldr r2, [r1, #8*4] @ a[8] - umlal r3, r4, r7, r8 @ c += a[0]*2 * a[7] - ldr r14, [r1, #6*4] @ a[6] - mov r0, r0, asl #1 - umull r11, r12, r7, r2 @ c' = a[0]*2 * a[8] - ldr r7, [r1, #2*4] @ a[2]*2 - umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[7] - ldr r8, [r1, #5*4] @ a[5] - umlal r3, r4, r0, r14 @ c += a[1]*2 * a[6] - ldr r0, [r1, #3*4] @ a[3]*2 - mov r7, r7, asl #1 - umlal r11, r12, r7, r14 @ c' += a[2]*2 * a[6] - ldr r14, [r1, #4*4] @ a[4] - mov r0, r0, asl #1 - umlal r3, r4, r7, r8 @ c += a[2]*2 * a[5] - mov r2, r2, asl #1 @ a[8]*2 - umlal r11, r12, r0, r8 @ c' += a[3]*2 * a[5] - umlal r3, r4, r0, r14 @ c += a[3]*2 * a[4] - umlal r11, r12, r14, r14 @ c' += a[4] * a[4] - ldr r8, [r1, #9*4] @ a[9] - umlal r5, r6, r2, r8 @ d += a[8]*2 * a[9] - @ r8 will be used in J - - bic r0, r5, field_not_M @ u7 = d & M - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u7 * R0 - umlal r3, r4, r0, r14 - bic r14, r3, field_not_M @ t7 = c & M - str r14, [sp, #4 + 7*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u7 * R1 - umlal r3, r4, r0, r14 - - /* J */ - adds r3, r3, r11 @ c += c' - adc r4, r4, r12 - umlal r5, r6, r8, r8 @ d += a[9] * a[9] - - bic r0, r5, field_not_M @ u8 = d & M - str r0, [sp, #4 + 8*4] - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - movw r14, field_R0 @ c += u8 * R0 - umlal r3, r4, r0, r14 - - /****************************************** - * compute and write back result - ****************************************** - Allocation: - r0 r - r3:r4 c - r5:r6 d - r7 t0 - r8 t1 - r9 t2 - r11 u8 - r12 t9 - r1,r2,r10,r14 scratch - - Note: do not read from a[] after here, it may overlap with r[] - */ - ldr r0, [sp, #0] - add r1, sp, #4 + 3*4 @ r[3..7] = t3..7, r11=u8, r12=t9 - ldmia r1, {r2,r7,r8,r9,r10,r11,r12} - add r1, r0, #3*4 - stmia r1, {r2,r7,r8,r9,r10} - - bic r2, r3, field_not_M @ r[8] = c & M - str r2, [r0, #8*4] - mov r3, r3, lsr #26 @ c >>= 26 - orr r3, r3, r4, asl #6 - mov r4, r4, lsr #26 - mov r14, field_R1 @ c += u8 * R1 - umlal r3, r4, r11, r14 - movw r14, field_R0 @ c += d * R0 - umlal r3, r4, r5, r14 - adds r3, r3, r12 @ c += t9 - adc r4, r4, #0 - - add r1, sp, #4 + 0*4 @ r7,r8,r9 = t0,t1,t2 - ldmia r1, {r7,r8,r9} - - ubfx r2, r3, #0, #22 @ r[9] = c & (M >> 4) - str r2, [r0, #9*4] - mov r3, r3, lsr #22 @ c >>= 22 - orr r3, r3, r4, asl #10 - mov r4, r4, lsr #22 - movw r14, field_R1 << 4 @ c += d * (R1 << 4) - umlal r3, r4, r5, r14 - - movw r14, field_R0 >> 4 @ d = c * (R0 >> 4) + t0 (64x64 multiply+add) - umull r5, r6, r3, r14 @ d = c.lo * (R0 >> 4) - adds r5, r5, r7 @ d.lo += t0 - mla r6, r14, r4, r6 @ d.hi += c.hi * (R0 >> 4) - adc r6, r6, 0 @ d.hi += carry - - bic r2, r5, field_not_M @ r[0] = d & M - str r2, [r0, #0*4] - - mov r5, r5, lsr #26 @ d >>= 26 - orr r5, r5, r6, asl #6 - mov r6, r6, lsr #26 - - movw r14, field_R1 >> 4 @ d += c * (R1 >> 4) + t1 (64x64 multiply+add) - umull r1, r2, r3, r14 @ tmp = c.lo * (R1 >> 4) - adds r5, r5, r8 @ d.lo += t1 - adc r6, r6, #0 @ d.hi += carry - adds r5, r5, r1 @ d.lo += tmp.lo - mla r2, r14, r4, r2 @ tmp.hi += c.hi * (R1 >> 4) - adc r6, r6, r2 @ d.hi += carry + tmp.hi - - bic r2, r5, field_not_M @ r[1] = d & M - str r2, [r0, #1*4] - mov r5, r5, lsr #26 @ d >>= 26 (ignore hi) - orr r5, r5, r6, asl #6 - - add r5, r5, r9 @ d += t2 - str r5, [r0, #2*4] @ r[2] = d - - add sp, sp, #48 - ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} - .size secp256k1_fe_sqr_inner, .-secp256k1_fe_sqr_inner - diff --git a/deps/secp256k1/src/basic-config.h b/deps/secp256k1/src/basic-config.h deleted file mode 100644 index e9be39d4c..000000000 --- a/deps/secp256k1/src/basic-config.h +++ /dev/null @@ -1,38 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_BASIC_CONFIG_H -#define SECP256K1_BASIC_CONFIG_H - -#ifdef USE_BASIC_CONFIG - -#undef USE_ASM_X86_64 -#undef USE_ECMULT_STATIC_PRECOMPUTATION -#undef USE_ENDOMORPHISM -#undef USE_EXTERNAL_ASM -#undef USE_EXTERNAL_DEFAULT_CALLBACKS -#undef USE_FIELD_10X26 -#undef USE_FIELD_5X52 -#undef USE_FIELD_INV_BUILTIN -#undef USE_FIELD_INV_NUM -#undef USE_NUM_GMP -#undef USE_NUM_NONE -#undef USE_SCALAR_4X64 -#undef USE_SCALAR_8X32 -#undef USE_SCALAR_INV_BUILTIN -#undef USE_SCALAR_INV_NUM -#undef ECMULT_WINDOW_SIZE - -#define USE_NUM_NONE 1 -#define USE_FIELD_INV_BUILTIN 1 -#define USE_SCALAR_INV_BUILTIN 1 -#define USE_FIELD_10X26 1 -#define USE_SCALAR_8X32 1 -#define ECMULT_WINDOW_SIZE 15 - -#endif /* USE_BASIC_CONFIG */ - -#endif /* SECP256K1_BASIC_CONFIG_H */ diff --git a/deps/secp256k1/src/bench.h b/deps/secp256k1/src/bench.h deleted file mode 100644 index 5b59783f6..000000000 --- a/deps/secp256k1/src/bench.h +++ /dev/null @@ -1,82 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_BENCH_H -#define SECP256K1_BENCH_H - -#include -#include -#include -#include "sys/time.h" - -static double gettimedouble(void) { - struct timeval tv; - gettimeofday(&tv, NULL); - return tv.tv_usec * 0.000001 + tv.tv_sec; -} - -void print_number(double x) { - double y = x; - int c = 0; - if (y < 0.0) { - y = -y; - } - while (y > 0 && y < 100.0) { - y *= 10.0; - c++; - } - printf("%.*f", c, x); -} - -void run_benchmark(char *name, void (*benchmark)(void*), void (*setup)(void*), void (*teardown)(void*), void* data, int count, int iter) { - int i; - double min = HUGE_VAL; - double sum = 0.0; - double max = 0.0; - for (i = 0; i < count; i++) { - double begin, total; - if (setup != NULL) { - setup(data); - } - begin = gettimedouble(); - benchmark(data); - total = gettimedouble() - begin; - if (teardown != NULL) { - teardown(data); - } - if (total < min) { - min = total; - } - if (total > max) { - max = total; - } - sum += total; - } - printf("%s: min ", name); - print_number(min * 1000000.0 / iter); - printf("us / avg "); - print_number((sum / count) * 1000000.0 / iter); - printf("us / max "); - print_number(max * 1000000.0 / iter); - printf("us\n"); -} - -int have_flag(int argc, char** argv, char *flag) { - char** argm = argv + argc; - argv++; - if (argv == argm) { - return 1; - } - while (argv != NULL && argv != argm) { - if (strcmp(*argv, flag) == 0) { - return 1; - } - argv++; - } - return 0; -} - -#endif /* SECP256K1_BENCH_H */ diff --git a/deps/secp256k1/src/bench_ecdh.c b/deps/secp256k1/src/bench_ecdh.c deleted file mode 100644 index c1dd5a6ac..000000000 --- a/deps/secp256k1/src/bench_ecdh.c +++ /dev/null @@ -1,54 +0,0 @@ -/********************************************************************** - * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#include - -#include "include/secp256k1.h" -#include "include/secp256k1_ecdh.h" -#include "util.h" -#include "bench.h" - -typedef struct { - secp256k1_context *ctx; - secp256k1_pubkey point; - unsigned char scalar[32]; -} bench_ecdh_data; - -static void bench_ecdh_setup(void* arg) { - int i; - bench_ecdh_data *data = (bench_ecdh_data*)arg; - const unsigned char point[] = { - 0x03, - 0x54, 0x94, 0xc1, 0x5d, 0x32, 0x09, 0x97, 0x06, - 0xc2, 0x39, 0x5f, 0x94, 0x34, 0x87, 0x45, 0xfd, - 0x75, 0x7c, 0xe3, 0x0e, 0x4e, 0x8c, 0x90, 0xfb, - 0xa2, 0xba, 0xd1, 0x84, 0xf8, 0x83, 0xc6, 0x9f - }; - - /* create a context with no capabilities */ - data->ctx = secp256k1_context_create(SECP256K1_FLAGS_TYPE_CONTEXT); - for (i = 0; i < 32; i++) { - data->scalar[i] = i + 1; - } - CHECK(secp256k1_ec_pubkey_parse(data->ctx, &data->point, point, sizeof(point)) == 1); -} - -static void bench_ecdh(void* arg) { - int i; - unsigned char res[32]; - bench_ecdh_data *data = (bench_ecdh_data*)arg; - - for (i = 0; i < 20000; i++) { - CHECK(secp256k1_ecdh(data->ctx, res, &data->point, data->scalar, NULL, NULL) == 1); - } -} - -int main(void) { - bench_ecdh_data data; - - run_benchmark("ecdh", bench_ecdh, bench_ecdh_setup, NULL, &data, 10, 20000); - return 0; -} diff --git a/deps/secp256k1/src/bench_ecmult.c b/deps/secp256k1/src/bench_ecmult.c deleted file mode 100644 index 7b5d185dc..000000000 --- a/deps/secp256k1/src/bench_ecmult.c +++ /dev/null @@ -1,207 +0,0 @@ -/********************************************************************** - * Copyright (c) 2017 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ -#include - -#include "include/secp256k1.h" - -#include "util.h" -#include "hash_impl.h" -#include "num_impl.h" -#include "field_impl.h" -#include "group_impl.h" -#include "scalar_impl.h" -#include "ecmult_impl.h" -#include "bench.h" -#include "secp256k1.c" - -#define POINTS 32768 -#define ITERS 10000 - -typedef struct { - /* Setup once in advance */ - secp256k1_context* ctx; - secp256k1_scratch_space* scratch; - secp256k1_scalar* scalars; - secp256k1_ge* pubkeys; - secp256k1_scalar* seckeys; - secp256k1_gej* expected_output; - secp256k1_ecmult_multi_func ecmult_multi; - - /* Changes per test */ - size_t count; - int includes_g; - - /* Changes per test iteration */ - size_t offset1; - size_t offset2; - - /* Test output. */ - secp256k1_gej* output; -} bench_data; - -static int bench_callback(secp256k1_scalar* sc, secp256k1_ge* ge, size_t idx, void* arg) { - bench_data* data = (bench_data*)arg; - if (data->includes_g) ++idx; - if (idx == 0) { - *sc = data->scalars[data->offset1]; - *ge = secp256k1_ge_const_g; - } else { - *sc = data->scalars[(data->offset1 + idx) % POINTS]; - *ge = data->pubkeys[(data->offset2 + idx - 1) % POINTS]; - } - return 1; -} - -static void bench_ecmult(void* arg) { - bench_data* data = (bench_data*)arg; - - size_t count = data->count; - int includes_g = data->includes_g; - size_t iters = 1 + ITERS / count; - size_t iter; - - for (iter = 0; iter < iters; ++iter) { - data->ecmult_multi(&data->ctx->error_callback, &data->ctx->ecmult_ctx, data->scratch, &data->output[iter], data->includes_g ? &data->scalars[data->offset1] : NULL, bench_callback, arg, count - includes_g); - data->offset1 = (data->offset1 + count) % POINTS; - data->offset2 = (data->offset2 + count - 1) % POINTS; - } -} - -static void bench_ecmult_setup(void* arg) { - bench_data* data = (bench_data*)arg; - data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS; - data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS; -} - -static void bench_ecmult_teardown(void* arg) { - bench_data* data = (bench_data*)arg; - size_t iters = 1 + ITERS / data->count; - size_t iter; - /* Verify the results in teardown, to avoid doing comparisons while benchmarking. */ - for (iter = 0; iter < iters; ++iter) { - secp256k1_gej tmp; - secp256k1_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL); - CHECK(secp256k1_gej_is_infinity(&tmp)); - } -} - -static void generate_scalar(uint32_t num, secp256k1_scalar* scalar) { - secp256k1_sha256 sha256; - unsigned char c[11] = {'e', 'c', 'm', 'u', 'l', 't', 0, 0, 0, 0}; - unsigned char buf[32]; - int overflow = 0; - c[6] = num; - c[7] = num >> 8; - c[8] = num >> 16; - c[9] = num >> 24; - secp256k1_sha256_initialize(&sha256); - secp256k1_sha256_write(&sha256, c, sizeof(c)); - secp256k1_sha256_finalize(&sha256, buf); - secp256k1_scalar_set_b32(scalar, buf, &overflow); - CHECK(!overflow); -} - -static void run_test(bench_data* data, size_t count, int includes_g) { - char str[32]; - static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); - size_t iters = 1 + ITERS / count; - size_t iter; - - data->count = count; - data->includes_g = includes_g; - - /* Compute (the negation of) the expected results directly. */ - data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS; - data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS; - for (iter = 0; iter < iters; ++iter) { - secp256k1_scalar tmp; - secp256k1_scalar total = data->scalars[(data->offset1++) % POINTS]; - size_t i = 0; - for (i = 0; i + 1 < count; ++i) { - secp256k1_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]); - secp256k1_scalar_add(&total, &total, &tmp); - } - secp256k1_scalar_negate(&total, &total); - secp256k1_ecmult(&data->ctx->ecmult_ctx, &data->expected_output[iter], NULL, &zero, &total); - } - - /* Run the benchmark. */ - sprintf(str, includes_g ? "ecmult_%ig" : "ecmult_%i", (int)count); - run_benchmark(str, bench_ecmult, bench_ecmult_setup, bench_ecmult_teardown, data, 10, count * (1 + ITERS / count)); -} - -int main(int argc, char **argv) { - bench_data data; - int i, p; - secp256k1_gej* pubkeys_gej; - size_t scratch_size; - - data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - scratch_size = secp256k1_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16; - data.scratch = secp256k1_scratch_space_create(data.ctx, scratch_size); - data.ecmult_multi = secp256k1_ecmult_multi_var; - - if (argc > 1) { - if(have_flag(argc, argv, "pippenger_wnaf")) { - printf("Using pippenger_wnaf:\n"); - data.ecmult_multi = secp256k1_ecmult_pippenger_batch_single; - } else if(have_flag(argc, argv, "strauss_wnaf")) { - printf("Using strauss_wnaf:\n"); - data.ecmult_multi = secp256k1_ecmult_strauss_batch_single; - } else if(have_flag(argc, argv, "simple")) { - printf("Using simple algorithm:\n"); - data.ecmult_multi = secp256k1_ecmult_multi_var; - secp256k1_scratch_space_destroy(data.ctx, data.scratch); - data.scratch = NULL; - } else { - fprintf(stderr, "%s: unrecognized argument '%s'.\n", argv[0], argv[1]); - fprintf(stderr, "Use 'pippenger_wnaf', 'strauss_wnaf', 'simple' or no argument to benchmark a combined algorithm.\n"); - return 1; - } - } - - /* Allocate stuff */ - data.scalars = malloc(sizeof(secp256k1_scalar) * POINTS); - data.seckeys = malloc(sizeof(secp256k1_scalar) * POINTS); - data.pubkeys = malloc(sizeof(secp256k1_ge) * POINTS); - data.expected_output = malloc(sizeof(secp256k1_gej) * (ITERS + 1)); - data.output = malloc(sizeof(secp256k1_gej) * (ITERS + 1)); - - /* Generate a set of scalars, and private/public keypairs. */ - pubkeys_gej = malloc(sizeof(secp256k1_gej) * POINTS); - secp256k1_gej_set_ge(&pubkeys_gej[0], &secp256k1_ge_const_g); - secp256k1_scalar_set_int(&data.seckeys[0], 1); - for (i = 0; i < POINTS; ++i) { - generate_scalar(i, &data.scalars[i]); - if (i) { - secp256k1_gej_double_var(&pubkeys_gej[i], &pubkeys_gej[i - 1], NULL); - secp256k1_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]); - } - } - secp256k1_ge_set_all_gej_var(data.pubkeys, pubkeys_gej, POINTS); - free(pubkeys_gej); - - for (i = 1; i <= 8; ++i) { - run_test(&data, i, 1); - } - - for (p = 0; p <= 11; ++p) { - for (i = 9; i <= 16; ++i) { - run_test(&data, i << p, 1); - } - } - if (data.scratch != NULL) { - secp256k1_scratch_space_destroy(data.ctx, data.scratch); - } - secp256k1_context_destroy(data.ctx); - free(data.scalars); - free(data.pubkeys); - free(data.seckeys); - free(data.output); - free(data.expected_output); - - return(0); -} diff --git a/deps/secp256k1/src/bench_internal.c b/deps/secp256k1/src/bench_internal.c deleted file mode 100644 index a8f4e9e12..000000000 --- a/deps/secp256k1/src/bench_internal.c +++ /dev/null @@ -1,369 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ -#include - -#include "include/secp256k1.h" - -#include "util.h" -#include "hash_impl.h" -#include "num_impl.h" -#include "field_impl.h" -#include "group_impl.h" -#include "scalar_impl.h" -#include "ecmult_const_impl.h" -#include "ecmult_impl.h" -#include "bench.h" -#include "secp256k1.c" - -typedef struct { - secp256k1_scalar scalar_x, scalar_y; - secp256k1_fe fe_x, fe_y; - secp256k1_ge ge_x, ge_y; - secp256k1_gej gej_x, gej_y; - unsigned char data[64]; - int wnaf[256]; -} bench_inv; - -void bench_setup(void* arg) { - bench_inv *data = (bench_inv*)arg; - - static const unsigned char init_x[32] = { - 0x02, 0x03, 0x05, 0x07, 0x0b, 0x0d, 0x11, 0x13, - 0x17, 0x1d, 0x1f, 0x25, 0x29, 0x2b, 0x2f, 0x35, - 0x3b, 0x3d, 0x43, 0x47, 0x49, 0x4f, 0x53, 0x59, - 0x61, 0x65, 0x67, 0x6b, 0x6d, 0x71, 0x7f, 0x83 - }; - - static const unsigned char init_y[32] = { - 0x82, 0x83, 0x85, 0x87, 0x8b, 0x8d, 0x81, 0x83, - 0x97, 0xad, 0xaf, 0xb5, 0xb9, 0xbb, 0xbf, 0xc5, - 0xdb, 0xdd, 0xe3, 0xe7, 0xe9, 0xef, 0xf3, 0xf9, - 0x11, 0x15, 0x17, 0x1b, 0x1d, 0xb1, 0xbf, 0xd3 - }; - - secp256k1_scalar_set_b32(&data->scalar_x, init_x, NULL); - secp256k1_scalar_set_b32(&data->scalar_y, init_y, NULL); - secp256k1_fe_set_b32(&data->fe_x, init_x); - secp256k1_fe_set_b32(&data->fe_y, init_y); - CHECK(secp256k1_ge_set_xo_var(&data->ge_x, &data->fe_x, 0)); - CHECK(secp256k1_ge_set_xo_var(&data->ge_y, &data->fe_y, 1)); - secp256k1_gej_set_ge(&data->gej_x, &data->ge_x); - secp256k1_gej_set_ge(&data->gej_y, &data->ge_y); - memcpy(data->data, init_x, 32); - memcpy(data->data + 32, init_y, 32); -} - -void bench_scalar_add(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 2000000; i++) { - secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); - } -} - -void bench_scalar_negate(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 2000000; i++) { - secp256k1_scalar_negate(&data->scalar_x, &data->scalar_x); - } -} - -void bench_scalar_sqr(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 200000; i++) { - secp256k1_scalar_sqr(&data->scalar_x, &data->scalar_x); - } -} - -void bench_scalar_mul(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 200000; i++) { - secp256k1_scalar_mul(&data->scalar_x, &data->scalar_x, &data->scalar_y); - } -} - -#ifdef USE_ENDOMORPHISM -void bench_scalar_split(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 20000; i++) { - secp256k1_scalar l, r; - secp256k1_scalar_split_lambda(&l, &r, &data->scalar_x); - secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); - } -} -#endif - -void bench_scalar_inverse(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 2000; i++) { - secp256k1_scalar_inverse(&data->scalar_x, &data->scalar_x); - secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); - } -} - -void bench_scalar_inverse_var(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 2000; i++) { - secp256k1_scalar_inverse_var(&data->scalar_x, &data->scalar_x); - secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); - } -} - -void bench_field_normalize(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 2000000; i++) { - secp256k1_fe_normalize(&data->fe_x); - } -} - -void bench_field_normalize_weak(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 2000000; i++) { - secp256k1_fe_normalize_weak(&data->fe_x); - } -} - -void bench_field_mul(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 200000; i++) { - secp256k1_fe_mul(&data->fe_x, &data->fe_x, &data->fe_y); - } -} - -void bench_field_sqr(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 200000; i++) { - secp256k1_fe_sqr(&data->fe_x, &data->fe_x); - } -} - -void bench_field_inverse(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 20000; i++) { - secp256k1_fe_inv(&data->fe_x, &data->fe_x); - secp256k1_fe_add(&data->fe_x, &data->fe_y); - } -} - -void bench_field_inverse_var(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 20000; i++) { - secp256k1_fe_inv_var(&data->fe_x, &data->fe_x); - secp256k1_fe_add(&data->fe_x, &data->fe_y); - } -} - -void bench_field_sqrt(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - secp256k1_fe t; - - for (i = 0; i < 20000; i++) { - t = data->fe_x; - secp256k1_fe_sqrt(&data->fe_x, &t); - secp256k1_fe_add(&data->fe_x, &data->fe_y); - } -} - -void bench_group_double_var(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 200000; i++) { - secp256k1_gej_double_var(&data->gej_x, &data->gej_x, NULL); - } -} - -void bench_group_add_var(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 200000; i++) { - secp256k1_gej_add_var(&data->gej_x, &data->gej_x, &data->gej_y, NULL); - } -} - -void bench_group_add_affine(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 200000; i++) { - secp256k1_gej_add_ge(&data->gej_x, &data->gej_x, &data->ge_y); - } -} - -void bench_group_add_affine_var(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 200000; i++) { - secp256k1_gej_add_ge_var(&data->gej_x, &data->gej_x, &data->ge_y, NULL); - } -} - -void bench_group_jacobi_var(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 20000; i++) { - secp256k1_gej_has_quad_y_var(&data->gej_x); - } -} - -void bench_ecmult_wnaf(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 20000; i++) { - secp256k1_ecmult_wnaf(data->wnaf, 256, &data->scalar_x, WINDOW_A); - secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); - } -} - -void bench_wnaf_const(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - - for (i = 0; i < 20000; i++) { - secp256k1_wnaf_const(data->wnaf, &data->scalar_x, WINDOW_A, 256); - secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); - } -} - - -void bench_sha256(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - secp256k1_sha256 sha; - - for (i = 0; i < 20000; i++) { - secp256k1_sha256_initialize(&sha); - secp256k1_sha256_write(&sha, data->data, 32); - secp256k1_sha256_finalize(&sha, data->data); - } -} - -void bench_hmac_sha256(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - secp256k1_hmac_sha256 hmac; - - for (i = 0; i < 20000; i++) { - secp256k1_hmac_sha256_initialize(&hmac, data->data, 32); - secp256k1_hmac_sha256_write(&hmac, data->data, 32); - secp256k1_hmac_sha256_finalize(&hmac, data->data); - } -} - -void bench_rfc6979_hmac_sha256(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - secp256k1_rfc6979_hmac_sha256 rng; - - for (i = 0; i < 20000; i++) { - secp256k1_rfc6979_hmac_sha256_initialize(&rng, data->data, 64); - secp256k1_rfc6979_hmac_sha256_generate(&rng, data->data, 32); - } -} - -void bench_context_verify(void* arg) { - int i; - (void)arg; - for (i = 0; i < 20; i++) { - secp256k1_context_destroy(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY)); - } -} - -void bench_context_sign(void* arg) { - int i; - (void)arg; - for (i = 0; i < 200; i++) { - secp256k1_context_destroy(secp256k1_context_create(SECP256K1_CONTEXT_SIGN)); - } -} - -#ifndef USE_NUM_NONE -void bench_num_jacobi(void* arg) { - int i; - bench_inv *data = (bench_inv*)arg; - secp256k1_num nx, norder; - - secp256k1_scalar_get_num(&nx, &data->scalar_x); - secp256k1_scalar_order_get_num(&norder); - secp256k1_scalar_get_num(&norder, &data->scalar_y); - - for (i = 0; i < 200000; i++) { - secp256k1_num_jacobi(&nx, &norder); - } -} -#endif - -int main(int argc, char **argv) { - bench_inv data; - if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "add")) run_benchmark("scalar_add", bench_scalar_add, bench_setup, NULL, &data, 10, 2000000); - if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "negate")) run_benchmark("scalar_negate", bench_scalar_negate, bench_setup, NULL, &data, 10, 2000000); - if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "sqr")) run_benchmark("scalar_sqr", bench_scalar_sqr, bench_setup, NULL, &data, 10, 200000); - if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "mul")) run_benchmark("scalar_mul", bench_scalar_mul, bench_setup, NULL, &data, 10, 200000); -#ifdef USE_ENDOMORPHISM - if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "split")) run_benchmark("scalar_split", bench_scalar_split, bench_setup, NULL, &data, 10, 20000); -#endif - if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "inverse")) run_benchmark("scalar_inverse", bench_scalar_inverse, bench_setup, NULL, &data, 10, 2000); - if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "inverse")) run_benchmark("scalar_inverse_var", bench_scalar_inverse_var, bench_setup, NULL, &data, 10, 2000); - - if (have_flag(argc, argv, "field") || have_flag(argc, argv, "normalize")) run_benchmark("field_normalize", bench_field_normalize, bench_setup, NULL, &data, 10, 2000000); - if (have_flag(argc, argv, "field") || have_flag(argc, argv, "normalize")) run_benchmark("field_normalize_weak", bench_field_normalize_weak, bench_setup, NULL, &data, 10, 2000000); - if (have_flag(argc, argv, "field") || have_flag(argc, argv, "sqr")) run_benchmark("field_sqr", bench_field_sqr, bench_setup, NULL, &data, 10, 200000); - if (have_flag(argc, argv, "field") || have_flag(argc, argv, "mul")) run_benchmark("field_mul", bench_field_mul, bench_setup, NULL, &data, 10, 200000); - if (have_flag(argc, argv, "field") || have_flag(argc, argv, "inverse")) run_benchmark("field_inverse", bench_field_inverse, bench_setup, NULL, &data, 10, 20000); - if (have_flag(argc, argv, "field") || have_flag(argc, argv, "inverse")) run_benchmark("field_inverse_var", bench_field_inverse_var, bench_setup, NULL, &data, 10, 20000); - if (have_flag(argc, argv, "field") || have_flag(argc, argv, "sqrt")) run_benchmark("field_sqrt", bench_field_sqrt, bench_setup, NULL, &data, 10, 20000); - - if (have_flag(argc, argv, "group") || have_flag(argc, argv, "double")) run_benchmark("group_double_var", bench_group_double_var, bench_setup, NULL, &data, 10, 200000); - if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_var", bench_group_add_var, bench_setup, NULL, &data, 10, 200000); - if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_affine", bench_group_add_affine, bench_setup, NULL, &data, 10, 200000); - if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_affine_var", bench_group_add_affine_var, bench_setup, NULL, &data, 10, 200000); - if (have_flag(argc, argv, "group") || have_flag(argc, argv, "jacobi")) run_benchmark("group_jacobi_var", bench_group_jacobi_var, bench_setup, NULL, &data, 10, 20000); - - if (have_flag(argc, argv, "ecmult") || have_flag(argc, argv, "wnaf")) run_benchmark("wnaf_const", bench_wnaf_const, bench_setup, NULL, &data, 10, 20000); - if (have_flag(argc, argv, "ecmult") || have_flag(argc, argv, "wnaf")) run_benchmark("ecmult_wnaf", bench_ecmult_wnaf, bench_setup, NULL, &data, 10, 20000); - - if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "sha256")) run_benchmark("hash_sha256", bench_sha256, bench_setup, NULL, &data, 10, 20000); - if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "hmac")) run_benchmark("hash_hmac_sha256", bench_hmac_sha256, bench_setup, NULL, &data, 10, 20000); - if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "rng6979")) run_benchmark("hash_rfc6979_hmac_sha256", bench_rfc6979_hmac_sha256, bench_setup, NULL, &data, 10, 20000); - - if (have_flag(argc, argv, "context") || have_flag(argc, argv, "verify")) run_benchmark("context_verify", bench_context_verify, bench_setup, NULL, &data, 10, 20); - if (have_flag(argc, argv, "context") || have_flag(argc, argv, "sign")) run_benchmark("context_sign", bench_context_sign, bench_setup, NULL, &data, 10, 200); - -#ifndef USE_NUM_NONE - if (have_flag(argc, argv, "num") || have_flag(argc, argv, "jacobi")) run_benchmark("num_jacobi", bench_num_jacobi, bench_setup, NULL, &data, 10, 200000); -#endif - return 0; -} diff --git a/deps/secp256k1/src/bench_recover.c b/deps/secp256k1/src/bench_recover.c deleted file mode 100644 index b806eed94..000000000 --- a/deps/secp256k1/src/bench_recover.c +++ /dev/null @@ -1,60 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#include "include/secp256k1.h" -#include "include/secp256k1_recovery.h" -#include "util.h" -#include "bench.h" - -typedef struct { - secp256k1_context *ctx; - unsigned char msg[32]; - unsigned char sig[64]; -} bench_recover_data; - -void bench_recover(void* arg) { - int i; - bench_recover_data *data = (bench_recover_data*)arg; - secp256k1_pubkey pubkey; - unsigned char pubkeyc[33]; - - for (i = 0; i < 20000; i++) { - int j; - size_t pubkeylen = 33; - secp256k1_ecdsa_recoverable_signature sig; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(data->ctx, &sig, data->sig, i % 2)); - CHECK(secp256k1_ecdsa_recover(data->ctx, &pubkey, &sig, data->msg)); - CHECK(secp256k1_ec_pubkey_serialize(data->ctx, pubkeyc, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED)); - for (j = 0; j < 32; j++) { - data->sig[j + 32] = data->msg[j]; /* Move former message to S. */ - data->msg[j] = data->sig[j]; /* Move former R to message. */ - data->sig[j] = pubkeyc[j + 1]; /* Move recovered pubkey X coordinate to R (which must be a valid X coordinate). */ - } - } -} - -void bench_recover_setup(void* arg) { - int i; - bench_recover_data *data = (bench_recover_data*)arg; - - for (i = 0; i < 32; i++) { - data->msg[i] = 1 + i; - } - for (i = 0; i < 64; i++) { - data->sig[i] = 65 + i; - } -} - -int main(void) { - bench_recover_data data; - - data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); - - run_benchmark("ecdsa_recover", bench_recover, bench_recover_setup, NULL, &data, 10, 20000); - - secp256k1_context_destroy(data.ctx); - return 0; -} diff --git a/deps/secp256k1/src/bench_sign.c b/deps/secp256k1/src/bench_sign.c deleted file mode 100644 index 544b43963..000000000 --- a/deps/secp256k1/src/bench_sign.c +++ /dev/null @@ -1,56 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#include "include/secp256k1.h" -#include "util.h" -#include "bench.h" - -typedef struct { - secp256k1_context* ctx; - unsigned char msg[32]; - unsigned char key[32]; -} bench_sign; - -static void bench_sign_setup(void* arg) { - int i; - bench_sign *data = (bench_sign*)arg; - - for (i = 0; i < 32; i++) { - data->msg[i] = i + 1; - } - for (i = 0; i < 32; i++) { - data->key[i] = i + 65; - } -} - -static void bench_sign_run(void* arg) { - int i; - bench_sign *data = (bench_sign*)arg; - - unsigned char sig[74]; - for (i = 0; i < 20000; i++) { - size_t siglen = 74; - int j; - secp256k1_ecdsa_signature signature; - CHECK(secp256k1_ecdsa_sign(data->ctx, &signature, data->msg, data->key, NULL, NULL)); - CHECK(secp256k1_ecdsa_signature_serialize_der(data->ctx, sig, &siglen, &signature)); - for (j = 0; j < 32; j++) { - data->msg[j] = sig[j]; - data->key[j] = sig[j + 32]; - } - } -} - -int main(void) { - bench_sign data; - - data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); - - run_benchmark("ecdsa_sign", bench_sign_run, bench_sign_setup, NULL, &data, 10, 20000); - - secp256k1_context_destroy(data.ctx); - return 0; -} diff --git a/deps/secp256k1/src/bench_verify.c b/deps/secp256k1/src/bench_verify.c deleted file mode 100644 index 418defa0a..000000000 --- a/deps/secp256k1/src/bench_verify.c +++ /dev/null @@ -1,112 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#include -#include - -#include "include/secp256k1.h" -#include "util.h" -#include "bench.h" - -#ifdef ENABLE_OPENSSL_TESTS -#include -#include -#include -#endif - -typedef struct { - secp256k1_context *ctx; - unsigned char msg[32]; - unsigned char key[32]; - unsigned char sig[72]; - size_t siglen; - unsigned char pubkey[33]; - size_t pubkeylen; -#ifdef ENABLE_OPENSSL_TESTS - EC_GROUP* ec_group; -#endif -} benchmark_verify_t; - -static void benchmark_verify(void* arg) { - int i; - benchmark_verify_t* data = (benchmark_verify_t*)arg; - - for (i = 0; i < 20000; i++) { - secp256k1_pubkey pubkey; - secp256k1_ecdsa_signature sig; - data->sig[data->siglen - 1] ^= (i & 0xFF); - data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); - data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); - CHECK(secp256k1_ec_pubkey_parse(data->ctx, &pubkey, data->pubkey, data->pubkeylen) == 1); - CHECK(secp256k1_ecdsa_signature_parse_der(data->ctx, &sig, data->sig, data->siglen) == 1); - CHECK(secp256k1_ecdsa_verify(data->ctx, &sig, data->msg, &pubkey) == (i == 0)); - data->sig[data->siglen - 1] ^= (i & 0xFF); - data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); - data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); - } -} - -#ifdef ENABLE_OPENSSL_TESTS -static void benchmark_verify_openssl(void* arg) { - int i; - benchmark_verify_t* data = (benchmark_verify_t*)arg; - - for (i = 0; i < 20000; i++) { - data->sig[data->siglen - 1] ^= (i & 0xFF); - data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); - data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); - { - EC_KEY *pkey = EC_KEY_new(); - const unsigned char *pubkey = &data->pubkey[0]; - int result; - - CHECK(pkey != NULL); - result = EC_KEY_set_group(pkey, data->ec_group); - CHECK(result); - result = (o2i_ECPublicKey(&pkey, &pubkey, data->pubkeylen)) != NULL; - CHECK(result); - result = ECDSA_verify(0, &data->msg[0], sizeof(data->msg), &data->sig[0], data->siglen, pkey) == (i == 0); - CHECK(result); - EC_KEY_free(pkey); - } - data->sig[data->siglen - 1] ^= (i & 0xFF); - data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); - data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); - } -} -#endif - -int main(void) { - int i; - secp256k1_pubkey pubkey; - secp256k1_ecdsa_signature sig; - benchmark_verify_t data; - - data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - - for (i = 0; i < 32; i++) { - data.msg[i] = 1 + i; - } - for (i = 0; i < 32; i++) { - data.key[i] = 33 + i; - } - data.siglen = 72; - CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL)); - CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig)); - CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key)); - data.pubkeylen = 33; - CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - - run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000); -#ifdef ENABLE_OPENSSL_TESTS - data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1); - run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, 20000); - EC_GROUP_free(data.ec_group); -#endif - - secp256k1_context_destroy(data.ctx); - return 0; -} diff --git a/deps/secp256k1/src/ecdsa.h b/deps/secp256k1/src/ecdsa.h deleted file mode 100644 index 80590c7cc..000000000 --- a/deps/secp256k1/src/ecdsa.h +++ /dev/null @@ -1,21 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_ECDSA_H -#define SECP256K1_ECDSA_H - -#include - -#include "scalar.h" -#include "group.h" -#include "ecmult.h" - -static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *r, secp256k1_scalar *s, const unsigned char *sig, size_t size); -static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar *r, const secp256k1_scalar *s); -static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context *ctx, const secp256k1_scalar* r, const secp256k1_scalar* s, const secp256k1_ge *pubkey, const secp256k1_scalar *message); -static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid); - -#endif /* SECP256K1_ECDSA_H */ diff --git a/deps/secp256k1/src/ecdsa_impl.h b/deps/secp256k1/src/ecdsa_impl.h deleted file mode 100644 index eb099c87d..000000000 --- a/deps/secp256k1/src/ecdsa_impl.h +++ /dev/null @@ -1,319 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - - -#ifndef SECP256K1_ECDSA_IMPL_H -#define SECP256K1_ECDSA_IMPL_H - -#include "scalar.h" -#include "field.h" -#include "group.h" -#include "ecmult.h" -#include "ecmult_gen.h" -#include "ecdsa.h" - -/** Group order for secp256k1 defined as 'n' in "Standards for Efficient Cryptography" (SEC2) 2.7.1 - * sage: for t in xrange(1023, -1, -1): - * .. p = 2**256 - 2**32 - t - * .. if p.is_prime(): - * .. print '%x'%p - * .. break - * 'fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f' - * sage: a = 0 - * sage: b = 7 - * sage: F = FiniteField (p) - * sage: '%x' % (EllipticCurve ([F (a), F (b)]).order()) - * 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141' - */ -static const secp256k1_fe secp256k1_ecdsa_const_order_as_fe = SECP256K1_FE_CONST( - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, - 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364141UL -); - -/** Difference between field and order, values 'p' and 'n' values defined in - * "Standards for Efficient Cryptography" (SEC2) 2.7.1. - * sage: p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F - * sage: a = 0 - * sage: b = 7 - * sage: F = FiniteField (p) - * sage: '%x' % (p - EllipticCurve ([F (a), F (b)]).order()) - * '14551231950b75fc4402da1722fc9baee' - */ -static const secp256k1_fe secp256k1_ecdsa_const_p_minus_order = SECP256K1_FE_CONST( - 0, 0, 0, 1, 0x45512319UL, 0x50B75FC4UL, 0x402DA172UL, 0x2FC9BAEEUL -); - -static int secp256k1_der_read_len(size_t *len, const unsigned char **sigp, const unsigned char *sigend) { - size_t lenleft; - unsigned char b1; - VERIFY_CHECK(len != NULL); - *len = 0; - if (*sigp >= sigend) { - return 0; - } - b1 = *((*sigp)++); - if (b1 == 0xFF) { - /* X.690-0207 8.1.3.5.c the value 0xFF shall not be used. */ - return 0; - } - if ((b1 & 0x80) == 0) { - /* X.690-0207 8.1.3.4 short form length octets */ - *len = b1; - return 1; - } - if (b1 == 0x80) { - /* Indefinite length is not allowed in DER. */ - return 0; - } - /* X.690-207 8.1.3.5 long form length octets */ - lenleft = b1 & 0x7F; /* lenleft is at least 1 */ - if (lenleft > (size_t)(sigend - *sigp)) { - return 0; - } - if (**sigp == 0) { - /* Not the shortest possible length encoding. */ - return 0; - } - if (lenleft > sizeof(size_t)) { - /* The resulting length would exceed the range of a size_t, so - * certainly longer than the passed array size. - */ - return 0; - } - while (lenleft > 0) { - *len = (*len << 8) | **sigp; - (*sigp)++; - lenleft--; - } - if (*len > (size_t)(sigend - *sigp)) { - /* Result exceeds the length of the passed array. */ - return 0; - } - if (*len < 128) { - /* Not the shortest possible length encoding. */ - return 0; - } - return 1; -} - -static int secp256k1_der_parse_integer(secp256k1_scalar *r, const unsigned char **sig, const unsigned char *sigend) { - int overflow = 0; - unsigned char ra[32] = {0}; - size_t rlen; - - if (*sig == sigend || **sig != 0x02) { - /* Not a primitive integer (X.690-0207 8.3.1). */ - return 0; - } - (*sig)++; - if (secp256k1_der_read_len(&rlen, sig, sigend) == 0) { - return 0; - } - if (rlen == 0 || *sig + rlen > sigend) { - /* Exceeds bounds or not at least length 1 (X.690-0207 8.3.1). */ - return 0; - } - if (**sig == 0x00 && rlen > 1 && (((*sig)[1]) & 0x80) == 0x00) { - /* Excessive 0x00 padding. */ - return 0; - } - if (**sig == 0xFF && rlen > 1 && (((*sig)[1]) & 0x80) == 0x80) { - /* Excessive 0xFF padding. */ - return 0; - } - if ((**sig & 0x80) == 0x80) { - /* Negative. */ - overflow = 1; - } - /* There is at most one leading zero byte: - * if there were two leading zero bytes, we would have failed and returned 0 - * because of excessive 0x00 padding already. */ - if (rlen > 0 && **sig == 0) { - /* Skip leading zero byte */ - rlen--; - (*sig)++; - } - if (rlen > 32) { - overflow = 1; - } - if (!overflow) { - memcpy(ra + 32 - rlen, *sig, rlen); - secp256k1_scalar_set_b32(r, ra, &overflow); - } - if (overflow) { - secp256k1_scalar_set_int(r, 0); - } - (*sig) += rlen; - return 1; -} - -static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *rr, secp256k1_scalar *rs, const unsigned char *sig, size_t size) { - const unsigned char *sigend = sig + size; - size_t rlen; - if (sig == sigend || *(sig++) != 0x30) { - /* The encoding doesn't start with a constructed sequence (X.690-0207 8.9.1). */ - return 0; - } - if (secp256k1_der_read_len(&rlen, &sig, sigend) == 0) { - return 0; - } - if (rlen != (size_t)(sigend - sig)) { - /* Tuple exceeds bounds or garage after tuple. */ - return 0; - } - - if (!secp256k1_der_parse_integer(rr, &sig, sigend)) { - return 0; - } - if (!secp256k1_der_parse_integer(rs, &sig, sigend)) { - return 0; - } - - if (sig != sigend) { - /* Trailing garbage inside tuple. */ - return 0; - } - - return 1; -} - -static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar* ar, const secp256k1_scalar* as) { - unsigned char r[33] = {0}, s[33] = {0}; - unsigned char *rp = r, *sp = s; - size_t lenR = 33, lenS = 33; - secp256k1_scalar_get_b32(&r[1], ar); - secp256k1_scalar_get_b32(&s[1], as); - while (lenR > 1 && rp[0] == 0 && rp[1] < 0x80) { lenR--; rp++; } - while (lenS > 1 && sp[0] == 0 && sp[1] < 0x80) { lenS--; sp++; } - if (*size < 6+lenS+lenR) { - *size = 6 + lenS + lenR; - return 0; - } - *size = 6 + lenS + lenR; - sig[0] = 0x30; - sig[1] = 4 + lenS + lenR; - sig[2] = 0x02; - sig[3] = lenR; - memcpy(sig+4, rp, lenR); - sig[4+lenR] = 0x02; - sig[5+lenR] = lenS; - memcpy(sig+lenR+6, sp, lenS); - return 1; -} - -static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context *ctx, const secp256k1_scalar *sigr, const secp256k1_scalar *sigs, const secp256k1_ge *pubkey, const secp256k1_scalar *message) { - unsigned char c[32]; - secp256k1_scalar sn, u1, u2; -#if !defined(EXHAUSTIVE_TEST_ORDER) - secp256k1_fe xr; -#endif - secp256k1_gej pubkeyj; - secp256k1_gej pr; - - if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) { - return 0; - } - - secp256k1_scalar_inverse_var(&sn, sigs); - secp256k1_scalar_mul(&u1, &sn, message); - secp256k1_scalar_mul(&u2, &sn, sigr); - secp256k1_gej_set_ge(&pubkeyj, pubkey); - secp256k1_ecmult(ctx, &pr, &pubkeyj, &u2, &u1); - if (secp256k1_gej_is_infinity(&pr)) { - return 0; - } - -#if defined(EXHAUSTIVE_TEST_ORDER) -{ - secp256k1_scalar computed_r; - secp256k1_ge pr_ge; - secp256k1_ge_set_gej(&pr_ge, &pr); - secp256k1_fe_normalize(&pr_ge.x); - - secp256k1_fe_get_b32(c, &pr_ge.x); - secp256k1_scalar_set_b32(&computed_r, c, NULL); - return secp256k1_scalar_eq(sigr, &computed_r); -} -#else - secp256k1_scalar_get_b32(c, sigr); - secp256k1_fe_set_b32(&xr, c); - - /** We now have the recomputed R point in pr, and its claimed x coordinate (modulo n) - * in xr. Naively, we would extract the x coordinate from pr (requiring a inversion modulo p), - * compute the remainder modulo n, and compare it to xr. However: - * - * xr == X(pr) mod n - * <=> exists h. (xr + h * n < p && xr + h * n == X(pr)) - * [Since 2 * n > p, h can only be 0 or 1] - * <=> (xr == X(pr)) || (xr + n < p && xr + n == X(pr)) - * [In Jacobian coordinates, X(pr) is pr.x / pr.z^2 mod p] - * <=> (xr == pr.x / pr.z^2 mod p) || (xr + n < p && xr + n == pr.x / pr.z^2 mod p) - * [Multiplying both sides of the equations by pr.z^2 mod p] - * <=> (xr * pr.z^2 mod p == pr.x) || (xr + n < p && (xr + n) * pr.z^2 mod p == pr.x) - * - * Thus, we can avoid the inversion, but we have to check both cases separately. - * secp256k1_gej_eq_x implements the (xr * pr.z^2 mod p == pr.x) test. - */ - if (secp256k1_gej_eq_x_var(&xr, &pr)) { - /* xr * pr.z^2 mod p == pr.x, so the signature is valid. */ - return 1; - } - if (secp256k1_fe_cmp_var(&xr, &secp256k1_ecdsa_const_p_minus_order) >= 0) { - /* xr + n >= p, so we can skip testing the second case. */ - return 0; - } - secp256k1_fe_add(&xr, &secp256k1_ecdsa_const_order_as_fe); - if (secp256k1_gej_eq_x_var(&xr, &pr)) { - /* (xr + n) * pr.z^2 mod p == pr.x, so the signature is valid. */ - return 1; - } - return 0; -#endif -} - -static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid) { - unsigned char b[32]; - secp256k1_gej rp; - secp256k1_ge r; - secp256k1_scalar n; - int overflow = 0; - - secp256k1_ecmult_gen(ctx, &rp, nonce); - secp256k1_ge_set_gej(&r, &rp); - secp256k1_fe_normalize(&r.x); - secp256k1_fe_normalize(&r.y); - secp256k1_fe_get_b32(b, &r.x); - secp256k1_scalar_set_b32(sigr, b, &overflow); - /* These two conditions should be checked before calling */ - VERIFY_CHECK(!secp256k1_scalar_is_zero(sigr)); - VERIFY_CHECK(overflow == 0); - - if (recid) { - /* The overflow condition is cryptographically unreachable as hitting it requires finding the discrete log - * of some P where P.x >= order, and only 1 in about 2^127 points meet this criteria. - */ - *recid = (overflow ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0); - } - secp256k1_scalar_mul(&n, sigr, seckey); - secp256k1_scalar_add(&n, &n, message); - secp256k1_scalar_inverse(sigs, nonce); - secp256k1_scalar_mul(sigs, sigs, &n); - secp256k1_scalar_clear(&n); - secp256k1_gej_clear(&rp); - secp256k1_ge_clear(&r); - if (secp256k1_scalar_is_zero(sigs)) { - return 0; - } - if (secp256k1_scalar_is_high(sigs)) { - secp256k1_scalar_negate(sigs, sigs); - if (recid) { - *recid ^= 1; - } - } - return 1; -} - -#endif /* SECP256K1_ECDSA_IMPL_H */ diff --git a/deps/secp256k1/src/eckey.h b/deps/secp256k1/src/eckey.h deleted file mode 100644 index b621f1e6c..000000000 --- a/deps/secp256k1/src/eckey.h +++ /dev/null @@ -1,25 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_ECKEY_H -#define SECP256K1_ECKEY_H - -#include - -#include "group.h" -#include "scalar.h" -#include "ecmult.h" -#include "ecmult_gen.h" - -static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size); -static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed); - -static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak); -static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak); -static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak); -static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak); - -#endif /* SECP256K1_ECKEY_H */ diff --git a/deps/secp256k1/src/eckey_impl.h b/deps/secp256k1/src/eckey_impl.h deleted file mode 100644 index 7c5b78932..000000000 --- a/deps/secp256k1/src/eckey_impl.h +++ /dev/null @@ -1,100 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_ECKEY_IMPL_H -#define SECP256K1_ECKEY_IMPL_H - -#include "eckey.h" - -#include "scalar.h" -#include "field.h" -#include "group.h" -#include "ecmult_gen.h" - -static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size) { - if (size == 33 && (pub[0] == SECP256K1_TAG_PUBKEY_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_ODD)) { - secp256k1_fe x; - return secp256k1_fe_set_b32(&x, pub+1) && secp256k1_ge_set_xo_var(elem, &x, pub[0] == SECP256K1_TAG_PUBKEY_ODD); - } else if (size == 65 && (pub[0] == SECP256K1_TAG_PUBKEY_UNCOMPRESSED || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { - secp256k1_fe x, y; - if (!secp256k1_fe_set_b32(&x, pub+1) || !secp256k1_fe_set_b32(&y, pub+33)) { - return 0; - } - secp256k1_ge_set_xy(elem, &x, &y); - if ((pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD) && - secp256k1_fe_is_odd(&y) != (pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { - return 0; - } - return secp256k1_ge_is_valid_var(elem); - } else { - return 0; - } -} - -static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed) { - if (secp256k1_ge_is_infinity(elem)) { - return 0; - } - secp256k1_fe_normalize_var(&elem->x); - secp256k1_fe_normalize_var(&elem->y); - secp256k1_fe_get_b32(&pub[1], &elem->x); - if (compressed) { - *size = 33; - pub[0] = secp256k1_fe_is_odd(&elem->y) ? SECP256K1_TAG_PUBKEY_ODD : SECP256K1_TAG_PUBKEY_EVEN; - } else { - *size = 65; - pub[0] = SECP256K1_TAG_PUBKEY_UNCOMPRESSED; - secp256k1_fe_get_b32(&pub[33], &elem->y); - } - return 1; -} - -static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak) { - secp256k1_scalar_add(key, key, tweak); - if (secp256k1_scalar_is_zero(key)) { - return 0; - } - return 1; -} - -static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak) { - secp256k1_gej pt; - secp256k1_scalar one; - secp256k1_gej_set_ge(&pt, key); - secp256k1_scalar_set_int(&one, 1); - secp256k1_ecmult(ctx, &pt, &pt, &one, tweak); - - if (secp256k1_gej_is_infinity(&pt)) { - return 0; - } - secp256k1_ge_set_gej(key, &pt); - return 1; -} - -static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak) { - if (secp256k1_scalar_is_zero(tweak)) { - return 0; - } - - secp256k1_scalar_mul(key, key, tweak); - return 1; -} - -static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak) { - secp256k1_scalar zero; - secp256k1_gej pt; - if (secp256k1_scalar_is_zero(tweak)) { - return 0; - } - - secp256k1_scalar_set_int(&zero, 0); - secp256k1_gej_set_ge(&pt, key); - secp256k1_ecmult(ctx, &pt, &pt, tweak, &zero); - secp256k1_ge_set_gej(key, &pt); - return 1; -} - -#endif /* SECP256K1_ECKEY_IMPL_H */ diff --git a/deps/secp256k1/src/ecmult.h b/deps/secp256k1/src/ecmult.h deleted file mode 100644 index c9b198239..000000000 --- a/deps/secp256k1/src/ecmult.h +++ /dev/null @@ -1,48 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_ECMULT_H -#define SECP256K1_ECMULT_H - -#include "num.h" -#include "group.h" -#include "scalar.h" -#include "scratch.h" - -typedef struct { - /* For accelerating the computation of a*P + b*G: */ - secp256k1_ge_storage (*pre_g)[]; /* odd multiples of the generator */ -#ifdef USE_ENDOMORPHISM - secp256k1_ge_storage (*pre_g_128)[]; /* odd multiples of 2^128*generator */ -#endif -} secp256k1_ecmult_context; - -static const size_t SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; -static void secp256k1_ecmult_context_init(secp256k1_ecmult_context *ctx); -static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, void **prealloc); -static void secp256k1_ecmult_context_finalize_memcpy(secp256k1_ecmult_context *dst, const secp256k1_ecmult_context *src); -static void secp256k1_ecmult_context_clear(secp256k1_ecmult_context *ctx); -static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context *ctx); - -/** Double multiply: R = na*A + ng*G */ -static void secp256k1_ecmult(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng); - -typedef int (secp256k1_ecmult_multi_callback)(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *data); - -/** - * Multi-multiply: R = inp_g_sc * G + sum_i ni * Ai. - * Chooses the right algorithm for a given number of points and scratch space - * size. Resets and overwrites the given scratch space. If the points do not - * fit in the scratch space the algorithm is repeatedly run with batches of - * points. If no scratch space is given then a simple algorithm is used that - * simply multiplies the points with the corresponding scalars and adds them up. - * Returns: 1 on success (including when inp_g_sc is NULL and n is 0) - * 0 if there is not enough scratch space for a single point or - * callback returns 0 - */ -static int secp256k1_ecmult_multi_var(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n); - -#endif /* SECP256K1_ECMULT_H */ diff --git a/deps/secp256k1/src/ecmult_const.h b/deps/secp256k1/src/ecmult_const.h deleted file mode 100644 index 03bb33257..000000000 --- a/deps/secp256k1/src/ecmult_const.h +++ /dev/null @@ -1,20 +0,0 @@ -/********************************************************************** - * Copyright (c) 2015 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_ECMULT_CONST_H -#define SECP256K1_ECMULT_CONST_H - -#include "scalar.h" -#include "group.h" - -/** - * Multiply: R = q*A (in constant-time) - * Here `bits` should be set to the maximum bitlength of the _absolute value_ of `q`, plus - * one because we internally sometimes add 2 to the number during the WNAF conversion. - */ -static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q, int bits); - -#endif /* SECP256K1_ECMULT_CONST_H */ diff --git a/deps/secp256k1/src/ecmult_const_impl.h b/deps/secp256k1/src/ecmult_const_impl.h deleted file mode 100644 index aaa576ada..000000000 --- a/deps/secp256k1/src/ecmult_const_impl.h +++ /dev/null @@ -1,261 +0,0 @@ -/********************************************************************** - * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_ECMULT_CONST_IMPL_H -#define SECP256K1_ECMULT_CONST_IMPL_H - -#include "scalar.h" -#include "group.h" -#include "ecmult_const.h" -#include "ecmult_impl.h" - -/* This is like `ECMULT_TABLE_GET_GE` but is constant time */ -#define ECMULT_CONST_TABLE_GET_GE(r,pre,n,w) do { \ - int m; \ - int abs_n = (n) * (((n) > 0) * 2 - 1); \ - int idx_n = abs_n / 2; \ - secp256k1_fe neg_y; \ - VERIFY_CHECK(((n) & 1) == 1); \ - VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ - VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ - VERIFY_SETUP(secp256k1_fe_clear(&(r)->x)); \ - VERIFY_SETUP(secp256k1_fe_clear(&(r)->y)); \ - for (m = 0; m < ECMULT_TABLE_SIZE(w); m++) { \ - /* This loop is used to avoid secret data in array indices. See - * the comment in ecmult_gen_impl.h for rationale. */ \ - secp256k1_fe_cmov(&(r)->x, &(pre)[m].x, m == idx_n); \ - secp256k1_fe_cmov(&(r)->y, &(pre)[m].y, m == idx_n); \ - } \ - (r)->infinity = 0; \ - secp256k1_fe_negate(&neg_y, &(r)->y, 1); \ - secp256k1_fe_cmov(&(r)->y, &neg_y, (n) != abs_n); \ -} while(0) - - -/** Convert a number to WNAF notation. - * The number becomes represented by sum(2^{wi} * wnaf[i], i=0..WNAF_SIZE(w)+1) - return_val. - * It has the following guarantees: - * - each wnaf[i] an odd integer between -(1 << w) and (1 << w) - * - each wnaf[i] is nonzero - * - the number of words set is always WNAF_SIZE(w) + 1 - * - * Adapted from `The Width-w NAF Method Provides Small Memory and Fast Elliptic Scalar - * Multiplications Secure against Side Channel Attacks`, Okeya and Tagaki. M. Joye (Ed.) - * CT-RSA 2003, LNCS 2612, pp. 328-443, 2003. Springer-Verlagy Berlin Heidelberg 2003 - * - * Numbers reference steps of `Algorithm SPA-resistant Width-w NAF with Odd Scalar` on pp. 335 - */ -static int secp256k1_wnaf_const(int *wnaf, const secp256k1_scalar *scalar, int w, int size) { - int global_sign; - int skew = 0; - int word = 0; - - /* 1 2 3 */ - int u_last; - int u; - - int flip; - int bit; - secp256k1_scalar s; - int not_neg_one; - - VERIFY_CHECK(w > 0); - VERIFY_CHECK(size > 0); - - /* Note that we cannot handle even numbers by negating them to be odd, as is - * done in other implementations, since if our scalars were specified to have - * width < 256 for performance reasons, their negations would have width 256 - * and we'd lose any performance benefit. Instead, we use a technique from - * Section 4.2 of the Okeya/Tagaki paper, which is to add either 1 (for even) - * or 2 (for odd) to the number we are encoding, returning a skew value indicating - * this, and having the caller compensate after doing the multiplication. - * - * In fact, we _do_ want to negate numbers to minimize their bit-lengths (and in - * particular, to ensure that the outputs from the endomorphism-split fit into - * 128 bits). If we negate, the parity of our number flips, inverting which of - * {1, 2} we want to add to the scalar when ensuring that it's odd. Further - * complicating things, -1 interacts badly with `secp256k1_scalar_cadd_bit` and - * we need to special-case it in this logic. */ - flip = secp256k1_scalar_is_high(scalar); - /* We add 1 to even numbers, 2 to odd ones, noting that negation flips parity */ - bit = flip ^ !secp256k1_scalar_is_even(scalar); - /* We check for negative one, since adding 2 to it will cause an overflow */ - secp256k1_scalar_negate(&s, scalar); - not_neg_one = !secp256k1_scalar_is_one(&s); - s = *scalar; - secp256k1_scalar_cadd_bit(&s, bit, not_neg_one); - /* If we had negative one, flip == 1, s.d[0] == 0, bit == 1, so caller expects - * that we added two to it and flipped it. In fact for -1 these operations are - * identical. We only flipped, but since skewing is required (in the sense that - * the skew must be 1 or 2, never zero) and flipping is not, we need to change - * our flags to claim that we only skewed. */ - global_sign = secp256k1_scalar_cond_negate(&s, flip); - global_sign *= not_neg_one * 2 - 1; - skew = 1 << bit; - - /* 4 */ - u_last = secp256k1_scalar_shr_int(&s, w); - do { - int sign; - int even; - - /* 4.1 4.4 */ - u = secp256k1_scalar_shr_int(&s, w); - /* 4.2 */ - even = ((u & 1) == 0); - sign = 2 * (u_last > 0) - 1; - u += sign * even; - u_last -= sign * even * (1 << w); - - /* 4.3, adapted for global sign change */ - wnaf[word++] = u_last * global_sign; - - u_last = u; - } while (word * w < size); - wnaf[word] = u * global_sign; - - VERIFY_CHECK(secp256k1_scalar_is_zero(&s)); - VERIFY_CHECK(word == WNAF_SIZE_BITS(size, w)); - return skew; -} - -static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *scalar, int size) { - secp256k1_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; - secp256k1_ge tmpa; - secp256k1_fe Z; - - int skew_1; -#ifdef USE_ENDOMORPHISM - secp256k1_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; - int wnaf_lam[1 + WNAF_SIZE(WINDOW_A - 1)]; - int skew_lam; - secp256k1_scalar q_1, q_lam; -#endif - int wnaf_1[1 + WNAF_SIZE(WINDOW_A - 1)]; - - int i; - - /* build wnaf representation for q. */ - int rsize = size; -#ifdef USE_ENDOMORPHISM - if (size > 128) { - rsize = 128; - /* split q into q_1 and q_lam (where q = q_1 + q_lam*lambda, and q_1 and q_lam are ~128 bit) */ - secp256k1_scalar_split_lambda(&q_1, &q_lam, scalar); - skew_1 = secp256k1_wnaf_const(wnaf_1, &q_1, WINDOW_A - 1, 128); - skew_lam = secp256k1_wnaf_const(wnaf_lam, &q_lam, WINDOW_A - 1, 128); - } else -#endif - { - skew_1 = secp256k1_wnaf_const(wnaf_1, scalar, WINDOW_A - 1, size); -#ifdef USE_ENDOMORPHISM - skew_lam = 0; -#endif - } - - /* Calculate odd multiples of a. - * All multiples are brought to the same Z 'denominator', which is stored - * in Z. Due to secp256k1' isomorphism we can do all operations pretending - * that the Z coordinate was 1, use affine addition formulae, and correct - * the Z coordinate of the result once at the end. - */ - secp256k1_gej_set_ge(r, a); - secp256k1_ecmult_odd_multiples_table_globalz_windowa(pre_a, &Z, r); - for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { - secp256k1_fe_normalize_weak(&pre_a[i].y); - } -#ifdef USE_ENDOMORPHISM - if (size > 128) { - for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { - secp256k1_ge_mul_lambda(&pre_a_lam[i], &pre_a[i]); - } - } -#endif - - /* first loop iteration (separated out so we can directly set r, rather - * than having it start at infinity, get doubled several times, then have - * its new value added to it) */ - i = wnaf_1[WNAF_SIZE_BITS(rsize, WINDOW_A - 1)]; - VERIFY_CHECK(i != 0); - ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a, i, WINDOW_A); - secp256k1_gej_set_ge(r, &tmpa); -#ifdef USE_ENDOMORPHISM - if (size > 128) { - i = wnaf_lam[WNAF_SIZE_BITS(rsize, WINDOW_A - 1)]; - VERIFY_CHECK(i != 0); - ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a_lam, i, WINDOW_A); - secp256k1_gej_add_ge(r, r, &tmpa); - } -#endif - /* remaining loop iterations */ - for (i = WNAF_SIZE_BITS(rsize, WINDOW_A - 1) - 1; i >= 0; i--) { - int n; - int j; - for (j = 0; j < WINDOW_A - 1; ++j) { - secp256k1_gej_double_nonzero(r, r, NULL); - } - - n = wnaf_1[i]; - ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a, n, WINDOW_A); - VERIFY_CHECK(n != 0); - secp256k1_gej_add_ge(r, r, &tmpa); -#ifdef USE_ENDOMORPHISM - if (size > 128) { - n = wnaf_lam[i]; - ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a_lam, n, WINDOW_A); - VERIFY_CHECK(n != 0); - secp256k1_gej_add_ge(r, r, &tmpa); - } -#endif - } - - secp256k1_fe_mul(&r->z, &r->z, &Z); - - { - /* Correct for wNAF skew */ - secp256k1_ge correction = *a; - secp256k1_ge_storage correction_1_stor; -#ifdef USE_ENDOMORPHISM - secp256k1_ge_storage correction_lam_stor; -#endif - secp256k1_ge_storage a2_stor; - secp256k1_gej tmpj; - secp256k1_gej_set_ge(&tmpj, &correction); - secp256k1_gej_double_var(&tmpj, &tmpj, NULL); - secp256k1_ge_set_gej(&correction, &tmpj); - secp256k1_ge_to_storage(&correction_1_stor, a); -#ifdef USE_ENDOMORPHISM - if (size > 128) { - secp256k1_ge_to_storage(&correction_lam_stor, a); - } -#endif - secp256k1_ge_to_storage(&a2_stor, &correction); - - /* For odd numbers this is 2a (so replace it), for even ones a (so no-op) */ - secp256k1_ge_storage_cmov(&correction_1_stor, &a2_stor, skew_1 == 2); -#ifdef USE_ENDOMORPHISM - if (size > 128) { - secp256k1_ge_storage_cmov(&correction_lam_stor, &a2_stor, skew_lam == 2); - } -#endif - - /* Apply the correction */ - secp256k1_ge_from_storage(&correction, &correction_1_stor); - secp256k1_ge_neg(&correction, &correction); - secp256k1_gej_add_ge(r, r, &correction); - -#ifdef USE_ENDOMORPHISM - if (size > 128) { - secp256k1_ge_from_storage(&correction, &correction_lam_stor); - secp256k1_ge_neg(&correction, &correction); - secp256k1_ge_mul_lambda(&correction, &correction); - secp256k1_gej_add_ge(r, r, &correction); - } -#endif - } -} - -#endif /* SECP256K1_ECMULT_CONST_IMPL_H */ diff --git a/deps/secp256k1/src/ecmult_gen.h b/deps/secp256k1/src/ecmult_gen.h deleted file mode 100644 index 30815e5aa..000000000 --- a/deps/secp256k1/src/ecmult_gen.h +++ /dev/null @@ -1,50 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_ECMULT_GEN_H -#define SECP256K1_ECMULT_GEN_H - -#include "scalar.h" -#include "group.h" - -#if ECMULT_GEN_PREC_BITS != 2 && ECMULT_GEN_PREC_BITS != 4 && ECMULT_GEN_PREC_BITS != 8 -# error "Set ECMULT_GEN_PREC_BITS to 2, 4 or 8." -#endif -#define ECMULT_GEN_PREC_B ECMULT_GEN_PREC_BITS -#define ECMULT_GEN_PREC_G (1 << ECMULT_GEN_PREC_B) -#define ECMULT_GEN_PREC_N (256 / ECMULT_GEN_PREC_B) - -typedef struct { - /* For accelerating the computation of a*G: - * To harden against timing attacks, use the following mechanism: - * * Break up the multiplicand into groups of PREC_B bits, called n_0, n_1, n_2, ..., n_(PREC_N-1). - * * Compute sum(n_i * (PREC_G)^i * G + U_i, i=0 ... PREC_N-1), where: - * * U_i = U * 2^i, for i=0 ... PREC_N-2 - * * U_i = U * (1-2^(PREC_N-1)), for i=PREC_N-1 - * where U is a point with no known corresponding scalar. Note that sum(U_i, i=0 ... PREC_N-1) = 0. - * For each i, and each of the PREC_G possible values of n_i, (n_i * (PREC_G)^i * G + U_i) is - * precomputed (call it prec(i, n_i)). The formula now becomes sum(prec(i, n_i), i=0 ... PREC_N-1). - * None of the resulting prec group elements have a known scalar, and neither do any of - * the intermediate sums while computing a*G. - */ - secp256k1_ge_storage (*prec)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G]; /* prec[j][i] = (PREC_G)^j * i * G + U_i */ - secp256k1_scalar blind; - secp256k1_gej initial; -} secp256k1_ecmult_gen_context; - -static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; -static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context* ctx); -static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context* ctx, void **prealloc); -static void secp256k1_ecmult_gen_context_finalize_memcpy(secp256k1_ecmult_gen_context *dst, const secp256k1_ecmult_gen_context* src); -static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context* ctx); -static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context* ctx); - -/** Multiply with the generator: R = a*G */ -static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context* ctx, secp256k1_gej *r, const secp256k1_scalar *a); - -static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32); - -#endif /* SECP256K1_ECMULT_GEN_H */ diff --git a/deps/secp256k1/src/ecmult_gen_impl.h b/deps/secp256k1/src/ecmult_gen_impl.h deleted file mode 100644 index a1b963939..000000000 --- a/deps/secp256k1/src/ecmult_gen_impl.h +++ /dev/null @@ -1,211 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_ECMULT_GEN_IMPL_H -#define SECP256K1_ECMULT_GEN_IMPL_H - -#include "util.h" -#include "scalar.h" -#include "group.h" -#include "ecmult_gen.h" -#include "hash_impl.h" -#ifdef USE_ECMULT_STATIC_PRECOMPUTATION -#include "ecmult_static_context.h" -#endif - -#ifndef USE_ECMULT_STATIC_PRECOMPUTATION - static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = ROUND_TO_ALIGN(sizeof(*((secp256k1_ecmult_gen_context*) NULL)->prec)); -#else - static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = 0; -#endif - -static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context *ctx) { - ctx->prec = NULL; -} - -static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context *ctx, void **prealloc) { -#ifndef USE_ECMULT_STATIC_PRECOMPUTATION - secp256k1_ge prec[ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G]; - secp256k1_gej gj; - secp256k1_gej nums_gej; - int i, j; - size_t const prealloc_size = SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; - void* const base = *prealloc; -#endif - - if (ctx->prec != NULL) { - return; - } -#ifndef USE_ECMULT_STATIC_PRECOMPUTATION - ctx->prec = (secp256k1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])manual_alloc(prealloc, prealloc_size, base, prealloc_size); - - /* get the generator */ - secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); - - /* Construct a group element with no known corresponding scalar (nothing up my sleeve). */ - { - static const unsigned char nums_b32[33] = "The scalar for this x is unknown"; - secp256k1_fe nums_x; - secp256k1_ge nums_ge; - int r; - r = secp256k1_fe_set_b32(&nums_x, nums_b32); - (void)r; - VERIFY_CHECK(r); - r = secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0); - (void)r; - VERIFY_CHECK(r); - secp256k1_gej_set_ge(&nums_gej, &nums_ge); - /* Add G to make the bits in x uniformly distributed. */ - secp256k1_gej_add_ge_var(&nums_gej, &nums_gej, &secp256k1_ge_const_g, NULL); - } - - /* compute prec. */ - { - secp256k1_gej precj[ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G]; /* Jacobian versions of prec. */ - secp256k1_gej gbase; - secp256k1_gej numsbase; - gbase = gj; /* PREC_G^j * G */ - numsbase = nums_gej; /* 2^j * nums. */ - for (j = 0; j < ECMULT_GEN_PREC_N; j++) { - /* Set precj[j*PREC_G .. j*PREC_G+(PREC_G-1)] to (numsbase, numsbase + gbase, ..., numsbase + (PREC_G-1)*gbase). */ - precj[j*ECMULT_GEN_PREC_G] = numsbase; - for (i = 1; i < ECMULT_GEN_PREC_G; i++) { - secp256k1_gej_add_var(&precj[j*ECMULT_GEN_PREC_G + i], &precj[j*ECMULT_GEN_PREC_G + i - 1], &gbase, NULL); - } - /* Multiply gbase by PREC_G. */ - for (i = 0; i < ECMULT_GEN_PREC_B; i++) { - secp256k1_gej_double_var(&gbase, &gbase, NULL); - } - /* Multiply numbase by 2. */ - secp256k1_gej_double_var(&numsbase, &numsbase, NULL); - if (j == ECMULT_GEN_PREC_N - 2) { - /* In the last iteration, numsbase is (1 - 2^j) * nums instead. */ - secp256k1_gej_neg(&numsbase, &numsbase); - secp256k1_gej_add_var(&numsbase, &numsbase, &nums_gej, NULL); - } - } - secp256k1_ge_set_all_gej_var(prec, precj, ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G); - } - for (j = 0; j < ECMULT_GEN_PREC_N; j++) { - for (i = 0; i < ECMULT_GEN_PREC_G; i++) { - secp256k1_ge_to_storage(&(*ctx->prec)[j][i], &prec[j*ECMULT_GEN_PREC_G + i]); - } - } -#else - (void)prealloc; - ctx->prec = (secp256k1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])secp256k1_ecmult_static_context; -#endif - secp256k1_ecmult_gen_blind(ctx, NULL); -} - -static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context* ctx) { - return ctx->prec != NULL; -} - -static void secp256k1_ecmult_gen_context_finalize_memcpy(secp256k1_ecmult_gen_context *dst, const secp256k1_ecmult_gen_context *src) { -#ifndef USE_ECMULT_STATIC_PRECOMPUTATION - if (src->prec != NULL) { - /* We cast to void* first to suppress a -Wcast-align warning. */ - dst->prec = (secp256k1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])(void*)((unsigned char*)dst + ((unsigned char*)src->prec - (unsigned char*)src)); - } -#else - (void)dst, (void)src; -#endif -} - -static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context *ctx) { - secp256k1_scalar_clear(&ctx->blind); - secp256k1_gej_clear(&ctx->initial); - ctx->prec = NULL; -} - -static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *gn) { - secp256k1_ge add; - secp256k1_ge_storage adds; - secp256k1_scalar gnb; - int bits; - int i, j; - memset(&adds, 0, sizeof(adds)); - *r = ctx->initial; - /* Blind scalar/point multiplication by computing (n-b)G + bG instead of nG. */ - secp256k1_scalar_add(&gnb, gn, &ctx->blind); - add.infinity = 0; - for (j = 0; j < ECMULT_GEN_PREC_N; j++) { - bits = secp256k1_scalar_get_bits(&gnb, j * ECMULT_GEN_PREC_B, ECMULT_GEN_PREC_B); - for (i = 0; i < ECMULT_GEN_PREC_G; i++) { - /** This uses a conditional move to avoid any secret data in array indexes. - * _Any_ use of secret indexes has been demonstrated to result in timing - * sidechannels, even when the cache-line access patterns are uniform. - * See also: - * "A word of warning", CHES 2013 Rump Session, by Daniel J. Bernstein and Peter Schwabe - * (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and - * "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, - * by Dag Arne Osvik, Adi Shamir, and Eran Tromer - * (http://www.tau.ac.il/~tromer/papers/cache.pdf) - */ - secp256k1_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits); - } - secp256k1_ge_from_storage(&add, &adds); - secp256k1_gej_add_ge(r, r, &add); - } - bits = 0; - secp256k1_ge_clear(&add); - secp256k1_scalar_clear(&gnb); -} - -/* Setup blinding values for secp256k1_ecmult_gen. */ -static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32) { - secp256k1_scalar b; - secp256k1_gej gb; - secp256k1_fe s; - unsigned char nonce32[32]; - secp256k1_rfc6979_hmac_sha256 rng; - int retry; - unsigned char keydata[64] = {0}; - if (seed32 == NULL) { - /* When seed is NULL, reset the initial point and blinding value. */ - secp256k1_gej_set_ge(&ctx->initial, &secp256k1_ge_const_g); - secp256k1_gej_neg(&ctx->initial, &ctx->initial); - secp256k1_scalar_set_int(&ctx->blind, 1); - } - /* The prior blinding value (if not reset) is chained forward by including it in the hash. */ - secp256k1_scalar_get_b32(nonce32, &ctx->blind); - /** Using a CSPRNG allows a failure free interface, avoids needing large amounts of random data, - * and guards against weak or adversarial seeds. This is a simpler and safer interface than - * asking the caller for blinding values directly and expecting them to retry on failure. - */ - memcpy(keydata, nonce32, 32); - if (seed32 != NULL) { - memcpy(keydata + 32, seed32, 32); - } - secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, seed32 ? 64 : 32); - memset(keydata, 0, sizeof(keydata)); - /* Retry for out of range results to achieve uniformity. */ - do { - secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); - retry = !secp256k1_fe_set_b32(&s, nonce32); - retry = retry || secp256k1_fe_is_zero(&s); - } while (retry); /* This branch true is cryptographically unreachable. Requires sha256_hmac output > Fp. */ - /* Randomize the projection to defend against multiplier sidechannels. */ - secp256k1_gej_rescale(&ctx->initial, &s); - secp256k1_fe_clear(&s); - do { - secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); - secp256k1_scalar_set_b32(&b, nonce32, &retry); - /* A blinding value of 0 works, but would undermine the projection hardening. */ - retry = retry || secp256k1_scalar_is_zero(&b); - } while (retry); /* This branch true is cryptographically unreachable. Requires sha256_hmac output > order. */ - secp256k1_rfc6979_hmac_sha256_finalize(&rng); - memset(nonce32, 0, 32); - secp256k1_ecmult_gen(ctx, &gb, &b); - secp256k1_scalar_negate(&b, &b); - ctx->blind = b; - ctx->initial = gb; - secp256k1_scalar_clear(&b); - secp256k1_gej_clear(&gb); -} - -#endif /* SECP256K1_ECMULT_GEN_IMPL_H */ diff --git a/deps/secp256k1/src/ecmult_impl.h b/deps/secp256k1/src/ecmult_impl.h deleted file mode 100644 index f03fa9469..000000000 --- a/deps/secp256k1/src/ecmult_impl.h +++ /dev/null @@ -1,1216 +0,0 @@ -/***************************************************************************** - * Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra, Jonas Nick * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php. * - *****************************************************************************/ - -#ifndef SECP256K1_ECMULT_IMPL_H -#define SECP256K1_ECMULT_IMPL_H - -#include -#include - -#include "util.h" -#include "group.h" -#include "scalar.h" -#include "ecmult.h" - -#if defined(EXHAUSTIVE_TEST_ORDER) -/* We need to lower these values for exhaustive tests because - * the tables cannot have infinities in them (this breaks the - * affine-isomorphism stuff which tracks z-ratios) */ -# if EXHAUSTIVE_TEST_ORDER > 128 -# define WINDOW_A 5 -# define WINDOW_G 8 -# elif EXHAUSTIVE_TEST_ORDER > 8 -# define WINDOW_A 4 -# define WINDOW_G 4 -# else -# define WINDOW_A 2 -# define WINDOW_G 2 -# endif -#else -/* optimal for 128-bit and 256-bit exponents. */ -# define WINDOW_A 5 -/** Larger values for ECMULT_WINDOW_SIZE result in possibly better - * performance at the cost of an exponentially larger precomputed - * table. The exact table size is - * (1 << (WINDOW_G - 2)) * sizeof(secp256k1_ge_storage) bytes, - * where sizeof(secp256k1_ge_storage) is typically 64 bytes but can - * be larger due to platform-specific padding and alignment. - * If the endomorphism optimization is enabled (USE_ENDOMORMPHSIM) - * two tables of this size are used instead of only one. - */ -# define WINDOW_G ECMULT_WINDOW_SIZE -#endif - -/* Noone will ever need more than a window size of 24. The code might - * be correct for larger values of ECMULT_WINDOW_SIZE but this is not - * not tested. - * - * The following limitations are known, and there are probably more: - * If WINDOW_G > 27 and size_t has 32 bits, then the code is incorrect - * because the size of the memory object that we allocate (in bytes) - * will not fit in a size_t. - * If WINDOW_G > 31 and int has 32 bits, then the code is incorrect - * because certain expressions will overflow. - */ -#if ECMULT_WINDOW_SIZE < 2 || ECMULT_WINDOW_SIZE > 24 -# error Set ECMULT_WINDOW_SIZE to an integer in range [2..24]. -#endif - -#ifdef USE_ENDOMORPHISM - #define WNAF_BITS 128 -#else - #define WNAF_BITS 256 -#endif -#define WNAF_SIZE_BITS(bits, w) (((bits) + (w) - 1) / (w)) -#define WNAF_SIZE(w) WNAF_SIZE_BITS(WNAF_BITS, w) - -/** The number of entries a table with precomputed multiples needs to have. */ -#define ECMULT_TABLE_SIZE(w) (1 << ((w)-2)) - -/* The number of objects allocated on the scratch space for ecmult_multi algorithms */ -#define PIPPENGER_SCRATCH_OBJECTS 6 -#define STRAUSS_SCRATCH_OBJECTS 6 - -#define PIPPENGER_MAX_BUCKET_WINDOW 12 - -/* Minimum number of points for which pippenger_wnaf is faster than strauss wnaf */ -#ifdef USE_ENDOMORPHISM - #define ECMULT_PIPPENGER_THRESHOLD 88 -#else - #define ECMULT_PIPPENGER_THRESHOLD 160 -#endif - -#ifdef USE_ENDOMORPHISM - #define ECMULT_MAX_POINTS_PER_BATCH 5000000 -#else - #define ECMULT_MAX_POINTS_PER_BATCH 10000000 -#endif - -/** Fill a table 'prej' with precomputed odd multiples of a. Prej will contain - * the values [1*a,3*a,...,(2*n-1)*a], so it space for n values. zr[0] will - * contain prej[0].z / a.z. The other zr[i] values = prej[i].z / prej[i-1].z. - * Prej's Z values are undefined, except for the last value. - */ -static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_gej *prej, secp256k1_fe *zr, const secp256k1_gej *a) { - secp256k1_gej d; - secp256k1_ge a_ge, d_ge; - int i; - - VERIFY_CHECK(!a->infinity); - - secp256k1_gej_double_var(&d, a, NULL); - - /* - * Perform the additions on an isomorphism where 'd' is affine: drop the z coordinate - * of 'd', and scale the 1P starting value's x/y coordinates without changing its z. - */ - d_ge.x = d.x; - d_ge.y = d.y; - d_ge.infinity = 0; - - secp256k1_ge_set_gej_zinv(&a_ge, a, &d.z); - prej[0].x = a_ge.x; - prej[0].y = a_ge.y; - prej[0].z = a->z; - prej[0].infinity = 0; - - zr[0] = d.z; - for (i = 1; i < n; i++) { - secp256k1_gej_add_ge_var(&prej[i], &prej[i-1], &d_ge, &zr[i]); - } - - /* - * Each point in 'prej' has a z coordinate too small by a factor of 'd.z'. Only - * the final point's z coordinate is actually used though, so just update that. - */ - secp256k1_fe_mul(&prej[n-1].z, &prej[n-1].z, &d.z); -} - -/** Fill a table 'pre' with precomputed odd multiples of a. - * - * There are two versions of this function: - * - secp256k1_ecmult_odd_multiples_table_globalz_windowa which brings its - * resulting point set to a single constant Z denominator, stores the X and Y - * coordinates as ge_storage points in pre, and stores the global Z in rz. - * It only operates on tables sized for WINDOW_A wnaf multiples. - * - secp256k1_ecmult_odd_multiples_table_storage_var, which converts its - * resulting point set to actually affine points, and stores those in pre. - * It operates on tables of any size. - * - * To compute a*P + b*G, we compute a table for P using the first function, - * and for G using the second (which requires an inverse, but it only needs to - * happen once). - */ -static void secp256k1_ecmult_odd_multiples_table_globalz_windowa(secp256k1_ge *pre, secp256k1_fe *globalz, const secp256k1_gej *a) { - secp256k1_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)]; - secp256k1_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)]; - - /* Compute the odd multiples in Jacobian form. */ - secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), prej, zr, a); - /* Bring them to the same Z denominator. */ - secp256k1_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A), pre, globalz, prej, zr); -} - -static void secp256k1_ecmult_odd_multiples_table_storage_var(const int n, secp256k1_ge_storage *pre, const secp256k1_gej *a) { - secp256k1_gej d; - secp256k1_ge d_ge, p_ge; - secp256k1_gej pj; - secp256k1_fe zi; - secp256k1_fe zr; - secp256k1_fe dx_over_dz_squared; - int i; - - VERIFY_CHECK(!a->infinity); - - secp256k1_gej_double_var(&d, a, NULL); - - /* First, we perform all the additions in an isomorphic curve obtained by multiplying - * all `z` coordinates by 1/`d.z`. In these coordinates `d` is affine so we can use - * `secp256k1_gej_add_ge_var` to perform the additions. For each addition, we store - * the resulting y-coordinate and the z-ratio, since we only have enough memory to - * store two field elements. These are sufficient to efficiently undo the isomorphism - * and recompute all the `x`s. - */ - d_ge.x = d.x; - d_ge.y = d.y; - d_ge.infinity = 0; - - secp256k1_ge_set_gej_zinv(&p_ge, a, &d.z); - pj.x = p_ge.x; - pj.y = p_ge.y; - pj.z = a->z; - pj.infinity = 0; - - for (i = 0; i < (n - 1); i++) { - secp256k1_fe_normalize_var(&pj.y); - secp256k1_fe_to_storage(&pre[i].y, &pj.y); - secp256k1_gej_add_ge_var(&pj, &pj, &d_ge, &zr); - secp256k1_fe_normalize_var(&zr); - secp256k1_fe_to_storage(&pre[i].x, &zr); - } - - /* Invert d.z in the same batch, preserving pj.z so we can extract 1/d.z */ - secp256k1_fe_mul(&zi, &pj.z, &d.z); - secp256k1_fe_inv_var(&zi, &zi); - - /* Directly set `pre[n - 1]` to `pj`, saving the inverted z-coordinate so - * that we can combine it with the saved z-ratios to compute the other zs - * without any more inversions. */ - secp256k1_ge_set_gej_zinv(&p_ge, &pj, &zi); - secp256k1_ge_to_storage(&pre[n - 1], &p_ge); - - /* Compute the actual x-coordinate of D, which will be needed below. */ - secp256k1_fe_mul(&d.z, &zi, &pj.z); /* d.z = 1/d.z */ - secp256k1_fe_sqr(&dx_over_dz_squared, &d.z); - secp256k1_fe_mul(&dx_over_dz_squared, &dx_over_dz_squared, &d.x); - - /* Going into the second loop, we have set `pre[n-1]` to its final affine - * form, but still need to set `pre[i]` for `i` in 0 through `n-2`. We - * have `zi = (p.z * d.z)^-1`, where - * - * `p.z` is the z-coordinate of the point on the isomorphic curve - * which was ultimately assigned to `pre[n-1]`. - * `d.z` is the multiplier that must be applied to all z-coordinates - * to move from our isomorphic curve back to secp256k1; so the - * product `p.z * d.z` is the z-coordinate of the secp256k1 - * point assigned to `pre[n-1]`. - * - * All subsequent inverse-z-coordinates can be obtained by multiplying this - * factor by successive z-ratios, which is much more efficient than directly - * computing each one. - * - * Importantly, these inverse-zs will be coordinates of points on secp256k1, - * while our other stored values come from computations on the isomorphic - * curve. So in the below loop, we will take care not to actually use `zi` - * or any derived values until we're back on secp256k1. - */ - i = n - 1; - while (i > 0) { - secp256k1_fe zi2, zi3; - const secp256k1_fe *rzr; - i--; - - secp256k1_ge_from_storage(&p_ge, &pre[i]); - - /* For each remaining point, we extract the z-ratio from the stored - * x-coordinate, compute its z^-1 from that, and compute the full - * point from that. */ - rzr = &p_ge.x; - secp256k1_fe_mul(&zi, &zi, rzr); - secp256k1_fe_sqr(&zi2, &zi); - secp256k1_fe_mul(&zi3, &zi2, &zi); - /* To compute the actual x-coordinate, we use the stored z ratio and - * y-coordinate, which we obtained from `secp256k1_gej_add_ge_var` - * in the loop above, as well as the inverse of the square of its - * z-coordinate. We store the latter in the `zi2` variable, which is - * computed iteratively starting from the overall Z inverse then - * multiplying by each z-ratio in turn. - * - * Denoting the z-ratio as `rzr`, we observe that it is equal to `h` - * from the inside of the above `gej_add_ge_var` call. This satisfies - * - * rzr = d_x * z^2 - x * d_z^2 - * - * where (`d_x`, `d_z`) are Jacobian coordinates of `D` and `(x, z)` - * are Jacobian coordinates of our desired point -- except both are on - * the isomorphic curve that we were using when we called `gej_add_ge_var`. - * To get back to secp256k1, we must multiply both `z`s by `d_z`, or - * equivalently divide both `x`s by `d_z^2`. Our equation then becomes - * - * rzr = d_x * z^2 / d_z^2 - x - * - * (The left-hand-side, being a ratio of z-coordinates, is unaffected - * by the isomorphism.) - * - * Rearranging to solve for `x`, we have - * - * x = d_x * z^2 / d_z^2 - rzr - * - * But what we actually want is the affine coordinate `X = x/z^2`, - * which will satisfy - * - * X = d_x / d_z^2 - rzr / z^2 - * = dx_over_dz_squared - rzr * zi2 - */ - secp256k1_fe_mul(&p_ge.x, rzr, &zi2); - secp256k1_fe_negate(&p_ge.x, &p_ge.x, 1); - secp256k1_fe_add(&p_ge.x, &dx_over_dz_squared); - /* y is stored_y/z^3, as we expect */ - secp256k1_fe_mul(&p_ge.y, &p_ge.y, &zi3); - /* Store */ - secp256k1_ge_to_storage(&pre[i], &p_ge); - } -} - -/** The following two macro retrieves a particular odd multiple from a table - * of precomputed multiples. */ -#define ECMULT_TABLE_GET_GE(r,pre,n,w) do { \ - VERIFY_CHECK(((n) & 1) == 1); \ - VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ - VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ - if ((n) > 0) { \ - *(r) = (pre)[((n)-1)/2]; \ - } else { \ - *(r) = (pre)[(-(n)-1)/2]; \ - secp256k1_fe_negate(&((r)->y), &((r)->y), 1); \ - } \ -} while(0) - -#define ECMULT_TABLE_GET_GE_STORAGE(r,pre,n,w) do { \ - VERIFY_CHECK(((n) & 1) == 1); \ - VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ - VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ - if ((n) > 0) { \ - secp256k1_ge_from_storage((r), &(pre)[((n)-1)/2]); \ - } else { \ - secp256k1_ge_from_storage((r), &(pre)[(-(n)-1)/2]); \ - secp256k1_fe_negate(&((r)->y), &((r)->y), 1); \ - } \ -} while(0) - -static const size_t SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE = - ROUND_TO_ALIGN(sizeof((*((secp256k1_ecmult_context*) NULL)->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G)) -#ifdef USE_ENDOMORPHISM - + ROUND_TO_ALIGN(sizeof((*((secp256k1_ecmult_context*) NULL)->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G)) -#endif - ; - -static void secp256k1_ecmult_context_init(secp256k1_ecmult_context *ctx) { - ctx->pre_g = NULL; -#ifdef USE_ENDOMORPHISM - ctx->pre_g_128 = NULL; -#endif -} - -static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, void **prealloc) { - secp256k1_gej gj; - void* const base = *prealloc; - size_t const prealloc_size = SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; - - if (ctx->pre_g != NULL) { - return; - } - - /* get the generator */ - secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); - - { - size_t size = sizeof((*ctx->pre_g)[0]) * ((size_t)ECMULT_TABLE_SIZE(WINDOW_G)); - /* check for overflow */ - VERIFY_CHECK(size / sizeof((*ctx->pre_g)[0]) == ((size_t)ECMULT_TABLE_SIZE(WINDOW_G))); - ctx->pre_g = (secp256k1_ge_storage (*)[])manual_alloc(prealloc, sizeof((*ctx->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G), base, prealloc_size); - } - - /* precompute the tables with odd multiples */ - secp256k1_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g, &gj); - -#ifdef USE_ENDOMORPHISM - { - secp256k1_gej g_128j; - int i; - - size_t size = sizeof((*ctx->pre_g_128)[0]) * ((size_t) ECMULT_TABLE_SIZE(WINDOW_G)); - /* check for overflow */ - VERIFY_CHECK(size / sizeof((*ctx->pre_g_128)[0]) == ((size_t)ECMULT_TABLE_SIZE(WINDOW_G))); - ctx->pre_g_128 = (secp256k1_ge_storage (*)[])manual_alloc(prealloc, sizeof((*ctx->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G), base, prealloc_size); - - /* calculate 2^128*generator */ - g_128j = gj; - for (i = 0; i < 128; i++) { - secp256k1_gej_double_var(&g_128j, &g_128j, NULL); - } - secp256k1_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g_128, &g_128j); - } -#endif -} - -static void secp256k1_ecmult_context_finalize_memcpy(secp256k1_ecmult_context *dst, const secp256k1_ecmult_context *src) { - if (src->pre_g != NULL) { - /* We cast to void* first to suppress a -Wcast-align warning. */ - dst->pre_g = (secp256k1_ge_storage (*)[])(void*)((unsigned char*)dst + ((unsigned char*)(src->pre_g) - (unsigned char*)src)); - } -#ifdef USE_ENDOMORPHISM - if (src->pre_g_128 != NULL) { - dst->pre_g_128 = (secp256k1_ge_storage (*)[])(void*)((unsigned char*)dst + ((unsigned char*)(src->pre_g_128) - (unsigned char*)src)); - } -#endif -} - -static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context *ctx) { - return ctx->pre_g != NULL; -} - -static void secp256k1_ecmult_context_clear(secp256k1_ecmult_context *ctx) { - secp256k1_ecmult_context_init(ctx); -} - -/** Convert a number to WNAF notation. The number becomes represented by sum(2^i * wnaf[i], i=0..bits), - * with the following guarantees: - * - each wnaf[i] is either 0, or an odd integer between -(1<<(w-1) - 1) and (1<<(w-1) - 1) - * - two non-zero entries in wnaf are separated by at least w-1 zeroes. - * - the number of set values in wnaf is returned. This number is at most 256, and at most one more - * than the number of bits in the (absolute value) of the input. - */ -static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a, int w) { - secp256k1_scalar s; - int last_set_bit = -1; - int bit = 0; - int sign = 1; - int carry = 0; - - VERIFY_CHECK(wnaf != NULL); - VERIFY_CHECK(0 <= len && len <= 256); - VERIFY_CHECK(a != NULL); - VERIFY_CHECK(2 <= w && w <= 31); - - memset(wnaf, 0, len * sizeof(wnaf[0])); - - s = *a; - if (secp256k1_scalar_get_bits(&s, 255, 1)) { - secp256k1_scalar_negate(&s, &s); - sign = -1; - } - - while (bit < len) { - int now; - int word; - if (secp256k1_scalar_get_bits(&s, bit, 1) == (unsigned int)carry) { - bit++; - continue; - } - - now = w; - if (now > len - bit) { - now = len - bit; - } - - word = secp256k1_scalar_get_bits_var(&s, bit, now) + carry; - - carry = (word >> (w-1)) & 1; - word -= carry << w; - - wnaf[bit] = sign * word; - last_set_bit = bit; - - bit += now; - } -#ifdef VERIFY - CHECK(carry == 0); - while (bit < 256) { - CHECK(secp256k1_scalar_get_bits(&s, bit++, 1) == 0); - } -#endif - return last_set_bit + 1; -} - -struct secp256k1_strauss_point_state { -#ifdef USE_ENDOMORPHISM - secp256k1_scalar na_1, na_lam; - int wnaf_na_1[130]; - int wnaf_na_lam[130]; - int bits_na_1; - int bits_na_lam; -#else - int wnaf_na[256]; - int bits_na; -#endif - size_t input_pos; -}; - -struct secp256k1_strauss_state { - secp256k1_gej* prej; - secp256k1_fe* zr; - secp256k1_ge* pre_a; -#ifdef USE_ENDOMORPHISM - secp256k1_ge* pre_a_lam; -#endif - struct secp256k1_strauss_point_state* ps; -}; - -static void secp256k1_ecmult_strauss_wnaf(const secp256k1_ecmult_context *ctx, const struct secp256k1_strauss_state *state, secp256k1_gej *r, int num, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng) { - secp256k1_ge tmpa; - secp256k1_fe Z; -#ifdef USE_ENDOMORPHISM - /* Splitted G factors. */ - secp256k1_scalar ng_1, ng_128; - int wnaf_ng_1[129]; - int bits_ng_1 = 0; - int wnaf_ng_128[129]; - int bits_ng_128 = 0; -#else - int wnaf_ng[256]; - int bits_ng = 0; -#endif - int i; - int bits = 0; - int np; - int no = 0; - - for (np = 0; np < num; ++np) { - if (secp256k1_scalar_is_zero(&na[np]) || secp256k1_gej_is_infinity(&a[np])) { - continue; - } - state->ps[no].input_pos = np; -#ifdef USE_ENDOMORPHISM - /* split na into na_1 and na_lam (where na = na_1 + na_lam*lambda, and na_1 and na_lam are ~128 bit) */ - secp256k1_scalar_split_lambda(&state->ps[no].na_1, &state->ps[no].na_lam, &na[np]); - - /* build wnaf representation for na_1 and na_lam. */ - state->ps[no].bits_na_1 = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na_1, 130, &state->ps[no].na_1, WINDOW_A); - state->ps[no].bits_na_lam = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na_lam, 130, &state->ps[no].na_lam, WINDOW_A); - VERIFY_CHECK(state->ps[no].bits_na_1 <= 130); - VERIFY_CHECK(state->ps[no].bits_na_lam <= 130); - if (state->ps[no].bits_na_1 > bits) { - bits = state->ps[no].bits_na_1; - } - if (state->ps[no].bits_na_lam > bits) { - bits = state->ps[no].bits_na_lam; - } -#else - /* build wnaf representation for na. */ - state->ps[no].bits_na = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na, 256, &na[np], WINDOW_A); - if (state->ps[no].bits_na > bits) { - bits = state->ps[no].bits_na; - } -#endif - ++no; - } - - /* Calculate odd multiples of a. - * All multiples are brought to the same Z 'denominator', which is stored - * in Z. Due to secp256k1' isomorphism we can do all operations pretending - * that the Z coordinate was 1, use affine addition formulae, and correct - * the Z coordinate of the result once at the end. - * The exception is the precomputed G table points, which are actually - * affine. Compared to the base used for other points, they have a Z ratio - * of 1/Z, so we can use secp256k1_gej_add_zinv_var, which uses the same - * isomorphism to efficiently add with a known Z inverse. - */ - if (no > 0) { - /* Compute the odd multiples in Jacobian form. */ - secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->prej, state->zr, &a[state->ps[0].input_pos]); - for (np = 1; np < no; ++np) { - secp256k1_gej tmp = a[state->ps[np].input_pos]; -#ifdef VERIFY - secp256k1_fe_normalize_var(&(state->prej[(np - 1) * ECMULT_TABLE_SIZE(WINDOW_A) + ECMULT_TABLE_SIZE(WINDOW_A) - 1].z)); -#endif - secp256k1_gej_rescale(&tmp, &(state->prej[(np - 1) * ECMULT_TABLE_SIZE(WINDOW_A) + ECMULT_TABLE_SIZE(WINDOW_A) - 1].z)); - secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->prej + np * ECMULT_TABLE_SIZE(WINDOW_A), state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), &tmp); - secp256k1_fe_mul(state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), &(a[state->ps[np].input_pos].z)); - } - /* Bring them to the same Z denominator. */ - secp256k1_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A) * no, state->pre_a, &Z, state->prej, state->zr); - } else { - secp256k1_fe_set_int(&Z, 1); - } - -#ifdef USE_ENDOMORPHISM - for (np = 0; np < no; ++np) { - for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { - secp256k1_ge_mul_lambda(&state->pre_a_lam[np * ECMULT_TABLE_SIZE(WINDOW_A) + i], &state->pre_a[np * ECMULT_TABLE_SIZE(WINDOW_A) + i]); - } - } - - if (ng) { - /* split ng into ng_1 and ng_128 (where gn = gn_1 + gn_128*2^128, and gn_1 and gn_128 are ~128 bit) */ - secp256k1_scalar_split_128(&ng_1, &ng_128, ng); - - /* Build wnaf representation for ng_1 and ng_128 */ - bits_ng_1 = secp256k1_ecmult_wnaf(wnaf_ng_1, 129, &ng_1, WINDOW_G); - bits_ng_128 = secp256k1_ecmult_wnaf(wnaf_ng_128, 129, &ng_128, WINDOW_G); - if (bits_ng_1 > bits) { - bits = bits_ng_1; - } - if (bits_ng_128 > bits) { - bits = bits_ng_128; - } - } -#else - if (ng) { - bits_ng = secp256k1_ecmult_wnaf(wnaf_ng, 256, ng, WINDOW_G); - if (bits_ng > bits) { - bits = bits_ng; - } - } -#endif - - secp256k1_gej_set_infinity(r); - - for (i = bits - 1; i >= 0; i--) { - int n; - secp256k1_gej_double_var(r, r, NULL); -#ifdef USE_ENDOMORPHISM - for (np = 0; np < no; ++np) { - if (i < state->ps[np].bits_na_1 && (n = state->ps[np].wnaf_na_1[i])) { - ECMULT_TABLE_GET_GE(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); - secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); - } - if (i < state->ps[np].bits_na_lam && (n = state->ps[np].wnaf_na_lam[i])) { - ECMULT_TABLE_GET_GE(&tmpa, state->pre_a_lam + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); - secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); - } - } - if (i < bits_ng_1 && (n = wnaf_ng_1[i])) { - ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g, n, WINDOW_G); - secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); - } - if (i < bits_ng_128 && (n = wnaf_ng_128[i])) { - ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g_128, n, WINDOW_G); - secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); - } -#else - for (np = 0; np < no; ++np) { - if (i < state->ps[np].bits_na && (n = state->ps[np].wnaf_na[i])) { - ECMULT_TABLE_GET_GE(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); - secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); - } - } - if (i < bits_ng && (n = wnaf_ng[i])) { - ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g, n, WINDOW_G); - secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); - } -#endif - } - - if (!r->infinity) { - secp256k1_fe_mul(&r->z, &r->z, &Z); - } -} - -static void secp256k1_ecmult(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng) { - secp256k1_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)]; - secp256k1_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)]; - secp256k1_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; - struct secp256k1_strauss_point_state ps[1]; -#ifdef USE_ENDOMORPHISM - secp256k1_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; -#endif - struct secp256k1_strauss_state state; - - state.prej = prej; - state.zr = zr; - state.pre_a = pre_a; -#ifdef USE_ENDOMORPHISM - state.pre_a_lam = pre_a_lam; -#endif - state.ps = ps; - secp256k1_ecmult_strauss_wnaf(ctx, &state, r, 1, a, na, ng); -} - -static size_t secp256k1_strauss_scratch_size(size_t n_points) { -#ifdef USE_ENDOMORPHISM - static const size_t point_size = (2 * sizeof(secp256k1_ge) + sizeof(secp256k1_gej) + sizeof(secp256k1_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct secp256k1_strauss_point_state) + sizeof(secp256k1_gej) + sizeof(secp256k1_scalar); -#else - static const size_t point_size = (sizeof(secp256k1_ge) + sizeof(secp256k1_gej) + sizeof(secp256k1_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct secp256k1_strauss_point_state) + sizeof(secp256k1_gej) + sizeof(secp256k1_scalar); -#endif - return n_points*point_size; -} - -static int secp256k1_ecmult_strauss_batch(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { - secp256k1_gej* points; - secp256k1_scalar* scalars; - struct secp256k1_strauss_state state; - size_t i; - const size_t scratch_checkpoint = secp256k1_scratch_checkpoint(error_callback, scratch); - - secp256k1_gej_set_infinity(r); - if (inp_g_sc == NULL && n_points == 0) { - return 1; - } - - points = (secp256k1_gej*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(secp256k1_gej)); - scalars = (secp256k1_scalar*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(secp256k1_scalar)); - state.prej = (secp256k1_gej*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_gej)); - state.zr = (secp256k1_fe*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_fe)); -#ifdef USE_ENDOMORPHISM - state.pre_a = (secp256k1_ge*)secp256k1_scratch_alloc(error_callback, scratch, n_points * 2 * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_ge)); - state.pre_a_lam = state.pre_a + n_points * ECMULT_TABLE_SIZE(WINDOW_A); -#else - state.pre_a = (secp256k1_ge*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_ge)); -#endif - state.ps = (struct secp256k1_strauss_point_state*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(struct secp256k1_strauss_point_state)); - - if (points == NULL || scalars == NULL || state.prej == NULL || state.zr == NULL || state.pre_a == NULL) { - secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); - return 0; - } - - for (i = 0; i < n_points; i++) { - secp256k1_ge point; - if (!cb(&scalars[i], &point, i+cb_offset, cbdata)) { - secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); - return 0; - } - secp256k1_gej_set_ge(&points[i], &point); - } - secp256k1_ecmult_strauss_wnaf(ctx, &state, r, n_points, points, scalars, inp_g_sc); - secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); - return 1; -} - -/* Wrapper for secp256k1_ecmult_multi_func interface */ -static int secp256k1_ecmult_strauss_batch_single(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *actx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n) { - return secp256k1_ecmult_strauss_batch(error_callback, actx, scratch, r, inp_g_sc, cb, cbdata, n, 0); -} - -static size_t secp256k1_strauss_max_points(const secp256k1_callback* error_callback, secp256k1_scratch *scratch) { - return secp256k1_scratch_max_allocation(error_callback, scratch, STRAUSS_SCRATCH_OBJECTS) / secp256k1_strauss_scratch_size(1); -} - -/** Convert a number to WNAF notation. - * The number becomes represented by sum(2^{wi} * wnaf[i], i=0..WNAF_SIZE(w)+1) - return_val. - * It has the following guarantees: - * - each wnaf[i] is either 0 or an odd integer between -(1 << w) and (1 << w) - * - the number of words set is always WNAF_SIZE(w) - * - the returned skew is 0 or 1 - */ -static int secp256k1_wnaf_fixed(int *wnaf, const secp256k1_scalar *s, int w) { - int skew = 0; - int pos; - int max_pos; - int last_w; - const secp256k1_scalar *work = s; - - if (secp256k1_scalar_is_zero(s)) { - for (pos = 0; pos < WNAF_SIZE(w); pos++) { - wnaf[pos] = 0; - } - return 0; - } - - if (secp256k1_scalar_is_even(s)) { - skew = 1; - } - - wnaf[0] = secp256k1_scalar_get_bits_var(work, 0, w) + skew; - /* Compute last window size. Relevant when window size doesn't divide the - * number of bits in the scalar */ - last_w = WNAF_BITS - (WNAF_SIZE(w) - 1) * w; - - /* Store the position of the first nonzero word in max_pos to allow - * skipping leading zeros when calculating the wnaf. */ - for (pos = WNAF_SIZE(w) - 1; pos > 0; pos--) { - int val = secp256k1_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); - if(val != 0) { - break; - } - wnaf[pos] = 0; - } - max_pos = pos; - pos = 1; - - while (pos <= max_pos) { - int val = secp256k1_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); - if ((val & 1) == 0) { - wnaf[pos - 1] -= (1 << w); - wnaf[pos] = (val + 1); - } else { - wnaf[pos] = val; - } - /* Set a coefficient to zero if it is 1 or -1 and the proceeding digit - * is strictly negative or strictly positive respectively. Only change - * coefficients at previous positions because above code assumes that - * wnaf[pos - 1] is odd. - */ - if (pos >= 2 && ((wnaf[pos - 1] == 1 && wnaf[pos - 2] < 0) || (wnaf[pos - 1] == -1 && wnaf[pos - 2] > 0))) { - if (wnaf[pos - 1] == 1) { - wnaf[pos - 2] += 1 << w; - } else { - wnaf[pos - 2] -= 1 << w; - } - wnaf[pos - 1] = 0; - } - ++pos; - } - - return skew; -} - -struct secp256k1_pippenger_point_state { - int skew_na; - size_t input_pos; -}; - -struct secp256k1_pippenger_state { - int *wnaf_na; - struct secp256k1_pippenger_point_state* ps; -}; - -/* - * pippenger_wnaf computes the result of a multi-point multiplication as - * follows: The scalars are brought into wnaf with n_wnaf elements each. Then - * for every i < n_wnaf, first each point is added to a "bucket" corresponding - * to the point's wnaf[i]. Second, the buckets are added together such that - * r += 1*bucket[0] + 3*bucket[1] + 5*bucket[2] + ... - */ -static int secp256k1_ecmult_pippenger_wnaf(secp256k1_gej *buckets, int bucket_window, struct secp256k1_pippenger_state *state, secp256k1_gej *r, const secp256k1_scalar *sc, const secp256k1_ge *pt, size_t num) { - size_t n_wnaf = WNAF_SIZE(bucket_window+1); - size_t np; - size_t no = 0; - int i; - int j; - - for (np = 0; np < num; ++np) { - if (secp256k1_scalar_is_zero(&sc[np]) || secp256k1_ge_is_infinity(&pt[np])) { - continue; - } - state->ps[no].input_pos = np; - state->ps[no].skew_na = secp256k1_wnaf_fixed(&state->wnaf_na[no*n_wnaf], &sc[np], bucket_window+1); - no++; - } - secp256k1_gej_set_infinity(r); - - if (no == 0) { - return 1; - } - - for (i = n_wnaf - 1; i >= 0; i--) { - secp256k1_gej running_sum; - - for(j = 0; j < ECMULT_TABLE_SIZE(bucket_window+2); j++) { - secp256k1_gej_set_infinity(&buckets[j]); - } - - for (np = 0; np < no; ++np) { - int n = state->wnaf_na[np*n_wnaf + i]; - struct secp256k1_pippenger_point_state point_state = state->ps[np]; - secp256k1_ge tmp; - int idx; - - if (i == 0) { - /* correct for wnaf skew */ - int skew = point_state.skew_na; - if (skew) { - secp256k1_ge_neg(&tmp, &pt[point_state.input_pos]); - secp256k1_gej_add_ge_var(&buckets[0], &buckets[0], &tmp, NULL); - } - } - if (n > 0) { - idx = (n - 1)/2; - secp256k1_gej_add_ge_var(&buckets[idx], &buckets[idx], &pt[point_state.input_pos], NULL); - } else if (n < 0) { - idx = -(n + 1)/2; - secp256k1_ge_neg(&tmp, &pt[point_state.input_pos]); - secp256k1_gej_add_ge_var(&buckets[idx], &buckets[idx], &tmp, NULL); - } - } - - for(j = 0; j < bucket_window; j++) { - secp256k1_gej_double_var(r, r, NULL); - } - - secp256k1_gej_set_infinity(&running_sum); - /* Accumulate the sum: bucket[0] + 3*bucket[1] + 5*bucket[2] + 7*bucket[3] + ... - * = bucket[0] + bucket[1] + bucket[2] + bucket[3] + ... - * + 2 * (bucket[1] + 2*bucket[2] + 3*bucket[3] + ...) - * using an intermediate running sum: - * running_sum = bucket[0] + bucket[1] + bucket[2] + ... - * - * The doubling is done implicitly by deferring the final window doubling (of 'r'). - */ - for(j = ECMULT_TABLE_SIZE(bucket_window+2) - 1; j > 0; j--) { - secp256k1_gej_add_var(&running_sum, &running_sum, &buckets[j], NULL); - secp256k1_gej_add_var(r, r, &running_sum, NULL); - } - - secp256k1_gej_add_var(&running_sum, &running_sum, &buckets[0], NULL); - secp256k1_gej_double_var(r, r, NULL); - secp256k1_gej_add_var(r, r, &running_sum, NULL); - } - return 1; -} - -/** - * Returns optimal bucket_window (number of bits of a scalar represented by a - * set of buckets) for a given number of points. - */ -static int secp256k1_pippenger_bucket_window(size_t n) { -#ifdef USE_ENDOMORPHISM - if (n <= 1) { - return 1; - } else if (n <= 4) { - return 2; - } else if (n <= 20) { - return 3; - } else if (n <= 57) { - return 4; - } else if (n <= 136) { - return 5; - } else if (n <= 235) { - return 6; - } else if (n <= 1260) { - return 7; - } else if (n <= 4420) { - return 9; - } else if (n <= 7880) { - return 10; - } else if (n <= 16050) { - return 11; - } else { - return PIPPENGER_MAX_BUCKET_WINDOW; - } -#else - if (n <= 1) { - return 1; - } else if (n <= 11) { - return 2; - } else if (n <= 45) { - return 3; - } else if (n <= 100) { - return 4; - } else if (n <= 275) { - return 5; - } else if (n <= 625) { - return 6; - } else if (n <= 1850) { - return 7; - } else if (n <= 3400) { - return 8; - } else if (n <= 9630) { - return 9; - } else if (n <= 17900) { - return 10; - } else if (n <= 32800) { - return 11; - } else { - return PIPPENGER_MAX_BUCKET_WINDOW; - } -#endif -} - -/** - * Returns the maximum optimal number of points for a bucket_window. - */ -static size_t secp256k1_pippenger_bucket_window_inv(int bucket_window) { - switch(bucket_window) { -#ifdef USE_ENDOMORPHISM - case 1: return 1; - case 2: return 4; - case 3: return 20; - case 4: return 57; - case 5: return 136; - case 6: return 235; - case 7: return 1260; - case 8: return 1260; - case 9: return 4420; - case 10: return 7880; - case 11: return 16050; - case PIPPENGER_MAX_BUCKET_WINDOW: return SIZE_MAX; -#else - case 1: return 1; - case 2: return 11; - case 3: return 45; - case 4: return 100; - case 5: return 275; - case 6: return 625; - case 7: return 1850; - case 8: return 3400; - case 9: return 9630; - case 10: return 17900; - case 11: return 32800; - case PIPPENGER_MAX_BUCKET_WINDOW: return SIZE_MAX; -#endif - } - return 0; -} - - -#ifdef USE_ENDOMORPHISM -SECP256K1_INLINE static void secp256k1_ecmult_endo_split(secp256k1_scalar *s1, secp256k1_scalar *s2, secp256k1_ge *p1, secp256k1_ge *p2) { - secp256k1_scalar tmp = *s1; - secp256k1_scalar_split_lambda(s1, s2, &tmp); - secp256k1_ge_mul_lambda(p2, p1); - - if (secp256k1_scalar_is_high(s1)) { - secp256k1_scalar_negate(s1, s1); - secp256k1_ge_neg(p1, p1); - } - if (secp256k1_scalar_is_high(s2)) { - secp256k1_scalar_negate(s2, s2); - secp256k1_ge_neg(p2, p2); - } -} -#endif - -/** - * Returns the scratch size required for a given number of points (excluding - * base point G) without considering alignment. - */ -static size_t secp256k1_pippenger_scratch_size(size_t n_points, int bucket_window) { -#ifdef USE_ENDOMORPHISM - size_t entries = 2*n_points + 2; -#else - size_t entries = n_points + 1; -#endif - size_t entry_size = sizeof(secp256k1_ge) + sizeof(secp256k1_scalar) + sizeof(struct secp256k1_pippenger_point_state) + (WNAF_SIZE(bucket_window+1)+1)*sizeof(int); - return (sizeof(secp256k1_gej) << bucket_window) + sizeof(struct secp256k1_pippenger_state) + entries * entry_size; -} - -static int secp256k1_ecmult_pippenger_batch(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { - const size_t scratch_checkpoint = secp256k1_scratch_checkpoint(error_callback, scratch); - /* Use 2(n+1) with the endomorphism, n+1 without, when calculating batch - * sizes. The reason for +1 is that we add the G scalar to the list of - * other scalars. */ -#ifdef USE_ENDOMORPHISM - size_t entries = 2*n_points + 2; -#else - size_t entries = n_points + 1; -#endif - secp256k1_ge *points; - secp256k1_scalar *scalars; - secp256k1_gej *buckets; - struct secp256k1_pippenger_state *state_space; - size_t idx = 0; - size_t point_idx = 0; - int i, j; - int bucket_window; - - (void)ctx; - secp256k1_gej_set_infinity(r); - if (inp_g_sc == NULL && n_points == 0) { - return 1; - } - - bucket_window = secp256k1_pippenger_bucket_window(n_points); - points = (secp256k1_ge *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*points)); - scalars = (secp256k1_scalar *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*scalars)); - state_space = (struct secp256k1_pippenger_state *) secp256k1_scratch_alloc(error_callback, scratch, sizeof(*state_space)); - if (points == NULL || scalars == NULL || state_space == NULL) { - secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); - return 0; - } - - state_space->ps = (struct secp256k1_pippenger_point_state *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*state_space->ps)); - state_space->wnaf_na = (int *) secp256k1_scratch_alloc(error_callback, scratch, entries*(WNAF_SIZE(bucket_window+1)) * sizeof(int)); - buckets = (secp256k1_gej *) secp256k1_scratch_alloc(error_callback, scratch, (1<ps == NULL || state_space->wnaf_na == NULL || buckets == NULL) { - secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); - return 0; - } - - if (inp_g_sc != NULL) { - scalars[0] = *inp_g_sc; - points[0] = secp256k1_ge_const_g; - idx++; -#ifdef USE_ENDOMORPHISM - secp256k1_ecmult_endo_split(&scalars[0], &scalars[1], &points[0], &points[1]); - idx++; -#endif - } - - while (point_idx < n_points) { - if (!cb(&scalars[idx], &points[idx], point_idx + cb_offset, cbdata)) { - secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); - return 0; - } - idx++; -#ifdef USE_ENDOMORPHISM - secp256k1_ecmult_endo_split(&scalars[idx - 1], &scalars[idx], &points[idx - 1], &points[idx]); - idx++; -#endif - point_idx++; - } - - secp256k1_ecmult_pippenger_wnaf(buckets, bucket_window, state_space, r, scalars, points, idx); - - /* Clear data */ - for(i = 0; (size_t)i < idx; i++) { - secp256k1_scalar_clear(&scalars[i]); - state_space->ps[i].skew_na = 0; - for(j = 0; j < WNAF_SIZE(bucket_window+1); j++) { - state_space->wnaf_na[i * WNAF_SIZE(bucket_window+1) + j] = 0; - } - } - for(i = 0; i < 1< max_alloc) { - break; - } - space_for_points = max_alloc - space_overhead; - - n_points = space_for_points/entry_size; - n_points = n_points > max_points ? max_points : n_points; - if (n_points > res) { - res = n_points; - } - if (n_points < max_points) { - /* A larger bucket_window may support even more points. But if we - * would choose that then the caller couldn't safely use any number - * smaller than what this function returns */ - break; - } - } - return res; -} - -/* Computes ecmult_multi by simply multiplying and adding each point. Does not - * require a scratch space */ -static int secp256k1_ecmult_multi_simple_var(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points) { - size_t point_idx; - secp256k1_scalar szero; - secp256k1_gej tmpj; - - secp256k1_scalar_set_int(&szero, 0); - secp256k1_gej_set_infinity(r); - secp256k1_gej_set_infinity(&tmpj); - /* r = inp_g_sc*G */ - secp256k1_ecmult(ctx, r, &tmpj, &szero, inp_g_sc); - for (point_idx = 0; point_idx < n_points; point_idx++) { - secp256k1_ge point; - secp256k1_gej pointj; - secp256k1_scalar scalar; - if (!cb(&scalar, &point, point_idx, cbdata)) { - return 0; - } - /* r += scalar*point */ - secp256k1_gej_set_ge(&pointj, &point); - secp256k1_ecmult(ctx, &tmpj, &pointj, &scalar, NULL); - secp256k1_gej_add_var(r, r, &tmpj, NULL); - } - return 1; -} - -/* Compute the number of batches and the batch size given the maximum batch size and the - * total number of points */ -static int secp256k1_ecmult_multi_batch_size_helper(size_t *n_batches, size_t *n_batch_points, size_t max_n_batch_points, size_t n) { - if (max_n_batch_points == 0) { - return 0; - } - if (max_n_batch_points > ECMULT_MAX_POINTS_PER_BATCH) { - max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH; - } - if (n == 0) { - *n_batches = 0; - *n_batch_points = 0; - return 1; - } - /* Compute ceil(n/max_n_batch_points) and ceil(n/n_batches) */ - *n_batches = 1 + (n - 1) / max_n_batch_points; - *n_batch_points = 1 + (n - 1) / *n_batches; - return 1; -} - -typedef int (*secp256k1_ecmult_multi_func)(const secp256k1_callback* error_callback, const secp256k1_ecmult_context*, secp256k1_scratch*, secp256k1_gej*, const secp256k1_scalar*, secp256k1_ecmult_multi_callback cb, void*, size_t); -static int secp256k1_ecmult_multi_var(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n) { - size_t i; - - int (*f)(const secp256k1_callback* error_callback, const secp256k1_ecmult_context*, secp256k1_scratch*, secp256k1_gej*, const secp256k1_scalar*, secp256k1_ecmult_multi_callback cb, void*, size_t, size_t); - size_t n_batches; - size_t n_batch_points; - - secp256k1_gej_set_infinity(r); - if (inp_g_sc == NULL && n == 0) { - return 1; - } else if (n == 0) { - secp256k1_scalar szero; - secp256k1_scalar_set_int(&szero, 0); - secp256k1_ecmult(ctx, r, r, &szero, inp_g_sc); - return 1; - } - if (scratch == NULL) { - return secp256k1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); - } - - /* Compute the batch sizes for Pippenger's algorithm given a scratch space. If it's greater than - * a threshold use Pippenger's algorithm. Otherwise use Strauss' algorithm. - * As a first step check if there's enough space for Pippenger's algo (which requires less space - * than Strauss' algo) and if not, use the simple algorithm. */ - if (!secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, secp256k1_pippenger_max_points(error_callback, scratch), n)) { - return secp256k1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); - } - if (n_batch_points >= ECMULT_PIPPENGER_THRESHOLD) { - f = secp256k1_ecmult_pippenger_batch; - } else { - if (!secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, secp256k1_strauss_max_points(error_callback, scratch), n)) { - return secp256k1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); - } - f = secp256k1_ecmult_strauss_batch; - } - for(i = 0; i < n_batches; i++) { - size_t nbp = n < n_batch_points ? n : n_batch_points; - size_t offset = n_batch_points*i; - secp256k1_gej tmp; - if (!f(error_callback, ctx, scratch, &tmp, i == 0 ? inp_g_sc : NULL, cb, cbdata, nbp, offset)) { - return 0; - } - secp256k1_gej_add_var(r, r, &tmp, NULL); - n -= nbp; - } - return 1; -} - -#endif /* SECP256K1_ECMULT_IMPL_H */ diff --git a/deps/secp256k1/src/field.h b/deps/secp256k1/src/field.h deleted file mode 100644 index bb6692ad5..000000000 --- a/deps/secp256k1/src/field.h +++ /dev/null @@ -1,132 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_FIELD_H -#define SECP256K1_FIELD_H - -/** Field element module. - * - * Field elements can be represented in several ways, but code accessing - * it (and implementations) need to take certain properties into account: - * - Each field element can be normalized or not. - * - Each field element has a magnitude, which represents how far away - * its representation is away from normalization. Normalized elements - * always have a magnitude of 1, but a magnitude of 1 doesn't imply - * normality. - */ - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -#if defined(USE_FIELD_10X26) -#include "field_10x26.h" -#elif defined(USE_FIELD_5X52) -#include "field_5x52.h" -#else -#error "Please select field implementation" -#endif - -#include "util.h" - -/** Normalize a field element. */ -static void secp256k1_fe_normalize(secp256k1_fe *r); - -/** Weakly normalize a field element: reduce it magnitude to 1, but don't fully normalize. */ -static void secp256k1_fe_normalize_weak(secp256k1_fe *r); - -/** Normalize a field element, without constant-time guarantee. */ -static void secp256k1_fe_normalize_var(secp256k1_fe *r); - -/** Verify whether a field element represents zero i.e. would normalize to a zero value. The field - * implementation may optionally normalize the input, but this should not be relied upon. */ -static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r); - -/** Verify whether a field element represents zero i.e. would normalize to a zero value. The field - * implementation may optionally normalize the input, but this should not be relied upon. */ -static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r); - -/** Set a field element equal to a small integer. Resulting field element is normalized. */ -static void secp256k1_fe_set_int(secp256k1_fe *r, int a); - -/** Sets a field element equal to zero, initializing all fields. */ -static void secp256k1_fe_clear(secp256k1_fe *a); - -/** Verify whether a field element is zero. Requires the input to be normalized. */ -static int secp256k1_fe_is_zero(const secp256k1_fe *a); - -/** Check the "oddness" of a field element. Requires the input to be normalized. */ -static int secp256k1_fe_is_odd(const secp256k1_fe *a); - -/** Compare two field elements. Requires magnitude-1 inputs. */ -static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b); - -/** Same as secp256k1_fe_equal, but may be variable time. */ -static int secp256k1_fe_equal_var(const secp256k1_fe *a, const secp256k1_fe *b); - -/** Compare two field elements. Requires both inputs to be normalized */ -static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b); - -/** Set a field element equal to 32-byte big endian value. If successful, the resulting field element is normalized. */ -static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a); - -/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ -static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a); - -/** Set a field element equal to the additive inverse of another. Takes a maximum magnitude of the input - * as an argument. The magnitude of the output is one higher. */ -static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m); - -/** Multiplies the passed field element with a small integer constant. Multiplies the magnitude by that - * small integer. */ -static void secp256k1_fe_mul_int(secp256k1_fe *r, int a); - -/** Adds a field element to another. The result has the sum of the inputs' magnitudes as magnitude. */ -static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a); - -/** Sets a field element to be the product of two others. Requires the inputs' magnitudes to be at most 8. - * The output magnitude is 1 (but not guaranteed to be normalized). */ -static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b); - -/** Sets a field element to be the square of another. Requires the input's magnitude to be at most 8. - * The output magnitude is 1 (but not guaranteed to be normalized). */ -static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a); - -/** If a has a square root, it is computed in r and 1 is returned. If a does not - * have a square root, the root of its negation is computed and 0 is returned. - * The input's magnitude can be at most 8. The output magnitude is 1 (but not - * guaranteed to be normalized). The result in r will always be a square - * itself. */ -static int secp256k1_fe_sqrt(secp256k1_fe *r, const secp256k1_fe *a); - -/** Checks whether a field element is a quadratic residue. */ -static int secp256k1_fe_is_quad_var(const secp256k1_fe *a); - -/** Sets a field element to be the (modular) inverse of another. Requires the input's magnitude to be - * at most 8. The output magnitude is 1 (but not guaranteed to be normalized). */ -static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a); - -/** Potentially faster version of secp256k1_fe_inv, without constant-time guarantee. */ -static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a); - -/** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be - * at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and - * outputs must not overlap in memory. */ -static void secp256k1_fe_inv_all_var(secp256k1_fe *r, const secp256k1_fe *a, size_t len); - -/** Convert a field element to the storage type. */ -static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a); - -/** Convert a field element back from the storage type. */ -static void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a); - -/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. */ -static void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag); - -/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. */ -static void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag); - -#endif /* SECP256K1_FIELD_H */ diff --git a/deps/secp256k1/src/field_10x26.h b/deps/secp256k1/src/field_10x26.h deleted file mode 100644 index 5ff03c8ab..000000000 --- a/deps/secp256k1/src/field_10x26.h +++ /dev/null @@ -1,50 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_FIELD_REPR_H -#define SECP256K1_FIELD_REPR_H - -#include - -typedef struct { - /* X = sum(i=0..9, n[i]*2^(i*26)) mod p - * where p = 2^256 - 0x1000003D1 - */ - uint32_t n[10]; -#ifdef VERIFY - int magnitude; - int normalized; -#endif -} secp256k1_fe; - -/* Unpacks a constant into a overlapping multi-limbed FE element. */ -#define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ - (d0) & 0x3FFFFFFUL, \ - (((uint32_t)d0) >> 26) | (((uint32_t)(d1) & 0xFFFFFUL) << 6), \ - (((uint32_t)d1) >> 20) | (((uint32_t)(d2) & 0x3FFFUL) << 12), \ - (((uint32_t)d2) >> 14) | (((uint32_t)(d3) & 0xFFUL) << 18), \ - (((uint32_t)d3) >> 8) | (((uint32_t)(d4) & 0x3UL) << 24), \ - (((uint32_t)d4) >> 2) & 0x3FFFFFFUL, \ - (((uint32_t)d4) >> 28) | (((uint32_t)(d5) & 0x3FFFFFUL) << 4), \ - (((uint32_t)d5) >> 22) | (((uint32_t)(d6) & 0xFFFFUL) << 10), \ - (((uint32_t)d6) >> 16) | (((uint32_t)(d7) & 0x3FFUL) << 16), \ - (((uint32_t)d7) >> 10) \ -} - -#ifdef VERIFY -#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)), 1, 1} -#else -#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0))} -#endif - -typedef struct { - uint32_t n[8]; -} secp256k1_fe_storage; - -#define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ (d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7) }} -#define SECP256K1_FE_STORAGE_CONST_GET(d) d.n[7], d.n[6], d.n[5], d.n[4],d.n[3], d.n[2], d.n[1], d.n[0] - -#endif /* SECP256K1_FIELD_REPR_H */ diff --git a/deps/secp256k1/src/field_10x26_impl.h b/deps/secp256k1/src/field_10x26_impl.h deleted file mode 100644 index 4ae4fdcec..000000000 --- a/deps/secp256k1/src/field_10x26_impl.h +++ /dev/null @@ -1,1162 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_FIELD_REPR_IMPL_H -#define SECP256K1_FIELD_REPR_IMPL_H - -#include "util.h" -#include "field.h" - -#ifdef VERIFY -static void secp256k1_fe_verify(const secp256k1_fe *a) { - const uint32_t *d = a->n; - int m = a->normalized ? 1 : 2 * a->magnitude, r = 1; - r &= (d[0] <= 0x3FFFFFFUL * m); - r &= (d[1] <= 0x3FFFFFFUL * m); - r &= (d[2] <= 0x3FFFFFFUL * m); - r &= (d[3] <= 0x3FFFFFFUL * m); - r &= (d[4] <= 0x3FFFFFFUL * m); - r &= (d[5] <= 0x3FFFFFFUL * m); - r &= (d[6] <= 0x3FFFFFFUL * m); - r &= (d[7] <= 0x3FFFFFFUL * m); - r &= (d[8] <= 0x3FFFFFFUL * m); - r &= (d[9] <= 0x03FFFFFUL * m); - r &= (a->magnitude >= 0); - r &= (a->magnitude <= 32); - if (a->normalized) { - r &= (a->magnitude <= 1); - if (r && (d[9] == 0x03FFFFFUL)) { - uint32_t mid = d[8] & d[7] & d[6] & d[5] & d[4] & d[3] & d[2]; - if (mid == 0x3FFFFFFUL) { - r &= ((d[1] + 0x40UL + ((d[0] + 0x3D1UL) >> 26)) <= 0x3FFFFFFUL); - } - } - } - VERIFY_CHECK(r == 1); -} -#endif - -static void secp256k1_fe_normalize(secp256k1_fe *r) { - uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], - t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; - - /* Reduce t9 at the start so there will be at most a single carry from the first pass */ - uint32_t m; - uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; - - /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; m = t2; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; m &= t3; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; m &= t4; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; m &= t5; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; m &= t6; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; m &= t7; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; m &= t8; - - /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ - VERIFY_CHECK(t9 >> 23 == 0); - - /* At most a single final reduction is needed; check if the value is >= the field characteristic */ - x = (t9 >> 22) | ((t9 == 0x03FFFFFUL) & (m == 0x3FFFFFFUL) - & ((t1 + 0x40UL + ((t0 + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); - - /* Apply the final reduction (for constant-time behaviour, we do it always) */ - t0 += x * 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; - - /* If t9 didn't carry to bit 22 already, then it should have after any final reduction */ - VERIFY_CHECK(t9 >> 22 == x); - - /* Mask off the possible multiple of 2^256 from the final reduction */ - t9 &= 0x03FFFFFUL; - - r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; - r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; - -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 1; - secp256k1_fe_verify(r); -#endif -} - -static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { - uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], - t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; - - /* Reduce t9 at the start so there will be at most a single carry from the first pass */ - uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; - - /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; - - /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ - VERIFY_CHECK(t9 >> 23 == 0); - - r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; - r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; - -#ifdef VERIFY - r->magnitude = 1; - secp256k1_fe_verify(r); -#endif -} - -static void secp256k1_fe_normalize_var(secp256k1_fe *r) { - uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], - t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; - - /* Reduce t9 at the start so there will be at most a single carry from the first pass */ - uint32_t m; - uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; - - /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; m = t2; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; m &= t3; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; m &= t4; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; m &= t5; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; m &= t6; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; m &= t7; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; m &= t8; - - /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ - VERIFY_CHECK(t9 >> 23 == 0); - - /* At most a single final reduction is needed; check if the value is >= the field characteristic */ - x = (t9 >> 22) | ((t9 == 0x03FFFFFUL) & (m == 0x3FFFFFFUL) - & ((t1 + 0x40UL + ((t0 + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); - - if (x) { - t0 += 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; - - /* If t9 didn't carry to bit 22 already, then it should have after any final reduction */ - VERIFY_CHECK(t9 >> 22 == x); - - /* Mask off the possible multiple of 2^256 from the final reduction */ - t9 &= 0x03FFFFFUL; - } - - r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; - r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; - -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 1; - secp256k1_fe_verify(r); -#endif -} - -static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r) { - uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], - t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; - - /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ - uint32_t z0, z1; - - /* Reduce t9 at the start so there will be at most a single carry from the first pass */ - uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; - - /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; z0 = t0; z1 = t0 ^ 0x3D0UL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; z0 |= t1; z1 &= t1 ^ 0x40UL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; z0 |= t2; z1 &= t2; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; z0 |= t3; z1 &= t3; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; z0 |= t4; z1 &= t4; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; z0 |= t5; z1 &= t5; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; z0 |= t6; z1 &= t6; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; z0 |= t7; z1 &= t7; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; z0 |= t8; z1 &= t8; - z0 |= t9; z1 &= t9 ^ 0x3C00000UL; - - /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ - VERIFY_CHECK(t9 >> 23 == 0); - - return (z0 == 0) | (z1 == 0x3FFFFFFUL); -} - -static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { - uint32_t t0, t1, t2, t3, t4, t5, t6, t7, t8, t9; - uint32_t z0, z1; - uint32_t x; - - t0 = r->n[0]; - t9 = r->n[9]; - - /* Reduce t9 at the start so there will be at most a single carry from the first pass */ - x = t9 >> 22; - - /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x3D1UL; - - /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ - z0 = t0 & 0x3FFFFFFUL; - z1 = z0 ^ 0x3D0UL; - - /* Fast return path should catch the majority of cases */ - if ((z0 != 0UL) & (z1 != 0x3FFFFFFUL)) { - return 0; - } - - t1 = r->n[1]; - t2 = r->n[2]; - t3 = r->n[3]; - t4 = r->n[4]; - t5 = r->n[5]; - t6 = r->n[6]; - t7 = r->n[7]; - t8 = r->n[8]; - - t9 &= 0x03FFFFFUL; - t1 += (x << 6); - - t1 += (t0 >> 26); - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; z0 |= t1; z1 &= t1 ^ 0x40UL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; z0 |= t2; z1 &= t2; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; z0 |= t3; z1 &= t3; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; z0 |= t4; z1 &= t4; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; z0 |= t5; z1 &= t5; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; z0 |= t6; z1 &= t6; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; z0 |= t7; z1 &= t7; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; z0 |= t8; z1 &= t8; - z0 |= t9; z1 &= t9 ^ 0x3C00000UL; - - /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ - VERIFY_CHECK(t9 >> 23 == 0); - - return (z0 == 0) | (z1 == 0x3FFFFFFUL); -} - -SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { - r->n[0] = a; - r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0; -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 1; - secp256k1_fe_verify(r); -#endif -} - -SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe *a) { - const uint32_t *t = a->n; -#ifdef VERIFY - VERIFY_CHECK(a->normalized); - secp256k1_fe_verify(a); -#endif - return (t[0] | t[1] | t[2] | t[3] | t[4] | t[5] | t[6] | t[7] | t[8] | t[9]) == 0; -} - -SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe *a) { -#ifdef VERIFY - VERIFY_CHECK(a->normalized); - secp256k1_fe_verify(a); -#endif - return a->n[0] & 1; -} - -SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe *a) { - int i; -#ifdef VERIFY - a->magnitude = 0; - a->normalized = 1; -#endif - for (i=0; i<10; i++) { - a->n[i] = 0; - } -} - -static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b) { - int i; -#ifdef VERIFY - VERIFY_CHECK(a->normalized); - VERIFY_CHECK(b->normalized); - secp256k1_fe_verify(a); - secp256k1_fe_verify(b); -#endif - for (i = 9; i >= 0; i--) { - if (a->n[i] > b->n[i]) { - return 1; - } - if (a->n[i] < b->n[i]) { - return -1; - } - } - return 0; -} - -static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a) { - r->n[0] = (uint32_t)a[31] | ((uint32_t)a[30] << 8) | ((uint32_t)a[29] << 16) | ((uint32_t)(a[28] & 0x3) << 24); - r->n[1] = (uint32_t)((a[28] >> 2) & 0x3f) | ((uint32_t)a[27] << 6) | ((uint32_t)a[26] << 14) | ((uint32_t)(a[25] & 0xf) << 22); - r->n[2] = (uint32_t)((a[25] >> 4) & 0xf) | ((uint32_t)a[24] << 4) | ((uint32_t)a[23] << 12) | ((uint32_t)(a[22] & 0x3f) << 20); - r->n[3] = (uint32_t)((a[22] >> 6) & 0x3) | ((uint32_t)a[21] << 2) | ((uint32_t)a[20] << 10) | ((uint32_t)a[19] << 18); - r->n[4] = (uint32_t)a[18] | ((uint32_t)a[17] << 8) | ((uint32_t)a[16] << 16) | ((uint32_t)(a[15] & 0x3) << 24); - r->n[5] = (uint32_t)((a[15] >> 2) & 0x3f) | ((uint32_t)a[14] << 6) | ((uint32_t)a[13] << 14) | ((uint32_t)(a[12] & 0xf) << 22); - r->n[6] = (uint32_t)((a[12] >> 4) & 0xf) | ((uint32_t)a[11] << 4) | ((uint32_t)a[10] << 12) | ((uint32_t)(a[9] & 0x3f) << 20); - r->n[7] = (uint32_t)((a[9] >> 6) & 0x3) | ((uint32_t)a[8] << 2) | ((uint32_t)a[7] << 10) | ((uint32_t)a[6] << 18); - r->n[8] = (uint32_t)a[5] | ((uint32_t)a[4] << 8) | ((uint32_t)a[3] << 16) | ((uint32_t)(a[2] & 0x3) << 24); - r->n[9] = (uint32_t)((a[2] >> 2) & 0x3f) | ((uint32_t)a[1] << 6) | ((uint32_t)a[0] << 14); - - if (r->n[9] == 0x3FFFFFUL && (r->n[8] & r->n[7] & r->n[6] & r->n[5] & r->n[4] & r->n[3] & r->n[2]) == 0x3FFFFFFUL && (r->n[1] + 0x40UL + ((r->n[0] + 0x3D1UL) >> 26)) > 0x3FFFFFFUL) { - return 0; - } -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 1; - secp256k1_fe_verify(r); -#endif - return 1; -} - -/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ -static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a) { -#ifdef VERIFY - VERIFY_CHECK(a->normalized); - secp256k1_fe_verify(a); -#endif - r[0] = (a->n[9] >> 14) & 0xff; - r[1] = (a->n[9] >> 6) & 0xff; - r[2] = ((a->n[9] & 0x3F) << 2) | ((a->n[8] >> 24) & 0x3); - r[3] = (a->n[8] >> 16) & 0xff; - r[4] = (a->n[8] >> 8) & 0xff; - r[5] = a->n[8] & 0xff; - r[6] = (a->n[7] >> 18) & 0xff; - r[7] = (a->n[7] >> 10) & 0xff; - r[8] = (a->n[7] >> 2) & 0xff; - r[9] = ((a->n[7] & 0x3) << 6) | ((a->n[6] >> 20) & 0x3f); - r[10] = (a->n[6] >> 12) & 0xff; - r[11] = (a->n[6] >> 4) & 0xff; - r[12] = ((a->n[6] & 0xf) << 4) | ((a->n[5] >> 22) & 0xf); - r[13] = (a->n[5] >> 14) & 0xff; - r[14] = (a->n[5] >> 6) & 0xff; - r[15] = ((a->n[5] & 0x3f) << 2) | ((a->n[4] >> 24) & 0x3); - r[16] = (a->n[4] >> 16) & 0xff; - r[17] = (a->n[4] >> 8) & 0xff; - r[18] = a->n[4] & 0xff; - r[19] = (a->n[3] >> 18) & 0xff; - r[20] = (a->n[3] >> 10) & 0xff; - r[21] = (a->n[3] >> 2) & 0xff; - r[22] = ((a->n[3] & 0x3) << 6) | ((a->n[2] >> 20) & 0x3f); - r[23] = (a->n[2] >> 12) & 0xff; - r[24] = (a->n[2] >> 4) & 0xff; - r[25] = ((a->n[2] & 0xf) << 4) | ((a->n[1] >> 22) & 0xf); - r[26] = (a->n[1] >> 14) & 0xff; - r[27] = (a->n[1] >> 6) & 0xff; - r[28] = ((a->n[1] & 0x3f) << 2) | ((a->n[0] >> 24) & 0x3); - r[29] = (a->n[0] >> 16) & 0xff; - r[30] = (a->n[0] >> 8) & 0xff; - r[31] = a->n[0] & 0xff; -} - -SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m) { -#ifdef VERIFY - VERIFY_CHECK(a->magnitude <= m); - secp256k1_fe_verify(a); -#endif - r->n[0] = 0x3FFFC2FUL * 2 * (m + 1) - a->n[0]; - r->n[1] = 0x3FFFFBFUL * 2 * (m + 1) - a->n[1]; - r->n[2] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[2]; - r->n[3] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[3]; - r->n[4] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[4]; - r->n[5] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[5]; - r->n[6] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[6]; - r->n[7] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[7]; - r->n[8] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[8]; - r->n[9] = 0x03FFFFFUL * 2 * (m + 1) - a->n[9]; -#ifdef VERIFY - r->magnitude = m + 1; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif -} - -SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe *r, int a) { - r->n[0] *= a; - r->n[1] *= a; - r->n[2] *= a; - r->n[3] *= a; - r->n[4] *= a; - r->n[5] *= a; - r->n[6] *= a; - r->n[7] *= a; - r->n[8] *= a; - r->n[9] *= a; -#ifdef VERIFY - r->magnitude *= a; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif -} - -SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a) { -#ifdef VERIFY - secp256k1_fe_verify(a); -#endif - r->n[0] += a->n[0]; - r->n[1] += a->n[1]; - r->n[2] += a->n[2]; - r->n[3] += a->n[3]; - r->n[4] += a->n[4]; - r->n[5] += a->n[5]; - r->n[6] += a->n[6]; - r->n[7] += a->n[7]; - r->n[8] += a->n[8]; - r->n[9] += a->n[9]; -#ifdef VERIFY - r->magnitude += a->magnitude; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif -} - -#if defined(USE_EXTERNAL_ASM) - -/* External assembler implementation */ -void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b); -void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t *a); - -#else - -#ifdef VERIFY -#define VERIFY_BITS(x, n) VERIFY_CHECK(((x) >> (n)) == 0) -#else -#define VERIFY_BITS(x, n) do { } while(0) -#endif - -SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b) { - uint64_t c, d; - uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; - uint32_t t9, t1, t0, t2, t3, t4, t5, t6, t7; - const uint32_t M = 0x3FFFFFFUL, R0 = 0x3D10UL, R1 = 0x400UL; - - VERIFY_BITS(a[0], 30); - VERIFY_BITS(a[1], 30); - VERIFY_BITS(a[2], 30); - VERIFY_BITS(a[3], 30); - VERIFY_BITS(a[4], 30); - VERIFY_BITS(a[5], 30); - VERIFY_BITS(a[6], 30); - VERIFY_BITS(a[7], 30); - VERIFY_BITS(a[8], 30); - VERIFY_BITS(a[9], 26); - VERIFY_BITS(b[0], 30); - VERIFY_BITS(b[1], 30); - VERIFY_BITS(b[2], 30); - VERIFY_BITS(b[3], 30); - VERIFY_BITS(b[4], 30); - VERIFY_BITS(b[5], 30); - VERIFY_BITS(b[6], 30); - VERIFY_BITS(b[7], 30); - VERIFY_BITS(b[8], 30); - VERIFY_BITS(b[9], 26); - - /** [... a b c] is a shorthand for ... + a<<52 + b<<26 + c<<0 mod n. - * for 0 <= x <= 9, px is a shorthand for sum(a[i]*b[x-i], i=0..x). - * for 9 <= x <= 18, px is a shorthand for sum(a[i]*b[x-i], i=(x-9)..9) - * Note that [x 0 0 0 0 0 0 0 0 0 0] = [x*R1 x*R0]. - */ - - d = (uint64_t)a[0] * b[9] - + (uint64_t)a[1] * b[8] - + (uint64_t)a[2] * b[7] - + (uint64_t)a[3] * b[6] - + (uint64_t)a[4] * b[5] - + (uint64_t)a[5] * b[4] - + (uint64_t)a[6] * b[3] - + (uint64_t)a[7] * b[2] - + (uint64_t)a[8] * b[1] - + (uint64_t)a[9] * b[0]; - /* VERIFY_BITS(d, 64); */ - /* [d 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ - t9 = d & M; d >>= 26; - VERIFY_BITS(t9, 26); - VERIFY_BITS(d, 38); - /* [d t9 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ - - c = (uint64_t)a[0] * b[0]; - VERIFY_BITS(c, 60); - /* [d t9 0 0 0 0 0 0 0 0 c] = [p9 0 0 0 0 0 0 0 0 p0] */ - d += (uint64_t)a[1] * b[9] - + (uint64_t)a[2] * b[8] - + (uint64_t)a[3] * b[7] - + (uint64_t)a[4] * b[6] - + (uint64_t)a[5] * b[5] - + (uint64_t)a[6] * b[4] - + (uint64_t)a[7] * b[3] - + (uint64_t)a[8] * b[2] - + (uint64_t)a[9] * b[1]; - VERIFY_BITS(d, 63); - /* [d t9 0 0 0 0 0 0 0 0 c] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ - u0 = d & M; d >>= 26; c += u0 * R0; - VERIFY_BITS(u0, 26); - VERIFY_BITS(d, 37); - VERIFY_BITS(c, 61); - /* [d u0 t9 0 0 0 0 0 0 0 0 c-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ - t0 = c & M; c >>= 26; c += u0 * R1; - VERIFY_BITS(t0, 26); - VERIFY_BITS(c, 37); - /* [d u0 t9 0 0 0 0 0 0 0 c-u0*R1 t0-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ - /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ - - c += (uint64_t)a[0] * b[1] - + (uint64_t)a[1] * b[0]; - VERIFY_BITS(c, 62); - /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 p1 p0] */ - d += (uint64_t)a[2] * b[9] - + (uint64_t)a[3] * b[8] - + (uint64_t)a[4] * b[7] - + (uint64_t)a[5] * b[6] - + (uint64_t)a[6] * b[5] - + (uint64_t)a[7] * b[4] - + (uint64_t)a[8] * b[3] - + (uint64_t)a[9] * b[2]; - VERIFY_BITS(d, 63); - /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ - u1 = d & M; d >>= 26; c += u1 * R0; - VERIFY_BITS(u1, 26); - VERIFY_BITS(d, 37); - VERIFY_BITS(c, 63); - /* [d u1 0 t9 0 0 0 0 0 0 0 c-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ - t1 = c & M; c >>= 26; c += u1 * R1; - VERIFY_BITS(t1, 26); - VERIFY_BITS(c, 38); - /* [d u1 0 t9 0 0 0 0 0 0 c-u1*R1 t1-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ - /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ - - c += (uint64_t)a[0] * b[2] - + (uint64_t)a[1] * b[1] - + (uint64_t)a[2] * b[0]; - VERIFY_BITS(c, 62); - /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ - d += (uint64_t)a[3] * b[9] - + (uint64_t)a[4] * b[8] - + (uint64_t)a[5] * b[7] - + (uint64_t)a[6] * b[6] - + (uint64_t)a[7] * b[5] - + (uint64_t)a[8] * b[4] - + (uint64_t)a[9] * b[3]; - VERIFY_BITS(d, 63); - /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ - u2 = d & M; d >>= 26; c += u2 * R0; - VERIFY_BITS(u2, 26); - VERIFY_BITS(d, 37); - VERIFY_BITS(c, 63); - /* [d u2 0 0 t9 0 0 0 0 0 0 c-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ - t2 = c & M; c >>= 26; c += u2 * R1; - VERIFY_BITS(t2, 26); - VERIFY_BITS(c, 38); - /* [d u2 0 0 t9 0 0 0 0 0 c-u2*R1 t2-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ - /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ - - c += (uint64_t)a[0] * b[3] - + (uint64_t)a[1] * b[2] - + (uint64_t)a[2] * b[1] - + (uint64_t)a[3] * b[0]; - VERIFY_BITS(c, 63); - /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ - d += (uint64_t)a[4] * b[9] - + (uint64_t)a[5] * b[8] - + (uint64_t)a[6] * b[7] - + (uint64_t)a[7] * b[6] - + (uint64_t)a[8] * b[5] - + (uint64_t)a[9] * b[4]; - VERIFY_BITS(d, 63); - /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ - u3 = d & M; d >>= 26; c += u3 * R0; - VERIFY_BITS(u3, 26); - VERIFY_BITS(d, 37); - /* VERIFY_BITS(c, 64); */ - /* [d u3 0 0 0 t9 0 0 0 0 0 c-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ - t3 = c & M; c >>= 26; c += u3 * R1; - VERIFY_BITS(t3, 26); - VERIFY_BITS(c, 39); - /* [d u3 0 0 0 t9 0 0 0 0 c-u3*R1 t3-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ - /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ - - c += (uint64_t)a[0] * b[4] - + (uint64_t)a[1] * b[3] - + (uint64_t)a[2] * b[2] - + (uint64_t)a[3] * b[1] - + (uint64_t)a[4] * b[0]; - VERIFY_BITS(c, 63); - /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ - d += (uint64_t)a[5] * b[9] - + (uint64_t)a[6] * b[8] - + (uint64_t)a[7] * b[7] - + (uint64_t)a[8] * b[6] - + (uint64_t)a[9] * b[5]; - VERIFY_BITS(d, 62); - /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ - u4 = d & M; d >>= 26; c += u4 * R0; - VERIFY_BITS(u4, 26); - VERIFY_BITS(d, 36); - /* VERIFY_BITS(c, 64); */ - /* [d u4 0 0 0 0 t9 0 0 0 0 c-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ - t4 = c & M; c >>= 26; c += u4 * R1; - VERIFY_BITS(t4, 26); - VERIFY_BITS(c, 39); - /* [d u4 0 0 0 0 t9 0 0 0 c-u4*R1 t4-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ - - c += (uint64_t)a[0] * b[5] - + (uint64_t)a[1] * b[4] - + (uint64_t)a[2] * b[3] - + (uint64_t)a[3] * b[2] - + (uint64_t)a[4] * b[1] - + (uint64_t)a[5] * b[0]; - VERIFY_BITS(c, 63); - /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ - d += (uint64_t)a[6] * b[9] - + (uint64_t)a[7] * b[8] - + (uint64_t)a[8] * b[7] - + (uint64_t)a[9] * b[6]; - VERIFY_BITS(d, 62); - /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ - u5 = d & M; d >>= 26; c += u5 * R0; - VERIFY_BITS(u5, 26); - VERIFY_BITS(d, 36); - /* VERIFY_BITS(c, 64); */ - /* [d u5 0 0 0 0 0 t9 0 0 0 c-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ - t5 = c & M; c >>= 26; c += u5 * R1; - VERIFY_BITS(t5, 26); - VERIFY_BITS(c, 39); - /* [d u5 0 0 0 0 0 t9 0 0 c-u5*R1 t5-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ - - c += (uint64_t)a[0] * b[6] - + (uint64_t)a[1] * b[5] - + (uint64_t)a[2] * b[4] - + (uint64_t)a[3] * b[3] - + (uint64_t)a[4] * b[2] - + (uint64_t)a[5] * b[1] - + (uint64_t)a[6] * b[0]; - VERIFY_BITS(c, 63); - /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ - d += (uint64_t)a[7] * b[9] - + (uint64_t)a[8] * b[8] - + (uint64_t)a[9] * b[7]; - VERIFY_BITS(d, 61); - /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ - u6 = d & M; d >>= 26; c += u6 * R0; - VERIFY_BITS(u6, 26); - VERIFY_BITS(d, 35); - /* VERIFY_BITS(c, 64); */ - /* [d u6 0 0 0 0 0 0 t9 0 0 c-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ - t6 = c & M; c >>= 26; c += u6 * R1; - VERIFY_BITS(t6, 26); - VERIFY_BITS(c, 39); - /* [d u6 0 0 0 0 0 0 t9 0 c-u6*R1 t6-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ - - c += (uint64_t)a[0] * b[7] - + (uint64_t)a[1] * b[6] - + (uint64_t)a[2] * b[5] - + (uint64_t)a[3] * b[4] - + (uint64_t)a[4] * b[3] - + (uint64_t)a[5] * b[2] - + (uint64_t)a[6] * b[1] - + (uint64_t)a[7] * b[0]; - /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x8000007C00000007ULL); - /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ - d += (uint64_t)a[8] * b[9] - + (uint64_t)a[9] * b[8]; - VERIFY_BITS(d, 58); - /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ - u7 = d & M; d >>= 26; c += u7 * R0; - VERIFY_BITS(u7, 26); - VERIFY_BITS(d, 32); - /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x800001703FFFC2F7ULL); - /* [d u7 0 0 0 0 0 0 0 t9 0 c-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ - t7 = c & M; c >>= 26; c += u7 * R1; - VERIFY_BITS(t7, 26); - VERIFY_BITS(c, 38); - /* [d u7 0 0 0 0 0 0 0 t9 c-u7*R1 t7-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ - - c += (uint64_t)a[0] * b[8] - + (uint64_t)a[1] * b[7] - + (uint64_t)a[2] * b[6] - + (uint64_t)a[3] * b[5] - + (uint64_t)a[4] * b[4] - + (uint64_t)a[5] * b[3] - + (uint64_t)a[6] * b[2] - + (uint64_t)a[7] * b[1] - + (uint64_t)a[8] * b[0]; - /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x9000007B80000008ULL); - /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - d += (uint64_t)a[9] * b[9]; - VERIFY_BITS(d, 57); - /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - u8 = d & M; d >>= 26; c += u8 * R0; - VERIFY_BITS(u8, 26); - VERIFY_BITS(d, 31); - /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x9000016FBFFFC2F8ULL); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - - r[3] = t3; - VERIFY_BITS(r[3], 26); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[4] = t4; - VERIFY_BITS(r[4], 26); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[5] = t5; - VERIFY_BITS(r[5], 26); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[6] = t6; - VERIFY_BITS(r[6], 26); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[7] = t7; - VERIFY_BITS(r[7], 26); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - - r[8] = c & M; c >>= 26; c += u8 * R1; - VERIFY_BITS(r[8], 26); - VERIFY_BITS(c, 39); - /* [d u8 0 0 0 0 0 0 0 0 t9+c-u8*R1 r8-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 0 0 0 0 t9+c r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - c += d * R0 + t9; - VERIFY_BITS(c, 45); - /* [d 0 0 0 0 0 0 0 0 0 c-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[9] = c & (M >> 4); c >>= 22; c += d * (R1 << 4); - VERIFY_BITS(r[9], 22); - VERIFY_BITS(c, 46); - /* [d 0 0 0 0 0 0 0 0 r9+((c-d*R1<<4)<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 0 0 -d*R1 r9+(c<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - - d = c * (R0 >> 4) + t0; - VERIFY_BITS(d, 56); - /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 d-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[0] = d & M; d >>= 26; - VERIFY_BITS(r[0], 26); - VERIFY_BITS(d, 30); - /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1+d r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - d += c * (R1 >> 4) + t1; - VERIFY_BITS(d, 53); - VERIFY_CHECK(d <= 0x10000003FFFFBFULL); - /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 d-c*R1>>4 r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - /* [r9 r8 r7 r6 r5 r4 r3 t2 d r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[1] = d & M; d >>= 26; - VERIFY_BITS(r[1], 26); - VERIFY_BITS(d, 27); - VERIFY_CHECK(d <= 0x4000000ULL); - /* [r9 r8 r7 r6 r5 r4 r3 t2+d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - d += t2; - VERIFY_BITS(d, 27); - /* [r9 r8 r7 r6 r5 r4 r3 d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[2] = d; - VERIFY_BITS(r[2], 27); - /* [r9 r8 r7 r6 r5 r4 r3 r2 r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ -} - -SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t *a) { - uint64_t c, d; - uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; - uint32_t t9, t0, t1, t2, t3, t4, t5, t6, t7; - const uint32_t M = 0x3FFFFFFUL, R0 = 0x3D10UL, R1 = 0x400UL; - - VERIFY_BITS(a[0], 30); - VERIFY_BITS(a[1], 30); - VERIFY_BITS(a[2], 30); - VERIFY_BITS(a[3], 30); - VERIFY_BITS(a[4], 30); - VERIFY_BITS(a[5], 30); - VERIFY_BITS(a[6], 30); - VERIFY_BITS(a[7], 30); - VERIFY_BITS(a[8], 30); - VERIFY_BITS(a[9], 26); - - /** [... a b c] is a shorthand for ... + a<<52 + b<<26 + c<<0 mod n. - * px is a shorthand for sum(a[i]*a[x-i], i=0..x). - * Note that [x 0 0 0 0 0 0 0 0 0 0] = [x*R1 x*R0]. - */ - - d = (uint64_t)(a[0]*2) * a[9] - + (uint64_t)(a[1]*2) * a[8] - + (uint64_t)(a[2]*2) * a[7] - + (uint64_t)(a[3]*2) * a[6] - + (uint64_t)(a[4]*2) * a[5]; - /* VERIFY_BITS(d, 64); */ - /* [d 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ - t9 = d & M; d >>= 26; - VERIFY_BITS(t9, 26); - VERIFY_BITS(d, 38); - /* [d t9 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ - - c = (uint64_t)a[0] * a[0]; - VERIFY_BITS(c, 60); - /* [d t9 0 0 0 0 0 0 0 0 c] = [p9 0 0 0 0 0 0 0 0 p0] */ - d += (uint64_t)(a[1]*2) * a[9] - + (uint64_t)(a[2]*2) * a[8] - + (uint64_t)(a[3]*2) * a[7] - + (uint64_t)(a[4]*2) * a[6] - + (uint64_t)a[5] * a[5]; - VERIFY_BITS(d, 63); - /* [d t9 0 0 0 0 0 0 0 0 c] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ - u0 = d & M; d >>= 26; c += u0 * R0; - VERIFY_BITS(u0, 26); - VERIFY_BITS(d, 37); - VERIFY_BITS(c, 61); - /* [d u0 t9 0 0 0 0 0 0 0 0 c-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ - t0 = c & M; c >>= 26; c += u0 * R1; - VERIFY_BITS(t0, 26); - VERIFY_BITS(c, 37); - /* [d u0 t9 0 0 0 0 0 0 0 c-u0*R1 t0-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ - /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ - - c += (uint64_t)(a[0]*2) * a[1]; - VERIFY_BITS(c, 62); - /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 p1 p0] */ - d += (uint64_t)(a[2]*2) * a[9] - + (uint64_t)(a[3]*2) * a[8] - + (uint64_t)(a[4]*2) * a[7] - + (uint64_t)(a[5]*2) * a[6]; - VERIFY_BITS(d, 63); - /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ - u1 = d & M; d >>= 26; c += u1 * R0; - VERIFY_BITS(u1, 26); - VERIFY_BITS(d, 37); - VERIFY_BITS(c, 63); - /* [d u1 0 t9 0 0 0 0 0 0 0 c-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ - t1 = c & M; c >>= 26; c += u1 * R1; - VERIFY_BITS(t1, 26); - VERIFY_BITS(c, 38); - /* [d u1 0 t9 0 0 0 0 0 0 c-u1*R1 t1-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ - /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ - - c += (uint64_t)(a[0]*2) * a[2] - + (uint64_t)a[1] * a[1]; - VERIFY_BITS(c, 62); - /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ - d += (uint64_t)(a[3]*2) * a[9] - + (uint64_t)(a[4]*2) * a[8] - + (uint64_t)(a[5]*2) * a[7] - + (uint64_t)a[6] * a[6]; - VERIFY_BITS(d, 63); - /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ - u2 = d & M; d >>= 26; c += u2 * R0; - VERIFY_BITS(u2, 26); - VERIFY_BITS(d, 37); - VERIFY_BITS(c, 63); - /* [d u2 0 0 t9 0 0 0 0 0 0 c-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ - t2 = c & M; c >>= 26; c += u2 * R1; - VERIFY_BITS(t2, 26); - VERIFY_BITS(c, 38); - /* [d u2 0 0 t9 0 0 0 0 0 c-u2*R1 t2-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ - /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ - - c += (uint64_t)(a[0]*2) * a[3] - + (uint64_t)(a[1]*2) * a[2]; - VERIFY_BITS(c, 63); - /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ - d += (uint64_t)(a[4]*2) * a[9] - + (uint64_t)(a[5]*2) * a[8] - + (uint64_t)(a[6]*2) * a[7]; - VERIFY_BITS(d, 63); - /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ - u3 = d & M; d >>= 26; c += u3 * R0; - VERIFY_BITS(u3, 26); - VERIFY_BITS(d, 37); - /* VERIFY_BITS(c, 64); */ - /* [d u3 0 0 0 t9 0 0 0 0 0 c-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ - t3 = c & M; c >>= 26; c += u3 * R1; - VERIFY_BITS(t3, 26); - VERIFY_BITS(c, 39); - /* [d u3 0 0 0 t9 0 0 0 0 c-u3*R1 t3-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ - /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ - - c += (uint64_t)(a[0]*2) * a[4] - + (uint64_t)(a[1]*2) * a[3] - + (uint64_t)a[2] * a[2]; - VERIFY_BITS(c, 63); - /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ - d += (uint64_t)(a[5]*2) * a[9] - + (uint64_t)(a[6]*2) * a[8] - + (uint64_t)a[7] * a[7]; - VERIFY_BITS(d, 62); - /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ - u4 = d & M; d >>= 26; c += u4 * R0; - VERIFY_BITS(u4, 26); - VERIFY_BITS(d, 36); - /* VERIFY_BITS(c, 64); */ - /* [d u4 0 0 0 0 t9 0 0 0 0 c-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ - t4 = c & M; c >>= 26; c += u4 * R1; - VERIFY_BITS(t4, 26); - VERIFY_BITS(c, 39); - /* [d u4 0 0 0 0 t9 0 0 0 c-u4*R1 t4-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ - - c += (uint64_t)(a[0]*2) * a[5] - + (uint64_t)(a[1]*2) * a[4] - + (uint64_t)(a[2]*2) * a[3]; - VERIFY_BITS(c, 63); - /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ - d += (uint64_t)(a[6]*2) * a[9] - + (uint64_t)(a[7]*2) * a[8]; - VERIFY_BITS(d, 62); - /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ - u5 = d & M; d >>= 26; c += u5 * R0; - VERIFY_BITS(u5, 26); - VERIFY_BITS(d, 36); - /* VERIFY_BITS(c, 64); */ - /* [d u5 0 0 0 0 0 t9 0 0 0 c-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ - t5 = c & M; c >>= 26; c += u5 * R1; - VERIFY_BITS(t5, 26); - VERIFY_BITS(c, 39); - /* [d u5 0 0 0 0 0 t9 0 0 c-u5*R1 t5-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ - - c += (uint64_t)(a[0]*2) * a[6] - + (uint64_t)(a[1]*2) * a[5] - + (uint64_t)(a[2]*2) * a[4] - + (uint64_t)a[3] * a[3]; - VERIFY_BITS(c, 63); - /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ - d += (uint64_t)(a[7]*2) * a[9] - + (uint64_t)a[8] * a[8]; - VERIFY_BITS(d, 61); - /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ - u6 = d & M; d >>= 26; c += u6 * R0; - VERIFY_BITS(u6, 26); - VERIFY_BITS(d, 35); - /* VERIFY_BITS(c, 64); */ - /* [d u6 0 0 0 0 0 0 t9 0 0 c-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ - t6 = c & M; c >>= 26; c += u6 * R1; - VERIFY_BITS(t6, 26); - VERIFY_BITS(c, 39); - /* [d u6 0 0 0 0 0 0 t9 0 c-u6*R1 t6-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ - - c += (uint64_t)(a[0]*2) * a[7] - + (uint64_t)(a[1]*2) * a[6] - + (uint64_t)(a[2]*2) * a[5] - + (uint64_t)(a[3]*2) * a[4]; - /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x8000007C00000007ULL); - /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ - d += (uint64_t)(a[8]*2) * a[9]; - VERIFY_BITS(d, 58); - /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ - u7 = d & M; d >>= 26; c += u7 * R0; - VERIFY_BITS(u7, 26); - VERIFY_BITS(d, 32); - /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x800001703FFFC2F7ULL); - /* [d u7 0 0 0 0 0 0 0 t9 0 c-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ - t7 = c & M; c >>= 26; c += u7 * R1; - VERIFY_BITS(t7, 26); - VERIFY_BITS(c, 38); - /* [d u7 0 0 0 0 0 0 0 t9 c-u7*R1 t7-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ - - c += (uint64_t)(a[0]*2) * a[8] - + (uint64_t)(a[1]*2) * a[7] - + (uint64_t)(a[2]*2) * a[6] - + (uint64_t)(a[3]*2) * a[5] - + (uint64_t)a[4] * a[4]; - /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x9000007B80000008ULL); - /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - d += (uint64_t)a[9] * a[9]; - VERIFY_BITS(d, 57); - /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - u8 = d & M; d >>= 26; c += u8 * R0; - VERIFY_BITS(u8, 26); - VERIFY_BITS(d, 31); - /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x9000016FBFFFC2F8ULL); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - - r[3] = t3; - VERIFY_BITS(r[3], 26); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[4] = t4; - VERIFY_BITS(r[4], 26); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[5] = t5; - VERIFY_BITS(r[5], 26); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[6] = t6; - VERIFY_BITS(r[6], 26); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[7] = t7; - VERIFY_BITS(r[7], 26); - /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - - r[8] = c & M; c >>= 26; c += u8 * R1; - VERIFY_BITS(r[8], 26); - VERIFY_BITS(c, 39); - /* [d u8 0 0 0 0 0 0 0 0 t9+c-u8*R1 r8-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 0 0 0 0 t9+c r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - c += d * R0 + t9; - VERIFY_BITS(c, 45); - /* [d 0 0 0 0 0 0 0 0 0 c-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[9] = c & (M >> 4); c >>= 22; c += d * (R1 << 4); - VERIFY_BITS(r[9], 22); - VERIFY_BITS(c, 46); - /* [d 0 0 0 0 0 0 0 0 r9+((c-d*R1<<4)<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - /* [d 0 0 0 0 0 0 0 -d*R1 r9+(c<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - - d = c * (R0 >> 4) + t0; - VERIFY_BITS(d, 56); - /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 d-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[0] = d & M; d >>= 26; - VERIFY_BITS(r[0], 26); - VERIFY_BITS(d, 30); - /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1+d r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - d += c * (R1 >> 4) + t1; - VERIFY_BITS(d, 53); - VERIFY_CHECK(d <= 0x10000003FFFFBFULL); - /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 d-c*R1>>4 r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - /* [r9 r8 r7 r6 r5 r4 r3 t2 d r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[1] = d & M; d >>= 26; - VERIFY_BITS(r[1], 26); - VERIFY_BITS(d, 27); - VERIFY_CHECK(d <= 0x4000000ULL); - /* [r9 r8 r7 r6 r5 r4 r3 t2+d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - d += t2; - VERIFY_BITS(d, 27); - /* [r9 r8 r7 r6 r5 r4 r3 d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[2] = d; - VERIFY_BITS(r[2], 27); - /* [r9 r8 r7 r6 r5 r4 r3 r2 r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ -} -#endif - -static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b) { -#ifdef VERIFY - VERIFY_CHECK(a->magnitude <= 8); - VERIFY_CHECK(b->magnitude <= 8); - secp256k1_fe_verify(a); - secp256k1_fe_verify(b); - VERIFY_CHECK(r != b); - VERIFY_CHECK(a != b); -#endif - secp256k1_fe_mul_inner(r->n, a->n, b->n); -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif -} - -static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a) { -#ifdef VERIFY - VERIFY_CHECK(a->magnitude <= 8); - secp256k1_fe_verify(a); -#endif - secp256k1_fe_sqr_inner(r->n, a->n); -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif -} - -static SECP256K1_INLINE void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag) { - uint32_t mask0, mask1; - mask0 = flag + ~((uint32_t)0); - mask1 = ~mask0; - r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); - r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); - r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); - r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); - r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); - r->n[5] = (r->n[5] & mask0) | (a->n[5] & mask1); - r->n[6] = (r->n[6] & mask0) | (a->n[6] & mask1); - r->n[7] = (r->n[7] & mask0) | (a->n[7] & mask1); - r->n[8] = (r->n[8] & mask0) | (a->n[8] & mask1); - r->n[9] = (r->n[9] & mask0) | (a->n[9] & mask1); -#ifdef VERIFY - if (a->magnitude > r->magnitude) { - r->magnitude = a->magnitude; - } - r->normalized &= a->normalized; -#endif -} - -static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) { - uint32_t mask0, mask1; - mask0 = flag + ~((uint32_t)0); - mask1 = ~mask0; - r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); - r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); - r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); - r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); - r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); - r->n[5] = (r->n[5] & mask0) | (a->n[5] & mask1); - r->n[6] = (r->n[6] & mask0) | (a->n[6] & mask1); - r->n[7] = (r->n[7] & mask0) | (a->n[7] & mask1); -} - -static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) { -#ifdef VERIFY - VERIFY_CHECK(a->normalized); -#endif - r->n[0] = a->n[0] | a->n[1] << 26; - r->n[1] = a->n[1] >> 6 | a->n[2] << 20; - r->n[2] = a->n[2] >> 12 | a->n[3] << 14; - r->n[3] = a->n[3] >> 18 | a->n[4] << 8; - r->n[4] = a->n[4] >> 24 | a->n[5] << 2 | a->n[6] << 28; - r->n[5] = a->n[6] >> 4 | a->n[7] << 22; - r->n[6] = a->n[7] >> 10 | a->n[8] << 16; - r->n[7] = a->n[8] >> 16 | a->n[9] << 10; -} - -static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { - r->n[0] = a->n[0] & 0x3FFFFFFUL; - r->n[1] = a->n[0] >> 26 | ((a->n[1] << 6) & 0x3FFFFFFUL); - r->n[2] = a->n[1] >> 20 | ((a->n[2] << 12) & 0x3FFFFFFUL); - r->n[3] = a->n[2] >> 14 | ((a->n[3] << 18) & 0x3FFFFFFUL); - r->n[4] = a->n[3] >> 8 | ((a->n[4] << 24) & 0x3FFFFFFUL); - r->n[5] = (a->n[4] >> 2) & 0x3FFFFFFUL; - r->n[6] = a->n[4] >> 28 | ((a->n[5] << 4) & 0x3FFFFFFUL); - r->n[7] = a->n[5] >> 22 | ((a->n[6] << 10) & 0x3FFFFFFUL); - r->n[8] = a->n[6] >> 16 | ((a->n[7] << 16) & 0x3FFFFFFUL); - r->n[9] = a->n[7] >> 10; -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 1; -#endif -} - -#endif /* SECP256K1_FIELD_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/field_5x52.h b/deps/secp256k1/src/field_5x52.h deleted file mode 100644 index fc5bfe357..000000000 --- a/deps/secp256k1/src/field_5x52.h +++ /dev/null @@ -1,49 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_FIELD_REPR_H -#define SECP256K1_FIELD_REPR_H - -#include - -typedef struct { - /* X = sum(i=0..4, n[i]*2^(i*52)) mod p - * where p = 2^256 - 0x1000003D1 - */ - uint64_t n[5]; -#ifdef VERIFY - int magnitude; - int normalized; -#endif -} secp256k1_fe; - -/* Unpacks a constant into a overlapping multi-limbed FE element. */ -#define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ - (d0) | (((uint64_t)(d1) & 0xFFFFFUL) << 32), \ - ((uint64_t)(d1) >> 20) | (((uint64_t)(d2)) << 12) | (((uint64_t)(d3) & 0xFFUL) << 44), \ - ((uint64_t)(d3) >> 8) | (((uint64_t)(d4) & 0xFFFFFFFUL) << 24), \ - ((uint64_t)(d4) >> 28) | (((uint64_t)(d5)) << 4) | (((uint64_t)(d6) & 0xFFFFUL) << 36), \ - ((uint64_t)(d6) >> 16) | (((uint64_t)(d7)) << 16) \ -} - -#ifdef VERIFY -#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)), 1, 1} -#else -#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0))} -#endif - -typedef struct { - uint64_t n[4]; -} secp256k1_fe_storage; - -#define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ \ - (d0) | (((uint64_t)(d1)) << 32), \ - (d2) | (((uint64_t)(d3)) << 32), \ - (d4) | (((uint64_t)(d5)) << 32), \ - (d6) | (((uint64_t)(d7)) << 32) \ -}} - -#endif /* SECP256K1_FIELD_REPR_H */ diff --git a/deps/secp256k1/src/field_5x52_asm_impl.h b/deps/secp256k1/src/field_5x52_asm_impl.h deleted file mode 100644 index 1fc3171f6..000000000 --- a/deps/secp256k1/src/field_5x52_asm_impl.h +++ /dev/null @@ -1,502 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013-2014 Diederik Huys, Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -/** - * Changelog: - * - March 2013, Diederik Huys: original version - * - November 2014, Pieter Wuille: updated to use Peter Dettman's parallel multiplication algorithm - * - December 2014, Pieter Wuille: converted from YASM to GCC inline assembly - */ - -#ifndef SECP256K1_FIELD_INNER5X52_IMPL_H -#define SECP256K1_FIELD_INNER5X52_IMPL_H - -SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { -/** - * Registers: rdx:rax = multiplication accumulator - * r9:r8 = c - * r15:rcx = d - * r10-r14 = a0-a4 - * rbx = b - * rdi = r - * rsi = a / t? - */ - uint64_t tmp1, tmp2, tmp3; -__asm__ __volatile__( - "movq 0(%%rsi),%%r10\n" - "movq 8(%%rsi),%%r11\n" - "movq 16(%%rsi),%%r12\n" - "movq 24(%%rsi),%%r13\n" - "movq 32(%%rsi),%%r14\n" - - /* d += a3 * b0 */ - "movq 0(%%rbx),%%rax\n" - "mulq %%r13\n" - "movq %%rax,%%rcx\n" - "movq %%rdx,%%r15\n" - /* d += a2 * b1 */ - "movq 8(%%rbx),%%rax\n" - "mulq %%r12\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a1 * b2 */ - "movq 16(%%rbx),%%rax\n" - "mulq %%r11\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d = a0 * b3 */ - "movq 24(%%rbx),%%rax\n" - "mulq %%r10\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* c = a4 * b4 */ - "movq 32(%%rbx),%%rax\n" - "mulq %%r14\n" - "movq %%rax,%%r8\n" - "movq %%rdx,%%r9\n" - /* d += (c & M) * R */ - "movq $0xfffffffffffff,%%rdx\n" - "andq %%rdx,%%rax\n" - "movq $0x1000003d10,%%rdx\n" - "mulq %%rdx\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* c >>= 52 (%%r8 only) */ - "shrdq $52,%%r9,%%r8\n" - /* t3 (tmp1) = d & M */ - "movq %%rcx,%%rsi\n" - "movq $0xfffffffffffff,%%rdx\n" - "andq %%rdx,%%rsi\n" - "movq %%rsi,%q1\n" - /* d >>= 52 */ - "shrdq $52,%%r15,%%rcx\n" - "xorq %%r15,%%r15\n" - /* d += a4 * b0 */ - "movq 0(%%rbx),%%rax\n" - "mulq %%r14\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a3 * b1 */ - "movq 8(%%rbx),%%rax\n" - "mulq %%r13\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a2 * b2 */ - "movq 16(%%rbx),%%rax\n" - "mulq %%r12\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a1 * b3 */ - "movq 24(%%rbx),%%rax\n" - "mulq %%r11\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a0 * b4 */ - "movq 32(%%rbx),%%rax\n" - "mulq %%r10\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += c * R */ - "movq %%r8,%%rax\n" - "movq $0x1000003d10,%%rdx\n" - "mulq %%rdx\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* t4 = d & M (%%rsi) */ - "movq %%rcx,%%rsi\n" - "movq $0xfffffffffffff,%%rdx\n" - "andq %%rdx,%%rsi\n" - /* d >>= 52 */ - "shrdq $52,%%r15,%%rcx\n" - "xorq %%r15,%%r15\n" - /* tx = t4 >> 48 (tmp3) */ - "movq %%rsi,%%rax\n" - "shrq $48,%%rax\n" - "movq %%rax,%q3\n" - /* t4 &= (M >> 4) (tmp2) */ - "movq $0xffffffffffff,%%rax\n" - "andq %%rax,%%rsi\n" - "movq %%rsi,%q2\n" - /* c = a0 * b0 */ - "movq 0(%%rbx),%%rax\n" - "mulq %%r10\n" - "movq %%rax,%%r8\n" - "movq %%rdx,%%r9\n" - /* d += a4 * b1 */ - "movq 8(%%rbx),%%rax\n" - "mulq %%r14\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a3 * b2 */ - "movq 16(%%rbx),%%rax\n" - "mulq %%r13\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a2 * b3 */ - "movq 24(%%rbx),%%rax\n" - "mulq %%r12\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a1 * b4 */ - "movq 32(%%rbx),%%rax\n" - "mulq %%r11\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* u0 = d & M (%%rsi) */ - "movq %%rcx,%%rsi\n" - "movq $0xfffffffffffff,%%rdx\n" - "andq %%rdx,%%rsi\n" - /* d >>= 52 */ - "shrdq $52,%%r15,%%rcx\n" - "xorq %%r15,%%r15\n" - /* u0 = (u0 << 4) | tx (%%rsi) */ - "shlq $4,%%rsi\n" - "movq %q3,%%rax\n" - "orq %%rax,%%rsi\n" - /* c += u0 * (R >> 4) */ - "movq $0x1000003d1,%%rax\n" - "mulq %%rsi\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* r[0] = c & M */ - "movq %%r8,%%rax\n" - "movq $0xfffffffffffff,%%rdx\n" - "andq %%rdx,%%rax\n" - "movq %%rax,0(%%rdi)\n" - /* c >>= 52 */ - "shrdq $52,%%r9,%%r8\n" - "xorq %%r9,%%r9\n" - /* c += a1 * b0 */ - "movq 0(%%rbx),%%rax\n" - "mulq %%r11\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* c += a0 * b1 */ - "movq 8(%%rbx),%%rax\n" - "mulq %%r10\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* d += a4 * b2 */ - "movq 16(%%rbx),%%rax\n" - "mulq %%r14\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a3 * b3 */ - "movq 24(%%rbx),%%rax\n" - "mulq %%r13\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a2 * b4 */ - "movq 32(%%rbx),%%rax\n" - "mulq %%r12\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* c += (d & M) * R */ - "movq %%rcx,%%rax\n" - "movq $0xfffffffffffff,%%rdx\n" - "andq %%rdx,%%rax\n" - "movq $0x1000003d10,%%rdx\n" - "mulq %%rdx\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* d >>= 52 */ - "shrdq $52,%%r15,%%rcx\n" - "xorq %%r15,%%r15\n" - /* r[1] = c & M */ - "movq %%r8,%%rax\n" - "movq $0xfffffffffffff,%%rdx\n" - "andq %%rdx,%%rax\n" - "movq %%rax,8(%%rdi)\n" - /* c >>= 52 */ - "shrdq $52,%%r9,%%r8\n" - "xorq %%r9,%%r9\n" - /* c += a2 * b0 */ - "movq 0(%%rbx),%%rax\n" - "mulq %%r12\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* c += a1 * b1 */ - "movq 8(%%rbx),%%rax\n" - "mulq %%r11\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* c += a0 * b2 (last use of %%r10 = a0) */ - "movq 16(%%rbx),%%rax\n" - "mulq %%r10\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* fetch t3 (%%r10, overwrites a0), t4 (%%rsi) */ - "movq %q2,%%rsi\n" - "movq %q1,%%r10\n" - /* d += a4 * b3 */ - "movq 24(%%rbx),%%rax\n" - "mulq %%r14\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* d += a3 * b4 */ - "movq 32(%%rbx),%%rax\n" - "mulq %%r13\n" - "addq %%rax,%%rcx\n" - "adcq %%rdx,%%r15\n" - /* c += (d & M) * R */ - "movq %%rcx,%%rax\n" - "movq $0xfffffffffffff,%%rdx\n" - "andq %%rdx,%%rax\n" - "movq $0x1000003d10,%%rdx\n" - "mulq %%rdx\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* d >>= 52 (%%rcx only) */ - "shrdq $52,%%r15,%%rcx\n" - /* r[2] = c & M */ - "movq %%r8,%%rax\n" - "movq $0xfffffffffffff,%%rdx\n" - "andq %%rdx,%%rax\n" - "movq %%rax,16(%%rdi)\n" - /* c >>= 52 */ - "shrdq $52,%%r9,%%r8\n" - "xorq %%r9,%%r9\n" - /* c += t3 */ - "addq %%r10,%%r8\n" - /* c += d * R */ - "movq %%rcx,%%rax\n" - "movq $0x1000003d10,%%rdx\n" - "mulq %%rdx\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* r[3] = c & M */ - "movq %%r8,%%rax\n" - "movq $0xfffffffffffff,%%rdx\n" - "andq %%rdx,%%rax\n" - "movq %%rax,24(%%rdi)\n" - /* c >>= 52 (%%r8 only) */ - "shrdq $52,%%r9,%%r8\n" - /* c += t4 (%%r8 only) */ - "addq %%rsi,%%r8\n" - /* r[4] = c */ - "movq %%r8,32(%%rdi)\n" -: "+S"(a), "=m"(tmp1), "=m"(tmp2), "=m"(tmp3) -: "b"(b), "D"(r) -: "%rax", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15", "cc", "memory" -); -} - -SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t *a) { -/** - * Registers: rdx:rax = multiplication accumulator - * r9:r8 = c - * rcx:rbx = d - * r10-r14 = a0-a4 - * r15 = M (0xfffffffffffff) - * rdi = r - * rsi = a / t? - */ - uint64_t tmp1, tmp2, tmp3; -__asm__ __volatile__( - "movq 0(%%rsi),%%r10\n" - "movq 8(%%rsi),%%r11\n" - "movq 16(%%rsi),%%r12\n" - "movq 24(%%rsi),%%r13\n" - "movq 32(%%rsi),%%r14\n" - "movq $0xfffffffffffff,%%r15\n" - - /* d = (a0*2) * a3 */ - "leaq (%%r10,%%r10,1),%%rax\n" - "mulq %%r13\n" - "movq %%rax,%%rbx\n" - "movq %%rdx,%%rcx\n" - /* d += (a1*2) * a2 */ - "leaq (%%r11,%%r11,1),%%rax\n" - "mulq %%r12\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* c = a4 * a4 */ - "movq %%r14,%%rax\n" - "mulq %%r14\n" - "movq %%rax,%%r8\n" - "movq %%rdx,%%r9\n" - /* d += (c & M) * R */ - "andq %%r15,%%rax\n" - "movq $0x1000003d10,%%rdx\n" - "mulq %%rdx\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* c >>= 52 (%%r8 only) */ - "shrdq $52,%%r9,%%r8\n" - /* t3 (tmp1) = d & M */ - "movq %%rbx,%%rsi\n" - "andq %%r15,%%rsi\n" - "movq %%rsi,%q1\n" - /* d >>= 52 */ - "shrdq $52,%%rcx,%%rbx\n" - "xorq %%rcx,%%rcx\n" - /* a4 *= 2 */ - "addq %%r14,%%r14\n" - /* d += a0 * a4 */ - "movq %%r10,%%rax\n" - "mulq %%r14\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* d+= (a1*2) * a3 */ - "leaq (%%r11,%%r11,1),%%rax\n" - "mulq %%r13\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* d += a2 * a2 */ - "movq %%r12,%%rax\n" - "mulq %%r12\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* d += c * R */ - "movq %%r8,%%rax\n" - "movq $0x1000003d10,%%rdx\n" - "mulq %%rdx\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* t4 = d & M (%%rsi) */ - "movq %%rbx,%%rsi\n" - "andq %%r15,%%rsi\n" - /* d >>= 52 */ - "shrdq $52,%%rcx,%%rbx\n" - "xorq %%rcx,%%rcx\n" - /* tx = t4 >> 48 (tmp3) */ - "movq %%rsi,%%rax\n" - "shrq $48,%%rax\n" - "movq %%rax,%q3\n" - /* t4 &= (M >> 4) (tmp2) */ - "movq $0xffffffffffff,%%rax\n" - "andq %%rax,%%rsi\n" - "movq %%rsi,%q2\n" - /* c = a0 * a0 */ - "movq %%r10,%%rax\n" - "mulq %%r10\n" - "movq %%rax,%%r8\n" - "movq %%rdx,%%r9\n" - /* d += a1 * a4 */ - "movq %%r11,%%rax\n" - "mulq %%r14\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* d += (a2*2) * a3 */ - "leaq (%%r12,%%r12,1),%%rax\n" - "mulq %%r13\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* u0 = d & M (%%rsi) */ - "movq %%rbx,%%rsi\n" - "andq %%r15,%%rsi\n" - /* d >>= 52 */ - "shrdq $52,%%rcx,%%rbx\n" - "xorq %%rcx,%%rcx\n" - /* u0 = (u0 << 4) | tx (%%rsi) */ - "shlq $4,%%rsi\n" - "movq %q3,%%rax\n" - "orq %%rax,%%rsi\n" - /* c += u0 * (R >> 4) */ - "movq $0x1000003d1,%%rax\n" - "mulq %%rsi\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* r[0] = c & M */ - "movq %%r8,%%rax\n" - "andq %%r15,%%rax\n" - "movq %%rax,0(%%rdi)\n" - /* c >>= 52 */ - "shrdq $52,%%r9,%%r8\n" - "xorq %%r9,%%r9\n" - /* a0 *= 2 */ - "addq %%r10,%%r10\n" - /* c += a0 * a1 */ - "movq %%r10,%%rax\n" - "mulq %%r11\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* d += a2 * a4 */ - "movq %%r12,%%rax\n" - "mulq %%r14\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* d += a3 * a3 */ - "movq %%r13,%%rax\n" - "mulq %%r13\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* c += (d & M) * R */ - "movq %%rbx,%%rax\n" - "andq %%r15,%%rax\n" - "movq $0x1000003d10,%%rdx\n" - "mulq %%rdx\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* d >>= 52 */ - "shrdq $52,%%rcx,%%rbx\n" - "xorq %%rcx,%%rcx\n" - /* r[1] = c & M */ - "movq %%r8,%%rax\n" - "andq %%r15,%%rax\n" - "movq %%rax,8(%%rdi)\n" - /* c >>= 52 */ - "shrdq $52,%%r9,%%r8\n" - "xorq %%r9,%%r9\n" - /* c += a0 * a2 (last use of %%r10) */ - "movq %%r10,%%rax\n" - "mulq %%r12\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* fetch t3 (%%r10, overwrites a0),t4 (%%rsi) */ - "movq %q2,%%rsi\n" - "movq %q1,%%r10\n" - /* c += a1 * a1 */ - "movq %%r11,%%rax\n" - "mulq %%r11\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* d += a3 * a4 */ - "movq %%r13,%%rax\n" - "mulq %%r14\n" - "addq %%rax,%%rbx\n" - "adcq %%rdx,%%rcx\n" - /* c += (d & M) * R */ - "movq %%rbx,%%rax\n" - "andq %%r15,%%rax\n" - "movq $0x1000003d10,%%rdx\n" - "mulq %%rdx\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* d >>= 52 (%%rbx only) */ - "shrdq $52,%%rcx,%%rbx\n" - /* r[2] = c & M */ - "movq %%r8,%%rax\n" - "andq %%r15,%%rax\n" - "movq %%rax,16(%%rdi)\n" - /* c >>= 52 */ - "shrdq $52,%%r9,%%r8\n" - "xorq %%r9,%%r9\n" - /* c += t3 */ - "addq %%r10,%%r8\n" - /* c += d * R */ - "movq %%rbx,%%rax\n" - "movq $0x1000003d10,%%rdx\n" - "mulq %%rdx\n" - "addq %%rax,%%r8\n" - "adcq %%rdx,%%r9\n" - /* r[3] = c & M */ - "movq %%r8,%%rax\n" - "andq %%r15,%%rax\n" - "movq %%rax,24(%%rdi)\n" - /* c >>= 52 (%%r8 only) */ - "shrdq $52,%%r9,%%r8\n" - /* c += t4 (%%r8 only) */ - "addq %%rsi,%%r8\n" - /* r[4] = c */ - "movq %%r8,32(%%rdi)\n" -: "+S"(a), "=m"(tmp1), "=m"(tmp2), "=m"(tmp3) -: "D"(r) -: "%rax", "%rbx", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15", "cc", "memory" -); -} - -#endif /* SECP256K1_FIELD_INNER5X52_IMPL_H */ diff --git a/deps/secp256k1/src/field_5x52_impl.h b/deps/secp256k1/src/field_5x52_impl.h deleted file mode 100644 index f4263320d..000000000 --- a/deps/secp256k1/src/field_5x52_impl.h +++ /dev/null @@ -1,496 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_FIELD_REPR_IMPL_H -#define SECP256K1_FIELD_REPR_IMPL_H - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -#include "util.h" -#include "field.h" - -#if defined(USE_ASM_X86_64) -#include "field_5x52_asm_impl.h" -#else -#include "field_5x52_int128_impl.h" -#endif - -/** Implements arithmetic modulo FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F, - * represented as 5 uint64_t's in base 2^52. The values are allowed to contain >52 each. In particular, - * each FieldElem has a 'magnitude' associated with it. Internally, a magnitude M means each element - * is at most M*(2^53-1), except the most significant one, which is limited to M*(2^49-1). All operations - * accept any input with magnitude at most M, and have different rules for propagating magnitude to their - * output. - */ - -#ifdef VERIFY -static void secp256k1_fe_verify(const secp256k1_fe *a) { - const uint64_t *d = a->n; - int m = a->normalized ? 1 : 2 * a->magnitude, r = 1; - /* secp256k1 'p' value defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ - r &= (d[0] <= 0xFFFFFFFFFFFFFULL * m); - r &= (d[1] <= 0xFFFFFFFFFFFFFULL * m); - r &= (d[2] <= 0xFFFFFFFFFFFFFULL * m); - r &= (d[3] <= 0xFFFFFFFFFFFFFULL * m); - r &= (d[4] <= 0x0FFFFFFFFFFFFULL * m); - r &= (a->magnitude >= 0); - r &= (a->magnitude <= 2048); - if (a->normalized) { - r &= (a->magnitude <= 1); - if (r && (d[4] == 0x0FFFFFFFFFFFFULL) && ((d[3] & d[2] & d[1]) == 0xFFFFFFFFFFFFFULL)) { - r &= (d[0] < 0xFFFFEFFFFFC2FULL); - } - } - VERIFY_CHECK(r == 1); -} -#endif - -static void secp256k1_fe_normalize(secp256k1_fe *r) { - uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; - - /* Reduce t4 at the start so there will be at most a single carry from the first pass */ - uint64_t m; - uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; - - /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; m = t1; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; m &= t2; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; m &= t3; - - /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ - VERIFY_CHECK(t4 >> 49 == 0); - - /* At most a single final reduction is needed; check if the value is >= the field characteristic */ - x = (t4 >> 48) | ((t4 == 0x0FFFFFFFFFFFFULL) & (m == 0xFFFFFFFFFFFFFULL) - & (t0 >= 0xFFFFEFFFFFC2FULL)); - - /* Apply the final reduction (for constant-time behaviour, we do it always) */ - t0 += x * 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; - - /* If t4 didn't carry to bit 48 already, then it should have after any final reduction */ - VERIFY_CHECK(t4 >> 48 == x); - - /* Mask off the possible multiple of 2^256 from the final reduction */ - t4 &= 0x0FFFFFFFFFFFFULL; - - r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; - -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 1; - secp256k1_fe_verify(r); -#endif -} - -static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { - uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; - - /* Reduce t4 at the start so there will be at most a single carry from the first pass */ - uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; - - /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; - - /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ - VERIFY_CHECK(t4 >> 49 == 0); - - r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; - -#ifdef VERIFY - r->magnitude = 1; - secp256k1_fe_verify(r); -#endif -} - -static void secp256k1_fe_normalize_var(secp256k1_fe *r) { - uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; - - /* Reduce t4 at the start so there will be at most a single carry from the first pass */ - uint64_t m; - uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; - - /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; m = t1; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; m &= t2; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; m &= t3; - - /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ - VERIFY_CHECK(t4 >> 49 == 0); - - /* At most a single final reduction is needed; check if the value is >= the field characteristic */ - x = (t4 >> 48) | ((t4 == 0x0FFFFFFFFFFFFULL) & (m == 0xFFFFFFFFFFFFFULL) - & (t0 >= 0xFFFFEFFFFFC2FULL)); - - if (x) { - t0 += 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; - - /* If t4 didn't carry to bit 48 already, then it should have after any final reduction */ - VERIFY_CHECK(t4 >> 48 == x); - - /* Mask off the possible multiple of 2^256 from the final reduction */ - t4 &= 0x0FFFFFFFFFFFFULL; - } - - r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; - -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 1; - secp256k1_fe_verify(r); -#endif -} - -static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r) { - uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; - - /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ - uint64_t z0, z1; - - /* Reduce t4 at the start so there will be at most a single carry from the first pass */ - uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; - - /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; z0 = t0; z1 = t0 ^ 0x1000003D0ULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; z0 |= t1; z1 &= t1; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; z0 |= t2; z1 &= t2; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; z0 |= t3; z1 &= t3; - z0 |= t4; z1 &= t4 ^ 0xF000000000000ULL; - - /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ - VERIFY_CHECK(t4 >> 49 == 0); - - return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); -} - -static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { - uint64_t t0, t1, t2, t3, t4; - uint64_t z0, z1; - uint64_t x; - - t0 = r->n[0]; - t4 = r->n[4]; - - /* Reduce t4 at the start so there will be at most a single carry from the first pass */ - x = t4 >> 48; - - /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x1000003D1ULL; - - /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ - z0 = t0 & 0xFFFFFFFFFFFFFULL; - z1 = z0 ^ 0x1000003D0ULL; - - /* Fast return path should catch the majority of cases */ - if ((z0 != 0ULL) & (z1 != 0xFFFFFFFFFFFFFULL)) { - return 0; - } - - t1 = r->n[1]; - t2 = r->n[2]; - t3 = r->n[3]; - - t4 &= 0x0FFFFFFFFFFFFULL; - - t1 += (t0 >> 52); - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; z0 |= t1; z1 &= t1; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; z0 |= t2; z1 &= t2; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; z0 |= t3; z1 &= t3; - z0 |= t4; z1 &= t4 ^ 0xF000000000000ULL; - - /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ - VERIFY_CHECK(t4 >> 49 == 0); - - return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); -} - -SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { - r->n[0] = a; - r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0; -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 1; - secp256k1_fe_verify(r); -#endif -} - -SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe *a) { - const uint64_t *t = a->n; -#ifdef VERIFY - VERIFY_CHECK(a->normalized); - secp256k1_fe_verify(a); -#endif - return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0; -} - -SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe *a) { -#ifdef VERIFY - VERIFY_CHECK(a->normalized); - secp256k1_fe_verify(a); -#endif - return a->n[0] & 1; -} - -SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe *a) { - int i; -#ifdef VERIFY - a->magnitude = 0; - a->normalized = 1; -#endif - for (i=0; i<5; i++) { - a->n[i] = 0; - } -} - -static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b) { - int i; -#ifdef VERIFY - VERIFY_CHECK(a->normalized); - VERIFY_CHECK(b->normalized); - secp256k1_fe_verify(a); - secp256k1_fe_verify(b); -#endif - for (i = 4; i >= 0; i--) { - if (a->n[i] > b->n[i]) { - return 1; - } - if (a->n[i] < b->n[i]) { - return -1; - } - } - return 0; -} - -static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a) { - r->n[0] = (uint64_t)a[31] - | ((uint64_t)a[30] << 8) - | ((uint64_t)a[29] << 16) - | ((uint64_t)a[28] << 24) - | ((uint64_t)a[27] << 32) - | ((uint64_t)a[26] << 40) - | ((uint64_t)(a[25] & 0xF) << 48); - r->n[1] = (uint64_t)((a[25] >> 4) & 0xF) - | ((uint64_t)a[24] << 4) - | ((uint64_t)a[23] << 12) - | ((uint64_t)a[22] << 20) - | ((uint64_t)a[21] << 28) - | ((uint64_t)a[20] << 36) - | ((uint64_t)a[19] << 44); - r->n[2] = (uint64_t)a[18] - | ((uint64_t)a[17] << 8) - | ((uint64_t)a[16] << 16) - | ((uint64_t)a[15] << 24) - | ((uint64_t)a[14] << 32) - | ((uint64_t)a[13] << 40) - | ((uint64_t)(a[12] & 0xF) << 48); - r->n[3] = (uint64_t)((a[12] >> 4) & 0xF) - | ((uint64_t)a[11] << 4) - | ((uint64_t)a[10] << 12) - | ((uint64_t)a[9] << 20) - | ((uint64_t)a[8] << 28) - | ((uint64_t)a[7] << 36) - | ((uint64_t)a[6] << 44); - r->n[4] = (uint64_t)a[5] - | ((uint64_t)a[4] << 8) - | ((uint64_t)a[3] << 16) - | ((uint64_t)a[2] << 24) - | ((uint64_t)a[1] << 32) - | ((uint64_t)a[0] << 40); - if (r->n[4] == 0x0FFFFFFFFFFFFULL && (r->n[3] & r->n[2] & r->n[1]) == 0xFFFFFFFFFFFFFULL && r->n[0] >= 0xFFFFEFFFFFC2FULL) { - return 0; - } -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 1; - secp256k1_fe_verify(r); -#endif - return 1; -} - -/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ -static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a) { -#ifdef VERIFY - VERIFY_CHECK(a->normalized); - secp256k1_fe_verify(a); -#endif - r[0] = (a->n[4] >> 40) & 0xFF; - r[1] = (a->n[4] >> 32) & 0xFF; - r[2] = (a->n[4] >> 24) & 0xFF; - r[3] = (a->n[4] >> 16) & 0xFF; - r[4] = (a->n[4] >> 8) & 0xFF; - r[5] = a->n[4] & 0xFF; - r[6] = (a->n[3] >> 44) & 0xFF; - r[7] = (a->n[3] >> 36) & 0xFF; - r[8] = (a->n[3] >> 28) & 0xFF; - r[9] = (a->n[3] >> 20) & 0xFF; - r[10] = (a->n[3] >> 12) & 0xFF; - r[11] = (a->n[3] >> 4) & 0xFF; - r[12] = ((a->n[2] >> 48) & 0xF) | ((a->n[3] & 0xF) << 4); - r[13] = (a->n[2] >> 40) & 0xFF; - r[14] = (a->n[2] >> 32) & 0xFF; - r[15] = (a->n[2] >> 24) & 0xFF; - r[16] = (a->n[2] >> 16) & 0xFF; - r[17] = (a->n[2] >> 8) & 0xFF; - r[18] = a->n[2] & 0xFF; - r[19] = (a->n[1] >> 44) & 0xFF; - r[20] = (a->n[1] >> 36) & 0xFF; - r[21] = (a->n[1] >> 28) & 0xFF; - r[22] = (a->n[1] >> 20) & 0xFF; - r[23] = (a->n[1] >> 12) & 0xFF; - r[24] = (a->n[1] >> 4) & 0xFF; - r[25] = ((a->n[0] >> 48) & 0xF) | ((a->n[1] & 0xF) << 4); - r[26] = (a->n[0] >> 40) & 0xFF; - r[27] = (a->n[0] >> 32) & 0xFF; - r[28] = (a->n[0] >> 24) & 0xFF; - r[29] = (a->n[0] >> 16) & 0xFF; - r[30] = (a->n[0] >> 8) & 0xFF; - r[31] = a->n[0] & 0xFF; -} - -SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m) { -#ifdef VERIFY - VERIFY_CHECK(a->magnitude <= m); - secp256k1_fe_verify(a); -#endif - r->n[0] = 0xFFFFEFFFFFC2FULL * 2 * (m + 1) - a->n[0]; - r->n[1] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[1]; - r->n[2] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[2]; - r->n[3] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[3]; - r->n[4] = 0x0FFFFFFFFFFFFULL * 2 * (m + 1) - a->n[4]; -#ifdef VERIFY - r->magnitude = m + 1; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif -} - -SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe *r, int a) { - r->n[0] *= a; - r->n[1] *= a; - r->n[2] *= a; - r->n[3] *= a; - r->n[4] *= a; -#ifdef VERIFY - r->magnitude *= a; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif -} - -SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a) { -#ifdef VERIFY - secp256k1_fe_verify(a); -#endif - r->n[0] += a->n[0]; - r->n[1] += a->n[1]; - r->n[2] += a->n[2]; - r->n[3] += a->n[3]; - r->n[4] += a->n[4]; -#ifdef VERIFY - r->magnitude += a->magnitude; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif -} - -static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b) { -#ifdef VERIFY - VERIFY_CHECK(a->magnitude <= 8); - VERIFY_CHECK(b->magnitude <= 8); - secp256k1_fe_verify(a); - secp256k1_fe_verify(b); - VERIFY_CHECK(r != b); - VERIFY_CHECK(a != b); -#endif - secp256k1_fe_mul_inner(r->n, a->n, b->n); -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif -} - -static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a) { -#ifdef VERIFY - VERIFY_CHECK(a->magnitude <= 8); - secp256k1_fe_verify(a); -#endif - secp256k1_fe_sqr_inner(r->n, a->n); -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 0; - secp256k1_fe_verify(r); -#endif -} - -static SECP256K1_INLINE void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag) { - uint64_t mask0, mask1; - mask0 = flag + ~((uint64_t)0); - mask1 = ~mask0; - r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); - r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); - r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); - r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); - r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); -#ifdef VERIFY - if (a->magnitude > r->magnitude) { - r->magnitude = a->magnitude; - } - r->normalized &= a->normalized; -#endif -} - -static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) { - uint64_t mask0, mask1; - mask0 = flag + ~((uint64_t)0); - mask1 = ~mask0; - r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); - r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); - r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); - r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); -} - -static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) { -#ifdef VERIFY - VERIFY_CHECK(a->normalized); -#endif - r->n[0] = a->n[0] | a->n[1] << 52; - r->n[1] = a->n[1] >> 12 | a->n[2] << 40; - r->n[2] = a->n[2] >> 24 | a->n[3] << 28; - r->n[3] = a->n[3] >> 36 | a->n[4] << 16; -} - -static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { - r->n[0] = a->n[0] & 0xFFFFFFFFFFFFFULL; - r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & 0xFFFFFFFFFFFFFULL); - r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & 0xFFFFFFFFFFFFFULL); - r->n[3] = a->n[2] >> 28 | ((a->n[3] << 36) & 0xFFFFFFFFFFFFFULL); - r->n[4] = a->n[3] >> 16; -#ifdef VERIFY - r->magnitude = 1; - r->normalized = 1; -#endif -} - -#endif /* SECP256K1_FIELD_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/field_5x52_int128_impl.h b/deps/secp256k1/src/field_5x52_int128_impl.h deleted file mode 100644 index bcbfb92ac..000000000 --- a/deps/secp256k1/src/field_5x52_int128_impl.h +++ /dev/null @@ -1,279 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_FIELD_INNER5X52_IMPL_H -#define SECP256K1_FIELD_INNER5X52_IMPL_H - -#include - -#ifdef VERIFY -#define VERIFY_BITS(x, n) VERIFY_CHECK(((x) >> (n)) == 0) -#else -#define VERIFY_BITS(x, n) do { } while(0) -#endif - -SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { - uint128_t c, d; - uint64_t t3, t4, tx, u0; - uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; - const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL; - - VERIFY_BITS(a[0], 56); - VERIFY_BITS(a[1], 56); - VERIFY_BITS(a[2], 56); - VERIFY_BITS(a[3], 56); - VERIFY_BITS(a[4], 52); - VERIFY_BITS(b[0], 56); - VERIFY_BITS(b[1], 56); - VERIFY_BITS(b[2], 56); - VERIFY_BITS(b[3], 56); - VERIFY_BITS(b[4], 52); - VERIFY_CHECK(r != b); - VERIFY_CHECK(a != b); - - /* [... a b c] is a shorthand for ... + a<<104 + b<<52 + c<<0 mod n. - * for 0 <= x <= 4, px is a shorthand for sum(a[i]*b[x-i], i=0..x). - * for 4 <= x <= 8, px is a shorthand for sum(a[i]*b[x-i], i=(x-4)..4) - * Note that [x 0 0 0 0 0] = [x*R]. - */ - - d = (uint128_t)a0 * b[3] - + (uint128_t)a1 * b[2] - + (uint128_t)a2 * b[1] - + (uint128_t)a3 * b[0]; - VERIFY_BITS(d, 114); - /* [d 0 0 0] = [p3 0 0 0] */ - c = (uint128_t)a4 * b[4]; - VERIFY_BITS(c, 112); - /* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - d += (c & M) * R; c >>= 52; - VERIFY_BITS(d, 115); - VERIFY_BITS(c, 60); - /* [c 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - t3 = d & M; d >>= 52; - VERIFY_BITS(t3, 52); - VERIFY_BITS(d, 63); - /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - - d += (uint128_t)a0 * b[4] - + (uint128_t)a1 * b[3] - + (uint128_t)a2 * b[2] - + (uint128_t)a3 * b[1] - + (uint128_t)a4 * b[0]; - VERIFY_BITS(d, 115); - /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - d += c * R; - VERIFY_BITS(d, 116); - /* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - t4 = d & M; d >>= 52; - VERIFY_BITS(t4, 52); - VERIFY_BITS(d, 64); - /* [d t4 t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - tx = (t4 >> 48); t4 &= (M >> 4); - VERIFY_BITS(tx, 4); - VERIFY_BITS(t4, 48); - /* [d t4+(tx<<48) t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - - c = (uint128_t)a0 * b[0]; - VERIFY_BITS(c, 112); - /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 0 p4 p3 0 0 p0] */ - d += (uint128_t)a1 * b[4] - + (uint128_t)a2 * b[3] - + (uint128_t)a3 * b[2] - + (uint128_t)a4 * b[1]; - VERIFY_BITS(d, 115); - /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - u0 = d & M; d >>= 52; - VERIFY_BITS(u0, 52); - VERIFY_BITS(d, 63); - /* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - /* [d 0 t4+(tx<<48)+(u0<<52) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - u0 = (u0 << 4) | tx; - VERIFY_BITS(u0, 56); - /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - c += (uint128_t)u0 * (R >> 4); - VERIFY_BITS(c, 115); - /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - r[0] = c & M; c >>= 52; - VERIFY_BITS(r[0], 52); - VERIFY_BITS(c, 61); - /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 0 p0] */ - - c += (uint128_t)a0 * b[1] - + (uint128_t)a1 * b[0]; - VERIFY_BITS(c, 114); - /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 p1 p0] */ - d += (uint128_t)a2 * b[4] - + (uint128_t)a3 * b[3] - + (uint128_t)a4 * b[2]; - VERIFY_BITS(d, 114); - /* [d 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - c += (d & M) * R; d >>= 52; - VERIFY_BITS(c, 115); - VERIFY_BITS(d, 62); - /* [d 0 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - r[1] = c & M; c >>= 52; - VERIFY_BITS(r[1], 52); - VERIFY_BITS(c, 63); - /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - - c += (uint128_t)a0 * b[2] - + (uint128_t)a1 * b[1] - + (uint128_t)a2 * b[0]; - VERIFY_BITS(c, 114); - /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 p2 p1 p0] */ - d += (uint128_t)a3 * b[4] - + (uint128_t)a4 * b[3]; - VERIFY_BITS(d, 114); - /* [d 0 0 t4 t3 c t1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - c += (d & M) * R; d >>= 52; - VERIFY_BITS(c, 115); - VERIFY_BITS(d, 62); - /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - - /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[2] = c & M; c >>= 52; - VERIFY_BITS(r[2], 52); - VERIFY_BITS(c, 63); - /* [d 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - c += d * R + t3; - VERIFY_BITS(c, 100); - /* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[3] = c & M; c >>= 52; - VERIFY_BITS(r[3], 52); - VERIFY_BITS(c, 48); - /* [t4+c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - c += t4; - VERIFY_BITS(c, 49); - /* [c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[4] = c; - VERIFY_BITS(r[4], 49); - /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ -} - -SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t *a) { - uint128_t c, d; - uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; - int64_t t3, t4, tx, u0; - const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL; - - VERIFY_BITS(a[0], 56); - VERIFY_BITS(a[1], 56); - VERIFY_BITS(a[2], 56); - VERIFY_BITS(a[3], 56); - VERIFY_BITS(a[4], 52); - - /** [... a b c] is a shorthand for ... + a<<104 + b<<52 + c<<0 mod n. - * px is a shorthand for sum(a[i]*a[x-i], i=0..x). - * Note that [x 0 0 0 0 0] = [x*R]. - */ - - d = (uint128_t)(a0*2) * a3 - + (uint128_t)(a1*2) * a2; - VERIFY_BITS(d, 114); - /* [d 0 0 0] = [p3 0 0 0] */ - c = (uint128_t)a4 * a4; - VERIFY_BITS(c, 112); - /* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - d += (c & M) * R; c >>= 52; - VERIFY_BITS(d, 115); - VERIFY_BITS(c, 60); - /* [c 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - t3 = d & M; d >>= 52; - VERIFY_BITS(t3, 52); - VERIFY_BITS(d, 63); - /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - - a4 *= 2; - d += (uint128_t)a0 * a4 - + (uint128_t)(a1*2) * a3 - + (uint128_t)a2 * a2; - VERIFY_BITS(d, 115); - /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - d += c * R; - VERIFY_BITS(d, 116); - /* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - t4 = d & M; d >>= 52; - VERIFY_BITS(t4, 52); - VERIFY_BITS(d, 64); - /* [d t4 t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - tx = (t4 >> 48); t4 &= (M >> 4); - VERIFY_BITS(tx, 4); - VERIFY_BITS(t4, 48); - /* [d t4+(tx<<48) t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - - c = (uint128_t)a0 * a0; - VERIFY_BITS(c, 112); - /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 0 p4 p3 0 0 p0] */ - d += (uint128_t)a1 * a4 - + (uint128_t)(a2*2) * a3; - VERIFY_BITS(d, 114); - /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - u0 = d & M; d >>= 52; - VERIFY_BITS(u0, 52); - VERIFY_BITS(d, 62); - /* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - /* [d 0 t4+(tx<<48)+(u0<<52) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - u0 = (u0 << 4) | tx; - VERIFY_BITS(u0, 56); - /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - c += (uint128_t)u0 * (R >> 4); - VERIFY_BITS(c, 113); - /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - r[0] = c & M; c >>= 52; - VERIFY_BITS(r[0], 52); - VERIFY_BITS(c, 61); - /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 0 p0] */ - - a0 *= 2; - c += (uint128_t)a0 * a1; - VERIFY_BITS(c, 114); - /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 p1 p0] */ - d += (uint128_t)a2 * a4 - + (uint128_t)a3 * a3; - VERIFY_BITS(d, 114); - /* [d 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - c += (d & M) * R; d >>= 52; - VERIFY_BITS(c, 115); - VERIFY_BITS(d, 62); - /* [d 0 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - r[1] = c & M; c >>= 52; - VERIFY_BITS(r[1], 52); - VERIFY_BITS(c, 63); - /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - - c += (uint128_t)a0 * a2 - + (uint128_t)a1 * a1; - VERIFY_BITS(c, 114); - /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 p2 p1 p0] */ - d += (uint128_t)a3 * a4; - VERIFY_BITS(d, 114); - /* [d 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - c += (d & M) * R; d >>= 52; - VERIFY_BITS(c, 115); - VERIFY_BITS(d, 62); - /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[2] = c & M; c >>= 52; - VERIFY_BITS(r[2], 52); - VERIFY_BITS(c, 63); - /* [d 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - - c += d * R + t3; - VERIFY_BITS(c, 100); - /* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[3] = c & M; c >>= 52; - VERIFY_BITS(r[3], 52); - VERIFY_BITS(c, 48); - /* [t4+c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - c += t4; - VERIFY_BITS(c, 49); - /* [c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[4] = c; - VERIFY_BITS(r[4], 49); - /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ -} - -#endif /* SECP256K1_FIELD_INNER5X52_IMPL_H */ diff --git a/deps/secp256k1/src/field_impl.h b/deps/secp256k1/src/field_impl.h deleted file mode 100644 index 6070caccf..000000000 --- a/deps/secp256k1/src/field_impl.h +++ /dev/null @@ -1,318 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_FIELD_IMPL_H -#define SECP256K1_FIELD_IMPL_H - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -#include "util.h" -#include "num.h" - -#if defined(USE_FIELD_10X26) -#include "field_10x26_impl.h" -#elif defined(USE_FIELD_5X52) -#include "field_5x52_impl.h" -#else -#error "Please select field implementation" -#endif - -SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b) { - secp256k1_fe na; - secp256k1_fe_negate(&na, a, 1); - secp256k1_fe_add(&na, b); - return secp256k1_fe_normalizes_to_zero(&na); -} - -SECP256K1_INLINE static int secp256k1_fe_equal_var(const secp256k1_fe *a, const secp256k1_fe *b) { - secp256k1_fe na; - secp256k1_fe_negate(&na, a, 1); - secp256k1_fe_add(&na, b); - return secp256k1_fe_normalizes_to_zero_var(&na); -} - -static int secp256k1_fe_sqrt(secp256k1_fe *r, const secp256k1_fe *a) { - /** Given that p is congruent to 3 mod 4, we can compute the square root of - * a mod p as the (p+1)/4'th power of a. - * - * As (p+1)/4 is an even number, it will have the same result for a and for - * (-a). Only one of these two numbers actually has a square root however, - * so we test at the end by squaring and comparing to the input. - * Also because (p+1)/4 is an even number, the computed square root is - * itself always a square (a ** ((p+1)/4) is the square of a ** ((p+1)/8)). - */ - secp256k1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; - int j; - - VERIFY_CHECK(r != a); - - /** The binary representation of (p + 1)/4 has 3 blocks of 1s, with lengths in - * { 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block: - * 1, [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223] - */ - - secp256k1_fe_sqr(&x2, a); - secp256k1_fe_mul(&x2, &x2, a); - - secp256k1_fe_sqr(&x3, &x2); - secp256k1_fe_mul(&x3, &x3, a); - - x6 = x3; - for (j=0; j<3; j++) { - secp256k1_fe_sqr(&x6, &x6); - } - secp256k1_fe_mul(&x6, &x6, &x3); - - x9 = x6; - for (j=0; j<3; j++) { - secp256k1_fe_sqr(&x9, &x9); - } - secp256k1_fe_mul(&x9, &x9, &x3); - - x11 = x9; - for (j=0; j<2; j++) { - secp256k1_fe_sqr(&x11, &x11); - } - secp256k1_fe_mul(&x11, &x11, &x2); - - x22 = x11; - for (j=0; j<11; j++) { - secp256k1_fe_sqr(&x22, &x22); - } - secp256k1_fe_mul(&x22, &x22, &x11); - - x44 = x22; - for (j=0; j<22; j++) { - secp256k1_fe_sqr(&x44, &x44); - } - secp256k1_fe_mul(&x44, &x44, &x22); - - x88 = x44; - for (j=0; j<44; j++) { - secp256k1_fe_sqr(&x88, &x88); - } - secp256k1_fe_mul(&x88, &x88, &x44); - - x176 = x88; - for (j=0; j<88; j++) { - secp256k1_fe_sqr(&x176, &x176); - } - secp256k1_fe_mul(&x176, &x176, &x88); - - x220 = x176; - for (j=0; j<44; j++) { - secp256k1_fe_sqr(&x220, &x220); - } - secp256k1_fe_mul(&x220, &x220, &x44); - - x223 = x220; - for (j=0; j<3; j++) { - secp256k1_fe_sqr(&x223, &x223); - } - secp256k1_fe_mul(&x223, &x223, &x3); - - /* The final result is then assembled using a sliding window over the blocks. */ - - t1 = x223; - for (j=0; j<23; j++) { - secp256k1_fe_sqr(&t1, &t1); - } - secp256k1_fe_mul(&t1, &t1, &x22); - for (j=0; j<6; j++) { - secp256k1_fe_sqr(&t1, &t1); - } - secp256k1_fe_mul(&t1, &t1, &x2); - secp256k1_fe_sqr(&t1, &t1); - secp256k1_fe_sqr(r, &t1); - - /* Check that a square root was actually calculated */ - - secp256k1_fe_sqr(&t1, r); - return secp256k1_fe_equal(&t1, a); -} - -static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a) { - secp256k1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; - int j; - - /** The binary representation of (p - 2) has 5 blocks of 1s, with lengths in - * { 1, 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block: - * [1], [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223] - */ - - secp256k1_fe_sqr(&x2, a); - secp256k1_fe_mul(&x2, &x2, a); - - secp256k1_fe_sqr(&x3, &x2); - secp256k1_fe_mul(&x3, &x3, a); - - x6 = x3; - for (j=0; j<3; j++) { - secp256k1_fe_sqr(&x6, &x6); - } - secp256k1_fe_mul(&x6, &x6, &x3); - - x9 = x6; - for (j=0; j<3; j++) { - secp256k1_fe_sqr(&x9, &x9); - } - secp256k1_fe_mul(&x9, &x9, &x3); - - x11 = x9; - for (j=0; j<2; j++) { - secp256k1_fe_sqr(&x11, &x11); - } - secp256k1_fe_mul(&x11, &x11, &x2); - - x22 = x11; - for (j=0; j<11; j++) { - secp256k1_fe_sqr(&x22, &x22); - } - secp256k1_fe_mul(&x22, &x22, &x11); - - x44 = x22; - for (j=0; j<22; j++) { - secp256k1_fe_sqr(&x44, &x44); - } - secp256k1_fe_mul(&x44, &x44, &x22); - - x88 = x44; - for (j=0; j<44; j++) { - secp256k1_fe_sqr(&x88, &x88); - } - secp256k1_fe_mul(&x88, &x88, &x44); - - x176 = x88; - for (j=0; j<88; j++) { - secp256k1_fe_sqr(&x176, &x176); - } - secp256k1_fe_mul(&x176, &x176, &x88); - - x220 = x176; - for (j=0; j<44; j++) { - secp256k1_fe_sqr(&x220, &x220); - } - secp256k1_fe_mul(&x220, &x220, &x44); - - x223 = x220; - for (j=0; j<3; j++) { - secp256k1_fe_sqr(&x223, &x223); - } - secp256k1_fe_mul(&x223, &x223, &x3); - - /* The final result is then assembled using a sliding window over the blocks. */ - - t1 = x223; - for (j=0; j<23; j++) { - secp256k1_fe_sqr(&t1, &t1); - } - secp256k1_fe_mul(&t1, &t1, &x22); - for (j=0; j<5; j++) { - secp256k1_fe_sqr(&t1, &t1); - } - secp256k1_fe_mul(&t1, &t1, a); - for (j=0; j<3; j++) { - secp256k1_fe_sqr(&t1, &t1); - } - secp256k1_fe_mul(&t1, &t1, &x2); - for (j=0; j<2; j++) { - secp256k1_fe_sqr(&t1, &t1); - } - secp256k1_fe_mul(r, a, &t1); -} - -static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a) { -#if defined(USE_FIELD_INV_BUILTIN) - secp256k1_fe_inv(r, a); -#elif defined(USE_FIELD_INV_NUM) - secp256k1_num n, m; - static const secp256k1_fe negone = SECP256K1_FE_CONST( - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0xFFFFFC2EUL - ); - /* secp256k1 field prime, value p defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ - static const unsigned char prime[32] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F - }; - unsigned char b[32]; - int res; - secp256k1_fe c = *a; - secp256k1_fe_normalize_var(&c); - secp256k1_fe_get_b32(b, &c); - secp256k1_num_set_bin(&n, b, 32); - secp256k1_num_set_bin(&m, prime, 32); - secp256k1_num_mod_inverse(&n, &n, &m); - secp256k1_num_get_bin(b, 32, &n); - res = secp256k1_fe_set_b32(r, b); - (void)res; - VERIFY_CHECK(res); - /* Verify the result is the (unique) valid inverse using non-GMP code. */ - secp256k1_fe_mul(&c, &c, r); - secp256k1_fe_add(&c, &negone); - CHECK(secp256k1_fe_normalizes_to_zero_var(&c)); -#else -#error "Please select field inverse implementation" -#endif -} - -static void secp256k1_fe_inv_all_var(secp256k1_fe *r, const secp256k1_fe *a, size_t len) { - secp256k1_fe u; - size_t i; - if (len < 1) { - return; - } - - VERIFY_CHECK((r + len <= a) || (a + len <= r)); - - r[0] = a[0]; - - i = 0; - while (++i < len) { - secp256k1_fe_mul(&r[i], &r[i - 1], &a[i]); - } - - secp256k1_fe_inv_var(&u, &r[--i]); - - while (i > 0) { - size_t j = i--; - secp256k1_fe_mul(&r[j], &r[i], &u); - secp256k1_fe_mul(&u, &u, &a[j]); - } - - r[0] = u; -} - -static int secp256k1_fe_is_quad_var(const secp256k1_fe *a) { -#ifndef USE_NUM_NONE - unsigned char b[32]; - secp256k1_num n; - secp256k1_num m; - /* secp256k1 field prime, value p defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ - static const unsigned char prime[32] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F - }; - - secp256k1_fe c = *a; - secp256k1_fe_normalize_var(&c); - secp256k1_fe_get_b32(b, &c); - secp256k1_num_set_bin(&n, b, 32); - secp256k1_num_set_bin(&m, prime, 32); - return secp256k1_num_jacobi(&n, &m) >= 0; -#else - secp256k1_fe r; - return secp256k1_fe_sqrt(&r, a); -#endif -} - -#endif /* SECP256K1_FIELD_IMPL_H */ diff --git a/deps/secp256k1/src/gen_context.c b/deps/secp256k1/src/gen_context.c deleted file mode 100644 index 539f574bf..000000000 --- a/deps/secp256k1/src/gen_context.c +++ /dev/null @@ -1,87 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014, 2015 Thomas Daede, Cory Fields * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -// Autotools creates libsecp256k1-config.h, of which ECMULT_GEN_PREC_BITS is needed. -// ifndef guard so downstream users can define their own if they do not use autotools. -#if !defined(ECMULT_GEN_PREC_BITS) -#include "libsecp256k1-config.h" -#endif -#define USE_BASIC_CONFIG 1 -#include "basic-config.h" - -#include "include/secp256k1.h" -#include "util.h" -#include "field_impl.h" -#include "scalar_impl.h" -#include "group_impl.h" -#include "ecmult_gen_impl.h" - -static void default_error_callback_fn(const char* str, void* data) { - (void)data; - fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str); - abort(); -} - -static const secp256k1_callback default_error_callback = { - default_error_callback_fn, - NULL -}; - -int main(int argc, char **argv) { - secp256k1_ecmult_gen_context ctx; - void *prealloc, *base; - int inner; - int outer; - FILE* fp; - - (void)argc; - (void)argv; - - fp = fopen("src/ecmult_static_context.h","w"); - if (fp == NULL) { - fprintf(stderr, "Could not open src/ecmult_static_context.h for writing!\n"); - return -1; - } - - fprintf(fp, "#ifndef _SECP256K1_ECMULT_STATIC_CONTEXT_\n"); - fprintf(fp, "#define _SECP256K1_ECMULT_STATIC_CONTEXT_\n"); - fprintf(fp, "#include \"src/group.h\"\n"); - fprintf(fp, "#define SC SECP256K1_GE_STORAGE_CONST\n"); - fprintf(fp, "#if ECMULT_GEN_PREC_N != %d || ECMULT_GEN_PREC_G != %d\n", ECMULT_GEN_PREC_N, ECMULT_GEN_PREC_G); - fprintf(fp, " #error configuration mismatch, invalid ECMULT_GEN_PREC_N, ECMULT_GEN_PREC_G. Try deleting ecmult_static_context.h before the build.\n"); - fprintf(fp, "#endif\n"); - fprintf(fp, "static const secp256k1_ge_storage secp256k1_ecmult_static_context[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G] = {\n"); - - base = checked_malloc(&default_error_callback, SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE); - prealloc = base; - secp256k1_ecmult_gen_context_init(&ctx); - secp256k1_ecmult_gen_context_build(&ctx, &prealloc); - for(outer = 0; outer != ECMULT_GEN_PREC_N; outer++) { - fprintf(fp,"{\n"); - for(inner = 0; inner != ECMULT_GEN_PREC_G; inner++) { - fprintf(fp," SC(%uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu)", SECP256K1_GE_STORAGE_CONST_GET((*ctx.prec)[outer][inner])); - if (inner != ECMULT_GEN_PREC_G - 1) { - fprintf(fp,",\n"); - } else { - fprintf(fp,"\n"); - } - } - if (outer != ECMULT_GEN_PREC_N - 1) { - fprintf(fp,"},\n"); - } else { - fprintf(fp,"}\n"); - } - } - fprintf(fp,"};\n"); - secp256k1_ecmult_gen_context_clear(&ctx); - free(base); - - fprintf(fp, "#undef SC\n"); - fprintf(fp, "#endif\n"); - fclose(fp); - - return 0; -} diff --git a/deps/secp256k1/src/group.h b/deps/secp256k1/src/group.h deleted file mode 100644 index 8e122ab42..000000000 --- a/deps/secp256k1/src/group.h +++ /dev/null @@ -1,142 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_GROUP_H -#define SECP256K1_GROUP_H - -#include "num.h" -#include "field.h" - -/** A group element of the secp256k1 curve, in affine coordinates. */ -typedef struct { - secp256k1_fe x; - secp256k1_fe y; - int infinity; /* whether this represents the point at infinity */ -} secp256k1_ge; - -#define SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), 0} -#define SECP256K1_GE_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} - -/** A group element of the secp256k1 curve, in jacobian coordinates. */ -typedef struct { - secp256k1_fe x; /* actual X: x/z^2 */ - secp256k1_fe y; /* actual Y: y/z^3 */ - secp256k1_fe z; - int infinity; /* whether this represents the point at infinity */ -} secp256k1_gej; - -#define SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1), 0} -#define SECP256K1_GEJ_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} - -typedef struct { - secp256k1_fe_storage x; - secp256k1_fe_storage y; -} secp256k1_ge_storage; - -#define SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_STORAGE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_STORAGE_CONST((i),(j),(k),(l),(m),(n),(o),(p))} - -#define SECP256K1_GE_STORAGE_CONST_GET(t) SECP256K1_FE_STORAGE_CONST_GET(t.x), SECP256K1_FE_STORAGE_CONST_GET(t.y) - -/** Set a group element equal to the point with given X and Y coordinates */ -static void secp256k1_ge_set_xy(secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y); - -/** Set a group element (affine) equal to the point with the given X coordinate - * and a Y coordinate that is a quadratic residue modulo p. The return value - * is true iff a coordinate with the given X coordinate exists. - */ -static int secp256k1_ge_set_xquad(secp256k1_ge *r, const secp256k1_fe *x); - -/** Set a group element (affine) equal to the point with the given X coordinate, and given oddness - * for Y. Return value indicates whether the result is valid. */ -static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd); - -/** Check whether a group element is the point at infinity. */ -static int secp256k1_ge_is_infinity(const secp256k1_ge *a); - -/** Check whether a group element is valid (i.e., on the curve). */ -static int secp256k1_ge_is_valid_var(const secp256k1_ge *a); - -static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a); - -/** Set a group element equal to another which is given in jacobian coordinates */ -static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a); - -/** Set a batch of group elements equal to the inputs given in jacobian coordinates */ -static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len); - -/** Bring a batch inputs given in jacobian coordinates (with known z-ratios) to - * the same global z "denominator". zr must contain the known z-ratios such - * that mul(a[i].z, zr[i+1]) == a[i+1].z. zr[0] is ignored. The x and y - * coordinates of the result are stored in r, the common z coordinate is - * stored in globalz. */ -static void secp256k1_ge_globalz_set_table_gej(size_t len, secp256k1_ge *r, secp256k1_fe *globalz, const secp256k1_gej *a, const secp256k1_fe *zr); - -/** Set a group element (affine) equal to the point at infinity. */ -static void secp256k1_ge_set_infinity(secp256k1_ge *r); - -/** Set a group element (jacobian) equal to the point at infinity. */ -static void secp256k1_gej_set_infinity(secp256k1_gej *r); - -/** Set a group element (jacobian) equal to another which is given in affine coordinates. */ -static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a); - -/** Compare the X coordinate of a group element (jacobian). */ -static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a); - -/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */ -static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a); - -/** Check whether a group element is the point at infinity. */ -static int secp256k1_gej_is_infinity(const secp256k1_gej *a); - -/** Check whether a group element's y coordinate is a quadratic residue. */ -static int secp256k1_gej_has_quad_y_var(const secp256k1_gej *a); - -/** Set r equal to the double of a. If rzr is not-NULL, r->z = a->z * *rzr (where infinity means an implicit z = 0). - * a may not be zero. Constant time. */ -static void secp256k1_gej_double_nonzero(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr); - -/** Set r equal to the double of a. If rzr is not-NULL, r->z = a->z * *rzr (where infinity means an implicit z = 0). */ -static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr); - -/** Set r equal to the sum of a and b. If rzr is non-NULL, r->z = a->z * *rzr (a cannot be infinity in that case). */ -static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr); - -/** Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). */ -static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b); - -/** Set r equal to the sum of a and b (with b given in affine coordinates). This is more efficient - than secp256k1_gej_add_var. It is identical to secp256k1_gej_add_ge but without constant-time - guarantee, and b is allowed to be infinity. If rzr is non-NULL, r->z = a->z * *rzr (a cannot be infinity in that case). */ -static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr); - -/** Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv). */ -static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv); - -#ifdef USE_ENDOMORPHISM -/** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */ -static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a); -#endif - -/** Clear a secp256k1_gej to prevent leaking sensitive information. */ -static void secp256k1_gej_clear(secp256k1_gej *r); - -/** Clear a secp256k1_ge to prevent leaking sensitive information. */ -static void secp256k1_ge_clear(secp256k1_ge *r); - -/** Convert a group element to the storage type. */ -static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a); - -/** Convert a group element back from the storage type. */ -static void secp256k1_ge_from_storage(secp256k1_ge *r, const secp256k1_ge_storage *a); - -/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. */ -static void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag); - -/** Rescale a jacobian point by b which must be non-zero. Constant-time. */ -static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *b); - -#endif /* SECP256K1_GROUP_H */ diff --git a/deps/secp256k1/src/group_impl.h b/deps/secp256k1/src/group_impl.h deleted file mode 100644 index 9b93c39e9..000000000 --- a/deps/secp256k1/src/group_impl.h +++ /dev/null @@ -1,705 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_GROUP_IMPL_H -#define SECP256K1_GROUP_IMPL_H - -#include "num.h" -#include "field.h" -#include "group.h" - -/* These points can be generated in sage as follows: - * - * 0. Setup a worksheet with the following parameters. - * b = 4 # whatever CURVE_B will be set to - * F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) - * C = EllipticCurve ([F (0), F (b)]) - * - * 1. Determine all the small orders available to you. (If there are - * no satisfactory ones, go back and change b.) - * print C.order().factor(limit=1000) - * - * 2. Choose an order as one of the prime factors listed in the above step. - * (You can also multiply some to get a composite order, though the - * tests will crash trying to invert scalars during signing.) We take a - * random point and scale it to drop its order to the desired value. - * There is some probability this won't work; just try again. - * order = 199 - * P = C.random_point() - * P = (int(P.order()) / int(order)) * P - * assert(P.order() == order) - * - * 3. Print the values. You'll need to use a vim macro or something to - * split the hex output into 4-byte chunks. - * print "%x %x" % P.xy() - */ -#if defined(EXHAUSTIVE_TEST_ORDER) -# if EXHAUSTIVE_TEST_ORDER == 199 -static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( - 0xFA7CC9A7, 0x0737F2DB, 0xA749DD39, 0x2B4FB069, - 0x3B017A7D, 0xA808C2F1, 0xFB12940C, 0x9EA66C18, - 0x78AC123A, 0x5ED8AEF3, 0x8732BC91, 0x1F3A2868, - 0x48DF246C, 0x808DAE72, 0xCFE52572, 0x7F0501ED -); - -static const int CURVE_B = 4; -# elif EXHAUSTIVE_TEST_ORDER == 13 -static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( - 0xedc60018, 0xa51a786b, 0x2ea91f4d, 0x4c9416c0, - 0x9de54c3b, 0xa1316554, 0x6cf4345c, 0x7277ef15, - 0x54cb1b6b, 0xdc8c1273, 0x087844ea, 0x43f4603e, - 0x0eaf9a43, 0xf6effe55, 0x939f806d, 0x37adf8ac -); -static const int CURVE_B = 2; -# else -# error No known generator for the specified exhaustive test group order. -# endif -#else -/** Generator for secp256k1, value 'g' defined in - * "Standards for Efficient Cryptography" (SEC2) 2.7.1. - */ -static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( - 0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL, - 0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL, - 0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL, - 0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL -); - -static const int CURVE_B = 7; -#endif - -static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) { - secp256k1_fe zi2; - secp256k1_fe zi3; - secp256k1_fe_sqr(&zi2, zi); - secp256k1_fe_mul(&zi3, &zi2, zi); - secp256k1_fe_mul(&r->x, &a->x, &zi2); - secp256k1_fe_mul(&r->y, &a->y, &zi3); - r->infinity = a->infinity; -} - -static void secp256k1_ge_set_xy(secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y) { - r->infinity = 0; - r->x = *x; - r->y = *y; -} - -static int secp256k1_ge_is_infinity(const secp256k1_ge *a) { - return a->infinity; -} - -static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a) { - *r = *a; - secp256k1_fe_normalize_weak(&r->y); - secp256k1_fe_negate(&r->y, &r->y, 1); -} - -static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a) { - secp256k1_fe z2, z3; - r->infinity = a->infinity; - secp256k1_fe_inv(&a->z, &a->z); - secp256k1_fe_sqr(&z2, &a->z); - secp256k1_fe_mul(&z3, &a->z, &z2); - secp256k1_fe_mul(&a->x, &a->x, &z2); - secp256k1_fe_mul(&a->y, &a->y, &z3); - secp256k1_fe_set_int(&a->z, 1); - r->x = a->x; - r->y = a->y; -} - -static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a) { - secp256k1_fe z2, z3; - r->infinity = a->infinity; - if (a->infinity) { - return; - } - secp256k1_fe_inv_var(&a->z, &a->z); - secp256k1_fe_sqr(&z2, &a->z); - secp256k1_fe_mul(&z3, &a->z, &z2); - secp256k1_fe_mul(&a->x, &a->x, &z2); - secp256k1_fe_mul(&a->y, &a->y, &z3); - secp256k1_fe_set_int(&a->z, 1); - r->x = a->x; - r->y = a->y; -} - -static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len) { - secp256k1_fe u; - size_t i; - size_t last_i = SIZE_MAX; - - for (i = 0; i < len; i++) { - if (!a[i].infinity) { - /* Use destination's x coordinates as scratch space */ - if (last_i == SIZE_MAX) { - r[i].x = a[i].z; - } else { - secp256k1_fe_mul(&r[i].x, &r[last_i].x, &a[i].z); - } - last_i = i; - } - } - if (last_i == SIZE_MAX) { - return; - } - secp256k1_fe_inv_var(&u, &r[last_i].x); - - i = last_i; - while (i > 0) { - i--; - if (!a[i].infinity) { - secp256k1_fe_mul(&r[last_i].x, &r[i].x, &u); - secp256k1_fe_mul(&u, &u, &a[last_i].z); - last_i = i; - } - } - VERIFY_CHECK(!a[last_i].infinity); - r[last_i].x = u; - - for (i = 0; i < len; i++) { - r[i].infinity = a[i].infinity; - if (!a[i].infinity) { - secp256k1_ge_set_gej_zinv(&r[i], &a[i], &r[i].x); - } - } -} - -static void secp256k1_ge_globalz_set_table_gej(size_t len, secp256k1_ge *r, secp256k1_fe *globalz, const secp256k1_gej *a, const secp256k1_fe *zr) { - size_t i = len - 1; - secp256k1_fe zs; - - if (len > 0) { - /* The z of the final point gives us the "global Z" for the table. */ - r[i].x = a[i].x; - r[i].y = a[i].y; - /* Ensure all y values are in weak normal form for fast negation of points */ - secp256k1_fe_normalize_weak(&r[i].y); - *globalz = a[i].z; - r[i].infinity = 0; - zs = zr[i]; - - /* Work our way backwards, using the z-ratios to scale the x/y values. */ - while (i > 0) { - if (i != len - 1) { - secp256k1_fe_mul(&zs, &zs, &zr[i]); - } - i--; - secp256k1_ge_set_gej_zinv(&r[i], &a[i], &zs); - } - } -} - -static void secp256k1_gej_set_infinity(secp256k1_gej *r) { - r->infinity = 1; - secp256k1_fe_clear(&r->x); - secp256k1_fe_clear(&r->y); - secp256k1_fe_clear(&r->z); -} - -static void secp256k1_ge_set_infinity(secp256k1_ge *r) { - r->infinity = 1; - secp256k1_fe_clear(&r->x); - secp256k1_fe_clear(&r->y); -} - -static void secp256k1_gej_clear(secp256k1_gej *r) { - r->infinity = 0; - secp256k1_fe_clear(&r->x); - secp256k1_fe_clear(&r->y); - secp256k1_fe_clear(&r->z); -} - -static void secp256k1_ge_clear(secp256k1_ge *r) { - r->infinity = 0; - secp256k1_fe_clear(&r->x); - secp256k1_fe_clear(&r->y); -} - -static int secp256k1_ge_set_xquad(secp256k1_ge *r, const secp256k1_fe *x) { - secp256k1_fe x2, x3, c; - r->x = *x; - secp256k1_fe_sqr(&x2, x); - secp256k1_fe_mul(&x3, x, &x2); - r->infinity = 0; - secp256k1_fe_set_int(&c, CURVE_B); - secp256k1_fe_add(&c, &x3); - return secp256k1_fe_sqrt(&r->y, &c); -} - -static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd) { - if (!secp256k1_ge_set_xquad(r, x)) { - return 0; - } - secp256k1_fe_normalize_var(&r->y); - if (secp256k1_fe_is_odd(&r->y) != odd) { - secp256k1_fe_negate(&r->y, &r->y, 1); - } - return 1; - -} - -static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a) { - r->infinity = a->infinity; - r->x = a->x; - r->y = a->y; - secp256k1_fe_set_int(&r->z, 1); -} - -static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a) { - secp256k1_fe r, r2; - VERIFY_CHECK(!a->infinity); - secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x); - r2 = a->x; secp256k1_fe_normalize_weak(&r2); - return secp256k1_fe_equal_var(&r, &r2); -} - -static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a) { - r->infinity = a->infinity; - r->x = a->x; - r->y = a->y; - r->z = a->z; - secp256k1_fe_normalize_weak(&r->y); - secp256k1_fe_negate(&r->y, &r->y, 1); -} - -static int secp256k1_gej_is_infinity(const secp256k1_gej *a) { - return a->infinity; -} - -static int secp256k1_gej_is_valid_var(const secp256k1_gej *a) { - secp256k1_fe y2, x3, z2, z6; - if (a->infinity) { - return 0; - } - /** y^2 = x^3 + 7 - * (Y/Z^3)^2 = (X/Z^2)^3 + 7 - * Y^2 / Z^6 = X^3 / Z^6 + 7 - * Y^2 = X^3 + 7*Z^6 - */ - secp256k1_fe_sqr(&y2, &a->y); - secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); - secp256k1_fe_sqr(&z2, &a->z); - secp256k1_fe_sqr(&z6, &z2); secp256k1_fe_mul(&z6, &z6, &z2); - secp256k1_fe_mul_int(&z6, CURVE_B); - secp256k1_fe_add(&x3, &z6); - secp256k1_fe_normalize_weak(&x3); - return secp256k1_fe_equal_var(&y2, &x3); -} - -static int secp256k1_ge_is_valid_var(const secp256k1_ge *a) { - secp256k1_fe y2, x3, c; - if (a->infinity) { - return 0; - } - /* y^2 = x^3 + 7 */ - secp256k1_fe_sqr(&y2, &a->y); - secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); - secp256k1_fe_set_int(&c, CURVE_B); - secp256k1_fe_add(&x3, &c); - secp256k1_fe_normalize_weak(&x3); - return secp256k1_fe_equal_var(&y2, &x3); -} - -static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr) { - /* Operations: 3 mul, 4 sqr, 0 normalize, 12 mul_int/add/negate. - * - * Note that there is an implementation described at - * https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l - * which trades a multiply for a square, but in practice this is actually slower, - * mainly because it requires more normalizations. - */ - secp256k1_fe t1,t2,t3,t4; - /** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, - * Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have - * y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p. - * - * Having said this, if this function receives a point on a sextic twist, e.g. by - * a fault attack, it is possible for y to be 0. This happens for y^2 = x^3 + 6, - * since -6 does have a cube root mod p. For this point, this function will not set - * the infinity flag even though the point doubles to infinity, and the result - * point will be gibberish (z = 0 but infinity = 0). - */ - r->infinity = a->infinity; - if (r->infinity) { - if (rzr != NULL) { - secp256k1_fe_set_int(rzr, 1); - } - return; - } - - if (rzr != NULL) { - *rzr = a->y; - secp256k1_fe_normalize_weak(rzr); - secp256k1_fe_mul_int(rzr, 2); - } - - secp256k1_fe_mul(&r->z, &a->z, &a->y); - secp256k1_fe_mul_int(&r->z, 2); /* Z' = 2*Y*Z (2) */ - secp256k1_fe_sqr(&t1, &a->x); - secp256k1_fe_mul_int(&t1, 3); /* T1 = 3*X^2 (3) */ - secp256k1_fe_sqr(&t2, &t1); /* T2 = 9*X^4 (1) */ - secp256k1_fe_sqr(&t3, &a->y); - secp256k1_fe_mul_int(&t3, 2); /* T3 = 2*Y^2 (2) */ - secp256k1_fe_sqr(&t4, &t3); - secp256k1_fe_mul_int(&t4, 2); /* T4 = 8*Y^4 (2) */ - secp256k1_fe_mul(&t3, &t3, &a->x); /* T3 = 2*X*Y^2 (1) */ - r->x = t3; - secp256k1_fe_mul_int(&r->x, 4); /* X' = 8*X*Y^2 (4) */ - secp256k1_fe_negate(&r->x, &r->x, 4); /* X' = -8*X*Y^2 (5) */ - secp256k1_fe_add(&r->x, &t2); /* X' = 9*X^4 - 8*X*Y^2 (6) */ - secp256k1_fe_negate(&t2, &t2, 1); /* T2 = -9*X^4 (2) */ - secp256k1_fe_mul_int(&t3, 6); /* T3 = 12*X*Y^2 (6) */ - secp256k1_fe_add(&t3, &t2); /* T3 = 12*X*Y^2 - 9*X^4 (8) */ - secp256k1_fe_mul(&r->y, &t1, &t3); /* Y' = 36*X^3*Y^2 - 27*X^6 (1) */ - secp256k1_fe_negate(&t2, &t4, 2); /* T2 = -8*Y^4 (3) */ - secp256k1_fe_add(&r->y, &t2); /* Y' = 36*X^3*Y^2 - 27*X^6 - 8*Y^4 (4) */ -} - -static SECP256K1_INLINE void secp256k1_gej_double_nonzero(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr) { - VERIFY_CHECK(!secp256k1_gej_is_infinity(a)); - secp256k1_gej_double_var(r, a, rzr); -} - -static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr) { - /* Operations: 12 mul, 4 sqr, 2 normalize, 12 mul_int/add/negate */ - secp256k1_fe z22, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; - - if (a->infinity) { - VERIFY_CHECK(rzr == NULL); - *r = *b; - return; - } - - if (b->infinity) { - if (rzr != NULL) { - secp256k1_fe_set_int(rzr, 1); - } - *r = *a; - return; - } - - r->infinity = 0; - secp256k1_fe_sqr(&z22, &b->z); - secp256k1_fe_sqr(&z12, &a->z); - secp256k1_fe_mul(&u1, &a->x, &z22); - secp256k1_fe_mul(&u2, &b->x, &z12); - secp256k1_fe_mul(&s1, &a->y, &z22); secp256k1_fe_mul(&s1, &s1, &b->z); - secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); - secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); - secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); - if (secp256k1_fe_normalizes_to_zero_var(&h)) { - if (secp256k1_fe_normalizes_to_zero_var(&i)) { - secp256k1_gej_double_var(r, a, rzr); - } else { - if (rzr != NULL) { - secp256k1_fe_set_int(rzr, 0); - } - r->infinity = 1; - } - return; - } - secp256k1_fe_sqr(&i2, &i); - secp256k1_fe_sqr(&h2, &h); - secp256k1_fe_mul(&h3, &h, &h2); - secp256k1_fe_mul(&h, &h, &b->z); - if (rzr != NULL) { - *rzr = h; - } - secp256k1_fe_mul(&r->z, &a->z, &h); - secp256k1_fe_mul(&t, &u1, &h2); - r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); - secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); - secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); - secp256k1_fe_add(&r->y, &h3); -} - -static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr) { - /* 8 mul, 3 sqr, 4 normalize, 12 mul_int/add/negate */ - secp256k1_fe z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; - if (a->infinity) { - VERIFY_CHECK(rzr == NULL); - secp256k1_gej_set_ge(r, b); - return; - } - if (b->infinity) { - if (rzr != NULL) { - secp256k1_fe_set_int(rzr, 1); - } - *r = *a; - return; - } - r->infinity = 0; - - secp256k1_fe_sqr(&z12, &a->z); - u1 = a->x; secp256k1_fe_normalize_weak(&u1); - secp256k1_fe_mul(&u2, &b->x, &z12); - s1 = a->y; secp256k1_fe_normalize_weak(&s1); - secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); - secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); - secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); - if (secp256k1_fe_normalizes_to_zero_var(&h)) { - if (secp256k1_fe_normalizes_to_zero_var(&i)) { - secp256k1_gej_double_var(r, a, rzr); - } else { - if (rzr != NULL) { - secp256k1_fe_set_int(rzr, 0); - } - r->infinity = 1; - } - return; - } - secp256k1_fe_sqr(&i2, &i); - secp256k1_fe_sqr(&h2, &h); - secp256k1_fe_mul(&h3, &h, &h2); - if (rzr != NULL) { - *rzr = h; - } - secp256k1_fe_mul(&r->z, &a->z, &h); - secp256k1_fe_mul(&t, &u1, &h2); - r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); - secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); - secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); - secp256k1_fe_add(&r->y, &h3); -} - -static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv) { - /* 9 mul, 3 sqr, 4 normalize, 12 mul_int/add/negate */ - secp256k1_fe az, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; - - if (b->infinity) { - *r = *a; - return; - } - if (a->infinity) { - secp256k1_fe bzinv2, bzinv3; - r->infinity = b->infinity; - secp256k1_fe_sqr(&bzinv2, bzinv); - secp256k1_fe_mul(&bzinv3, &bzinv2, bzinv); - secp256k1_fe_mul(&r->x, &b->x, &bzinv2); - secp256k1_fe_mul(&r->y, &b->y, &bzinv3); - secp256k1_fe_set_int(&r->z, 1); - return; - } - r->infinity = 0; - - /** We need to calculate (rx,ry,rz) = (ax,ay,az) + (bx,by,1/bzinv). Due to - * secp256k1's isomorphism we can multiply the Z coordinates on both sides - * by bzinv, and get: (rx,ry,rz*bzinv) = (ax,ay,az*bzinv) + (bx,by,1). - * This means that (rx,ry,rz) can be calculated as - * (ax,ay,az*bzinv) + (bx,by,1), when not applying the bzinv factor to rz. - * The variable az below holds the modified Z coordinate for a, which is used - * for the computation of rx and ry, but not for rz. - */ - secp256k1_fe_mul(&az, &a->z, bzinv); - - secp256k1_fe_sqr(&z12, &az); - u1 = a->x; secp256k1_fe_normalize_weak(&u1); - secp256k1_fe_mul(&u2, &b->x, &z12); - s1 = a->y; secp256k1_fe_normalize_weak(&s1); - secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &az); - secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); - secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); - if (secp256k1_fe_normalizes_to_zero_var(&h)) { - if (secp256k1_fe_normalizes_to_zero_var(&i)) { - secp256k1_gej_double_var(r, a, NULL); - } else { - r->infinity = 1; - } - return; - } - secp256k1_fe_sqr(&i2, &i); - secp256k1_fe_sqr(&h2, &h); - secp256k1_fe_mul(&h3, &h, &h2); - r->z = a->z; secp256k1_fe_mul(&r->z, &r->z, &h); - secp256k1_fe_mul(&t, &u1, &h2); - r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); - secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); - secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); - secp256k1_fe_add(&r->y, &h3); -} - - -static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b) { - /* Operations: 7 mul, 5 sqr, 4 normalize, 21 mul_int/add/negate/cmov */ - static const secp256k1_fe fe_1 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); - secp256k1_fe zz, u1, u2, s1, s2, t, tt, m, n, q, rr; - secp256k1_fe m_alt, rr_alt; - int infinity, degenerate; - VERIFY_CHECK(!b->infinity); - VERIFY_CHECK(a->infinity == 0 || a->infinity == 1); - - /** In: - * Eric Brier and Marc Joye, Weierstrass Elliptic Curves and Side-Channel Attacks. - * In D. Naccache and P. Paillier, Eds., Public Key Cryptography, vol. 2274 of Lecture Notes in Computer Science, pages 335-345. Springer-Verlag, 2002. - * we find as solution for a unified addition/doubling formula: - * lambda = ((x1 + x2)^2 - x1 * x2 + a) / (y1 + y2), with a = 0 for secp256k1's curve equation. - * x3 = lambda^2 - (x1 + x2) - * 2*y3 = lambda * (x1 + x2 - 2 * x3) - (y1 + y2). - * - * Substituting x_i = Xi / Zi^2 and yi = Yi / Zi^3, for i=1,2,3, gives: - * U1 = X1*Z2^2, U2 = X2*Z1^2 - * S1 = Y1*Z2^3, S2 = Y2*Z1^3 - * Z = Z1*Z2 - * T = U1+U2 - * M = S1+S2 - * Q = T*M^2 - * R = T^2-U1*U2 - * X3 = 4*(R^2-Q) - * Y3 = 4*(R*(3*Q-2*R^2)-M^4) - * Z3 = 2*M*Z - * (Note that the paper uses xi = Xi / Zi and yi = Yi / Zi instead.) - * - * This formula has the benefit of being the same for both addition - * of distinct points and doubling. However, it breaks down in the - * case that either point is infinity, or that y1 = -y2. We handle - * these cases in the following ways: - * - * - If b is infinity we simply bail by means of a VERIFY_CHECK. - * - * - If a is infinity, we detect this, and at the end of the - * computation replace the result (which will be meaningless, - * but we compute to be constant-time) with b.x : b.y : 1. - * - * - If a = -b, we have y1 = -y2, which is a degenerate case. - * But here the answer is infinity, so we simply set the - * infinity flag of the result, overriding the computed values - * without even needing to cmov. - * - * - If y1 = -y2 but x1 != x2, which does occur thanks to certain - * properties of our curve (specifically, 1 has nontrivial cube - * roots in our field, and the curve equation has no x coefficient) - * then the answer is not infinity but also not given by the above - * equation. In this case, we cmov in place an alternate expression - * for lambda. Specifically (y1 - y2)/(x1 - x2). Where both these - * expressions for lambda are defined, they are equal, and can be - * obtained from each other by multiplication by (y1 + y2)/(y1 + y2) - * then substitution of x^3 + 7 for y^2 (using the curve equation). - * For all pairs of nonzero points (a, b) at least one is defined, - * so this covers everything. - */ - - secp256k1_fe_sqr(&zz, &a->z); /* z = Z1^2 */ - u1 = a->x; secp256k1_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */ - secp256k1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */ - s1 = a->y; secp256k1_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */ - secp256k1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z1^2 (1) */ - secp256k1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */ - t = u1; secp256k1_fe_add(&t, &u2); /* t = T = U1+U2 (2) */ - m = s1; secp256k1_fe_add(&m, &s2); /* m = M = S1+S2 (2) */ - secp256k1_fe_sqr(&rr, &t); /* rr = T^2 (1) */ - secp256k1_fe_negate(&m_alt, &u2, 1); /* Malt = -X2*Z1^2 */ - secp256k1_fe_mul(&tt, &u1, &m_alt); /* tt = -U1*U2 (2) */ - secp256k1_fe_add(&rr, &tt); /* rr = R = T^2-U1*U2 (3) */ - /** If lambda = R/M = 0/0 we have a problem (except in the "trivial" - * case that Z = z1z2 = 0, and this is special-cased later on). */ - degenerate = secp256k1_fe_normalizes_to_zero(&m) & - secp256k1_fe_normalizes_to_zero(&rr); - /* This only occurs when y1 == -y2 and x1^3 == x2^3, but x1 != x2. - * This means either x1 == beta*x2 or beta*x1 == x2, where beta is - * a nontrivial cube root of one. In either case, an alternate - * non-indeterminate expression for lambda is (y1 - y2)/(x1 - x2), - * so we set R/M equal to this. */ - rr_alt = s1; - secp256k1_fe_mul_int(&rr_alt, 2); /* rr = Y1*Z2^3 - Y2*Z1^3 (2) */ - secp256k1_fe_add(&m_alt, &u1); /* Malt = X1*Z2^2 - X2*Z1^2 */ - - secp256k1_fe_cmov(&rr_alt, &rr, !degenerate); - secp256k1_fe_cmov(&m_alt, &m, !degenerate); - /* Now Ralt / Malt = lambda and is guaranteed not to be 0/0. - * From here on out Ralt and Malt represent the numerator - * and denominator of lambda; R and M represent the explicit - * expressions x1^2 + x2^2 + x1x2 and y1 + y2. */ - secp256k1_fe_sqr(&n, &m_alt); /* n = Malt^2 (1) */ - secp256k1_fe_mul(&q, &n, &t); /* q = Q = T*Malt^2 (1) */ - /* These two lines use the observation that either M == Malt or M == 0, - * so M^3 * Malt is either Malt^4 (which is computed by squaring), or - * zero (which is "computed" by cmov). So the cost is one squaring - * versus two multiplications. */ - secp256k1_fe_sqr(&n, &n); - secp256k1_fe_cmov(&n, &m, degenerate); /* n = M^3 * Malt (2) */ - secp256k1_fe_sqr(&t, &rr_alt); /* t = Ralt^2 (1) */ - secp256k1_fe_mul(&r->z, &a->z, &m_alt); /* r->z = Malt*Z (1) */ - infinity = secp256k1_fe_normalizes_to_zero(&r->z) * (1 - a->infinity); - secp256k1_fe_mul_int(&r->z, 2); /* r->z = Z3 = 2*Malt*Z (2) */ - secp256k1_fe_negate(&q, &q, 1); /* q = -Q (2) */ - secp256k1_fe_add(&t, &q); /* t = Ralt^2-Q (3) */ - secp256k1_fe_normalize_weak(&t); - r->x = t; /* r->x = Ralt^2-Q (1) */ - secp256k1_fe_mul_int(&t, 2); /* t = 2*x3 (2) */ - secp256k1_fe_add(&t, &q); /* t = 2*x3 - Q: (4) */ - secp256k1_fe_mul(&t, &t, &rr_alt); /* t = Ralt*(2*x3 - Q) (1) */ - secp256k1_fe_add(&t, &n); /* t = Ralt*(2*x3 - Q) + M^3*Malt (3) */ - secp256k1_fe_negate(&r->y, &t, 3); /* r->y = Ralt*(Q - 2x3) - M^3*Malt (4) */ - secp256k1_fe_normalize_weak(&r->y); - secp256k1_fe_mul_int(&r->x, 4); /* r->x = X3 = 4*(Ralt^2-Q) */ - secp256k1_fe_mul_int(&r->y, 4); /* r->y = Y3 = 4*Ralt*(Q - 2x3) - 4*M^3*Malt (4) */ - - /** In case a->infinity == 1, replace r with (b->x, b->y, 1). */ - secp256k1_fe_cmov(&r->x, &b->x, a->infinity); - secp256k1_fe_cmov(&r->y, &b->y, a->infinity); - secp256k1_fe_cmov(&r->z, &fe_1, a->infinity); - r->infinity = infinity; -} - -static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *s) { - /* Operations: 4 mul, 1 sqr */ - secp256k1_fe zz; - VERIFY_CHECK(!secp256k1_fe_is_zero(s)); - secp256k1_fe_sqr(&zz, s); - secp256k1_fe_mul(&r->x, &r->x, &zz); /* r->x *= s^2 */ - secp256k1_fe_mul(&r->y, &r->y, &zz); - secp256k1_fe_mul(&r->y, &r->y, s); /* r->y *= s^3 */ - secp256k1_fe_mul(&r->z, &r->z, s); /* r->z *= s */ -} - -static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a) { - secp256k1_fe x, y; - VERIFY_CHECK(!a->infinity); - x = a->x; - secp256k1_fe_normalize(&x); - y = a->y; - secp256k1_fe_normalize(&y); - secp256k1_fe_to_storage(&r->x, &x); - secp256k1_fe_to_storage(&r->y, &y); -} - -static void secp256k1_ge_from_storage(secp256k1_ge *r, const secp256k1_ge_storage *a) { - secp256k1_fe_from_storage(&r->x, &a->x); - secp256k1_fe_from_storage(&r->y, &a->y); - r->infinity = 0; -} - -static SECP256K1_INLINE void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag) { - secp256k1_fe_storage_cmov(&r->x, &a->x, flag); - secp256k1_fe_storage_cmov(&r->y, &a->y, flag); -} - -#ifdef USE_ENDOMORPHISM -static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a) { - static const secp256k1_fe beta = SECP256K1_FE_CONST( - 0x7ae96a2bul, 0x657c0710ul, 0x6e64479eul, 0xac3434e9ul, - 0x9cf04975ul, 0x12f58995ul, 0xc1396c28ul, 0x719501eeul - ); - *r = *a; - secp256k1_fe_mul(&r->x, &r->x, &beta); -} -#endif - -static int secp256k1_gej_has_quad_y_var(const secp256k1_gej *a) { - secp256k1_fe yz; - - if (a->infinity) { - return 0; - } - - /* We rely on the fact that the Jacobi symbol of 1 / a->z^3 is the same as - * that of a->z. Thus a->y / a->z^3 is a quadratic residue iff a->y * a->z - is */ - secp256k1_fe_mul(&yz, &a->y, &a->z); - return secp256k1_fe_is_quad_var(&yz); -} - -#endif /* SECP256K1_GROUP_IMPL_H */ diff --git a/deps/secp256k1/src/hash.h b/deps/secp256k1/src/hash.h deleted file mode 100644 index de26e4b89..000000000 --- a/deps/secp256k1/src/hash.h +++ /dev/null @@ -1,41 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_HASH_H -#define SECP256K1_HASH_H - -#include -#include - -typedef struct { - uint32_t s[8]; - uint32_t buf[16]; /* In big endian */ - size_t bytes; -} secp256k1_sha256; - -static void secp256k1_sha256_initialize(secp256k1_sha256 *hash); -static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t size); -static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32); - -typedef struct { - secp256k1_sha256 inner, outer; -} secp256k1_hmac_sha256; - -static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t size); -static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size); -static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32); - -typedef struct { - unsigned char v[32]; - unsigned char k[32]; - int retry; -} secp256k1_rfc6979_hmac_sha256; - -static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen); -static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen); -static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng); - -#endif /* SECP256K1_HASH_H */ diff --git a/deps/secp256k1/src/hash_impl.h b/deps/secp256k1/src/hash_impl.h deleted file mode 100644 index 782f97216..000000000 --- a/deps/secp256k1/src/hash_impl.h +++ /dev/null @@ -1,283 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_HASH_IMPL_H -#define SECP256K1_HASH_IMPL_H - -#include "hash.h" - -#include -#include -#include - -#define Ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) -#define Maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) -#define Sigma0(x) (((x) >> 2 | (x) << 30) ^ ((x) >> 13 | (x) << 19) ^ ((x) >> 22 | (x) << 10)) -#define Sigma1(x) (((x) >> 6 | (x) << 26) ^ ((x) >> 11 | (x) << 21) ^ ((x) >> 25 | (x) << 7)) -#define sigma0(x) (((x) >> 7 | (x) << 25) ^ ((x) >> 18 | (x) << 14) ^ ((x) >> 3)) -#define sigma1(x) (((x) >> 17 | (x) << 15) ^ ((x) >> 19 | (x) << 13) ^ ((x) >> 10)) - -#define Round(a,b,c,d,e,f,g,h,k,w) do { \ - uint32_t t1 = (h) + Sigma1(e) + Ch((e), (f), (g)) + (k) + (w); \ - uint32_t t2 = Sigma0(a) + Maj((a), (b), (c)); \ - (d) += t1; \ - (h) = t1 + t2; \ -} while(0) - -#ifdef WORDS_BIGENDIAN -#define BE32(x) (x) -#else -#define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24)) -#endif - -static void secp256k1_sha256_initialize(secp256k1_sha256 *hash) { - hash->s[0] = 0x6a09e667ul; - hash->s[1] = 0xbb67ae85ul; - hash->s[2] = 0x3c6ef372ul; - hash->s[3] = 0xa54ff53aul; - hash->s[4] = 0x510e527ful; - hash->s[5] = 0x9b05688cul; - hash->s[6] = 0x1f83d9abul; - hash->s[7] = 0x5be0cd19ul; - hash->bytes = 0; -} - -/** Perform one SHA-256 transformation, processing 16 big endian 32-bit words. */ -static void secp256k1_sha256_transform(uint32_t* s, const uint32_t* chunk) { - uint32_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4], f = s[5], g = s[6], h = s[7]; - uint32_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15; - - Round(a, b, c, d, e, f, g, h, 0x428a2f98, w0 = BE32(chunk[0])); - Round(h, a, b, c, d, e, f, g, 0x71374491, w1 = BE32(chunk[1])); - Round(g, h, a, b, c, d, e, f, 0xb5c0fbcf, w2 = BE32(chunk[2])); - Round(f, g, h, a, b, c, d, e, 0xe9b5dba5, w3 = BE32(chunk[3])); - Round(e, f, g, h, a, b, c, d, 0x3956c25b, w4 = BE32(chunk[4])); - Round(d, e, f, g, h, a, b, c, 0x59f111f1, w5 = BE32(chunk[5])); - Round(c, d, e, f, g, h, a, b, 0x923f82a4, w6 = BE32(chunk[6])); - Round(b, c, d, e, f, g, h, a, 0xab1c5ed5, w7 = BE32(chunk[7])); - Round(a, b, c, d, e, f, g, h, 0xd807aa98, w8 = BE32(chunk[8])); - Round(h, a, b, c, d, e, f, g, 0x12835b01, w9 = BE32(chunk[9])); - Round(g, h, a, b, c, d, e, f, 0x243185be, w10 = BE32(chunk[10])); - Round(f, g, h, a, b, c, d, e, 0x550c7dc3, w11 = BE32(chunk[11])); - Round(e, f, g, h, a, b, c, d, 0x72be5d74, w12 = BE32(chunk[12])); - Round(d, e, f, g, h, a, b, c, 0x80deb1fe, w13 = BE32(chunk[13])); - Round(c, d, e, f, g, h, a, b, 0x9bdc06a7, w14 = BE32(chunk[14])); - Round(b, c, d, e, f, g, h, a, 0xc19bf174, w15 = BE32(chunk[15])); - - Round(a, b, c, d, e, f, g, h, 0xe49b69c1, w0 += sigma1(w14) + w9 + sigma0(w1)); - Round(h, a, b, c, d, e, f, g, 0xefbe4786, w1 += sigma1(w15) + w10 + sigma0(w2)); - Round(g, h, a, b, c, d, e, f, 0x0fc19dc6, w2 += sigma1(w0) + w11 + sigma0(w3)); - Round(f, g, h, a, b, c, d, e, 0x240ca1cc, w3 += sigma1(w1) + w12 + sigma0(w4)); - Round(e, f, g, h, a, b, c, d, 0x2de92c6f, w4 += sigma1(w2) + w13 + sigma0(w5)); - Round(d, e, f, g, h, a, b, c, 0x4a7484aa, w5 += sigma1(w3) + w14 + sigma0(w6)); - Round(c, d, e, f, g, h, a, b, 0x5cb0a9dc, w6 += sigma1(w4) + w15 + sigma0(w7)); - Round(b, c, d, e, f, g, h, a, 0x76f988da, w7 += sigma1(w5) + w0 + sigma0(w8)); - Round(a, b, c, d, e, f, g, h, 0x983e5152, w8 += sigma1(w6) + w1 + sigma0(w9)); - Round(h, a, b, c, d, e, f, g, 0xa831c66d, w9 += sigma1(w7) + w2 + sigma0(w10)); - Round(g, h, a, b, c, d, e, f, 0xb00327c8, w10 += sigma1(w8) + w3 + sigma0(w11)); - Round(f, g, h, a, b, c, d, e, 0xbf597fc7, w11 += sigma1(w9) + w4 + sigma0(w12)); - Round(e, f, g, h, a, b, c, d, 0xc6e00bf3, w12 += sigma1(w10) + w5 + sigma0(w13)); - Round(d, e, f, g, h, a, b, c, 0xd5a79147, w13 += sigma1(w11) + w6 + sigma0(w14)); - Round(c, d, e, f, g, h, a, b, 0x06ca6351, w14 += sigma1(w12) + w7 + sigma0(w15)); - Round(b, c, d, e, f, g, h, a, 0x14292967, w15 += sigma1(w13) + w8 + sigma0(w0)); - - Round(a, b, c, d, e, f, g, h, 0x27b70a85, w0 += sigma1(w14) + w9 + sigma0(w1)); - Round(h, a, b, c, d, e, f, g, 0x2e1b2138, w1 += sigma1(w15) + w10 + sigma0(w2)); - Round(g, h, a, b, c, d, e, f, 0x4d2c6dfc, w2 += sigma1(w0) + w11 + sigma0(w3)); - Round(f, g, h, a, b, c, d, e, 0x53380d13, w3 += sigma1(w1) + w12 + sigma0(w4)); - Round(e, f, g, h, a, b, c, d, 0x650a7354, w4 += sigma1(w2) + w13 + sigma0(w5)); - Round(d, e, f, g, h, a, b, c, 0x766a0abb, w5 += sigma1(w3) + w14 + sigma0(w6)); - Round(c, d, e, f, g, h, a, b, 0x81c2c92e, w6 += sigma1(w4) + w15 + sigma0(w7)); - Round(b, c, d, e, f, g, h, a, 0x92722c85, w7 += sigma1(w5) + w0 + sigma0(w8)); - Round(a, b, c, d, e, f, g, h, 0xa2bfe8a1, w8 += sigma1(w6) + w1 + sigma0(w9)); - Round(h, a, b, c, d, e, f, g, 0xa81a664b, w9 += sigma1(w7) + w2 + sigma0(w10)); - Round(g, h, a, b, c, d, e, f, 0xc24b8b70, w10 += sigma1(w8) + w3 + sigma0(w11)); - Round(f, g, h, a, b, c, d, e, 0xc76c51a3, w11 += sigma1(w9) + w4 + sigma0(w12)); - Round(e, f, g, h, a, b, c, d, 0xd192e819, w12 += sigma1(w10) + w5 + sigma0(w13)); - Round(d, e, f, g, h, a, b, c, 0xd6990624, w13 += sigma1(w11) + w6 + sigma0(w14)); - Round(c, d, e, f, g, h, a, b, 0xf40e3585, w14 += sigma1(w12) + w7 + sigma0(w15)); - Round(b, c, d, e, f, g, h, a, 0x106aa070, w15 += sigma1(w13) + w8 + sigma0(w0)); - - Round(a, b, c, d, e, f, g, h, 0x19a4c116, w0 += sigma1(w14) + w9 + sigma0(w1)); - Round(h, a, b, c, d, e, f, g, 0x1e376c08, w1 += sigma1(w15) + w10 + sigma0(w2)); - Round(g, h, a, b, c, d, e, f, 0x2748774c, w2 += sigma1(w0) + w11 + sigma0(w3)); - Round(f, g, h, a, b, c, d, e, 0x34b0bcb5, w3 += sigma1(w1) + w12 + sigma0(w4)); - Round(e, f, g, h, a, b, c, d, 0x391c0cb3, w4 += sigma1(w2) + w13 + sigma0(w5)); - Round(d, e, f, g, h, a, b, c, 0x4ed8aa4a, w5 += sigma1(w3) + w14 + sigma0(w6)); - Round(c, d, e, f, g, h, a, b, 0x5b9cca4f, w6 += sigma1(w4) + w15 + sigma0(w7)); - Round(b, c, d, e, f, g, h, a, 0x682e6ff3, w7 += sigma1(w5) + w0 + sigma0(w8)); - Round(a, b, c, d, e, f, g, h, 0x748f82ee, w8 += sigma1(w6) + w1 + sigma0(w9)); - Round(h, a, b, c, d, e, f, g, 0x78a5636f, w9 += sigma1(w7) + w2 + sigma0(w10)); - Round(g, h, a, b, c, d, e, f, 0x84c87814, w10 += sigma1(w8) + w3 + sigma0(w11)); - Round(f, g, h, a, b, c, d, e, 0x8cc70208, w11 += sigma1(w9) + w4 + sigma0(w12)); - Round(e, f, g, h, a, b, c, d, 0x90befffa, w12 += sigma1(w10) + w5 + sigma0(w13)); - Round(d, e, f, g, h, a, b, c, 0xa4506ceb, w13 += sigma1(w11) + w6 + sigma0(w14)); - Round(c, d, e, f, g, h, a, b, 0xbef9a3f7, w14 + sigma1(w12) + w7 + sigma0(w15)); - Round(b, c, d, e, f, g, h, a, 0xc67178f2, w15 + sigma1(w13) + w8 + sigma0(w0)); - - s[0] += a; - s[1] += b; - s[2] += c; - s[3] += d; - s[4] += e; - s[5] += f; - s[6] += g; - s[7] += h; -} - -static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t len) { - size_t bufsize = hash->bytes & 0x3F; - hash->bytes += len; - VERIFY_CHECK(hash->bytes >= len); - while (len >= 64 - bufsize) { - /* Fill the buffer, and process it. */ - size_t chunk_len = 64 - bufsize; - memcpy(((unsigned char*)hash->buf) + bufsize, data, chunk_len); - data += chunk_len; - len -= chunk_len; - secp256k1_sha256_transform(hash->s, hash->buf); - bufsize = 0; - } - if (len) { - /* Fill the buffer with what remains. */ - memcpy(((unsigned char*)hash->buf) + bufsize, data, len); - } -} - -static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32) { - static const unsigned char pad[64] = {0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - uint32_t sizedesc[2]; - uint32_t out[8]; - int i = 0; - sizedesc[0] = BE32(hash->bytes >> 29); - sizedesc[1] = BE32(hash->bytes << 3); - secp256k1_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64)); - secp256k1_sha256_write(hash, (const unsigned char*)sizedesc, 8); - for (i = 0; i < 8; i++) { - out[i] = BE32(hash->s[i]); - hash->s[i] = 0; - } - memcpy(out32, (const unsigned char*)out, 32); -} - -static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t keylen) { - size_t n; - unsigned char rkey[64]; - if (keylen <= sizeof(rkey)) { - memcpy(rkey, key, keylen); - memset(rkey + keylen, 0, sizeof(rkey) - keylen); - } else { - secp256k1_sha256 sha256; - secp256k1_sha256_initialize(&sha256); - secp256k1_sha256_write(&sha256, key, keylen); - secp256k1_sha256_finalize(&sha256, rkey); - memset(rkey + 32, 0, 32); - } - - secp256k1_sha256_initialize(&hash->outer); - for (n = 0; n < sizeof(rkey); n++) { - rkey[n] ^= 0x5c; - } - secp256k1_sha256_write(&hash->outer, rkey, sizeof(rkey)); - - secp256k1_sha256_initialize(&hash->inner); - for (n = 0; n < sizeof(rkey); n++) { - rkey[n] ^= 0x5c ^ 0x36; - } - secp256k1_sha256_write(&hash->inner, rkey, sizeof(rkey)); - memset(rkey, 0, sizeof(rkey)); -} - -static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size) { - secp256k1_sha256_write(&hash->inner, data, size); -} - -static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32) { - unsigned char temp[32]; - secp256k1_sha256_finalize(&hash->inner, temp); - secp256k1_sha256_write(&hash->outer, temp, 32); - memset(temp, 0, 32); - secp256k1_sha256_finalize(&hash->outer, out32); -} - - -static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen) { - secp256k1_hmac_sha256 hmac; - static const unsigned char zero[1] = {0x00}; - static const unsigned char one[1] = {0x01}; - - memset(rng->v, 0x01, 32); /* RFC6979 3.2.b. */ - memset(rng->k, 0x00, 32); /* RFC6979 3.2.c. */ - - /* RFC6979 3.2.d. */ - secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); - secp256k1_hmac_sha256_write(&hmac, rng->v, 32); - secp256k1_hmac_sha256_write(&hmac, zero, 1); - secp256k1_hmac_sha256_write(&hmac, key, keylen); - secp256k1_hmac_sha256_finalize(&hmac, rng->k); - secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); - secp256k1_hmac_sha256_write(&hmac, rng->v, 32); - secp256k1_hmac_sha256_finalize(&hmac, rng->v); - - /* RFC6979 3.2.f. */ - secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); - secp256k1_hmac_sha256_write(&hmac, rng->v, 32); - secp256k1_hmac_sha256_write(&hmac, one, 1); - secp256k1_hmac_sha256_write(&hmac, key, keylen); - secp256k1_hmac_sha256_finalize(&hmac, rng->k); - secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); - secp256k1_hmac_sha256_write(&hmac, rng->v, 32); - secp256k1_hmac_sha256_finalize(&hmac, rng->v); - rng->retry = 0; -} - -static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen) { - /* RFC6979 3.2.h. */ - static const unsigned char zero[1] = {0x00}; - if (rng->retry) { - secp256k1_hmac_sha256 hmac; - secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); - secp256k1_hmac_sha256_write(&hmac, rng->v, 32); - secp256k1_hmac_sha256_write(&hmac, zero, 1); - secp256k1_hmac_sha256_finalize(&hmac, rng->k); - secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); - secp256k1_hmac_sha256_write(&hmac, rng->v, 32); - secp256k1_hmac_sha256_finalize(&hmac, rng->v); - } - - while (outlen > 0) { - secp256k1_hmac_sha256 hmac; - int now = outlen; - secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); - secp256k1_hmac_sha256_write(&hmac, rng->v, 32); - secp256k1_hmac_sha256_finalize(&hmac, rng->v); - if (now > 32) { - now = 32; - } - memcpy(out, rng->v, now); - out += now; - outlen -= now; - } - - rng->retry = 1; -} - -static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng) { - memset(rng->k, 0, 32); - memset(rng->v, 0, 32); - rng->retry = 0; -} - -#undef BE32 -#undef Round -#undef sigma1 -#undef sigma0 -#undef Sigma1 -#undef Sigma0 -#undef Maj -#undef Ch - -#endif /* SECP256K1_HASH_IMPL_H */ diff --git a/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1.java b/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1.java deleted file mode 100644 index 1c67802fb..000000000 --- a/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1.java +++ /dev/null @@ -1,446 +0,0 @@ -/* - * Copyright 2013 Google Inc. - * Copyright 2014-2016 the libsecp256k1 contributors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.bitcoin; - -import java.nio.ByteBuffer; -import java.nio.ByteOrder; - -import java.math.BigInteger; -import com.google.common.base.Preconditions; -import java.util.concurrent.locks.Lock; -import java.util.concurrent.locks.ReentrantReadWriteLock; -import static org.bitcoin.NativeSecp256k1Util.*; - -/** - *

This class holds native methods to handle ECDSA verification.

- * - *

You can find an example library that can be used for this at https://github.com/bitcoin/secp256k1

- * - *

To build secp256k1 for use with bitcoinj, run - * `./configure --enable-jni --enable-experimental --enable-module-ecdh` - * and `make` then copy `.libs/libsecp256k1.so` to your system library path - * or point the JVM to the folder containing it with -Djava.library.path - *

- */ -public class NativeSecp256k1 { - - private static final ReentrantReadWriteLock rwl = new ReentrantReadWriteLock(); - private static final Lock r = rwl.readLock(); - private static final Lock w = rwl.writeLock(); - private static ThreadLocal nativeECDSABuffer = new ThreadLocal(); - /** - * Verifies the given secp256k1 signature in native code. - * Calling when enabled == false is undefined (probably library not loaded) - * - * @param data The data which was signed, must be exactly 32 bytes - * @param signature The signature - * @param pub The public key which did the signing - */ - public static boolean verify(byte[] data, byte[] signature, byte[] pub) throws AssertFailException{ - Preconditions.checkArgument(data.length == 32 && signature.length <= 520 && pub.length <= 520); - - ByteBuffer byteBuff = nativeECDSABuffer.get(); - if (byteBuff == null || byteBuff.capacity() < 520) { - byteBuff = ByteBuffer.allocateDirect(520); - byteBuff.order(ByteOrder.nativeOrder()); - nativeECDSABuffer.set(byteBuff); - } - byteBuff.rewind(); - byteBuff.put(data); - byteBuff.put(signature); - byteBuff.put(pub); - - byte[][] retByteArray; - - r.lock(); - try { - return secp256k1_ecdsa_verify(byteBuff, Secp256k1Context.getContext(), signature.length, pub.length) == 1; - } finally { - r.unlock(); - } - } - - /** - * libsecp256k1 Create an ECDSA signature. - * - * @param data Message hash, 32 bytes - * @param key Secret key, 32 bytes - * - * Return values - * @param sig byte array of signature - */ - public static byte[] sign(byte[] data, byte[] sec) throws AssertFailException{ - Preconditions.checkArgument(data.length == 32 && sec.length <= 32); - - ByteBuffer byteBuff = nativeECDSABuffer.get(); - if (byteBuff == null || byteBuff.capacity() < 32 + 32) { - byteBuff = ByteBuffer.allocateDirect(32 + 32); - byteBuff.order(ByteOrder.nativeOrder()); - nativeECDSABuffer.set(byteBuff); - } - byteBuff.rewind(); - byteBuff.put(data); - byteBuff.put(sec); - - byte[][] retByteArray; - - r.lock(); - try { - retByteArray = secp256k1_ecdsa_sign(byteBuff, Secp256k1Context.getContext()); - } finally { - r.unlock(); - } - - byte[] sigArr = retByteArray[0]; - int sigLen = new BigInteger(new byte[] { retByteArray[1][0] }).intValue(); - int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); - - assertEquals(sigArr.length, sigLen, "Got bad signature length."); - - return retVal == 0 ? new byte[0] : sigArr; - } - - /** - * libsecp256k1 Seckey Verify - returns 1 if valid, 0 if invalid - * - * @param seckey ECDSA Secret key, 32 bytes - */ - public static boolean secKeyVerify(byte[] seckey) { - Preconditions.checkArgument(seckey.length == 32); - - ByteBuffer byteBuff = nativeECDSABuffer.get(); - if (byteBuff == null || byteBuff.capacity() < seckey.length) { - byteBuff = ByteBuffer.allocateDirect(seckey.length); - byteBuff.order(ByteOrder.nativeOrder()); - nativeECDSABuffer.set(byteBuff); - } - byteBuff.rewind(); - byteBuff.put(seckey); - - r.lock(); - try { - return secp256k1_ec_seckey_verify(byteBuff,Secp256k1Context.getContext()) == 1; - } finally { - r.unlock(); - } - } - - - /** - * libsecp256k1 Compute Pubkey - computes public key from secret key - * - * @param seckey ECDSA Secret key, 32 bytes - * - * Return values - * @param pubkey ECDSA Public key, 33 or 65 bytes - */ - //TODO add a 'compressed' arg - public static byte[] computePubkey(byte[] seckey) throws AssertFailException{ - Preconditions.checkArgument(seckey.length == 32); - - ByteBuffer byteBuff = nativeECDSABuffer.get(); - if (byteBuff == null || byteBuff.capacity() < seckey.length) { - byteBuff = ByteBuffer.allocateDirect(seckey.length); - byteBuff.order(ByteOrder.nativeOrder()); - nativeECDSABuffer.set(byteBuff); - } - byteBuff.rewind(); - byteBuff.put(seckey); - - byte[][] retByteArray; - - r.lock(); - try { - retByteArray = secp256k1_ec_pubkey_create(byteBuff, Secp256k1Context.getContext()); - } finally { - r.unlock(); - } - - byte[] pubArr = retByteArray[0]; - int pubLen = new BigInteger(new byte[] { retByteArray[1][0] }).intValue(); - int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); - - assertEquals(pubArr.length, pubLen, "Got bad pubkey length."); - - return retVal == 0 ? new byte[0]: pubArr; - } - - /** - * libsecp256k1 Cleanup - This destroys the secp256k1 context object - * This should be called at the end of the program for proper cleanup of the context. - */ - public static synchronized void cleanup() { - w.lock(); - try { - secp256k1_destroy_context(Secp256k1Context.getContext()); - } finally { - w.unlock(); - } - } - - public static long cloneContext() { - r.lock(); - try { - return secp256k1_ctx_clone(Secp256k1Context.getContext()); - } finally { r.unlock(); } - } - - /** - * libsecp256k1 PrivKey Tweak-Mul - Tweak privkey by multiplying to it - * - * @param tweak some bytes to tweak with - * @param seckey 32-byte seckey - */ - public static byte[] privKeyTweakMul(byte[] privkey, byte[] tweak) throws AssertFailException{ - Preconditions.checkArgument(privkey.length == 32); - - ByteBuffer byteBuff = nativeECDSABuffer.get(); - if (byteBuff == null || byteBuff.capacity() < privkey.length + tweak.length) { - byteBuff = ByteBuffer.allocateDirect(privkey.length + tweak.length); - byteBuff.order(ByteOrder.nativeOrder()); - nativeECDSABuffer.set(byteBuff); - } - byteBuff.rewind(); - byteBuff.put(privkey); - byteBuff.put(tweak); - - byte[][] retByteArray; - r.lock(); - try { - retByteArray = secp256k1_privkey_tweak_mul(byteBuff,Secp256k1Context.getContext()); - } finally { - r.unlock(); - } - - byte[] privArr = retByteArray[0]; - - int privLen = (byte) new BigInteger(new byte[] { retByteArray[1][0] }).intValue() & 0xFF; - int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); - - assertEquals(privArr.length, privLen, "Got bad pubkey length."); - - assertEquals(retVal, 1, "Failed return value check."); - - return privArr; - } - - /** - * libsecp256k1 PrivKey Tweak-Add - Tweak privkey by adding to it - * - * @param tweak some bytes to tweak with - * @param seckey 32-byte seckey - */ - public static byte[] privKeyTweakAdd(byte[] privkey, byte[] tweak) throws AssertFailException{ - Preconditions.checkArgument(privkey.length == 32); - - ByteBuffer byteBuff = nativeECDSABuffer.get(); - if (byteBuff == null || byteBuff.capacity() < privkey.length + tweak.length) { - byteBuff = ByteBuffer.allocateDirect(privkey.length + tweak.length); - byteBuff.order(ByteOrder.nativeOrder()); - nativeECDSABuffer.set(byteBuff); - } - byteBuff.rewind(); - byteBuff.put(privkey); - byteBuff.put(tweak); - - byte[][] retByteArray; - r.lock(); - try { - retByteArray = secp256k1_privkey_tweak_add(byteBuff,Secp256k1Context.getContext()); - } finally { - r.unlock(); - } - - byte[] privArr = retByteArray[0]; - - int privLen = (byte) new BigInteger(new byte[] { retByteArray[1][0] }).intValue() & 0xFF; - int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); - - assertEquals(privArr.length, privLen, "Got bad pubkey length."); - - assertEquals(retVal, 1, "Failed return value check."); - - return privArr; - } - - /** - * libsecp256k1 PubKey Tweak-Add - Tweak pubkey by adding to it - * - * @param tweak some bytes to tweak with - * @param pubkey 32-byte seckey - */ - public static byte[] pubKeyTweakAdd(byte[] pubkey, byte[] tweak) throws AssertFailException{ - Preconditions.checkArgument(pubkey.length == 33 || pubkey.length == 65); - - ByteBuffer byteBuff = nativeECDSABuffer.get(); - if (byteBuff == null || byteBuff.capacity() < pubkey.length + tweak.length) { - byteBuff = ByteBuffer.allocateDirect(pubkey.length + tweak.length); - byteBuff.order(ByteOrder.nativeOrder()); - nativeECDSABuffer.set(byteBuff); - } - byteBuff.rewind(); - byteBuff.put(pubkey); - byteBuff.put(tweak); - - byte[][] retByteArray; - r.lock(); - try { - retByteArray = secp256k1_pubkey_tweak_add(byteBuff,Secp256k1Context.getContext(), pubkey.length); - } finally { - r.unlock(); - } - - byte[] pubArr = retByteArray[0]; - - int pubLen = (byte) new BigInteger(new byte[] { retByteArray[1][0] }).intValue() & 0xFF; - int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); - - assertEquals(pubArr.length, pubLen, "Got bad pubkey length."); - - assertEquals(retVal, 1, "Failed return value check."); - - return pubArr; - } - - /** - * libsecp256k1 PubKey Tweak-Mul - Tweak pubkey by multiplying to it - * - * @param tweak some bytes to tweak with - * @param pubkey 32-byte seckey - */ - public static byte[] pubKeyTweakMul(byte[] pubkey, byte[] tweak) throws AssertFailException{ - Preconditions.checkArgument(pubkey.length == 33 || pubkey.length == 65); - - ByteBuffer byteBuff = nativeECDSABuffer.get(); - if (byteBuff == null || byteBuff.capacity() < pubkey.length + tweak.length) { - byteBuff = ByteBuffer.allocateDirect(pubkey.length + tweak.length); - byteBuff.order(ByteOrder.nativeOrder()); - nativeECDSABuffer.set(byteBuff); - } - byteBuff.rewind(); - byteBuff.put(pubkey); - byteBuff.put(tweak); - - byte[][] retByteArray; - r.lock(); - try { - retByteArray = secp256k1_pubkey_tweak_mul(byteBuff,Secp256k1Context.getContext(), pubkey.length); - } finally { - r.unlock(); - } - - byte[] pubArr = retByteArray[0]; - - int pubLen = (byte) new BigInteger(new byte[] { retByteArray[1][0] }).intValue() & 0xFF; - int retVal = new BigInteger(new byte[] { retByteArray[1][1] }).intValue(); - - assertEquals(pubArr.length, pubLen, "Got bad pubkey length."); - - assertEquals(retVal, 1, "Failed return value check."); - - return pubArr; - } - - /** - * libsecp256k1 create ECDH secret - constant time ECDH calculation - * - * @param seckey byte array of secret key used in exponentiaion - * @param pubkey byte array of public key used in exponentiaion - */ - public static byte[] createECDHSecret(byte[] seckey, byte[] pubkey) throws AssertFailException{ - Preconditions.checkArgument(seckey.length <= 32 && pubkey.length <= 65); - - ByteBuffer byteBuff = nativeECDSABuffer.get(); - if (byteBuff == null || byteBuff.capacity() < 32 + pubkey.length) { - byteBuff = ByteBuffer.allocateDirect(32 + pubkey.length); - byteBuff.order(ByteOrder.nativeOrder()); - nativeECDSABuffer.set(byteBuff); - } - byteBuff.rewind(); - byteBuff.put(seckey); - byteBuff.put(pubkey); - - byte[][] retByteArray; - r.lock(); - try { - retByteArray = secp256k1_ecdh(byteBuff, Secp256k1Context.getContext(), pubkey.length); - } finally { - r.unlock(); - } - - byte[] resArr = retByteArray[0]; - int retVal = new BigInteger(new byte[] { retByteArray[1][0] }).intValue(); - - assertEquals(resArr.length, 32, "Got bad result length."); - assertEquals(retVal, 1, "Failed return value check."); - - return resArr; - } - - /** - * libsecp256k1 randomize - updates the context randomization - * - * @param seed 32-byte random seed - */ - public static synchronized boolean randomize(byte[] seed) throws AssertFailException{ - Preconditions.checkArgument(seed.length == 32 || seed == null); - - ByteBuffer byteBuff = nativeECDSABuffer.get(); - if (byteBuff == null || byteBuff.capacity() < seed.length) { - byteBuff = ByteBuffer.allocateDirect(seed.length); - byteBuff.order(ByteOrder.nativeOrder()); - nativeECDSABuffer.set(byteBuff); - } - byteBuff.rewind(); - byteBuff.put(seed); - - w.lock(); - try { - return secp256k1_context_randomize(byteBuff, Secp256k1Context.getContext()) == 1; - } finally { - w.unlock(); - } - } - - private static native long secp256k1_ctx_clone(long context); - - private static native int secp256k1_context_randomize(ByteBuffer byteBuff, long context); - - private static native byte[][] secp256k1_privkey_tweak_add(ByteBuffer byteBuff, long context); - - private static native byte[][] secp256k1_privkey_tweak_mul(ByteBuffer byteBuff, long context); - - private static native byte[][] secp256k1_pubkey_tweak_add(ByteBuffer byteBuff, long context, int pubLen); - - private static native byte[][] secp256k1_pubkey_tweak_mul(ByteBuffer byteBuff, long context, int pubLen); - - private static native void secp256k1_destroy_context(long context); - - private static native int secp256k1_ecdsa_verify(ByteBuffer byteBuff, long context, int sigLen, int pubLen); - - private static native byte[][] secp256k1_ecdsa_sign(ByteBuffer byteBuff, long context); - - private static native int secp256k1_ec_seckey_verify(ByteBuffer byteBuff, long context); - - private static native byte[][] secp256k1_ec_pubkey_create(ByteBuffer byteBuff, long context); - - private static native byte[][] secp256k1_ec_pubkey_parse(ByteBuffer byteBuff, long context, int inputLen); - - private static native byte[][] secp256k1_ecdh(ByteBuffer byteBuff, long context, int inputLen); - -} diff --git a/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Test.java b/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Test.java deleted file mode 100644 index 710d9f0bb..000000000 --- a/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Test.java +++ /dev/null @@ -1,225 +0,0 @@ -package org.bitcoin; - -import com.google.common.io.BaseEncoding; -import java.util.Arrays; -import java.math.BigInteger; -import static org.bitcoin.NativeSecp256k1Util.*; - -/** - * This class holds test cases defined for testing this library. - */ -public class NativeSecp256k1Test { - - //TODO improve comments/add more tests - /** - * This tests verify() for a valid signature - */ - public static void testVerifyPos() throws AssertFailException{ - boolean result = false; - byte[] data = BaseEncoding.base16().lowerCase().decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()); //sha256hash of "testing" - byte[] sig = BaseEncoding.base16().lowerCase().decode("3044022079BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980220294F14E883B3F525B5367756C2A11EF6CF84B730B36C17CB0C56F0AAB2C98589".toLowerCase()); - byte[] pub = BaseEncoding.base16().lowerCase().decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase()); - - result = NativeSecp256k1.verify( data, sig, pub); - assertEquals( result, true , "testVerifyPos"); - } - - /** - * This tests verify() for a non-valid signature - */ - public static void testVerifyNeg() throws AssertFailException{ - boolean result = false; - byte[] data = BaseEncoding.base16().lowerCase().decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A91".toLowerCase()); //sha256hash of "testing" - byte[] sig = BaseEncoding.base16().lowerCase().decode("3044022079BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980220294F14E883B3F525B5367756C2A11EF6CF84B730B36C17CB0C56F0AAB2C98589".toLowerCase()); - byte[] pub = BaseEncoding.base16().lowerCase().decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase()); - - result = NativeSecp256k1.verify( data, sig, pub); - //System.out.println(" TEST " + new BigInteger(1, resultbytes).toString(16)); - assertEquals( result, false , "testVerifyNeg"); - } - - /** - * This tests secret key verify() for a valid secretkey - */ - public static void testSecKeyVerifyPos() throws AssertFailException{ - boolean result = false; - byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); - - result = NativeSecp256k1.secKeyVerify( sec ); - //System.out.println(" TEST " + new BigInteger(1, resultbytes).toString(16)); - assertEquals( result, true , "testSecKeyVerifyPos"); - } - - /** - * This tests secret key verify() for an invalid secretkey - */ - public static void testSecKeyVerifyNeg() throws AssertFailException{ - boolean result = false; - byte[] sec = BaseEncoding.base16().lowerCase().decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".toLowerCase()); - - result = NativeSecp256k1.secKeyVerify( sec ); - //System.out.println(" TEST " + new BigInteger(1, resultbytes).toString(16)); - assertEquals( result, false , "testSecKeyVerifyNeg"); - } - - /** - * This tests public key create() for a valid secretkey - */ - public static void testPubKeyCreatePos() throws AssertFailException{ - byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); - - byte[] resultArr = NativeSecp256k1.computePubkey( sec); - String pubkeyString = BaseEncoding.base16().encode(resultArr); - assertEquals( pubkeyString , "04C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D2103ED494718C697AC9AEBCFD19612E224DB46661011863ED2FC54E71861E2A6" , "testPubKeyCreatePos"); - } - - /** - * This tests public key create() for a invalid secretkey - */ - public static void testPubKeyCreateNeg() throws AssertFailException{ - byte[] sec = BaseEncoding.base16().lowerCase().decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".toLowerCase()); - - byte[] resultArr = NativeSecp256k1.computePubkey( sec); - String pubkeyString = BaseEncoding.base16().encode(resultArr); - assertEquals( pubkeyString, "" , "testPubKeyCreateNeg"); - } - - /** - * This tests sign() for a valid secretkey - */ - public static void testSignPos() throws AssertFailException{ - - byte[] data = BaseEncoding.base16().lowerCase().decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()); //sha256hash of "testing" - byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); - - byte[] resultArr = NativeSecp256k1.sign(data, sec); - String sigString = BaseEncoding.base16().encode(resultArr); - assertEquals( sigString, "30440220182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A202201C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9" , "testSignPos"); - } - - /** - * This tests sign() for a invalid secretkey - */ - public static void testSignNeg() throws AssertFailException{ - byte[] data = BaseEncoding.base16().lowerCase().decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()); //sha256hash of "testing" - byte[] sec = BaseEncoding.base16().lowerCase().decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".toLowerCase()); - - byte[] resultArr = NativeSecp256k1.sign(data, sec); - String sigString = BaseEncoding.base16().encode(resultArr); - assertEquals( sigString, "" , "testSignNeg"); - } - - /** - * This tests private key tweak-add - */ - public static void testPrivKeyTweakAdd_1() throws AssertFailException { - byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); - byte[] data = BaseEncoding.base16().lowerCase().decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()); //sha256hash of "tweak" - - byte[] resultArr = NativeSecp256k1.privKeyTweakAdd( sec , data ); - String sigString = BaseEncoding.base16().encode(resultArr); - assertEquals( sigString , "A168571E189E6F9A7E2D657A4B53AE99B909F7E712D1C23CED28093CD57C88F3" , "testPrivKeyAdd_1"); - } - - /** - * This tests private key tweak-mul - */ - public static void testPrivKeyTweakMul_1() throws AssertFailException { - byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); - byte[] data = BaseEncoding.base16().lowerCase().decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()); //sha256hash of "tweak" - - byte[] resultArr = NativeSecp256k1.privKeyTweakMul( sec , data ); - String sigString = BaseEncoding.base16().encode(resultArr); - assertEquals( sigString , "97F8184235F101550F3C71C927507651BD3F1CDB4A5A33B8986ACF0DEE20FFFC" , "testPrivKeyMul_1"); - } - - /** - * This tests private key tweak-add uncompressed - */ - public static void testPrivKeyTweakAdd_2() throws AssertFailException { - byte[] pub = BaseEncoding.base16().lowerCase().decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase()); - byte[] data = BaseEncoding.base16().lowerCase().decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()); //sha256hash of "tweak" - - byte[] resultArr = NativeSecp256k1.pubKeyTweakAdd( pub , data ); - String sigString = BaseEncoding.base16().encode(resultArr); - assertEquals( sigString , "0411C6790F4B663CCE607BAAE08C43557EDC1A4D11D88DFCB3D841D0C6A941AF525A268E2A863C148555C48FB5FBA368E88718A46E205FABC3DBA2CCFFAB0796EF" , "testPrivKeyAdd_2"); - } - - /** - * This tests private key tweak-mul uncompressed - */ - public static void testPrivKeyTweakMul_2() throws AssertFailException { - byte[] pub = BaseEncoding.base16().lowerCase().decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase()); - byte[] data = BaseEncoding.base16().lowerCase().decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()); //sha256hash of "tweak" - - byte[] resultArr = NativeSecp256k1.pubKeyTweakMul( pub , data ); - String sigString = BaseEncoding.base16().encode(resultArr); - assertEquals( sigString , "04E0FE6FE55EBCA626B98A807F6CAF654139E14E5E3698F01A9A658E21DC1D2791EC060D4F412A794D5370F672BC94B722640B5F76914151CFCA6E712CA48CC589" , "testPrivKeyMul_2"); - } - - /** - * This tests seed randomization - */ - public static void testRandomize() throws AssertFailException { - byte[] seed = BaseEncoding.base16().lowerCase().decode("A441B15FE9A3CF56661190A0B93B9DEC7D04127288CC87250967CF3B52894D11".toLowerCase()); //sha256hash of "random" - boolean result = NativeSecp256k1.randomize(seed); - assertEquals( result, true, "testRandomize"); - } - - public static void testCreateECDHSecret() throws AssertFailException{ - - byte[] sec = BaseEncoding.base16().lowerCase().decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase()); - byte[] pub = BaseEncoding.base16().lowerCase().decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase()); - - byte[] resultArr = NativeSecp256k1.createECDHSecret(sec, pub); - String ecdhString = BaseEncoding.base16().encode(resultArr); - assertEquals( ecdhString, "2A2A67007A926E6594AF3EB564FC74005B37A9C8AEF2033C4552051B5C87F043" , "testCreateECDHSecret"); - } - - public static void main(String[] args) throws AssertFailException{ - - - System.out.println("\n libsecp256k1 enabled: " + Secp256k1Context.isEnabled() + "\n"); - - assertEquals( Secp256k1Context.isEnabled(), true, "isEnabled" ); - - //Test verify() success/fail - testVerifyPos(); - testVerifyNeg(); - - //Test secKeyVerify() success/fail - testSecKeyVerifyPos(); - testSecKeyVerifyNeg(); - - //Test computePubkey() success/fail - testPubKeyCreatePos(); - testPubKeyCreateNeg(); - - //Test sign() success/fail - testSignPos(); - testSignNeg(); - - //Test privKeyTweakAdd() 1 - testPrivKeyTweakAdd_1(); - - //Test privKeyTweakMul() 2 - testPrivKeyTweakMul_1(); - - //Test privKeyTweakAdd() 3 - testPrivKeyTweakAdd_2(); - - //Test privKeyTweakMul() 4 - testPrivKeyTweakMul_2(); - - //Test randomize() - testRandomize(); - - //Test ECDH - testCreateECDHSecret(); - - NativeSecp256k1.cleanup(); - - System.out.println(" All tests passed." ); - - } -} diff --git a/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Util.java b/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Util.java deleted file mode 100644 index 04732ba04..000000000 --- a/deps/secp256k1/src/java/org/bitcoin/NativeSecp256k1Util.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2014-2016 the libsecp256k1 contributors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.bitcoin; - -public class NativeSecp256k1Util{ - - public static void assertEquals( int val, int val2, String message ) throws AssertFailException{ - if( val != val2 ) - throw new AssertFailException("FAIL: " + message); - } - - public static void assertEquals( boolean val, boolean val2, String message ) throws AssertFailException{ - if( val != val2 ) - throw new AssertFailException("FAIL: " + message); - else - System.out.println("PASS: " + message); - } - - public static void assertEquals( String val, String val2, String message ) throws AssertFailException{ - if( !val.equals(val2) ) - throw new AssertFailException("FAIL: " + message); - else - System.out.println("PASS: " + message); - } - - public static class AssertFailException extends Exception { - public AssertFailException(String message) { - super( message ); - } - } -} diff --git a/deps/secp256k1/src/java/org/bitcoin/Secp256k1Context.java b/deps/secp256k1/src/java/org/bitcoin/Secp256k1Context.java deleted file mode 100644 index 216c986a8..000000000 --- a/deps/secp256k1/src/java/org/bitcoin/Secp256k1Context.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2014-2016 the libsecp256k1 contributors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.bitcoin; - -/** - * This class holds the context reference used in native methods - * to handle ECDSA operations. - */ -public class Secp256k1Context { - private static final boolean enabled; //true if the library is loaded - private static final long context; //ref to pointer to context obj - - static { //static initializer - boolean isEnabled = true; - long contextRef = -1; - try { - System.loadLibrary("secp256k1"); - contextRef = secp256k1_init_context(); - } catch (UnsatisfiedLinkError e) { - System.out.println("UnsatisfiedLinkError: " + e.toString()); - isEnabled = false; - } - enabled = isEnabled; - context = contextRef; - } - - public static boolean isEnabled() { - return enabled; - } - - public static long getContext() { - if(!enabled) return -1; //sanity check - return context; - } - - private static native long secp256k1_init_context(); -} diff --git a/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.c b/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.c deleted file mode 100644 index b59025686..000000000 --- a/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.c +++ /dev/null @@ -1,379 +0,0 @@ -#include -#include -#include -#include "org_bitcoin_NativeSecp256k1.h" -#include "include/secp256k1.h" -#include "include/secp256k1_ecdh.h" -#include "include/secp256k1_recovery.h" - - -SECP256K1_API jlong JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ctx_1clone - (JNIEnv* env, jclass classObject, jlong ctx_l) -{ - const secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - - jlong ctx_clone_l = (uintptr_t) secp256k1_context_clone(ctx); - - (void)classObject;(void)env; - - return ctx_clone_l; - -} - -SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1context_1randomize - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - - const unsigned char* seed = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); - - (void)classObject; - - return secp256k1_context_randomize(ctx, seed); - -} - -SECP256K1_API void JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1destroy_1context - (JNIEnv* env, jclass classObject, jlong ctx_l) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - - secp256k1_context_destroy(ctx); - - (void)classObject;(void)env; -} - -SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1verify - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint siglen, jint publen) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - - unsigned char* data = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); - const unsigned char* sigdata = { (unsigned char*) (data + 32) }; - const unsigned char* pubdata = { (unsigned char*) (data + siglen + 32) }; - - secp256k1_ecdsa_signature sig; - secp256k1_pubkey pubkey; - - int ret = secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigdata, siglen); - - if( ret ) { - ret = secp256k1_ec_pubkey_parse(ctx, &pubkey, pubdata, publen); - - if( ret ) { - ret = secp256k1_ecdsa_verify(ctx, &sig, data, &pubkey); - } - } - - (void)classObject; - - return ret; -} - -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1sign - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - unsigned char* data = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); - unsigned char* secKey = (unsigned char*) (data + 32); - - jobjectArray retArray; - jbyteArray sigArray, intsByteArray; - unsigned char intsarray[2]; - - secp256k1_ecdsa_signature sig; - - int ret = secp256k1_ecdsa_sign(ctx, &sig, data, secKey, NULL, NULL); - - unsigned char outputSer[72]; - size_t outputLen = 72; - - if( ret ) { - int ret2 = secp256k1_ecdsa_signature_serialize_der(ctx,outputSer, &outputLen, &sig ); (void)ret2; - } - - intsarray[0] = outputLen; - intsarray[1] = ret; - - retArray = (*env)->NewObjectArray(env, 2, - (*env)->FindClass(env, "[B"), - (*env)->NewByteArray(env, 1)); - - sigArray = (*env)->NewByteArray(env, outputLen); - (*env)->SetByteArrayRegion(env, sigArray, 0, outputLen, (jbyte*)outputSer); - (*env)->SetObjectArrayElement(env, retArray, 0, sigArray); - - intsByteArray = (*env)->NewByteArray(env, 2); - (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); - (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); - - (void)classObject; - - return retArray; -} - -SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1seckey_1verify - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - unsigned char* secKey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); - - (void)classObject; - - return secp256k1_ec_seckey_verify(ctx, secKey); -} - -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1pubkey_1create - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - const unsigned char* secKey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); - - secp256k1_pubkey pubkey; - - jobjectArray retArray; - jbyteArray pubkeyArray, intsByteArray; - unsigned char intsarray[2]; - - int ret = secp256k1_ec_pubkey_create(ctx, &pubkey, secKey); - - unsigned char outputSer[65]; - size_t outputLen = 65; - - if( ret ) { - int ret2 = secp256k1_ec_pubkey_serialize(ctx,outputSer, &outputLen, &pubkey,SECP256K1_EC_UNCOMPRESSED );(void)ret2; - } - - intsarray[0] = outputLen; - intsarray[1] = ret; - - retArray = (*env)->NewObjectArray(env, 2, - (*env)->FindClass(env, "[B"), - (*env)->NewByteArray(env, 1)); - - pubkeyArray = (*env)->NewByteArray(env, outputLen); - (*env)->SetByteArrayRegion(env, pubkeyArray, 0, outputLen, (jbyte*)outputSer); - (*env)->SetObjectArrayElement(env, retArray, 0, pubkeyArray); - - intsByteArray = (*env)->NewByteArray(env, 2); - (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); - (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); - - (void)classObject; - - return retArray; - -} - -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1privkey_1tweak_1add - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - unsigned char* privkey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); - const unsigned char* tweak = (unsigned char*) (privkey + 32); - - jobjectArray retArray; - jbyteArray privArray, intsByteArray; - unsigned char intsarray[2]; - - int privkeylen = 32; - - int ret = secp256k1_ec_privkey_tweak_add(ctx, privkey, tweak); - - intsarray[0] = privkeylen; - intsarray[1] = ret; - - retArray = (*env)->NewObjectArray(env, 2, - (*env)->FindClass(env, "[B"), - (*env)->NewByteArray(env, 1)); - - privArray = (*env)->NewByteArray(env, privkeylen); - (*env)->SetByteArrayRegion(env, privArray, 0, privkeylen, (jbyte*)privkey); - (*env)->SetObjectArrayElement(env, retArray, 0, privArray); - - intsByteArray = (*env)->NewByteArray(env, 2); - (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); - (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); - - (void)classObject; - - return retArray; -} - -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1privkey_1tweak_1mul - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - unsigned char* privkey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); - const unsigned char* tweak = (unsigned char*) (privkey + 32); - - jobjectArray retArray; - jbyteArray privArray, intsByteArray; - unsigned char intsarray[2]; - - int privkeylen = 32; - - int ret = secp256k1_ec_privkey_tweak_mul(ctx, privkey, tweak); - - intsarray[0] = privkeylen; - intsarray[1] = ret; - - retArray = (*env)->NewObjectArray(env, 2, - (*env)->FindClass(env, "[B"), - (*env)->NewByteArray(env, 1)); - - privArray = (*env)->NewByteArray(env, privkeylen); - (*env)->SetByteArrayRegion(env, privArray, 0, privkeylen, (jbyte*)privkey); - (*env)->SetObjectArrayElement(env, retArray, 0, privArray); - - intsByteArray = (*env)->NewByteArray(env, 2); - (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); - (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); - - (void)classObject; - - return retArray; -} - -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1pubkey_1tweak_1add - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint publen) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; -/* secp256k1_pubkey* pubkey = (secp256k1_pubkey*) (*env)->GetDirectBufferAddress(env, byteBufferObject);*/ - unsigned char* pkey = (*env)->GetDirectBufferAddress(env, byteBufferObject); - const unsigned char* tweak = (unsigned char*) (pkey + publen); - - jobjectArray retArray; - jbyteArray pubArray, intsByteArray; - unsigned char intsarray[2]; - unsigned char outputSer[65]; - size_t outputLen = 65; - - secp256k1_pubkey pubkey; - int ret = secp256k1_ec_pubkey_parse(ctx, &pubkey, pkey, publen); - - if( ret ) { - ret = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, tweak); - } - - if( ret ) { - int ret2 = secp256k1_ec_pubkey_serialize(ctx,outputSer, &outputLen, &pubkey,SECP256K1_EC_UNCOMPRESSED );(void)ret2; - } - - intsarray[0] = outputLen; - intsarray[1] = ret; - - retArray = (*env)->NewObjectArray(env, 2, - (*env)->FindClass(env, "[B"), - (*env)->NewByteArray(env, 1)); - - pubArray = (*env)->NewByteArray(env, outputLen); - (*env)->SetByteArrayRegion(env, pubArray, 0, outputLen, (jbyte*)outputSer); - (*env)->SetObjectArrayElement(env, retArray, 0, pubArray); - - intsByteArray = (*env)->NewByteArray(env, 2); - (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); - (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); - - (void)classObject; - - return retArray; -} - -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1pubkey_1tweak_1mul - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint publen) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - unsigned char* pkey = (*env)->GetDirectBufferAddress(env, byteBufferObject); - const unsigned char* tweak = (unsigned char*) (pkey + publen); - - jobjectArray retArray; - jbyteArray pubArray, intsByteArray; - unsigned char intsarray[2]; - unsigned char outputSer[65]; - size_t outputLen = 65; - - secp256k1_pubkey pubkey; - int ret = secp256k1_ec_pubkey_parse(ctx, &pubkey, pkey, publen); - - if ( ret ) { - ret = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, tweak); - } - - if( ret ) { - int ret2 = secp256k1_ec_pubkey_serialize(ctx,outputSer, &outputLen, &pubkey,SECP256K1_EC_UNCOMPRESSED );(void)ret2; - } - - intsarray[0] = outputLen; - intsarray[1] = ret; - - retArray = (*env)->NewObjectArray(env, 2, - (*env)->FindClass(env, "[B"), - (*env)->NewByteArray(env, 1)); - - pubArray = (*env)->NewByteArray(env, outputLen); - (*env)->SetByteArrayRegion(env, pubArray, 0, outputLen, (jbyte*)outputSer); - (*env)->SetObjectArrayElement(env, retArray, 0, pubArray); - - intsByteArray = (*env)->NewByteArray(env, 2); - (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); - (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); - - (void)classObject; - - return retArray; -} - -SECP256K1_API jlong JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1pubkey_1combine - (JNIEnv * env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint numkeys) -{ - (void)classObject;(void)env;(void)byteBufferObject;(void)ctx_l;(void)numkeys; - - return 0; -} - -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdh - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint publen) -{ - secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; - const unsigned char* secdata = (*env)->GetDirectBufferAddress(env, byteBufferObject); - const unsigned char* pubdata = (const unsigned char*) (secdata + 32); - - jobjectArray retArray; - jbyteArray outArray, intsByteArray; - unsigned char intsarray[1]; - secp256k1_pubkey pubkey; - unsigned char nonce_res[32]; - size_t outputLen = 32; - - int ret = secp256k1_ec_pubkey_parse(ctx, &pubkey, pubdata, publen); - - if (ret) { - ret = secp256k1_ecdh( - ctx, - nonce_res, - &pubkey, - secdata, - NULL, - NULL - ); - } - - intsarray[0] = ret; - - retArray = (*env)->NewObjectArray(env, 2, - (*env)->FindClass(env, "[B"), - (*env)->NewByteArray(env, 1)); - - outArray = (*env)->NewByteArray(env, outputLen); - (*env)->SetByteArrayRegion(env, outArray, 0, 32, (jbyte*)nonce_res); - (*env)->SetObjectArrayElement(env, retArray, 0, outArray); - - intsByteArray = (*env)->NewByteArray(env, 1); - (*env)->SetByteArrayRegion(env, intsByteArray, 0, 1, (jbyte*)intsarray); - (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); - - (void)classObject; - - return retArray; -} diff --git a/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.h b/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.h deleted file mode 100644 index fe613c9e9..000000000 --- a/deps/secp256k1/src/java/org_bitcoin_NativeSecp256k1.h +++ /dev/null @@ -1,119 +0,0 @@ -/* DO NOT EDIT THIS FILE - it is machine generated */ -#include -#include "include/secp256k1.h" -/* Header for class org_bitcoin_NativeSecp256k1 */ - -#ifndef _Included_org_bitcoin_NativeSecp256k1 -#define _Included_org_bitcoin_NativeSecp256k1 -#ifdef __cplusplus -extern "C" { -#endif -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_ctx_clone - * Signature: (J)J - */ -SECP256K1_API jlong JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ctx_1clone - (JNIEnv *, jclass, jlong); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_context_randomize - * Signature: (Ljava/nio/ByteBuffer;J)I - */ -SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1context_1randomize - (JNIEnv *, jclass, jobject, jlong); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_privkey_tweak_add - * Signature: (Ljava/nio/ByteBuffer;J)[[B - */ -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1privkey_1tweak_1add - (JNIEnv *, jclass, jobject, jlong); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_privkey_tweak_mul - * Signature: (Ljava/nio/ByteBuffer;J)[[B - */ -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1privkey_1tweak_1mul - (JNIEnv *, jclass, jobject, jlong); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_pubkey_tweak_add - * Signature: (Ljava/nio/ByteBuffer;JI)[[B - */ -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1pubkey_1tweak_1add - (JNIEnv *, jclass, jobject, jlong, jint); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_pubkey_tweak_mul - * Signature: (Ljava/nio/ByteBuffer;JI)[[B - */ -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1pubkey_1tweak_1mul - (JNIEnv *, jclass, jobject, jlong, jint); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_destroy_context - * Signature: (J)V - */ -SECP256K1_API void JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1destroy_1context - (JNIEnv *, jclass, jlong); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_ecdsa_verify - * Signature: (Ljava/nio/ByteBuffer;JII)I - */ -SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1verify - (JNIEnv *, jclass, jobject, jlong, jint, jint); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_ecdsa_sign - * Signature: (Ljava/nio/ByteBuffer;J)[[B - */ -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1sign - (JNIEnv *, jclass, jobject, jlong); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_ec_seckey_verify - * Signature: (Ljava/nio/ByteBuffer;J)I - */ -SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1seckey_1verify - (JNIEnv *, jclass, jobject, jlong); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_ec_pubkey_create - * Signature: (Ljava/nio/ByteBuffer;J)[[B - */ -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1pubkey_1create - (JNIEnv *, jclass, jobject, jlong); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_ec_pubkey_parse - * Signature: (Ljava/nio/ByteBuffer;JI)[[B - */ -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1pubkey_1parse - (JNIEnv *, jclass, jobject, jlong, jint); - -/* - * Class: org_bitcoin_NativeSecp256k1 - * Method: secp256k1_ecdh - * Signature: (Ljava/nio/ByteBuffer;JI)[[B - */ -SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdh - (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint publen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.c b/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.c deleted file mode 100644 index a52939e7e..000000000 --- a/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.c +++ /dev/null @@ -1,15 +0,0 @@ -#include -#include -#include "org_bitcoin_Secp256k1Context.h" -#include "include/secp256k1.h" - -SECP256K1_API jlong JNICALL Java_org_bitcoin_Secp256k1Context_secp256k1_1init_1context - (JNIEnv* env, jclass classObject) -{ - secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - - (void)classObject;(void)env; - - return (uintptr_t)ctx; -} - diff --git a/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.h b/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.h deleted file mode 100644 index 0d2bc84b7..000000000 --- a/deps/secp256k1/src/java/org_bitcoin_Secp256k1Context.h +++ /dev/null @@ -1,22 +0,0 @@ -/* DO NOT EDIT THIS FILE - it is machine generated */ -#include -#include "include/secp256k1.h" -/* Header for class org_bitcoin_Secp256k1Context */ - -#ifndef _Included_org_bitcoin_Secp256k1Context -#define _Included_org_bitcoin_Secp256k1Context -#ifdef __cplusplus -extern "C" { -#endif -/* - * Class: org_bitcoin_Secp256k1Context - * Method: secp256k1_init_context - * Signature: ()J - */ -SECP256K1_API jlong JNICALL Java_org_bitcoin_Secp256k1Context_secp256k1_1init_1context - (JNIEnv *, jclass); - -#ifdef __cplusplus -} -#endif -#endif diff --git a/deps/secp256k1/src/modules/ecdh/Makefile.am.include b/deps/secp256k1/src/modules/ecdh/Makefile.am.include deleted file mode 100644 index e3088b469..000000000 --- a/deps/secp256k1/src/modules/ecdh/Makefile.am.include +++ /dev/null @@ -1,8 +0,0 @@ -include_HEADERS += include/secp256k1_ecdh.h -noinst_HEADERS += src/modules/ecdh/main_impl.h -noinst_HEADERS += src/modules/ecdh/tests_impl.h -if USE_BENCHMARK -noinst_PROGRAMS += bench_ecdh -bench_ecdh_SOURCES = src/bench_ecdh.c -bench_ecdh_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB) -endif diff --git a/deps/secp256k1/src/modules/ecdh/main_impl.h b/deps/secp256k1/src/modules/ecdh/main_impl.h deleted file mode 100644 index 44cb68e75..000000000 --- a/deps/secp256k1/src/modules/ecdh/main_impl.h +++ /dev/null @@ -1,67 +0,0 @@ -/********************************************************************** - * Copyright (c) 2015 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_MODULE_ECDH_MAIN_H -#define SECP256K1_MODULE_ECDH_MAIN_H - -#include "include/secp256k1_ecdh.h" -#include "ecmult_const_impl.h" - -static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) { - unsigned char version = (y[31] & 0x01) | 0x02; - secp256k1_sha256 sha; - (void)data; - - secp256k1_sha256_initialize(&sha); - secp256k1_sha256_write(&sha, &version, 1); - secp256k1_sha256_write(&sha, x, 32); - secp256k1_sha256_finalize(&sha, output); - - return 1; -} - -const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256 = ecdh_hash_function_sha256; -const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default = ecdh_hash_function_sha256; - -int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *output, const secp256k1_pubkey *point, const unsigned char *scalar, secp256k1_ecdh_hash_function hashfp, void *data) { - int ret = 0; - int overflow = 0; - secp256k1_gej res; - secp256k1_ge pt; - secp256k1_scalar s; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(output != NULL); - ARG_CHECK(point != NULL); - ARG_CHECK(scalar != NULL); - if (hashfp == NULL) { - hashfp = secp256k1_ecdh_hash_function_default; - } - - secp256k1_pubkey_load(ctx, &pt, point); - secp256k1_scalar_set_b32(&s, scalar, &overflow); - if (overflow || secp256k1_scalar_is_zero(&s)) { - ret = 0; - } else { - unsigned char x[32]; - unsigned char y[32]; - - secp256k1_ecmult_const(&res, &pt, &s, 256); - secp256k1_ge_set_gej(&pt, &res); - - /* Compute a hash of the point */ - secp256k1_fe_normalize(&pt.x); - secp256k1_fe_normalize(&pt.y); - secp256k1_fe_get_b32(x, &pt.x); - secp256k1_fe_get_b32(y, &pt.y); - - ret = hashfp(output, x, y, data); - } - - secp256k1_scalar_clear(&s); - return ret; -} - -#endif /* SECP256K1_MODULE_ECDH_MAIN_H */ diff --git a/deps/secp256k1/src/modules/ecdh/tests_impl.h b/deps/secp256k1/src/modules/ecdh/tests_impl.h deleted file mode 100644 index fe26e8fb6..000000000 --- a/deps/secp256k1/src/modules/ecdh/tests_impl.h +++ /dev/null @@ -1,132 +0,0 @@ -/********************************************************************** - * Copyright (c) 2015 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_MODULE_ECDH_TESTS_H -#define SECP256K1_MODULE_ECDH_TESTS_H - -int ecdh_hash_function_test_fail(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) { - (void)output; - (void)x; - (void)y; - (void)data; - return 0; -} - -int ecdh_hash_function_custom(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) { - (void)data; - /* Save x and y as uncompressed public key */ - output[0] = 0x04; - memcpy(output + 1, x, 32); - memcpy(output + 33, y, 32); - return 1; -} - -void test_ecdh_api(void) { - /* Setup context that just counts errors */ - secp256k1_context *tctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); - secp256k1_pubkey point; - unsigned char res[32]; - unsigned char s_one[32] = { 0 }; - int32_t ecount = 0; - s_one[31] = 1; - - secp256k1_context_set_error_callback(tctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(tctx, counting_illegal_callback_fn, &ecount); - CHECK(secp256k1_ec_pubkey_create(tctx, &point, s_one) == 1); - - /* Check all NULLs are detected */ - CHECK(secp256k1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1); - CHECK(ecount == 0); - CHECK(secp256k1_ecdh(tctx, NULL, &point, s_one, NULL, NULL) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ecdh(tctx, res, NULL, s_one, NULL, NULL) == 0); - CHECK(ecount == 2); - CHECK(secp256k1_ecdh(tctx, res, &point, NULL, NULL, NULL) == 0); - CHECK(ecount == 3); - CHECK(secp256k1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1); - CHECK(ecount == 3); - - /* Cleanup */ - secp256k1_context_destroy(tctx); -} - -void test_ecdh_generator_basepoint(void) { - unsigned char s_one[32] = { 0 }; - secp256k1_pubkey point[2]; - int i; - - s_one[31] = 1; - /* Check against pubkey creation when the basepoint is the generator */ - for (i = 0; i < 100; ++i) { - secp256k1_sha256 sha; - unsigned char s_b32[32]; - unsigned char output_ecdh[65]; - unsigned char output_ser[32]; - unsigned char point_ser[65]; - size_t point_ser_len = sizeof(point_ser); - secp256k1_scalar s; - - random_scalar_order(&s); - secp256k1_scalar_get_b32(s_b32, &s); - - CHECK(secp256k1_ec_pubkey_create(ctx, &point[0], s_one) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &point[1], s_b32) == 1); - - /* compute using ECDH function with custom hash function */ - CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); - /* compute "explicitly" */ - CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); - /* compare */ - CHECK(memcmp(output_ecdh, point_ser, 65) == 0); - - /* compute using ECDH function with default hash function */ - CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); - /* compute "explicitly" */ - CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); - secp256k1_sha256_initialize(&sha); - secp256k1_sha256_write(&sha, point_ser, point_ser_len); - secp256k1_sha256_finalize(&sha, output_ser); - /* compare */ - CHECK(memcmp(output_ecdh, output_ser, 32) == 0); - } -} - -void test_bad_scalar(void) { - unsigned char s_zero[32] = { 0 }; - unsigned char s_overflow[32] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, - 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, - 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 - }; - unsigned char s_rand[32] = { 0 }; - unsigned char output[32]; - secp256k1_scalar rand; - secp256k1_pubkey point; - - /* Create random point */ - random_scalar_order(&rand); - secp256k1_scalar_get_b32(s_rand, &rand); - CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_rand) == 1); - - /* Try to multiply it by bad values */ - CHECK(secp256k1_ecdh(ctx, output, &point, s_zero, NULL, NULL) == 0); - CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 0); - /* ...and a good one */ - s_overflow[31] -= 1; - CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 1); - - /* Hash function failure results in ecdh failure */ - CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); -} - -void run_ecdh_tests(void) { - test_ecdh_api(); - test_ecdh_generator_basepoint(); - test_bad_scalar(); -} - -#endif /* SECP256K1_MODULE_ECDH_TESTS_H */ diff --git a/deps/secp256k1/src/modules/recovery/Makefile.am.include b/deps/secp256k1/src/modules/recovery/Makefile.am.include deleted file mode 100644 index bf23c26e7..000000000 --- a/deps/secp256k1/src/modules/recovery/Makefile.am.include +++ /dev/null @@ -1,8 +0,0 @@ -include_HEADERS += include/secp256k1_recovery.h -noinst_HEADERS += src/modules/recovery/main_impl.h -noinst_HEADERS += src/modules/recovery/tests_impl.h -if USE_BENCHMARK -noinst_PROGRAMS += bench_recover -bench_recover_SOURCES = src/bench_recover.c -bench_recover_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB) -endif diff --git a/deps/secp256k1/src/modules/recovery/main_impl.h b/deps/secp256k1/src/modules/recovery/main_impl.h deleted file mode 100755 index ed356e53a..000000000 --- a/deps/secp256k1/src/modules/recovery/main_impl.h +++ /dev/null @@ -1,193 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_MODULE_RECOVERY_MAIN_H -#define SECP256K1_MODULE_RECOVERY_MAIN_H - -#include "include/secp256k1_recovery.h" - -static void secp256k1_ecdsa_recoverable_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, int* recid, const secp256k1_ecdsa_recoverable_signature* sig) { - (void)ctx; - if (sizeof(secp256k1_scalar) == 32) { - /* When the secp256k1_scalar type is exactly 32 byte, use its - * representation inside secp256k1_ecdsa_signature, as conversion is very fast. - * Note that secp256k1_ecdsa_signature_save must use the same representation. */ - memcpy(r, &sig->data[0], 32); - memcpy(s, &sig->data[32], 32); - } else { - secp256k1_scalar_set_b32(r, &sig->data[0], NULL); - secp256k1_scalar_set_b32(s, &sig->data[32], NULL); - } - *recid = sig->data[64]; -} - -static void secp256k1_ecdsa_recoverable_signature_save(secp256k1_ecdsa_recoverable_signature* sig, const secp256k1_scalar* r, const secp256k1_scalar* s, int recid) { - if (sizeof(secp256k1_scalar) == 32) { - memcpy(&sig->data[0], r, 32); - memcpy(&sig->data[32], s, 32); - } else { - secp256k1_scalar_get_b32(&sig->data[0], r); - secp256k1_scalar_get_b32(&sig->data[32], s); - } - sig->data[64] = recid; -} - -int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid) { - secp256k1_scalar r, s; - int ret = 1; - int overflow = 0; - - (void)ctx; - ARG_CHECK(sig != NULL); - ARG_CHECK(input64 != NULL); - ARG_CHECK(recid >= 0 && recid <= 3); - - secp256k1_scalar_set_b32(&r, &input64[0], &overflow); - ret &= !overflow; - secp256k1_scalar_set_b32(&s, &input64[32], &overflow); - ret &= !overflow; - if (ret) { - secp256k1_ecdsa_recoverable_signature_save(sig, &r, &s, recid); - } else { - memset(sig, 0, sizeof(*sig)); - } - return ret; -} - -int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature* sig) { - secp256k1_scalar r, s; - - (void)ctx; - ARG_CHECK(output64 != NULL); - ARG_CHECK(sig != NULL); - ARG_CHECK(recid != NULL); - - secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, recid, sig); - secp256k1_scalar_get_b32(&output64[0], &r); - secp256k1_scalar_get_b32(&output64[32], &s); - return 1; -} - -int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const secp256k1_ecdsa_recoverable_signature* sigin) { - secp256k1_scalar r, s; - int recid; - - (void)ctx; - ARG_CHECK(sig != NULL); - ARG_CHECK(sigin != NULL); - - secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, sigin); - secp256k1_ecdsa_signature_save(sig, &r, &s); - return 1; -} - -static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context *ctx, const secp256k1_scalar *sigr, const secp256k1_scalar* sigs, secp256k1_ge *pubkey, const secp256k1_scalar *message, int recid) { - unsigned char brx[32]; - secp256k1_fe fx; - secp256k1_ge x; - secp256k1_gej xj; - secp256k1_scalar rn, u1, u2; - secp256k1_gej qj; - int r; - - if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) { - return 0; - } - - secp256k1_scalar_get_b32(brx, sigr); - r = secp256k1_fe_set_b32(&fx, brx); - (void)r; - VERIFY_CHECK(r); /* brx comes from a scalar, so is less than the order; certainly less than p */ - if (recid & 2) { - if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0) { - return 0; - } - secp256k1_fe_add(&fx, &secp256k1_ecdsa_const_order_as_fe); - } - if (!secp256k1_ge_set_xo_var(&x, &fx, recid & 1)) { - return 0; - } - secp256k1_gej_set_ge(&xj, &x); - secp256k1_scalar_inverse_var(&rn, sigr); - secp256k1_scalar_mul(&u1, &rn, message); - secp256k1_scalar_negate(&u1, &u1); - secp256k1_scalar_mul(&u2, &rn, sigs); - secp256k1_ecmult(ctx, &qj, &xj, &u2, &u1); - secp256k1_ge_set_gej_var(pubkey, &qj); - return !secp256k1_gej_is_infinity(&qj); -} - -int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { - secp256k1_scalar r, s; - secp256k1_scalar sec, non, msg; - int recid; - int ret = 0; - int overflow = 0; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); - ARG_CHECK(msg32 != NULL); - ARG_CHECK(signature != NULL); - ARG_CHECK(seckey != NULL); - if (noncefp == NULL) { - noncefp = secp256k1_nonce_function_default; - } - - secp256k1_scalar_set_b32(&sec, seckey, &overflow); - /* Fail if the secret key is invalid. */ - if (!overflow && !secp256k1_scalar_is_zero(&sec)) { - unsigned char nonce32[32]; - unsigned int count = 0; - secp256k1_scalar_set_b32(&msg, msg32, NULL); - while (1) { - ret = noncefp(nonce32, msg32, seckey, NULL, (void*)noncedata, count); - if (!ret) { - break; - } - secp256k1_scalar_set_b32(&non, nonce32, &overflow); - if (!overflow && !secp256k1_scalar_is_zero(&non)) { - if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &r, &s, &sec, &msg, &non, &recid)) { - break; - } - } - count++; - } - memset(nonce32, 0, 32); - secp256k1_scalar_clear(&msg); - secp256k1_scalar_clear(&non); - secp256k1_scalar_clear(&sec); - } - if (ret) { - secp256k1_ecdsa_recoverable_signature_save(signature, &r, &s, recid); - } else { - memset(signature, 0, sizeof(*signature)); - } - return ret; -} - -int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32) { - secp256k1_ge q; - secp256k1_scalar r, s; - secp256k1_scalar m; - int recid; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); - ARG_CHECK(msg32 != NULL); - ARG_CHECK(signature != NULL); - ARG_CHECK(pubkey != NULL); - - secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature); - VERIFY_CHECK(recid >= 0 && recid < 4); /* should have been caught in parse_compact */ - secp256k1_scalar_set_b32(&m, msg32, NULL); - if (secp256k1_ecdsa_sig_recover(&ctx->ecmult_ctx, &r, &s, &q, &m, recid)) { - secp256k1_pubkey_save(pubkey, &q); - return 1; - } else { - memset(pubkey, 0, sizeof(*pubkey)); - return 0; - } -} - -#endif /* SECP256K1_MODULE_RECOVERY_MAIN_H */ diff --git a/deps/secp256k1/src/modules/recovery/tests_impl.h b/deps/secp256k1/src/modules/recovery/tests_impl.h deleted file mode 100644 index 38a533a75..000000000 --- a/deps/secp256k1/src/modules/recovery/tests_impl.h +++ /dev/null @@ -1,393 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_MODULE_RECOVERY_TESTS_H -#define SECP256K1_MODULE_RECOVERY_TESTS_H - -static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { - (void) msg32; - (void) key32; - (void) algo16; - (void) data; - - /* On the first run, return 0 to force a second run */ - if (counter == 0) { - memset(nonce32, 0, 32); - return 1; - } - /* On the second run, return an overflow to force a third run */ - if (counter == 1) { - memset(nonce32, 0xff, 32); - return 1; - } - /* On the next run, return a valid nonce, but flip a coin as to whether or not to fail signing. */ - memset(nonce32, 1, 32); - return secp256k1_rand_bits(1); -} - -void test_ecdsa_recovery_api(void) { - /* Setup contexts that just count errors */ - secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE); - secp256k1_context *sign = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); - secp256k1_context *vrfy = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); - secp256k1_context *both = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - secp256k1_pubkey pubkey; - secp256k1_pubkey recpubkey; - secp256k1_ecdsa_signature normal_sig; - secp256k1_ecdsa_recoverable_signature recsig; - unsigned char privkey[32] = { 1 }; - unsigned char message[32] = { 2 }; - int32_t ecount = 0; - int recid = 0; - unsigned char sig[74]; - unsigned char zero_privkey[32] = { 0 }; - unsigned char over_privkey[32] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; - - secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount); - - /* Construct and verify corresponding public key. */ - CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); - - /* Check bad contexts and NULLs for signing */ - ecount = 0; - CHECK(secp256k1_ecdsa_sign_recoverable(none, &recsig, message, privkey, NULL, NULL) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_sign_recoverable(sign, &recsig, message, privkey, NULL, NULL) == 1); - CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_sign_recoverable(vrfy, &recsig, message, privkey, NULL, NULL) == 0); - CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_sign_recoverable(both, NULL, message, privkey, NULL, NULL) == 0); - CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, NULL, privkey, NULL, NULL) == 0); - CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, NULL, NULL, NULL) == 0); - CHECK(ecount == 5); - /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */ - secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, recovery_test_nonce_function, NULL); - CHECK(ecount == 5); - /* These will all fail, but not in ARG_CHECK way */ - CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, zero_privkey, NULL, NULL) == 0); - CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, over_privkey, NULL, NULL) == 0); - /* This one will succeed. */ - CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); - CHECK(ecount == 5); - - /* Check signing with a goofy nonce function */ - - /* Check bad contexts and NULLs for recovery */ - ecount = 0; - CHECK(secp256k1_ecdsa_recover(none, &recpubkey, &recsig, message) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_recover(sign, &recpubkey, &recsig, message) == 0); - CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_recover(vrfy, &recpubkey, &recsig, message) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_recover(both, &recpubkey, &recsig, message) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_recover(both, NULL, &recsig, message) == 0); - CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_recover(both, &recpubkey, NULL, message) == 0); - CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_recover(both, &recpubkey, &recsig, NULL) == 0); - CHECK(ecount == 5); - - /* Check NULLs for conversion */ - CHECK(secp256k1_ecdsa_sign(both, &normal_sig, message, privkey, NULL, NULL) == 1); - ecount = 0; - CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, NULL, &recsig) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, &normal_sig, NULL) == 0); - CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, &normal_sig, &recsig) == 1); - - /* Check NULLs for de/serialization */ - CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); - ecount = 0; - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, NULL, &recid, &recsig) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, NULL, &recsig) == 0); - CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, NULL) == 0); - CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, &recsig) == 1); - - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, NULL, sig, recid) == 0); - CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, NULL, recid) == 0); - CHECK(ecount == 5); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, -1) == 0); - CHECK(ecount == 6); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, 5) == 0); - CHECK(ecount == 7); - /* overflow in signature will fail but not affect ecount */ - memcpy(sig, over_privkey, 32); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, recid) == 0); - CHECK(ecount == 7); - - /* cleanup */ - secp256k1_context_destroy(none); - secp256k1_context_destroy(sign); - secp256k1_context_destroy(vrfy); - secp256k1_context_destroy(both); -} - -void test_ecdsa_recovery_end_to_end(void) { - unsigned char extra[32] = {0x00}; - unsigned char privkey[32]; - unsigned char message[32]; - secp256k1_ecdsa_signature signature[5]; - secp256k1_ecdsa_recoverable_signature rsignature[5]; - unsigned char sig[74]; - secp256k1_pubkey pubkey; - secp256k1_pubkey recpubkey; - int recid = 0; - - /* Generate a random key and message. */ - { - secp256k1_scalar msg, key; - random_scalar_order_test(&msg); - random_scalar_order_test(&key); - secp256k1_scalar_get_b32(privkey, &key); - secp256k1_scalar_get_b32(message, &msg); - } - - /* Construct and verify corresponding public key. */ - CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); - - /* Serialize/parse compact and verify/recover. */ - extra[0] = 0; - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[0], message, privkey, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[4], message, privkey, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[1], message, privkey, NULL, extra) == 1); - extra[31] = 1; - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[2], message, privkey, NULL, extra) == 1); - extra[31] = 0; - extra[0] = 1; - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[3], message, privkey, NULL, extra) == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); - CHECK(memcmp(&signature[4], &signature[0], 64) == 0); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); - memset(&rsignature[4], 0, sizeof(rsignature[4])); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); - /* Parse compact (with recovery id) and recover. */ - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 1); - CHECK(memcmp(&pubkey, &recpubkey, sizeof(pubkey)) == 0); - /* Serialize/destroy/parse signature and verify again. */ - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); - sig[secp256k1_rand_bits(6)] += 1 + secp256k1_rand_int(255); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0); - /* Recover again */ - CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 0 || - memcmp(&pubkey, &recpubkey, sizeof(pubkey)) != 0); -} - -/* Tests several edge cases. */ -void test_ecdsa_recovery_edge_cases(void) { - const unsigned char msg32[32] = { - 'T', 'h', 'i', 's', ' ', 'i', 's', ' ', - 'a', ' ', 'v', 'e', 'r', 'y', ' ', 's', - 'e', 'c', 'r', 'e', 't', ' ', 'm', 'e', - 's', 's', 'a', 'g', 'e', '.', '.', '.' - }; - const unsigned char sig64[64] = { - /* Generated by signing the above message with nonce 'This is the nonce we will use...' - * and secret key 0 (which is not valid), resulting in recid 1. */ - 0x67, 0xCB, 0x28, 0x5F, 0x9C, 0xD1, 0x94, 0xE8, - 0x40, 0xD6, 0x29, 0x39, 0x7A, 0xF5, 0x56, 0x96, - 0x62, 0xFD, 0xE4, 0x46, 0x49, 0x99, 0x59, 0x63, - 0x17, 0x9A, 0x7D, 0xD1, 0x7B, 0xD2, 0x35, 0x32, - 0x4B, 0x1B, 0x7D, 0xF3, 0x4C, 0xE1, 0xF6, 0x8E, - 0x69, 0x4F, 0xF6, 0xF1, 0x1A, 0xC7, 0x51, 0xDD, - 0x7D, 0xD7, 0x3E, 0x38, 0x7E, 0xE4, 0xFC, 0x86, - 0x6E, 0x1B, 0xE8, 0xEC, 0xC7, 0xDD, 0x95, 0x57 - }; - secp256k1_pubkey pubkey; - /* signature (r,s) = (4,4), which can be recovered with all 4 recids. */ - const unsigned char sigb64[64] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, - }; - secp256k1_pubkey pubkeyb; - secp256k1_ecdsa_recoverable_signature rsig; - secp256k1_ecdsa_signature sig; - int recid; - - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 0)); - CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 1)); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 2)); - CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 3)); - CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); - - for (recid = 0; recid < 4; recid++) { - int i; - int recid2; - /* (4,4) encoded in DER. */ - unsigned char sigbder[8] = {0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04}; - unsigned char sigcder_zr[7] = {0x30, 0x05, 0x02, 0x00, 0x02, 0x01, 0x01}; - unsigned char sigcder_zs[7] = {0x30, 0x05, 0x02, 0x01, 0x01, 0x02, 0x00}; - unsigned char sigbderalt1[39] = { - 0x30, 0x25, 0x02, 0x20, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04, - }; - unsigned char sigbderalt2[39] = { - 0x30, 0x25, 0x02, 0x01, 0x04, 0x02, 0x20, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, - }; - unsigned char sigbderalt3[40] = { - 0x30, 0x26, 0x02, 0x21, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04, - }; - unsigned char sigbderalt4[40] = { - 0x30, 0x26, 0x02, 0x01, 0x04, 0x02, 0x21, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, - }; - /* (order + r,4) encoded in DER. */ - unsigned char sigbderlong[40] = { - 0x30, 0x26, 0x02, 0x21, 0x00, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, - 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, - 0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04 - }; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 1); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1); - for (recid2 = 0; recid2 < 4; recid2++) { - secp256k1_pubkey pubkey2b; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid2) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkey2b, &rsig, msg32) == 1); - /* Verifying with (order + r,4) should always fail. */ - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderlong, sizeof(sigbderlong)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); - } - /* DER parsing tests. */ - /* Zero length r/s. */ - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); - /* Leading zeros. */ - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); - sigbderalt3[4] = 1; - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); - sigbderalt4[7] = 1; - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); - /* Damage signature. */ - sigbder[7]++; - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); - sigbder[7]--; - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, 6) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder) - 1) == 0); - for(i = 0; i < 8; i++) { - int c; - unsigned char orig = sigbder[i]; - /*Try every single-byte change.*/ - for (c = 0; c < 256; c++) { - if (c == orig ) { - continue; - } - sigbder[i] = c; - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); - } - sigbder[i] = orig; - } - } - - /* Test r/s equal to zero */ - { - /* (1,1) encoded in DER. */ - unsigned char sigcder[8] = {0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01}; - unsigned char sigc64[64] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - }; - secp256k1_pubkey pubkeyc; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyc, &rsig, msg32) == 1); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 1); - sigcder[4] = 0; - sigc64[31] = 0; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); - sigcder[4] = 1; - sigcder[7] = 0; - sigc64[31] = 1; - sigc64[63] = 0; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); - } -} - -void run_recovery_tests(void) { - int i; - for (i = 0; i < count; i++) { - test_ecdsa_recovery_api(); - } - for (i = 0; i < 64*count; i++) { - test_ecdsa_recovery_end_to_end(); - } - test_ecdsa_recovery_edge_cases(); -} - -#endif /* SECP256K1_MODULE_RECOVERY_TESTS_H */ diff --git a/deps/secp256k1/src/num.h b/deps/secp256k1/src/num.h deleted file mode 100644 index 49f2dd791..000000000 --- a/deps/secp256k1/src/num.h +++ /dev/null @@ -1,74 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_NUM_H -#define SECP256K1_NUM_H - -#ifndef USE_NUM_NONE - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -#if defined(USE_NUM_GMP) -#include "num_gmp.h" -#else -#error "Please select num implementation" -#endif - -/** Copy a number. */ -static void secp256k1_num_copy(secp256k1_num *r, const secp256k1_num *a); - -/** Convert a number's absolute value to a binary big-endian string. - * There must be enough place. */ -static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num *a); - -/** Set a number to the value of a binary big-endian string. */ -static void secp256k1_num_set_bin(secp256k1_num *r, const unsigned char *a, unsigned int alen); - -/** Compute a modular inverse. The input must be less than the modulus. */ -static void secp256k1_num_mod_inverse(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *m); - -/** Compute the jacobi symbol (a|b). b must be positive and odd. */ -static int secp256k1_num_jacobi(const secp256k1_num *a, const secp256k1_num *b); - -/** Compare the absolute value of two numbers. */ -static int secp256k1_num_cmp(const secp256k1_num *a, const secp256k1_num *b); - -/** Test whether two number are equal (including sign). */ -static int secp256k1_num_eq(const secp256k1_num *a, const secp256k1_num *b); - -/** Add two (signed) numbers. */ -static void secp256k1_num_add(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b); - -/** Subtract two (signed) numbers. */ -static void secp256k1_num_sub(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b); - -/** Multiply two (signed) numbers. */ -static void secp256k1_num_mul(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b); - -/** Replace a number by its remainder modulo m. M's sign is ignored. The result is a number between 0 and m-1, - even if r was negative. */ -static void secp256k1_num_mod(secp256k1_num *r, const secp256k1_num *m); - -/** Right-shift the passed number by bits bits. */ -static void secp256k1_num_shift(secp256k1_num *r, int bits); - -/** Check whether a number is zero. */ -static int secp256k1_num_is_zero(const secp256k1_num *a); - -/** Check whether a number is one. */ -static int secp256k1_num_is_one(const secp256k1_num *a); - -/** Check whether a number is strictly negative. */ -static int secp256k1_num_is_neg(const secp256k1_num *a); - -/** Change a number's sign. */ -static void secp256k1_num_negate(secp256k1_num *r); - -#endif - -#endif /* SECP256K1_NUM_H */ diff --git a/deps/secp256k1/src/num_gmp.h b/deps/secp256k1/src/num_gmp.h deleted file mode 100644 index 3619844bd..000000000 --- a/deps/secp256k1/src/num_gmp.h +++ /dev/null @@ -1,20 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_NUM_REPR_H -#define SECP256K1_NUM_REPR_H - -#include - -#define NUM_LIMBS ((256+GMP_NUMB_BITS-1)/GMP_NUMB_BITS) - -typedef struct { - mp_limb_t data[2*NUM_LIMBS]; - int neg; - int limbs; -} secp256k1_num; - -#endif /* SECP256K1_NUM_REPR_H */ diff --git a/deps/secp256k1/src/num_gmp_impl.h b/deps/secp256k1/src/num_gmp_impl.h deleted file mode 100644 index 0ae2a8ba0..000000000 --- a/deps/secp256k1/src/num_gmp_impl.h +++ /dev/null @@ -1,288 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_NUM_REPR_IMPL_H -#define SECP256K1_NUM_REPR_IMPL_H - -#include -#include -#include - -#include "util.h" -#include "num.h" - -#ifdef VERIFY -static void secp256k1_num_sanity(const secp256k1_num *a) { - VERIFY_CHECK(a->limbs == 1 || (a->limbs > 1 && a->data[a->limbs-1] != 0)); -} -#else -#define secp256k1_num_sanity(a) do { } while(0) -#endif - -static void secp256k1_num_copy(secp256k1_num *r, const secp256k1_num *a) { - *r = *a; -} - -static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num *a) { - unsigned char tmp[65]; - int len = 0; - int shift = 0; - if (a->limbs>1 || a->data[0] != 0) { - len = mpn_get_str(tmp, 256, (mp_limb_t*)a->data, a->limbs); - } - while (shift < len && tmp[shift] == 0) shift++; - VERIFY_CHECK(len-shift <= (int)rlen); - memset(r, 0, rlen - len + shift); - if (len > shift) { - memcpy(r + rlen - len + shift, tmp + shift, len - shift); - } - memset(tmp, 0, sizeof(tmp)); -} - -static void secp256k1_num_set_bin(secp256k1_num *r, const unsigned char *a, unsigned int alen) { - int len; - VERIFY_CHECK(alen > 0); - VERIFY_CHECK(alen <= 64); - len = mpn_set_str(r->data, a, alen, 256); - if (len == 0) { - r->data[0] = 0; - len = 1; - } - VERIFY_CHECK(len <= NUM_LIMBS*2); - r->limbs = len; - r->neg = 0; - while (r->limbs > 1 && r->data[r->limbs-1]==0) { - r->limbs--; - } -} - -static void secp256k1_num_add_abs(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { - mp_limb_t c = mpn_add(r->data, a->data, a->limbs, b->data, b->limbs); - r->limbs = a->limbs; - if (c != 0) { - VERIFY_CHECK(r->limbs < 2*NUM_LIMBS); - r->data[r->limbs++] = c; - } -} - -static void secp256k1_num_sub_abs(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { - mp_limb_t c = mpn_sub(r->data, a->data, a->limbs, b->data, b->limbs); - (void)c; - VERIFY_CHECK(c == 0); - r->limbs = a->limbs; - while (r->limbs > 1 && r->data[r->limbs-1]==0) { - r->limbs--; - } -} - -static void secp256k1_num_mod(secp256k1_num *r, const secp256k1_num *m) { - secp256k1_num_sanity(r); - secp256k1_num_sanity(m); - - if (r->limbs >= m->limbs) { - mp_limb_t t[2*NUM_LIMBS]; - mpn_tdiv_qr(t, r->data, 0, r->data, r->limbs, m->data, m->limbs); - memset(t, 0, sizeof(t)); - r->limbs = m->limbs; - while (r->limbs > 1 && r->data[r->limbs-1]==0) { - r->limbs--; - } - } - - if (r->neg && (r->limbs > 1 || r->data[0] != 0)) { - secp256k1_num_sub_abs(r, m, r); - r->neg = 0; - } -} - -static void secp256k1_num_mod_inverse(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *m) { - int i; - mp_limb_t g[NUM_LIMBS+1]; - mp_limb_t u[NUM_LIMBS+1]; - mp_limb_t v[NUM_LIMBS+1]; - mp_size_t sn; - mp_size_t gn; - secp256k1_num_sanity(a); - secp256k1_num_sanity(m); - - /** mpn_gcdext computes: (G,S) = gcdext(U,V), where - * * G = gcd(U,V) - * * G = U*S + V*T - * * U has equal or more limbs than V, and V has no padding - * If we set U to be (a padded version of) a, and V = m: - * G = a*S + m*T - * G = a*S mod m - * Assuming G=1: - * S = 1/a mod m - */ - VERIFY_CHECK(m->limbs <= NUM_LIMBS); - VERIFY_CHECK(m->data[m->limbs-1] != 0); - for (i = 0; i < m->limbs; i++) { - u[i] = (i < a->limbs) ? a->data[i] : 0; - v[i] = m->data[i]; - } - sn = NUM_LIMBS+1; - gn = mpn_gcdext(g, r->data, &sn, u, m->limbs, v, m->limbs); - (void)gn; - VERIFY_CHECK(gn == 1); - VERIFY_CHECK(g[0] == 1); - r->neg = a->neg ^ m->neg; - if (sn < 0) { - mpn_sub(r->data, m->data, m->limbs, r->data, -sn); - r->limbs = m->limbs; - while (r->limbs > 1 && r->data[r->limbs-1]==0) { - r->limbs--; - } - } else { - r->limbs = sn; - } - memset(g, 0, sizeof(g)); - memset(u, 0, sizeof(u)); - memset(v, 0, sizeof(v)); -} - -static int secp256k1_num_jacobi(const secp256k1_num *a, const secp256k1_num *b) { - int ret; - mpz_t ga, gb; - secp256k1_num_sanity(a); - secp256k1_num_sanity(b); - VERIFY_CHECK(!b->neg && (b->limbs > 0) && (b->data[0] & 1)); - - mpz_inits(ga, gb, NULL); - - mpz_import(gb, b->limbs, -1, sizeof(mp_limb_t), 0, 0, b->data); - mpz_import(ga, a->limbs, -1, sizeof(mp_limb_t), 0, 0, a->data); - if (a->neg) { - mpz_neg(ga, ga); - } - - ret = mpz_jacobi(ga, gb); - - mpz_clears(ga, gb, NULL); - - return ret; -} - -static int secp256k1_num_is_one(const secp256k1_num *a) { - return (a->limbs == 1 && a->data[0] == 1); -} - -static int secp256k1_num_is_zero(const secp256k1_num *a) { - return (a->limbs == 1 && a->data[0] == 0); -} - -static int secp256k1_num_is_neg(const secp256k1_num *a) { - return (a->limbs > 1 || a->data[0] != 0) && a->neg; -} - -static int secp256k1_num_cmp(const secp256k1_num *a, const secp256k1_num *b) { - if (a->limbs > b->limbs) { - return 1; - } - if (a->limbs < b->limbs) { - return -1; - } - return mpn_cmp(a->data, b->data, a->limbs); -} - -static int secp256k1_num_eq(const secp256k1_num *a, const secp256k1_num *b) { - if (a->limbs > b->limbs) { - return 0; - } - if (a->limbs < b->limbs) { - return 0; - } - if ((a->neg && !secp256k1_num_is_zero(a)) != (b->neg && !secp256k1_num_is_zero(b))) { - return 0; - } - return mpn_cmp(a->data, b->data, a->limbs) == 0; -} - -static void secp256k1_num_subadd(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b, int bneg) { - if (!(b->neg ^ bneg ^ a->neg)) { /* a and b have the same sign */ - r->neg = a->neg; - if (a->limbs >= b->limbs) { - secp256k1_num_add_abs(r, a, b); - } else { - secp256k1_num_add_abs(r, b, a); - } - } else { - if (secp256k1_num_cmp(a, b) > 0) { - r->neg = a->neg; - secp256k1_num_sub_abs(r, a, b); - } else { - r->neg = b->neg ^ bneg; - secp256k1_num_sub_abs(r, b, a); - } - } -} - -static void secp256k1_num_add(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { - secp256k1_num_sanity(a); - secp256k1_num_sanity(b); - secp256k1_num_subadd(r, a, b, 0); -} - -static void secp256k1_num_sub(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { - secp256k1_num_sanity(a); - secp256k1_num_sanity(b); - secp256k1_num_subadd(r, a, b, 1); -} - -static void secp256k1_num_mul(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { - mp_limb_t tmp[2*NUM_LIMBS+1]; - secp256k1_num_sanity(a); - secp256k1_num_sanity(b); - - VERIFY_CHECK(a->limbs + b->limbs <= 2*NUM_LIMBS+1); - if ((a->limbs==1 && a->data[0]==0) || (b->limbs==1 && b->data[0]==0)) { - r->limbs = 1; - r->neg = 0; - r->data[0] = 0; - return; - } - if (a->limbs >= b->limbs) { - mpn_mul(tmp, a->data, a->limbs, b->data, b->limbs); - } else { - mpn_mul(tmp, b->data, b->limbs, a->data, a->limbs); - } - r->limbs = a->limbs + b->limbs; - if (r->limbs > 1 && tmp[r->limbs - 1]==0) { - r->limbs--; - } - VERIFY_CHECK(r->limbs <= 2*NUM_LIMBS); - mpn_copyi(r->data, tmp, r->limbs); - r->neg = a->neg ^ b->neg; - memset(tmp, 0, sizeof(tmp)); -} - -static void secp256k1_num_shift(secp256k1_num *r, int bits) { - if (bits % GMP_NUMB_BITS) { - /* Shift within limbs. */ - mpn_rshift(r->data, r->data, r->limbs, bits % GMP_NUMB_BITS); - } - if (bits >= GMP_NUMB_BITS) { - int i; - /* Shift full limbs. */ - for (i = 0; i < r->limbs; i++) { - int index = i + (bits / GMP_NUMB_BITS); - if (index < r->limbs && index < 2*NUM_LIMBS) { - r->data[i] = r->data[index]; - } else { - r->data[i] = 0; - } - } - } - while (r->limbs>1 && r->data[r->limbs-1]==0) { - r->limbs--; - } -} - -static void secp256k1_num_negate(secp256k1_num *r) { - r->neg ^= 1; -} - -#endif /* SECP256K1_NUM_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/num_impl.h b/deps/secp256k1/src/num_impl.h deleted file mode 100644 index c45193b03..000000000 --- a/deps/secp256k1/src/num_impl.h +++ /dev/null @@ -1,24 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_NUM_IMPL_H -#define SECP256K1_NUM_IMPL_H - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -#include "num.h" - -#if defined(USE_NUM_GMP) -#include "num_gmp_impl.h" -#elif defined(USE_NUM_NONE) -/* Nothing. */ -#else -#error "Please select num implementation" -#endif - -#endif /* SECP256K1_NUM_IMPL_H */ diff --git a/deps/secp256k1/src/scalar.h b/deps/secp256k1/src/scalar.h deleted file mode 100644 index 59304cb66..000000000 --- a/deps/secp256k1/src/scalar.h +++ /dev/null @@ -1,106 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_SCALAR_H -#define SECP256K1_SCALAR_H - -#include "num.h" - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -#if defined(EXHAUSTIVE_TEST_ORDER) -#include "scalar_low.h" -#elif defined(USE_SCALAR_4X64) -#include "scalar_4x64.h" -#elif defined(USE_SCALAR_8X32) -#include "scalar_8x32.h" -#else -#error "Please select scalar implementation" -#endif - -/** Clear a scalar to prevent the leak of sensitive data. */ -static void secp256k1_scalar_clear(secp256k1_scalar *r); - -/** Access bits from a scalar. All requested bits must belong to the same 32-bit limb. */ -static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count); - -/** Access bits from a scalar. Not constant time. */ -static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count); - -/** Set a scalar from a big endian byte array. */ -static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow); - -/** Set a scalar to an unsigned integer. */ -static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v); - -/** Convert a scalar to a byte array. */ -static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a); - -/** Add two scalars together (modulo the group order). Returns whether it overflowed. */ -static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b); - -/** Conditionally add a power of two to a scalar. The result is not allowed to overflow. */ -static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag); - -/** Multiply two scalars (modulo the group order). */ -static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b); - -/** Shift a scalar right by some amount strictly between 0 and 16, returning - * the low bits that were shifted off */ -static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n); - -/** Compute the square of a scalar (modulo the group order). */ -static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a); - -/** Compute the inverse of a scalar (modulo the group order). */ -static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a); - -/** Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. */ -static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a); - -/** Compute the complement of a scalar (modulo the group order). */ -static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a); - -/** Check whether a scalar equals zero. */ -static int secp256k1_scalar_is_zero(const secp256k1_scalar *a); - -/** Check whether a scalar equals one. */ -static int secp256k1_scalar_is_one(const secp256k1_scalar *a); - -/** Check whether a scalar, considered as an nonnegative integer, is even. */ -static int secp256k1_scalar_is_even(const secp256k1_scalar *a); - -/** Check whether a scalar is higher than the group order divided by 2. */ -static int secp256k1_scalar_is_high(const secp256k1_scalar *a); - -/** Conditionally negate a number, in constant time. - * Returns -1 if the number was negated, 1 otherwise */ -static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag); - -#ifndef USE_NUM_NONE -/** Convert a scalar to a number. */ -static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a); - -/** Get the order of the group as a number. */ -static void secp256k1_scalar_order_get_num(secp256k1_num *r); -#endif - -/** Compare two scalars. */ -static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b); - -#ifdef USE_ENDOMORPHISM -/** Find r1 and r2 such that r1+r2*2^128 = a. */ -static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a); -/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */ -static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a); -#endif - -/** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */ -static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift); - -#endif /* SECP256K1_SCALAR_H */ diff --git a/deps/secp256k1/src/scalar_4x64.h b/deps/secp256k1/src/scalar_4x64.h deleted file mode 100644 index 19c7495d1..000000000 --- a/deps/secp256k1/src/scalar_4x64.h +++ /dev/null @@ -1,19 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_SCALAR_REPR_H -#define SECP256K1_SCALAR_REPR_H - -#include - -/** A scalar modulo the group order of the secp256k1 curve. */ -typedef struct { - uint64_t d[4]; -} secp256k1_scalar; - -#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{((uint64_t)(d1)) << 32 | (d0), ((uint64_t)(d3)) << 32 | (d2), ((uint64_t)(d5)) << 32 | (d4), ((uint64_t)(d7)) << 32 | (d6)}} - -#endif /* SECP256K1_SCALAR_REPR_H */ diff --git a/deps/secp256k1/src/scalar_4x64_impl.h b/deps/secp256k1/src/scalar_4x64_impl.h deleted file mode 100644 index d378335d9..000000000 --- a/deps/secp256k1/src/scalar_4x64_impl.h +++ /dev/null @@ -1,949 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_SCALAR_REPR_IMPL_H -#define SECP256K1_SCALAR_REPR_IMPL_H - -/* Limbs of the secp256k1 order. */ -#define SECP256K1_N_0 ((uint64_t)0xBFD25E8CD0364141ULL) -#define SECP256K1_N_1 ((uint64_t)0xBAAEDCE6AF48A03BULL) -#define SECP256K1_N_2 ((uint64_t)0xFFFFFFFFFFFFFFFEULL) -#define SECP256K1_N_3 ((uint64_t)0xFFFFFFFFFFFFFFFFULL) - -/* Limbs of 2^256 minus the secp256k1 order. */ -#define SECP256K1_N_C_0 (~SECP256K1_N_0 + 1) -#define SECP256K1_N_C_1 (~SECP256K1_N_1) -#define SECP256K1_N_C_2 (1) - -/* Limbs of half the secp256k1 order. */ -#define SECP256K1_N_H_0 ((uint64_t)0xDFE92F46681B20A0ULL) -#define SECP256K1_N_H_1 ((uint64_t)0x5D576E7357A4501DULL) -#define SECP256K1_N_H_2 ((uint64_t)0xFFFFFFFFFFFFFFFFULL) -#define SECP256K1_N_H_3 ((uint64_t)0x7FFFFFFFFFFFFFFFULL) - -SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { - r->d[0] = 0; - r->d[1] = 0; - r->d[2] = 0; - r->d[3] = 0; -} - -SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { - r->d[0] = v; - r->d[1] = 0; - r->d[2] = 0; - r->d[3] = 0; -} - -SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { - VERIFY_CHECK((offset + count - 1) >> 6 == offset >> 6); - return (a->d[offset >> 6] >> (offset & 0x3F)) & ((((uint64_t)1) << count) - 1); -} - -SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { - VERIFY_CHECK(count < 32); - VERIFY_CHECK(offset + count <= 256); - if ((offset + count - 1) >> 6 == offset >> 6) { - return secp256k1_scalar_get_bits(a, offset, count); - } else { - VERIFY_CHECK((offset >> 6) + 1 < 4); - return ((a->d[offset >> 6] >> (offset & 0x3F)) | (a->d[(offset >> 6) + 1] << (64 - (offset & 0x3F)))) & ((((uint64_t)1) << count) - 1); - } -} - -SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { - int yes = 0; - int no = 0; - no |= (a->d[3] < SECP256K1_N_3); /* No need for a > check. */ - no |= (a->d[2] < SECP256K1_N_2); - yes |= (a->d[2] > SECP256K1_N_2) & ~no; - no |= (a->d[1] < SECP256K1_N_1); - yes |= (a->d[1] > SECP256K1_N_1) & ~no; - yes |= (a->d[0] >= SECP256K1_N_0) & ~no; - return yes; -} - -SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, unsigned int overflow) { - uint128_t t; - VERIFY_CHECK(overflow <= 1); - t = (uint128_t)r->d[0] + overflow * SECP256K1_N_C_0; - r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - t += (uint128_t)r->d[1] + overflow * SECP256K1_N_C_1; - r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - t += (uint128_t)r->d[2] + overflow * SECP256K1_N_C_2; - r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - t += (uint64_t)r->d[3]; - r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; - return overflow; -} - -static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { - int overflow; - uint128_t t = (uint128_t)a->d[0] + b->d[0]; - r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - t += (uint128_t)a->d[1] + b->d[1]; - r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - t += (uint128_t)a->d[2] + b->d[2]; - r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - t += (uint128_t)a->d[3] + b->d[3]; - r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - overflow = t + secp256k1_scalar_check_overflow(r); - VERIFY_CHECK(overflow == 0 || overflow == 1); - secp256k1_scalar_reduce(r, overflow); - return overflow; -} - -static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { - uint128_t t; - VERIFY_CHECK(bit < 256); - bit += ((uint32_t) flag - 1) & 0x100; /* forcing (bit >> 6) > 3 makes this a noop */ - t = (uint128_t)r->d[0] + (((uint64_t)((bit >> 6) == 0)) << (bit & 0x3F)); - r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - t += (uint128_t)r->d[1] + (((uint64_t)((bit >> 6) == 1)) << (bit & 0x3F)); - r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - t += (uint128_t)r->d[2] + (((uint64_t)((bit >> 6) == 2)) << (bit & 0x3F)); - r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - t += (uint128_t)r->d[3] + (((uint64_t)((bit >> 6) == 3)) << (bit & 0x3F)); - r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; -#ifdef VERIFY - VERIFY_CHECK((t >> 64) == 0); - VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); -#endif -} - -static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { - int over; - r->d[0] = (uint64_t)b32[31] | (uint64_t)b32[30] << 8 | (uint64_t)b32[29] << 16 | (uint64_t)b32[28] << 24 | (uint64_t)b32[27] << 32 | (uint64_t)b32[26] << 40 | (uint64_t)b32[25] << 48 | (uint64_t)b32[24] << 56; - r->d[1] = (uint64_t)b32[23] | (uint64_t)b32[22] << 8 | (uint64_t)b32[21] << 16 | (uint64_t)b32[20] << 24 | (uint64_t)b32[19] << 32 | (uint64_t)b32[18] << 40 | (uint64_t)b32[17] << 48 | (uint64_t)b32[16] << 56; - r->d[2] = (uint64_t)b32[15] | (uint64_t)b32[14] << 8 | (uint64_t)b32[13] << 16 | (uint64_t)b32[12] << 24 | (uint64_t)b32[11] << 32 | (uint64_t)b32[10] << 40 | (uint64_t)b32[9] << 48 | (uint64_t)b32[8] << 56; - r->d[3] = (uint64_t)b32[7] | (uint64_t)b32[6] << 8 | (uint64_t)b32[5] << 16 | (uint64_t)b32[4] << 24 | (uint64_t)b32[3] << 32 | (uint64_t)b32[2] << 40 | (uint64_t)b32[1] << 48 | (uint64_t)b32[0] << 56; - over = secp256k1_scalar_reduce(r, secp256k1_scalar_check_overflow(r)); - if (overflow) { - *overflow = over; - } -} - -static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { - bin[0] = a->d[3] >> 56; bin[1] = a->d[3] >> 48; bin[2] = a->d[3] >> 40; bin[3] = a->d[3] >> 32; bin[4] = a->d[3] >> 24; bin[5] = a->d[3] >> 16; bin[6] = a->d[3] >> 8; bin[7] = a->d[3]; - bin[8] = a->d[2] >> 56; bin[9] = a->d[2] >> 48; bin[10] = a->d[2] >> 40; bin[11] = a->d[2] >> 32; bin[12] = a->d[2] >> 24; bin[13] = a->d[2] >> 16; bin[14] = a->d[2] >> 8; bin[15] = a->d[2]; - bin[16] = a->d[1] >> 56; bin[17] = a->d[1] >> 48; bin[18] = a->d[1] >> 40; bin[19] = a->d[1] >> 32; bin[20] = a->d[1] >> 24; bin[21] = a->d[1] >> 16; bin[22] = a->d[1] >> 8; bin[23] = a->d[1]; - bin[24] = a->d[0] >> 56; bin[25] = a->d[0] >> 48; bin[26] = a->d[0] >> 40; bin[27] = a->d[0] >> 32; bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0]; -} - -SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { - return (a->d[0] | a->d[1] | a->d[2] | a->d[3]) == 0; -} - -static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { - uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (secp256k1_scalar_is_zero(a) == 0); - uint128_t t = (uint128_t)(~a->d[0]) + SECP256K1_N_0 + 1; - r->d[0] = t & nonzero; t >>= 64; - t += (uint128_t)(~a->d[1]) + SECP256K1_N_1; - r->d[1] = t & nonzero; t >>= 64; - t += (uint128_t)(~a->d[2]) + SECP256K1_N_2; - r->d[2] = t & nonzero; t >>= 64; - t += (uint128_t)(~a->d[3]) + SECP256K1_N_3; - r->d[3] = t & nonzero; -} - -SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { - return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3]) == 0; -} - -static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { - int yes = 0; - int no = 0; - no |= (a->d[3] < SECP256K1_N_H_3); - yes |= (a->d[3] > SECP256K1_N_H_3) & ~no; - no |= (a->d[2] < SECP256K1_N_H_2) & ~yes; /* No need for a > check. */ - no |= (a->d[1] < SECP256K1_N_H_1) & ~yes; - yes |= (a->d[1] > SECP256K1_N_H_1) & ~no; - yes |= (a->d[0] > SECP256K1_N_H_0) & ~no; - return yes; -} - -static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { - /* If we are flag = 0, mask = 00...00 and this is a no-op; - * if we are flag = 1, mask = 11...11 and this is identical to secp256k1_scalar_negate */ - uint64_t mask = !flag - 1; - uint64_t nonzero = (secp256k1_scalar_is_zero(r) != 0) - 1; - uint128_t t = (uint128_t)(r->d[0] ^ mask) + ((SECP256K1_N_0 + 1) & mask); - r->d[0] = t & nonzero; t >>= 64; - t += (uint128_t)(r->d[1] ^ mask) + (SECP256K1_N_1 & mask); - r->d[1] = t & nonzero; t >>= 64; - t += (uint128_t)(r->d[2] ^ mask) + (SECP256K1_N_2 & mask); - r->d[2] = t & nonzero; t >>= 64; - t += (uint128_t)(r->d[3] ^ mask) + (SECP256K1_N_3 & mask); - r->d[3] = t & nonzero; - return 2 * (mask == 0) - 1; -} - -/* Inspired by the macros in OpenSSL's crypto/bn/asm/x86_64-gcc.c. */ - -/** Add a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ -#define muladd(a,b) { \ - uint64_t tl, th; \ - { \ - uint128_t t = (uint128_t)a * b; \ - th = t >> 64; /* at most 0xFFFFFFFFFFFFFFFE */ \ - tl = t; \ - } \ - c0 += tl; /* overflow is handled on the next line */ \ - th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFFFFFFFFFF */ \ - c1 += th; /* overflow is handled on the next line */ \ - c2 += (c1 < th) ? 1 : 0; /* never overflows by contract (verified in the next line) */ \ - VERIFY_CHECK((c1 >= th) || (c2 != 0)); \ -} - -/** Add a*b to the number defined by (c0,c1). c1 must never overflow. */ -#define muladd_fast(a,b) { \ - uint64_t tl, th; \ - { \ - uint128_t t = (uint128_t)a * b; \ - th = t >> 64; /* at most 0xFFFFFFFFFFFFFFFE */ \ - tl = t; \ - } \ - c0 += tl; /* overflow is handled on the next line */ \ - th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFFFFFFFFFF */ \ - c1 += th; /* never overflows by contract (verified in the next line) */ \ - VERIFY_CHECK(c1 >= th); \ -} - -/** Add 2*a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ -#define muladd2(a,b) { \ - uint64_t tl, th, th2, tl2; \ - { \ - uint128_t t = (uint128_t)a * b; \ - th = t >> 64; /* at most 0xFFFFFFFFFFFFFFFE */ \ - tl = t; \ - } \ - th2 = th + th; /* at most 0xFFFFFFFFFFFFFFFE (in case th was 0x7FFFFFFFFFFFFFFF) */ \ - c2 += (th2 < th) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ - VERIFY_CHECK((th2 >= th) || (c2 != 0)); \ - tl2 = tl + tl; /* at most 0xFFFFFFFFFFFFFFFE (in case the lowest 63 bits of tl were 0x7FFFFFFFFFFFFFFF) */ \ - th2 += (tl2 < tl) ? 1 : 0; /* at most 0xFFFFFFFFFFFFFFFF */ \ - c0 += tl2; /* overflow is handled on the next line */ \ - th2 += (c0 < tl2) ? 1 : 0; /* second overflow is handled on the next line */ \ - c2 += (c0 < tl2) & (th2 == 0); /* never overflows by contract (verified the next line) */ \ - VERIFY_CHECK((c0 >= tl2) || (th2 != 0) || (c2 != 0)); \ - c1 += th2; /* overflow is handled on the next line */ \ - c2 += (c1 < th2) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ - VERIFY_CHECK((c1 >= th2) || (c2 != 0)); \ -} - -/** Add a to the number defined by (c0,c1,c2). c2 must never overflow. */ -#define sumadd(a) { \ - unsigned int over; \ - c0 += (a); /* overflow is handled on the next line */ \ - over = (c0 < (a)) ? 1 : 0; \ - c1 += over; /* overflow is handled on the next line */ \ - c2 += (c1 < over) ? 1 : 0; /* never overflows by contract */ \ -} - -/** Add a to the number defined by (c0,c1). c1 must never overflow, c2 must be zero. */ -#define sumadd_fast(a) { \ - c0 += (a); /* overflow is handled on the next line */ \ - c1 += (c0 < (a)) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ - VERIFY_CHECK((c1 != 0) | (c0 >= (a))); \ - VERIFY_CHECK(c2 == 0); \ -} - -/** Extract the lowest 64 bits of (c0,c1,c2) into n, and left shift the number 64 bits. */ -#define extract(n) { \ - (n) = c0; \ - c0 = c1; \ - c1 = c2; \ - c2 = 0; \ -} - -/** Extract the lowest 64 bits of (c0,c1,c2) into n, and left shift the number 64 bits. c2 is required to be zero. */ -#define extract_fast(n) { \ - (n) = c0; \ - c0 = c1; \ - c1 = 0; \ - VERIFY_CHECK(c2 == 0); \ -} - -static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint64_t *l) { -#ifdef USE_ASM_X86_64 - /* Reduce 512 bits into 385. */ - uint64_t m0, m1, m2, m3, m4, m5, m6; - uint64_t p0, p1, p2, p3, p4; - uint64_t c; - - __asm__ __volatile__( - /* Preload. */ - "movq 32(%%rsi), %%r11\n" - "movq 40(%%rsi), %%r12\n" - "movq 48(%%rsi), %%r13\n" - "movq 56(%%rsi), %%r14\n" - /* Initialize r8,r9,r10 */ - "movq 0(%%rsi), %%r8\n" - "xorq %%r9, %%r9\n" - "xorq %%r10, %%r10\n" - /* (r8,r9) += n0 * c0 */ - "movq %8, %%rax\n" - "mulq %%r11\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - /* extract m0 */ - "movq %%r8, %q0\n" - "xorq %%r8, %%r8\n" - /* (r9,r10) += l1 */ - "addq 8(%%rsi), %%r9\n" - "adcq $0, %%r10\n" - /* (r9,r10,r8) += n1 * c0 */ - "movq %8, %%rax\n" - "mulq %%r12\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* (r9,r10,r8) += n0 * c1 */ - "movq %9, %%rax\n" - "mulq %%r11\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* extract m1 */ - "movq %%r9, %q1\n" - "xorq %%r9, %%r9\n" - /* (r10,r8,r9) += l2 */ - "addq 16(%%rsi), %%r10\n" - "adcq $0, %%r8\n" - "adcq $0, %%r9\n" - /* (r10,r8,r9) += n2 * c0 */ - "movq %8, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - /* (r10,r8,r9) += n1 * c1 */ - "movq %9, %%rax\n" - "mulq %%r12\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - /* (r10,r8,r9) += n0 */ - "addq %%r11, %%r10\n" - "adcq $0, %%r8\n" - "adcq $0, %%r9\n" - /* extract m2 */ - "movq %%r10, %q2\n" - "xorq %%r10, %%r10\n" - /* (r8,r9,r10) += l3 */ - "addq 24(%%rsi), %%r8\n" - "adcq $0, %%r9\n" - "adcq $0, %%r10\n" - /* (r8,r9,r10) += n3 * c0 */ - "movq %8, %%rax\n" - "mulq %%r14\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - /* (r8,r9,r10) += n2 * c1 */ - "movq %9, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - /* (r8,r9,r10) += n1 */ - "addq %%r12, %%r8\n" - "adcq $0, %%r9\n" - "adcq $0, %%r10\n" - /* extract m3 */ - "movq %%r8, %q3\n" - "xorq %%r8, %%r8\n" - /* (r9,r10,r8) += n3 * c1 */ - "movq %9, %%rax\n" - "mulq %%r14\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* (r9,r10,r8) += n2 */ - "addq %%r13, %%r9\n" - "adcq $0, %%r10\n" - "adcq $0, %%r8\n" - /* extract m4 */ - "movq %%r9, %q4\n" - /* (r10,r8) += n3 */ - "addq %%r14, %%r10\n" - "adcq $0, %%r8\n" - /* extract m5 */ - "movq %%r10, %q5\n" - /* extract m6 */ - "movq %%r8, %q6\n" - : "=g"(m0), "=g"(m1), "=g"(m2), "=g"(m3), "=g"(m4), "=g"(m5), "=g"(m6) - : "S"(l), "i"(SECP256K1_N_C_0), "i"(SECP256K1_N_C_1) - : "rax", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "cc"); - - /* Reduce 385 bits into 258. */ - __asm__ __volatile__( - /* Preload */ - "movq %q9, %%r11\n" - "movq %q10, %%r12\n" - "movq %q11, %%r13\n" - /* Initialize (r8,r9,r10) */ - "movq %q5, %%r8\n" - "xorq %%r9, %%r9\n" - "xorq %%r10, %%r10\n" - /* (r8,r9) += m4 * c0 */ - "movq %12, %%rax\n" - "mulq %%r11\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - /* extract p0 */ - "movq %%r8, %q0\n" - "xorq %%r8, %%r8\n" - /* (r9,r10) += m1 */ - "addq %q6, %%r9\n" - "adcq $0, %%r10\n" - /* (r9,r10,r8) += m5 * c0 */ - "movq %12, %%rax\n" - "mulq %%r12\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* (r9,r10,r8) += m4 * c1 */ - "movq %13, %%rax\n" - "mulq %%r11\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* extract p1 */ - "movq %%r9, %q1\n" - "xorq %%r9, %%r9\n" - /* (r10,r8,r9) += m2 */ - "addq %q7, %%r10\n" - "adcq $0, %%r8\n" - "adcq $0, %%r9\n" - /* (r10,r8,r9) += m6 * c0 */ - "movq %12, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - /* (r10,r8,r9) += m5 * c1 */ - "movq %13, %%rax\n" - "mulq %%r12\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - /* (r10,r8,r9) += m4 */ - "addq %%r11, %%r10\n" - "adcq $0, %%r8\n" - "adcq $0, %%r9\n" - /* extract p2 */ - "movq %%r10, %q2\n" - /* (r8,r9) += m3 */ - "addq %q8, %%r8\n" - "adcq $0, %%r9\n" - /* (r8,r9) += m6 * c1 */ - "movq %13, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - /* (r8,r9) += m5 */ - "addq %%r12, %%r8\n" - "adcq $0, %%r9\n" - /* extract p3 */ - "movq %%r8, %q3\n" - /* (r9) += m6 */ - "addq %%r13, %%r9\n" - /* extract p4 */ - "movq %%r9, %q4\n" - : "=&g"(p0), "=&g"(p1), "=&g"(p2), "=g"(p3), "=g"(p4) - : "g"(m0), "g"(m1), "g"(m2), "g"(m3), "g"(m4), "g"(m5), "g"(m6), "i"(SECP256K1_N_C_0), "i"(SECP256K1_N_C_1) - : "rax", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "cc"); - - /* Reduce 258 bits into 256. */ - __asm__ __volatile__( - /* Preload */ - "movq %q5, %%r10\n" - /* (rax,rdx) = p4 * c0 */ - "movq %7, %%rax\n" - "mulq %%r10\n" - /* (rax,rdx) += p0 */ - "addq %q1, %%rax\n" - "adcq $0, %%rdx\n" - /* extract r0 */ - "movq %%rax, 0(%q6)\n" - /* Move to (r8,r9) */ - "movq %%rdx, %%r8\n" - "xorq %%r9, %%r9\n" - /* (r8,r9) += p1 */ - "addq %q2, %%r8\n" - "adcq $0, %%r9\n" - /* (r8,r9) += p4 * c1 */ - "movq %8, %%rax\n" - "mulq %%r10\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - /* Extract r1 */ - "movq %%r8, 8(%q6)\n" - "xorq %%r8, %%r8\n" - /* (r9,r8) += p4 */ - "addq %%r10, %%r9\n" - "adcq $0, %%r8\n" - /* (r9,r8) += p2 */ - "addq %q3, %%r9\n" - "adcq $0, %%r8\n" - /* Extract r2 */ - "movq %%r9, 16(%q6)\n" - "xorq %%r9, %%r9\n" - /* (r8,r9) += p3 */ - "addq %q4, %%r8\n" - "adcq $0, %%r9\n" - /* Extract r3 */ - "movq %%r8, 24(%q6)\n" - /* Extract c */ - "movq %%r9, %q0\n" - : "=g"(c) - : "g"(p0), "g"(p1), "g"(p2), "g"(p3), "g"(p4), "D"(r), "i"(SECP256K1_N_C_0), "i"(SECP256K1_N_C_1) - : "rax", "rdx", "r8", "r9", "r10", "cc", "memory"); -#else - uint128_t c; - uint64_t c0, c1, c2; - uint64_t n0 = l[4], n1 = l[5], n2 = l[6], n3 = l[7]; - uint64_t m0, m1, m2, m3, m4, m5; - uint32_t m6; - uint64_t p0, p1, p2, p3; - uint32_t p4; - - /* Reduce 512 bits into 385. */ - /* m[0..6] = l[0..3] + n[0..3] * SECP256K1_N_C. */ - c0 = l[0]; c1 = 0; c2 = 0; - muladd_fast(n0, SECP256K1_N_C_0); - extract_fast(m0); - sumadd_fast(l[1]); - muladd(n1, SECP256K1_N_C_0); - muladd(n0, SECP256K1_N_C_1); - extract(m1); - sumadd(l[2]); - muladd(n2, SECP256K1_N_C_0); - muladd(n1, SECP256K1_N_C_1); - sumadd(n0); - extract(m2); - sumadd(l[3]); - muladd(n3, SECP256K1_N_C_0); - muladd(n2, SECP256K1_N_C_1); - sumadd(n1); - extract(m3); - muladd(n3, SECP256K1_N_C_1); - sumadd(n2); - extract(m4); - sumadd_fast(n3); - extract_fast(m5); - VERIFY_CHECK(c0 <= 1); - m6 = c0; - - /* Reduce 385 bits into 258. */ - /* p[0..4] = m[0..3] + m[4..6] * SECP256K1_N_C. */ - c0 = m0; c1 = 0; c2 = 0; - muladd_fast(m4, SECP256K1_N_C_0); - extract_fast(p0); - sumadd_fast(m1); - muladd(m5, SECP256K1_N_C_0); - muladd(m4, SECP256K1_N_C_1); - extract(p1); - sumadd(m2); - muladd(m6, SECP256K1_N_C_0); - muladd(m5, SECP256K1_N_C_1); - sumadd(m4); - extract(p2); - sumadd_fast(m3); - muladd_fast(m6, SECP256K1_N_C_1); - sumadd_fast(m5); - extract_fast(p3); - p4 = c0 + m6; - VERIFY_CHECK(p4 <= 2); - - /* Reduce 258 bits into 256. */ - /* r[0..3] = p[0..3] + p[4] * SECP256K1_N_C. */ - c = p0 + (uint128_t)SECP256K1_N_C_0 * p4; - r->d[0] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; - c += p1 + (uint128_t)SECP256K1_N_C_1 * p4; - r->d[1] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; - c += p2 + (uint128_t)p4; - r->d[2] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; - c += p3; - r->d[3] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; -#endif - - /* Final reduction of r. */ - secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r)); -} - -static void secp256k1_scalar_mul_512(uint64_t l[8], const secp256k1_scalar *a, const secp256k1_scalar *b) { -#ifdef USE_ASM_X86_64 - const uint64_t *pb = b->d; - __asm__ __volatile__( - /* Preload */ - "movq 0(%%rdi), %%r15\n" - "movq 8(%%rdi), %%rbx\n" - "movq 16(%%rdi), %%rcx\n" - "movq 0(%%rdx), %%r11\n" - "movq 8(%%rdx), %%r12\n" - "movq 16(%%rdx), %%r13\n" - "movq 24(%%rdx), %%r14\n" - /* (rax,rdx) = a0 * b0 */ - "movq %%r15, %%rax\n" - "mulq %%r11\n" - /* Extract l0 */ - "movq %%rax, 0(%%rsi)\n" - /* (r8,r9,r10) = (rdx) */ - "movq %%rdx, %%r8\n" - "xorq %%r9, %%r9\n" - "xorq %%r10, %%r10\n" - /* (r8,r9,r10) += a0 * b1 */ - "movq %%r15, %%rax\n" - "mulq %%r12\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - /* (r8,r9,r10) += a1 * b0 */ - "movq %%rbx, %%rax\n" - "mulq %%r11\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - /* Extract l1 */ - "movq %%r8, 8(%%rsi)\n" - "xorq %%r8, %%r8\n" - /* (r9,r10,r8) += a0 * b2 */ - "movq %%r15, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* (r9,r10,r8) += a1 * b1 */ - "movq %%rbx, %%rax\n" - "mulq %%r12\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* (r9,r10,r8) += a2 * b0 */ - "movq %%rcx, %%rax\n" - "mulq %%r11\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* Extract l2 */ - "movq %%r9, 16(%%rsi)\n" - "xorq %%r9, %%r9\n" - /* (r10,r8,r9) += a0 * b3 */ - "movq %%r15, %%rax\n" - "mulq %%r14\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - /* Preload a3 */ - "movq 24(%%rdi), %%r15\n" - /* (r10,r8,r9) += a1 * b2 */ - "movq %%rbx, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - /* (r10,r8,r9) += a2 * b1 */ - "movq %%rcx, %%rax\n" - "mulq %%r12\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - /* (r10,r8,r9) += a3 * b0 */ - "movq %%r15, %%rax\n" - "mulq %%r11\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - /* Extract l3 */ - "movq %%r10, 24(%%rsi)\n" - "xorq %%r10, %%r10\n" - /* (r8,r9,r10) += a1 * b3 */ - "movq %%rbx, %%rax\n" - "mulq %%r14\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - /* (r8,r9,r10) += a2 * b2 */ - "movq %%rcx, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - /* (r8,r9,r10) += a3 * b1 */ - "movq %%r15, %%rax\n" - "mulq %%r12\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - /* Extract l4 */ - "movq %%r8, 32(%%rsi)\n" - "xorq %%r8, %%r8\n" - /* (r9,r10,r8) += a2 * b3 */ - "movq %%rcx, %%rax\n" - "mulq %%r14\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* (r9,r10,r8) += a3 * b2 */ - "movq %%r15, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* Extract l5 */ - "movq %%r9, 40(%%rsi)\n" - /* (r10,r8) += a3 * b3 */ - "movq %%r15, %%rax\n" - "mulq %%r14\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - /* Extract l6 */ - "movq %%r10, 48(%%rsi)\n" - /* Extract l7 */ - "movq %%r8, 56(%%rsi)\n" - : "+d"(pb) - : "S"(l), "D"(a->d) - : "rax", "rbx", "rcx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15", "cc", "memory"); -#else - /* 160 bit accumulator. */ - uint64_t c0 = 0, c1 = 0; - uint32_t c2 = 0; - - /* l[0..7] = a[0..3] * b[0..3]. */ - muladd_fast(a->d[0], b->d[0]); - extract_fast(l[0]); - muladd(a->d[0], b->d[1]); - muladd(a->d[1], b->d[0]); - extract(l[1]); - muladd(a->d[0], b->d[2]); - muladd(a->d[1], b->d[1]); - muladd(a->d[2], b->d[0]); - extract(l[2]); - muladd(a->d[0], b->d[3]); - muladd(a->d[1], b->d[2]); - muladd(a->d[2], b->d[1]); - muladd(a->d[3], b->d[0]); - extract(l[3]); - muladd(a->d[1], b->d[3]); - muladd(a->d[2], b->d[2]); - muladd(a->d[3], b->d[1]); - extract(l[4]); - muladd(a->d[2], b->d[3]); - muladd(a->d[3], b->d[2]); - extract(l[5]); - muladd_fast(a->d[3], b->d[3]); - extract_fast(l[6]); - VERIFY_CHECK(c1 == 0); - l[7] = c0; -#endif -} - -static void secp256k1_scalar_sqr_512(uint64_t l[8], const secp256k1_scalar *a) { -#ifdef USE_ASM_X86_64 - __asm__ __volatile__( - /* Preload */ - "movq 0(%%rdi), %%r11\n" - "movq 8(%%rdi), %%r12\n" - "movq 16(%%rdi), %%r13\n" - "movq 24(%%rdi), %%r14\n" - /* (rax,rdx) = a0 * a0 */ - "movq %%r11, %%rax\n" - "mulq %%r11\n" - /* Extract l0 */ - "movq %%rax, 0(%%rsi)\n" - /* (r8,r9,r10) = (rdx,0) */ - "movq %%rdx, %%r8\n" - "xorq %%r9, %%r9\n" - "xorq %%r10, %%r10\n" - /* (r8,r9,r10) += 2 * a0 * a1 */ - "movq %%r11, %%rax\n" - "mulq %%r12\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - /* Extract l1 */ - "movq %%r8, 8(%%rsi)\n" - "xorq %%r8, %%r8\n" - /* (r9,r10,r8) += 2 * a0 * a2 */ - "movq %%r11, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* (r9,r10,r8) += a1 * a1 */ - "movq %%r12, %%rax\n" - "mulq %%r12\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* Extract l2 */ - "movq %%r9, 16(%%rsi)\n" - "xorq %%r9, %%r9\n" - /* (r10,r8,r9) += 2 * a0 * a3 */ - "movq %%r11, %%rax\n" - "mulq %%r14\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - /* (r10,r8,r9) += 2 * a1 * a2 */ - "movq %%r12, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - "adcq $0, %%r9\n" - /* Extract l3 */ - "movq %%r10, 24(%%rsi)\n" - "xorq %%r10, %%r10\n" - /* (r8,r9,r10) += 2 * a1 * a3 */ - "movq %%r12, %%rax\n" - "mulq %%r14\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - /* (r8,r9,r10) += a2 * a2 */ - "movq %%r13, %%rax\n" - "mulq %%r13\n" - "addq %%rax, %%r8\n" - "adcq %%rdx, %%r9\n" - "adcq $0, %%r10\n" - /* Extract l4 */ - "movq %%r8, 32(%%rsi)\n" - "xorq %%r8, %%r8\n" - /* (r9,r10,r8) += 2 * a2 * a3 */ - "movq %%r13, %%rax\n" - "mulq %%r14\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - "addq %%rax, %%r9\n" - "adcq %%rdx, %%r10\n" - "adcq $0, %%r8\n" - /* Extract l5 */ - "movq %%r9, 40(%%rsi)\n" - /* (r10,r8) += a3 * a3 */ - "movq %%r14, %%rax\n" - "mulq %%r14\n" - "addq %%rax, %%r10\n" - "adcq %%rdx, %%r8\n" - /* Extract l6 */ - "movq %%r10, 48(%%rsi)\n" - /* Extract l7 */ - "movq %%r8, 56(%%rsi)\n" - : - : "S"(l), "D"(a->d) - : "rax", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "cc", "memory"); -#else - /* 160 bit accumulator. */ - uint64_t c0 = 0, c1 = 0; - uint32_t c2 = 0; - - /* l[0..7] = a[0..3] * b[0..3]. */ - muladd_fast(a->d[0], a->d[0]); - extract_fast(l[0]); - muladd2(a->d[0], a->d[1]); - extract(l[1]); - muladd2(a->d[0], a->d[2]); - muladd(a->d[1], a->d[1]); - extract(l[2]); - muladd2(a->d[0], a->d[3]); - muladd2(a->d[1], a->d[2]); - extract(l[3]); - muladd2(a->d[1], a->d[3]); - muladd(a->d[2], a->d[2]); - extract(l[4]); - muladd2(a->d[2], a->d[3]); - extract(l[5]); - muladd_fast(a->d[3], a->d[3]); - extract_fast(l[6]); - VERIFY_CHECK(c1 == 0); - l[7] = c0; -#endif -} - -#undef sumadd -#undef sumadd_fast -#undef muladd -#undef muladd_fast -#undef muladd2 -#undef extract -#undef extract_fast - -static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { - uint64_t l[8]; - secp256k1_scalar_mul_512(l, a, b); - secp256k1_scalar_reduce_512(r, l); -} - -static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) { - int ret; - VERIFY_CHECK(n > 0); - VERIFY_CHECK(n < 16); - ret = r->d[0] & ((1 << n) - 1); - r->d[0] = (r->d[0] >> n) + (r->d[1] << (64 - n)); - r->d[1] = (r->d[1] >> n) + (r->d[2] << (64 - n)); - r->d[2] = (r->d[2] >> n) + (r->d[3] << (64 - n)); - r->d[3] = (r->d[3] >> n); - return ret; -} - -static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) { - uint64_t l[8]; - secp256k1_scalar_sqr_512(l, a); - secp256k1_scalar_reduce_512(r, l); -} - -#ifdef USE_ENDOMORPHISM -static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { - r1->d[0] = a->d[0]; - r1->d[1] = a->d[1]; - r1->d[2] = 0; - r1->d[3] = 0; - r2->d[0] = a->d[2]; - r2->d[1] = a->d[3]; - r2->d[2] = 0; - r2->d[3] = 0; -} -#endif - -SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { - return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3])) == 0; -} - -SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift) { - uint64_t l[8]; - unsigned int shiftlimbs; - unsigned int shiftlow; - unsigned int shifthigh; - VERIFY_CHECK(shift >= 256); - secp256k1_scalar_mul_512(l, a, b); - shiftlimbs = shift >> 6; - shiftlow = shift & 0x3F; - shifthigh = 64 - shiftlow; - r->d[0] = shift < 512 ? (l[0 + shiftlimbs] >> shiftlow | (shift < 448 && shiftlow ? (l[1 + shiftlimbs] << shifthigh) : 0)) : 0; - r->d[1] = shift < 448 ? (l[1 + shiftlimbs] >> shiftlow | (shift < 384 && shiftlow ? (l[2 + shiftlimbs] << shifthigh) : 0)) : 0; - r->d[2] = shift < 384 ? (l[2 + shiftlimbs] >> shiftlow | (shift < 320 && shiftlow ? (l[3 + shiftlimbs] << shifthigh) : 0)) : 0; - r->d[3] = shift < 320 ? (l[3 + shiftlimbs] >> shiftlow) : 0; - secp256k1_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 6] >> ((shift - 1) & 0x3f)) & 1); -} - -#endif /* SECP256K1_SCALAR_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/scalar_8x32.h b/deps/secp256k1/src/scalar_8x32.h deleted file mode 100644 index 2c9a348e2..000000000 --- a/deps/secp256k1/src/scalar_8x32.h +++ /dev/null @@ -1,19 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_SCALAR_REPR_H -#define SECP256K1_SCALAR_REPR_H - -#include - -/** A scalar modulo the group order of the secp256k1 curve. */ -typedef struct { - uint32_t d[8]; -} secp256k1_scalar; - -#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{(d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7)}} - -#endif /* SECP256K1_SCALAR_REPR_H */ diff --git a/deps/secp256k1/src/scalar_8x32_impl.h b/deps/secp256k1/src/scalar_8x32_impl.h deleted file mode 100644 index 4f9ed61fe..000000000 --- a/deps/secp256k1/src/scalar_8x32_impl.h +++ /dev/null @@ -1,721 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_SCALAR_REPR_IMPL_H -#define SECP256K1_SCALAR_REPR_IMPL_H - -/* Limbs of the secp256k1 order. */ -#define SECP256K1_N_0 ((uint32_t)0xD0364141UL) -#define SECP256K1_N_1 ((uint32_t)0xBFD25E8CUL) -#define SECP256K1_N_2 ((uint32_t)0xAF48A03BUL) -#define SECP256K1_N_3 ((uint32_t)0xBAAEDCE6UL) -#define SECP256K1_N_4 ((uint32_t)0xFFFFFFFEUL) -#define SECP256K1_N_5 ((uint32_t)0xFFFFFFFFUL) -#define SECP256K1_N_6 ((uint32_t)0xFFFFFFFFUL) -#define SECP256K1_N_7 ((uint32_t)0xFFFFFFFFUL) - -/* Limbs of 2^256 minus the secp256k1 order. */ -#define SECP256K1_N_C_0 (~SECP256K1_N_0 + 1) -#define SECP256K1_N_C_1 (~SECP256K1_N_1) -#define SECP256K1_N_C_2 (~SECP256K1_N_2) -#define SECP256K1_N_C_3 (~SECP256K1_N_3) -#define SECP256K1_N_C_4 (1) - -/* Limbs of half the secp256k1 order. */ -#define SECP256K1_N_H_0 ((uint32_t)0x681B20A0UL) -#define SECP256K1_N_H_1 ((uint32_t)0xDFE92F46UL) -#define SECP256K1_N_H_2 ((uint32_t)0x57A4501DUL) -#define SECP256K1_N_H_3 ((uint32_t)0x5D576E73UL) -#define SECP256K1_N_H_4 ((uint32_t)0xFFFFFFFFUL) -#define SECP256K1_N_H_5 ((uint32_t)0xFFFFFFFFUL) -#define SECP256K1_N_H_6 ((uint32_t)0xFFFFFFFFUL) -#define SECP256K1_N_H_7 ((uint32_t)0x7FFFFFFFUL) - -SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { - r->d[0] = 0; - r->d[1] = 0; - r->d[2] = 0; - r->d[3] = 0; - r->d[4] = 0; - r->d[5] = 0; - r->d[6] = 0; - r->d[7] = 0; -} - -SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { - r->d[0] = v; - r->d[1] = 0; - r->d[2] = 0; - r->d[3] = 0; - r->d[4] = 0; - r->d[5] = 0; - r->d[6] = 0; - r->d[7] = 0; -} - -SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { - VERIFY_CHECK((offset + count - 1) >> 5 == offset >> 5); - return (a->d[offset >> 5] >> (offset & 0x1F)) & ((1 << count) - 1); -} - -SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { - VERIFY_CHECK(count < 32); - VERIFY_CHECK(offset + count <= 256); - if ((offset + count - 1) >> 5 == offset >> 5) { - return secp256k1_scalar_get_bits(a, offset, count); - } else { - VERIFY_CHECK((offset >> 5) + 1 < 8); - return ((a->d[offset >> 5] >> (offset & 0x1F)) | (a->d[(offset >> 5) + 1] << (32 - (offset & 0x1F)))) & ((((uint32_t)1) << count) - 1); - } -} - -SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { - int yes = 0; - int no = 0; - no |= (a->d[7] < SECP256K1_N_7); /* No need for a > check. */ - no |= (a->d[6] < SECP256K1_N_6); /* No need for a > check. */ - no |= (a->d[5] < SECP256K1_N_5); /* No need for a > check. */ - no |= (a->d[4] < SECP256K1_N_4); - yes |= (a->d[4] > SECP256K1_N_4) & ~no; - no |= (a->d[3] < SECP256K1_N_3) & ~yes; - yes |= (a->d[3] > SECP256K1_N_3) & ~no; - no |= (a->d[2] < SECP256K1_N_2) & ~yes; - yes |= (a->d[2] > SECP256K1_N_2) & ~no; - no |= (a->d[1] < SECP256K1_N_1) & ~yes; - yes |= (a->d[1] > SECP256K1_N_1) & ~no; - yes |= (a->d[0] >= SECP256K1_N_0) & ~no; - return yes; -} - -SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, uint32_t overflow) { - uint64_t t; - VERIFY_CHECK(overflow <= 1); - t = (uint64_t)r->d[0] + overflow * SECP256K1_N_C_0; - r->d[0] = t & 0xFFFFFFFFUL; t >>= 32; - t += (uint64_t)r->d[1] + overflow * SECP256K1_N_C_1; - r->d[1] = t & 0xFFFFFFFFUL; t >>= 32; - t += (uint64_t)r->d[2] + overflow * SECP256K1_N_C_2; - r->d[2] = t & 0xFFFFFFFFUL; t >>= 32; - t += (uint64_t)r->d[3] + overflow * SECP256K1_N_C_3; - r->d[3] = t & 0xFFFFFFFFUL; t >>= 32; - t += (uint64_t)r->d[4] + overflow * SECP256K1_N_C_4; - r->d[4] = t & 0xFFFFFFFFUL; t >>= 32; - t += (uint64_t)r->d[5]; - r->d[5] = t & 0xFFFFFFFFUL; t >>= 32; - t += (uint64_t)r->d[6]; - r->d[6] = t & 0xFFFFFFFFUL; t >>= 32; - t += (uint64_t)r->d[7]; - r->d[7] = t & 0xFFFFFFFFUL; - return overflow; -} - -static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { - int overflow; - uint64_t t = (uint64_t)a->d[0] + b->d[0]; - r->d[0] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)a->d[1] + b->d[1]; - r->d[1] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)a->d[2] + b->d[2]; - r->d[2] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)a->d[3] + b->d[3]; - r->d[3] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)a->d[4] + b->d[4]; - r->d[4] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)a->d[5] + b->d[5]; - r->d[5] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)a->d[6] + b->d[6]; - r->d[6] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)a->d[7] + b->d[7]; - r->d[7] = t & 0xFFFFFFFFULL; t >>= 32; - overflow = t + secp256k1_scalar_check_overflow(r); - VERIFY_CHECK(overflow == 0 || overflow == 1); - secp256k1_scalar_reduce(r, overflow); - return overflow; -} - -static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { - uint64_t t; - VERIFY_CHECK(bit < 256); - bit += ((uint32_t) flag - 1) & 0x100; /* forcing (bit >> 5) > 7 makes this a noop */ - t = (uint64_t)r->d[0] + (((uint32_t)((bit >> 5) == 0)) << (bit & 0x1F)); - r->d[0] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)r->d[1] + (((uint32_t)((bit >> 5) == 1)) << (bit & 0x1F)); - r->d[1] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)r->d[2] + (((uint32_t)((bit >> 5) == 2)) << (bit & 0x1F)); - r->d[2] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)r->d[3] + (((uint32_t)((bit >> 5) == 3)) << (bit & 0x1F)); - r->d[3] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)r->d[4] + (((uint32_t)((bit >> 5) == 4)) << (bit & 0x1F)); - r->d[4] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)r->d[5] + (((uint32_t)((bit >> 5) == 5)) << (bit & 0x1F)); - r->d[5] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)r->d[6] + (((uint32_t)((bit >> 5) == 6)) << (bit & 0x1F)); - r->d[6] = t & 0xFFFFFFFFULL; t >>= 32; - t += (uint64_t)r->d[7] + (((uint32_t)((bit >> 5) == 7)) << (bit & 0x1F)); - r->d[7] = t & 0xFFFFFFFFULL; -#ifdef VERIFY - VERIFY_CHECK((t >> 32) == 0); - VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); -#endif -} - -static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { - int over; - r->d[0] = (uint32_t)b32[31] | (uint32_t)b32[30] << 8 | (uint32_t)b32[29] << 16 | (uint32_t)b32[28] << 24; - r->d[1] = (uint32_t)b32[27] | (uint32_t)b32[26] << 8 | (uint32_t)b32[25] << 16 | (uint32_t)b32[24] << 24; - r->d[2] = (uint32_t)b32[23] | (uint32_t)b32[22] << 8 | (uint32_t)b32[21] << 16 | (uint32_t)b32[20] << 24; - r->d[3] = (uint32_t)b32[19] | (uint32_t)b32[18] << 8 | (uint32_t)b32[17] << 16 | (uint32_t)b32[16] << 24; - r->d[4] = (uint32_t)b32[15] | (uint32_t)b32[14] << 8 | (uint32_t)b32[13] << 16 | (uint32_t)b32[12] << 24; - r->d[5] = (uint32_t)b32[11] | (uint32_t)b32[10] << 8 | (uint32_t)b32[9] << 16 | (uint32_t)b32[8] << 24; - r->d[6] = (uint32_t)b32[7] | (uint32_t)b32[6] << 8 | (uint32_t)b32[5] << 16 | (uint32_t)b32[4] << 24; - r->d[7] = (uint32_t)b32[3] | (uint32_t)b32[2] << 8 | (uint32_t)b32[1] << 16 | (uint32_t)b32[0] << 24; - over = secp256k1_scalar_reduce(r, secp256k1_scalar_check_overflow(r)); - if (overflow) { - *overflow = over; - } -} - -static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { - bin[0] = a->d[7] >> 24; bin[1] = a->d[7] >> 16; bin[2] = a->d[7] >> 8; bin[3] = a->d[7]; - bin[4] = a->d[6] >> 24; bin[5] = a->d[6] >> 16; bin[6] = a->d[6] >> 8; bin[7] = a->d[6]; - bin[8] = a->d[5] >> 24; bin[9] = a->d[5] >> 16; bin[10] = a->d[5] >> 8; bin[11] = a->d[5]; - bin[12] = a->d[4] >> 24; bin[13] = a->d[4] >> 16; bin[14] = a->d[4] >> 8; bin[15] = a->d[4]; - bin[16] = a->d[3] >> 24; bin[17] = a->d[3] >> 16; bin[18] = a->d[3] >> 8; bin[19] = a->d[3]; - bin[20] = a->d[2] >> 24; bin[21] = a->d[2] >> 16; bin[22] = a->d[2] >> 8; bin[23] = a->d[2]; - bin[24] = a->d[1] >> 24; bin[25] = a->d[1] >> 16; bin[26] = a->d[1] >> 8; bin[27] = a->d[1]; - bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0]; -} - -SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { - return (a->d[0] | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0; -} - -static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { - uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(a) == 0); - uint64_t t = (uint64_t)(~a->d[0]) + SECP256K1_N_0 + 1; - r->d[0] = t & nonzero; t >>= 32; - t += (uint64_t)(~a->d[1]) + SECP256K1_N_1; - r->d[1] = t & nonzero; t >>= 32; - t += (uint64_t)(~a->d[2]) + SECP256K1_N_2; - r->d[2] = t & nonzero; t >>= 32; - t += (uint64_t)(~a->d[3]) + SECP256K1_N_3; - r->d[3] = t & nonzero; t >>= 32; - t += (uint64_t)(~a->d[4]) + SECP256K1_N_4; - r->d[4] = t & nonzero; t >>= 32; - t += (uint64_t)(~a->d[5]) + SECP256K1_N_5; - r->d[5] = t & nonzero; t >>= 32; - t += (uint64_t)(~a->d[6]) + SECP256K1_N_6; - r->d[6] = t & nonzero; t >>= 32; - t += (uint64_t)(~a->d[7]) + SECP256K1_N_7; - r->d[7] = t & nonzero; -} - -SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { - return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0; -} - -static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { - int yes = 0; - int no = 0; - no |= (a->d[7] < SECP256K1_N_H_7); - yes |= (a->d[7] > SECP256K1_N_H_7) & ~no; - no |= (a->d[6] < SECP256K1_N_H_6) & ~yes; /* No need for a > check. */ - no |= (a->d[5] < SECP256K1_N_H_5) & ~yes; /* No need for a > check. */ - no |= (a->d[4] < SECP256K1_N_H_4) & ~yes; /* No need for a > check. */ - no |= (a->d[3] < SECP256K1_N_H_3) & ~yes; - yes |= (a->d[3] > SECP256K1_N_H_3) & ~no; - no |= (a->d[2] < SECP256K1_N_H_2) & ~yes; - yes |= (a->d[2] > SECP256K1_N_H_2) & ~no; - no |= (a->d[1] < SECP256K1_N_H_1) & ~yes; - yes |= (a->d[1] > SECP256K1_N_H_1) & ~no; - yes |= (a->d[0] > SECP256K1_N_H_0) & ~no; - return yes; -} - -static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { - /* If we are flag = 0, mask = 00...00 and this is a no-op; - * if we are flag = 1, mask = 11...11 and this is identical to secp256k1_scalar_negate */ - uint32_t mask = !flag - 1; - uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(r) == 0); - uint64_t t = (uint64_t)(r->d[0] ^ mask) + ((SECP256K1_N_0 + 1) & mask); - r->d[0] = t & nonzero; t >>= 32; - t += (uint64_t)(r->d[1] ^ mask) + (SECP256K1_N_1 & mask); - r->d[1] = t & nonzero; t >>= 32; - t += (uint64_t)(r->d[2] ^ mask) + (SECP256K1_N_2 & mask); - r->d[2] = t & nonzero; t >>= 32; - t += (uint64_t)(r->d[3] ^ mask) + (SECP256K1_N_3 & mask); - r->d[3] = t & nonzero; t >>= 32; - t += (uint64_t)(r->d[4] ^ mask) + (SECP256K1_N_4 & mask); - r->d[4] = t & nonzero; t >>= 32; - t += (uint64_t)(r->d[5] ^ mask) + (SECP256K1_N_5 & mask); - r->d[5] = t & nonzero; t >>= 32; - t += (uint64_t)(r->d[6] ^ mask) + (SECP256K1_N_6 & mask); - r->d[6] = t & nonzero; t >>= 32; - t += (uint64_t)(r->d[7] ^ mask) + (SECP256K1_N_7 & mask); - r->d[7] = t & nonzero; - return 2 * (mask == 0) - 1; -} - - -/* Inspired by the macros in OpenSSL's crypto/bn/asm/x86_64-gcc.c. */ - -/** Add a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ -#define muladd(a,b) { \ - uint32_t tl, th; \ - { \ - uint64_t t = (uint64_t)a * b; \ - th = t >> 32; /* at most 0xFFFFFFFE */ \ - tl = t; \ - } \ - c0 += tl; /* overflow is handled on the next line */ \ - th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFF */ \ - c1 += th; /* overflow is handled on the next line */ \ - c2 += (c1 < th) ? 1 : 0; /* never overflows by contract (verified in the next line) */ \ - VERIFY_CHECK((c1 >= th) || (c2 != 0)); \ -} - -/** Add a*b to the number defined by (c0,c1). c1 must never overflow. */ -#define muladd_fast(a,b) { \ - uint32_t tl, th; \ - { \ - uint64_t t = (uint64_t)a * b; \ - th = t >> 32; /* at most 0xFFFFFFFE */ \ - tl = t; \ - } \ - c0 += tl; /* overflow is handled on the next line */ \ - th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFF */ \ - c1 += th; /* never overflows by contract (verified in the next line) */ \ - VERIFY_CHECK(c1 >= th); \ -} - -/** Add 2*a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ -#define muladd2(a,b) { \ - uint32_t tl, th, th2, tl2; \ - { \ - uint64_t t = (uint64_t)a * b; \ - th = t >> 32; /* at most 0xFFFFFFFE */ \ - tl = t; \ - } \ - th2 = th + th; /* at most 0xFFFFFFFE (in case th was 0x7FFFFFFF) */ \ - c2 += (th2 < th) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ - VERIFY_CHECK((th2 >= th) || (c2 != 0)); \ - tl2 = tl + tl; /* at most 0xFFFFFFFE (in case the lowest 63 bits of tl were 0x7FFFFFFF) */ \ - th2 += (tl2 < tl) ? 1 : 0; /* at most 0xFFFFFFFF */ \ - c0 += tl2; /* overflow is handled on the next line */ \ - th2 += (c0 < tl2) ? 1 : 0; /* second overflow is handled on the next line */ \ - c2 += (c0 < tl2) & (th2 == 0); /* never overflows by contract (verified the next line) */ \ - VERIFY_CHECK((c0 >= tl2) || (th2 != 0) || (c2 != 0)); \ - c1 += th2; /* overflow is handled on the next line */ \ - c2 += (c1 < th2) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ - VERIFY_CHECK((c1 >= th2) || (c2 != 0)); \ -} - -/** Add a to the number defined by (c0,c1,c2). c2 must never overflow. */ -#define sumadd(a) { \ - unsigned int over; \ - c0 += (a); /* overflow is handled on the next line */ \ - over = (c0 < (a)) ? 1 : 0; \ - c1 += over; /* overflow is handled on the next line */ \ - c2 += (c1 < over) ? 1 : 0; /* never overflows by contract */ \ -} - -/** Add a to the number defined by (c0,c1). c1 must never overflow, c2 must be zero. */ -#define sumadd_fast(a) { \ - c0 += (a); /* overflow is handled on the next line */ \ - c1 += (c0 < (a)) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ - VERIFY_CHECK((c1 != 0) | (c0 >= (a))); \ - VERIFY_CHECK(c2 == 0); \ -} - -/** Extract the lowest 32 bits of (c0,c1,c2) into n, and left shift the number 32 bits. */ -#define extract(n) { \ - (n) = c0; \ - c0 = c1; \ - c1 = c2; \ - c2 = 0; \ -} - -/** Extract the lowest 32 bits of (c0,c1,c2) into n, and left shift the number 32 bits. c2 is required to be zero. */ -#define extract_fast(n) { \ - (n) = c0; \ - c0 = c1; \ - c1 = 0; \ - VERIFY_CHECK(c2 == 0); \ -} - -static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint32_t *l) { - uint64_t c; - uint32_t n0 = l[8], n1 = l[9], n2 = l[10], n3 = l[11], n4 = l[12], n5 = l[13], n6 = l[14], n7 = l[15]; - uint32_t m0, m1, m2, m3, m4, m5, m6, m7, m8, m9, m10, m11, m12; - uint32_t p0, p1, p2, p3, p4, p5, p6, p7, p8; - - /* 96 bit accumulator. */ - uint32_t c0, c1, c2; - - /* Reduce 512 bits into 385. */ - /* m[0..12] = l[0..7] + n[0..7] * SECP256K1_N_C. */ - c0 = l[0]; c1 = 0; c2 = 0; - muladd_fast(n0, SECP256K1_N_C_0); - extract_fast(m0); - sumadd_fast(l[1]); - muladd(n1, SECP256K1_N_C_0); - muladd(n0, SECP256K1_N_C_1); - extract(m1); - sumadd(l[2]); - muladd(n2, SECP256K1_N_C_0); - muladd(n1, SECP256K1_N_C_1); - muladd(n0, SECP256K1_N_C_2); - extract(m2); - sumadd(l[3]); - muladd(n3, SECP256K1_N_C_0); - muladd(n2, SECP256K1_N_C_1); - muladd(n1, SECP256K1_N_C_2); - muladd(n0, SECP256K1_N_C_3); - extract(m3); - sumadd(l[4]); - muladd(n4, SECP256K1_N_C_0); - muladd(n3, SECP256K1_N_C_1); - muladd(n2, SECP256K1_N_C_2); - muladd(n1, SECP256K1_N_C_3); - sumadd(n0); - extract(m4); - sumadd(l[5]); - muladd(n5, SECP256K1_N_C_0); - muladd(n4, SECP256K1_N_C_1); - muladd(n3, SECP256K1_N_C_2); - muladd(n2, SECP256K1_N_C_3); - sumadd(n1); - extract(m5); - sumadd(l[6]); - muladd(n6, SECP256K1_N_C_0); - muladd(n5, SECP256K1_N_C_1); - muladd(n4, SECP256K1_N_C_2); - muladd(n3, SECP256K1_N_C_3); - sumadd(n2); - extract(m6); - sumadd(l[7]); - muladd(n7, SECP256K1_N_C_0); - muladd(n6, SECP256K1_N_C_1); - muladd(n5, SECP256K1_N_C_2); - muladd(n4, SECP256K1_N_C_3); - sumadd(n3); - extract(m7); - muladd(n7, SECP256K1_N_C_1); - muladd(n6, SECP256K1_N_C_2); - muladd(n5, SECP256K1_N_C_3); - sumadd(n4); - extract(m8); - muladd(n7, SECP256K1_N_C_2); - muladd(n6, SECP256K1_N_C_3); - sumadd(n5); - extract(m9); - muladd(n7, SECP256K1_N_C_3); - sumadd(n6); - extract(m10); - sumadd_fast(n7); - extract_fast(m11); - VERIFY_CHECK(c0 <= 1); - m12 = c0; - - /* Reduce 385 bits into 258. */ - /* p[0..8] = m[0..7] + m[8..12] * SECP256K1_N_C. */ - c0 = m0; c1 = 0; c2 = 0; - muladd_fast(m8, SECP256K1_N_C_0); - extract_fast(p0); - sumadd_fast(m1); - muladd(m9, SECP256K1_N_C_0); - muladd(m8, SECP256K1_N_C_1); - extract(p1); - sumadd(m2); - muladd(m10, SECP256K1_N_C_0); - muladd(m9, SECP256K1_N_C_1); - muladd(m8, SECP256K1_N_C_2); - extract(p2); - sumadd(m3); - muladd(m11, SECP256K1_N_C_0); - muladd(m10, SECP256K1_N_C_1); - muladd(m9, SECP256K1_N_C_2); - muladd(m8, SECP256K1_N_C_3); - extract(p3); - sumadd(m4); - muladd(m12, SECP256K1_N_C_0); - muladd(m11, SECP256K1_N_C_1); - muladd(m10, SECP256K1_N_C_2); - muladd(m9, SECP256K1_N_C_3); - sumadd(m8); - extract(p4); - sumadd(m5); - muladd(m12, SECP256K1_N_C_1); - muladd(m11, SECP256K1_N_C_2); - muladd(m10, SECP256K1_N_C_3); - sumadd(m9); - extract(p5); - sumadd(m6); - muladd(m12, SECP256K1_N_C_2); - muladd(m11, SECP256K1_N_C_3); - sumadd(m10); - extract(p6); - sumadd_fast(m7); - muladd_fast(m12, SECP256K1_N_C_3); - sumadd_fast(m11); - extract_fast(p7); - p8 = c0 + m12; - VERIFY_CHECK(p8 <= 2); - - /* Reduce 258 bits into 256. */ - /* r[0..7] = p[0..7] + p[8] * SECP256K1_N_C. */ - c = p0 + (uint64_t)SECP256K1_N_C_0 * p8; - r->d[0] = c & 0xFFFFFFFFUL; c >>= 32; - c += p1 + (uint64_t)SECP256K1_N_C_1 * p8; - r->d[1] = c & 0xFFFFFFFFUL; c >>= 32; - c += p2 + (uint64_t)SECP256K1_N_C_2 * p8; - r->d[2] = c & 0xFFFFFFFFUL; c >>= 32; - c += p3 + (uint64_t)SECP256K1_N_C_3 * p8; - r->d[3] = c & 0xFFFFFFFFUL; c >>= 32; - c += p4 + (uint64_t)p8; - r->d[4] = c & 0xFFFFFFFFUL; c >>= 32; - c += p5; - r->d[5] = c & 0xFFFFFFFFUL; c >>= 32; - c += p6; - r->d[6] = c & 0xFFFFFFFFUL; c >>= 32; - c += p7; - r->d[7] = c & 0xFFFFFFFFUL; c >>= 32; - - /* Final reduction of r. */ - secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r)); -} - -static void secp256k1_scalar_mul_512(uint32_t *l, const secp256k1_scalar *a, const secp256k1_scalar *b) { - /* 96 bit accumulator. */ - uint32_t c0 = 0, c1 = 0, c2 = 0; - - /* l[0..15] = a[0..7] * b[0..7]. */ - muladd_fast(a->d[0], b->d[0]); - extract_fast(l[0]); - muladd(a->d[0], b->d[1]); - muladd(a->d[1], b->d[0]); - extract(l[1]); - muladd(a->d[0], b->d[2]); - muladd(a->d[1], b->d[1]); - muladd(a->d[2], b->d[0]); - extract(l[2]); - muladd(a->d[0], b->d[3]); - muladd(a->d[1], b->d[2]); - muladd(a->d[2], b->d[1]); - muladd(a->d[3], b->d[0]); - extract(l[3]); - muladd(a->d[0], b->d[4]); - muladd(a->d[1], b->d[3]); - muladd(a->d[2], b->d[2]); - muladd(a->d[3], b->d[1]); - muladd(a->d[4], b->d[0]); - extract(l[4]); - muladd(a->d[0], b->d[5]); - muladd(a->d[1], b->d[4]); - muladd(a->d[2], b->d[3]); - muladd(a->d[3], b->d[2]); - muladd(a->d[4], b->d[1]); - muladd(a->d[5], b->d[0]); - extract(l[5]); - muladd(a->d[0], b->d[6]); - muladd(a->d[1], b->d[5]); - muladd(a->d[2], b->d[4]); - muladd(a->d[3], b->d[3]); - muladd(a->d[4], b->d[2]); - muladd(a->d[5], b->d[1]); - muladd(a->d[6], b->d[0]); - extract(l[6]); - muladd(a->d[0], b->d[7]); - muladd(a->d[1], b->d[6]); - muladd(a->d[2], b->d[5]); - muladd(a->d[3], b->d[4]); - muladd(a->d[4], b->d[3]); - muladd(a->d[5], b->d[2]); - muladd(a->d[6], b->d[1]); - muladd(a->d[7], b->d[0]); - extract(l[7]); - muladd(a->d[1], b->d[7]); - muladd(a->d[2], b->d[6]); - muladd(a->d[3], b->d[5]); - muladd(a->d[4], b->d[4]); - muladd(a->d[5], b->d[3]); - muladd(a->d[6], b->d[2]); - muladd(a->d[7], b->d[1]); - extract(l[8]); - muladd(a->d[2], b->d[7]); - muladd(a->d[3], b->d[6]); - muladd(a->d[4], b->d[5]); - muladd(a->d[5], b->d[4]); - muladd(a->d[6], b->d[3]); - muladd(a->d[7], b->d[2]); - extract(l[9]); - muladd(a->d[3], b->d[7]); - muladd(a->d[4], b->d[6]); - muladd(a->d[5], b->d[5]); - muladd(a->d[6], b->d[4]); - muladd(a->d[7], b->d[3]); - extract(l[10]); - muladd(a->d[4], b->d[7]); - muladd(a->d[5], b->d[6]); - muladd(a->d[6], b->d[5]); - muladd(a->d[7], b->d[4]); - extract(l[11]); - muladd(a->d[5], b->d[7]); - muladd(a->d[6], b->d[6]); - muladd(a->d[7], b->d[5]); - extract(l[12]); - muladd(a->d[6], b->d[7]); - muladd(a->d[7], b->d[6]); - extract(l[13]); - muladd_fast(a->d[7], b->d[7]); - extract_fast(l[14]); - VERIFY_CHECK(c1 == 0); - l[15] = c0; -} - -static void secp256k1_scalar_sqr_512(uint32_t *l, const secp256k1_scalar *a) { - /* 96 bit accumulator. */ - uint32_t c0 = 0, c1 = 0, c2 = 0; - - /* l[0..15] = a[0..7]^2. */ - muladd_fast(a->d[0], a->d[0]); - extract_fast(l[0]); - muladd2(a->d[0], a->d[1]); - extract(l[1]); - muladd2(a->d[0], a->d[2]); - muladd(a->d[1], a->d[1]); - extract(l[2]); - muladd2(a->d[0], a->d[3]); - muladd2(a->d[1], a->d[2]); - extract(l[3]); - muladd2(a->d[0], a->d[4]); - muladd2(a->d[1], a->d[3]); - muladd(a->d[2], a->d[2]); - extract(l[4]); - muladd2(a->d[0], a->d[5]); - muladd2(a->d[1], a->d[4]); - muladd2(a->d[2], a->d[3]); - extract(l[5]); - muladd2(a->d[0], a->d[6]); - muladd2(a->d[1], a->d[5]); - muladd2(a->d[2], a->d[4]); - muladd(a->d[3], a->d[3]); - extract(l[6]); - muladd2(a->d[0], a->d[7]); - muladd2(a->d[1], a->d[6]); - muladd2(a->d[2], a->d[5]); - muladd2(a->d[3], a->d[4]); - extract(l[7]); - muladd2(a->d[1], a->d[7]); - muladd2(a->d[2], a->d[6]); - muladd2(a->d[3], a->d[5]); - muladd(a->d[4], a->d[4]); - extract(l[8]); - muladd2(a->d[2], a->d[7]); - muladd2(a->d[3], a->d[6]); - muladd2(a->d[4], a->d[5]); - extract(l[9]); - muladd2(a->d[3], a->d[7]); - muladd2(a->d[4], a->d[6]); - muladd(a->d[5], a->d[5]); - extract(l[10]); - muladd2(a->d[4], a->d[7]); - muladd2(a->d[5], a->d[6]); - extract(l[11]); - muladd2(a->d[5], a->d[7]); - muladd(a->d[6], a->d[6]); - extract(l[12]); - muladd2(a->d[6], a->d[7]); - extract(l[13]); - muladd_fast(a->d[7], a->d[7]); - extract_fast(l[14]); - VERIFY_CHECK(c1 == 0); - l[15] = c0; -} - -#undef sumadd -#undef sumadd_fast -#undef muladd -#undef muladd_fast -#undef muladd2 -#undef extract -#undef extract_fast - -static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { - uint32_t l[16]; - secp256k1_scalar_mul_512(l, a, b); - secp256k1_scalar_reduce_512(r, l); -} - -static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) { - int ret; - VERIFY_CHECK(n > 0); - VERIFY_CHECK(n < 16); - ret = r->d[0] & ((1 << n) - 1); - r->d[0] = (r->d[0] >> n) + (r->d[1] << (32 - n)); - r->d[1] = (r->d[1] >> n) + (r->d[2] << (32 - n)); - r->d[2] = (r->d[2] >> n) + (r->d[3] << (32 - n)); - r->d[3] = (r->d[3] >> n) + (r->d[4] << (32 - n)); - r->d[4] = (r->d[4] >> n) + (r->d[5] << (32 - n)); - r->d[5] = (r->d[5] >> n) + (r->d[6] << (32 - n)); - r->d[6] = (r->d[6] >> n) + (r->d[7] << (32 - n)); - r->d[7] = (r->d[7] >> n); - return ret; -} - -static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) { - uint32_t l[16]; - secp256k1_scalar_sqr_512(l, a); - secp256k1_scalar_reduce_512(r, l); -} - -#ifdef USE_ENDOMORPHISM -static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { - r1->d[0] = a->d[0]; - r1->d[1] = a->d[1]; - r1->d[2] = a->d[2]; - r1->d[3] = a->d[3]; - r1->d[4] = 0; - r1->d[5] = 0; - r1->d[6] = 0; - r1->d[7] = 0; - r2->d[0] = a->d[4]; - r2->d[1] = a->d[5]; - r2->d[2] = a->d[6]; - r2->d[3] = a->d[7]; - r2->d[4] = 0; - r2->d[5] = 0; - r2->d[6] = 0; - r2->d[7] = 0; -} -#endif - -SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { - return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3]) | (a->d[4] ^ b->d[4]) | (a->d[5] ^ b->d[5]) | (a->d[6] ^ b->d[6]) | (a->d[7] ^ b->d[7])) == 0; -} - -SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift) { - uint32_t l[16]; - unsigned int shiftlimbs; - unsigned int shiftlow; - unsigned int shifthigh; - VERIFY_CHECK(shift >= 256); - secp256k1_scalar_mul_512(l, a, b); - shiftlimbs = shift >> 5; - shiftlow = shift & 0x1F; - shifthigh = 32 - shiftlow; - r->d[0] = shift < 512 ? (l[0 + shiftlimbs] >> shiftlow | (shift < 480 && shiftlow ? (l[1 + shiftlimbs] << shifthigh) : 0)) : 0; - r->d[1] = shift < 480 ? (l[1 + shiftlimbs] >> shiftlow | (shift < 448 && shiftlow ? (l[2 + shiftlimbs] << shifthigh) : 0)) : 0; - r->d[2] = shift < 448 ? (l[2 + shiftlimbs] >> shiftlow | (shift < 416 && shiftlow ? (l[3 + shiftlimbs] << shifthigh) : 0)) : 0; - r->d[3] = shift < 416 ? (l[3 + shiftlimbs] >> shiftlow | (shift < 384 && shiftlow ? (l[4 + shiftlimbs] << shifthigh) : 0)) : 0; - r->d[4] = shift < 384 ? (l[4 + shiftlimbs] >> shiftlow | (shift < 352 && shiftlow ? (l[5 + shiftlimbs] << shifthigh) : 0)) : 0; - r->d[5] = shift < 352 ? (l[5 + shiftlimbs] >> shiftlow | (shift < 320 && shiftlow ? (l[6 + shiftlimbs] << shifthigh) : 0)) : 0; - r->d[6] = shift < 320 ? (l[6 + shiftlimbs] >> shiftlow | (shift < 288 && shiftlow ? (l[7 + shiftlimbs] << shifthigh) : 0)) : 0; - r->d[7] = shift < 288 ? (l[7 + shiftlimbs] >> shiftlow) : 0; - secp256k1_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 5] >> ((shift - 1) & 0x1f)) & 1); -} - -#endif /* SECP256K1_SCALAR_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/scalar_impl.h b/deps/secp256k1/src/scalar_impl.h deleted file mode 100644 index 6b336d9d1..000000000 --- a/deps/secp256k1/src/scalar_impl.h +++ /dev/null @@ -1,333 +0,0 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_SCALAR_IMPL_H -#define SECP256K1_SCALAR_IMPL_H - -#include "scalar.h" -#include "util.h" - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -#if defined(EXHAUSTIVE_TEST_ORDER) -#include "scalar_low_impl.h" -#elif defined(USE_SCALAR_4X64) -#include "scalar_4x64_impl.h" -#elif defined(USE_SCALAR_8X32) -#include "scalar_8x32_impl.h" -#else -#error "Please select scalar implementation" -#endif - -#ifndef USE_NUM_NONE -static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a) { - unsigned char c[32]; - secp256k1_scalar_get_b32(c, a); - secp256k1_num_set_bin(r, c, 32); -} - -/** secp256k1 curve order, see secp256k1_ecdsa_const_order_as_fe in ecdsa_impl.h */ -static void secp256k1_scalar_order_get_num(secp256k1_num *r) { -#if defined(EXHAUSTIVE_TEST_ORDER) - static const unsigned char order[32] = { - 0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,EXHAUSTIVE_TEST_ORDER - }; -#else - static const unsigned char order[32] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, - 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, - 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41 - }; -#endif - secp256k1_num_set_bin(r, order, 32); -} -#endif - -static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *x) { -#if defined(EXHAUSTIVE_TEST_ORDER) - int i; - *r = 0; - for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) - if ((i * *x) % EXHAUSTIVE_TEST_ORDER == 1) - *r = i; - /* If this VERIFY_CHECK triggers we were given a noninvertible scalar (and thus - * have a composite group order; fix it in exhaustive_tests.c). */ - VERIFY_CHECK(*r != 0); -} -#else - secp256k1_scalar *t; - int i; - /* First compute xN as x ^ (2^N - 1) for some values of N, - * and uM as x ^ M for some values of M. */ - secp256k1_scalar x2, x3, x6, x8, x14, x28, x56, x112, x126; - secp256k1_scalar u2, u5, u9, u11, u13; - - secp256k1_scalar_sqr(&u2, x); - secp256k1_scalar_mul(&x2, &u2, x); - secp256k1_scalar_mul(&u5, &u2, &x2); - secp256k1_scalar_mul(&x3, &u5, &u2); - secp256k1_scalar_mul(&u9, &x3, &u2); - secp256k1_scalar_mul(&u11, &u9, &u2); - secp256k1_scalar_mul(&u13, &u11, &u2); - - secp256k1_scalar_sqr(&x6, &u13); - secp256k1_scalar_sqr(&x6, &x6); - secp256k1_scalar_mul(&x6, &x6, &u11); - - secp256k1_scalar_sqr(&x8, &x6); - secp256k1_scalar_sqr(&x8, &x8); - secp256k1_scalar_mul(&x8, &x8, &x2); - - secp256k1_scalar_sqr(&x14, &x8); - for (i = 0; i < 5; i++) { - secp256k1_scalar_sqr(&x14, &x14); - } - secp256k1_scalar_mul(&x14, &x14, &x6); - - secp256k1_scalar_sqr(&x28, &x14); - for (i = 0; i < 13; i++) { - secp256k1_scalar_sqr(&x28, &x28); - } - secp256k1_scalar_mul(&x28, &x28, &x14); - - secp256k1_scalar_sqr(&x56, &x28); - for (i = 0; i < 27; i++) { - secp256k1_scalar_sqr(&x56, &x56); - } - secp256k1_scalar_mul(&x56, &x56, &x28); - - secp256k1_scalar_sqr(&x112, &x56); - for (i = 0; i < 55; i++) { - secp256k1_scalar_sqr(&x112, &x112); - } - secp256k1_scalar_mul(&x112, &x112, &x56); - - secp256k1_scalar_sqr(&x126, &x112); - for (i = 0; i < 13; i++) { - secp256k1_scalar_sqr(&x126, &x126); - } - secp256k1_scalar_mul(&x126, &x126, &x14); - - /* Then accumulate the final result (t starts at x126). */ - t = &x126; - for (i = 0; i < 3; i++) { - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u5); /* 101 */ - for (i = 0; i < 4; i++) { /* 0 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &x3); /* 111 */ - for (i = 0; i < 4; i++) { /* 0 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u5); /* 101 */ - for (i = 0; i < 5; i++) { /* 0 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u11); /* 1011 */ - for (i = 0; i < 4; i++) { - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u11); /* 1011 */ - for (i = 0; i < 4; i++) { /* 0 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &x3); /* 111 */ - for (i = 0; i < 5; i++) { /* 00 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &x3); /* 111 */ - for (i = 0; i < 6; i++) { /* 00 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u13); /* 1101 */ - for (i = 0; i < 4; i++) { /* 0 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u5); /* 101 */ - for (i = 0; i < 3; i++) { - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &x3); /* 111 */ - for (i = 0; i < 5; i++) { /* 0 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u9); /* 1001 */ - for (i = 0; i < 6; i++) { /* 000 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u5); /* 101 */ - for (i = 0; i < 10; i++) { /* 0000000 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &x3); /* 111 */ - for (i = 0; i < 4; i++) { /* 0 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &x3); /* 111 */ - for (i = 0; i < 9; i++) { /* 0 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &x8); /* 11111111 */ - for (i = 0; i < 5; i++) { /* 0 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u9); /* 1001 */ - for (i = 0; i < 6; i++) { /* 00 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u11); /* 1011 */ - for (i = 0; i < 4; i++) { - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u13); /* 1101 */ - for (i = 0; i < 5; i++) { - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &x2); /* 11 */ - for (i = 0; i < 6; i++) { /* 00 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u13); /* 1101 */ - for (i = 0; i < 10; i++) { /* 000000 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u13); /* 1101 */ - for (i = 0; i < 4; i++) { - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, &u9); /* 1001 */ - for (i = 0; i < 6; i++) { /* 00000 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(t, t, x); /* 1 */ - for (i = 0; i < 8; i++) { /* 00 */ - secp256k1_scalar_sqr(t, t); - } - secp256k1_scalar_mul(r, t, &x6); /* 111111 */ -} - -SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) { - return !(a->d[0] & 1); -} -#endif - -static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *x) { -#if defined(USE_SCALAR_INV_BUILTIN) - secp256k1_scalar_inverse(r, x); -#elif defined(USE_SCALAR_INV_NUM) - unsigned char b[32]; - secp256k1_num n, m; - secp256k1_scalar t = *x; - secp256k1_scalar_get_b32(b, &t); - secp256k1_num_set_bin(&n, b, 32); - secp256k1_scalar_order_get_num(&m); - secp256k1_num_mod_inverse(&n, &n, &m); - secp256k1_num_get_bin(b, 32, &n); - secp256k1_scalar_set_b32(r, b, NULL); - /* Verify that the inverse was computed correctly, without GMP code. */ - secp256k1_scalar_mul(&t, &t, r); - CHECK(secp256k1_scalar_is_one(&t)); -#else -#error "Please select scalar inverse implementation" -#endif -} - -#ifdef USE_ENDOMORPHISM -#if defined(EXHAUSTIVE_TEST_ORDER) -/** - * Find k1 and k2 given k, such that k1 + k2 * lambda == k mod n; unlike in the - * full case we don't bother making k1 and k2 be small, we just want them to be - * nontrivial to get full test coverage for the exhaustive tests. We therefore - * (arbitrarily) set k2 = k + 5 and k1 = k - k2 * lambda. - */ -static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { - *r2 = (*a + 5) % EXHAUSTIVE_TEST_ORDER; - *r1 = (*a + (EXHAUSTIVE_TEST_ORDER - *r2) * EXHAUSTIVE_TEST_LAMBDA) % EXHAUSTIVE_TEST_ORDER; -} -#else -/** - * The Secp256k1 curve has an endomorphism, where lambda * (x, y) = (beta * x, y), where - * lambda is {0x53,0x63,0xad,0x4c,0xc0,0x5c,0x30,0xe0,0xa5,0x26,0x1c,0x02,0x88,0x12,0x64,0x5a, - * 0x12,0x2e,0x22,0xea,0x20,0x81,0x66,0x78,0xdf,0x02,0x96,0x7c,0x1b,0x23,0xbd,0x72} - * - * "Guide to Elliptic Curve Cryptography" (Hankerson, Menezes, Vanstone) gives an algorithm - * (algorithm 3.74) to find k1 and k2 given k, such that k1 + k2 * lambda == k mod n, and k1 - * and k2 have a small size. - * It relies on constants a1, b1, a2, b2. These constants for the value of lambda above are: - * - * - a1 = {0x30,0x86,0xd2,0x21,0xa7,0xd4,0x6b,0xcd,0xe8,0x6c,0x90,0xe4,0x92,0x84,0xeb,0x15} - * - b1 = -{0xe4,0x43,0x7e,0xd6,0x01,0x0e,0x88,0x28,0x6f,0x54,0x7f,0xa9,0x0a,0xbf,0xe4,0xc3} - * - a2 = {0x01,0x14,0xca,0x50,0xf7,0xa8,0xe2,0xf3,0xf6,0x57,0xc1,0x10,0x8d,0x9d,0x44,0xcf,0xd8} - * - b2 = {0x30,0x86,0xd2,0x21,0xa7,0xd4,0x6b,0xcd,0xe8,0x6c,0x90,0xe4,0x92,0x84,0xeb,0x15} - * - * The algorithm then computes c1 = round(b1 * k / n) and c2 = round(b2 * k / n), and gives - * k1 = k - (c1*a1 + c2*a2) and k2 = -(c1*b1 + c2*b2). Instead, we use modular arithmetic, and - * compute k1 as k - k2 * lambda, avoiding the need for constants a1 and a2. - * - * g1, g2 are precomputed constants used to replace division with a rounded multiplication - * when decomposing the scalar for an endomorphism-based point multiplication. - * - * The possibility of using precomputed estimates is mentioned in "Guide to Elliptic Curve - * Cryptography" (Hankerson, Menezes, Vanstone) in section 3.5. - * - * The derivation is described in the paper "Efficient Software Implementation of Public-Key - * Cryptography on Sensor Networks Using the MSP430X Microcontroller" (Gouvea, Oliveira, Lopez), - * Section 4.3 (here we use a somewhat higher-precision estimate): - * d = a1*b2 - b1*a2 - * g1 = round((2^272)*b2/d) - * g2 = round((2^272)*b1/d) - * - * (Note that 'd' is also equal to the curve order here because [a1,b1] and [a2,b2] are found - * as outputs of the Extended Euclidean Algorithm on inputs 'order' and 'lambda'). - * - * The function below splits a in r1 and r2, such that r1 + lambda * r2 == a (mod order). - */ - -static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { - secp256k1_scalar c1, c2; - static const secp256k1_scalar minus_lambda = SECP256K1_SCALAR_CONST( - 0xAC9C52B3UL, 0x3FA3CF1FUL, 0x5AD9E3FDUL, 0x77ED9BA4UL, - 0xA880B9FCUL, 0x8EC739C2UL, 0xE0CFC810UL, 0xB51283CFUL - ); - static const secp256k1_scalar minus_b1 = SECP256K1_SCALAR_CONST( - 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000000UL, - 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C3UL - ); - static const secp256k1_scalar minus_b2 = SECP256K1_SCALAR_CONST( - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, - 0x8A280AC5UL, 0x0774346DUL, 0xD765CDA8UL, 0x3DB1562CUL - ); - static const secp256k1_scalar g1 = SECP256K1_SCALAR_CONST( - 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00003086UL, - 0xD221A7D4UL, 0x6BCDE86CUL, 0x90E49284UL, 0xEB153DABUL - ); - static const secp256k1_scalar g2 = SECP256K1_SCALAR_CONST( - 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x0000E443UL, - 0x7ED6010EUL, 0x88286F54UL, 0x7FA90ABFUL, 0xE4C42212UL - ); - VERIFY_CHECK(r1 != a); - VERIFY_CHECK(r2 != a); - /* these _var calls are constant time since the shift amount is constant */ - secp256k1_scalar_mul_shift_var(&c1, a, &g1, 272); - secp256k1_scalar_mul_shift_var(&c2, a, &g2, 272); - secp256k1_scalar_mul(&c1, &c1, &minus_b1); - secp256k1_scalar_mul(&c2, &c2, &minus_b2); - secp256k1_scalar_add(r2, &c1, &c2); - secp256k1_scalar_mul(r1, r2, &minus_lambda); - secp256k1_scalar_add(r1, r1, a); -} -#endif -#endif - -#endif /* SECP256K1_SCALAR_IMPL_H */ diff --git a/deps/secp256k1/src/scalar_low.h b/deps/secp256k1/src/scalar_low.h deleted file mode 100644 index 5836febc5..000000000 --- a/deps/secp256k1/src/scalar_low.h +++ /dev/null @@ -1,15 +0,0 @@ -/********************************************************************** - * Copyright (c) 2015 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_SCALAR_REPR_H -#define SECP256K1_SCALAR_REPR_H - -#include - -/** A scalar modulo the group order of the secp256k1 curve. */ -typedef uint32_t secp256k1_scalar; - -#endif /* SECP256K1_SCALAR_REPR_H */ diff --git a/deps/secp256k1/src/scalar_low_impl.h b/deps/secp256k1/src/scalar_low_impl.h deleted file mode 100644 index 910ce3f49..000000000 --- a/deps/secp256k1/src/scalar_low_impl.h +++ /dev/null @@ -1,117 +0,0 @@ -/********************************************************************** - * Copyright (c) 2015 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_SCALAR_REPR_IMPL_H -#define SECP256K1_SCALAR_REPR_IMPL_H - -#include "scalar.h" - -#include - -SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) { - return !(*a & 1); -} - -SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { *r = 0; } -SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { *r = v; } - -SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { - if (offset < 32) - return ((*a >> offset) & ((((uint32_t)1) << count) - 1)); - else - return 0; -} - -SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { - return secp256k1_scalar_get_bits(a, offset, count); -} - -SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { return *a >= EXHAUSTIVE_TEST_ORDER; } - -static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { - *r = (*a + *b) % EXHAUSTIVE_TEST_ORDER; - return *r < *b; -} - -static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { - if (flag && bit < 32) - *r += ((uint32_t)1 << bit); -#ifdef VERIFY - VERIFY_CHECK(bit < 32); - /* Verify that adding (1 << bit) will not overflow any in-range scalar *r by overflowing the underlying uint32_t. */ - VERIFY_CHECK(((uint32_t)1 << bit) - 1 <= UINT32_MAX - EXHAUSTIVE_TEST_ORDER); - VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); -#endif -} - -static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { - const int base = 0x100 % EXHAUSTIVE_TEST_ORDER; - int i; - *r = 0; - for (i = 0; i < 32; i++) { - *r = ((*r * base) + b32[i]) % EXHAUSTIVE_TEST_ORDER; - } - /* just deny overflow, it basically always happens */ - if (overflow) *overflow = 0; -} - -static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { - memset(bin, 0, 32); - bin[28] = *a >> 24; bin[29] = *a >> 16; bin[30] = *a >> 8; bin[31] = *a; -} - -SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { - return *a == 0; -} - -static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { - if (*a == 0) { - *r = 0; - } else { - *r = EXHAUSTIVE_TEST_ORDER - *a; - } -} - -SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { - return *a == 1; -} - -static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { - return *a > EXHAUSTIVE_TEST_ORDER / 2; -} - -static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { - if (flag) secp256k1_scalar_negate(r, r); - return flag ? -1 : 1; -} - -static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { - *r = (*a * *b) % EXHAUSTIVE_TEST_ORDER; -} - -static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) { - int ret; - VERIFY_CHECK(n > 0); - VERIFY_CHECK(n < 16); - ret = *r & ((1 << n) - 1); - *r >>= n; - return ret; -} - -static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) { - *r = (*a * *a) % EXHAUSTIVE_TEST_ORDER; -} - -static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { - *r1 = *a; - *r2 = 0; -} - -SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { - return *a == *b; -} - -#endif /* SECP256K1_SCALAR_REPR_IMPL_H */ diff --git a/deps/secp256k1/src/scratch.h b/deps/secp256k1/src/scratch.h deleted file mode 100644 index 77b35d126..000000000 --- a/deps/secp256k1/src/scratch.h +++ /dev/null @@ -1,42 +0,0 @@ -/********************************************************************** - * Copyright (c) 2017 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef _SECP256K1_SCRATCH_ -#define _SECP256K1_SCRATCH_ - -/* The typedef is used internally; the struct name is used in the public API - * (where it is exposed as a different typedef) */ -typedef struct secp256k1_scratch_space_struct { - /** guard against interpreting this object as other types */ - unsigned char magic[8]; - /** actual allocated data */ - void *data; - /** amount that has been allocated (i.e. `data + offset` is the next - * available pointer) */ - size_t alloc_size; - /** maximum size available to allocate */ - size_t max_size; -} secp256k1_scratch; - -static secp256k1_scratch* secp256k1_scratch_create(const secp256k1_callback* error_callback, size_t max_size); - -static void secp256k1_scratch_destroy(const secp256k1_callback* error_callback, secp256k1_scratch* scratch); - -/** Returns an opaque object used to "checkpoint" a scratch space. Used - * with `secp256k1_scratch_apply_checkpoint` to undo allocations. */ -static size_t secp256k1_scratch_checkpoint(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch); - -/** Applies a check point received from `secp256k1_scratch_checkpoint`, - * undoing all allocations since that point. */ -static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t checkpoint); - -/** Returns the maximum allocation the scratch space will allow */ -static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch, size_t n_objects); - -/** Returns a pointer into the most recently allocated frame, or NULL if there is insufficient available space */ -static void *secp256k1_scratch_alloc(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t n); - -#endif diff --git a/deps/secp256k1/src/scratch_impl.h b/deps/secp256k1/src/scratch_impl.h deleted file mode 100644 index 4cee70000..000000000 --- a/deps/secp256k1/src/scratch_impl.h +++ /dev/null @@ -1,88 +0,0 @@ -/********************************************************************** - * Copyright (c) 2017 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef _SECP256K1_SCRATCH_IMPL_H_ -#define _SECP256K1_SCRATCH_IMPL_H_ - -#include "util.h" -#include "scratch.h" - -static secp256k1_scratch* secp256k1_scratch_create(const secp256k1_callback* error_callback, size_t size) { - const size_t base_alloc = ((sizeof(secp256k1_scratch) + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT; - void *alloc = checked_malloc(error_callback, base_alloc + size); - secp256k1_scratch* ret = (secp256k1_scratch *)alloc; - if (ret != NULL) { - memset(ret, 0, sizeof(*ret)); - memcpy(ret->magic, "scratch", 8); - ret->data = (void *) ((char *) alloc + base_alloc); - ret->max_size = size; - } - return ret; -} - -static void secp256k1_scratch_destroy(const secp256k1_callback* error_callback, secp256k1_scratch* scratch) { - if (scratch != NULL) { - VERIFY_CHECK(scratch->alloc_size == 0); /* all checkpoints should be applied */ - if (memcmp(scratch->magic, "scratch", 8) != 0) { - secp256k1_callback_call(error_callback, "invalid scratch space"); - return; - } - memset(scratch->magic, 0, sizeof(scratch->magic)); - free(scratch); - } -} - -static size_t secp256k1_scratch_checkpoint(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch) { - if (memcmp(scratch->magic, "scratch", 8) != 0) { - secp256k1_callback_call(error_callback, "invalid scratch space"); - return 0; - } - return scratch->alloc_size; -} - -static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t checkpoint) { - if (memcmp(scratch->magic, "scratch", 8) != 0) { - secp256k1_callback_call(error_callback, "invalid scratch space"); - return; - } - if (checkpoint > scratch->alloc_size) { - secp256k1_callback_call(error_callback, "invalid checkpoint"); - return; - } - scratch->alloc_size = checkpoint; -} - -static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch, size_t objects) { - if (memcmp(scratch->magic, "scratch", 8) != 0) { - secp256k1_callback_call(error_callback, "invalid scratch space"); - return 0; - } - if (scratch->max_size - scratch->alloc_size <= objects * (ALIGNMENT - 1)) { - return 0; - } - return scratch->max_size - scratch->alloc_size - objects * (ALIGNMENT - 1); -} - -static void *secp256k1_scratch_alloc(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t size) { - void *ret; - size = ROUND_TO_ALIGN(size); - - if (memcmp(scratch->magic, "scratch", 8) != 0) { - secp256k1_callback_call(error_callback, "invalid scratch space"); - return NULL; - } - - if (size > scratch->max_size - scratch->alloc_size) { - return NULL; - } - ret = (void *) ((char *) scratch->data + scratch->alloc_size); - memset(ret, 0, size); - scratch->alloc_size += size; - - return ret; -} - -#endif diff --git a/deps/secp256k1/src/secp256k1.c b/deps/secp256k1/src/secp256k1.c deleted file mode 100644 index a3f446e50..000000000 --- a/deps/secp256k1/src/secp256k1.c +++ /dev/null @@ -1,690 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#include "include/secp256k1.h" -#include "include/secp256k1_preallocated.h" - -#include "util.h" -#include "num_impl.h" -#include "field_impl.h" -#include "scalar_impl.h" -#include "group_impl.h" -#include "ecmult_impl.h" -#include "ecmult_const_impl.h" -#include "ecmult_gen_impl.h" -#include "ecdsa_impl.h" -#include "eckey_impl.h" -#include "hash_impl.h" -#include "scratch_impl.h" - -#define ARG_CHECK(cond) do { \ - if (EXPECT(!(cond), 0)) { \ - secp256k1_callback_call(&ctx->illegal_callback, #cond); \ - return 0; \ - } \ -} while(0) - -#define ARG_CHECK_NO_RETURN(cond) do { \ - if (EXPECT(!(cond), 0)) { \ - secp256k1_callback_call(&ctx->illegal_callback, #cond); \ - } \ -} while(0) - -#ifndef USE_EXTERNAL_DEFAULT_CALLBACKS -#include -#include -static void secp256k1_default_illegal_callback_fn(const char* str, void* data) { - (void)data; - fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str); - abort(); -} -static void secp256k1_default_error_callback_fn(const char* str, void* data) { - (void)data; - fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str); - abort(); -} -#else -void secp256k1_default_illegal_callback_fn(const char* str, void* data); -void secp256k1_default_error_callback_fn(const char* str, void* data); -#endif - -static const secp256k1_callback default_illegal_callback = { - secp256k1_default_illegal_callback_fn, - NULL -}; - -static const secp256k1_callback default_error_callback = { - secp256k1_default_error_callback_fn, - NULL -}; - -struct secp256k1_context_struct { - secp256k1_ecmult_context ecmult_ctx; - secp256k1_ecmult_gen_context ecmult_gen_ctx; - secp256k1_callback illegal_callback; - secp256k1_callback error_callback; -}; - -static const secp256k1_context secp256k1_context_no_precomp_ = { - { 0 }, - { 0 }, - { secp256k1_default_illegal_callback_fn, 0 }, - { secp256k1_default_error_callback_fn, 0 } -}; -const secp256k1_context *secp256k1_context_no_precomp = &secp256k1_context_no_precomp_; - -size_t secp256k1_context_preallocated_size(unsigned int flags) { - size_t ret = ROUND_TO_ALIGN(sizeof(secp256k1_context)); - - if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { - secp256k1_callback_call(&default_illegal_callback, - "Invalid flags"); - return 0; - } - - if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) { - ret += SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; - } - if (flags & SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) { - ret += SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; - } - return ret; -} - -size_t secp256k1_context_preallocated_clone_size(const secp256k1_context* ctx) { - size_t ret = ROUND_TO_ALIGN(sizeof(secp256k1_context)); - VERIFY_CHECK(ctx != NULL); - if (secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { - ret += SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; - } - if (secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)) { - ret += SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; - } - return ret; -} - -secp256k1_context* secp256k1_context_preallocated_create(void* prealloc, unsigned int flags) { - void* const base = prealloc; - size_t prealloc_size; - secp256k1_context* ret; - - VERIFY_CHECK(prealloc != NULL); - prealloc_size = secp256k1_context_preallocated_size(flags); - ret = (secp256k1_context*)manual_alloc(&prealloc, sizeof(secp256k1_context), base, prealloc_size); - ret->illegal_callback = default_illegal_callback; - ret->error_callback = default_error_callback; - - if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { - secp256k1_callback_call(&ret->illegal_callback, - "Invalid flags"); - return NULL; - } - - secp256k1_ecmult_context_init(&ret->ecmult_ctx); - secp256k1_ecmult_gen_context_init(&ret->ecmult_gen_ctx); - - if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) { - secp256k1_ecmult_gen_context_build(&ret->ecmult_gen_ctx, &prealloc); - } - if (flags & SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) { - secp256k1_ecmult_context_build(&ret->ecmult_ctx, &prealloc); - } - - return (secp256k1_context*) ret; -} - -secp256k1_context* secp256k1_context_create(unsigned int flags) { - size_t const prealloc_size = secp256k1_context_preallocated_size(flags); - secp256k1_context* ctx = (secp256k1_context*)checked_malloc(&default_error_callback, prealloc_size); - if (EXPECT(secp256k1_context_preallocated_create(ctx, flags) == NULL, 0)) { - free(ctx); - return NULL; - } - - return ctx; -} - -secp256k1_context* secp256k1_context_preallocated_clone(const secp256k1_context* ctx, void* prealloc) { - size_t prealloc_size; - secp256k1_context* ret; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(prealloc != NULL); - - prealloc_size = secp256k1_context_preallocated_clone_size(ctx); - ret = (secp256k1_context*)prealloc; - memcpy(ret, ctx, prealloc_size); - secp256k1_ecmult_gen_context_finalize_memcpy(&ret->ecmult_gen_ctx, &ctx->ecmult_gen_ctx); - secp256k1_ecmult_context_finalize_memcpy(&ret->ecmult_ctx, &ctx->ecmult_ctx); - return ret; -} - -secp256k1_context* secp256k1_context_clone(const secp256k1_context* ctx) { - secp256k1_context* ret; - size_t prealloc_size; - - VERIFY_CHECK(ctx != NULL); - prealloc_size = secp256k1_context_preallocated_clone_size(ctx); - ret = (secp256k1_context*)checked_malloc(&ctx->error_callback, prealloc_size); - ret = secp256k1_context_preallocated_clone(ctx, ret); - return ret; -} - -void secp256k1_context_preallocated_destroy(secp256k1_context* ctx) { - ARG_CHECK_NO_RETURN(ctx != secp256k1_context_no_precomp); - if (ctx != NULL) { - secp256k1_ecmult_context_clear(&ctx->ecmult_ctx); - secp256k1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); - } -} - -void secp256k1_context_destroy(secp256k1_context* ctx) { - if (ctx != NULL) { - secp256k1_context_preallocated_destroy(ctx); - free(ctx); - } -} - -void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { - ARG_CHECK_NO_RETURN(ctx != secp256k1_context_no_precomp); - if (fun == NULL) { - fun = secp256k1_default_illegal_callback_fn; - } - ctx->illegal_callback.fn = fun; - ctx->illegal_callback.data = data; -} - -void secp256k1_context_set_error_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { - ARG_CHECK_NO_RETURN(ctx != secp256k1_context_no_precomp); - if (fun == NULL) { - fun = secp256k1_default_error_callback_fn; - } - ctx->error_callback.fn = fun; - ctx->error_callback.data = data; -} - -secp256k1_scratch_space* secp256k1_scratch_space_create(const secp256k1_context* ctx, size_t max_size) { - VERIFY_CHECK(ctx != NULL); - return secp256k1_scratch_create(&ctx->error_callback, max_size); -} - -void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space* scratch) { - VERIFY_CHECK(ctx != NULL); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); -} - -static int secp256k1_pubkey_load(const secp256k1_context* ctx, secp256k1_ge* ge, const secp256k1_pubkey* pubkey) { - if (sizeof(secp256k1_ge_storage) == 64) { - /* When the secp256k1_ge_storage type is exactly 64 byte, use its - * representation inside secp256k1_pubkey, as conversion is very fast. - * Note that secp256k1_pubkey_save must use the same representation. */ - secp256k1_ge_storage s; - memcpy(&s, &pubkey->data[0], sizeof(s)); - secp256k1_ge_from_storage(ge, &s); - } else { - /* Otherwise, fall back to 32-byte big endian for X and Y. */ - secp256k1_fe x, y; - secp256k1_fe_set_b32(&x, pubkey->data); - secp256k1_fe_set_b32(&y, pubkey->data + 32); - secp256k1_ge_set_xy(ge, &x, &y); - } - ARG_CHECK(!secp256k1_fe_is_zero(&ge->x)); - return 1; -} - -static void secp256k1_pubkey_save(secp256k1_pubkey* pubkey, secp256k1_ge* ge) { - if (sizeof(secp256k1_ge_storage) == 64) { - secp256k1_ge_storage s; - secp256k1_ge_to_storage(&s, ge); - memcpy(&pubkey->data[0], &s, sizeof(s)); - } else { - VERIFY_CHECK(!secp256k1_ge_is_infinity(ge)); - secp256k1_fe_normalize_var(&ge->x); - secp256k1_fe_normalize_var(&ge->y); - secp256k1_fe_get_b32(pubkey->data, &ge->x); - secp256k1_fe_get_b32(pubkey->data + 32, &ge->y); - } -} - -int secp256k1_ec_pubkey_parse(const secp256k1_context* ctx, secp256k1_pubkey* pubkey, const unsigned char *input, size_t inputlen) { - secp256k1_ge Q; - - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(pubkey != NULL); - memset(pubkey, 0, sizeof(*pubkey)); - ARG_CHECK(input != NULL); - if (!secp256k1_eckey_pubkey_parse(&Q, input, inputlen)) { - return 0; - } - secp256k1_pubkey_save(pubkey, &Q); - secp256k1_ge_clear(&Q); - return 1; -} - -int secp256k1_ec_pubkey_serialize(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey* pubkey, unsigned int flags) { - secp256k1_ge Q; - size_t len; - int ret = 0; - - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(outputlen != NULL); - ARG_CHECK(*outputlen >= ((flags & SECP256K1_FLAGS_BIT_COMPRESSION) ? 33 : 65)); - len = *outputlen; - *outputlen = 0; - ARG_CHECK(output != NULL); - memset(output, 0, len); - ARG_CHECK(pubkey != NULL); - ARG_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_COMPRESSION); - if (secp256k1_pubkey_load(ctx, &Q, pubkey)) { - ret = secp256k1_eckey_pubkey_serialize(&Q, output, &len, flags & SECP256K1_FLAGS_BIT_COMPRESSION); - if (ret) { - *outputlen = len; - } - } - return ret; -} - -static void secp256k1_ecdsa_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_ecdsa_signature* sig) { - (void)ctx; - if (sizeof(secp256k1_scalar) == 32) { - /* When the secp256k1_scalar type is exactly 32 byte, use its - * representation inside secp256k1_ecdsa_signature, as conversion is very fast. - * Note that secp256k1_ecdsa_signature_save must use the same representation. */ - memcpy(r, &sig->data[0], 32); - memcpy(s, &sig->data[32], 32); - } else { - secp256k1_scalar_set_b32(r, &sig->data[0], NULL); - secp256k1_scalar_set_b32(s, &sig->data[32], NULL); - } -} - -static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature* sig, const secp256k1_scalar* r, const secp256k1_scalar* s) { - if (sizeof(secp256k1_scalar) == 32) { - memcpy(&sig->data[0], r, 32); - memcpy(&sig->data[32], s, 32); - } else { - secp256k1_scalar_get_b32(&sig->data[0], r); - secp256k1_scalar_get_b32(&sig->data[32], s); - } -} - -int secp256k1_ecdsa_signature_parse_der(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { - secp256k1_scalar r, s; - - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(sig != NULL); - ARG_CHECK(input != NULL); - - if (secp256k1_ecdsa_sig_parse(&r, &s, input, inputlen)) { - secp256k1_ecdsa_signature_save(sig, &r, &s); - return 1; - } else { - memset(sig, 0, sizeof(*sig)); - return 0; - } -} - -int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input64) { - secp256k1_scalar r, s; - int ret = 1; - int overflow = 0; - - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(sig != NULL); - ARG_CHECK(input64 != NULL); - - secp256k1_scalar_set_b32(&r, &input64[0], &overflow); - ret &= !overflow; - secp256k1_scalar_set_b32(&s, &input64[32], &overflow); - ret &= !overflow; - if (ret) { - secp256k1_ecdsa_signature_save(sig, &r, &s); - } else { - memset(sig, 0, sizeof(*sig)); - } - return ret; -} - -int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature* sig) { - secp256k1_scalar r, s; - - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(output != NULL); - ARG_CHECK(outputlen != NULL); - ARG_CHECK(sig != NULL); - - secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); - return secp256k1_ecdsa_sig_serialize(output, outputlen, &r, &s); -} - -int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, const secp256k1_ecdsa_signature* sig) { - secp256k1_scalar r, s; - - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(output64 != NULL); - ARG_CHECK(sig != NULL); - - secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); - secp256k1_scalar_get_b32(&output64[0], &r); - secp256k1_scalar_get_b32(&output64[32], &s); - return 1; -} - -int secp256k1_ecdsa_signature_normalize(const secp256k1_context* ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) { - secp256k1_scalar r, s; - int ret = 0; - - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(sigin != NULL); - - secp256k1_ecdsa_signature_load(ctx, &r, &s, sigin); - ret = secp256k1_scalar_is_high(&s); - if (sigout != NULL) { - if (ret) { - secp256k1_scalar_negate(&s, &s); - } - secp256k1_ecdsa_signature_save(sigout, &r, &s); - } - - return ret; -} - -int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey) { - secp256k1_ge q; - secp256k1_scalar r, s; - secp256k1_scalar m; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); - ARG_CHECK(msg32 != NULL); - ARG_CHECK(sig != NULL); - ARG_CHECK(pubkey != NULL); - - secp256k1_scalar_set_b32(&m, msg32, NULL); - secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); - return (!secp256k1_scalar_is_high(&s) && - secp256k1_pubkey_load(ctx, &q, pubkey) && - secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m)); -} - -static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) { - memcpy(buf + *offset, data, len); - *offset += len; -} - -static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { - unsigned char keydata[112]; - unsigned int offset = 0; - secp256k1_rfc6979_hmac_sha256 rng; - unsigned int i; - /* We feed a byte array to the PRNG as input, consisting of: - * - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d. - * - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data. - * - optionally 16 extra bytes with the algorithm name. - * Because the arguments have distinct fixed lengths it is not possible for - * different argument mixtures to emulate each other and result in the same - * nonces. - */ - buffer_append(keydata, &offset, key32, 32); - buffer_append(keydata, &offset, msg32, 32); - if (data != NULL) { - buffer_append(keydata, &offset, data, 32); - } - if (algo16 != NULL) { - buffer_append(keydata, &offset, algo16, 16); - } - secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, offset); - memset(keydata, 0, sizeof(keydata)); - for (i = 0; i <= counter; i++) { - secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); - } - secp256k1_rfc6979_hmac_sha256_finalize(&rng); - return 1; -} - -const secp256k1_nonce_function secp256k1_nonce_function_rfc6979 = nonce_function_rfc6979; -const secp256k1_nonce_function secp256k1_nonce_function_default = nonce_function_rfc6979; - -int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { - secp256k1_scalar r, s; - secp256k1_scalar sec, non, msg; - int ret = 0; - int overflow = 0; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); - ARG_CHECK(msg32 != NULL); - ARG_CHECK(signature != NULL); - ARG_CHECK(seckey != NULL); - if (noncefp == NULL) { - noncefp = secp256k1_nonce_function_default; - } - - secp256k1_scalar_set_b32(&sec, seckey, &overflow); - /* Fail if the secret key is invalid. */ - if (!overflow && !secp256k1_scalar_is_zero(&sec)) { - unsigned char nonce32[32]; - unsigned int count = 0; - secp256k1_scalar_set_b32(&msg, msg32, NULL); - while (1) { - ret = noncefp(nonce32, msg32, seckey, NULL, (void*)noncedata, count); - if (!ret) { - break; - } - secp256k1_scalar_set_b32(&non, nonce32, &overflow); - if (!overflow && !secp256k1_scalar_is_zero(&non)) { - if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &r, &s, &sec, &msg, &non, NULL)) { - break; - } - } - count++; - } - memset(nonce32, 0, 32); - secp256k1_scalar_clear(&msg); - secp256k1_scalar_clear(&non); - secp256k1_scalar_clear(&sec); - } - if (ret) { - secp256k1_ecdsa_signature_save(signature, &r, &s); - } else { - memset(signature, 0, sizeof(*signature)); - } - return ret; -} - -int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey) { - secp256k1_scalar sec; - int ret; - int overflow; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(seckey != NULL); - - secp256k1_scalar_set_b32(&sec, seckey, &overflow); - ret = !overflow && !secp256k1_scalar_is_zero(&sec); - secp256k1_scalar_clear(&sec); - return ret; -} - -int secp256k1_ec_pubkey_create(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) { - secp256k1_gej pj; - secp256k1_ge p; - secp256k1_scalar sec; - int overflow; - int ret = 0; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(pubkey != NULL); - memset(pubkey, 0, sizeof(*pubkey)); - ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); - ARG_CHECK(seckey != NULL); - - secp256k1_scalar_set_b32(&sec, seckey, &overflow); - ret = !overflow && !secp256k1_scalar_is_zero(&sec); - if (ret) { - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pj, &sec); - secp256k1_ge_set_gej(&p, &pj); - secp256k1_pubkey_save(pubkey, &p); - } - secp256k1_scalar_clear(&sec); - return ret; -} - -int secp256k1_ec_privkey_negate(const secp256k1_context* ctx, unsigned char *seckey) { - secp256k1_scalar sec; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(seckey != NULL); - - secp256k1_scalar_set_b32(&sec, seckey, NULL); - secp256k1_scalar_negate(&sec, &sec); - secp256k1_scalar_get_b32(seckey, &sec); - - secp256k1_scalar_clear(&sec); - return 1; -} - -int secp256k1_ec_pubkey_negate(const secp256k1_context* ctx, secp256k1_pubkey *pubkey) { - int ret = 0; - secp256k1_ge p; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(pubkey != NULL); - - ret = secp256k1_pubkey_load(ctx, &p, pubkey); - memset(pubkey, 0, sizeof(*pubkey)); - if (ret) { - secp256k1_ge_neg(&p, &p); - secp256k1_pubkey_save(pubkey, &p); - } - return ret; -} - -int secp256k1_ec_privkey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { - secp256k1_scalar term; - secp256k1_scalar sec; - int ret = 0; - int overflow = 0; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(seckey != NULL); - ARG_CHECK(tweak != NULL); - - secp256k1_scalar_set_b32(&term, tweak, &overflow); - secp256k1_scalar_set_b32(&sec, seckey, NULL); - - ret = !overflow && secp256k1_eckey_privkey_tweak_add(&sec, &term); - memset(seckey, 0, 32); - if (ret) { - secp256k1_scalar_get_b32(seckey, &sec); - } - - secp256k1_scalar_clear(&sec); - secp256k1_scalar_clear(&term); - return ret; -} - -int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) { - secp256k1_ge p; - secp256k1_scalar term; - int ret = 0; - int overflow = 0; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); - ARG_CHECK(pubkey != NULL); - ARG_CHECK(tweak != NULL); - - secp256k1_scalar_set_b32(&term, tweak, &overflow); - ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey); - memset(pubkey, 0, sizeof(*pubkey)); - if (ret) { - if (secp256k1_eckey_pubkey_tweak_add(&ctx->ecmult_ctx, &p, &term)) { - secp256k1_pubkey_save(pubkey, &p); - } else { - ret = 0; - } - } - - return ret; -} - -int secp256k1_ec_privkey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { - secp256k1_scalar factor; - secp256k1_scalar sec; - int ret = 0; - int overflow = 0; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(seckey != NULL); - ARG_CHECK(tweak != NULL); - - secp256k1_scalar_set_b32(&factor, tweak, &overflow); - secp256k1_scalar_set_b32(&sec, seckey, NULL); - ret = !overflow && secp256k1_eckey_privkey_tweak_mul(&sec, &factor); - memset(seckey, 0, 32); - if (ret) { - secp256k1_scalar_get_b32(seckey, &sec); - } - - secp256k1_scalar_clear(&sec); - secp256k1_scalar_clear(&factor); - return ret; -} - -int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) { - secp256k1_ge p; - secp256k1_scalar factor; - int ret = 0; - int overflow = 0; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); - ARG_CHECK(pubkey != NULL); - ARG_CHECK(tweak != NULL); - - secp256k1_scalar_set_b32(&factor, tweak, &overflow); - ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey); - memset(pubkey, 0, sizeof(*pubkey)); - if (ret) { - if (secp256k1_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) { - secp256k1_pubkey_save(pubkey, &p); - } else { - ret = 0; - } - } - - return ret; -} - -int secp256k1_context_randomize(secp256k1_context* ctx, const unsigned char *seed32) { - VERIFY_CHECK(ctx != NULL); - if (secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { - secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); - } - return 1; -} - -int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey *pubnonce, const secp256k1_pubkey * const *pubnonces, size_t n) { - size_t i; - secp256k1_gej Qj; - secp256k1_ge Q; - - ARG_CHECK(pubnonce != NULL); - memset(pubnonce, 0, sizeof(*pubnonce)); - ARG_CHECK(n >= 1); - ARG_CHECK(pubnonces != NULL); - - secp256k1_gej_set_infinity(&Qj); - - for (i = 0; i < n; i++) { - secp256k1_pubkey_load(ctx, &Q, pubnonces[i]); - secp256k1_gej_add_ge(&Qj, &Qj, &Q); - } - if (secp256k1_gej_is_infinity(&Qj)) { - return 0; - } - secp256k1_ge_set_gej(&Q, &Qj); - secp256k1_pubkey_save(pubnonce, &Q); - return 1; -} - -#ifdef ENABLE_MODULE_ECDH -# include "modules/ecdh/main_impl.h" -#endif - -#ifdef ENABLE_MODULE_RECOVERY -# include "modules/recovery/main_impl.h" -#endif diff --git a/deps/secp256k1/src/testrand.h b/deps/secp256k1/src/testrand.h deleted file mode 100644 index f1f9be077..000000000 --- a/deps/secp256k1/src/testrand.h +++ /dev/null @@ -1,38 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_TESTRAND_H -#define SECP256K1_TESTRAND_H - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -/* A non-cryptographic RNG used only for test infrastructure. */ - -/** Seed the pseudorandom number generator for testing. */ -SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16); - -/** Generate a pseudorandom number in the range [0..2**32-1]. */ -static uint32_t secp256k1_rand32(void); - -/** Generate a pseudorandom number in the range [0..2**bits-1]. Bits must be 1 or - * more. */ -static uint32_t secp256k1_rand_bits(int bits); - -/** Generate a pseudorandom number in the range [0..range-1]. */ -static uint32_t secp256k1_rand_int(uint32_t range); - -/** Generate a pseudorandom 32-byte array. */ -static void secp256k1_rand256(unsigned char *b32); - -/** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */ -static void secp256k1_rand256_test(unsigned char *b32); - -/** Generate pseudorandom bytes with long sequences of zero and one bits. */ -static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len); - -#endif /* SECP256K1_TESTRAND_H */ diff --git a/deps/secp256k1/src/testrand_impl.h b/deps/secp256k1/src/testrand_impl.h deleted file mode 100644 index 30a91e529..000000000 --- a/deps/secp256k1/src/testrand_impl.h +++ /dev/null @@ -1,110 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_TESTRAND_IMPL_H -#define SECP256K1_TESTRAND_IMPL_H - -#include -#include - -#include "testrand.h" -#include "hash.h" - -static secp256k1_rfc6979_hmac_sha256 secp256k1_test_rng; -static uint32_t secp256k1_test_rng_precomputed[8]; -static int secp256k1_test_rng_precomputed_used = 8; -static uint64_t secp256k1_test_rng_integer; -static int secp256k1_test_rng_integer_bits_left = 0; - -SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16) { - secp256k1_rfc6979_hmac_sha256_initialize(&secp256k1_test_rng, seed16, 16); -} - -SECP256K1_INLINE static uint32_t secp256k1_rand32(void) { - if (secp256k1_test_rng_precomputed_used == 8) { - secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, (unsigned char*)(&secp256k1_test_rng_precomputed[0]), sizeof(secp256k1_test_rng_precomputed)); - secp256k1_test_rng_precomputed_used = 0; - } - return secp256k1_test_rng_precomputed[secp256k1_test_rng_precomputed_used++]; -} - -static uint32_t secp256k1_rand_bits(int bits) { - uint32_t ret; - if (secp256k1_test_rng_integer_bits_left < bits) { - secp256k1_test_rng_integer |= (((uint64_t)secp256k1_rand32()) << secp256k1_test_rng_integer_bits_left); - secp256k1_test_rng_integer_bits_left += 32; - } - ret = secp256k1_test_rng_integer; - secp256k1_test_rng_integer >>= bits; - secp256k1_test_rng_integer_bits_left -= bits; - ret &= ((~((uint32_t)0)) >> (32 - bits)); - return ret; -} - -static uint32_t secp256k1_rand_int(uint32_t range) { - /* We want a uniform integer between 0 and range-1, inclusive. - * B is the smallest number such that range <= 2**B. - * two mechanisms implemented here: - * - generate B bits numbers until one below range is found, and return it - * - find the largest multiple M of range that is <= 2**(B+A), generate B+A - * bits numbers until one below M is found, and return it modulo range - * The second mechanism consumes A more bits of entropy in every iteration, - * but may need fewer iterations due to M being closer to 2**(B+A) then - * range is to 2**B. The array below (indexed by B) contains a 0 when the - * first mechanism is to be used, and the number A otherwise. - */ - static const int addbits[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 1, 0}; - uint32_t trange, mult; - int bits = 0; - if (range <= 1) { - return 0; - } - trange = range - 1; - while (trange > 0) { - trange >>= 1; - bits++; - } - if (addbits[bits]) { - bits = bits + addbits[bits]; - mult = ((~((uint32_t)0)) >> (32 - bits)) / range; - trange = range * mult; - } else { - trange = range; - mult = 1; - } - while(1) { - uint32_t x = secp256k1_rand_bits(bits); - if (x < trange) { - return (mult == 1) ? x : (x % range); - } - } -} - -static void secp256k1_rand256(unsigned char *b32) { - secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, b32, 32); -} - -static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len) { - size_t bits = 0; - memset(bytes, 0, len); - while (bits < len * 8) { - int now; - uint32_t val; - now = 1 + (secp256k1_rand_bits(6) * secp256k1_rand_bits(5) + 16) / 31; - val = secp256k1_rand_bits(1); - while (now > 0 && bits < len * 8) { - bytes[bits / 8] |= val << (bits % 8); - now--; - bits++; - } - } -} - -static void secp256k1_rand256_test(unsigned char *b32) { - secp256k1_rand_bytes_test(b32, 32); -} - -#endif /* SECP256K1_TESTRAND_IMPL_H */ diff --git a/deps/secp256k1/src/tests.c b/deps/secp256k1/src/tests.c deleted file mode 100644 index d408a5c30..000000000 --- a/deps/secp256k1/src/tests.c +++ /dev/null @@ -1,5301 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -#include -#include -#include - -#include - -#include "secp256k1.c" -#include "include/secp256k1.h" -#include "include/secp256k1_preallocated.h" -#include "testrand_impl.h" - -#ifdef ENABLE_OPENSSL_TESTS -#include "openssl/bn.h" -#include "openssl/ec.h" -#include "openssl/ecdsa.h" -#include "openssl/obj_mac.h" -# if OPENSSL_VERSION_NUMBER < 0x10100000L -void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {*pr = sig->r; *ps = sig->s;} -# endif -#endif - -#include "contrib/lax_der_parsing.c" -#include "contrib/lax_der_privatekey_parsing.c" - -#if !defined(VG_CHECK) -# if defined(VALGRIND) -# include -# define VG_UNDEF(x,y) VALGRIND_MAKE_MEM_UNDEFINED((x),(y)) -# define VG_CHECK(x,y) VALGRIND_CHECK_MEM_IS_DEFINED((x),(y)) -# else -# define VG_UNDEF(x,y) -# define VG_CHECK(x,y) -# endif -#endif - -static int count = 64; -static secp256k1_context *ctx = NULL; - -static void counting_illegal_callback_fn(const char* str, void* data) { - /* Dummy callback function that just counts. */ - int32_t *p; - (void)str; - p = data; - (*p)++; -} - -static void uncounting_illegal_callback_fn(const char* str, void* data) { - /* Dummy callback function that just counts (backwards). */ - int32_t *p; - (void)str; - p = data; - (*p)--; -} - -void random_field_element_test(secp256k1_fe *fe) { - do { - unsigned char b32[32]; - secp256k1_rand256_test(b32); - if (secp256k1_fe_set_b32(fe, b32)) { - break; - } - } while(1); -} - -void random_field_element_magnitude(secp256k1_fe *fe) { - secp256k1_fe zero; - int n = secp256k1_rand_int(9); - secp256k1_fe_normalize(fe); - if (n == 0) { - return; - } - secp256k1_fe_clear(&zero); - secp256k1_fe_negate(&zero, &zero, 0); - secp256k1_fe_mul_int(&zero, n - 1); - secp256k1_fe_add(fe, &zero); -#ifdef VERIFY - CHECK(fe->magnitude == n); -#endif -} - -void random_group_element_test(secp256k1_ge *ge) { - secp256k1_fe fe; - do { - random_field_element_test(&fe); - if (secp256k1_ge_set_xo_var(ge, &fe, secp256k1_rand_bits(1))) { - secp256k1_fe_normalize(&ge->y); - break; - } - } while(1); -} - -void random_group_element_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge) { - secp256k1_fe z2, z3; - do { - random_field_element_test(&gej->z); - if (!secp256k1_fe_is_zero(&gej->z)) { - break; - } - } while(1); - secp256k1_fe_sqr(&z2, &gej->z); - secp256k1_fe_mul(&z3, &z2, &gej->z); - secp256k1_fe_mul(&gej->x, &ge->x, &z2); - secp256k1_fe_mul(&gej->y, &ge->y, &z3); - gej->infinity = ge->infinity; -} - -void random_scalar_order_test(secp256k1_scalar *num) { - do { - unsigned char b32[32]; - int overflow = 0; - secp256k1_rand256_test(b32); - secp256k1_scalar_set_b32(num, b32, &overflow); - if (overflow || secp256k1_scalar_is_zero(num)) { - continue; - } - break; - } while(1); -} - -void random_scalar_order(secp256k1_scalar *num) { - do { - unsigned char b32[32]; - int overflow = 0; - secp256k1_rand256(b32); - secp256k1_scalar_set_b32(num, b32, &overflow); - if (overflow || secp256k1_scalar_is_zero(num)) { - continue; - } - break; - } while(1); -} - -void run_context_tests(int use_prealloc) { - secp256k1_pubkey pubkey; - secp256k1_pubkey zero_pubkey; - secp256k1_ecdsa_signature sig; - unsigned char ctmp[32]; - int32_t ecount; - int32_t ecount2; - secp256k1_context *none; - secp256k1_context *sign; - secp256k1_context *vrfy; - secp256k1_context *both; - void *none_prealloc = NULL; - void *sign_prealloc = NULL; - void *vrfy_prealloc = NULL; - void *both_prealloc = NULL; - - secp256k1_gej pubj; - secp256k1_ge pub; - secp256k1_scalar msg, key, nonce; - secp256k1_scalar sigr, sigs; - - if (use_prealloc) { - none_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); - sign_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); - vrfy_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); - both_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); - CHECK(none_prealloc != NULL); - CHECK(sign_prealloc != NULL); - CHECK(vrfy_prealloc != NULL); - CHECK(both_prealloc != NULL); - none = secp256k1_context_preallocated_create(none_prealloc, SECP256K1_CONTEXT_NONE); - sign = secp256k1_context_preallocated_create(sign_prealloc, SECP256K1_CONTEXT_SIGN); - vrfy = secp256k1_context_preallocated_create(vrfy_prealloc, SECP256K1_CONTEXT_VERIFY); - both = secp256k1_context_preallocated_create(both_prealloc, SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - } else { - none = secp256k1_context_create(SECP256K1_CONTEXT_NONE); - sign = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); - vrfy = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); - both = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - } - - memset(&zero_pubkey, 0, sizeof(zero_pubkey)); - - ecount = 0; - ecount2 = 10; - secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount2); - secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, NULL); - CHECK(vrfy->error_callback.fn != sign->error_callback.fn); - - /* check if sizes for cloning are consistent */ - CHECK(secp256k1_context_preallocated_clone_size(none) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); - CHECK(secp256k1_context_preallocated_clone_size(sign) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); - CHECK(secp256k1_context_preallocated_clone_size(vrfy) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); - CHECK(secp256k1_context_preallocated_clone_size(both) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); - - /*** clone and destroy all of them to make sure cloning was complete ***/ - { - secp256k1_context *ctx_tmp; - - if (use_prealloc) { - /* clone into a non-preallocated context and then again into a new preallocated one. */ - ctx_tmp = none; none = secp256k1_context_clone(none); secp256k1_context_preallocated_destroy(ctx_tmp); - free(none_prealloc); none_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(none_prealloc != NULL); - ctx_tmp = none; none = secp256k1_context_preallocated_clone(none, none_prealloc); secp256k1_context_destroy(ctx_tmp); - - ctx_tmp = sign; sign = secp256k1_context_clone(sign); secp256k1_context_preallocated_destroy(ctx_tmp); - free(sign_prealloc); sign_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); CHECK(sign_prealloc != NULL); - ctx_tmp = sign; sign = secp256k1_context_preallocated_clone(sign, sign_prealloc); secp256k1_context_destroy(ctx_tmp); - - ctx_tmp = vrfy; vrfy = secp256k1_context_clone(vrfy); secp256k1_context_preallocated_destroy(ctx_tmp); - free(vrfy_prealloc); vrfy_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); CHECK(vrfy_prealloc != NULL); - ctx_tmp = vrfy; vrfy = secp256k1_context_preallocated_clone(vrfy, vrfy_prealloc); secp256k1_context_destroy(ctx_tmp); - - ctx_tmp = both; both = secp256k1_context_clone(both); secp256k1_context_preallocated_destroy(ctx_tmp); - free(both_prealloc); both_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(both_prealloc != NULL); - ctx_tmp = both; both = secp256k1_context_preallocated_clone(both, both_prealloc); secp256k1_context_destroy(ctx_tmp); - } else { - /* clone into a preallocated context and then again into a new non-preallocated one. */ - void *prealloc_tmp; - - prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(prealloc_tmp != NULL); - ctx_tmp = none; none = secp256k1_context_preallocated_clone(none, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); - ctx_tmp = none; none = secp256k1_context_clone(none); secp256k1_context_preallocated_destroy(ctx_tmp); - free(prealloc_tmp); - - prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); CHECK(prealloc_tmp != NULL); - ctx_tmp = sign; sign = secp256k1_context_preallocated_clone(sign, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); - ctx_tmp = sign; sign = secp256k1_context_clone(sign); secp256k1_context_preallocated_destroy(ctx_tmp); - free(prealloc_tmp); - - prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); CHECK(prealloc_tmp != NULL); - ctx_tmp = vrfy; vrfy = secp256k1_context_preallocated_clone(vrfy, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); - ctx_tmp = vrfy; vrfy = secp256k1_context_clone(vrfy); secp256k1_context_preallocated_destroy(ctx_tmp); - free(prealloc_tmp); - - prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(prealloc_tmp != NULL); - ctx_tmp = both; both = secp256k1_context_preallocated_clone(both, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); - ctx_tmp = both; both = secp256k1_context_clone(both); secp256k1_context_preallocated_destroy(ctx_tmp); - free(prealloc_tmp); - } - } - - /* Verify that the error callback makes it across the clone. */ - CHECK(vrfy->error_callback.fn != sign->error_callback.fn); - /* And that it resets back to default. */ - secp256k1_context_set_error_callback(sign, NULL, NULL); - CHECK(vrfy->error_callback.fn == sign->error_callback.fn); - - /*** attempt to use them ***/ - random_scalar_order_test(&msg); - random_scalar_order_test(&key); - secp256k1_ecmult_gen(&both->ecmult_gen_ctx, &pubj, &key); - secp256k1_ge_set_gej(&pub, &pubj); - - /* Verify context-type checking illegal-argument errors. */ - memset(ctmp, 1, 32); - CHECK(secp256k1_ec_pubkey_create(vrfy, &pubkey, ctmp) == 0); - CHECK(ecount == 1); - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(sign, &pubkey, ctmp) == 1); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ecdsa_sign(vrfy, &sig, ctmp, ctmp, NULL, NULL) == 0); - CHECK(ecount == 2); - VG_UNDEF(&sig, sizeof(sig)); - CHECK(secp256k1_ecdsa_sign(sign, &sig, ctmp, ctmp, NULL, NULL) == 1); - VG_CHECK(&sig, sizeof(sig)); - CHECK(ecount2 == 10); - CHECK(secp256k1_ecdsa_verify(sign, &sig, ctmp, &pubkey) == 0); - CHECK(ecount2 == 11); - CHECK(secp256k1_ecdsa_verify(vrfy, &sig, ctmp, &pubkey) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ec_pubkey_tweak_add(sign, &pubkey, ctmp) == 0); - CHECK(ecount2 == 12); - CHECK(secp256k1_ec_pubkey_tweak_add(vrfy, &pubkey, ctmp) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ec_pubkey_tweak_mul(sign, &pubkey, ctmp) == 0); - CHECK(ecount2 == 13); - CHECK(secp256k1_ec_pubkey_negate(vrfy, &pubkey) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ec_pubkey_negate(sign, &pubkey) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ec_pubkey_negate(sign, NULL) == 0); - CHECK(ecount2 == 14); - CHECK(secp256k1_ec_pubkey_negate(vrfy, &zero_pubkey) == 0); - CHECK(ecount == 3); - CHECK(secp256k1_ec_pubkey_tweak_mul(vrfy, &pubkey, ctmp) == 1); - CHECK(ecount == 3); - CHECK(secp256k1_context_randomize(vrfy, ctmp) == 1); - CHECK(ecount == 3); - CHECK(secp256k1_context_randomize(vrfy, NULL) == 1); - CHECK(ecount == 3); - CHECK(secp256k1_context_randomize(sign, ctmp) == 1); - CHECK(ecount2 == 14); - CHECK(secp256k1_context_randomize(sign, NULL) == 1); - CHECK(ecount2 == 14); - secp256k1_context_set_illegal_callback(vrfy, NULL, NULL); - secp256k1_context_set_illegal_callback(sign, NULL, NULL); - - /* obtain a working nonce */ - do { - random_scalar_order_test(&nonce); - } while(!secp256k1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); - - /* try signing */ - CHECK(secp256k1_ecdsa_sig_sign(&sign->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); - CHECK(secp256k1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); - - /* try verifying */ - CHECK(secp256k1_ecdsa_sig_verify(&vrfy->ecmult_ctx, &sigr, &sigs, &pub, &msg)); - CHECK(secp256k1_ecdsa_sig_verify(&both->ecmult_ctx, &sigr, &sigs, &pub, &msg)); - - /* cleanup */ - if (use_prealloc) { - secp256k1_context_preallocated_destroy(none); - secp256k1_context_preallocated_destroy(sign); - secp256k1_context_preallocated_destroy(vrfy); - secp256k1_context_preallocated_destroy(both); - free(none_prealloc); - free(sign_prealloc); - free(vrfy_prealloc); - free(both_prealloc); - } else { - secp256k1_context_destroy(none); - secp256k1_context_destroy(sign); - secp256k1_context_destroy(vrfy); - secp256k1_context_destroy(both); - } - /* Defined as no-op. */ - secp256k1_context_destroy(NULL); - secp256k1_context_preallocated_destroy(NULL); - -} - -void run_scratch_tests(void) { - const size_t adj_alloc = ((500 + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT; - - int32_t ecount = 0; - size_t checkpoint; - size_t checkpoint_2; - secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE); - secp256k1_scratch_space *scratch; - secp256k1_scratch_space local_scratch; - - /* Test public API */ - secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); - - scratch = secp256k1_scratch_space_create(none, 1000); - CHECK(scratch != NULL); - CHECK(ecount == 0); - - /* Test internal API */ - CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000); - CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - (ALIGNMENT - 1)); - CHECK(scratch->alloc_size == 0); - CHECK(scratch->alloc_size % ALIGNMENT == 0); - - /* Allocating 500 bytes succeeds */ - checkpoint = secp256k1_scratch_checkpoint(&none->error_callback, scratch); - CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) != NULL); - CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000 - adj_alloc); - CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); - CHECK(scratch->alloc_size != 0); - CHECK(scratch->alloc_size % ALIGNMENT == 0); - - /* Allocating another 500 bytes fails */ - CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) == NULL); - CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000 - adj_alloc); - CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); - CHECK(scratch->alloc_size != 0); - CHECK(scratch->alloc_size % ALIGNMENT == 0); - - /* ...but it succeeds once we apply the checkpoint to undo it */ - secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint); - CHECK(scratch->alloc_size == 0); - CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000); - CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) != NULL); - CHECK(scratch->alloc_size != 0); - - /* try to apply a bad checkpoint */ - checkpoint_2 = secp256k1_scratch_checkpoint(&none->error_callback, scratch); - secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint); - CHECK(ecount == 0); - secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint_2); /* checkpoint_2 is after checkpoint */ - CHECK(ecount == 1); - secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, (size_t) -1); /* this is just wildly invalid */ - CHECK(ecount == 2); - - /* try to use badly initialized scratch space */ - secp256k1_scratch_space_destroy(none, scratch); - memset(&local_scratch, 0, sizeof(local_scratch)); - scratch = &local_scratch; - CHECK(!secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0)); - CHECK(ecount == 3); - CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) == NULL); - CHECK(ecount == 4); - secp256k1_scratch_space_destroy(none, scratch); - CHECK(ecount == 5); - - /* cleanup */ - secp256k1_scratch_space_destroy(none, NULL); /* no-op */ - secp256k1_context_destroy(none); -} - -/***** HASH TESTS *****/ - -void run_sha256_tests(void) { - static const char *inputs[8] = { - "", "abc", "message digest", "secure hash algorithm", "SHA256 is considered to be safe", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "For this sample, this 63-byte string will be used as input data", - "This is exactly 64 bytes long, not counting the terminating byte" - }; - static const unsigned char outputs[8][32] = { - {0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}, - {0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, - {0xf7, 0x84, 0x6f, 0x55, 0xcf, 0x23, 0xe1, 0x4e, 0xeb, 0xea, 0xb5, 0xb4, 0xe1, 0x55, 0x0c, 0xad, 0x5b, 0x50, 0x9e, 0x33, 0x48, 0xfb, 0xc4, 0xef, 0xa3, 0xa1, 0x41, 0x3d, 0x39, 0x3c, 0xb6, 0x50}, - {0xf3, 0x0c, 0xeb, 0x2b, 0xb2, 0x82, 0x9e, 0x79, 0xe4, 0xca, 0x97, 0x53, 0xd3, 0x5a, 0x8e, 0xcc, 0x00, 0x26, 0x2d, 0x16, 0x4c, 0xc0, 0x77, 0x08, 0x02, 0x95, 0x38, 0x1c, 0xbd, 0x64, 0x3f, 0x0d}, - {0x68, 0x19, 0xd9, 0x15, 0xc7, 0x3f, 0x4d, 0x1e, 0x77, 0xe4, 0xe1, 0xb5, 0x2d, 0x1f, 0xa0, 0xf9, 0xcf, 0x9b, 0xea, 0xea, 0xd3, 0x93, 0x9f, 0x15, 0x87, 0x4b, 0xd9, 0x88, 0xe2, 0xa2, 0x36, 0x30}, - {0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1}, - {0xf0, 0x8a, 0x78, 0xcb, 0xba, 0xee, 0x08, 0x2b, 0x05, 0x2a, 0xe0, 0x70, 0x8f, 0x32, 0xfa, 0x1e, 0x50, 0xc5, 0xc4, 0x21, 0xaa, 0x77, 0x2b, 0xa5, 0xdb, 0xb4, 0x06, 0xa2, 0xea, 0x6b, 0xe3, 0x42}, - {0xab, 0x64, 0xef, 0xf7, 0xe8, 0x8e, 0x2e, 0x46, 0x16, 0x5e, 0x29, 0xf2, 0xbc, 0xe4, 0x18, 0x26, 0xbd, 0x4c, 0x7b, 0x35, 0x52, 0xf6, 0xb3, 0x82, 0xa9, 0xe7, 0xd3, 0xaf, 0x47, 0xc2, 0x45, 0xf8} - }; - int i; - for (i = 0; i < 8; i++) { - unsigned char out[32]; - secp256k1_sha256 hasher; - secp256k1_sha256_initialize(&hasher); - secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); - secp256k1_sha256_finalize(&hasher, out); - CHECK(memcmp(out, outputs[i], 32) == 0); - if (strlen(inputs[i]) > 0) { - int split = secp256k1_rand_int(strlen(inputs[i])); - secp256k1_sha256_initialize(&hasher); - secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); - secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); - secp256k1_sha256_finalize(&hasher, out); - CHECK(memcmp(out, outputs[i], 32) == 0); - } - } -} - -void run_hmac_sha256_tests(void) { - static const char *keys[6] = { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", - "\x4a\x65\x66\x65", - "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", - "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", - "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", - "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" - }; - static const char *inputs[6] = { - "\x48\x69\x20\x54\x68\x65\x72\x65", - "\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20\x6e\x6f\x74\x68\x69\x6e\x67\x3f", - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", - "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd", - "\x54\x65\x73\x74\x20\x55\x73\x69\x6e\x67\x20\x4c\x61\x72\x67\x65\x72\x20\x54\x68\x61\x6e\x20\x42\x6c\x6f\x63\x6b\x2d\x53\x69\x7a\x65\x20\x4b\x65\x79\x20\x2d\x20\x48\x61\x73\x68\x20\x4b\x65\x79\x20\x46\x69\x72\x73\x74", - "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x20\x75\x73\x69\x6e\x67\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x2e" - }; - static const unsigned char outputs[6][32] = { - {0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, - {0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43}, - {0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe}, - {0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b}, - {0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54}, - {0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2} - }; - int i; - for (i = 0; i < 6; i++) { - secp256k1_hmac_sha256 hasher; - unsigned char out[32]; - secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); - secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); - secp256k1_hmac_sha256_finalize(&hasher, out); - CHECK(memcmp(out, outputs[i], 32) == 0); - if (strlen(inputs[i]) > 0) { - int split = secp256k1_rand_int(strlen(inputs[i])); - secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); - secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); - secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); - secp256k1_hmac_sha256_finalize(&hasher, out); - CHECK(memcmp(out, outputs[i], 32) == 0); - } - } -} - -void run_rfc6979_hmac_sha256_tests(void) { - static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0}; - static const unsigned char out1[3][32] = { - {0x4f, 0xe2, 0x95, 0x25, 0xb2, 0x08, 0x68, 0x09, 0x15, 0x9a, 0xcd, 0xf0, 0x50, 0x6e, 0xfb, 0x86, 0xb0, 0xec, 0x93, 0x2c, 0x7b, 0xa4, 0x42, 0x56, 0xab, 0x32, 0x1e, 0x42, 0x1e, 0x67, 0xe9, 0xfb}, - {0x2b, 0xf0, 0xff, 0xf1, 0xd3, 0xc3, 0x78, 0xa2, 0x2d, 0xc5, 0xde, 0x1d, 0x85, 0x65, 0x22, 0x32, 0x5c, 0x65, 0xb5, 0x04, 0x49, 0x1a, 0x0c, 0xbd, 0x01, 0xcb, 0x8f, 0x3a, 0xa6, 0x7f, 0xfd, 0x4a}, - {0xf5, 0x28, 0xb4, 0x10, 0xcb, 0x54, 0x1f, 0x77, 0x00, 0x0d, 0x7a, 0xfb, 0x6c, 0x5b, 0x53, 0xc5, 0xc4, 0x71, 0xea, 0xb4, 0x3e, 0x46, 0x6d, 0x9a, 0xc5, 0x19, 0x0c, 0x39, 0xc8, 0x2f, 0xd8, 0x2e} - }; - - static const unsigned char key2[64] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}; - static const unsigned char out2[3][32] = { - {0x9c, 0x23, 0x6c, 0x16, 0x5b, 0x82, 0xae, 0x0c, 0xd5, 0x90, 0x65, 0x9e, 0x10, 0x0b, 0x6b, 0xab, 0x30, 0x36, 0xe7, 0xba, 0x8b, 0x06, 0x74, 0x9b, 0xaf, 0x69, 0x81, 0xe1, 0x6f, 0x1a, 0x2b, 0x95}, - {0xdf, 0x47, 0x10, 0x61, 0x62, 0x5b, 0xc0, 0xea, 0x14, 0xb6, 0x82, 0xfe, 0xee, 0x2c, 0x9c, 0x02, 0xf2, 0x35, 0xda, 0x04, 0x20, 0x4c, 0x1d, 0x62, 0xa1, 0x53, 0x6c, 0x6e, 0x17, 0xae, 0xd7, 0xa9}, - {0x75, 0x97, 0x88, 0x7c, 0xbd, 0x76, 0x32, 0x1f, 0x32, 0xe3, 0x04, 0x40, 0x67, 0x9a, 0x22, 0xcf, 0x7f, 0x8d, 0x9d, 0x2e, 0xac, 0x39, 0x0e, 0x58, 0x1f, 0xea, 0x09, 0x1c, 0xe2, 0x02, 0xba, 0x94} - }; - - secp256k1_rfc6979_hmac_sha256 rng; - unsigned char out[32]; - int i; - - secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 64); - for (i = 0; i < 3; i++) { - secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); - CHECK(memcmp(out, out1[i], 32) == 0); - } - secp256k1_rfc6979_hmac_sha256_finalize(&rng); - - secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 65); - for (i = 0; i < 3; i++) { - secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); - CHECK(memcmp(out, out1[i], 32) != 0); - } - secp256k1_rfc6979_hmac_sha256_finalize(&rng); - - secp256k1_rfc6979_hmac_sha256_initialize(&rng, key2, 64); - for (i = 0; i < 3; i++) { - secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); - CHECK(memcmp(out, out2[i], 32) == 0); - } - secp256k1_rfc6979_hmac_sha256_finalize(&rng); -} - -/***** RANDOM TESTS *****/ - -void test_rand_bits(int rand32, int bits) { - /* (1-1/2^B)^rounds[B] < 1/10^9, so rounds is the number of iterations to - * get a false negative chance below once in a billion */ - static const unsigned int rounds[7] = {1, 30, 73, 156, 322, 653, 1316}; - /* We try multiplying the results with various odd numbers, which shouldn't - * influence the uniform distribution modulo a power of 2. */ - static const uint32_t mults[6] = {1, 3, 21, 289, 0x9999, 0x80402011}; - /* We only select up to 6 bits from the output to analyse */ - unsigned int usebits = bits > 6 ? 6 : bits; - unsigned int maxshift = bits - usebits; - /* For each of the maxshift+1 usebits-bit sequences inside a bits-bit - number, track all observed outcomes, one per bit in a uint64_t. */ - uint64_t x[6][27] = {{0}}; - unsigned int i, shift, m; - /* Multiply the output of all rand calls with the odd number m, which - should not change the uniformity of its distribution. */ - for (i = 0; i < rounds[usebits]; i++) { - uint32_t r = (rand32 ? secp256k1_rand32() : secp256k1_rand_bits(bits)); - CHECK((((uint64_t)r) >> bits) == 0); - for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { - uint32_t rm = r * mults[m]; - for (shift = 0; shift <= maxshift; shift++) { - x[m][shift] |= (((uint64_t)1) << ((rm >> shift) & ((1 << usebits) - 1))); - } - } - } - for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { - for (shift = 0; shift <= maxshift; shift++) { - /* Test that the lower usebits bits of x[shift] are 1 */ - CHECK(((~x[m][shift]) << (64 - (1 << usebits))) == 0); - } - } -} - -/* Subrange must be a whole divisor of range, and at most 64 */ -void test_rand_int(uint32_t range, uint32_t subrange) { - /* (1-1/subrange)^rounds < 1/10^9 */ - int rounds = (subrange * 2073) / 100; - int i; - uint64_t x = 0; - CHECK((range % subrange) == 0); - for (i = 0; i < rounds; i++) { - uint32_t r = secp256k1_rand_int(range); - CHECK(r < range); - r = r % subrange; - x |= (((uint64_t)1) << r); - } - /* Test that the lower subrange bits of x are 1. */ - CHECK(((~x) << (64 - subrange)) == 0); -} - -void run_rand_bits(void) { - size_t b; - test_rand_bits(1, 32); - for (b = 1; b <= 32; b++) { - test_rand_bits(0, b); - } -} - -void run_rand_int(void) { - static const uint32_t ms[] = {1, 3, 17, 1000, 13771, 999999, 33554432}; - static const uint32_t ss[] = {1, 3, 6, 9, 13, 31, 64}; - unsigned int m, s; - for (m = 0; m < sizeof(ms) / sizeof(ms[0]); m++) { - for (s = 0; s < sizeof(ss) / sizeof(ss[0]); s++) { - test_rand_int(ms[m] * ss[s], ss[s]); - } - } -} - -/***** NUM TESTS *****/ - -#ifndef USE_NUM_NONE -void random_num_negate(secp256k1_num *num) { - if (secp256k1_rand_bits(1)) { - secp256k1_num_negate(num); - } -} - -void random_num_order_test(secp256k1_num *num) { - secp256k1_scalar sc; - random_scalar_order_test(&sc); - secp256k1_scalar_get_num(num, &sc); -} - -void random_num_order(secp256k1_num *num) { - secp256k1_scalar sc; - random_scalar_order(&sc); - secp256k1_scalar_get_num(num, &sc); -} - -void test_num_negate(void) { - secp256k1_num n1; - secp256k1_num n2; - random_num_order_test(&n1); /* n1 = R */ - random_num_negate(&n1); - secp256k1_num_copy(&n2, &n1); /* n2 = R */ - secp256k1_num_sub(&n1, &n2, &n1); /* n1 = n2-n1 = 0 */ - CHECK(secp256k1_num_is_zero(&n1)); - secp256k1_num_copy(&n1, &n2); /* n1 = R */ - secp256k1_num_negate(&n1); /* n1 = -R */ - CHECK(!secp256k1_num_is_zero(&n1)); - secp256k1_num_add(&n1, &n2, &n1); /* n1 = n2+n1 = 0 */ - CHECK(secp256k1_num_is_zero(&n1)); - secp256k1_num_copy(&n1, &n2); /* n1 = R */ - secp256k1_num_negate(&n1); /* n1 = -R */ - CHECK(secp256k1_num_is_neg(&n1) != secp256k1_num_is_neg(&n2)); - secp256k1_num_negate(&n1); /* n1 = R */ - CHECK(secp256k1_num_eq(&n1, &n2)); -} - -void test_num_add_sub(void) { - int i; - secp256k1_scalar s; - secp256k1_num n1; - secp256k1_num n2; - secp256k1_num n1p2, n2p1, n1m2, n2m1; - random_num_order_test(&n1); /* n1 = R1 */ - if (secp256k1_rand_bits(1)) { - random_num_negate(&n1); - } - random_num_order_test(&n2); /* n2 = R2 */ - if (secp256k1_rand_bits(1)) { - random_num_negate(&n2); - } - secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = R1 + R2 */ - secp256k1_num_add(&n2p1, &n2, &n1); /* n2p1 = R2 + R1 */ - secp256k1_num_sub(&n1m2, &n1, &n2); /* n1m2 = R1 - R2 */ - secp256k1_num_sub(&n2m1, &n2, &n1); /* n2m1 = R2 - R1 */ - CHECK(secp256k1_num_eq(&n1p2, &n2p1)); - CHECK(!secp256k1_num_eq(&n1p2, &n1m2)); - secp256k1_num_negate(&n2m1); /* n2m1 = -R2 + R1 */ - CHECK(secp256k1_num_eq(&n2m1, &n1m2)); - CHECK(!secp256k1_num_eq(&n2m1, &n1)); - secp256k1_num_add(&n2m1, &n2m1, &n2); /* n2m1 = -R2 + R1 + R2 = R1 */ - CHECK(secp256k1_num_eq(&n2m1, &n1)); - CHECK(!secp256k1_num_eq(&n2p1, &n1)); - secp256k1_num_sub(&n2p1, &n2p1, &n2); /* n2p1 = R2 + R1 - R2 = R1 */ - CHECK(secp256k1_num_eq(&n2p1, &n1)); - - /* check is_one */ - secp256k1_scalar_set_int(&s, 1); - secp256k1_scalar_get_num(&n1, &s); - CHECK(secp256k1_num_is_one(&n1)); - /* check that 2^n + 1 is never 1 */ - secp256k1_scalar_get_num(&n2, &s); - for (i = 0; i < 250; ++i) { - secp256k1_num_add(&n1, &n1, &n1); /* n1 *= 2 */ - secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = n1 + 1 */ - CHECK(!secp256k1_num_is_one(&n1p2)); - } -} - -void test_num_mod(void) { - int i; - secp256k1_scalar s; - secp256k1_num order, n; - - /* check that 0 mod anything is 0 */ - random_scalar_order_test(&s); - secp256k1_scalar_get_num(&order, &s); - secp256k1_scalar_set_int(&s, 0); - secp256k1_scalar_get_num(&n, &s); - secp256k1_num_mod(&n, &order); - CHECK(secp256k1_num_is_zero(&n)); - - /* check that anything mod 1 is 0 */ - secp256k1_scalar_set_int(&s, 1); - secp256k1_scalar_get_num(&order, &s); - secp256k1_scalar_get_num(&n, &s); - secp256k1_num_mod(&n, &order); - CHECK(secp256k1_num_is_zero(&n)); - - /* check that increasing the number past 2^256 does not break this */ - random_scalar_order_test(&s); - secp256k1_scalar_get_num(&n, &s); - /* multiply by 2^8, which'll test this case with high probability */ - for (i = 0; i < 8; ++i) { - secp256k1_num_add(&n, &n, &n); - } - secp256k1_num_mod(&n, &order); - CHECK(secp256k1_num_is_zero(&n)); -} - -void test_num_jacobi(void) { - secp256k1_scalar sqr; - secp256k1_scalar small; - secp256k1_scalar five; /* five is not a quadratic residue */ - secp256k1_num order, n; - int i; - /* squares mod 5 are 1, 4 */ - const int jacobi5[10] = { 0, 1, -1, -1, 1, 0, 1, -1, -1, 1 }; - - /* check some small values with 5 as the order */ - secp256k1_scalar_set_int(&five, 5); - secp256k1_scalar_get_num(&order, &five); - for (i = 0; i < 10; ++i) { - secp256k1_scalar_set_int(&small, i); - secp256k1_scalar_get_num(&n, &small); - CHECK(secp256k1_num_jacobi(&n, &order) == jacobi5[i]); - } - - /** test large values with 5 as group order */ - secp256k1_scalar_get_num(&order, &five); - /* we first need a scalar which is not a multiple of 5 */ - do { - secp256k1_num fiven; - random_scalar_order_test(&sqr); - secp256k1_scalar_get_num(&fiven, &five); - secp256k1_scalar_get_num(&n, &sqr); - secp256k1_num_mod(&n, &fiven); - } while (secp256k1_num_is_zero(&n)); - /* next force it to be a residue. 2 is a nonresidue mod 5 so we can - * just multiply by two, i.e. add the number to itself */ - if (secp256k1_num_jacobi(&n, &order) == -1) { - secp256k1_num_add(&n, &n, &n); - } - - /* test residue */ - CHECK(secp256k1_num_jacobi(&n, &order) == 1); - /* test nonresidue */ - secp256k1_num_add(&n, &n, &n); - CHECK(secp256k1_num_jacobi(&n, &order) == -1); - - /** test with secp group order as order */ - secp256k1_scalar_order_get_num(&order); - random_scalar_order_test(&sqr); - secp256k1_scalar_sqr(&sqr, &sqr); - /* test residue */ - secp256k1_scalar_get_num(&n, &sqr); - CHECK(secp256k1_num_jacobi(&n, &order) == 1); - /* test nonresidue */ - secp256k1_scalar_mul(&sqr, &sqr, &five); - secp256k1_scalar_get_num(&n, &sqr); - CHECK(secp256k1_num_jacobi(&n, &order) == -1); - /* test multiple of the order*/ - CHECK(secp256k1_num_jacobi(&order, &order) == 0); - - /* check one less than the order */ - secp256k1_scalar_set_int(&small, 1); - secp256k1_scalar_get_num(&n, &small); - secp256k1_num_sub(&n, &order, &n); - CHECK(secp256k1_num_jacobi(&n, &order) == 1); /* sage confirms this is 1 */ -} - -void run_num_smalltests(void) { - int i; - for (i = 0; i < 100*count; i++) { - test_num_negate(); - test_num_add_sub(); - test_num_mod(); - test_num_jacobi(); - } -} -#endif - -/***** SCALAR TESTS *****/ - -void scalar_test(void) { - secp256k1_scalar s; - secp256k1_scalar s1; - secp256k1_scalar s2; -#ifndef USE_NUM_NONE - secp256k1_num snum, s1num, s2num; - secp256k1_num order, half_order; -#endif - unsigned char c[32]; - - /* Set 's' to a random scalar, with value 'snum'. */ - random_scalar_order_test(&s); - - /* Set 's1' to a random scalar, with value 's1num'. */ - random_scalar_order_test(&s1); - - /* Set 's2' to a random scalar, with value 'snum2', and byte array representation 'c'. */ - random_scalar_order_test(&s2); - secp256k1_scalar_get_b32(c, &s2); - -#ifndef USE_NUM_NONE - secp256k1_scalar_get_num(&snum, &s); - secp256k1_scalar_get_num(&s1num, &s1); - secp256k1_scalar_get_num(&s2num, &s2); - - secp256k1_scalar_order_get_num(&order); - half_order = order; - secp256k1_num_shift(&half_order, 1); -#endif - - { - int i; - /* Test that fetching groups of 4 bits from a scalar and recursing n(i)=16*n(i-1)+p(i) reconstructs it. */ - secp256k1_scalar n; - secp256k1_scalar_set_int(&n, 0); - for (i = 0; i < 256; i += 4) { - secp256k1_scalar t; - int j; - secp256k1_scalar_set_int(&t, secp256k1_scalar_get_bits(&s, 256 - 4 - i, 4)); - for (j = 0; j < 4; j++) { - secp256k1_scalar_add(&n, &n, &n); - } - secp256k1_scalar_add(&n, &n, &t); - } - CHECK(secp256k1_scalar_eq(&n, &s)); - } - - { - /* Test that fetching groups of randomly-sized bits from a scalar and recursing n(i)=b*n(i-1)+p(i) reconstructs it. */ - secp256k1_scalar n; - int i = 0; - secp256k1_scalar_set_int(&n, 0); - while (i < 256) { - secp256k1_scalar t; - int j; - int now = secp256k1_rand_int(15) + 1; - if (now + i > 256) { - now = 256 - i; - } - secp256k1_scalar_set_int(&t, secp256k1_scalar_get_bits_var(&s, 256 - now - i, now)); - for (j = 0; j < now; j++) { - secp256k1_scalar_add(&n, &n, &n); - } - secp256k1_scalar_add(&n, &n, &t); - i += now; - } - CHECK(secp256k1_scalar_eq(&n, &s)); - } - -#ifndef USE_NUM_NONE - { - /* Test that adding the scalars together is equal to adding their numbers together modulo the order. */ - secp256k1_num rnum; - secp256k1_num r2num; - secp256k1_scalar r; - secp256k1_num_add(&rnum, &snum, &s2num); - secp256k1_num_mod(&rnum, &order); - secp256k1_scalar_add(&r, &s, &s2); - secp256k1_scalar_get_num(&r2num, &r); - CHECK(secp256k1_num_eq(&rnum, &r2num)); - } - - { - /* Test that multiplying the scalars is equal to multiplying their numbers modulo the order. */ - secp256k1_scalar r; - secp256k1_num r2num; - secp256k1_num rnum; - secp256k1_num_mul(&rnum, &snum, &s2num); - secp256k1_num_mod(&rnum, &order); - secp256k1_scalar_mul(&r, &s, &s2); - secp256k1_scalar_get_num(&r2num, &r); - CHECK(secp256k1_num_eq(&rnum, &r2num)); - /* The result can only be zero if at least one of the factors was zero. */ - CHECK(secp256k1_scalar_is_zero(&r) == (secp256k1_scalar_is_zero(&s) || secp256k1_scalar_is_zero(&s2))); - /* The results can only be equal to one of the factors if that factor was zero, or the other factor was one. */ - CHECK(secp256k1_num_eq(&rnum, &snum) == (secp256k1_scalar_is_zero(&s) || secp256k1_scalar_is_one(&s2))); - CHECK(secp256k1_num_eq(&rnum, &s2num) == (secp256k1_scalar_is_zero(&s2) || secp256k1_scalar_is_one(&s))); - } - - { - secp256k1_scalar neg; - secp256k1_num negnum; - secp256k1_num negnum2; - /* Check that comparison with zero matches comparison with zero on the number. */ - CHECK(secp256k1_num_is_zero(&snum) == secp256k1_scalar_is_zero(&s)); - /* Check that comparison with the half order is equal to testing for high scalar. */ - CHECK(secp256k1_scalar_is_high(&s) == (secp256k1_num_cmp(&snum, &half_order) > 0)); - secp256k1_scalar_negate(&neg, &s); - secp256k1_num_sub(&negnum, &order, &snum); - secp256k1_num_mod(&negnum, &order); - /* Check that comparison with the half order is equal to testing for high scalar after negation. */ - CHECK(secp256k1_scalar_is_high(&neg) == (secp256k1_num_cmp(&negnum, &half_order) > 0)); - /* Negating should change the high property, unless the value was already zero. */ - CHECK((secp256k1_scalar_is_high(&s) == secp256k1_scalar_is_high(&neg)) == secp256k1_scalar_is_zero(&s)); - secp256k1_scalar_get_num(&negnum2, &neg); - /* Negating a scalar should be equal to (order - n) mod order on the number. */ - CHECK(secp256k1_num_eq(&negnum, &negnum2)); - secp256k1_scalar_add(&neg, &neg, &s); - /* Adding a number to its negation should result in zero. */ - CHECK(secp256k1_scalar_is_zero(&neg)); - secp256k1_scalar_negate(&neg, &neg); - /* Negating zero should still result in zero. */ - CHECK(secp256k1_scalar_is_zero(&neg)); - } - - { - /* Test secp256k1_scalar_mul_shift_var. */ - secp256k1_scalar r; - secp256k1_num one; - secp256k1_num rnum; - secp256k1_num rnum2; - unsigned char cone[1] = {0x01}; - unsigned int shift = 256 + secp256k1_rand_int(257); - secp256k1_scalar_mul_shift_var(&r, &s1, &s2, shift); - secp256k1_num_mul(&rnum, &s1num, &s2num); - secp256k1_num_shift(&rnum, shift - 1); - secp256k1_num_set_bin(&one, cone, 1); - secp256k1_num_add(&rnum, &rnum, &one); - secp256k1_num_shift(&rnum, 1); - secp256k1_scalar_get_num(&rnum2, &r); - CHECK(secp256k1_num_eq(&rnum, &rnum2)); - } - - { - /* test secp256k1_scalar_shr_int */ - secp256k1_scalar r; - int i; - random_scalar_order_test(&r); - for (i = 0; i < 100; ++i) { - int low; - int shift = 1 + secp256k1_rand_int(15); - int expected = r.d[0] % (1 << shift); - low = secp256k1_scalar_shr_int(&r, shift); - CHECK(expected == low); - } - } -#endif - - { - /* Test that scalar inverses are equal to the inverse of their number modulo the order. */ - if (!secp256k1_scalar_is_zero(&s)) { - secp256k1_scalar inv; -#ifndef USE_NUM_NONE - secp256k1_num invnum; - secp256k1_num invnum2; -#endif - secp256k1_scalar_inverse(&inv, &s); -#ifndef USE_NUM_NONE - secp256k1_num_mod_inverse(&invnum, &snum, &order); - secp256k1_scalar_get_num(&invnum2, &inv); - CHECK(secp256k1_num_eq(&invnum, &invnum2)); -#endif - secp256k1_scalar_mul(&inv, &inv, &s); - /* Multiplying a scalar with its inverse must result in one. */ - CHECK(secp256k1_scalar_is_one(&inv)); - secp256k1_scalar_inverse(&inv, &inv); - /* Inverting one must result in one. */ - CHECK(secp256k1_scalar_is_one(&inv)); -#ifndef USE_NUM_NONE - secp256k1_scalar_get_num(&invnum, &inv); - CHECK(secp256k1_num_is_one(&invnum)); -#endif - } - } - - { - /* Test commutativity of add. */ - secp256k1_scalar r1, r2; - secp256k1_scalar_add(&r1, &s1, &s2); - secp256k1_scalar_add(&r2, &s2, &s1); - CHECK(secp256k1_scalar_eq(&r1, &r2)); - } - - { - secp256k1_scalar r1, r2; - secp256k1_scalar b; - int i; - /* Test add_bit. */ - int bit = secp256k1_rand_bits(8); - secp256k1_scalar_set_int(&b, 1); - CHECK(secp256k1_scalar_is_one(&b)); - for (i = 0; i < bit; i++) { - secp256k1_scalar_add(&b, &b, &b); - } - r1 = s1; - r2 = s1; - if (!secp256k1_scalar_add(&r1, &r1, &b)) { - /* No overflow happened. */ - secp256k1_scalar_cadd_bit(&r2, bit, 1); - CHECK(secp256k1_scalar_eq(&r1, &r2)); - /* cadd is a noop when flag is zero */ - secp256k1_scalar_cadd_bit(&r2, bit, 0); - CHECK(secp256k1_scalar_eq(&r1, &r2)); - } - } - - { - /* Test commutativity of mul. */ - secp256k1_scalar r1, r2; - secp256k1_scalar_mul(&r1, &s1, &s2); - secp256k1_scalar_mul(&r2, &s2, &s1); - CHECK(secp256k1_scalar_eq(&r1, &r2)); - } - - { - /* Test associativity of add. */ - secp256k1_scalar r1, r2; - secp256k1_scalar_add(&r1, &s1, &s2); - secp256k1_scalar_add(&r1, &r1, &s); - secp256k1_scalar_add(&r2, &s2, &s); - secp256k1_scalar_add(&r2, &s1, &r2); - CHECK(secp256k1_scalar_eq(&r1, &r2)); - } - - { - /* Test associativity of mul. */ - secp256k1_scalar r1, r2; - secp256k1_scalar_mul(&r1, &s1, &s2); - secp256k1_scalar_mul(&r1, &r1, &s); - secp256k1_scalar_mul(&r2, &s2, &s); - secp256k1_scalar_mul(&r2, &s1, &r2); - CHECK(secp256k1_scalar_eq(&r1, &r2)); - } - - { - /* Test distributitivity of mul over add. */ - secp256k1_scalar r1, r2, t; - secp256k1_scalar_add(&r1, &s1, &s2); - secp256k1_scalar_mul(&r1, &r1, &s); - secp256k1_scalar_mul(&r2, &s1, &s); - secp256k1_scalar_mul(&t, &s2, &s); - secp256k1_scalar_add(&r2, &r2, &t); - CHECK(secp256k1_scalar_eq(&r1, &r2)); - } - - { - /* Test square. */ - secp256k1_scalar r1, r2; - secp256k1_scalar_sqr(&r1, &s1); - secp256k1_scalar_mul(&r2, &s1, &s1); - CHECK(secp256k1_scalar_eq(&r1, &r2)); - } - - { - /* Test multiplicative identity. */ - secp256k1_scalar r1, v1; - secp256k1_scalar_set_int(&v1,1); - secp256k1_scalar_mul(&r1, &s1, &v1); - CHECK(secp256k1_scalar_eq(&r1, &s1)); - } - - { - /* Test additive identity. */ - secp256k1_scalar r1, v0; - secp256k1_scalar_set_int(&v0,0); - secp256k1_scalar_add(&r1, &s1, &v0); - CHECK(secp256k1_scalar_eq(&r1, &s1)); - } - - { - /* Test zero product property. */ - secp256k1_scalar r1, v0; - secp256k1_scalar_set_int(&v0,0); - secp256k1_scalar_mul(&r1, &s1, &v0); - CHECK(secp256k1_scalar_eq(&r1, &v0)); - } - -} - -void run_scalar_tests(void) { - int i; - for (i = 0; i < 128 * count; i++) { - scalar_test(); - } - - { - /* (-1)+1 should be zero. */ - secp256k1_scalar s, o; - secp256k1_scalar_set_int(&s, 1); - CHECK(secp256k1_scalar_is_one(&s)); - secp256k1_scalar_negate(&o, &s); - secp256k1_scalar_add(&o, &o, &s); - CHECK(secp256k1_scalar_is_zero(&o)); - secp256k1_scalar_negate(&o, &o); - CHECK(secp256k1_scalar_is_zero(&o)); - } - -#ifndef USE_NUM_NONE - { - /* A scalar with value of the curve order should be 0. */ - secp256k1_num order; - secp256k1_scalar zero; - unsigned char bin[32]; - int overflow = 0; - secp256k1_scalar_order_get_num(&order); - secp256k1_num_get_bin(bin, 32, &order); - secp256k1_scalar_set_b32(&zero, bin, &overflow); - CHECK(overflow == 1); - CHECK(secp256k1_scalar_is_zero(&zero)); - } -#endif - - { - /* Does check_overflow check catch all ones? */ - static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST( - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL - ); - CHECK(secp256k1_scalar_check_overflow(&overflowed)); - } - - { - /* Static test vectors. - * These were reduced from ~10^12 random vectors based on comparison-decision - * and edge-case coverage on 32-bit and 64-bit implementations. - * The responses were generated with Sage 5.9. - */ - secp256k1_scalar x; - secp256k1_scalar y; - secp256k1_scalar z; - secp256k1_scalar zz; - secp256k1_scalar one; - secp256k1_scalar r1; - secp256k1_scalar r2; -#if defined(USE_SCALAR_INV_NUM) - secp256k1_scalar zzv; -#endif - int overflow; - unsigned char chal[33][2][32] = { - {{0xff, 0xff, 0x03, 0x07, 0x00, 0x00, 0x00, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, - 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, - 0xff, 0xff, 0x03, 0x00, 0xc0, 0xff, 0xff, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff}}, - {{0xef, 0xff, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, - 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x80, 0xff}}, - {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, - 0x80, 0x00, 0x00, 0x80, 0xff, 0x3f, 0x00, 0x00, - 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0x00}, - {0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, 0x80, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0xe0, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff}}, - {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, - 0x00, 0x1e, 0xf8, 0xff, 0xff, 0xff, 0xfd, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, - 0x00, 0x00, 0x00, 0xf8, 0xff, 0x03, 0x00, 0xe0, - 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0xf0, 0xff, - 0xf3, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00, - 0x00, 0x1c, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff, 0x00, - 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00, - 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x1f, 0x00, 0x00, 0x80, 0xff, 0xff, 0x3f, - 0x00, 0xfe, 0xff, 0xff, 0xff, 0xdf, 0xff, 0xff}}, - {{0xff, 0xff, 0xff, 0xff, 0x00, 0x0f, 0xfc, 0x9f, - 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80, - 0xff, 0x0f, 0xfc, 0xff, 0x7f, 0x00, 0x00, 0x00, - 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, - {0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, - 0x00, 0x00, 0xf8, 0xff, 0x0f, 0xc0, 0xff, 0xff, - 0xff, 0x1f, 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, - 0xff, 0xff, 0xff, 0x07, 0x80, 0xff, 0xff, 0xff}}, - {{0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, - 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, - 0xf7, 0xff, 0xff, 0xef, 0xff, 0xff, 0xff, 0x00, - 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xf0}, - {0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, - {{0x00, 0xf8, 0xff, 0x03, 0xff, 0xff, 0xff, 0x00, - 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, - 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0x03, 0xc0, 0xff, 0x0f, 0xfc, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, - 0xff, 0x01, 0x00, 0x00, 0x00, 0x3f, 0x00, 0xc0, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, - {{0x8f, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x7f, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0x03, 0x00, 0x80, 0x00, 0x00, 0x80, - 0xff, 0xff, 0xff, 0x00, 0x00, 0x80, 0xff, 0x7f}, - {0xff, 0xcf, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00, - 0x00, 0xc0, 0xff, 0xcf, 0xff, 0xff, 0xff, 0xff, - 0xbf, 0xff, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x80, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00}}, - {{0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xff, 0xff, - 0xff, 0xff, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80, - 0xff, 0x01, 0xfc, 0xff, 0x01, 0x00, 0xfe, 0xff}, - {0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00}}, - {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0x7f, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0xf8, 0xff, 0x01, 0x00, 0xf0, 0xff, 0xff, - 0xe0, 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0x00}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, - 0xfc, 0xff, 0xff, 0x3f, 0xf0, 0xff, 0xff, 0x3f, - 0x00, 0x00, 0xf8, 0x07, 0x00, 0x00, 0x00, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x0f, 0x7e, 0x00, 0x00}}, - {{0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0x1f, 0x00, 0x00, 0xfe, 0x07, 0x00}, - {0x00, 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xfb, 0xff, 0x07, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60}}, - {{0xff, 0x01, 0x00, 0xff, 0xff, 0xff, 0x0f, 0x00, - 0x80, 0x7f, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x03, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0xff, 0xff, 0x1f, 0x00, 0xf0, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00, 0x00}}, - {{0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf1, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, - 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff}}, - {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, - 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xc0, 0xff, 0xff, 0xcf, 0xff, 0x1f, 0x00, 0x00, - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x7e, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7c, 0x00}, - {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, - 0xff, 0xff, 0x7f, 0x00, 0x80, 0x00, 0x00, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, - 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff}}, - {{0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, - {0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x80, - 0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, - 0xff, 0x7f, 0xf8, 0xff, 0xff, 0x1f, 0x00, 0xfe}}, - {{0xff, 0xff, 0xff, 0x3f, 0xf8, 0xff, 0xff, 0xff, - 0xff, 0x03, 0xfe, 0x01, 0x00, 0x00, 0x00, 0x00, - 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, - 0xff, 0xff, 0xff, 0xff, 0x01, 0x80, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}}, - {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, - 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, - 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}}, - {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, - {{0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0xc0, - 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, - 0xf0, 0xff, 0xff, 0xff, 0xff, 0x07, 0x00, 0x00, - 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x01, 0xff, 0xff, 0xff}}, - {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}}, - {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, - 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, - 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}, - {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0x7e, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x07, 0x00, - 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, - 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0xff, 0x01, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, - {{0xff, 0xff, 0xf0, 0xff, 0xff, 0xff, 0xff, 0x00, - 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, - 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, - 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, - 0xff, 0xff, 0x3f, 0x00, 0xf8, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x3f, 0x00, 0x00, 0xc0, 0xf1, 0x7f, 0x00}}, - {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00}, - {0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, - 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0x80, 0x1f, - 0x00, 0x00, 0xfc, 0xff, 0xff, 0x01, 0xff, 0xff}}, - {{0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, - 0x80, 0x00, 0x00, 0x80, 0xff, 0x03, 0xe0, 0x01, - 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0xfc, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, - {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, - 0xfe, 0xff, 0xff, 0xf0, 0x07, 0x00, 0x3c, 0x80, - 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, - 0xff, 0xff, 0x07, 0xe0, 0xff, 0x00, 0x00, 0x00}}, - {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, - 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07, 0xf8, - 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x0c, 0x80, 0x00, - 0x00, 0x00, 0x00, 0xc0, 0x7f, 0xfe, 0xff, 0x1f, - 0x00, 0xfe, 0xff, 0x03, 0x00, 0x00, 0xfe, 0xff}}, - {{0xff, 0xff, 0x81, 0xff, 0xff, 0xff, 0xff, 0x00, - 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x83, - 0xff, 0xff, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, - 0xff, 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0xf0}, - {0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x00, - 0xf8, 0x07, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xc7, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff}}, - {{0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, - 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb, - 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03}, - {0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, - 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb, - 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03}} - }; - unsigned char res[33][2][32] = { - {{0x0c, 0x3b, 0x0a, 0xca, 0x8d, 0x1a, 0x2f, 0xb9, - 0x8a, 0x7b, 0x53, 0x5a, 0x1f, 0xc5, 0x22, 0xa1, - 0x07, 0x2a, 0x48, 0xea, 0x02, 0xeb, 0xb3, 0xd6, - 0x20, 0x1e, 0x86, 0xd0, 0x95, 0xf6, 0x92, 0x35}, - {0xdc, 0x90, 0x7a, 0x07, 0x2e, 0x1e, 0x44, 0x6d, - 0xf8, 0x15, 0x24, 0x5b, 0x5a, 0x96, 0x37, 0x9c, - 0x37, 0x7b, 0x0d, 0xac, 0x1b, 0x65, 0x58, 0x49, - 0x43, 0xb7, 0x31, 0xbb, 0xa7, 0xf4, 0x97, 0x15}}, - {{0xf1, 0xf7, 0x3a, 0x50, 0xe6, 0x10, 0xba, 0x22, - 0x43, 0x4d, 0x1f, 0x1f, 0x7c, 0x27, 0xca, 0x9c, - 0xb8, 0xb6, 0xa0, 0xfc, 0xd8, 0xc0, 0x05, 0x2f, - 0xf7, 0x08, 0xe1, 0x76, 0xdd, 0xd0, 0x80, 0xc8}, - {0xe3, 0x80, 0x80, 0xb8, 0xdb, 0xe3, 0xa9, 0x77, - 0x00, 0xb0, 0xf5, 0x2e, 0x27, 0xe2, 0x68, 0xc4, - 0x88, 0xe8, 0x04, 0xc1, 0x12, 0xbf, 0x78, 0x59, - 0xe6, 0xa9, 0x7c, 0xe1, 0x81, 0xdd, 0xb9, 0xd5}}, - {{0x96, 0xe2, 0xee, 0x01, 0xa6, 0x80, 0x31, 0xef, - 0x5c, 0xd0, 0x19, 0xb4, 0x7d, 0x5f, 0x79, 0xab, - 0xa1, 0x97, 0xd3, 0x7e, 0x33, 0xbb, 0x86, 0x55, - 0x60, 0x20, 0x10, 0x0d, 0x94, 0x2d, 0x11, 0x7c}, - {0xcc, 0xab, 0xe0, 0xe8, 0x98, 0x65, 0x12, 0x96, - 0x38, 0x5a, 0x1a, 0xf2, 0x85, 0x23, 0x59, 0x5f, - 0xf9, 0xf3, 0xc2, 0x81, 0x70, 0x92, 0x65, 0x12, - 0x9c, 0x65, 0x1e, 0x96, 0x00, 0xef, 0xe7, 0x63}}, - {{0xac, 0x1e, 0x62, 0xc2, 0x59, 0xfc, 0x4e, 0x5c, - 0x83, 0xb0, 0xd0, 0x6f, 0xce, 0x19, 0xf6, 0xbf, - 0xa4, 0xb0, 0xe0, 0x53, 0x66, 0x1f, 0xbf, 0xc9, - 0x33, 0x47, 0x37, 0xa9, 0x3d, 0x5d, 0xb0, 0x48}, - {0x86, 0xb9, 0x2a, 0x7f, 0x8e, 0xa8, 0x60, 0x42, - 0x26, 0x6d, 0x6e, 0x1c, 0xa2, 0xec, 0xe0, 0xe5, - 0x3e, 0x0a, 0x33, 0xbb, 0x61, 0x4c, 0x9f, 0x3c, - 0xd1, 0xdf, 0x49, 0x33, 0xcd, 0x72, 0x78, 0x18}}, - {{0xf7, 0xd3, 0xcd, 0x49, 0x5c, 0x13, 0x22, 0xfb, - 0x2e, 0xb2, 0x2f, 0x27, 0xf5, 0x8a, 0x5d, 0x74, - 0xc1, 0x58, 0xc5, 0xc2, 0x2d, 0x9f, 0x52, 0xc6, - 0x63, 0x9f, 0xba, 0x05, 0x76, 0x45, 0x7a, 0x63}, - {0x8a, 0xfa, 0x55, 0x4d, 0xdd, 0xa3, 0xb2, 0xc3, - 0x44, 0xfd, 0xec, 0x72, 0xde, 0xef, 0xc0, 0x99, - 0xf5, 0x9f, 0xe2, 0x52, 0xb4, 0x05, 0x32, 0x58, - 0x57, 0xc1, 0x8f, 0xea, 0xc3, 0x24, 0x5b, 0x94}}, - {{0x05, 0x83, 0xee, 0xdd, 0x64, 0xf0, 0x14, 0x3b, - 0xa0, 0x14, 0x4a, 0x3a, 0x41, 0x82, 0x7c, 0xa7, - 0x2c, 0xaa, 0xb1, 0x76, 0xbb, 0x59, 0x64, 0x5f, - 0x52, 0xad, 0x25, 0x29, 0x9d, 0x8f, 0x0b, 0xb0}, - {0x7e, 0xe3, 0x7c, 0xca, 0xcd, 0x4f, 0xb0, 0x6d, - 0x7a, 0xb2, 0x3e, 0xa0, 0x08, 0xb9, 0xa8, 0x2d, - 0xc2, 0xf4, 0x99, 0x66, 0xcc, 0xac, 0xd8, 0xb9, - 0x72, 0x2a, 0x4a, 0x3e, 0x0f, 0x7b, 0xbf, 0xf4}}, - {{0x8c, 0x9c, 0x78, 0x2b, 0x39, 0x61, 0x7e, 0xf7, - 0x65, 0x37, 0x66, 0x09, 0x38, 0xb9, 0x6f, 0x70, - 0x78, 0x87, 0xff, 0xcf, 0x93, 0xca, 0x85, 0x06, - 0x44, 0x84, 0xa7, 0xfe, 0xd3, 0xa4, 0xe3, 0x7e}, - {0xa2, 0x56, 0x49, 0x23, 0x54, 0xa5, 0x50, 0xe9, - 0x5f, 0xf0, 0x4d, 0xe7, 0xdc, 0x38, 0x32, 0x79, - 0x4f, 0x1c, 0xb7, 0xe4, 0xbb, 0xf8, 0xbb, 0x2e, - 0x40, 0x41, 0x4b, 0xcc, 0xe3, 0x1e, 0x16, 0x36}}, - {{0x0c, 0x1e, 0xd7, 0x09, 0x25, 0x40, 0x97, 0xcb, - 0x5c, 0x46, 0xa8, 0xda, 0xef, 0x25, 0xd5, 0xe5, - 0x92, 0x4d, 0xcf, 0xa3, 0xc4, 0x5d, 0x35, 0x4a, - 0xe4, 0x61, 0x92, 0xf3, 0xbf, 0x0e, 0xcd, 0xbe}, - {0xe4, 0xaf, 0x0a, 0xb3, 0x30, 0x8b, 0x9b, 0x48, - 0x49, 0x43, 0xc7, 0x64, 0x60, 0x4a, 0x2b, 0x9e, - 0x95, 0x5f, 0x56, 0xe8, 0x35, 0xdc, 0xeb, 0xdc, - 0xc7, 0xc4, 0xfe, 0x30, 0x40, 0xc7, 0xbf, 0xa4}}, - {{0xd4, 0xa0, 0xf5, 0x81, 0x49, 0x6b, 0xb6, 0x8b, - 0x0a, 0x69, 0xf9, 0xfe, 0xa8, 0x32, 0xe5, 0xe0, - 0xa5, 0xcd, 0x02, 0x53, 0xf9, 0x2c, 0xe3, 0x53, - 0x83, 0x36, 0xc6, 0x02, 0xb5, 0xeb, 0x64, 0xb8}, - {0x1d, 0x42, 0xb9, 0xf9, 0xe9, 0xe3, 0x93, 0x2c, - 0x4c, 0xee, 0x6c, 0x5a, 0x47, 0x9e, 0x62, 0x01, - 0x6b, 0x04, 0xfe, 0xa4, 0x30, 0x2b, 0x0d, 0x4f, - 0x71, 0x10, 0xd3, 0x55, 0xca, 0xf3, 0x5e, 0x80}}, - {{0x77, 0x05, 0xf6, 0x0c, 0x15, 0x9b, 0x45, 0xe7, - 0xb9, 0x11, 0xb8, 0xf5, 0xd6, 0xda, 0x73, 0x0c, - 0xda, 0x92, 0xea, 0xd0, 0x9d, 0xd0, 0x18, 0x92, - 0xce, 0x9a, 0xaa, 0xee, 0x0f, 0xef, 0xde, 0x30}, - {0xf1, 0xf1, 0xd6, 0x9b, 0x51, 0xd7, 0x77, 0x62, - 0x52, 0x10, 0xb8, 0x7a, 0x84, 0x9d, 0x15, 0x4e, - 0x07, 0xdc, 0x1e, 0x75, 0x0d, 0x0c, 0x3b, 0xdb, - 0x74, 0x58, 0x62, 0x02, 0x90, 0x54, 0x8b, 0x43}}, - {{0xa6, 0xfe, 0x0b, 0x87, 0x80, 0x43, 0x67, 0x25, - 0x57, 0x5d, 0xec, 0x40, 0x50, 0x08, 0xd5, 0x5d, - 0x43, 0xd7, 0xe0, 0xaa, 0xe0, 0x13, 0xb6, 0xb0, - 0xc0, 0xd4, 0xe5, 0x0d, 0x45, 0x83, 0xd6, 0x13}, - {0x40, 0x45, 0x0a, 0x92, 0x31, 0xea, 0x8c, 0x60, - 0x8c, 0x1f, 0xd8, 0x76, 0x45, 0xb9, 0x29, 0x00, - 0x26, 0x32, 0xd8, 0xa6, 0x96, 0x88, 0xe2, 0xc4, - 0x8b, 0xdb, 0x7f, 0x17, 0x87, 0xcc, 0xc8, 0xf2}}, - {{0xc2, 0x56, 0xe2, 0xb6, 0x1a, 0x81, 0xe7, 0x31, - 0x63, 0x2e, 0xbb, 0x0d, 0x2f, 0x81, 0x67, 0xd4, - 0x22, 0xe2, 0x38, 0x02, 0x25, 0x97, 0xc7, 0x88, - 0x6e, 0xdf, 0xbe, 0x2a, 0xa5, 0x73, 0x63, 0xaa}, - {0x50, 0x45, 0xe2, 0xc3, 0xbd, 0x89, 0xfc, 0x57, - 0xbd, 0x3c, 0xa3, 0x98, 0x7e, 0x7f, 0x36, 0x38, - 0x92, 0x39, 0x1f, 0x0f, 0x81, 0x1a, 0x06, 0x51, - 0x1f, 0x8d, 0x6a, 0xff, 0x47, 0x16, 0x06, 0x9c}}, - {{0x33, 0x95, 0xa2, 0x6f, 0x27, 0x5f, 0x9c, 0x9c, - 0x64, 0x45, 0xcb, 0xd1, 0x3c, 0xee, 0x5e, 0x5f, - 0x48, 0xa6, 0xaf, 0xe3, 0x79, 0xcf, 0xb1, 0xe2, - 0xbf, 0x55, 0x0e, 0xa2, 0x3b, 0x62, 0xf0, 0xe4}, - {0x14, 0xe8, 0x06, 0xe3, 0xbe, 0x7e, 0x67, 0x01, - 0xc5, 0x21, 0x67, 0xd8, 0x54, 0xb5, 0x7f, 0xa4, - 0xf9, 0x75, 0x70, 0x1c, 0xfd, 0x79, 0xdb, 0x86, - 0xad, 0x37, 0x85, 0x83, 0x56, 0x4e, 0xf0, 0xbf}}, - {{0xbc, 0xa6, 0xe0, 0x56, 0x4e, 0xef, 0xfa, 0xf5, - 0x1d, 0x5d, 0x3f, 0x2a, 0x5b, 0x19, 0xab, 0x51, - 0xc5, 0x8b, 0xdd, 0x98, 0x28, 0x35, 0x2f, 0xc3, - 0x81, 0x4f, 0x5c, 0xe5, 0x70, 0xb9, 0xeb, 0x62}, - {0xc4, 0x6d, 0x26, 0xb0, 0x17, 0x6b, 0xfe, 0x6c, - 0x12, 0xf8, 0xe7, 0xc1, 0xf5, 0x2f, 0xfa, 0x91, - 0x13, 0x27, 0xbd, 0x73, 0xcc, 0x33, 0x31, 0x1c, - 0x39, 0xe3, 0x27, 0x6a, 0x95, 0xcf, 0xc5, 0xfb}}, - {{0x30, 0xb2, 0x99, 0x84, 0xf0, 0x18, 0x2a, 0x6e, - 0x1e, 0x27, 0xed, 0xa2, 0x29, 0x99, 0x41, 0x56, - 0xe8, 0xd4, 0x0d, 0xef, 0x99, 0x9c, 0xf3, 0x58, - 0x29, 0x55, 0x1a, 0xc0, 0x68, 0xd6, 0x74, 0xa4}, - {0x07, 0x9c, 0xe7, 0xec, 0xf5, 0x36, 0x73, 0x41, - 0xa3, 0x1c, 0xe5, 0x93, 0x97, 0x6a, 0xfd, 0xf7, - 0x53, 0x18, 0xab, 0xaf, 0xeb, 0x85, 0xbd, 0x92, - 0x90, 0xab, 0x3c, 0xbf, 0x30, 0x82, 0xad, 0xf6}}, - {{0xc6, 0x87, 0x8a, 0x2a, 0xea, 0xc0, 0xa9, 0xec, - 0x6d, 0xd3, 0xdc, 0x32, 0x23, 0xce, 0x62, 0x19, - 0xa4, 0x7e, 0xa8, 0xdd, 0x1c, 0x33, 0xae, 0xd3, - 0x4f, 0x62, 0x9f, 0x52, 0xe7, 0x65, 0x46, 0xf4}, - {0x97, 0x51, 0x27, 0x67, 0x2d, 0xa2, 0x82, 0x87, - 0x98, 0xd3, 0xb6, 0x14, 0x7f, 0x51, 0xd3, 0x9a, - 0x0b, 0xd0, 0x76, 0x81, 0xb2, 0x4f, 0x58, 0x92, - 0xa4, 0x86, 0xa1, 0xa7, 0x09, 0x1d, 0xef, 0x9b}}, - {{0xb3, 0x0f, 0x2b, 0x69, 0x0d, 0x06, 0x90, 0x64, - 0xbd, 0x43, 0x4c, 0x10, 0xe8, 0x98, 0x1c, 0xa3, - 0xe1, 0x68, 0xe9, 0x79, 0x6c, 0x29, 0x51, 0x3f, - 0x41, 0xdc, 0xdf, 0x1f, 0xf3, 0x60, 0xbe, 0x33}, - {0xa1, 0x5f, 0xf7, 0x1d, 0xb4, 0x3e, 0x9b, 0x3c, - 0xe7, 0xbd, 0xb6, 0x06, 0xd5, 0x60, 0x06, 0x6d, - 0x50, 0xd2, 0xf4, 0x1a, 0x31, 0x08, 0xf2, 0xea, - 0x8e, 0xef, 0x5f, 0x7d, 0xb6, 0xd0, 0xc0, 0x27}}, - {{0x62, 0x9a, 0xd9, 0xbb, 0x38, 0x36, 0xce, 0xf7, - 0x5d, 0x2f, 0x13, 0xec, 0xc8, 0x2d, 0x02, 0x8a, - 0x2e, 0x72, 0xf0, 0xe5, 0x15, 0x9d, 0x72, 0xae, - 0xfc, 0xb3, 0x4f, 0x02, 0xea, 0xe1, 0x09, 0xfe}, - {0x00, 0x00, 0x00, 0x00, 0xfa, 0x0a, 0x3d, 0xbc, - 0xad, 0x16, 0x0c, 0xb6, 0xe7, 0x7c, 0x8b, 0x39, - 0x9a, 0x43, 0xbb, 0xe3, 0xc2, 0x55, 0x15, 0x14, - 0x75, 0xac, 0x90, 0x9b, 0x7f, 0x9a, 0x92, 0x00}}, - {{0x8b, 0xac, 0x70, 0x86, 0x29, 0x8f, 0x00, 0x23, - 0x7b, 0x45, 0x30, 0xaa, 0xb8, 0x4c, 0xc7, 0x8d, - 0x4e, 0x47, 0x85, 0xc6, 0x19, 0xe3, 0x96, 0xc2, - 0x9a, 0xa0, 0x12, 0xed, 0x6f, 0xd7, 0x76, 0x16}, - {0x45, 0xaf, 0x7e, 0x33, 0xc7, 0x7f, 0x10, 0x6c, - 0x7c, 0x9f, 0x29, 0xc1, 0xa8, 0x7e, 0x15, 0x84, - 0xe7, 0x7d, 0xc0, 0x6d, 0xab, 0x71, 0x5d, 0xd0, - 0x6b, 0x9f, 0x97, 0xab, 0xcb, 0x51, 0x0c, 0x9f}}, - {{0x9e, 0xc3, 0x92, 0xb4, 0x04, 0x9f, 0xc8, 0xbb, - 0xdd, 0x9e, 0xc6, 0x05, 0xfd, 0x65, 0xec, 0x94, - 0x7f, 0x2c, 0x16, 0xc4, 0x40, 0xac, 0x63, 0x7b, - 0x7d, 0xb8, 0x0c, 0xe4, 0x5b, 0xe3, 0xa7, 0x0e}, - {0x43, 0xf4, 0x44, 0xe8, 0xcc, 0xc8, 0xd4, 0x54, - 0x33, 0x37, 0x50, 0xf2, 0x87, 0x42, 0x2e, 0x00, - 0x49, 0x60, 0x62, 0x02, 0xfd, 0x1a, 0x7c, 0xdb, - 0x29, 0x6c, 0x6d, 0x54, 0x53, 0x08, 0xd1, 0xc8}}, - {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}, - {{0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1, - 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0, - 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59, - 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}, - {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1, - 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0, - 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59, - 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}}, - {{0x28, 0x56, 0xac, 0x0e, 0x4f, 0x98, 0x09, 0xf0, - 0x49, 0xfa, 0x7f, 0x84, 0xac, 0x7e, 0x50, 0x5b, - 0x17, 0x43, 0x14, 0x89, 0x9c, 0x53, 0xa8, 0x94, - 0x30, 0xf2, 0x11, 0x4d, 0x92, 0x14, 0x27, 0xe8}, - {0x39, 0x7a, 0x84, 0x56, 0x79, 0x9d, 0xec, 0x26, - 0x2c, 0x53, 0xc1, 0x94, 0xc9, 0x8d, 0x9e, 0x9d, - 0x32, 0x1f, 0xdd, 0x84, 0x04, 0xe8, 0xe2, 0x0a, - 0x6b, 0xbe, 0xbb, 0x42, 0x40, 0x67, 0x30, 0x6c}}, - {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, - 0x40, 0x2d, 0xa1, 0x73, 0x2f, 0xc9, 0xbe, 0xbd}, - {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1, - 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0, - 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59, - 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}}, - {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, - 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, - 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}, - {{0x1c, 0xc4, 0xf7, 0xda, 0x0f, 0x65, 0xca, 0x39, - 0x70, 0x52, 0x92, 0x8e, 0xc3, 0xc8, 0x15, 0xea, - 0x7f, 0x10, 0x9e, 0x77, 0x4b, 0x6e, 0x2d, 0xdf, - 0xe8, 0x30, 0x9d, 0xda, 0xe8, 0x9a, 0x65, 0xae}, - {0x02, 0xb0, 0x16, 0xb1, 0x1d, 0xc8, 0x57, 0x7b, - 0xa2, 0x3a, 0xa2, 0xa3, 0x38, 0x5c, 0x8f, 0xeb, - 0x66, 0x37, 0x91, 0xa8, 0x5f, 0xef, 0x04, 0xf6, - 0x59, 0x75, 0xe1, 0xee, 0x92, 0xf6, 0x0e, 0x30}}, - {{0x8d, 0x76, 0x14, 0xa4, 0x14, 0x06, 0x9f, 0x9a, - 0xdf, 0x4a, 0x85, 0xa7, 0x6b, 0xbf, 0x29, 0x6f, - 0xbc, 0x34, 0x87, 0x5d, 0xeb, 0xbb, 0x2e, 0xa9, - 0xc9, 0x1f, 0x58, 0xd6, 0x9a, 0x82, 0xa0, 0x56}, - {0xd4, 0xb9, 0xdb, 0x88, 0x1d, 0x04, 0xe9, 0x93, - 0x8d, 0x3f, 0x20, 0xd5, 0x86, 0xa8, 0x83, 0x07, - 0xdb, 0x09, 0xd8, 0x22, 0x1f, 0x7f, 0xf1, 0x71, - 0xc8, 0xe7, 0x5d, 0x47, 0xaf, 0x8b, 0x72, 0xe9}}, - {{0x83, 0xb9, 0x39, 0xb2, 0xa4, 0xdf, 0x46, 0x87, - 0xc2, 0xb8, 0xf1, 0xe6, 0x4c, 0xd1, 0xe2, 0xa9, - 0xe4, 0x70, 0x30, 0x34, 0xbc, 0x52, 0x7c, 0x55, - 0xa6, 0xec, 0x80, 0xa4, 0xe5, 0xd2, 0xdc, 0x73}, - {0x08, 0xf1, 0x03, 0xcf, 0x16, 0x73, 0xe8, 0x7d, - 0xb6, 0x7e, 0x9b, 0xc0, 0xb4, 0xc2, 0xa5, 0x86, - 0x02, 0x77, 0xd5, 0x27, 0x86, 0xa5, 0x15, 0xfb, - 0xae, 0x9b, 0x8c, 0xa9, 0xf9, 0xf8, 0xa8, 0x4a}}, - {{0x8b, 0x00, 0x49, 0xdb, 0xfa, 0xf0, 0x1b, 0xa2, - 0xed, 0x8a, 0x9a, 0x7a, 0x36, 0x78, 0x4a, 0xc7, - 0xf7, 0xad, 0x39, 0xd0, 0x6c, 0x65, 0x7a, 0x41, - 0xce, 0xd6, 0xd6, 0x4c, 0x20, 0x21, 0x6b, 0xc7}, - {0xc6, 0xca, 0x78, 0x1d, 0x32, 0x6c, 0x6c, 0x06, - 0x91, 0xf2, 0x1a, 0xe8, 0x43, 0x16, 0xea, 0x04, - 0x3c, 0x1f, 0x07, 0x85, 0xf7, 0x09, 0x22, 0x08, - 0xba, 0x13, 0xfd, 0x78, 0x1e, 0x3f, 0x6f, 0x62}}, - {{0x25, 0x9b, 0x7c, 0xb0, 0xac, 0x72, 0x6f, 0xb2, - 0xe3, 0x53, 0x84, 0x7a, 0x1a, 0x9a, 0x98, 0x9b, - 0x44, 0xd3, 0x59, 0xd0, 0x8e, 0x57, 0x41, 0x40, - 0x78, 0xa7, 0x30, 0x2f, 0x4c, 0x9c, 0xb9, 0x68}, - {0xb7, 0x75, 0x03, 0x63, 0x61, 0xc2, 0x48, 0x6e, - 0x12, 0x3d, 0xbf, 0x4b, 0x27, 0xdf, 0xb1, 0x7a, - 0xff, 0x4e, 0x31, 0x07, 0x83, 0xf4, 0x62, 0x5b, - 0x19, 0xa5, 0xac, 0xa0, 0x32, 0x58, 0x0d, 0xa7}}, - {{0x43, 0x4f, 0x10, 0xa4, 0xca, 0xdb, 0x38, 0x67, - 0xfa, 0xae, 0x96, 0xb5, 0x6d, 0x97, 0xff, 0x1f, - 0xb6, 0x83, 0x43, 0xd3, 0xa0, 0x2d, 0x70, 0x7a, - 0x64, 0x05, 0x4c, 0xa7, 0xc1, 0xa5, 0x21, 0x51}, - {0xe4, 0xf1, 0x23, 0x84, 0xe1, 0xb5, 0x9d, 0xf2, - 0xb8, 0x73, 0x8b, 0x45, 0x2b, 0x35, 0x46, 0x38, - 0x10, 0x2b, 0x50, 0xf8, 0x8b, 0x35, 0xcd, 0x34, - 0xc8, 0x0e, 0xf6, 0xdb, 0x09, 0x35, 0xf0, 0xda}}, - {{0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34, - 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13, - 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46, - 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}, - {0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34, - 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13, - 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46, - 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}} - }; - secp256k1_scalar_set_int(&one, 1); - for (i = 0; i < 33; i++) { - secp256k1_scalar_set_b32(&x, chal[i][0], &overflow); - CHECK(!overflow); - secp256k1_scalar_set_b32(&y, chal[i][1], &overflow); - CHECK(!overflow); - secp256k1_scalar_set_b32(&r1, res[i][0], &overflow); - CHECK(!overflow); - secp256k1_scalar_set_b32(&r2, res[i][1], &overflow); - CHECK(!overflow); - secp256k1_scalar_mul(&z, &x, &y); - CHECK(!secp256k1_scalar_check_overflow(&z)); - CHECK(secp256k1_scalar_eq(&r1, &z)); - if (!secp256k1_scalar_is_zero(&y)) { - secp256k1_scalar_inverse(&zz, &y); - CHECK(!secp256k1_scalar_check_overflow(&zz)); -#if defined(USE_SCALAR_INV_NUM) - secp256k1_scalar_inverse_var(&zzv, &y); - CHECK(secp256k1_scalar_eq(&zzv, &zz)); -#endif - secp256k1_scalar_mul(&z, &z, &zz); - CHECK(!secp256k1_scalar_check_overflow(&z)); - CHECK(secp256k1_scalar_eq(&x, &z)); - secp256k1_scalar_mul(&zz, &zz, &y); - CHECK(!secp256k1_scalar_check_overflow(&zz)); - CHECK(secp256k1_scalar_eq(&one, &zz)); - } - secp256k1_scalar_mul(&z, &x, &x); - CHECK(!secp256k1_scalar_check_overflow(&z)); - secp256k1_scalar_sqr(&zz, &x); - CHECK(!secp256k1_scalar_check_overflow(&zz)); - CHECK(secp256k1_scalar_eq(&zz, &z)); - CHECK(secp256k1_scalar_eq(&r2, &zz)); - } - } -} - -/***** FIELD TESTS *****/ - -void random_fe(secp256k1_fe *x) { - unsigned char bin[32]; - do { - secp256k1_rand256(bin); - if (secp256k1_fe_set_b32(x, bin)) { - return; - } - } while(1); -} - -void random_fe_test(secp256k1_fe *x) { - unsigned char bin[32]; - do { - secp256k1_rand256_test(bin); - if (secp256k1_fe_set_b32(x, bin)) { - return; - } - } while(1); -} - -void random_fe_non_zero(secp256k1_fe *nz) { - int tries = 10; - while (--tries >= 0) { - random_fe(nz); - secp256k1_fe_normalize(nz); - if (!secp256k1_fe_is_zero(nz)) { - break; - } - } - /* Infinitesimal probability of spurious failure here */ - CHECK(tries >= 0); -} - -void random_fe_non_square(secp256k1_fe *ns) { - secp256k1_fe r; - random_fe_non_zero(ns); - if (secp256k1_fe_sqrt(&r, ns)) { - secp256k1_fe_negate(ns, ns, 1); - } -} - -int check_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b) { - secp256k1_fe an = *a; - secp256k1_fe bn = *b; - secp256k1_fe_normalize_weak(&an); - secp256k1_fe_normalize_var(&bn); - return secp256k1_fe_equal_var(&an, &bn); -} - -int check_fe_inverse(const secp256k1_fe *a, const secp256k1_fe *ai) { - secp256k1_fe x; - secp256k1_fe one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); - secp256k1_fe_mul(&x, a, ai); - return check_fe_equal(&x, &one); -} - -void run_field_convert(void) { - static const unsigned char b32[32] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, - 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40 - }; - static const secp256k1_fe_storage fes = SECP256K1_FE_STORAGE_CONST( - 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, - 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL - ); - static const secp256k1_fe fe = SECP256K1_FE_CONST( - 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, - 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL - ); - secp256k1_fe fe2; - unsigned char b322[32]; - secp256k1_fe_storage fes2; - /* Check conversions to fe. */ - CHECK(secp256k1_fe_set_b32(&fe2, b32)); - CHECK(secp256k1_fe_equal_var(&fe, &fe2)); - secp256k1_fe_from_storage(&fe2, &fes); - CHECK(secp256k1_fe_equal_var(&fe, &fe2)); - /* Check conversion from fe. */ - secp256k1_fe_get_b32(b322, &fe); - CHECK(memcmp(b322, b32, 32) == 0); - secp256k1_fe_to_storage(&fes2, &fe); - CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0); -} - -int fe_memcmp(const secp256k1_fe *a, const secp256k1_fe *b) { - secp256k1_fe t = *b; -#ifdef VERIFY - t.magnitude = a->magnitude; - t.normalized = a->normalized; -#endif - return memcmp(a, &t, sizeof(secp256k1_fe)); -} - -void run_field_misc(void) { - secp256k1_fe x; - secp256k1_fe y; - secp256k1_fe z; - secp256k1_fe q; - secp256k1_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); - int i, j; - for (i = 0; i < 5*count; i++) { - secp256k1_fe_storage xs, ys, zs; - random_fe(&x); - random_fe_non_zero(&y); - /* Test the fe equality and comparison operations. */ - CHECK(secp256k1_fe_cmp_var(&x, &x) == 0); - CHECK(secp256k1_fe_equal_var(&x, &x)); - z = x; - secp256k1_fe_add(&z,&y); - /* Test fe conditional move; z is not normalized here. */ - q = x; - secp256k1_fe_cmov(&x, &z, 0); -#ifdef VERIFY - CHECK(!x.normalized && x.magnitude == z.magnitude); -#endif - secp256k1_fe_cmov(&x, &x, 1); - CHECK(fe_memcmp(&x, &z) != 0); - CHECK(fe_memcmp(&x, &q) == 0); - secp256k1_fe_cmov(&q, &z, 1); -#ifdef VERIFY - CHECK(!q.normalized && q.magnitude == z.magnitude); -#endif - CHECK(fe_memcmp(&q, &z) == 0); - secp256k1_fe_normalize_var(&x); - secp256k1_fe_normalize_var(&z); - CHECK(!secp256k1_fe_equal_var(&x, &z)); - secp256k1_fe_normalize_var(&q); - secp256k1_fe_cmov(&q, &z, (i&1)); -#ifdef VERIFY - CHECK(q.normalized && q.magnitude == 1); -#endif - for (j = 0; j < 6; j++) { - secp256k1_fe_negate(&z, &z, j+1); - secp256k1_fe_normalize_var(&q); - secp256k1_fe_cmov(&q, &z, (j&1)); -#ifdef VERIFY - CHECK(!q.normalized && q.magnitude == (j+2)); -#endif - } - secp256k1_fe_normalize_var(&z); - /* Test storage conversion and conditional moves. */ - secp256k1_fe_to_storage(&xs, &x); - secp256k1_fe_to_storage(&ys, &y); - secp256k1_fe_to_storage(&zs, &z); - secp256k1_fe_storage_cmov(&zs, &xs, 0); - secp256k1_fe_storage_cmov(&zs, &zs, 1); - CHECK(memcmp(&xs, &zs, sizeof(xs)) != 0); - secp256k1_fe_storage_cmov(&ys, &xs, 1); - CHECK(memcmp(&xs, &ys, sizeof(xs)) == 0); - secp256k1_fe_from_storage(&x, &xs); - secp256k1_fe_from_storage(&y, &ys); - secp256k1_fe_from_storage(&z, &zs); - /* Test that mul_int, mul, and add agree. */ - secp256k1_fe_add(&y, &x); - secp256k1_fe_add(&y, &x); - z = x; - secp256k1_fe_mul_int(&z, 3); - CHECK(check_fe_equal(&y, &z)); - secp256k1_fe_add(&y, &x); - secp256k1_fe_add(&z, &x); - CHECK(check_fe_equal(&z, &y)); - z = x; - secp256k1_fe_mul_int(&z, 5); - secp256k1_fe_mul(&q, &x, &fe5); - CHECK(check_fe_equal(&z, &q)); - secp256k1_fe_negate(&x, &x, 1); - secp256k1_fe_add(&z, &x); - secp256k1_fe_add(&q, &x); - CHECK(check_fe_equal(&y, &z)); - CHECK(check_fe_equal(&q, &y)); - } -} - -void run_field_inv(void) { - secp256k1_fe x, xi, xii; - int i; - for (i = 0; i < 10*count; i++) { - random_fe_non_zero(&x); - secp256k1_fe_inv(&xi, &x); - CHECK(check_fe_inverse(&x, &xi)); - secp256k1_fe_inv(&xii, &xi); - CHECK(check_fe_equal(&x, &xii)); - } -} - -void run_field_inv_var(void) { - secp256k1_fe x, xi, xii; - int i; - for (i = 0; i < 10*count; i++) { - random_fe_non_zero(&x); - secp256k1_fe_inv_var(&xi, &x); - CHECK(check_fe_inverse(&x, &xi)); - secp256k1_fe_inv_var(&xii, &xi); - CHECK(check_fe_equal(&x, &xii)); - } -} - -void run_field_inv_all_var(void) { - secp256k1_fe x[16], xi[16], xii[16]; - int i; - /* Check it's safe to call for 0 elements */ - secp256k1_fe_inv_all_var(xi, x, 0); - for (i = 0; i < count; i++) { - size_t j; - size_t len = secp256k1_rand_int(15) + 1; - for (j = 0; j < len; j++) { - random_fe_non_zero(&x[j]); - } - secp256k1_fe_inv_all_var(xi, x, len); - for (j = 0; j < len; j++) { - CHECK(check_fe_inverse(&x[j], &xi[j])); - } - secp256k1_fe_inv_all_var(xii, xi, len); - for (j = 0; j < len; j++) { - CHECK(check_fe_equal(&x[j], &xii[j])); - } - } -} - -void run_sqr(void) { - secp256k1_fe x, s; - - { - int i; - secp256k1_fe_set_int(&x, 1); - secp256k1_fe_negate(&x, &x, 1); - - for (i = 1; i <= 512; ++i) { - secp256k1_fe_mul_int(&x, 2); - secp256k1_fe_normalize(&x); - secp256k1_fe_sqr(&s, &x); - } - } -} - -void test_sqrt(const secp256k1_fe *a, const secp256k1_fe *k) { - secp256k1_fe r1, r2; - int v = secp256k1_fe_sqrt(&r1, a); - CHECK((v == 0) == (k == NULL)); - - if (k != NULL) { - /* Check that the returned root is +/- the given known answer */ - secp256k1_fe_negate(&r2, &r1, 1); - secp256k1_fe_add(&r1, k); secp256k1_fe_add(&r2, k); - secp256k1_fe_normalize(&r1); secp256k1_fe_normalize(&r2); - CHECK(secp256k1_fe_is_zero(&r1) || secp256k1_fe_is_zero(&r2)); - } -} - -void run_sqrt(void) { - secp256k1_fe ns, x, s, t; - int i; - - /* Check sqrt(0) is 0 */ - secp256k1_fe_set_int(&x, 0); - secp256k1_fe_sqr(&s, &x); - test_sqrt(&s, &x); - - /* Check sqrt of small squares (and their negatives) */ - for (i = 1; i <= 100; i++) { - secp256k1_fe_set_int(&x, i); - secp256k1_fe_sqr(&s, &x); - test_sqrt(&s, &x); - secp256k1_fe_negate(&t, &s, 1); - test_sqrt(&t, NULL); - } - - /* Consistency checks for large random values */ - for (i = 0; i < 10; i++) { - int j; - random_fe_non_square(&ns); - for (j = 0; j < count; j++) { - random_fe(&x); - secp256k1_fe_sqr(&s, &x); - test_sqrt(&s, &x); - secp256k1_fe_negate(&t, &s, 1); - test_sqrt(&t, NULL); - secp256k1_fe_mul(&t, &s, &ns); - test_sqrt(&t, NULL); - } - } -} - -/***** GROUP TESTS *****/ - -void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) { - CHECK(a->infinity == b->infinity); - if (a->infinity) { - return; - } - CHECK(secp256k1_fe_equal_var(&a->x, &b->x)); - CHECK(secp256k1_fe_equal_var(&a->y, &b->y)); -} - -/* This compares jacobian points including their Z, not just their geometric meaning. */ -int gej_xyz_equals_gej(const secp256k1_gej *a, const secp256k1_gej *b) { - secp256k1_gej a2; - secp256k1_gej b2; - int ret = 1; - ret &= a->infinity == b->infinity; - if (ret && !a->infinity) { - a2 = *a; - b2 = *b; - secp256k1_fe_normalize(&a2.x); - secp256k1_fe_normalize(&a2.y); - secp256k1_fe_normalize(&a2.z); - secp256k1_fe_normalize(&b2.x); - secp256k1_fe_normalize(&b2.y); - secp256k1_fe_normalize(&b2.z); - ret &= secp256k1_fe_cmp_var(&a2.x, &b2.x) == 0; - ret &= secp256k1_fe_cmp_var(&a2.y, &b2.y) == 0; - ret &= secp256k1_fe_cmp_var(&a2.z, &b2.z) == 0; - } - return ret; -} - -void ge_equals_gej(const secp256k1_ge *a, const secp256k1_gej *b) { - secp256k1_fe z2s; - secp256k1_fe u1, u2, s1, s2; - CHECK(a->infinity == b->infinity); - if (a->infinity) { - return; - } - /* Check a.x * b.z^2 == b.x && a.y * b.z^3 == b.y, to avoid inverses. */ - secp256k1_fe_sqr(&z2s, &b->z); - secp256k1_fe_mul(&u1, &a->x, &z2s); - u2 = b->x; secp256k1_fe_normalize_weak(&u2); - secp256k1_fe_mul(&s1, &a->y, &z2s); secp256k1_fe_mul(&s1, &s1, &b->z); - s2 = b->y; secp256k1_fe_normalize_weak(&s2); - CHECK(secp256k1_fe_equal_var(&u1, &u2)); - CHECK(secp256k1_fe_equal_var(&s1, &s2)); -} - -void test_ge(void) { - int i, i1; -#ifdef USE_ENDOMORPHISM - int runs = 6; -#else - int runs = 4; -#endif - /* Points: (infinity, p1, p1, -p1, -p1, p2, p2, -p2, -p2, p3, p3, -p3, -p3, p4, p4, -p4, -p4). - * The second in each pair of identical points uses a random Z coordinate in the Jacobian form. - * All magnitudes are randomized. - * All 17*17 combinations of points are added to each other, using all applicable methods. - * - * When the endomorphism code is compiled in, p5 = lambda*p1 and p6 = lambda^2*p1 are added as well. - */ - secp256k1_ge *ge = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * (1 + 4 * runs)); - secp256k1_gej *gej = (secp256k1_gej *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_gej) * (1 + 4 * runs)); - secp256k1_fe *zinv = (secp256k1_fe *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_fe) * (1 + 4 * runs)); - secp256k1_fe zf; - secp256k1_fe zfi2, zfi3; - - secp256k1_gej_set_infinity(&gej[0]); - secp256k1_ge_clear(&ge[0]); - secp256k1_ge_set_gej_var(&ge[0], &gej[0]); - for (i = 0; i < runs; i++) { - int j; - secp256k1_ge g; - random_group_element_test(&g); -#ifdef USE_ENDOMORPHISM - if (i >= runs - 2) { - secp256k1_ge_mul_lambda(&g, &ge[1]); - } - if (i >= runs - 1) { - secp256k1_ge_mul_lambda(&g, &g); - } -#endif - ge[1 + 4 * i] = g; - ge[2 + 4 * i] = g; - secp256k1_ge_neg(&ge[3 + 4 * i], &g); - secp256k1_ge_neg(&ge[4 + 4 * i], &g); - secp256k1_gej_set_ge(&gej[1 + 4 * i], &ge[1 + 4 * i]); - random_group_element_jacobian_test(&gej[2 + 4 * i], &ge[2 + 4 * i]); - secp256k1_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]); - random_group_element_jacobian_test(&gej[4 + 4 * i], &ge[4 + 4 * i]); - for (j = 0; j < 4; j++) { - random_field_element_magnitude(&ge[1 + j + 4 * i].x); - random_field_element_magnitude(&ge[1 + j + 4 * i].y); - random_field_element_magnitude(&gej[1 + j + 4 * i].x); - random_field_element_magnitude(&gej[1 + j + 4 * i].y); - random_field_element_magnitude(&gej[1 + j + 4 * i].z); - } - } - - /* Compute z inverses. */ - { - secp256k1_fe *zs = checked_malloc(&ctx->error_callback, sizeof(secp256k1_fe) * (1 + 4 * runs)); - for (i = 0; i < 4 * runs + 1; i++) { - if (i == 0) { - /* The point at infinity does not have a meaningful z inverse. Any should do. */ - do { - random_field_element_test(&zs[i]); - } while(secp256k1_fe_is_zero(&zs[i])); - } else { - zs[i] = gej[i].z; - } - } - secp256k1_fe_inv_all_var(zinv, zs, 4 * runs + 1); - free(zs); - } - - /* Generate random zf, and zfi2 = 1/zf^2, zfi3 = 1/zf^3 */ - do { - random_field_element_test(&zf); - } while(secp256k1_fe_is_zero(&zf)); - random_field_element_magnitude(&zf); - secp256k1_fe_inv_var(&zfi3, &zf); - secp256k1_fe_sqr(&zfi2, &zfi3); - secp256k1_fe_mul(&zfi3, &zfi3, &zfi2); - - for (i1 = 0; i1 < 1 + 4 * runs; i1++) { - int i2; - for (i2 = 0; i2 < 1 + 4 * runs; i2++) { - /* Compute reference result using gej + gej (var). */ - secp256k1_gej refj, resj; - secp256k1_ge ref; - secp256k1_fe zr; - secp256k1_gej_add_var(&refj, &gej[i1], &gej[i2], secp256k1_gej_is_infinity(&gej[i1]) ? NULL : &zr); - /* Check Z ratio. */ - if (!secp256k1_gej_is_infinity(&gej[i1]) && !secp256k1_gej_is_infinity(&refj)) { - secp256k1_fe zrz; secp256k1_fe_mul(&zrz, &zr, &gej[i1].z); - CHECK(secp256k1_fe_equal_var(&zrz, &refj.z)); - } - secp256k1_ge_set_gej_var(&ref, &refj); - - /* Test gej + ge with Z ratio result (var). */ - secp256k1_gej_add_ge_var(&resj, &gej[i1], &ge[i2], secp256k1_gej_is_infinity(&gej[i1]) ? NULL : &zr); - ge_equals_gej(&ref, &resj); - if (!secp256k1_gej_is_infinity(&gej[i1]) && !secp256k1_gej_is_infinity(&resj)) { - secp256k1_fe zrz; secp256k1_fe_mul(&zrz, &zr, &gej[i1].z); - CHECK(secp256k1_fe_equal_var(&zrz, &resj.z)); - } - - /* Test gej + ge (var, with additional Z factor). */ - { - secp256k1_ge ge2_zfi = ge[i2]; /* the second term with x and y rescaled for z = 1/zf */ - secp256k1_fe_mul(&ge2_zfi.x, &ge2_zfi.x, &zfi2); - secp256k1_fe_mul(&ge2_zfi.y, &ge2_zfi.y, &zfi3); - random_field_element_magnitude(&ge2_zfi.x); - random_field_element_magnitude(&ge2_zfi.y); - secp256k1_gej_add_zinv_var(&resj, &gej[i1], &ge2_zfi, &zf); - ge_equals_gej(&ref, &resj); - } - - /* Test gej + ge (const). */ - if (i2 != 0) { - /* secp256k1_gej_add_ge does not support its second argument being infinity. */ - secp256k1_gej_add_ge(&resj, &gej[i1], &ge[i2]); - ge_equals_gej(&ref, &resj); - } - - /* Test doubling (var). */ - if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 == ((i2 + 3)%4)/2)) { - secp256k1_fe zr2; - /* Normal doubling with Z ratio result. */ - secp256k1_gej_double_var(&resj, &gej[i1], &zr2); - ge_equals_gej(&ref, &resj); - /* Check Z ratio. */ - secp256k1_fe_mul(&zr2, &zr2, &gej[i1].z); - CHECK(secp256k1_fe_equal_var(&zr2, &resj.z)); - /* Normal doubling. */ - secp256k1_gej_double_var(&resj, &gej[i2], NULL); - ge_equals_gej(&ref, &resj); - } - - /* Test adding opposites. */ - if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 != ((i2 + 3)%4)/2)) { - CHECK(secp256k1_ge_is_infinity(&ref)); - } - - /* Test adding infinity. */ - if (i1 == 0) { - CHECK(secp256k1_ge_is_infinity(&ge[i1])); - CHECK(secp256k1_gej_is_infinity(&gej[i1])); - ge_equals_gej(&ref, &gej[i2]); - } - if (i2 == 0) { - CHECK(secp256k1_ge_is_infinity(&ge[i2])); - CHECK(secp256k1_gej_is_infinity(&gej[i2])); - ge_equals_gej(&ref, &gej[i1]); - } - } - } - - /* Test adding all points together in random order equals infinity. */ - { - secp256k1_gej sum = SECP256K1_GEJ_CONST_INFINITY; - secp256k1_gej *gej_shuffled = (secp256k1_gej *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_gej)); - for (i = 0; i < 4 * runs + 1; i++) { - gej_shuffled[i] = gej[i]; - } - for (i = 0; i < 4 * runs + 1; i++) { - int swap = i + secp256k1_rand_int(4 * runs + 1 - i); - if (swap != i) { - secp256k1_gej t = gej_shuffled[i]; - gej_shuffled[i] = gej_shuffled[swap]; - gej_shuffled[swap] = t; - } - } - for (i = 0; i < 4 * runs + 1; i++) { - secp256k1_gej_add_var(&sum, &sum, &gej_shuffled[i], NULL); - } - CHECK(secp256k1_gej_is_infinity(&sum)); - free(gej_shuffled); - } - - /* Test batch gej -> ge conversion with and without known z ratios. */ - { - secp256k1_fe *zr = (secp256k1_fe *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_fe)); - secp256k1_ge *ge_set_all = (secp256k1_ge *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_ge)); - for (i = 0; i < 4 * runs + 1; i++) { - /* Compute gej[i + 1].z / gez[i].z (with gej[n].z taken to be 1). */ - if (i < 4 * runs) { - secp256k1_fe_mul(&zr[i + 1], &zinv[i], &gej[i + 1].z); - } - } - secp256k1_ge_set_all_gej_var(ge_set_all, gej, 4 * runs + 1); - for (i = 0; i < 4 * runs + 1; i++) { - secp256k1_fe s; - random_fe_non_zero(&s); - secp256k1_gej_rescale(&gej[i], &s); - ge_equals_gej(&ge_set_all[i], &gej[i]); - } - free(ge_set_all); - free(zr); - } - - /* Test batch gej -> ge conversion with many infinities. */ - for (i = 0; i < 4 * runs + 1; i++) { - random_group_element_test(&ge[i]); - /* randomly set half the points to infinity */ - if(secp256k1_fe_is_odd(&ge[i].x)) { - secp256k1_ge_set_infinity(&ge[i]); - } - secp256k1_gej_set_ge(&gej[i], &ge[i]); - } - /* batch invert */ - secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1); - /* check result */ - for (i = 0; i < 4 * runs + 1; i++) { - ge_equals_gej(&ge[i], &gej[i]); - } - - free(ge); - free(gej); - free(zinv); -} - -void test_add_neg_y_diff_x(void) { - /* The point of this test is to check that we can add two points - * whose y-coordinates are negatives of each other but whose x - * coordinates differ. If the x-coordinates were the same, these - * points would be negatives of each other and their sum is - * infinity. This is cool because it "covers up" any degeneracy - * in the addition algorithm that would cause the xy coordinates - * of the sum to be wrong (since infinity has no xy coordinates). - * HOWEVER, if the x-coordinates are different, infinity is the - * wrong answer, and such degeneracies are exposed. This is the - * root of https://github.com/bitcoin-core/secp256k1/issues/257 - * which this test is a regression test for. - * - * These points were generated in sage as - * # secp256k1 params - * F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) - * C = EllipticCurve ([F (0), F (7)]) - * G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798) - * N = FiniteField(G.order()) - * - * # endomorphism values (lambda is 1^{1/3} in N, beta is 1^{1/3} in F) - * x = polygen(N) - * lam = (1 - x^3).roots()[1][0] - * - * # random "bad pair" - * P = C.random_element() - * Q = -int(lam) * P - * print " P: %x %x" % P.xy() - * print " Q: %x %x" % Q.xy() - * print "P + Q: %x %x" % (P + Q).xy() - */ - secp256k1_gej aj = SECP256K1_GEJ_CONST( - 0x8d24cd95, 0x0a355af1, 0x3c543505, 0x44238d30, - 0x0643d79f, 0x05a59614, 0x2f8ec030, 0xd58977cb, - 0x001e337a, 0x38093dcd, 0x6c0f386d, 0x0b1293a8, - 0x4d72c879, 0xd7681924, 0x44e6d2f3, 0x9190117d - ); - secp256k1_gej bj = SECP256K1_GEJ_CONST( - 0xc7b74206, 0x1f788cd9, 0xabd0937d, 0x164a0d86, - 0x95f6ff75, 0xf19a4ce9, 0xd013bd7b, 0xbf92d2a7, - 0xffe1cc85, 0xc7f6c232, 0x93f0c792, 0xf4ed6c57, - 0xb28d3786, 0x2897e6db, 0xbb192d0b, 0x6e6feab2 - ); - secp256k1_gej sumj = SECP256K1_GEJ_CONST( - 0x671a63c0, 0x3efdad4c, 0x389a7798, 0x24356027, - 0xb3d69010, 0x278625c3, 0x5c86d390, 0x184a8f7a, - 0x5f6409c2, 0x2ce01f2b, 0x511fd375, 0x25071d08, - 0xda651801, 0x70e95caf, 0x8f0d893c, 0xbed8fbbe - ); - secp256k1_ge b; - secp256k1_gej resj; - secp256k1_ge res; - secp256k1_ge_set_gej(&b, &bj); - - secp256k1_gej_add_var(&resj, &aj, &bj, NULL); - secp256k1_ge_set_gej(&res, &resj); - ge_equals_gej(&res, &sumj); - - secp256k1_gej_add_ge(&resj, &aj, &b); - secp256k1_ge_set_gej(&res, &resj); - ge_equals_gej(&res, &sumj); - - secp256k1_gej_add_ge_var(&resj, &aj, &b, NULL); - secp256k1_ge_set_gej(&res, &resj); - ge_equals_gej(&res, &sumj); -} - -void run_ge(void) { - int i; - for (i = 0; i < count * 32; i++) { - test_ge(); - } - test_add_neg_y_diff_x(); -} - -void test_ec_combine(void) { - secp256k1_scalar sum = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); - secp256k1_pubkey data[6]; - const secp256k1_pubkey* d[6]; - secp256k1_pubkey sd; - secp256k1_pubkey sd2; - secp256k1_gej Qj; - secp256k1_ge Q; - int i; - for (i = 1; i <= 6; i++) { - secp256k1_scalar s; - random_scalar_order_test(&s); - secp256k1_scalar_add(&sum, &sum, &s); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &s); - secp256k1_ge_set_gej(&Q, &Qj); - secp256k1_pubkey_save(&data[i - 1], &Q); - d[i - 1] = &data[i - 1]; - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &sum); - secp256k1_ge_set_gej(&Q, &Qj); - secp256k1_pubkey_save(&sd, &Q); - CHECK(secp256k1_ec_pubkey_combine(ctx, &sd2, d, i) == 1); - CHECK(memcmp(&sd, &sd2, sizeof(sd)) == 0); - } -} - -void run_ec_combine(void) { - int i; - for (i = 0; i < count * 8; i++) { - test_ec_combine(); - } -} - -void test_group_decompress(const secp256k1_fe* x) { - /* The input itself, normalized. */ - secp256k1_fe fex = *x; - secp256k1_fe fez; - /* Results of set_xquad_var, set_xo_var(..., 0), set_xo_var(..., 1). */ - secp256k1_ge ge_quad, ge_even, ge_odd; - secp256k1_gej gej_quad; - /* Return values of the above calls. */ - int res_quad, res_even, res_odd; - - secp256k1_fe_normalize_var(&fex); - - res_quad = secp256k1_ge_set_xquad(&ge_quad, &fex); - res_even = secp256k1_ge_set_xo_var(&ge_even, &fex, 0); - res_odd = secp256k1_ge_set_xo_var(&ge_odd, &fex, 1); - - CHECK(res_quad == res_even); - CHECK(res_quad == res_odd); - - if (res_quad) { - secp256k1_fe_normalize_var(&ge_quad.x); - secp256k1_fe_normalize_var(&ge_odd.x); - secp256k1_fe_normalize_var(&ge_even.x); - secp256k1_fe_normalize_var(&ge_quad.y); - secp256k1_fe_normalize_var(&ge_odd.y); - secp256k1_fe_normalize_var(&ge_even.y); - - /* No infinity allowed. */ - CHECK(!ge_quad.infinity); - CHECK(!ge_even.infinity); - CHECK(!ge_odd.infinity); - - /* Check that the x coordinates check out. */ - CHECK(secp256k1_fe_equal_var(&ge_quad.x, x)); - CHECK(secp256k1_fe_equal_var(&ge_even.x, x)); - CHECK(secp256k1_fe_equal_var(&ge_odd.x, x)); - - /* Check that the Y coordinate result in ge_quad is a square. */ - CHECK(secp256k1_fe_is_quad_var(&ge_quad.y)); - - /* Check odd/even Y in ge_odd, ge_even. */ - CHECK(secp256k1_fe_is_odd(&ge_odd.y)); - CHECK(!secp256k1_fe_is_odd(&ge_even.y)); - - /* Check secp256k1_gej_has_quad_y_var. */ - secp256k1_gej_set_ge(&gej_quad, &ge_quad); - CHECK(secp256k1_gej_has_quad_y_var(&gej_quad)); - do { - random_fe_test(&fez); - } while (secp256k1_fe_is_zero(&fez)); - secp256k1_gej_rescale(&gej_quad, &fez); - CHECK(secp256k1_gej_has_quad_y_var(&gej_quad)); - secp256k1_gej_neg(&gej_quad, &gej_quad); - CHECK(!secp256k1_gej_has_quad_y_var(&gej_quad)); - do { - random_fe_test(&fez); - } while (secp256k1_fe_is_zero(&fez)); - secp256k1_gej_rescale(&gej_quad, &fez); - CHECK(!secp256k1_gej_has_quad_y_var(&gej_quad)); - secp256k1_gej_neg(&gej_quad, &gej_quad); - CHECK(secp256k1_gej_has_quad_y_var(&gej_quad)); - } -} - -void run_group_decompress(void) { - int i; - for (i = 0; i < count * 4; i++) { - secp256k1_fe fe; - random_fe_test(&fe); - test_group_decompress(&fe); - } -} - -/***** ECMULT TESTS *****/ - -void run_ecmult_chain(void) { - /* random starting point A (on the curve) */ - secp256k1_gej a = SECP256K1_GEJ_CONST( - 0x8b30bbe9, 0xae2a9906, 0x96b22f67, 0x0709dff3, - 0x727fd8bc, 0x04d3362c, 0x6c7bf458, 0xe2846004, - 0xa357ae91, 0x5c4a6528, 0x1309edf2, 0x0504740f, - 0x0eb33439, 0x90216b4f, 0x81063cb6, 0x5f2f7e0f - ); - /* two random initial factors xn and gn */ - secp256k1_scalar xn = SECP256K1_SCALAR_CONST( - 0x84cc5452, 0xf7fde1ed, 0xb4d38a8c, 0xe9b1b84c, - 0xcef31f14, 0x6e569be9, 0x705d357a, 0x42985407 - ); - secp256k1_scalar gn = SECP256K1_SCALAR_CONST( - 0xa1e58d22, 0x553dcd42, 0xb2398062, 0x5d4c57a9, - 0x6e9323d4, 0x2b3152e5, 0xca2c3990, 0xedc7c9de - ); - /* two small multipliers to be applied to xn and gn in every iteration: */ - static const secp256k1_scalar xf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x1337); - static const secp256k1_scalar gf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x7113); - /* accumulators with the resulting coefficients to A and G */ - secp256k1_scalar ae = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); - secp256k1_scalar ge = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); - /* actual points */ - secp256k1_gej x; - secp256k1_gej x2; - int i; - - /* the point being computed */ - x = a; - for (i = 0; i < 200*count; i++) { - /* in each iteration, compute X = xn*X + gn*G; */ - secp256k1_ecmult(&ctx->ecmult_ctx, &x, &x, &xn, &gn); - /* also compute ae and ge: the actual accumulated factors for A and G */ - /* if X was (ae*A+ge*G), xn*X + gn*G results in (xn*ae*A + (xn*ge+gn)*G) */ - secp256k1_scalar_mul(&ae, &ae, &xn); - secp256k1_scalar_mul(&ge, &ge, &xn); - secp256k1_scalar_add(&ge, &ge, &gn); - /* modify xn and gn */ - secp256k1_scalar_mul(&xn, &xn, &xf); - secp256k1_scalar_mul(&gn, &gn, &gf); - - /* verify */ - if (i == 19999) { - /* expected result after 19999 iterations */ - secp256k1_gej rp = SECP256K1_GEJ_CONST( - 0xD6E96687, 0xF9B10D09, 0x2A6F3543, 0x9D86CEBE, - 0xA4535D0D, 0x409F5358, 0x6440BD74, 0xB933E830, - 0xB95CBCA2, 0xC77DA786, 0x539BE8FD, 0x53354D2D, - 0x3B4F566A, 0xE6580454, 0x07ED6015, 0xEE1B2A88 - ); - - secp256k1_gej_neg(&rp, &rp); - secp256k1_gej_add_var(&rp, &rp, &x, NULL); - CHECK(secp256k1_gej_is_infinity(&rp)); - } - } - /* redo the computation, but directly with the resulting ae and ge coefficients: */ - secp256k1_ecmult(&ctx->ecmult_ctx, &x2, &a, &ae, &ge); - secp256k1_gej_neg(&x2, &x2); - secp256k1_gej_add_var(&x2, &x2, &x, NULL); - CHECK(secp256k1_gej_is_infinity(&x2)); -} - -void test_point_times_order(const secp256k1_gej *point) { - /* X * (point + G) + (order-X) * (pointer + G) = 0 */ - secp256k1_scalar x; - secp256k1_scalar nx; - secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); - secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); - secp256k1_gej res1, res2; - secp256k1_ge res3; - unsigned char pub[65]; - size_t psize = 65; - random_scalar_order_test(&x); - secp256k1_scalar_negate(&nx, &x); - secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &x, &x); /* calc res1 = x * point + x * G; */ - secp256k1_ecmult(&ctx->ecmult_ctx, &res2, point, &nx, &nx); /* calc res2 = (order - x) * point + (order - x) * G; */ - secp256k1_gej_add_var(&res1, &res1, &res2, NULL); - CHECK(secp256k1_gej_is_infinity(&res1)); - CHECK(secp256k1_gej_is_valid_var(&res1) == 0); - secp256k1_ge_set_gej(&res3, &res1); - CHECK(secp256k1_ge_is_infinity(&res3)); - CHECK(secp256k1_ge_is_valid_var(&res3) == 0); - CHECK(secp256k1_eckey_pubkey_serialize(&res3, pub, &psize, 0) == 0); - psize = 65; - CHECK(secp256k1_eckey_pubkey_serialize(&res3, pub, &psize, 1) == 0); - /* check zero/one edge cases */ - secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &zero, &zero); - secp256k1_ge_set_gej(&res3, &res1); - CHECK(secp256k1_ge_is_infinity(&res3)); - secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &one, &zero); - secp256k1_ge_set_gej(&res3, &res1); - ge_equals_gej(&res3, point); - secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &zero, &one); - secp256k1_ge_set_gej(&res3, &res1); - ge_equals_ge(&res3, &secp256k1_ge_const_g); -} - -void run_point_times_order(void) { - int i; - secp256k1_fe x = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 2); - static const secp256k1_fe xr = SECP256K1_FE_CONST( - 0x7603CB59, 0xB0EF6C63, 0xFE608479, 0x2A0C378C, - 0xDB3233A8, 0x0F8A9A09, 0xA877DEAD, 0x31B38C45 - ); - for (i = 0; i < 500; i++) { - secp256k1_ge p; - if (secp256k1_ge_set_xo_var(&p, &x, 1)) { - secp256k1_gej j; - CHECK(secp256k1_ge_is_valid_var(&p)); - secp256k1_gej_set_ge(&j, &p); - CHECK(secp256k1_gej_is_valid_var(&j)); - test_point_times_order(&j); - } - secp256k1_fe_sqr(&x, &x); - } - secp256k1_fe_normalize_var(&x); - CHECK(secp256k1_fe_equal_var(&x, &xr)); -} - -void ecmult_const_random_mult(void) { - /* random starting point A (on the curve) */ - secp256k1_ge a = SECP256K1_GE_CONST( - 0x6d986544, 0x57ff52b8, 0xcf1b8126, 0x5b802a5b, - 0xa97f9263, 0xb1e88044, 0x93351325, 0x91bc450a, - 0x535c59f7, 0x325e5d2b, 0xc391fbe8, 0x3c12787c, - 0x337e4a98, 0xe82a9011, 0x0123ba37, 0xdd769c7d - ); - /* random initial factor xn */ - secp256k1_scalar xn = SECP256K1_SCALAR_CONST( - 0x649d4f77, 0xc4242df7, 0x7f2079c9, 0x14530327, - 0xa31b876a, 0xd2d8ce2a, 0x2236d5c6, 0xd7b2029b - ); - /* expected xn * A (from sage) */ - secp256k1_ge expected_b = SECP256K1_GE_CONST( - 0x23773684, 0x4d209dc7, 0x098a786f, 0x20d06fcd, - 0x070a38bf, 0xc11ac651, 0x03004319, 0x1e2a8786, - 0xed8c3b8e, 0xc06dd57b, 0xd06ea66e, 0x45492b0f, - 0xb84e4e1b, 0xfb77e21f, 0x96baae2a, 0x63dec956 - ); - secp256k1_gej b; - secp256k1_ecmult_const(&b, &a, &xn, 256); - - CHECK(secp256k1_ge_is_valid_var(&a)); - ge_equals_gej(&expected_b, &b); -} - -void ecmult_const_commutativity(void) { - secp256k1_scalar a; - secp256k1_scalar b; - secp256k1_gej res1; - secp256k1_gej res2; - secp256k1_ge mid1; - secp256k1_ge mid2; - random_scalar_order_test(&a); - random_scalar_order_test(&b); - - secp256k1_ecmult_const(&res1, &secp256k1_ge_const_g, &a, 256); - secp256k1_ecmult_const(&res2, &secp256k1_ge_const_g, &b, 256); - secp256k1_ge_set_gej(&mid1, &res1); - secp256k1_ge_set_gej(&mid2, &res2); - secp256k1_ecmult_const(&res1, &mid1, &b, 256); - secp256k1_ecmult_const(&res2, &mid2, &a, 256); - secp256k1_ge_set_gej(&mid1, &res1); - secp256k1_ge_set_gej(&mid2, &res2); - ge_equals_ge(&mid1, &mid2); -} - -void ecmult_const_mult_zero_one(void) { - secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); - secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); - secp256k1_scalar negone; - secp256k1_gej res1; - secp256k1_ge res2; - secp256k1_ge point; - secp256k1_scalar_negate(&negone, &one); - - random_group_element_test(&point); - secp256k1_ecmult_const(&res1, &point, &zero, 3); - secp256k1_ge_set_gej(&res2, &res1); - CHECK(secp256k1_ge_is_infinity(&res2)); - secp256k1_ecmult_const(&res1, &point, &one, 2); - secp256k1_ge_set_gej(&res2, &res1); - ge_equals_ge(&res2, &point); - secp256k1_ecmult_const(&res1, &point, &negone, 256); - secp256k1_gej_neg(&res1, &res1); - secp256k1_ge_set_gej(&res2, &res1); - ge_equals_ge(&res2, &point); -} - -void ecmult_const_chain_multiply(void) { - /* Check known result (randomly generated test problem from sage) */ - const secp256k1_scalar scalar = SECP256K1_SCALAR_CONST( - 0x4968d524, 0x2abf9b7a, 0x466abbcf, 0x34b11b6d, - 0xcd83d307, 0x827bed62, 0x05fad0ce, 0x18fae63b - ); - const secp256k1_gej expected_point = SECP256K1_GEJ_CONST( - 0x5494c15d, 0x32099706, 0xc2395f94, 0x348745fd, - 0x757ce30e, 0x4e8c90fb, 0xa2bad184, 0xf883c69f, - 0x5d195d20, 0xe191bf7f, 0x1be3e55f, 0x56a80196, - 0x6071ad01, 0xf1462f66, 0xc997fa94, 0xdb858435 - ); - secp256k1_gej point; - secp256k1_ge res; - int i; - - secp256k1_gej_set_ge(&point, &secp256k1_ge_const_g); - for (i = 0; i < 100; ++i) { - secp256k1_ge tmp; - secp256k1_ge_set_gej(&tmp, &point); - secp256k1_ecmult_const(&point, &tmp, &scalar, 256); - } - secp256k1_ge_set_gej(&res, &point); - ge_equals_gej(&res, &expected_point); -} - -void run_ecmult_const_tests(void) { - ecmult_const_mult_zero_one(); - ecmult_const_random_mult(); - ecmult_const_commutativity(); - ecmult_const_chain_multiply(); -} - -typedef struct { - secp256k1_scalar *sc; - secp256k1_ge *pt; -} ecmult_multi_data; - -static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { - ecmult_multi_data *data = (ecmult_multi_data*) cbdata; - *sc = data->sc[idx]; - *pt = data->pt[idx]; - return 1; -} - -static int ecmult_multi_false_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { - (void)sc; - (void)pt; - (void)idx; - (void)cbdata; - return 0; -} - -void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func ecmult_multi) { - int ncount; - secp256k1_scalar szero; - secp256k1_scalar sc[32]; - secp256k1_ge pt[32]; - secp256k1_gej r; - secp256k1_gej r2; - ecmult_multi_data data; - - data.sc = sc; - data.pt = pt; - secp256k1_scalar_set_int(&szero, 0); - - /* No points to multiply */ - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, NULL, ecmult_multi_callback, &data, 0)); - - /* Check 1- and 2-point multiplies against ecmult */ - for (ncount = 0; ncount < count; ncount++) { - secp256k1_ge ptg; - secp256k1_gej ptgj; - random_scalar_order(&sc[0]); - random_scalar_order(&sc[1]); - - random_group_element_test(&ptg); - secp256k1_gej_set_ge(&ptgj, &ptg); - pt[0] = ptg; - pt[1] = secp256k1_ge_const_g; - - /* only G scalar */ - secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &szero, &sc[0]); - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &sc[0], ecmult_multi_callback, &data, 0)); - secp256k1_gej_neg(&r2, &r2); - secp256k1_gej_add_var(&r, &r, &r2, NULL); - CHECK(secp256k1_gej_is_infinity(&r)); - - /* 1-point */ - secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &szero); - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 1)); - secp256k1_gej_neg(&r2, &r2); - secp256k1_gej_add_var(&r, &r, &r2, NULL); - CHECK(secp256k1_gej_is_infinity(&r)); - - /* Try to multiply 1 point, but callback returns false */ - CHECK(!ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_false_callback, &data, 1)); - - /* 2-point */ - secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &sc[1]); - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 2)); - secp256k1_gej_neg(&r2, &r2); - secp256k1_gej_add_var(&r, &r, &r2, NULL); - CHECK(secp256k1_gej_is_infinity(&r)); - - /* 2-point with G scalar */ - secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &sc[1]); - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &sc[1], ecmult_multi_callback, &data, 1)); - secp256k1_gej_neg(&r2, &r2); - secp256k1_gej_add_var(&r, &r, &r2, NULL); - CHECK(secp256k1_gej_is_infinity(&r)); - } - - /* Check infinite outputs of various forms */ - for (ncount = 0; ncount < count; ncount++) { - secp256k1_ge ptg; - size_t i, j; - size_t sizes[] = { 2, 10, 32 }; - - for (j = 0; j < 3; j++) { - for (i = 0; i < 32; i++) { - random_scalar_order(&sc[i]); - secp256k1_ge_set_infinity(&pt[i]); - } - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); - CHECK(secp256k1_gej_is_infinity(&r)); - } - - for (j = 0; j < 3; j++) { - for (i = 0; i < 32; i++) { - random_group_element_test(&ptg); - pt[i] = ptg; - secp256k1_scalar_set_int(&sc[i], 0); - } - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); - CHECK(secp256k1_gej_is_infinity(&r)); - } - - for (j = 0; j < 3; j++) { - random_group_element_test(&ptg); - for (i = 0; i < 16; i++) { - random_scalar_order(&sc[2*i]); - secp256k1_scalar_negate(&sc[2*i + 1], &sc[2*i]); - pt[2 * i] = ptg; - pt[2 * i + 1] = ptg; - } - - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); - CHECK(secp256k1_gej_is_infinity(&r)); - - random_scalar_order(&sc[0]); - for (i = 0; i < 16; i++) { - random_group_element_test(&ptg); - - sc[2*i] = sc[0]; - sc[2*i+1] = sc[0]; - pt[2 * i] = ptg; - secp256k1_ge_neg(&pt[2*i+1], &pt[2*i]); - } - - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); - CHECK(secp256k1_gej_is_infinity(&r)); - } - - random_group_element_test(&ptg); - secp256k1_scalar_set_int(&sc[0], 0); - pt[0] = ptg; - for (i = 1; i < 32; i++) { - pt[i] = ptg; - - random_scalar_order(&sc[i]); - secp256k1_scalar_add(&sc[0], &sc[0], &sc[i]); - secp256k1_scalar_negate(&sc[i], &sc[i]); - } - - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 32)); - CHECK(secp256k1_gej_is_infinity(&r)); - } - - /* Check random points, constant scalar */ - for (ncount = 0; ncount < count; ncount++) { - size_t i; - secp256k1_gej_set_infinity(&r); - - random_scalar_order(&sc[0]); - for (i = 0; i < 20; i++) { - secp256k1_ge ptg; - sc[i] = sc[0]; - random_group_element_test(&ptg); - pt[i] = ptg; - secp256k1_gej_add_ge_var(&r, &r, &pt[i], NULL); - } - - secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &r, &sc[0], &szero); - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); - secp256k1_gej_neg(&r2, &r2); - secp256k1_gej_add_var(&r, &r, &r2, NULL); - CHECK(secp256k1_gej_is_infinity(&r)); - } - - /* Check random scalars, constant point */ - for (ncount = 0; ncount < count; ncount++) { - size_t i; - secp256k1_ge ptg; - secp256k1_gej p0j; - secp256k1_scalar rs; - secp256k1_scalar_set_int(&rs, 0); - - random_group_element_test(&ptg); - for (i = 0; i < 20; i++) { - random_scalar_order(&sc[i]); - pt[i] = ptg; - secp256k1_scalar_add(&rs, &rs, &sc[i]); - } - - secp256k1_gej_set_ge(&p0j, &pt[0]); - secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &p0j, &rs, &szero); - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); - secp256k1_gej_neg(&r2, &r2); - secp256k1_gej_add_var(&r, &r, &r2, NULL); - CHECK(secp256k1_gej_is_infinity(&r)); - } - - /* Sanity check that zero scalars don't cause problems */ - for (ncount = 0; ncount < 20; ncount++) { - random_scalar_order(&sc[ncount]); - random_group_element_test(&pt[ncount]); - } - - secp256k1_scalar_clear(&sc[0]); - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); - secp256k1_scalar_clear(&sc[1]); - secp256k1_scalar_clear(&sc[2]); - secp256k1_scalar_clear(&sc[3]); - secp256k1_scalar_clear(&sc[4]); - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 6)); - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 5)); - CHECK(secp256k1_gej_is_infinity(&r)); - - /* Run through s0*(t0*P) + s1*(t1*P) exhaustively for many small values of s0, s1, t0, t1 */ - { - const size_t TOP = 8; - size_t s0i, s1i; - size_t t0i, t1i; - secp256k1_ge ptg; - secp256k1_gej ptgj; - - random_group_element_test(&ptg); - secp256k1_gej_set_ge(&ptgj, &ptg); - - for(t0i = 0; t0i < TOP; t0i++) { - for(t1i = 0; t1i < TOP; t1i++) { - secp256k1_gej t0p, t1p; - secp256k1_scalar t0, t1; - - secp256k1_scalar_set_int(&t0, (t0i + 1) / 2); - secp256k1_scalar_cond_negate(&t0, t0i & 1); - secp256k1_scalar_set_int(&t1, (t1i + 1) / 2); - secp256k1_scalar_cond_negate(&t1, t1i & 1); - - secp256k1_ecmult(&ctx->ecmult_ctx, &t0p, &ptgj, &t0, &szero); - secp256k1_ecmult(&ctx->ecmult_ctx, &t1p, &ptgj, &t1, &szero); - - for(s0i = 0; s0i < TOP; s0i++) { - for(s1i = 0; s1i < TOP; s1i++) { - secp256k1_scalar tmp1, tmp2; - secp256k1_gej expected, actual; - - secp256k1_ge_set_gej(&pt[0], &t0p); - secp256k1_ge_set_gej(&pt[1], &t1p); - - secp256k1_scalar_set_int(&sc[0], (s0i + 1) / 2); - secp256k1_scalar_cond_negate(&sc[0], s0i & 1); - secp256k1_scalar_set_int(&sc[1], (s1i + 1) / 2); - secp256k1_scalar_cond_negate(&sc[1], s1i & 1); - - secp256k1_scalar_mul(&tmp1, &t0, &sc[0]); - secp256k1_scalar_mul(&tmp2, &t1, &sc[1]); - secp256k1_scalar_add(&tmp1, &tmp1, &tmp2); - - secp256k1_ecmult(&ctx->ecmult_ctx, &expected, &ptgj, &tmp1, &szero); - CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &actual, &szero, ecmult_multi_callback, &data, 2)); - secp256k1_gej_neg(&expected, &expected); - secp256k1_gej_add_var(&actual, &actual, &expected, NULL); - CHECK(secp256k1_gej_is_infinity(&actual)); - } - } - } - } - } -} - -void test_ecmult_multi_batch_single(secp256k1_ecmult_multi_func ecmult_multi) { - secp256k1_scalar szero; - secp256k1_scalar sc[32]; - secp256k1_ge pt[32]; - secp256k1_gej r; - ecmult_multi_data data; - secp256k1_scratch *scratch_empty; - - data.sc = sc; - data.pt = pt; - secp256k1_scalar_set_int(&szero, 0); - - /* Try to multiply 1 point, but scratch space is empty.*/ - scratch_empty = secp256k1_scratch_create(&ctx->error_callback, 0); - CHECK(!ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch_empty, &r, &szero, ecmult_multi_callback, &data, 1)); - secp256k1_scratch_destroy(&ctx->error_callback, scratch_empty); -} - -void test_secp256k1_pippenger_bucket_window_inv(void) { - int i; - - CHECK(secp256k1_pippenger_bucket_window_inv(0) == 0); - for(i = 1; i <= PIPPENGER_MAX_BUCKET_WINDOW; i++) { -#ifdef USE_ENDOMORPHISM - /* Bucket_window of 8 is not used with endo */ - if (i == 8) { - continue; - } -#endif - CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)) == i); - if (i != PIPPENGER_MAX_BUCKET_WINDOW) { - CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)+1) > i); - } - } -} - -/** - * Probabilistically test the function returning the maximum number of possible points - * for a given scratch space. - */ -void test_ecmult_multi_pippenger_max_points(void) { - size_t scratch_size = secp256k1_rand_int(256); - size_t max_size = secp256k1_pippenger_scratch_size(secp256k1_pippenger_bucket_window_inv(PIPPENGER_MAX_BUCKET_WINDOW-1)+512, 12); - secp256k1_scratch *scratch; - size_t n_points_supported; - int bucket_window = 0; - - for(; scratch_size < max_size; scratch_size+=256) { - size_t i; - size_t total_alloc; - size_t checkpoint; - scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size); - CHECK(scratch != NULL); - checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch); - n_points_supported = secp256k1_pippenger_max_points(&ctx->error_callback, scratch); - if (n_points_supported == 0) { - secp256k1_scratch_destroy(&ctx->error_callback, scratch); - continue; - } - bucket_window = secp256k1_pippenger_bucket_window(n_points_supported); - /* allocate `total_alloc` bytes over `PIPPENGER_SCRATCH_OBJECTS` many allocations */ - total_alloc = secp256k1_pippenger_scratch_size(n_points_supported, bucket_window); - for (i = 0; i < PIPPENGER_SCRATCH_OBJECTS - 1; i++) { - CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, 1)); - total_alloc--; - } - CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, total_alloc)); - secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); - } - CHECK(bucket_window == PIPPENGER_MAX_BUCKET_WINDOW); -} - -void test_ecmult_multi_batch_size_helper(void) { - size_t n_batches, n_batch_points, max_n_batch_points, n; - - max_n_batch_points = 0; - n = 1; - CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 0); - - max_n_batch_points = 1; - n = 0; - CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); - CHECK(n_batches == 0); - CHECK(n_batch_points == 0); - - max_n_batch_points = 2; - n = 5; - CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); - CHECK(n_batches == 3); - CHECK(n_batch_points == 2); - - max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH; - n = ECMULT_MAX_POINTS_PER_BATCH; - CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); - CHECK(n_batches == 1); - CHECK(n_batch_points == ECMULT_MAX_POINTS_PER_BATCH); - - max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH + 1; - n = ECMULT_MAX_POINTS_PER_BATCH + 1; - CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); - CHECK(n_batches == 2); - CHECK(n_batch_points == ECMULT_MAX_POINTS_PER_BATCH/2 + 1); - - max_n_batch_points = 1; - n = SIZE_MAX; - CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); - CHECK(n_batches == SIZE_MAX); - CHECK(n_batch_points == 1); - - max_n_batch_points = 2; - n = SIZE_MAX; - CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); - CHECK(n_batches == SIZE_MAX/2 + 1); - CHECK(n_batch_points == 2); -} - -/** - * Run secp256k1_ecmult_multi_var with num points and a scratch space restricted to - * 1 <= i <= num points. - */ -void test_ecmult_multi_batching(void) { - static const int n_points = 2*ECMULT_PIPPENGER_THRESHOLD; - secp256k1_scalar scG; - secp256k1_scalar szero; - secp256k1_scalar *sc = (secp256k1_scalar *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_scalar) * n_points); - secp256k1_ge *pt = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * n_points); - secp256k1_gej r; - secp256k1_gej r2; - ecmult_multi_data data; - int i; - secp256k1_scratch *scratch; - - secp256k1_gej_set_infinity(&r2); - secp256k1_scalar_set_int(&szero, 0); - - /* Get random scalars and group elements and compute result */ - random_scalar_order(&scG); - secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &r2, &szero, &scG); - for(i = 0; i < n_points; i++) { - secp256k1_ge ptg; - secp256k1_gej ptgj; - random_group_element_test(&ptg); - secp256k1_gej_set_ge(&ptgj, &ptg); - pt[i] = ptg; - random_scalar_order(&sc[i]); - secp256k1_ecmult(&ctx->ecmult_ctx, &ptgj, &ptgj, &sc[i], NULL); - secp256k1_gej_add_var(&r2, &r2, &ptgj, NULL); - } - data.sc = sc; - data.pt = pt; - secp256k1_gej_neg(&r2, &r2); - - /* Test with empty scratch space. It should compute the correct result using - * ecmult_mult_simple algorithm which doesn't require a scratch space. */ - scratch = secp256k1_scratch_create(&ctx->error_callback, 0); - CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); - secp256k1_gej_add_var(&r, &r, &r2, NULL); - CHECK(secp256k1_gej_is_infinity(&r)); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); - - /* Test with space for 1 point in pippenger. That's not enough because - * ecmult_multi selects strauss which requires more memory. It should - * therefore select the simple algorithm. */ - scratch = secp256k1_scratch_create(&ctx->error_callback, secp256k1_pippenger_scratch_size(1, 1) + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); - CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); - secp256k1_gej_add_var(&r, &r, &r2, NULL); - CHECK(secp256k1_gej_is_infinity(&r)); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); - - for(i = 1; i <= n_points; i++) { - if (i > ECMULT_PIPPENGER_THRESHOLD) { - int bucket_window = secp256k1_pippenger_bucket_window(i); - size_t scratch_size = secp256k1_pippenger_scratch_size(i, bucket_window); - scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); - } else { - size_t scratch_size = secp256k1_strauss_scratch_size(i); - scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); - } - CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); - secp256k1_gej_add_var(&r, &r, &r2, NULL); - CHECK(secp256k1_gej_is_infinity(&r)); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); - } - free(sc); - free(pt); -} - -void run_ecmult_multi_tests(void) { - secp256k1_scratch *scratch; - - test_secp256k1_pippenger_bucket_window_inv(); - test_ecmult_multi_pippenger_max_points(); - scratch = secp256k1_scratch_create(&ctx->error_callback, 819200); - test_ecmult_multi(scratch, secp256k1_ecmult_multi_var); - test_ecmult_multi(NULL, secp256k1_ecmult_multi_var); - test_ecmult_multi(scratch, secp256k1_ecmult_pippenger_batch_single); - test_ecmult_multi_batch_single(secp256k1_ecmult_pippenger_batch_single); - test_ecmult_multi(scratch, secp256k1_ecmult_strauss_batch_single); - test_ecmult_multi_batch_single(secp256k1_ecmult_strauss_batch_single); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); - - /* Run test_ecmult_multi with space for exactly one point */ - scratch = secp256k1_scratch_create(&ctx->error_callback, secp256k1_strauss_scratch_size(1) + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); - test_ecmult_multi(scratch, secp256k1_ecmult_multi_var); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); - - test_ecmult_multi_batch_size_helper(); - test_ecmult_multi_batching(); -} - -void test_wnaf(const secp256k1_scalar *number, int w) { - secp256k1_scalar x, two, t; - int wnaf[256]; - int zeroes = -1; - int i; - int bits; - secp256k1_scalar_set_int(&x, 0); - secp256k1_scalar_set_int(&two, 2); - bits = secp256k1_ecmult_wnaf(wnaf, 256, number, w); - CHECK(bits <= 256); - for (i = bits-1; i >= 0; i--) { - int v = wnaf[i]; - secp256k1_scalar_mul(&x, &x, &two); - if (v) { - CHECK(zeroes == -1 || zeroes >= w-1); /* check that distance between non-zero elements is at least w-1 */ - zeroes=0; - CHECK((v & 1) == 1); /* check non-zero elements are odd */ - CHECK(v <= (1 << (w-1)) - 1); /* check range below */ - CHECK(v >= -(1 << (w-1)) - 1); /* check range above */ - } else { - CHECK(zeroes != -1); /* check that no unnecessary zero padding exists */ - zeroes++; - } - if (v >= 0) { - secp256k1_scalar_set_int(&t, v); - } else { - secp256k1_scalar_set_int(&t, -v); - secp256k1_scalar_negate(&t, &t); - } - secp256k1_scalar_add(&x, &x, &t); - } - CHECK(secp256k1_scalar_eq(&x, number)); /* check that wnaf represents number */ -} - -void test_constant_wnaf_negate(const secp256k1_scalar *number) { - secp256k1_scalar neg1 = *number; - secp256k1_scalar neg2 = *number; - int sign1 = 1; - int sign2 = 1; - - if (!secp256k1_scalar_get_bits(&neg1, 0, 1)) { - secp256k1_scalar_negate(&neg1, &neg1); - sign1 = -1; - } - sign2 = secp256k1_scalar_cond_negate(&neg2, secp256k1_scalar_is_even(&neg2)); - CHECK(sign1 == sign2); - CHECK(secp256k1_scalar_eq(&neg1, &neg2)); -} - -void test_constant_wnaf(const secp256k1_scalar *number, int w) { - secp256k1_scalar x, shift; - int wnaf[256] = {0}; - int i; - int skew; - int bits = 256; - secp256k1_scalar num = *number; - - secp256k1_scalar_set_int(&x, 0); - secp256k1_scalar_set_int(&shift, 1 << w); - /* With USE_ENDOMORPHISM on we only consider 128-bit numbers */ -#ifdef USE_ENDOMORPHISM - for (i = 0; i < 16; ++i) { - secp256k1_scalar_shr_int(&num, 8); - } - bits = 128; -#endif - skew = secp256k1_wnaf_const(wnaf, &num, w, bits); - - for (i = WNAF_SIZE_BITS(bits, w); i >= 0; --i) { - secp256k1_scalar t; - int v = wnaf[i]; - CHECK(v != 0); /* check nonzero */ - CHECK(v & 1); /* check parity */ - CHECK(v > -(1 << w)); /* check range above */ - CHECK(v < (1 << w)); /* check range below */ - - secp256k1_scalar_mul(&x, &x, &shift); - if (v >= 0) { - secp256k1_scalar_set_int(&t, v); - } else { - secp256k1_scalar_set_int(&t, -v); - secp256k1_scalar_negate(&t, &t); - } - secp256k1_scalar_add(&x, &x, &t); - } - /* Skew num because when encoding numbers as odd we use an offset */ - secp256k1_scalar_cadd_bit(&num, skew == 2, 1); - CHECK(secp256k1_scalar_eq(&x, &num)); -} - -void test_fixed_wnaf(const secp256k1_scalar *number, int w) { - secp256k1_scalar x, shift; - int wnaf[256] = {0}; - int i; - int skew; - secp256k1_scalar num = *number; - - secp256k1_scalar_set_int(&x, 0); - secp256k1_scalar_set_int(&shift, 1 << w); - /* With USE_ENDOMORPHISM on we only consider 128-bit numbers */ -#ifdef USE_ENDOMORPHISM - for (i = 0; i < 16; ++i) { - secp256k1_scalar_shr_int(&num, 8); - } -#endif - skew = secp256k1_wnaf_fixed(wnaf, &num, w); - - for (i = WNAF_SIZE(w)-1; i >= 0; --i) { - secp256k1_scalar t; - int v = wnaf[i]; - CHECK(v == 0 || v & 1); /* check parity */ - CHECK(v > -(1 << w)); /* check range above */ - CHECK(v < (1 << w)); /* check range below */ - - secp256k1_scalar_mul(&x, &x, &shift); - if (v >= 0) { - secp256k1_scalar_set_int(&t, v); - } else { - secp256k1_scalar_set_int(&t, -v); - secp256k1_scalar_negate(&t, &t); - } - secp256k1_scalar_add(&x, &x, &t); - } - /* If skew is 1 then add 1 to num */ - secp256k1_scalar_cadd_bit(&num, 0, skew == 1); - CHECK(secp256k1_scalar_eq(&x, &num)); -} - -/* Checks that the first 8 elements of wnaf are equal to wnaf_expected and the - * rest is 0.*/ -void test_fixed_wnaf_small_helper(int *wnaf, int *wnaf_expected, int w) { - int i; - for (i = WNAF_SIZE(w)-1; i >= 8; --i) { - CHECK(wnaf[i] == 0); - } - for (i = 7; i >= 0; --i) { - CHECK(wnaf[i] == wnaf_expected[i]); - } -} - -void test_fixed_wnaf_small(void) { - int w = 4; - int wnaf[256] = {0}; - int i; - int skew; - secp256k1_scalar num; - - secp256k1_scalar_set_int(&num, 0); - skew = secp256k1_wnaf_fixed(wnaf, &num, w); - for (i = WNAF_SIZE(w)-1; i >= 0; --i) { - int v = wnaf[i]; - CHECK(v == 0); - } - CHECK(skew == 0); - - secp256k1_scalar_set_int(&num, 1); - skew = secp256k1_wnaf_fixed(wnaf, &num, w); - for (i = WNAF_SIZE(w)-1; i >= 1; --i) { - int v = wnaf[i]; - CHECK(v == 0); - } - CHECK(wnaf[0] == 1); - CHECK(skew == 0); - - { - int wnaf_expected[8] = { 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf }; - secp256k1_scalar_set_int(&num, 0xffffffff); - skew = secp256k1_wnaf_fixed(wnaf, &num, w); - test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); - CHECK(skew == 0); - } - { - int wnaf_expected[8] = { -1, -1, -1, -1, -1, -1, -1, 0xf }; - secp256k1_scalar_set_int(&num, 0xeeeeeeee); - skew = secp256k1_wnaf_fixed(wnaf, &num, w); - test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); - CHECK(skew == 1); - } - { - int wnaf_expected[8] = { 1, 0, 1, 0, 1, 0, 1, 0 }; - secp256k1_scalar_set_int(&num, 0x01010101); - skew = secp256k1_wnaf_fixed(wnaf, &num, w); - test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); - CHECK(skew == 0); - } - { - int wnaf_expected[8] = { -0xf, 0, 0xf, -0xf, 0, 0xf, 1, 0 }; - secp256k1_scalar_set_int(&num, 0x01ef1ef1); - skew = secp256k1_wnaf_fixed(wnaf, &num, w); - test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); - CHECK(skew == 0); - } -} - -void run_wnaf(void) { - int i; - secp256k1_scalar n = {{0}}; - - /* Sanity check: 1 and 2 are the smallest odd and even numbers and should - * have easier-to-diagnose failure modes */ - n.d[0] = 1; - test_constant_wnaf(&n, 4); - n.d[0] = 2; - test_constant_wnaf(&n, 4); - /* Test 0 */ - test_fixed_wnaf_small(); - /* Random tests */ - for (i = 0; i < count; i++) { - random_scalar_order(&n); - test_wnaf(&n, 4+(i%10)); - test_constant_wnaf_negate(&n); - test_constant_wnaf(&n, 4 + (i % 10)); - test_fixed_wnaf(&n, 4 + (i % 10)); - } - secp256k1_scalar_set_int(&n, 0); - CHECK(secp256k1_scalar_cond_negate(&n, 1) == -1); - CHECK(secp256k1_scalar_is_zero(&n)); - CHECK(secp256k1_scalar_cond_negate(&n, 0) == 1); - CHECK(secp256k1_scalar_is_zero(&n)); -} - -void test_ecmult_constants(void) { - /* Test ecmult_gen() for [0..36) and [order-36..0). */ - secp256k1_scalar x; - secp256k1_gej r; - secp256k1_ge ng; - int i; - int j; - secp256k1_ge_neg(&ng, &secp256k1_ge_const_g); - for (i = 0; i < 36; i++ ) { - secp256k1_scalar_set_int(&x, i); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &r, &x); - for (j = 0; j < i; j++) { - if (j == i - 1) { - ge_equals_gej(&secp256k1_ge_const_g, &r); - } - secp256k1_gej_add_ge(&r, &r, &ng); - } - CHECK(secp256k1_gej_is_infinity(&r)); - } - for (i = 1; i <= 36; i++ ) { - secp256k1_scalar_set_int(&x, i); - secp256k1_scalar_negate(&x, &x); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &r, &x); - for (j = 0; j < i; j++) { - if (j == i - 1) { - ge_equals_gej(&ng, &r); - } - secp256k1_gej_add_ge(&r, &r, &secp256k1_ge_const_g); - } - CHECK(secp256k1_gej_is_infinity(&r)); - } -} - -void run_ecmult_constants(void) { - test_ecmult_constants(); -} - -void test_ecmult_gen_blind(void) { - /* Test ecmult_gen() blinding and confirm that the blinding changes, the affine points match, and the z's don't match. */ - secp256k1_scalar key; - secp256k1_scalar b; - unsigned char seed32[32]; - secp256k1_gej pgej; - secp256k1_gej pgej2; - secp256k1_gej i; - secp256k1_ge pge; - random_scalar_order_test(&key); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej, &key); - secp256k1_rand256(seed32); - b = ctx->ecmult_gen_ctx.blind; - i = ctx->ecmult_gen_ctx.initial; - secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); - CHECK(!secp256k1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej2, &key); - CHECK(!gej_xyz_equals_gej(&pgej, &pgej2)); - CHECK(!gej_xyz_equals_gej(&i, &ctx->ecmult_gen_ctx.initial)); - secp256k1_ge_set_gej(&pge, &pgej); - ge_equals_gej(&pge, &pgej2); -} - -void test_ecmult_gen_blind_reset(void) { - /* Test ecmult_gen() blinding reset and confirm that the blinding is consistent. */ - secp256k1_scalar b; - secp256k1_gej initial; - secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); - b = ctx->ecmult_gen_ctx.blind; - initial = ctx->ecmult_gen_ctx.initial; - secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); - CHECK(secp256k1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); - CHECK(gej_xyz_equals_gej(&initial, &ctx->ecmult_gen_ctx.initial)); -} - -void run_ecmult_gen_blind(void) { - int i; - test_ecmult_gen_blind_reset(); - for (i = 0; i < 10; i++) { - test_ecmult_gen_blind(); - } -} - -#ifdef USE_ENDOMORPHISM -/***** ENDOMORPHISH TESTS *****/ -void test_scalar_split(void) { - secp256k1_scalar full; - secp256k1_scalar s1, slam; - const unsigned char zero[32] = {0}; - unsigned char tmp[32]; - - random_scalar_order_test(&full); - secp256k1_scalar_split_lambda(&s1, &slam, &full); - - /* check that both are <= 128 bits in size */ - if (secp256k1_scalar_is_high(&s1)) { - secp256k1_scalar_negate(&s1, &s1); - } - if (secp256k1_scalar_is_high(&slam)) { - secp256k1_scalar_negate(&slam, &slam); - } - - secp256k1_scalar_get_b32(tmp, &s1); - CHECK(memcmp(zero, tmp, 16) == 0); - secp256k1_scalar_get_b32(tmp, &slam); - CHECK(memcmp(zero, tmp, 16) == 0); -} - -void run_endomorphism_tests(void) { - test_scalar_split(); -} -#endif - -void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) { - unsigned char pubkeyc[65]; - secp256k1_pubkey pubkey; - secp256k1_ge ge; - size_t pubkeyclen; - int32_t ecount; - ecount = 0; - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) { - /* Smaller sizes are tested exhaustively elsewhere. */ - int32_t i; - memcpy(&pubkeyc[1], input, 64); - VG_UNDEF(&pubkeyc[pubkeyclen], 65 - pubkeyclen); - for (i = 0; i < 256; i++) { - /* Try all type bytes. */ - int xpass; - int ypass; - int ysign; - pubkeyc[0] = i; - /* What sign does this point have? */ - ysign = (input[63] & 1) + 2; - /* For the current type (i) do we expect parsing to work? Handled all of compressed/uncompressed/hybrid. */ - xpass = xvalid && (pubkeyclen == 33) && ((i & 254) == 2); - /* Do we expect a parse and re-serialize as uncompressed to give a matching y? */ - ypass = xvalid && yvalid && ((i & 4) == ((pubkeyclen == 65) << 2)) && - ((i == 4) || ((i & 251) == ysign)) && ((pubkeyclen == 33) || (pubkeyclen == 65)); - if (xpass || ypass) { - /* These cases must parse. */ - unsigned char pubkeyo[65]; - size_t outl; - memset(&pubkey, 0, sizeof(pubkey)); - VG_UNDEF(&pubkey, sizeof(pubkey)); - ecount = 0; - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); - VG_CHECK(&pubkey, sizeof(pubkey)); - outl = 65; - VG_UNDEF(pubkeyo, 65); - CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - VG_CHECK(pubkeyo, outl); - CHECK(outl == 33); - CHECK(memcmp(&pubkeyo[1], &pubkeyc[1], 32) == 0); - CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0])); - if (ypass) { - /* This test isn't always done because we decode with alternative signs, so the y won't match. */ - CHECK(pubkeyo[0] == ysign); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); - memset(&pubkey, 0, sizeof(pubkey)); - VG_UNDEF(&pubkey, sizeof(pubkey)); - secp256k1_pubkey_save(&pubkey, &ge); - VG_CHECK(&pubkey, sizeof(pubkey)); - outl = 65; - VG_UNDEF(pubkeyo, 65); - CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); - VG_CHECK(pubkeyo, outl); - CHECK(outl == 65); - CHECK(pubkeyo[0] == 4); - CHECK(memcmp(&pubkeyo[1], input, 64) == 0); - } - CHECK(ecount == 0); - } else { - /* These cases must fail to parse. */ - memset(&pubkey, 0xfe, sizeof(pubkey)); - ecount = 0; - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); - CHECK(ecount == 1); - } - } - } - secp256k1_context_set_illegal_callback(ctx, NULL, NULL); -} - -void run_ec_pubkey_parse_test(void) { -#define SECP256K1_EC_PARSE_TEST_NVALID (12) - const unsigned char valid[SECP256K1_EC_PARSE_TEST_NVALID][64] = { - { - /* Point with leading and trailing zeros in x and y serialization. */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x52, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x64, 0xef, 0xa1, 0x7b, 0x77, 0x61, 0xe1, 0xe4, 0x27, 0x06, 0x98, 0x9f, 0xb4, 0x83, - 0xb8, 0xd2, 0xd4, 0x9b, 0xf7, 0x8f, 0xae, 0x98, 0x03, 0xf0, 0x99, 0xb8, 0x34, 0xed, 0xeb, 0x00 - }, - { - /* Point with x equal to a 3rd root of unity.*/ - 0x7a, 0xe9, 0x6a, 0x2b, 0x65, 0x7c, 0x07, 0x10, 0x6e, 0x64, 0x47, 0x9e, 0xac, 0x34, 0x34, 0xe9, - 0x9c, 0xf0, 0x49, 0x75, 0x12, 0xf5, 0x89, 0x95, 0xc1, 0x39, 0x6c, 0x28, 0x71, 0x95, 0x01, 0xee, - 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14, - 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee, - }, - { - /* Point with largest x. (1/2) */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c, - 0x0e, 0x99, 0x4b, 0x14, 0xea, 0x72, 0xf8, 0xc3, 0xeb, 0x95, 0xc7, 0x1e, 0xf6, 0x92, 0x57, 0x5e, - 0x77, 0x50, 0x58, 0x33, 0x2d, 0x7e, 0x52, 0xd0, 0x99, 0x5c, 0xf8, 0x03, 0x88, 0x71, 0xb6, 0x7d, - }, - { - /* Point with largest x. (2/2) */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c, - 0xf1, 0x66, 0xb4, 0xeb, 0x15, 0x8d, 0x07, 0x3c, 0x14, 0x6a, 0x38, 0xe1, 0x09, 0x6d, 0xa8, 0xa1, - 0x88, 0xaf, 0xa7, 0xcc, 0xd2, 0x81, 0xad, 0x2f, 0x66, 0xa3, 0x07, 0xfb, 0x77, 0x8e, 0x45, 0xb2, - }, - { - /* Point with smallest x. (1/2) */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14, - 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee, - }, - { - /* Point with smallest x. (2/2) */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb, - 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41, - }, - { - /* Point with largest y. (1/3) */ - 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6, - 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, - }, - { - /* Point with largest y. (2/3) */ - 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c, - 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, - }, - { - /* Point with largest y. (3/3) */ - 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc, - 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, - }, - { - /* Point with smallest y. (1/3) */ - 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6, - 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - }, - { - /* Point with smallest y. (2/3) */ - 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c, - 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - }, - { - /* Point with smallest y. (3/3) */ - 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc, - 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 - } - }; -#define SECP256K1_EC_PARSE_TEST_NXVALID (4) - const unsigned char onlyxvalid[SECP256K1_EC_PARSE_TEST_NXVALID][64] = { - { - /* Valid if y overflow ignored (y = 1 mod p). (1/3) */ - 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6, - 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, - }, - { - /* Valid if y overflow ignored (y = 1 mod p). (2/3) */ - 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c, - 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, - }, - { - /* Valid if y overflow ignored (y = 1 mod p). (3/3)*/ - 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc, - 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, - }, - { - /* x on curve, y is from y^2 = x^3 + 8. */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 - } - }; -#define SECP256K1_EC_PARSE_TEST_NINVALID (7) - const unsigned char invalid[SECP256K1_EC_PARSE_TEST_NINVALID][64] = { - { - /* x is third root of -8, y is -1 * (x^3+7); also on the curve for y^2 = x^3 + 9. */ - 0x0a, 0x2d, 0x2b, 0xa9, 0x35, 0x07, 0xf1, 0xdf, 0x23, 0x37, 0x70, 0xc2, 0xa7, 0x97, 0x96, 0x2c, - 0xc6, 0x1f, 0x6d, 0x15, 0xda, 0x14, 0xec, 0xd4, 0x7d, 0x8d, 0x27, 0xae, 0x1c, 0xd5, 0xf8, 0x53, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - }, - { - /* Valid if x overflow ignored (x = 1 mod p). */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, - 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14, - 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee, - }, - { - /* Valid if x overflow ignored (x = 1 mod p). */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, - 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb, - 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41, - }, - { - /* x is -1, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 5. */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, - 0xf4, 0x84, 0x14, 0x5c, 0xb0, 0x14, 0x9b, 0x82, 0x5d, 0xff, 0x41, 0x2f, 0xa0, 0x52, 0xa8, 0x3f, - 0xcb, 0x72, 0xdb, 0x61, 0xd5, 0x6f, 0x37, 0x70, 0xce, 0x06, 0x6b, 0x73, 0x49, 0xa2, 0xaa, 0x28, - }, - { - /* x is -1, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 5. */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, - 0x0b, 0x7b, 0xeb, 0xa3, 0x4f, 0xeb, 0x64, 0x7d, 0xa2, 0x00, 0xbe, 0xd0, 0x5f, 0xad, 0x57, 0xc0, - 0x34, 0x8d, 0x24, 0x9e, 0x2a, 0x90, 0xc8, 0x8f, 0x31, 0xf9, 0x94, 0x8b, 0xb6, 0x5d, 0x52, 0x07, - }, - { - /* x is zero, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 7. */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x8f, 0x53, 0x7e, 0xef, 0xdf, 0xc1, 0x60, 0x6a, 0x07, 0x27, 0xcd, 0x69, 0xb4, 0xa7, 0x33, 0x3d, - 0x38, 0xed, 0x44, 0xe3, 0x93, 0x2a, 0x71, 0x79, 0xee, 0xcb, 0x4b, 0x6f, 0xba, 0x93, 0x60, 0xdc, - }, - { - /* x is zero, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 7. */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x70, 0xac, 0x81, 0x10, 0x20, 0x3e, 0x9f, 0x95, 0xf8, 0xd8, 0x32, 0x96, 0x4b, 0x58, 0xcc, 0xc2, - 0xc7, 0x12, 0xbb, 0x1c, 0x6c, 0xd5, 0x8e, 0x86, 0x11, 0x34, 0xb4, 0x8f, 0x45, 0x6c, 0x9b, 0x53 - } - }; - const unsigned char pubkeyc[66] = { - /* Serialization of G. */ - 0x04, 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B, - 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, - 0x98, 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08, - 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, - 0xB8, 0x00 - }; - unsigned char sout[65]; - unsigned char shortkey[2]; - secp256k1_ge ge; - secp256k1_pubkey pubkey; - size_t len; - int32_t i; - int32_t ecount; - int32_t ecount2; - ecount = 0; - /* Nothing should be reading this far into pubkeyc. */ - VG_UNDEF(&pubkeyc[65], 1); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - /* Zero length claimed, fail, zeroize, no illegal arg error. */ - memset(&pubkey, 0xfe, sizeof(pubkey)); - ecount = 0; - VG_UNDEF(shortkey, 2); - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 0) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); - CHECK(ecount == 1); - /* Length one claimed, fail, zeroize, no illegal arg error. */ - for (i = 0; i < 256 ; i++) { - memset(&pubkey, 0xfe, sizeof(pubkey)); - ecount = 0; - shortkey[0] = i; - VG_UNDEF(&shortkey[1], 1); - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 1) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); - CHECK(ecount == 1); - } - /* Length two claimed, fail, zeroize, no illegal arg error. */ - for (i = 0; i < 65536 ; i++) { - memset(&pubkey, 0xfe, sizeof(pubkey)); - ecount = 0; - shortkey[0] = i & 255; - shortkey[1] = i >> 8; - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 2) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); - CHECK(ecount == 1); - } - memset(&pubkey, 0xfe, sizeof(pubkey)); - ecount = 0; - VG_UNDEF(&pubkey, sizeof(pubkey)); - /* 33 bytes claimed on otherwise valid input starting with 0x04, fail, zeroize output, no illegal arg error. */ - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 33) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); - CHECK(ecount == 1); - /* NULL pubkey, illegal arg error. Pubkey isn't rewritten before this step, since it's NULL into the parser. */ - CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, pubkeyc, 65) == 0); - CHECK(ecount == 2); - /* NULL input string. Illegal arg and zeroize output. */ - memset(&pubkey, 0xfe, sizeof(pubkey)); - ecount = 0; - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, NULL, 65) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(ecount == 1); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); - CHECK(ecount == 2); - /* 64 bytes claimed on input starting with 0x04, fail, zeroize output, no illegal arg error. */ - memset(&pubkey, 0xfe, sizeof(pubkey)); - ecount = 0; - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 64) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); - CHECK(ecount == 1); - /* 66 bytes claimed, fail, zeroize output, no illegal arg error. */ - memset(&pubkey, 0xfe, sizeof(pubkey)); - ecount = 0; - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 66) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); - CHECK(ecount == 1); - /* Valid parse. */ - memset(&pubkey, 0, sizeof(pubkey)); - ecount = 0; - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 65) == 1); - CHECK(secp256k1_ec_pubkey_parse(secp256k1_context_no_precomp, &pubkey, pubkeyc, 65) == 1); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(ecount == 0); - VG_UNDEF(&ge, sizeof(ge)); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); - VG_CHECK(&ge.x, sizeof(ge.x)); - VG_CHECK(&ge.y, sizeof(ge.y)); - VG_CHECK(&ge.infinity, sizeof(ge.infinity)); - ge_equals_ge(&secp256k1_ge_const_g, &ge); - CHECK(ecount == 0); - /* secp256k1_ec_pubkey_serialize illegal args. */ - ecount = 0; - len = 65; - CHECK(secp256k1_ec_pubkey_serialize(ctx, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); - CHECK(ecount == 1); - CHECK(len == 0); - CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); - CHECK(ecount == 2); - len = 65; - VG_UNDEF(sout, 65); - CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED) == 0); - VG_CHECK(sout, 65); - CHECK(ecount == 3); - CHECK(len == 0); - len = 65; - CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, &pubkey, ~0) == 0); - CHECK(ecount == 4); - CHECK(len == 0); - len = 65; - VG_UNDEF(sout, 65); - CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); - VG_CHECK(sout, 65); - CHECK(ecount == 4); - CHECK(len == 65); - /* Multiple illegal args. Should still set arg error only once. */ - ecount = 0; - ecount2 = 11; - CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); - CHECK(ecount == 1); - /* Does the illegal arg callback actually change the behavior? */ - secp256k1_context_set_illegal_callback(ctx, uncounting_illegal_callback_fn, &ecount2); - CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); - CHECK(ecount == 1); - CHECK(ecount2 == 10); - secp256k1_context_set_illegal_callback(ctx, NULL, NULL); - /* Try a bunch of prefabbed points with all possible encodings. */ - for (i = 0; i < SECP256K1_EC_PARSE_TEST_NVALID; i++) { - ec_pubkey_parse_pointtest(valid[i], 1, 1); - } - for (i = 0; i < SECP256K1_EC_PARSE_TEST_NXVALID; i++) { - ec_pubkey_parse_pointtest(onlyxvalid[i], 1, 0); - } - for (i = 0; i < SECP256K1_EC_PARSE_TEST_NINVALID; i++) { - ec_pubkey_parse_pointtest(invalid[i], 0, 0); - } -} - -void run_eckey_edge_case_test(void) { - const unsigned char orderc[32] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, - 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, - 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 - }; - const unsigned char zeros[sizeof(secp256k1_pubkey)] = {0x00}; - unsigned char ctmp[33]; - unsigned char ctmp2[33]; - secp256k1_pubkey pubkey; - secp256k1_pubkey pubkey2; - secp256k1_pubkey pubkey_one; - secp256k1_pubkey pubkey_negone; - const secp256k1_pubkey *pubkeys[3]; - size_t len; - int32_t ecount; - /* Group order is too large, reject. */ - CHECK(secp256k1_ec_seckey_verify(ctx, orderc) == 0); - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, orderc) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); - /* Maximum value is too large, reject. */ - memset(ctmp, 255, 32); - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); - memset(&pubkey, 1, sizeof(pubkey)); - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); - /* Zero is too small, reject. */ - memset(ctmp, 0, 32); - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); - memset(&pubkey, 1, sizeof(pubkey)); - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); - /* One must be accepted. */ - ctmp[31] = 0x01; - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); - memset(&pubkey, 0, sizeof(pubkey)); - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); - pubkey_one = pubkey; - /* Group order + 1 is too large, reject. */ - memcpy(ctmp, orderc, 32); - ctmp[31] = 0x42; - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); - memset(&pubkey, 1, sizeof(pubkey)); - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); - /* -1 must be accepted. */ - ctmp[31] = 0x40; - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); - memset(&pubkey, 0, sizeof(pubkey)); - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); - pubkey_negone = pubkey; - /* Tweak of zero leaves the value unchanged. */ - memset(ctmp2, 0, 32); - CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, ctmp2) == 1); - CHECK(memcmp(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); - memcpy(&pubkey2, &pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); - CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); - /* Multiply tweak of zero zeroizes the output. */ - CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, ctmp2) == 0); - CHECK(memcmp(zeros, ctmp, 32) == 0); - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); - CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); - memcpy(&pubkey, &pubkey2, sizeof(pubkey)); - /* Overflowing key tweak zeroizes. */ - memcpy(ctmp, orderc, 32); - ctmp[31] = 0x40; - CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, orderc) == 0); - CHECK(memcmp(zeros, ctmp, 32) == 0); - memcpy(ctmp, orderc, 32); - ctmp[31] = 0x40; - CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, orderc) == 0); - CHECK(memcmp(zeros, ctmp, 32) == 0); - memcpy(ctmp, orderc, 32); - ctmp[31] = 0x40; - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); - CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); - memcpy(&pubkey, &pubkey2, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); - CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); - memcpy(&pubkey, &pubkey2, sizeof(pubkey)); - /* Private key tweaks results in a key of zero. */ - ctmp2[31] = 1; - CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp2, ctmp) == 0); - CHECK(memcmp(zeros, ctmp2, 32) == 0); - ctmp2[31] = 1; - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); - CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); - memcpy(&pubkey, &pubkey2, sizeof(pubkey)); - /* Tweak computation wraps and results in a key of 1. */ - ctmp2[31] = 2; - CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp2, ctmp) == 1); - CHECK(memcmp(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); - ctmp2[31] = 2; - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); - ctmp2[31] = 1; - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); - CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); - /* Tweak mul * 2 = 1+1. */ - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); - ctmp2[31] = 2; - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 1); - CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); - /* Test argument errors. */ - ecount = 0; - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - CHECK(ecount == 0); - /* Zeroize pubkey on parse error. */ - memset(&pubkey, 0, 32); - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); - CHECK(ecount == 1); - CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); - memcpy(&pubkey, &pubkey2, sizeof(pubkey)); - memset(&pubkey2, 0, 32); - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 0); - CHECK(ecount == 2); - CHECK(memcmp(&pubkey2, zeros, sizeof(pubkey2)) == 0); - /* Plain argument errors. */ - ecount = 0; - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); - CHECK(ecount == 0); - CHECK(secp256k1_ec_seckey_verify(ctx, NULL) == 0); - CHECK(ecount == 1); - ecount = 0; - memset(ctmp2, 0, 32); - ctmp2[31] = 4; - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, NULL, ctmp2) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, NULL) == 0); - CHECK(ecount == 2); - ecount = 0; - memset(ctmp2, 0, 32); - ctmp2[31] = 4; - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, NULL, ctmp2) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, NULL) == 0); - CHECK(ecount == 2); - ecount = 0; - memset(ctmp2, 0, 32); - CHECK(secp256k1_ec_privkey_tweak_add(ctx, NULL, ctmp2) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, NULL) == 0); - CHECK(ecount == 2); - ecount = 0; - memset(ctmp2, 0, 32); - ctmp2[31] = 1; - CHECK(secp256k1_ec_privkey_tweak_mul(ctx, NULL, ctmp2) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, NULL) == 0); - CHECK(ecount == 2); - ecount = 0; - CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0); - CHECK(ecount == 1); - memset(&pubkey, 1, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); - CHECK(ecount == 2); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); - /* secp256k1_ec_pubkey_combine tests. */ - ecount = 0; - pubkeys[0] = &pubkey_one; - VG_UNDEF(&pubkeys[0], sizeof(secp256k1_pubkey *)); - VG_UNDEF(&pubkeys[1], sizeof(secp256k1_pubkey *)); - VG_UNDEF(&pubkeys[2], sizeof(secp256k1_pubkey *)); - memset(&pubkey, 255, sizeof(secp256k1_pubkey)); - VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 0) == 0); - VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ec_pubkey_combine(ctx, NULL, pubkeys, 1) == 0); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); - CHECK(ecount == 2); - memset(&pubkey, 255, sizeof(secp256k1_pubkey)); - VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, NULL, 1) == 0); - VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); - CHECK(ecount == 3); - pubkeys[0] = &pubkey_negone; - memset(&pubkey, 255, sizeof(secp256k1_pubkey)); - VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 1) == 1); - VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); - CHECK(ecount == 3); - len = 33; - CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); - CHECK(memcmp(ctmp, ctmp2, 33) == 0); - /* Result is infinity. */ - pubkeys[0] = &pubkey_one; - pubkeys[1] = &pubkey_negone; - memset(&pubkey, 255, sizeof(secp256k1_pubkey)); - VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 0); - VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); - CHECK(ecount == 3); - /* Passes through infinity but comes out one. */ - pubkeys[2] = &pubkey_one; - memset(&pubkey, 255, sizeof(secp256k1_pubkey)); - VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 3) == 1); - VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); - CHECK(ecount == 3); - len = 33; - CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); - CHECK(memcmp(ctmp, ctmp2, 33) == 0); - /* Adds to two. */ - pubkeys[1] = &pubkey_one; - memset(&pubkey, 255, sizeof(secp256k1_pubkey)); - VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); - VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); - CHECK(ecount == 3); - secp256k1_context_set_illegal_callback(ctx, NULL, NULL); -} - -void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) { - secp256k1_scalar nonce; - do { - random_scalar_order_test(&nonce); - } while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); -} - -void test_ecdsa_sign_verify(void) { - secp256k1_gej pubj; - secp256k1_ge pub; - secp256k1_scalar one; - secp256k1_scalar msg, key; - secp256k1_scalar sigr, sigs; - int recid; - int getrec; - random_scalar_order_test(&msg); - random_scalar_order_test(&key); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key); - secp256k1_ge_set_gej(&pub, &pubj); - getrec = secp256k1_rand_bits(1); - random_sign(&sigr, &sigs, &key, &msg, getrec?&recid:NULL); - if (getrec) { - CHECK(recid >= 0 && recid < 4); - } - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); - secp256k1_scalar_set_int(&one, 1); - secp256k1_scalar_add(&msg, &msg, &one); - CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); -} - -void run_ecdsa_sign_verify(void) { - int i; - for (i = 0; i < 10*count; i++) { - test_ecdsa_sign_verify(); - } -} - -/** Dummy nonce generation function that just uses a precomputed nonce, and fails if it is not accepted. Use only for testing. */ -static int precomputed_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { - (void)msg32; - (void)key32; - (void)algo16; - memcpy(nonce32, data, 32); - return (counter == 0); -} - -static int nonce_function_test_fail(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { - /* Dummy nonce generator that has a fatal error on the first counter value. */ - if (counter == 0) { - return 0; - } - return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 1); -} - -static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { - /* Dummy nonce generator that produces unacceptable nonces for the first several counter values. */ - if (counter < 3) { - memset(nonce32, counter==0 ? 0 : 255, 32); - if (counter == 2) { - nonce32[31]--; - } - return 1; - } - if (counter < 5) { - static const unsigned char order[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, - 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, - 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41 - }; - memcpy(nonce32, order, 32); - if (counter == 4) { - nonce32[31]++; - } - return 1; - } - /* Retry rate of 6979 is negligible esp. as we only call this in deterministic tests. */ - /* If someone does fine a case where it retries for secp256k1, we'd like to know. */ - if (counter > 5) { - return 0; - } - return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 5); -} - -int is_empty_signature(const secp256k1_ecdsa_signature *sig) { - static const unsigned char res[sizeof(secp256k1_ecdsa_signature)] = {0}; - return memcmp(sig, res, sizeof(secp256k1_ecdsa_signature)) == 0; -} - -void test_ecdsa_end_to_end(void) { - unsigned char extra[32] = {0x00}; - unsigned char privkey[32]; - unsigned char message[32]; - unsigned char privkey2[32]; - secp256k1_ecdsa_signature signature[6]; - secp256k1_scalar r, s; - unsigned char sig[74]; - size_t siglen = 74; - unsigned char pubkeyc[65]; - size_t pubkeyclen = 65; - secp256k1_pubkey pubkey; - secp256k1_pubkey pubkey_tmp; - unsigned char seckey[300]; - size_t seckeylen = 300; - - /* Generate a random key and message. */ - { - secp256k1_scalar msg, key; - random_scalar_order_test(&msg); - random_scalar_order_test(&key); - secp256k1_scalar_get_b32(privkey, &key); - secp256k1_scalar_get_b32(message, &msg); - } - - /* Construct and verify corresponding public key. */ - CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); - - /* Verify exporting and importing public key. */ - CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_rand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); - memset(&pubkey, 0, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); - - /* Verify negation changes the key and changes it back */ - memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); - CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); - CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); - CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); - - /* Verify private key import and export. */ - CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_rand_bits(1) == 1)); - CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); - CHECK(memcmp(privkey, privkey2, 32) == 0); - - /* Optionally tweak the keys using addition. */ - if (secp256k1_rand_int(3) == 0) { - int ret1; - int ret2; - unsigned char rnd[32]; - secp256k1_pubkey pubkey2; - secp256k1_rand256_test(rnd); - ret1 = secp256k1_ec_privkey_tweak_add(ctx, privkey, rnd); - ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); - CHECK(ret1 == ret2); - if (ret1 == 0) { - return; - } - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); - CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); - } - - /* Optionally tweak the keys using multiplication. */ - if (secp256k1_rand_int(3) == 0) { - int ret1; - int ret2; - unsigned char rnd[32]; - secp256k1_pubkey pubkey2; - secp256k1_rand256_test(rnd); - ret1 = secp256k1_ec_privkey_tweak_mul(ctx, privkey, rnd); - ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); - CHECK(ret1 == ret2); - if (ret1 == 0) { - return; - } - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); - CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); - } - - /* Sign. */ - CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); - extra[31] = 1; - CHECK(secp256k1_ecdsa_sign(ctx, &signature[2], message, privkey, NULL, extra) == 1); - extra[31] = 0; - extra[0] = 1; - CHECK(secp256k1_ecdsa_sign(ctx, &signature[3], message, privkey, NULL, extra) == 1); - CHECK(memcmp(&signature[0], &signature[4], sizeof(signature[0])) == 0); - CHECK(memcmp(&signature[0], &signature[1], sizeof(signature[0])) != 0); - CHECK(memcmp(&signature[0], &signature[2], sizeof(signature[0])) != 0); - CHECK(memcmp(&signature[0], &signature[3], sizeof(signature[0])) != 0); - CHECK(memcmp(&signature[1], &signature[2], sizeof(signature[0])) != 0); - CHECK(memcmp(&signature[1], &signature[3], sizeof(signature[0])) != 0); - CHECK(memcmp(&signature[2], &signature[3], sizeof(signature[0])) != 0); - /* Verify. */ - CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[1], message, &pubkey) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[2], message, &pubkey) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[3], message, &pubkey) == 1); - /* Test lower-S form, malleate, verify and fail, test again, malleate again */ - CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[0])); - secp256k1_ecdsa_signature_load(ctx, &r, &s, &signature[0]); - secp256k1_scalar_negate(&s, &s); - secp256k1_ecdsa_signature_save(&signature[5], &r, &s); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 0); - CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); - CHECK(secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); - CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); - CHECK(!secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); - secp256k1_scalar_negate(&s, &s); - secp256k1_ecdsa_signature_save(&signature[5], &r, &s); - CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); - CHECK(memcmp(&signature[5], &signature[0], 64) == 0); - - /* Serialize/parse DER and verify again */ - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); - memset(&signature[0], 0, sizeof(signature[0])); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); - /* Serialize/destroy/parse DER and verify again. */ - siglen = 74; - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); - sig[secp256k1_rand_int(siglen)] += 1 + secp256k1_rand_int(255); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 0 || - secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 0); -} - -void test_random_pubkeys(void) { - secp256k1_ge elem; - secp256k1_ge elem2; - unsigned char in[65]; - /* Generate some randomly sized pubkeys. */ - size_t len = secp256k1_rand_bits(2) == 0 ? 65 : 33; - if (secp256k1_rand_bits(2) == 0) { - len = secp256k1_rand_bits(6); - } - if (len == 65) { - in[0] = secp256k1_rand_bits(1) ? 4 : (secp256k1_rand_bits(1) ? 6 : 7); - } else { - in[0] = secp256k1_rand_bits(1) ? 2 : 3; - } - if (secp256k1_rand_bits(3) == 0) { - in[0] = secp256k1_rand_bits(8); - } - if (len > 1) { - secp256k1_rand256(&in[1]); - } - if (len > 33) { - secp256k1_rand256(&in[33]); - } - if (secp256k1_eckey_pubkey_parse(&elem, in, len)) { - unsigned char out[65]; - unsigned char firstb; - int res; - size_t size = len; - firstb = in[0]; - /* If the pubkey can be parsed, it should round-trip... */ - CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, len == 33)); - CHECK(size == len); - CHECK(memcmp(&in[1], &out[1], len-1) == 0); - /* ... except for the type of hybrid inputs. */ - if ((in[0] != 6) && (in[0] != 7)) { - CHECK(in[0] == out[0]); - } - size = 65; - CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0)); - CHECK(size == 65); - CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size)); - ge_equals_ge(&elem,&elem2); - /* Check that the X9.62 hybrid type is checked. */ - in[0] = secp256k1_rand_bits(1) ? 6 : 7; - res = secp256k1_eckey_pubkey_parse(&elem2, in, size); - if (firstb == 2 || firstb == 3) { - if (in[0] == firstb + 4) { - CHECK(res); - } else { - CHECK(!res); - } - } - if (res) { - ge_equals_ge(&elem,&elem2); - CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, 0)); - CHECK(memcmp(&in[1], &out[1], 64) == 0); - } - } -} - -void run_random_pubkeys(void) { - int i; - for (i = 0; i < 10*count; i++) { - test_random_pubkeys(); - } -} - -void run_ecdsa_end_to_end(void) { - int i; - for (i = 0; i < 64*count; i++) { - test_ecdsa_end_to_end(); - } -} - -int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_der, int certainly_not_der) { - static const unsigned char zeroes[32] = {0}; -#ifdef ENABLE_OPENSSL_TESTS - static const unsigned char max_scalar[32] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, - 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, - 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40 - }; -#endif - - int ret = 0; - - secp256k1_ecdsa_signature sig_der; - unsigned char roundtrip_der[2048]; - unsigned char compact_der[64]; - size_t len_der = 2048; - int parsed_der = 0, valid_der = 0, roundtrips_der = 0; - - secp256k1_ecdsa_signature sig_der_lax; - unsigned char roundtrip_der_lax[2048]; - unsigned char compact_der_lax[64]; - size_t len_der_lax = 2048; - int parsed_der_lax = 0, valid_der_lax = 0, roundtrips_der_lax = 0; - -#ifdef ENABLE_OPENSSL_TESTS - ECDSA_SIG *sig_openssl; - const BIGNUM *r = NULL, *s = NULL; - const unsigned char *sigptr; - unsigned char roundtrip_openssl[2048]; - int len_openssl = 2048; - int parsed_openssl, valid_openssl = 0, roundtrips_openssl = 0; -#endif - - parsed_der = secp256k1_ecdsa_signature_parse_der(ctx, &sig_der, sig, siglen); - if (parsed_der) { - ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der, &sig_der)) << 0; - valid_der = (memcmp(compact_der, zeroes, 32) != 0) && (memcmp(compact_der + 32, zeroes, 32) != 0); - } - if (valid_der) { - ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der, &len_der, &sig_der)) << 1; - roundtrips_der = (len_der == siglen) && memcmp(roundtrip_der, sig, siglen) == 0; - } - - parsed_der_lax = ecdsa_signature_parse_der_lax(ctx, &sig_der_lax, sig, siglen); - if (parsed_der_lax) { - ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der_lax, &sig_der_lax)) << 10; - valid_der_lax = (memcmp(compact_der_lax, zeroes, 32) != 0) && (memcmp(compact_der_lax + 32, zeroes, 32) != 0); - } - if (valid_der_lax) { - ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; - roundtrips_der_lax = (len_der_lax == siglen) && memcmp(roundtrip_der_lax, sig, siglen) == 0; - } - - if (certainly_der) { - ret |= (!parsed_der) << 2; - } - if (certainly_not_der) { - ret |= (parsed_der) << 17; - } - if (valid_der) { - ret |= (!roundtrips_der) << 3; - } - - if (valid_der) { - ret |= (!roundtrips_der_lax) << 12; - ret |= (len_der != len_der_lax) << 13; - ret |= ((len_der != len_der_lax) || (memcmp(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14; - } - ret |= (roundtrips_der != roundtrips_der_lax) << 15; - if (parsed_der) { - ret |= (!parsed_der_lax) << 16; - } - -#ifdef ENABLE_OPENSSL_TESTS - sig_openssl = ECDSA_SIG_new(); - sigptr = sig; - parsed_openssl = (d2i_ECDSA_SIG(&sig_openssl, &sigptr, siglen) != NULL); - if (parsed_openssl) { - ECDSA_SIG_get0(sig_openssl, &r, &s); - valid_openssl = !BN_is_negative(r) && !BN_is_negative(s) && BN_num_bits(r) > 0 && BN_num_bits(r) <= 256 && BN_num_bits(s) > 0 && BN_num_bits(s) <= 256; - if (valid_openssl) { - unsigned char tmp[32] = {0}; - BN_bn2bin(r, tmp + 32 - BN_num_bytes(r)); - valid_openssl = memcmp(tmp, max_scalar, 32) < 0; - } - if (valid_openssl) { - unsigned char tmp[32] = {0}; - BN_bn2bin(s, tmp + 32 - BN_num_bytes(s)); - valid_openssl = memcmp(tmp, max_scalar, 32) < 0; - } - } - len_openssl = i2d_ECDSA_SIG(sig_openssl, NULL); - if (len_openssl <= 2048) { - unsigned char *ptr = roundtrip_openssl; - CHECK(i2d_ECDSA_SIG(sig_openssl, &ptr) == len_openssl); - roundtrips_openssl = valid_openssl && ((size_t)len_openssl == siglen) && (memcmp(roundtrip_openssl, sig, siglen) == 0); - } else { - len_openssl = 0; - } - ECDSA_SIG_free(sig_openssl); - - ret |= (parsed_der && !parsed_openssl) << 4; - ret |= (valid_der && !valid_openssl) << 5; - ret |= (roundtrips_openssl && !parsed_der) << 6; - ret |= (roundtrips_der != roundtrips_openssl) << 7; - if (roundtrips_openssl) { - ret |= (len_der != (size_t)len_openssl) << 8; - ret |= ((len_der != (size_t)len_openssl) || (memcmp(roundtrip_der, roundtrip_openssl, len_der) != 0)) << 9; - } -#endif - return ret; -} - -static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val) { - size_t i; - for (i = 0; i < ptrlen; i++) { - int shift = ptrlen - 1 - i; - if (shift >= 4) { - ptr[i] = 0; - } else { - ptr[i] = (val >> shift) & 0xFF; - } - } -} - -static void damage_array(unsigned char *sig, size_t *len) { - int pos; - int action = secp256k1_rand_bits(3); - if (action < 1 && *len > 3) { - /* Delete a byte. */ - pos = secp256k1_rand_int(*len); - memmove(sig + pos, sig + pos + 1, *len - pos - 1); - (*len)--; - return; - } else if (action < 2 && *len < 2048) { - /* Insert a byte. */ - pos = secp256k1_rand_int(1 + *len); - memmove(sig + pos + 1, sig + pos, *len - pos); - sig[pos] = secp256k1_rand_bits(8); - (*len)++; - return; - } else if (action < 4) { - /* Modify a byte. */ - sig[secp256k1_rand_int(*len)] += 1 + secp256k1_rand_int(255); - return; - } else { /* action < 8 */ - /* Modify a bit. */ - sig[secp256k1_rand_int(*len)] ^= 1 << secp256k1_rand_bits(3); - return; - } -} - -static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly_der, int* certainly_not_der) { - int der; - int nlow[2], nlen[2], nlenlen[2], nhbit[2], nhbyte[2], nzlen[2]; - size_t tlen, elen, glen; - int indet; - int n; - - *len = 0; - der = secp256k1_rand_bits(2) == 0; - *certainly_der = der; - *certainly_not_der = 0; - indet = der ? 0 : secp256k1_rand_int(10) == 0; - - for (n = 0; n < 2; n++) { - /* We generate two classes of numbers: nlow==1 "low" ones (up to 32 bytes), nlow==0 "high" ones (32 bytes with 129 top bits set, or larger than 32 bytes) */ - nlow[n] = der ? 1 : (secp256k1_rand_bits(3) != 0); - /* The length of the number in bytes (the first byte of which will always be nonzero) */ - nlen[n] = nlow[n] ? secp256k1_rand_int(33) : 32 + secp256k1_rand_int(200) * secp256k1_rand_int(8) / 8; - CHECK(nlen[n] <= 232); - /* The top bit of the number. */ - nhbit[n] = (nlow[n] == 0 && nlen[n] == 32) ? 1 : (nlen[n] == 0 ? 0 : secp256k1_rand_bits(1)); - /* The top byte of the number (after the potential hardcoded 16 0xFF characters for "high" 32 bytes numbers) */ - nhbyte[n] = nlen[n] == 0 ? 0 : (nhbit[n] ? 128 + secp256k1_rand_bits(7) : 1 + secp256k1_rand_int(127)); - /* The number of zero bytes in front of the number (which is 0 or 1 in case of DER, otherwise we extend up to 300 bytes) */ - nzlen[n] = der ? ((nlen[n] == 0 || nhbit[n]) ? 1 : 0) : (nlow[n] ? secp256k1_rand_int(3) : secp256k1_rand_int(300 - nlen[n]) * secp256k1_rand_int(8) / 8); - if (nzlen[n] > ((nlen[n] == 0 || nhbit[n]) ? 1 : 0)) { - *certainly_not_der = 1; - } - CHECK(nlen[n] + nzlen[n] <= 300); - /* The length of the length descriptor for the number. 0 means short encoding, anything else is long encoding. */ - nlenlen[n] = nlen[n] + nzlen[n] < 128 ? 0 : (nlen[n] + nzlen[n] < 256 ? 1 : 2); - if (!der) { - /* nlenlen[n] max 127 bytes */ - int add = secp256k1_rand_int(127 - nlenlen[n]) * secp256k1_rand_int(16) * secp256k1_rand_int(16) / 256; - nlenlen[n] += add; - if (add != 0) { - *certainly_not_der = 1; - } - } - CHECK(nlen[n] + nzlen[n] + nlenlen[n] <= 427); - } - - /* The total length of the data to go, so far */ - tlen = 2 + nlenlen[0] + nlen[0] + nzlen[0] + 2 + nlenlen[1] + nlen[1] + nzlen[1]; - CHECK(tlen <= 856); - - /* The length of the garbage inside the tuple. */ - elen = (der || indet) ? 0 : secp256k1_rand_int(980 - tlen) * secp256k1_rand_int(8) / 8; - if (elen != 0) { - *certainly_not_der = 1; - } - tlen += elen; - CHECK(tlen <= 980); - - /* The length of the garbage after the end of the tuple. */ - glen = der ? 0 : secp256k1_rand_int(990 - tlen) * secp256k1_rand_int(8) / 8; - if (glen != 0) { - *certainly_not_der = 1; - } - CHECK(tlen + glen <= 990); - - /* Write the tuple header. */ - sig[(*len)++] = 0x30; - if (indet) { - /* Indeterminate length */ - sig[(*len)++] = 0x80; - *certainly_not_der = 1; - } else { - int tlenlen = tlen < 128 ? 0 : (tlen < 256 ? 1 : 2); - if (!der) { - int add = secp256k1_rand_int(127 - tlenlen) * secp256k1_rand_int(16) * secp256k1_rand_int(16) / 256; - tlenlen += add; - if (add != 0) { - *certainly_not_der = 1; - } - } - if (tlenlen == 0) { - /* Short length notation */ - sig[(*len)++] = tlen; - } else { - /* Long length notation */ - sig[(*len)++] = 128 + tlenlen; - assign_big_endian(sig + *len, tlenlen, tlen); - *len += tlenlen; - } - tlen += tlenlen; - } - tlen += 2; - CHECK(tlen + glen <= 1119); - - for (n = 0; n < 2; n++) { - /* Write the integer header. */ - sig[(*len)++] = 0x02; - if (nlenlen[n] == 0) { - /* Short length notation */ - sig[(*len)++] = nlen[n] + nzlen[n]; - } else { - /* Long length notation. */ - sig[(*len)++] = 128 + nlenlen[n]; - assign_big_endian(sig + *len, nlenlen[n], nlen[n] + nzlen[n]); - *len += nlenlen[n]; - } - /* Write zero padding */ - while (nzlen[n] > 0) { - sig[(*len)++] = 0x00; - nzlen[n]--; - } - if (nlen[n] == 32 && !nlow[n]) { - /* Special extra 16 0xFF bytes in "high" 32-byte numbers */ - int i; - for (i = 0; i < 16; i++) { - sig[(*len)++] = 0xFF; - } - nlen[n] -= 16; - } - /* Write first byte of number */ - if (nlen[n] > 0) { - sig[(*len)++] = nhbyte[n]; - nlen[n]--; - } - /* Generate remaining random bytes of number */ - secp256k1_rand_bytes_test(sig + *len, nlen[n]); - *len += nlen[n]; - nlen[n] = 0; - } - - /* Generate random garbage inside tuple. */ - secp256k1_rand_bytes_test(sig + *len, elen); - *len += elen; - - /* Generate end-of-contents bytes. */ - if (indet) { - sig[(*len)++] = 0; - sig[(*len)++] = 0; - tlen += 2; - } - CHECK(tlen + glen <= 1121); - - /* Generate random garbage outside tuple. */ - secp256k1_rand_bytes_test(sig + *len, glen); - *len += glen; - tlen += glen; - CHECK(tlen <= 1121); - CHECK(tlen == *len); -} - -void run_ecdsa_der_parse(void) { - int i,j; - for (i = 0; i < 200 * count; i++) { - unsigned char buffer[2048]; - size_t buflen = 0; - int certainly_der = 0; - int certainly_not_der = 0; - random_ber_signature(buffer, &buflen, &certainly_der, &certainly_not_der); - CHECK(buflen <= 2048); - for (j = 0; j < 16; j++) { - int ret = 0; - if (j > 0) { - damage_array(buffer, &buflen); - /* We don't know anything anymore about the DERness of the result */ - certainly_der = 0; - certainly_not_der = 0; - } - ret = test_ecdsa_der_parse(buffer, buflen, certainly_der, certainly_not_der); - if (ret != 0) { - size_t k; - fprintf(stderr, "Failure %x on ", ret); - for (k = 0; k < buflen; k++) { - fprintf(stderr, "%02x ", buffer[k]); - } - fprintf(stderr, "\n"); - } - CHECK(ret == 0); - } - } -} - -/* Tests several edge cases. */ -void test_ecdsa_edge_cases(void) { - int t; - secp256k1_ecdsa_signature sig; - - /* Test the case where ECDSA recomputes a point that is infinity. */ - { - secp256k1_gej keyj; - secp256k1_ge key; - secp256k1_scalar msg; - secp256k1_scalar sr, ss; - secp256k1_scalar_set_int(&ss, 1); - secp256k1_scalar_negate(&ss, &ss); - secp256k1_scalar_inverse(&ss, &ss); - secp256k1_scalar_set_int(&sr, 1); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &keyj, &sr); - secp256k1_ge_set_gej(&key, &keyj); - msg = ss; - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); - } - - /* Verify signature with r of zero fails. */ - { - const unsigned char pubkey_mods_zero[33] = { - 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, - 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, - 0x41 - }; - secp256k1_ge key; - secp256k1_scalar msg; - secp256k1_scalar sr, ss; - secp256k1_scalar_set_int(&ss, 1); - secp256k1_scalar_set_int(&msg, 0); - secp256k1_scalar_set_int(&sr, 0); - CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey_mods_zero, 33)); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); - } - - /* Verify signature with s of zero fails. */ - { - const unsigned char pubkey[33] = { - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x01 - }; - secp256k1_ge key; - secp256k1_scalar msg; - secp256k1_scalar sr, ss; - secp256k1_scalar_set_int(&ss, 0); - secp256k1_scalar_set_int(&msg, 0); - secp256k1_scalar_set_int(&sr, 1); - CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); - } - - /* Verify signature with message 0 passes. */ - { - const unsigned char pubkey[33] = { - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x02 - }; - const unsigned char pubkey2[33] = { - 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, - 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, - 0x43 - }; - secp256k1_ge key; - secp256k1_ge key2; - secp256k1_scalar msg; - secp256k1_scalar sr, ss; - secp256k1_scalar_set_int(&ss, 2); - secp256k1_scalar_set_int(&msg, 0); - secp256k1_scalar_set_int(&sr, 2); - CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(secp256k1_eckey_pubkey_parse(&key2, pubkey2, 33)); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); - secp256k1_scalar_negate(&ss, &ss); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); - secp256k1_scalar_set_int(&ss, 1); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 0); - } - - /* Verify signature with message 1 passes. */ - { - const unsigned char pubkey[33] = { - 0x02, 0x14, 0x4e, 0x5a, 0x58, 0xef, 0x5b, 0x22, - 0x6f, 0xd2, 0xe2, 0x07, 0x6a, 0x77, 0xcf, 0x05, - 0xb4, 0x1d, 0xe7, 0x4a, 0x30, 0x98, 0x27, 0x8c, - 0x93, 0xe6, 0xe6, 0x3c, 0x0b, 0xc4, 0x73, 0x76, - 0x25 - }; - const unsigned char pubkey2[33] = { - 0x02, 0x8a, 0xd5, 0x37, 0xed, 0x73, 0xd9, 0x40, - 0x1d, 0xa0, 0x33, 0xd2, 0xdc, 0xf0, 0xaf, 0xae, - 0x34, 0xcf, 0x5f, 0x96, 0x4c, 0x73, 0x28, 0x0f, - 0x92, 0xc0, 0xf6, 0x9d, 0xd9, 0xb2, 0x09, 0x10, - 0x62 - }; - const unsigned char csr[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, - 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xeb - }; - secp256k1_ge key; - secp256k1_ge key2; - secp256k1_scalar msg; - secp256k1_scalar sr, ss; - secp256k1_scalar_set_int(&ss, 1); - secp256k1_scalar_set_int(&msg, 1); - secp256k1_scalar_set_b32(&sr, csr, NULL); - CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(secp256k1_eckey_pubkey_parse(&key2, pubkey2, 33)); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); - secp256k1_scalar_negate(&ss, &ss); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); - secp256k1_scalar_set_int(&ss, 2); - secp256k1_scalar_inverse_var(&ss, &ss); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 0); - } - - /* Verify signature with message -1 passes. */ - { - const unsigned char pubkey[33] = { - 0x03, 0xaf, 0x97, 0xff, 0x7d, 0x3a, 0xf6, 0xa0, - 0x02, 0x94, 0xbd, 0x9f, 0x4b, 0x2e, 0xd7, 0x52, - 0x28, 0xdb, 0x49, 0x2a, 0x65, 0xcb, 0x1e, 0x27, - 0x57, 0x9c, 0xba, 0x74, 0x20, 0xd5, 0x1d, 0x20, - 0xf1 - }; - const unsigned char csr[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, - 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xee - }; - secp256k1_ge key; - secp256k1_scalar msg; - secp256k1_scalar sr, ss; - secp256k1_scalar_set_int(&ss, 1); - secp256k1_scalar_set_int(&msg, 1); - secp256k1_scalar_negate(&msg, &msg); - secp256k1_scalar_set_b32(&sr, csr, NULL); - CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - secp256k1_scalar_negate(&ss, &ss); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - secp256k1_scalar_set_int(&ss, 3); - secp256k1_scalar_inverse_var(&ss, &ss); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); - } - - /* Signature where s would be zero. */ - { - secp256k1_pubkey pubkey; - size_t siglen; - int32_t ecount; - unsigned char signature[72]; - static const unsigned char nonce[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - }; - static const unsigned char nonce2[32] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, - 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, - 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40 - }; - const unsigned char key[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - }; - unsigned char msg[32] = { - 0x86, 0x41, 0x99, 0x81, 0x06, 0x23, 0x44, 0x53, - 0xaa, 0x5f, 0x9d, 0x6a, 0x31, 0x78, 0xf4, 0xf7, - 0xb8, 0x12, 0xe0, 0x0b, 0x81, 0x7a, 0x77, 0x62, - 0x65, 0xdf, 0xdd, 0x31, 0xb9, 0x3e, 0x29, 0xa9, - }; - ecount = 0; - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 0); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 0); - msg[31] = 0xaa; - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 1); - CHECK(ecount == 0); - CHECK(secp256k1_ecdsa_sign(ctx, NULL, msg, key, precomputed_nonce_function, nonce2) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, NULL, key, precomputed_nonce_function, nonce2) == 0); - CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, NULL, precomputed_nonce_function, nonce2) == 0); - CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, key) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, NULL, msg, &pubkey) == 0); - CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, NULL, &pubkey) == 0); - CHECK(ecount == 5); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, NULL) == 0); - CHECK(ecount == 6); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 1); - CHECK(ecount == 6); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); - CHECK(ecount == 7); - /* That pubkeyload fails via an ARGCHECK is a little odd but makes sense because pubkeys are an opaque data type. */ - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 0); - CHECK(ecount == 8); - siglen = 72; - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, NULL, &siglen, &sig) == 0); - CHECK(ecount == 9); - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, NULL, &sig) == 0); - CHECK(ecount == 10); - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, NULL) == 0); - CHECK(ecount == 11); - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 1); - CHECK(ecount == 11); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, NULL, signature, siglen) == 0); - CHECK(ecount == 12); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, NULL, siglen) == 0); - CHECK(ecount == 13); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, signature, siglen) == 1); - CHECK(ecount == 13); - siglen = 10; - /* Too little room for a signature does not fail via ARGCHECK. */ - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 0); - CHECK(ecount == 13); - ecount = 0; - CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, NULL) == 0); - CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, NULL, &sig) == 0); - CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, signature, NULL) == 0); - CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, signature, &sig) == 1); - CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, NULL, signature) == 0); - CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, NULL) == 0); - CHECK(ecount == 5); - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, signature) == 1); - CHECK(ecount == 5); - memset(signature, 255, 64); - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, signature) == 0); - CHECK(ecount == 5); - secp256k1_context_set_illegal_callback(ctx, NULL, NULL); - } - - /* Nonce function corner cases. */ - for (t = 0; t < 2; t++) { - static const unsigned char zero[32] = {0x00}; - int i; - unsigned char key[32]; - unsigned char msg[32]; - secp256k1_ecdsa_signature sig2; - secp256k1_scalar sr[512], ss; - const unsigned char *extra; - extra = t == 0 ? NULL : zero; - memset(msg, 0, 32); - msg[31] = 1; - /* High key results in signature failure. */ - memset(key, 0xFF, 32); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); - CHECK(is_empty_signature(&sig)); - /* Zero key results in signature failure. */ - memset(key, 0, 32); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); - CHECK(is_empty_signature(&sig)); - /* Nonce function failure results in signature failure. */ - key[31] = 1; - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_fail, extra) == 0); - CHECK(is_empty_signature(&sig)); - /* The retry loop successfully makes its way to the first good value. */ - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_retry, extra) == 1); - CHECK(!is_empty_signature(&sig)); - CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); - CHECK(!is_empty_signature(&sig2)); - CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); - /* The default nonce function is deterministic. */ - CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); - CHECK(!is_empty_signature(&sig2)); - CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); - /* The default nonce function changes output with different messages. */ - for(i = 0; i < 256; i++) { - int j; - msg[0] = i; - CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); - CHECK(!is_empty_signature(&sig2)); - secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); - for (j = 0; j < i; j++) { - CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); - } - } - msg[0] = 0; - msg[31] = 2; - /* The default nonce function changes output with different keys. */ - for(i = 256; i < 512; i++) { - int j; - key[0] = i - 256; - CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); - CHECK(!is_empty_signature(&sig2)); - secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); - for (j = 0; j < i; j++) { - CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); - } - } - key[0] = 0; - } - - { - /* Check that optional nonce arguments do not have equivalent effect. */ - const unsigned char zeros[32] = {0}; - unsigned char nonce[32]; - unsigned char nonce2[32]; - unsigned char nonce3[32]; - unsigned char nonce4[32]; - VG_UNDEF(nonce,32); - VG_UNDEF(nonce2,32); - VG_UNDEF(nonce3,32); - VG_UNDEF(nonce4,32); - CHECK(nonce_function_rfc6979(nonce, zeros, zeros, NULL, NULL, 0) == 1); - VG_CHECK(nonce,32); - CHECK(nonce_function_rfc6979(nonce2, zeros, zeros, zeros, NULL, 0) == 1); - VG_CHECK(nonce2,32); - CHECK(nonce_function_rfc6979(nonce3, zeros, zeros, NULL, (void *)zeros, 0) == 1); - VG_CHECK(nonce3,32); - CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1); - VG_CHECK(nonce4,32); - CHECK(memcmp(nonce, nonce2, 32) != 0); - CHECK(memcmp(nonce, nonce3, 32) != 0); - CHECK(memcmp(nonce, nonce4, 32) != 0); - CHECK(memcmp(nonce2, nonce3, 32) != 0); - CHECK(memcmp(nonce2, nonce4, 32) != 0); - CHECK(memcmp(nonce3, nonce4, 32) != 0); - } - - - /* Privkey export where pubkey is the point at infinity. */ - { - unsigned char privkey[300]; - unsigned char seckey[32] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, - 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, - 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41, - }; - size_t outlen = 300; - CHECK(!ec_privkey_export_der(ctx, privkey, &outlen, seckey, 0)); - outlen = 300; - CHECK(!ec_privkey_export_der(ctx, privkey, &outlen, seckey, 1)); - } -} - -void run_ecdsa_edge_cases(void) { - test_ecdsa_edge_cases(); -} - -#ifdef ENABLE_OPENSSL_TESTS -EC_KEY *get_openssl_key(const unsigned char *key32) { - unsigned char privkey[300]; - size_t privkeylen; - const unsigned char* pbegin = privkey; - int compr = secp256k1_rand_bits(1); - EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_secp256k1); - CHECK(ec_privkey_export_der(ctx, privkey, &privkeylen, key32, compr)); - CHECK(d2i_ECPrivateKey(&ec_key, &pbegin, privkeylen)); - CHECK(EC_KEY_check_key(ec_key)); - return ec_key; -} - -void test_ecdsa_openssl(void) { - secp256k1_gej qj; - secp256k1_ge q; - secp256k1_scalar sigr, sigs; - secp256k1_scalar one; - secp256k1_scalar msg2; - secp256k1_scalar key, msg; - EC_KEY *ec_key; - unsigned int sigsize = 80; - size_t secp_sigsize = 80; - unsigned char message[32]; - unsigned char signature[80]; - unsigned char key32[32]; - secp256k1_rand256_test(message); - secp256k1_scalar_set_b32(&msg, message, NULL); - random_scalar_order_test(&key); - secp256k1_scalar_get_b32(key32, &key); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &qj, &key); - secp256k1_ge_set_gej(&q, &qj); - ec_key = get_openssl_key(key32); - CHECK(ec_key != NULL); - CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); - CHECK(secp256k1_ecdsa_sig_parse(&sigr, &sigs, signature, sigsize)); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg)); - secp256k1_scalar_set_int(&one, 1); - secp256k1_scalar_add(&msg2, &msg, &one); - CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg2)); - - random_sign(&sigr, &sigs, &key, &msg, NULL); - CHECK(secp256k1_ecdsa_sig_serialize(signature, &secp_sigsize, &sigr, &sigs)); - CHECK(ECDSA_verify(0, message, sizeof(message), signature, secp_sigsize, ec_key) == 1); - - EC_KEY_free(ec_key); -} - -void run_ecdsa_openssl(void) { - int i; - for (i = 0; i < 10*count; i++) { - test_ecdsa_openssl(); - } -} -#endif - -#ifdef ENABLE_MODULE_ECDH -# include "modules/ecdh/tests_impl.h" -#endif - -#ifdef ENABLE_MODULE_RECOVERY -# include "modules/recovery/tests_impl.h" -#endif - -int main(int argc, char **argv) { - unsigned char seed16[16] = {0}; - unsigned char run32[32] = {0}; - /* find iteration count */ - if (argc > 1) { - count = strtol(argv[1], NULL, 0); - } - - /* find random seed */ - if (argc > 2) { - int pos = 0; - const char* ch = argv[2]; - while (pos < 16 && ch[0] != 0 && ch[1] != 0) { - unsigned short sh; - if ((sscanf(ch, "%2hx", &sh)) == 1) { - seed16[pos] = sh; - } else { - break; - } - ch += 2; - pos++; - } - } else { - FILE *frand = fopen("/dev/urandom", "r"); - if ((frand == NULL) || fread(&seed16, 1, sizeof(seed16), frand) != sizeof(seed16)) { - uint64_t t = time(NULL) * (uint64_t)1337; - fprintf(stderr, "WARNING: could not read 16 bytes from /dev/urandom; falling back to insecure PRNG\n"); - seed16[0] ^= t; - seed16[1] ^= t >> 8; - seed16[2] ^= t >> 16; - seed16[3] ^= t >> 24; - seed16[4] ^= t >> 32; - seed16[5] ^= t >> 40; - seed16[6] ^= t >> 48; - seed16[7] ^= t >> 56; - } - if (frand) { - fclose(frand); - } - } - secp256k1_rand_seed(seed16); - - printf("test count = %i\n", count); - printf("random seed = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", seed16[0], seed16[1], seed16[2], seed16[3], seed16[4], seed16[5], seed16[6], seed16[7], seed16[8], seed16[9], seed16[10], seed16[11], seed16[12], seed16[13], seed16[14], seed16[15]); - - /* initialize */ - run_context_tests(0); - run_context_tests(1); - run_scratch_tests(); - ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - if (secp256k1_rand_bits(1)) { - secp256k1_rand256(run32); - CHECK(secp256k1_context_randomize(ctx, secp256k1_rand_bits(1) ? run32 : NULL)); - } - - run_rand_bits(); - run_rand_int(); - - run_sha256_tests(); - run_hmac_sha256_tests(); - run_rfc6979_hmac_sha256_tests(); - -#ifndef USE_NUM_NONE - /* num tests */ - run_num_smalltests(); -#endif - - /* scalar tests */ - run_scalar_tests(); - - /* field tests */ - run_field_inv(); - run_field_inv_var(); - run_field_inv_all_var(); - run_field_misc(); - run_field_convert(); - run_sqr(); - run_sqrt(); - - /* group tests */ - run_ge(); - run_group_decompress(); - - /* ecmult tests */ - run_wnaf(); - run_point_times_order(); - run_ecmult_chain(); - run_ecmult_constants(); - run_ecmult_gen_blind(); - run_ecmult_const_tests(); - run_ecmult_multi_tests(); - run_ec_combine(); - - /* endomorphism tests */ -#ifdef USE_ENDOMORPHISM - run_endomorphism_tests(); -#endif - - /* EC point parser test */ - run_ec_pubkey_parse_test(); - - /* EC key edge cases */ - run_eckey_edge_case_test(); - -#ifdef ENABLE_MODULE_ECDH - /* ecdh tests */ - run_ecdh_tests(); -#endif - - /* ecdsa tests */ - run_random_pubkeys(); - run_ecdsa_der_parse(); - run_ecdsa_sign_verify(); - run_ecdsa_end_to_end(); - run_ecdsa_edge_cases(); -#ifdef ENABLE_OPENSSL_TESTS - run_ecdsa_openssl(); -#endif - -#ifdef ENABLE_MODULE_RECOVERY - /* ECDSA pubkey recovery tests */ - run_recovery_tests(); -#endif - - secp256k1_rand256(run32); - printf("random run = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", run32[0], run32[1], run32[2], run32[3], run32[4], run32[5], run32[6], run32[7], run32[8], run32[9], run32[10], run32[11], run32[12], run32[13], run32[14], run32[15]); - - /* shutdown */ - secp256k1_context_destroy(ctx); - - printf("no problems found\n"); - return 0; -} diff --git a/deps/secp256k1/src/tests_exhaustive.c b/deps/secp256k1/src/tests_exhaustive.c deleted file mode 100644 index b44e357cb..000000000 --- a/deps/secp256k1/src/tests_exhaustive.c +++ /dev/null @@ -1,511 +0,0 @@ -/*********************************************************************** - * Copyright (c) 2016 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -#include -#include - -#include - -#undef USE_ECMULT_STATIC_PRECOMPUTATION - -#ifndef EXHAUSTIVE_TEST_ORDER -/* see group_impl.h for allowable values */ -#define EXHAUSTIVE_TEST_ORDER 13 -#define EXHAUSTIVE_TEST_LAMBDA 9 /* cube root of 1 mod 13 */ -#endif - -#include "include/secp256k1.h" -#include "group.h" -#include "secp256k1.c" -#include "testrand_impl.h" - -#ifdef ENABLE_MODULE_RECOVERY -#include "src/modules/recovery/main_impl.h" -#include "include/secp256k1_recovery.h" -#endif - -/** stolen from tests.c */ -void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) { - CHECK(a->infinity == b->infinity); - if (a->infinity) { - return; - } - CHECK(secp256k1_fe_equal_var(&a->x, &b->x)); - CHECK(secp256k1_fe_equal_var(&a->y, &b->y)); -} - -void ge_equals_gej(const secp256k1_ge *a, const secp256k1_gej *b) { - secp256k1_fe z2s; - secp256k1_fe u1, u2, s1, s2; - CHECK(a->infinity == b->infinity); - if (a->infinity) { - return; - } - /* Check a.x * b.z^2 == b.x && a.y * b.z^3 == b.y, to avoid inverses. */ - secp256k1_fe_sqr(&z2s, &b->z); - secp256k1_fe_mul(&u1, &a->x, &z2s); - u2 = b->x; secp256k1_fe_normalize_weak(&u2); - secp256k1_fe_mul(&s1, &a->y, &z2s); secp256k1_fe_mul(&s1, &s1, &b->z); - s2 = b->y; secp256k1_fe_normalize_weak(&s2); - CHECK(secp256k1_fe_equal_var(&u1, &u2)); - CHECK(secp256k1_fe_equal_var(&s1, &s2)); -} - -void random_fe(secp256k1_fe *x) { - unsigned char bin[32]; - do { - secp256k1_rand256(bin); - if (secp256k1_fe_set_b32(x, bin)) { - return; - } - } while(1); -} -/** END stolen from tests.c */ - -int secp256k1_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32, - const unsigned char *key32, const unsigned char *algo16, - void *data, unsigned int attempt) { - secp256k1_scalar s; - int *idata = data; - (void)msg32; - (void)key32; - (void)algo16; - /* Some nonces cannot be used because they'd cause s and/or r to be zero. - * The signing function has retry logic here that just re-calls the nonce - * function with an increased `attempt`. So if attempt > 0 this means we - * need to change the nonce to avoid an infinite loop. */ - if (attempt > 0) { - *idata = (*idata + 1) % EXHAUSTIVE_TEST_ORDER; - } - secp256k1_scalar_set_int(&s, *idata); - secp256k1_scalar_get_b32(nonce32, &s); - return 1; -} - -#ifdef USE_ENDOMORPHISM -void test_exhaustive_endomorphism(const secp256k1_ge *group, int order) { - int i; - for (i = 0; i < order; i++) { - secp256k1_ge res; - secp256k1_ge_mul_lambda(&res, &group[i]); - ge_equals_ge(&group[i * EXHAUSTIVE_TEST_LAMBDA % EXHAUSTIVE_TEST_ORDER], &res); - } -} -#endif - -void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_gej *groupj, int order) { - int i, j; - - /* Sanity-check (and check infinity functions) */ - CHECK(secp256k1_ge_is_infinity(&group[0])); - CHECK(secp256k1_gej_is_infinity(&groupj[0])); - for (i = 1; i < order; i++) { - CHECK(!secp256k1_ge_is_infinity(&group[i])); - CHECK(!secp256k1_gej_is_infinity(&groupj[i])); - } - - /* Check all addition formulae */ - for (j = 0; j < order; j++) { - secp256k1_fe fe_inv; - secp256k1_fe_inv(&fe_inv, &groupj[j].z); - for (i = 0; i < order; i++) { - secp256k1_ge zless_gej; - secp256k1_gej tmp; - /* add_var */ - secp256k1_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL); - ge_equals_gej(&group[(i + j) % order], &tmp); - /* add_ge */ - if (j > 0) { - secp256k1_gej_add_ge(&tmp, &groupj[i], &group[j]); - ge_equals_gej(&group[(i + j) % order], &tmp); - } - /* add_ge_var */ - secp256k1_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL); - ge_equals_gej(&group[(i + j) % order], &tmp); - /* add_zinv_var */ - zless_gej.infinity = groupj[j].infinity; - zless_gej.x = groupj[j].x; - zless_gej.y = groupj[j].y; - secp256k1_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv); - ge_equals_gej(&group[(i + j) % order], &tmp); - } - } - - /* Check doubling */ - for (i = 0; i < order; i++) { - secp256k1_gej tmp; - if (i > 0) { - secp256k1_gej_double_nonzero(&tmp, &groupj[i], NULL); - ge_equals_gej(&group[(2 * i) % order], &tmp); - } - secp256k1_gej_double_var(&tmp, &groupj[i], NULL); - ge_equals_gej(&group[(2 * i) % order], &tmp); - } - - /* Check negation */ - for (i = 1; i < order; i++) { - secp256k1_ge tmp; - secp256k1_gej tmpj; - secp256k1_ge_neg(&tmp, &group[i]); - ge_equals_ge(&group[order - i], &tmp); - secp256k1_gej_neg(&tmpj, &groupj[i]); - ge_equals_gej(&group[order - i], &tmpj); - } -} - -void test_exhaustive_ecmult(const secp256k1_context *ctx, const secp256k1_ge *group, const secp256k1_gej *groupj, int order) { - int i, j, r_log; - for (r_log = 1; r_log < order; r_log++) { - for (j = 0; j < order; j++) { - for (i = 0; i < order; i++) { - secp256k1_gej tmp; - secp256k1_scalar na, ng; - secp256k1_scalar_set_int(&na, i); - secp256k1_scalar_set_int(&ng, j); - - secp256k1_ecmult(&ctx->ecmult_ctx, &tmp, &groupj[r_log], &na, &ng); - ge_equals_gej(&group[(i * r_log + j) % order], &tmp); - - if (i > 0) { - secp256k1_ecmult_const(&tmp, &group[i], &ng, 256); - ge_equals_gej(&group[(i * j) % order], &tmp); - } - } - } - } -} - -typedef struct { - secp256k1_scalar sc[2]; - secp256k1_ge pt[2]; -} ecmult_multi_data; - -static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { - ecmult_multi_data *data = (ecmult_multi_data*) cbdata; - *sc = data->sc[idx]; - *pt = data->pt[idx]; - return 1; -} - -void test_exhaustive_ecmult_multi(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { - int i, j, k, x, y; - secp256k1_scratch *scratch = secp256k1_scratch_create(&ctx->error_callback, 4096); - for (i = 0; i < order; i++) { - for (j = 0; j < order; j++) { - for (k = 0; k < order; k++) { - for (x = 0; x < order; x++) { - for (y = 0; y < order; y++) { - secp256k1_gej tmp; - secp256k1_scalar g_sc; - ecmult_multi_data data; - - secp256k1_scalar_set_int(&data.sc[0], i); - secp256k1_scalar_set_int(&data.sc[1], j); - secp256k1_scalar_set_int(&g_sc, k); - data.pt[0] = group[x]; - data.pt[1] = group[y]; - - secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &tmp, &g_sc, ecmult_multi_callback, &data, 2); - ge_equals_gej(&group[(i * x + j * y + k) % order], &tmp); - } - } - } - } - } - secp256k1_scratch_destroy(&ctx->error_callback, scratch); -} - -void r_from_k(secp256k1_scalar *r, const secp256k1_ge *group, int k) { - secp256k1_fe x; - unsigned char x_bin[32]; - k %= EXHAUSTIVE_TEST_ORDER; - x = group[k].x; - secp256k1_fe_normalize(&x); - secp256k1_fe_get_b32(x_bin, &x); - secp256k1_scalar_set_b32(r, x_bin, NULL); -} - -void test_exhaustive_verify(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { - int s, r, msg, key; - for (s = 1; s < order; s++) { - for (r = 1; r < order; r++) { - for (msg = 1; msg < order; msg++) { - for (key = 1; key < order; key++) { - secp256k1_ge nonconst_ge; - secp256k1_ecdsa_signature sig; - secp256k1_pubkey pk; - secp256k1_scalar sk_s, msg_s, r_s, s_s; - secp256k1_scalar s_times_k_s, msg_plus_r_times_sk_s; - int k, should_verify; - unsigned char msg32[32]; - - secp256k1_scalar_set_int(&s_s, s); - secp256k1_scalar_set_int(&r_s, r); - secp256k1_scalar_set_int(&msg_s, msg); - secp256k1_scalar_set_int(&sk_s, key); - - /* Verify by hand */ - /* Run through every k value that gives us this r and check that *one* works. - * Note there could be none, there could be multiple, ECDSA is weird. */ - should_verify = 0; - for (k = 0; k < order; k++) { - secp256k1_scalar check_x_s; - r_from_k(&check_x_s, group, k); - if (r_s == check_x_s) { - secp256k1_scalar_set_int(&s_times_k_s, k); - secp256k1_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); - secp256k1_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); - secp256k1_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); - should_verify |= secp256k1_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); - } - } - /* nb we have a "high s" rule */ - should_verify &= !secp256k1_scalar_is_high(&s_s); - - /* Verify by calling verify */ - secp256k1_ecdsa_signature_save(&sig, &r_s, &s_s); - memcpy(&nonconst_ge, &group[sk_s], sizeof(nonconst_ge)); - secp256k1_pubkey_save(&pk, &nonconst_ge); - secp256k1_scalar_get_b32(msg32, &msg_s); - CHECK(should_verify == - secp256k1_ecdsa_verify(ctx, &sig, msg32, &pk)); - } - } - } - } -} - -void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { - int i, j, k; - - /* Loop */ - for (i = 1; i < order; i++) { /* message */ - for (j = 1; j < order; j++) { /* key */ - for (k = 1; k < order; k++) { /* nonce */ - const int starting_k = k; - secp256k1_ecdsa_signature sig; - secp256k1_scalar sk, msg, r, s, expected_r; - unsigned char sk32[32], msg32[32]; - secp256k1_scalar_set_int(&msg, i); - secp256k1_scalar_set_int(&sk, j); - secp256k1_scalar_get_b32(sk32, &sk); - secp256k1_scalar_get_b32(msg32, &msg); - - secp256k1_ecdsa_sign(ctx, &sig, msg32, sk32, secp256k1_nonce_function_smallint, &k); - - secp256k1_ecdsa_signature_load(ctx, &r, &s, &sig); - /* Note that we compute expected_r *after* signing -- this is important - * because our nonce-computing function function might change k during - * signing. */ - r_from_k(&expected_r, group, k); - CHECK(r == expected_r); - CHECK((k * s) % order == (i + r * j) % order || - (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); - - /* Overflow means we've tried every possible nonce */ - if (k < starting_k) { - break; - } - } - } - } - - /* We would like to verify zero-knowledge here by counting how often every - * possible (s, r) tuple appears, but because the group order is larger - * than the field order, when coercing the x-values to scalar values, some - * appear more often than others, so we are actually not zero-knowledge. - * (This effect also appears in the real code, but the difference is on the - * order of 1/2^128th the field order, so the deviation is not useful to a - * computationally bounded attacker.) - */ -} - -#ifdef ENABLE_MODULE_RECOVERY -void test_exhaustive_recovery_sign(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { - int i, j, k; - - /* Loop */ - for (i = 1; i < order; i++) { /* message */ - for (j = 1; j < order; j++) { /* key */ - for (k = 1; k < order; k++) { /* nonce */ - const int starting_k = k; - secp256k1_fe r_dot_y_normalized; - secp256k1_ecdsa_recoverable_signature rsig; - secp256k1_ecdsa_signature sig; - secp256k1_scalar sk, msg, r, s, expected_r; - unsigned char sk32[32], msg32[32]; - int expected_recid; - int recid; - secp256k1_scalar_set_int(&msg, i); - secp256k1_scalar_set_int(&sk, j); - secp256k1_scalar_get_b32(sk32, &sk); - secp256k1_scalar_get_b32(msg32, &msg); - - secp256k1_ecdsa_sign_recoverable(ctx, &rsig, msg32, sk32, secp256k1_nonce_function_smallint, &k); - - /* Check directly */ - secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, &rsig); - r_from_k(&expected_r, group, k); - CHECK(r == expected_r); - CHECK((k * s) % order == (i + r * j) % order || - (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); - /* In computing the recid, there is an overflow condition that is disabled in - * scalar_low_impl.h `secp256k1_scalar_set_b32` because almost every r.y value - * will exceed the group order, and our signing code always holds out for r - * values that don't overflow, so with a proper overflow check the tests would - * loop indefinitely. */ - r_dot_y_normalized = group[k].y; - secp256k1_fe_normalize(&r_dot_y_normalized); - /* Also the recovery id is flipped depending if we hit the low-s branch */ - if ((k * s) % order == (i + r * j) % order) { - expected_recid = secp256k1_fe_is_odd(&r_dot_y_normalized) ? 1 : 0; - } else { - expected_recid = secp256k1_fe_is_odd(&r_dot_y_normalized) ? 0 : 1; - } - CHECK(recid == expected_recid); - - /* Convert to a standard sig then check */ - secp256k1_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); - secp256k1_ecdsa_signature_load(ctx, &r, &s, &sig); - /* Note that we compute expected_r *after* signing -- this is important - * because our nonce-computing function function might change k during - * signing. */ - r_from_k(&expected_r, group, k); - CHECK(r == expected_r); - CHECK((k * s) % order == (i + r * j) % order || - (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); - - /* Overflow means we've tried every possible nonce */ - if (k < starting_k) { - break; - } - } - } - } -} - -void test_exhaustive_recovery_verify(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { - /* This is essentially a copy of test_exhaustive_verify, with recovery added */ - int s, r, msg, key; - for (s = 1; s < order; s++) { - for (r = 1; r < order; r++) { - for (msg = 1; msg < order; msg++) { - for (key = 1; key < order; key++) { - secp256k1_ge nonconst_ge; - secp256k1_ecdsa_recoverable_signature rsig; - secp256k1_ecdsa_signature sig; - secp256k1_pubkey pk; - secp256k1_scalar sk_s, msg_s, r_s, s_s; - secp256k1_scalar s_times_k_s, msg_plus_r_times_sk_s; - int recid = 0; - int k, should_verify; - unsigned char msg32[32]; - - secp256k1_scalar_set_int(&s_s, s); - secp256k1_scalar_set_int(&r_s, r); - secp256k1_scalar_set_int(&msg_s, msg); - secp256k1_scalar_set_int(&sk_s, key); - secp256k1_scalar_get_b32(msg32, &msg_s); - - /* Verify by hand */ - /* Run through every k value that gives us this r and check that *one* works. - * Note there could be none, there could be multiple, ECDSA is weird. */ - should_verify = 0; - for (k = 0; k < order; k++) { - secp256k1_scalar check_x_s; - r_from_k(&check_x_s, group, k); - if (r_s == check_x_s) { - secp256k1_scalar_set_int(&s_times_k_s, k); - secp256k1_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); - secp256k1_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); - secp256k1_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); - should_verify |= secp256k1_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); - } - } - /* nb we have a "high s" rule */ - should_verify &= !secp256k1_scalar_is_high(&s_s); - - /* We would like to try recovering the pubkey and checking that it matches, - * but pubkey recovery is impossible in the exhaustive tests (the reason - * being that there are 12 nonzero r values, 12 nonzero points, and no - * overlap between the sets, so there are no valid signatures). */ - - /* Verify by converting to a standard signature and calling verify */ - secp256k1_ecdsa_recoverable_signature_save(&rsig, &r_s, &s_s, recid); - secp256k1_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); - memcpy(&nonconst_ge, &group[sk_s], sizeof(nonconst_ge)); - secp256k1_pubkey_save(&pk, &nonconst_ge); - CHECK(should_verify == - secp256k1_ecdsa_verify(ctx, &sig, msg32, &pk)); - } - } - } - } -} -#endif - -int main(void) { - int i; - secp256k1_gej groupj[EXHAUSTIVE_TEST_ORDER]; - secp256k1_ge group[EXHAUSTIVE_TEST_ORDER]; - - /* Build context */ - secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - - /* TODO set z = 1, then do num_tests runs with random z values */ - - /* Generate the entire group */ - secp256k1_gej_set_infinity(&groupj[0]); - secp256k1_ge_set_gej(&group[0], &groupj[0]); - for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { - /* Set a different random z-value for each Jacobian point */ - secp256k1_fe z; - random_fe(&z); - - secp256k1_gej_add_ge(&groupj[i], &groupj[i - 1], &secp256k1_ge_const_g); - secp256k1_ge_set_gej(&group[i], &groupj[i]); - secp256k1_gej_rescale(&groupj[i], &z); - - /* Verify against ecmult_gen */ - { - secp256k1_scalar scalar_i; - secp256k1_gej generatedj; - secp256k1_ge generated; - - secp256k1_scalar_set_int(&scalar_i, i); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); - secp256k1_ge_set_gej(&generated, &generatedj); - - CHECK(group[i].infinity == 0); - CHECK(generated.infinity == 0); - CHECK(secp256k1_fe_equal_var(&generated.x, &group[i].x)); - CHECK(secp256k1_fe_equal_var(&generated.y, &group[i].y)); - } - } - - /* Run the tests */ -#ifdef USE_ENDOMORPHISM - test_exhaustive_endomorphism(group, EXHAUSTIVE_TEST_ORDER); -#endif - test_exhaustive_addition(group, groupj, EXHAUSTIVE_TEST_ORDER); - test_exhaustive_ecmult(ctx, group, groupj, EXHAUSTIVE_TEST_ORDER); - test_exhaustive_ecmult_multi(ctx, group, EXHAUSTIVE_TEST_ORDER); - test_exhaustive_sign(ctx, group, EXHAUSTIVE_TEST_ORDER); - test_exhaustive_verify(ctx, group, EXHAUSTIVE_TEST_ORDER); - -#ifdef ENABLE_MODULE_RECOVERY - test_exhaustive_recovery_sign(ctx, group, EXHAUSTIVE_TEST_ORDER); - test_exhaustive_recovery_verify(ctx, group, EXHAUSTIVE_TEST_ORDER); -#endif - - secp256k1_context_destroy(ctx); - return 0; -} - diff --git a/deps/secp256k1/src/util.h b/deps/secp256k1/src/util.h deleted file mode 100644 index 9deb61bc5..000000000 --- a/deps/secp256k1/src/util.h +++ /dev/null @@ -1,162 +0,0 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ - -#ifndef SECP256K1_UTIL_H -#define SECP256K1_UTIL_H - -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - -#include -#include -#include - -typedef struct { - void (*fn)(const char *text, void* data); - const void* data; -} secp256k1_callback; - -static SECP256K1_INLINE void secp256k1_callback_call(const secp256k1_callback * const cb, const char * const text) { - cb->fn(text, (void*)cb->data); -} - -#ifdef DETERMINISTIC -#define TEST_FAILURE(msg) do { \ - fprintf(stderr, "%s\n", msg); \ - abort(); \ -} while(0); -#else -#define TEST_FAILURE(msg) do { \ - fprintf(stderr, "%s:%d: %s\n", __FILE__, __LINE__, msg); \ - abort(); \ -} while(0) -#endif - -#if SECP256K1_GNUC_PREREQ(3, 0) -#define EXPECT(x,c) __builtin_expect((x),(c)) -#else -#define EXPECT(x,c) (x) -#endif - -#ifdef DETERMINISTIC -#define CHECK(cond) do { \ - if (EXPECT(!(cond), 0)) { \ - TEST_FAILURE("test condition failed"); \ - } \ -} while(0) -#else -#define CHECK(cond) do { \ - if (EXPECT(!(cond), 0)) { \ - TEST_FAILURE("test condition failed: " #cond); \ - } \ -} while(0) -#endif - -/* Like assert(), but when VERIFY is defined, and side-effect safe. */ -#if defined(COVERAGE) -#define VERIFY_CHECK(check) -#define VERIFY_SETUP(stmt) -#elif defined(VERIFY) -#define VERIFY_CHECK CHECK -#define VERIFY_SETUP(stmt) do { stmt; } while(0) -#else -#define VERIFY_CHECK(cond) do { (void)(cond); } while(0) -#define VERIFY_SETUP(stmt) -#endif - -static SECP256K1_INLINE void *checked_malloc(const secp256k1_callback* cb, size_t size) { - void *ret = malloc(size); - if (ret == NULL) { - secp256k1_callback_call(cb, "Out of memory"); - } - return ret; -} - -static SECP256K1_INLINE void *checked_realloc(const secp256k1_callback* cb, void *ptr, size_t size) { - void *ret = realloc(ptr, size); - if (ret == NULL) { - secp256k1_callback_call(cb, "Out of memory"); - } - return ret; -} - -#if defined(__BIGGEST_ALIGNMENT__) -#define ALIGNMENT __BIGGEST_ALIGNMENT__ -#else -/* Using 16 bytes alignment because common architectures never have alignment - * requirements above 8 for any of the types we care about. In addition we - * leave some room because currently we don't care about a few bytes. */ -#define ALIGNMENT 16 -#endif - -#define ROUND_TO_ALIGN(size) (((size + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT) - -/* Assume there is a contiguous memory object with bounds [base, base + max_size) - * of which the memory range [base, *prealloc_ptr) is already allocated for usage, - * where *prealloc_ptr is an aligned pointer. In that setting, this functions - * reserves the subobject [*prealloc_ptr, *prealloc_ptr + alloc_size) of - * alloc_size bytes by increasing *prealloc_ptr accordingly, taking into account - * alignment requirements. - * - * The function returns an aligned pointer to the newly allocated subobject. - * - * This is useful for manual memory management: if we're simply given a block - * [base, base + max_size), the caller can use this function to allocate memory - * in this block and keep track of the current allocation state with *prealloc_ptr. - * - * It is VERIFY_CHECKed that there is enough space left in the memory object and - * *prealloc_ptr is aligned relative to base. - */ -static SECP256K1_INLINE void *manual_alloc(void** prealloc_ptr, size_t alloc_size, void* base, size_t max_size) { - size_t aligned_alloc_size = ROUND_TO_ALIGN(alloc_size); - void* ret; - VERIFY_CHECK(prealloc_ptr != NULL); - VERIFY_CHECK(*prealloc_ptr != NULL); - VERIFY_CHECK(base != NULL); - VERIFY_CHECK((unsigned char*)*prealloc_ptr >= (unsigned char*)base); - VERIFY_CHECK(((unsigned char*)*prealloc_ptr - (unsigned char*)base) % ALIGNMENT == 0); - VERIFY_CHECK((unsigned char*)*prealloc_ptr - (unsigned char*)base + aligned_alloc_size <= max_size); - ret = *prealloc_ptr; - *((unsigned char**)prealloc_ptr) += aligned_alloc_size; - return ret; -} - -/* Macro for restrict, when available and not in a VERIFY build. */ -#if defined(SECP256K1_BUILD) && defined(VERIFY) -# define SECP256K1_RESTRICT -#else -# if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) ) -# if SECP256K1_GNUC_PREREQ(3,0) -# define SECP256K1_RESTRICT __restrict__ -# elif (defined(_MSC_VER) && _MSC_VER >= 1400) -# define SECP256K1_RESTRICT __restrict -# else -# define SECP256K1_RESTRICT -# endif -# else -# define SECP256K1_RESTRICT restrict -# endif -#endif - -#if defined(_WIN32) -# define I64FORMAT "I64d" -# define I64uFORMAT "I64u" -#else -# define I64FORMAT "lld" -# define I64uFORMAT "llu" -#endif - -#if defined(HAVE___INT128) -# if defined(__GNUC__) -# define SECP256K1_GNUC_EXT __extension__ -# else -# define SECP256K1_GNUC_EXT -# endif -SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t; -#endif - -#endif /* SECP256K1_UTIL_H */ From 6d822e04a1a05bf2013a7a2c15138bf715345c1b Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Thu, 5 Dec 2019 12:23:54 +0100 Subject: [PATCH 071/300] fix minor typos in inc_ecc_secp256k1.cl --- OpenCL/inc_ecc_secp256k1.cl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/OpenCL/inc_ecc_secp256k1.cl b/OpenCL/inc_ecc_secp256k1.cl index 92551d5e5..55a4469e5 100644 --- a/OpenCL/inc_ecc_secp256k1.cl +++ b/OpenCL/inc_ecc_secp256k1.cl @@ -74,7 +74,7 @@ * // Example with window size w = 2 (i.e. mod 4 => & 3): * // 173 => 1 0 -1 0 -1 0 -1 0 1 = 2^8 - 2^6 - 2^4 - 2^2 + 1 * int e = 0b10101101; // 173 - * int z[8 + 1] = { 0 }; // our zi/di, we need one extra slot to make the substract work + * int z[8 + 1] = { 0 }; // our zi/di, we need one extra slot to make the subtraction work * * int i = 0; * @@ -1356,7 +1356,7 @@ DECLSPEC void point_get_coords (secp256k1_t *r, const u32 x[8], const u32 y[8]) t1[7] = y[7]; // we use jacobian forms and the convertion with z = 1 is basically a NO-OP: - // X = X1 * z^2 = X1, Y = Y1 * z^3 = Y + // X = X1 * z^2 = X1, Y = Y1 * z^3 = Y1 // https://eprint.iacr.org/2011/338.pdf @@ -1501,7 +1501,7 @@ DECLSPEC void point_get_coords (secp256k1_t *r, const u32 x[8], const u32 y[8]) mul_mod (t2, t1, t1); // t2 = t1^2 mul_mod (t3, t1, t2); // t3 = t1^3 - // output to y1 + // output to y2 mul_mod (t3, t3, x1); @@ -1514,7 +1514,7 @@ DECLSPEC void point_get_coords (secp256k1_t *r, const u32 x[8], const u32 y[8]) r->xy[41] = t3[1]; r->xy[40] = t3[0]; - // output to x1 + // output to x2 mul_mod (t3, t2, t4); From f6ddb4ffbafeb9a243a515c25159800ba3fe399e Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Thu, 5 Dec 2019 14:37:00 +0100 Subject: [PATCH 072/300] get rid of compiler warning about incompatible types in secp256k1 kernel include --- OpenCL/inc_ecc_secp256k1.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/OpenCL/inc_ecc_secp256k1.h b/OpenCL/inc_ecc_secp256k1.h index 501235d4b..954dba69a 100644 --- a/OpenCL/inc_ecc_secp256k1.h +++ b/OpenCL/inc_ecc_secp256k1.h @@ -35,6 +35,7 @@ typedef struct secp256k1 } secp256k1_t; DECLSPEC u32 parse_public (secp256k1_t *r, const u32 k[9]); -DECLSPEC void point_mul (u32 *r, const u32 k[8], GLOBAL_AS const secp256k1_t *tmps); + +DECLSPEC void point_mul (u32 r[9], const u32 k[8], GLOBAL_AS const secp256k1_t *tmps); #endif // _INC_ECC_SECP256K1_H From cb2423606707c25427d4923969da2c56b01dbf2b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 5 Dec 2019 14:49:51 +0100 Subject: [PATCH 073/300] Inline assembly optimization for 256 bit ADD and SUB in inc_ecc_secp256k1.cl --- OpenCL/inc_ecc_secp256k1.cl | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/OpenCL/inc_ecc_secp256k1.cl b/OpenCL/inc_ecc_secp256k1.cl index 55a4469e5..33496bc60 100644 --- a/OpenCL/inc_ecc_secp256k1.cl +++ b/OpenCL/inc_ecc_secp256k1.cl @@ -108,6 +108,21 @@ DECLSPEC u32 sub (u32 r[8], const u32 a[8], const u32 b[8]) { u32 c = 0; // carry/borrow + #ifdef IS_NV + asm("sub.cc.u32 %0, %9, %17;" + "subc.cc.u32 %1, %10, %18;" + "subc.cc.u32 %2, %11, %19;" + "subc.cc.u32 %3, %12, %20;" + "subc.cc.u32 %4, %13, %21;" + "subc.cc.u32 %5, %14, %22;" + "subc.cc.u32 %6, %15, %23;" + "subc.cc.u32 %7, %16, %24;" + "subc.u32 %8, 0, 0;" + : "=r"(r[0]), "=r"(r[1]), "=r"(r[2]), "=r"(r[3]), "=r"(r[4]), "=r"(r[5]), "=r"(r[6]), "=r"(r[7]), + "=r"(c) + : "r"(a[0]), "r"(a[1]), "r"(a[2]), "r"(a[3]), "r"(a[4]), "r"(a[5]), "r"(a[6]), "r"(a[7]), + "r"(b[0]), "r"(b[1]), "r"(b[2]), "r"(b[3]), "r"(b[4]), "r"(b[5]), "r"(b[6]), "r"(b[7])); + #else for (u32 i = 0; i < 8; i++) { const u32 diff = a[i] - b[i] - c; @@ -115,15 +130,31 @@ DECLSPEC u32 sub (u32 r[8], const u32 a[8], const u32 b[8]) if (diff != a[i]) c = (diff > a[i]); r[i] = diff; - } + } + #endif - return c; + return c; } DECLSPEC u32 add (u32 r[8], const u32 a[8], const u32 b[8]) { u32 c = 0; // carry/borrow + #ifdef IS_NV + asm("add.cc.u32 %0, %9, %17;" + "addc.cc.u32 %1, %10, %18;" + "addc.cc.u32 %2, %11, %19;" + "addc.cc.u32 %3, %12, %20;" + "addc.cc.u32 %4, %13, %21;" + "addc.cc.u32 %5, %14, %22;" + "addc.cc.u32 %6, %15, %23;" + "addc.cc.u32 %7, %16, %24;" + "addc.u32 %8, 0, 0;" + : "=r"(r[0]), "=r"(r[1]), "=r"(r[2]), "=r"(r[3]), "=r"(r[4]), "=r"(r[5]), "=r"(r[6]), "=r"(r[7]), + "=r"(c) + : "r"(a[0]), "r"(a[1]), "r"(a[2]), "r"(a[3]), "r"(a[4]), "r"(a[5]), "r"(a[6]), "r"(a[7]), + "r"(b[0]), "r"(b[1]), "r"(b[2]), "r"(b[3]), "r"(b[4]), "r"(b[5]), "r"(b[6]), "r"(b[7])); + #else for (u32 i = 0; i < 8; i++) { const u32 t = a[i] + b[i] + c; @@ -132,6 +163,7 @@ DECLSPEC u32 add (u32 r[8], const u32 a[8], const u32 b[8]) r[i] = t; } + #endif return c; } From 53254b45aaec8c35923d65d9a44f4af274dd3d1e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 5 Dec 2019 15:43:01 +0100 Subject: [PATCH 074/300] Backport inc_ecc_secp256k1 inline assembly code for AMD ISA --- OpenCL/inc_ecc_secp256k1.cl | 96 ++++++++++++++++++++++++++----------- include/types.h | 8 ++++ src/backend.c | 16 ++++++- 3 files changed, 90 insertions(+), 30 deletions(-) diff --git a/OpenCL/inc_ecc_secp256k1.cl b/OpenCL/inc_ecc_secp256k1.cl index 33496bc60..9d0541739 100644 --- a/OpenCL/inc_ecc_secp256k1.cl +++ b/OpenCL/inc_ecc_secp256k1.cl @@ -108,20 +108,40 @@ DECLSPEC u32 sub (u32 r[8], const u32 a[8], const u32 b[8]) { u32 c = 0; // carry/borrow - #ifdef IS_NV - asm("sub.cc.u32 %0, %9, %17;" - "subc.cc.u32 %1, %10, %18;" - "subc.cc.u32 %2, %11, %19;" - "subc.cc.u32 %3, %12, %20;" - "subc.cc.u32 %4, %13, %21;" - "subc.cc.u32 %5, %14, %22;" - "subc.cc.u32 %6, %15, %23;" - "subc.cc.u32 %7, %16, %24;" - "subc.u32 %8, 0, 0;" - : "=r"(r[0]), "=r"(r[1]), "=r"(r[2]), "=r"(r[3]), "=r"(r[4]), "=r"(r[5]), "=r"(r[6]), "=r"(r[7]), - "=r"(c) - : "r"(a[0]), "r"(a[1]), "r"(a[2]), "r"(a[3]), "r"(a[4]), "r"(a[5]), "r"(a[6]), "r"(a[7]), - "r"(b[0]), "r"(b[1]), "r"(b[2]), "r"(b[3]), "r"(b[4]), "r"(b[5]), "r"(b[6]), "r"(b[7])); + #if defined IS_NV && HAS_SUB == 1 && HAS_SUBC == 1 + asm volatile + ( + "sub.cc.u32 %0, %9, %17;" + "subc.cc.u32 %1, %10, %18;" + "subc.cc.u32 %2, %11, %19;" + "subc.cc.u32 %3, %12, %20;" + "subc.cc.u32 %4, %13, %21;" + "subc.cc.u32 %5, %14, %22;" + "subc.cc.u32 %6, %15, %23;" + "subc.cc.u32 %7, %16, %24;" + "subc.u32 %8, 0, 0;" + : "=r"(r[0]), "=r"(r[1]), "=r"(r[2]), "=r"(r[3]), "=r"(r[4]), "=r"(r[5]), "=r"(r[6]), "=r"(r[7]), + "=r"(c) + : "r"(a[0]), "r"(a[1]), "r"(a[2]), "r"(a[3]), "r"(a[4]), "r"(a[5]), "r"(a[6]), "r"(a[7]), + "r"(b[0]), "r"(b[1]), "r"(b[2]), "r"(b[3]), "r"(b[4]), "r"(b[5]), "r"(b[6]), "r"(b[7]) + ); + #elif defined IS_AMD && HAS_VSUB == 1 && HAS_VSUBB == 1 + __asm__ __volatile__ + ( + "V_SUB_U32 %0, %9, %17;" + "V_SUBB_U32 %1, %10, %18;" + "V_SUBB_U32 %2, %11, %19;" + "V_SUBB_U32 %3, %12, %20;" + "V_SUBB_U32 %4, %13, %21;" + "V_SUBB_U32 %5, %14, %22;" + "V_SUBB_U32 %6, %15, %23;" + "V_SUBB_U32 %7, %16, %24;" + "V_SUBB_U32 %8, 0, 0;" + : "=v"(r[0]), "=v"(r[1]), "=v"(r[2]), "=v"(r[3]), "=v"(r[4]), "=v"(r[5]), "=v"(r[6]), "=v"(r[7]), + "=v"(c) + : "v"(a[0]), "v"(a[1]), "v"(a[2]), "v"(a[3]), "v"(a[4]), "v"(a[5]), "v"(a[6]), "v"(a[7]), + "v"(b[0]), "v"(b[1]), "v"(b[2]), "v"(b[3]), "v"(b[4]), "v"(b[5]), "v"(b[6]), "v"(b[7]) + ); #else for (u32 i = 0; i < 8; i++) { @@ -140,20 +160,40 @@ DECLSPEC u32 add (u32 r[8], const u32 a[8], const u32 b[8]) { u32 c = 0; // carry/borrow - #ifdef IS_NV - asm("add.cc.u32 %0, %9, %17;" - "addc.cc.u32 %1, %10, %18;" - "addc.cc.u32 %2, %11, %19;" - "addc.cc.u32 %3, %12, %20;" - "addc.cc.u32 %4, %13, %21;" - "addc.cc.u32 %5, %14, %22;" - "addc.cc.u32 %6, %15, %23;" - "addc.cc.u32 %7, %16, %24;" - "addc.u32 %8, 0, 0;" - : "=r"(r[0]), "=r"(r[1]), "=r"(r[2]), "=r"(r[3]), "=r"(r[4]), "=r"(r[5]), "=r"(r[6]), "=r"(r[7]), - "=r"(c) - : "r"(a[0]), "r"(a[1]), "r"(a[2]), "r"(a[3]), "r"(a[4]), "r"(a[5]), "r"(a[6]), "r"(a[7]), - "r"(b[0]), "r"(b[1]), "r"(b[2]), "r"(b[3]), "r"(b[4]), "r"(b[5]), "r"(b[6]), "r"(b[7])); + #if defined IS_NV && HAS_ADD == 1 && HAS_ADDC == 1 + asm volatile + ( + "add.cc.u32 %0, %9, %17;" + "addc.cc.u32 %1, %10, %18;" + "addc.cc.u32 %2, %11, %19;" + "addc.cc.u32 %3, %12, %20;" + "addc.cc.u32 %4, %13, %21;" + "addc.cc.u32 %5, %14, %22;" + "addc.cc.u32 %6, %15, %23;" + "addc.cc.u32 %7, %16, %24;" + "addc.u32 %8, 0, 0;" + : "=r"(r[0]), "=r"(r[1]), "=r"(r[2]), "=r"(r[3]), "=r"(r[4]), "=r"(r[5]), "=r"(r[6]), "=r"(r[7]), + "=r"(c) + : "r"(a[0]), "r"(a[1]), "r"(a[2]), "r"(a[3]), "r"(a[4]), "r"(a[5]), "r"(a[6]), "r"(a[7]), + "r"(b[0]), "r"(b[1]), "r"(b[2]), "r"(b[3]), "r"(b[4]), "r"(b[5]), "r"(b[6]), "r"(b[7]) + ); + #elif defined IS_AMD && HAS_VADD == 1 && HAS_VADDC == 1 + __asm__ __volatile__ + ( + "V_ADD_U32 %0, %9, %17;" + "V_ADDC_U32 %1, %10, %18;" + "V_ADDC_U32 %2, %11, %19;" + "V_ADDC_U32 %3, %12, %20;" + "V_ADDC_U32 %4, %13, %21;" + "V_ADDC_U32 %5, %14, %22;" + "V_ADDC_U32 %6, %15, %23;" + "V_ADDC_U32 %7, %16, %24;" + "V_ADDC_U32 %8, 0, 0;" + : "=v"(r[0]), "=v"(r[1]), "=v"(r[2]), "=v"(r[3]), "=v"(r[4]), "=v"(r[5]), "=v"(r[6]), "=v"(r[7]), + "=v"(c) + : "v"(a[0]), "v"(a[1]), "v"(a[2]), "v"(a[3]), "v"(a[4]), "v"(a[5]), "v"(a[6]), "v"(a[7]), + "v"(b[0]), "v"(b[1]), "v"(b[2]), "v"(b[3]), "v"(b[4]), "v"(b[5]), "v"(b[6]), "v"(b[7]) + ); #else for (u32 i = 0; i < 8; i++) { diff --git a/include/types.h b/include/types.h index 8b4901b64..0b38e27aa 100644 --- a/include/types.h +++ b/include/types.h @@ -1238,11 +1238,19 @@ typedef struct hc_device_param hc_timer_t timer_speed; // AMD + bool has_vadd; + bool has_vaddc; + bool has_vsub; + bool has_vsubb; bool has_vadd3; bool has_vbfe; bool has_vperm; // NV + bool has_add; + bool has_addc; + bool has_sub; + bool has_subc; bool has_bfe; bool has_lop3; bool has_mov64; diff --git a/src/backend.c b/src/backend.c index c205ae7d0..c70d47095 100644 --- a/src/backend.c +++ b/src/backend.c @@ -5432,6 +5432,10 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) // //if (rc_cuCtxSetCacheConfig == -1) return -1; + device_param->has_add = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"add.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); + device_param->has_addc = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"addc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); + device_param->has_sub = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"sub.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); + device_param->has_subc = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"subc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); device_param->has_bfe = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"bfe.u32 %0, 0, 0, 0;\" : \"=r\"(r)); }"); device_param->has_lop3 = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"lop3.b32 %0, 0, 0, 0, 0;\" : \"=r\"(r)); }"); device_param->has_mov64 = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned long long r; unsigned int a; unsigned int b; asm volatile (\"mov.b64 %0, {%1, %2};\" : \"=l\"(r) : \"r\"(a), \"r\"(b)); }"); @@ -6132,6 +6136,10 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) if ((device_param->opencl_device_type & CL_DEVICE_TYPE_GPU) && (device_param->opencl_platform_vendor_id == VENDOR_ID_AMD)) { + device_param->has_vadd = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADD_U32 %0, 0, 0;\" : \"=v\"(r)); }"); + device_param->has_vaddc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADDC_U32 %0, 0, 0;\" : \"=v\"(r)); }"); + device_param->has_vsub = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_SUB_U32 %0, 0, 0;\" : \"=v\"(r)); }"); + device_param->has_vsubb = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_SUBB_U32 %0, 0, 0;\" : \"=v\"(r)); }"); device_param->has_vadd3 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADD3_U32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); device_param->has_vbfe = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_BFE_U32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); device_param->has_vperm = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_PERM_B32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); @@ -6139,6 +6147,10 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) if ((device_param->opencl_device_type & CL_DEVICE_TYPE_GPU) && (device_param->opencl_platform_vendor_id == VENDOR_ID_NV)) { + device_param->has_add = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"add.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); + device_param->has_addc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"addc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); + device_param->has_sub = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"sub.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); + device_param->has_subc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"subc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); device_param->has_bfe = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"bfe.u32 %0, 0, 0, 0;\" : \"=r\"(r)); }"); device_param->has_lop3 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"lop3.b32 %0, 0, 0, 0, 0;\" : \"=r\"(r)); }"); device_param->has_mov64 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { ulong r; uint a; uint b; asm volatile (\"mov.b64 %0, {%1, %2};\" : \"=l\"(r) : \"r\"(a), \"r\"(b)); }"); @@ -7007,9 +7019,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) // we don't have sm_* on vendors not NV but it doesn't matter #if defined (DEBUG) - build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -D _unroll ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); + build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_ADD=%u -D HAS_ADDC=%u -D HAS_SUB=%u -D HAS_SUBC=%u -D HAS_VADD=%u -D HAS_VADDC=%u -D HAS_VSUB=%u -D HAS_VSUBB=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -D _unroll ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_add, device_param->has_addc, device_param->has_sub, device_param->has_subc, device_param->has_vadd, device_param->has_vaddc, device_param->has_vsub, device_param->has_vsubb, device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); #else - build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -D _unroll -w ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); + build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_ADD=%u -D HAS_ADDC=%u -D HAS_SUB=%u -D HAS_SUBC=%u -D HAS_VADD=%u -D HAS_VADDC=%u -D HAS_VSUB=%u -D HAS_VSUBB=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -D _unroll -w ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_add, device_param->has_addc, device_param->has_sub, device_param->has_subc, device_param->has_vadd, device_param->has_vaddc, device_param->has_vsub, device_param->has_vsubb, device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); #endif build_options_buf[build_options_len] = 0; From 75b4164498484877b6c45b08dc7ec3819454eecd Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 7 Dec 2019 11:29:39 +0100 Subject: [PATCH 075/300] Use a different code for mod_512() to help some NV GPU to not hang --- OpenCL/inc_ecc_secp256k1.cl | 228 +++++++++++++++++------------------- 1 file changed, 110 insertions(+), 118 deletions(-) diff --git a/OpenCL/inc_ecc_secp256k1.cl b/OpenCL/inc_ecc_secp256k1.cl index 9d0541739..3318298ff 100644 --- a/OpenCL/inc_ecc_secp256k1.cl +++ b/OpenCL/inc_ecc_secp256k1.cl @@ -369,59 +369,55 @@ DECLSPEC void mod_512 (u32 n[16]) while (a[0] >= b[0]) { - const u32 l1 = (a[ 0] < b[ 0]) << 0 - | (a[ 1] < b[ 1]) << 1 - | (a[ 2] < b[ 2]) << 2 - | (a[ 3] < b[ 3]) << 3 - | (a[ 4] < b[ 4]) << 4 - | (a[ 5] < b[ 5]) << 5 - | (a[ 6] < b[ 6]) << 6 - | (a[ 7] < b[ 7]) << 7 - | (a[ 8] < b[ 8]) << 8 - | (a[ 9] < b[ 9]) << 9 - | (a[10] < b[10]) << 10 - | (a[11] < b[11]) << 11 - | (a[12] < b[12]) << 12 - | (a[13] < b[13]) << 13 - | (a[14] < b[14]) << 14 - | (a[15] < b[15]) << 15; + u32 l00 = a[ 0] < b[ 0]; + u32 l01 = a[ 1] < b[ 1]; + u32 l02 = a[ 2] < b[ 2]; + u32 l03 = a[ 3] < b[ 3]; + u32 l04 = a[ 4] < b[ 4]; + u32 l05 = a[ 5] < b[ 5]; + u32 l06 = a[ 6] < b[ 6]; + u32 l07 = a[ 7] < b[ 7]; + u32 l08 = a[ 8] < b[ 8]; + u32 l09 = a[ 9] < b[ 9]; + u32 l10 = a[10] < b[10]; + u32 l11 = a[11] < b[11]; + u32 l12 = a[12] < b[12]; + u32 l13 = a[13] < b[13]; + u32 l14 = a[14] < b[14]; + u32 l15 = a[15] < b[15]; - const u32 e1 = (a[ 0] == b[ 0]) << 0 - | (a[ 1] == b[ 1]) << 1 - | (a[ 2] == b[ 2]) << 2 - | (a[ 3] == b[ 3]) << 3 - | (a[ 4] == b[ 4]) << 4 - | (a[ 5] == b[ 5]) << 5 - | (a[ 6] == b[ 6]) << 6 - | (a[ 7] == b[ 7]) << 7 - | (a[ 8] == b[ 8]) << 8 - | (a[ 9] == b[ 9]) << 9 - | (a[10] == b[10]) << 10 - | (a[11] == b[11]) << 11 - | (a[12] == b[12]) << 12 - | (a[13] == b[13]) << 13 - | (a[14] == b[14]) << 14 - | (a[15] == b[15]) << 15; + u32 e00 = a[ 0] == b[ 0]; + u32 e01 = a[ 1] == b[ 1]; + u32 e02 = a[ 2] == b[ 2]; + u32 e03 = a[ 3] == b[ 3]; + u32 e04 = a[ 4] == b[ 4]; + u32 e05 = a[ 5] == b[ 5]; + u32 e06 = a[ 6] == b[ 6]; + u32 e07 = a[ 7] == b[ 7]; + u32 e08 = a[ 8] == b[ 8]; + u32 e09 = a[ 9] == b[ 9]; + u32 e10 = a[10] == b[10]; + u32 e11 = a[11] == b[11]; + u32 e12 = a[12] == b[12]; + u32 e13 = a[13] == b[13]; + u32 e14 = a[14] == b[14]; - if (l1) - { - if (l1 & 0x0001) break; - if (l1 & 0x0002) if ((e1 & 0x0001) == 0x0001) break; - if (l1 & 0x0004) if ((e1 & 0x0003) == 0x0003) break; - if (l1 & 0x0008) if ((e1 & 0x0007) == 0x0007) break; - if (l1 & 0x0010) if ((e1 & 0x000f) == 0x000f) break; - if (l1 & 0x0020) if ((e1 & 0x001f) == 0x001f) break; - if (l1 & 0x0040) if ((e1 & 0x003f) == 0x003f) break; - if (l1 & 0x0080) if ((e1 & 0x007f) == 0x007f) break; - if (l1 & 0x0100) if ((e1 & 0x00ff) == 0x00ff) break; - if (l1 & 0x0200) if ((e1 & 0x01ff) == 0x01ff) break; - if (l1 & 0x0400) if ((e1 & 0x03ff) == 0x03ff) break; - if (l1 & 0x0800) if ((e1 & 0x07ff) == 0x07ff) break; - if (l1 & 0x1000) if ((e1 & 0x0fff) == 0x0fff) break; - if (l1 & 0x2000) if ((e1 & 0x1fff) == 0x1fff) break; - if (l1 & 0x4000) if ((e1 & 0x3fff) == 0x3fff) break; - if (l1 & 0x8000) if ((e1 & 0x7fff) == 0x7fff) break; - } + if (l00) break; + if (l01 && e00) break; + if (l02 && e00 && e01) break; + if (l03 && e00 && e01 && e02) break; + if (l04 && e00 && e01 && e02 && e03) break; + if (l05 && e00 && e01 && e02 && e03 && e04) break; + if (l06 && e00 && e01 && e02 && e03 && e04 && e05) break; + if (l07 && e00 && e01 && e02 && e03 && e04 && e05 && e06) break; + if (l08 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07) break; + if (l09 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08) break; + if (l10 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09) break; + if (l11 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09 && e10) break; + if (l12 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09 && e10 && e11) break; + if (l13 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09 && e10 && e11 && e12) break; + if (l14 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09 && e10 && e11 && e12 && e13) break; + if (l15 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09 && e10 && e11 && e12 && e13 && e14) break; // r = x (copy it to have the original values for the subtraction) @@ -444,80 +440,76 @@ DECLSPEC void mod_512 (u32 n[16]) r[14] = x[14]; r[15] = x[15]; - // x >>= 1 + // x <<= 1 - x[15] = x[15] >> 1 | (x[14] & 1) << 31; - x[14] = x[14] >> 1 | (x[13] & 1) << 31; - x[13] = x[13] >> 1 | (x[12] & 1) << 31; - x[12] = x[12] >> 1 | (x[11] & 1) << 31; - x[11] = x[11] >> 1 | (x[10] & 1) << 31; - x[10] = x[10] >> 1 | (x[ 9] & 1) << 31; - x[ 9] = x[ 9] >> 1 | (x[ 8] & 1) << 31; - x[ 8] = x[ 8] >> 1 | (x[ 7] & 1) << 31; - x[ 7] = x[ 7] >> 1 | (x[ 6] & 1) << 31; - x[ 6] = x[ 6] >> 1 | (x[ 5] & 1) << 31; - x[ 5] = x[ 5] >> 1 | (x[ 4] & 1) << 31; - x[ 4] = x[ 4] >> 1 | (x[ 3] & 1) << 31; - x[ 3] = x[ 3] >> 1 | (x[ 2] & 1) << 31; - x[ 2] = x[ 2] >> 1 | (x[ 1] & 1) << 31; - x[ 1] = x[ 1] >> 1 | (x[ 0] & 1) << 31; + x[15] = x[15] >> 1 | x[14] << 31; + x[14] = x[14] >> 1 | x[13] << 31; + x[13] = x[13] >> 1 | x[12] << 31; + x[12] = x[12] >> 1 | x[11] << 31; + x[11] = x[11] >> 1 | x[10] << 31; + x[10] = x[10] >> 1 | x[ 9] << 31; + x[ 9] = x[ 9] >> 1 | x[ 8] << 31; + x[ 8] = x[ 8] >> 1 | x[ 7] << 31; + x[ 7] = x[ 7] >> 1 | x[ 6] << 31; + x[ 6] = x[ 6] >> 1 | x[ 5] << 31; + x[ 5] = x[ 5] >> 1 | x[ 4] << 31; + x[ 4] = x[ 4] >> 1 | x[ 3] << 31; + x[ 3] = x[ 3] >> 1 | x[ 2] << 31; + x[ 2] = x[ 2] >> 1 | x[ 1] << 31; + x[ 1] = x[ 1] >> 1 | x[ 0] << 31; x[ 0] = x[ 0] >> 1; // if (a >= r) a -= r; - const u32 l2 = (a[ 0] < r[ 0]) << 0 - | (a[ 1] < r[ 1]) << 1 - | (a[ 2] < r[ 2]) << 2 - | (a[ 3] < r[ 3]) << 3 - | (a[ 4] < r[ 4]) << 4 - | (a[ 5] < r[ 5]) << 5 - | (a[ 6] < r[ 6]) << 6 - | (a[ 7] < r[ 7]) << 7 - | (a[ 8] < r[ 8]) << 8 - | (a[ 9] < r[ 9]) << 9 - | (a[10] < r[10]) << 10 - | (a[11] < r[11]) << 11 - | (a[12] < r[12]) << 12 - | (a[13] < r[13]) << 13 - | (a[14] < r[14]) << 14 - | (a[15] < r[15]) << 15; + l00 = a[ 0] < r[ 0]; + l01 = a[ 1] < r[ 1]; + l02 = a[ 2] < r[ 2]; + l03 = a[ 3] < r[ 3]; + l04 = a[ 4] < r[ 4]; + l05 = a[ 5] < r[ 5]; + l06 = a[ 6] < r[ 6]; + l07 = a[ 7] < r[ 7]; + l08 = a[ 8] < r[ 8]; + l09 = a[ 9] < r[ 9]; + l10 = a[10] < r[10]; + l11 = a[11] < r[11]; + l12 = a[12] < r[12]; + l13 = a[13] < r[13]; + l14 = a[14] < r[14]; + l15 = a[15] < r[15]; - const u32 e2 = (a[ 0] == r[ 0]) << 0 - | (a[ 1] == r[ 1]) << 1 - | (a[ 2] == r[ 2]) << 2 - | (a[ 3] == r[ 3]) << 3 - | (a[ 4] == r[ 4]) << 4 - | (a[ 5] == r[ 5]) << 5 - | (a[ 6] == r[ 6]) << 6 - | (a[ 7] == r[ 7]) << 7 - | (a[ 8] == r[ 8]) << 8 - | (a[ 9] == r[ 9]) << 9 - | (a[10] == r[10]) << 10 - | (a[11] == r[11]) << 11 - | (a[12] == r[12]) << 12 - | (a[13] == r[13]) << 13 - | (a[14] == r[14]) << 14 - | (a[15] == r[15]) << 15; + e00 = a[ 0] == r[ 0]; + e01 = a[ 1] == r[ 1]; + e02 = a[ 2] == r[ 2]; + e03 = a[ 3] == r[ 3]; + e04 = a[ 4] == r[ 4]; + e05 = a[ 5] == r[ 5]; + e06 = a[ 6] == r[ 6]; + e07 = a[ 7] == r[ 7]; + e08 = a[ 8] == r[ 8]; + e09 = a[ 9] == r[ 9]; + e10 = a[10] == r[10]; + e11 = a[11] == r[11]; + e12 = a[12] == r[12]; + e13 = a[13] == r[13]; + e14 = a[14] == r[14]; - if (l2) - { - if (l2 & 0x0001) continue; - if (l2 & 0x0002) if ((e2 & 0x0001) == 0x0001) continue; - if (l2 & 0x0004) if ((e2 & 0x0003) == 0x0003) continue; - if (l2 & 0x0008) if ((e2 & 0x0007) == 0x0007) continue; - if (l2 & 0x0010) if ((e2 & 0x000f) == 0x000f) continue; - if (l2 & 0x0020) if ((e2 & 0x001f) == 0x001f) continue; - if (l2 & 0x0040) if ((e2 & 0x003f) == 0x003f) continue; - if (l2 & 0x0080) if ((e2 & 0x007f) == 0x007f) continue; - if (l2 & 0x0100) if ((e2 & 0x00ff) == 0x00ff) continue; - if (l2 & 0x0200) if ((e2 & 0x01ff) == 0x01ff) continue; - if (l2 & 0x0400) if ((e2 & 0x03ff) == 0x03ff) continue; - if (l2 & 0x0800) if ((e2 & 0x07ff) == 0x07ff) continue; - if (l2 & 0x1000) if ((e2 & 0x0fff) == 0x0fff) continue; - if (l2 & 0x2000) if ((e2 & 0x1fff) == 0x1fff) continue; - if (l2 & 0x4000) if ((e2 & 0x3fff) == 0x3fff) continue; - if (l2 & 0x8000) if ((e2 & 0x7fff) == 0x7fff) continue; - } + if (l00) continue; + if (l01 && e00) continue; + if (l02 && e00 && e01) continue; + if (l03 && e00 && e01 && e02) continue; + if (l04 && e00 && e01 && e02 && e03) continue; + if (l05 && e00 && e01 && e02 && e03 && e04) continue; + if (l06 && e00 && e01 && e02 && e03 && e04 && e05) continue; + if (l07 && e00 && e01 && e02 && e03 && e04 && e05 && e06) continue; + if (l08 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07) continue; + if (l09 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08) continue; + if (l10 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09) continue; + if (l11 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09 && e10) continue; + if (l12 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09 && e10 && e11) continue; + if (l13 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09 && e10 && e11 && e12) continue; + if (l14 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09 && e10 && e11 && e12 && e13) continue; + if (l15 && e00 && e01 && e02 && e03 && e04 && e05 && e06 && e07 && e08 && e09 && e10 && e11 && e12 && e13 && e14) continue; // substract (a -= r): From 8932c71ac2b963176a076d6220efee8b2b60880c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 7 Dec 2019 12:09:58 +0100 Subject: [PATCH 076/300] Mark -m 17200, 17220, 17225 and 21800 as unstable on ROCM --- src/modules/module_17200.c | 13 ++++++++++++- src/modules/module_17220.c | 13 ++++++++++++- src/modules/module_17225.c | 13 ++++++++++++- src/modules/module_21800.c | 13 ++++++++++++- 4 files changed, 48 insertions(+), 4 deletions(-) diff --git a/src/modules/module_17200.c b/src/modules/module_17200.c index a94a30ec7..015c30865 100644 --- a/src/modules/module_17200.c +++ b/src/modules/module_17200.c @@ -163,6 +163,17 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // hangs somewhere in zlib inflate + if (device_param->opencl_platform_vendor_id == VENDOR_ID_AMD) + { + return true; + } + + return false; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (pkzip_t); @@ -419,6 +430,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_17220.c b/src/modules/module_17220.c index 403640d94..8b17b39d9 100644 --- a/src/modules/module_17220.c +++ b/src/modules/module_17220.c @@ -163,6 +163,17 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // hangs somewhere in zlib inflate + if (device_param->opencl_platform_vendor_id == VENDOR_ID_AMD) + { + return true; + } + + return false; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (pkzip_t); @@ -422,6 +433,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_17225.c b/src/modules/module_17225.c index 66907159f..4fecbf47a 100644 --- a/src/modules/module_17225.c +++ b/src/modules/module_17225.c @@ -163,6 +163,17 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // hangs somewhere in zlib inflate + if (device_param->opencl_platform_vendor_id == VENDOR_ID_AMD) + { + return true; + } + + return false; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (pkzip_t); @@ -422,6 +433,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_21800.c b/src/modules/module_21800.c index 12ffbd834..3b0eb3ba1 100644 --- a/src/modules/module_21800.c +++ b/src/modules/module_21800.c @@ -94,6 +94,17 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return jit_build_options; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // hangs somewhere in zlib inflate + if (device_param->opencl_platform_vendor_id == VENDOR_ID_AMD) + { + return true; + } + + return false; +} + int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -315,6 +326,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } From d0a59db595e8546b1a5c053ea3de90b7baf38bf0 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Wed, 11 Dec 2019 15:44:32 +0100 Subject: [PATCH 077/300] allow 04 and 05 in zlib header check --- OpenCL/m21800-pure.cl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/OpenCL/m21800-pure.cl b/OpenCL/m21800-pure.cl index ccdf822aa..dd9bcf0ba 100644 --- a/OpenCL/m21800-pure.cl +++ b/OpenCL/m21800-pure.cl @@ -513,7 +513,9 @@ KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t)) // early reject - if ((buf[0] & 0x0007ffff) != 0x00059c78) return; + u32 zlib_header = buf[0] & 0x0007ffff; + + if ((zlib_header != 0x00049c78) && (zlib_header != 0x00059c78)) return; buf[1] ^= iv[1]; buf[2] ^= iv[2]; From 415842524d13100ab35056df5e0df67db4aba177 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Wed, 11 Dec 2019 15:45:47 +0100 Subject: [PATCH 078/300] tests: allow tests with 05 AND 04 in zlib header for electrum 5 --- tools/test_modules/m21800.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/test_modules/m21800.pm b/tools/test_modules/m21800.pm index e72770003..705f066dd 100644 --- a/tools/test_modules/m21800.pm +++ b/tools/test_modules/m21800.pm @@ -168,7 +168,7 @@ sub module_generate_hash my $zlib_rate = ord (substr ($compressed_data, 2, 1)) & 0x07; - if ($zlib_rate != 0x05) + if (($zlib_rate != 0x04) && ($zlib_rate != 0x05)) { next; } From 2672afb61222aa690a981f153a11ef25882b5df7 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Thu, 12 Dec 2019 03:50:35 +0100 Subject: [PATCH 079/300] electrum5: simplify zlib rejection check --- OpenCL/m21800-pure.cl | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/OpenCL/m21800-pure.cl b/OpenCL/m21800-pure.cl index dd9bcf0ba..4706594bd 100644 --- a/OpenCL/m21800-pure.cl +++ b/OpenCL/m21800-pure.cl @@ -513,9 +513,7 @@ KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t)) // early reject - u32 zlib_header = buf[0] & 0x0007ffff; - - if ((zlib_header != 0x00049c78) && (zlib_header != 0x00059c78)) return; + if (buf[0] & 0x0006ffff != 0x00049c78) return; // allow 0b100 or 0b101 at the end of 3rd byte buf[1] ^= iv[1]; buf[2] ^= iv[2]; From b4c29562f4eaa9a3b0511f6bf503d66f41bd5671 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Thu, 12 Dec 2019 03:54:49 +0100 Subject: [PATCH 080/300] electrum 5: use parenthesis (avoid Intel compiler warning) --- OpenCL/m21800-pure.cl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenCL/m21800-pure.cl b/OpenCL/m21800-pure.cl index 4706594bd..fc447c94a 100644 --- a/OpenCL/m21800-pure.cl +++ b/OpenCL/m21800-pure.cl @@ -513,7 +513,7 @@ KERNEL_FQ void m21800_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t)) // early reject - if (buf[0] & 0x0006ffff != 0x00049c78) return; // allow 0b100 or 0b101 at the end of 3rd byte + if ((buf[0] & 0x0006ffff) != 0x00049c78) return; // allow 0b100 or 0b101 at the end of 3rd byte buf[1] ^= iv[1]; buf[2] ^= iv[2]; From 547d8ff7eb2437ee94b803cc719cebd1db133817 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Fri, 13 Dec 2019 10:37:16 +0100 Subject: [PATCH 081/300] Blockchain hashes: replace pattern matching with ASCII charset verification --- OpenCL/m12700-pure.cl | 121 ++++++++---------------------------------- 1 file changed, 22 insertions(+), 99 deletions(-) diff --git a/OpenCL/m12700-pure.cl b/OpenCL/m12700-pure.cl index b8a74179d..5f9d3e2f7 100644 --- a/OpenCL/m12700-pure.cl +++ b/OpenCL/m12700-pure.cl @@ -329,110 +329,33 @@ KERNEL_FQ void m12700_comp (KERN_ATTR_TMPS (mywallet_tmp_t)) AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); - out[0] ^= salt_bufs[salt_pos].salt_buf[0]; - out[1] ^= salt_bufs[salt_pos].salt_buf[1]; - out[2] ^= salt_bufs[salt_pos].salt_buf[2]; - out[3] ^= salt_bufs[salt_pos].salt_buf[3]; + // decrypted data should be a JSON string consisting only of ASCII chars (0x09-0x7e) - out[0] = hc_swap32_S (out[0]); - out[1] = hc_swap32_S (out[1]); - out[2] = hc_swap32_S (out[2]); - out[3] = hc_swap32_S (out[3]); - - if ((out[0] & 0xff) != '{') return; - - char *pt = (char *) out; - - for (int i = 1; i < 16 - 6; i++) + for (u32 i = 0; i < 4; i++) { - // "guid" - if ((pt[i + 0] == '"') && (pt[i + 1] == 'g') && (pt[i + 2] == 'u') && (pt[i + 3] == 'i') && (pt[i + 4] == 'd') && (pt[i + 5] == '"')) - { - const u32 r0 = data[0]; - const u32 r1 = data[1]; - const u32 r2 = data[2]; - const u32 r3 = data[3]; + out[i] ^= salt_bufs[salt_pos].salt_buf[i]; - #define il_pos 0 + if ((out[i] & 0xff000000) < 0x09000000) return; + if ((out[i] & 0xff000000) > 0x7e000000) return; - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif - } + if ((out[i] & 0x00ff0000) < 0x00090000) return; + if ((out[i] & 0x00ff0000) > 0x007e0000) return; - // "tx_no - if ((pt[i + 0] == '"') && (pt[i + 1] == 't') && (pt[i + 2] == 'x') && (pt[i + 3] == '_') && (pt[i + 4] == 'n') && (pt[i + 5] == 'o')) - { - const u32 r0 = data[0]; - const u32 r1 = data[1]; - const u32 r2 = data[2]; - const u32 r3 = data[3]; + if ((out[i] & 0x0000ff00) < 0x00000900) return; + if ((out[i] & 0x0000ff00) > 0x00007e00) return; - #define il_pos 0 - - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif - } - - // "share - if ((pt[i + 0] == '"') && (pt[i + 1] == 's') && (pt[i + 2] == 'h') && (pt[i + 3] == 'a') && (pt[i + 4] == 'r') && (pt[i + 5] == 'e')) - { - const u32 r0 = data[0]; - const u32 r1 = data[1]; - const u32 r2 = data[2]; - const u32 r3 = data[3]; - - #define il_pos 0 - - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif - } - - // "doubl - if ((pt[i + 0] == '"') && (pt[i + 1] == 'd') && (pt[i + 2] == 'o') && (pt[i + 3] == 'u') && (pt[i + 4] == 'b') && (pt[i + 5] == 'l')) - { - const u32 r0 = data[0]; - const u32 r1 = data[1]; - const u32 r2 = data[2]; - const u32 r3 = data[3]; - - #define il_pos 0 - - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif - } - - // "addre - if ((pt[i + 0] == '"') && (pt[i + 1] == 'a') && (pt[i + 2] == 'd') && (pt[i + 3] == 'd') && (pt[i + 4] == 'r') && (pt[i + 5] == 'e')) - { - const u32 r0 = data[0]; - const u32 r1 = data[1]; - const u32 r2 = data[2]; - const u32 r3 = data[3]; - - #define il_pos 0 - - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif - } - - // "keys" - if ((pt[i + 0] == '"') && (pt[i + 1] == 'k') && (pt[i + 2] == 'e') && (pt[i + 3] == 'y') && (pt[i + 4] == 's') && (pt[i + 5] == '"')) - { - const u32 r0 = data[0]; - const u32 r1 = data[1]; - const u32 r2 = data[2]; - const u32 r3 = data[3]; - - #define il_pos 0 - - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif - } + if ((out[i] & 0x000000ff) < 0x00000009) return; + if ((out[i] & 0x000000ff) > 0x0000007e) return; } + + const u32 r0 = data[0]; + const u32 r1 = data[1]; + const u32 r2 = data[2]; + const u32 r3 = data[3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif } From 095fbb11d72e4d9dbfc3c2f99bc1795ea5d7a020 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Fri, 13 Dec 2019 10:42:54 +0100 Subject: [PATCH 082/300] changes.txt: mention the better ASCII verification for blockchain hashes --- docs/changes.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changes.txt b/docs/changes.txt index 7e578881f..21b46601d 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -62,6 +62,7 @@ - Fixed buffer overflow in build_plain() function - Fixed copy/paste error leading to invalid "Integer overflow detected in keyspace of mask" in attack-mode 6 and 7 +- Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes with unexpected decrypted data - Fixed cracking of Cisco-PIX and Cisco-ASA MD5 passwords in mask-attack mode if mask > length 16 - Fixed cracking of Electrum Wallet Salt-Type 2 hashes - Fixed cracking of NetNTLMv1 passwords in mask-attack mode if mask > length 16 (optimized kernels only) From 40a5835927f8bc8e39fffd4ed4fa7a9d8e38b69c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 13 Dec 2019 13:19:58 +0100 Subject: [PATCH 083/300] In -m 12700 and -m 15200 decrypt 48 byte of data instead of just 16 byte --- OpenCL/m12700-pure.cl | 68 +++++++++++++++++++++++++------------- src/modules/module_12700.c | 29 +++++----------- src/modules/module_15200.c | 29 +++++----------- 3 files changed, 61 insertions(+), 65 deletions(-) diff --git a/OpenCL/m12700-pure.cl b/OpenCL/m12700-pure.cl index 5f9d3e2f7..5fac76466 100644 --- a/OpenCL/m12700-pure.cl +++ b/OpenCL/m12700-pure.cl @@ -28,6 +28,20 @@ typedef struct mywallet_tmp } mywallet_tmp_t; +DECLSPEC int is_valid_char (const u32 v) +{ + if ((v & 0xff000000) < 0x09000000) return 0; + if ((v & 0xff000000) > 0x7e000000) return 0; + if ((v & 0x00ff0000) < 0x00090000) return 0; + if ((v & 0x00ff0000) > 0x007e0000) return 0; + if ((v & 0x0000ff00) < 0x00000900) return 0; + if ((v & 0x0000ff00) > 0x00007e00) return 0; + if ((v & 0x000000ff) < 0x00000009) return 0; + if ((v & 0x000000ff) > 0x0000007e) return 0; + + return 1; +} + DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest) { digest[0] = ipad[0]; @@ -318,40 +332,48 @@ KERNEL_FQ void m12700_comp (KERN_ATTR_TMPS (mywallet_tmp_t)) AES256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 data[4]; + u32 iv[4]; - data[0] = salt_bufs[salt_pos].salt_buf[4]; - data[1] = salt_bufs[salt_pos].salt_buf[5]; - data[2] = salt_bufs[salt_pos].salt_buf[6]; - data[3] = salt_bufs[salt_pos].salt_buf[7]; - - u32 out[4]; - - AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); + iv[0] = salt_bufs[salt_pos].salt_buf[0]; + iv[1] = salt_bufs[salt_pos].salt_buf[1]; + iv[2] = salt_bufs[salt_pos].salt_buf[2]; + iv[3] = salt_bufs[salt_pos].salt_buf[3]; // decrypted data should be a JSON string consisting only of ASCII chars (0x09-0x7e) - for (u32 i = 0; i < 4; i++) + for (u32 i = 4; i < 12; i += 4) { - out[i] ^= salt_bufs[salt_pos].salt_buf[i]; + u32 data[4]; - if ((out[i] & 0xff000000) < 0x09000000) return; - if ((out[i] & 0xff000000) > 0x7e000000) return; + data[0] = salt_bufs[salt_pos].salt_buf[i + 0]; + data[1] = salt_bufs[salt_pos].salt_buf[i + 1]; + data[2] = salt_bufs[salt_pos].salt_buf[i + 2]; + data[3] = salt_bufs[salt_pos].salt_buf[i + 3]; - if ((out[i] & 0x00ff0000) < 0x00090000) return; - if ((out[i] & 0x00ff0000) > 0x007e0000) return; + u32 out[4]; - if ((out[i] & 0x0000ff00) < 0x00000900) return; - if ((out[i] & 0x0000ff00) > 0x00007e00) return; + AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); - if ((out[i] & 0x000000ff) < 0x00000009) return; - if ((out[i] & 0x000000ff) > 0x0000007e) return; + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_char (out[0]) == 0) return; + if (is_valid_char (out[1]) == 0) return; + if (is_valid_char (out[2]) == 0) return; + if (is_valid_char (out[3]) == 0) return; + + iv[0] = data[0]; + iv[1] = data[1]; + iv[2] = data[2]; + iv[3] = data[3]; } - const u32 r0 = data[0]; - const u32 r1 = data[1]; - const u32 r2 = data[2]; - const u32 r3 = data[3]; + const u32 r0 = salt_bufs[salt_pos].salt_buf[4]; + const u32 r1 = salt_bufs[salt_pos].salt_buf[5]; + const u32 r2 = salt_bufs[salt_pos].salt_buf[6]; + const u32 r3 = salt_bufs[salt_pos].salt_buf[7]; #define il_pos 0 diff --git a/src/modules/module_12700.c b/src/modules/module_12700.c index d6fa81dc0..a88e1d03b 100644 --- a/src/modules/module_12700.c +++ b/src/modules/module_12700.c @@ -93,7 +93,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_DIGIT; - token.len_min[2] = 64; + token.len_min[2] = 144; token.len_max[2] = 65536; token.sep[2] = '$'; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH @@ -109,29 +109,16 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *salt_pos = token.buf[2]; - salt->salt_buf[0] = hex_to_u32 (salt_pos + 0); - salt->salt_buf[1] = hex_to_u32 (salt_pos + 8); - salt->salt_buf[2] = hex_to_u32 (salt_pos + 16); - salt->salt_buf[3] = hex_to_u32 (salt_pos + 24); + // first 16 byte are IV - salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); - salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); - salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); - salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); + for (int i = 0, j = 0; i < 16; i += 1, j += 8) + { + salt->salt_buf[i] = hex_to_u32 (salt_pos + j); - // this is actually the CT, which is also the hash later (if matched) + salt->salt_buf[i] = byte_swap_32 (salt->salt_buf[i]); + } - salt->salt_buf[4] = hex_to_u32 (salt_pos + 32); - salt->salt_buf[5] = hex_to_u32 (salt_pos + 40); - salt->salt_buf[6] = hex_to_u32 (salt_pos + 48); - salt->salt_buf[7] = hex_to_u32 (salt_pos + 56); - - salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]); - salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]); - salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]); - salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]); - - salt->salt_len = 32; // note we need to fix this to 16 in kernel + salt->salt_len = 64; salt->salt_iter = ROUNDS_MYWALLET - 1; diff --git a/src/modules/module_15200.c b/src/modules/module_15200.c index a5b5e81e5..440a270a7 100644 --- a/src/modules/module_15200.c +++ b/src/modules/module_15200.c @@ -98,7 +98,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE | TOKEN_ATTR_VERIFY_DIGIT; token.sep[3] = '$'; - token.len_min[3] = 64; + token.len_min[3] = 144; token.len_max[3] = 999999; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; @@ -119,29 +119,16 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *data_pos = token.buf[3]; - salt->salt_buf[0] = hex_to_u32 ((const u8 *) &data_pos[ 0]); - salt->salt_buf[1] = hex_to_u32 ((const u8 *) &data_pos[ 8]); - salt->salt_buf[2] = hex_to_u32 ((const u8 *) &data_pos[16]); - salt->salt_buf[3] = hex_to_u32 ((const u8 *) &data_pos[24]); + // first 16 byte are IV - salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); - salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); - salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); - salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); + for (int i = 0, j = 0; i < 16; i += 1, j += 8) + { + salt->salt_buf[i] = hex_to_u32 (data_pos + j); - // this is actually the CT, which is also the hash later (if matched) + salt->salt_buf[i] = byte_swap_32 (salt->salt_buf[i]); + } - salt->salt_buf[4] = hex_to_u32 ((const u8 *) &data_pos[32]); - salt->salt_buf[5] = hex_to_u32 ((const u8 *) &data_pos[40]); - salt->salt_buf[6] = hex_to_u32 ((const u8 *) &data_pos[48]); - salt->salt_buf[7] = hex_to_u32 ((const u8 *) &data_pos[56]); - - salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]); - salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]); - salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]); - salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]); - - salt->salt_len = 32; // note we need to fix this to 16 in kernel + salt->salt_len = 64; // hash From e83c71a18ff1664c41f23d79669c017d909ec4ad Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 14 Dec 2019 18:44:13 +0100 Subject: [PATCH 084/300] Add missing AUX4 in selftest.c --- src/selftest.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/selftest.c b/src/selftest.c index 84eb88542..8ccde026a 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -554,6 +554,10 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param { if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX3, 1, false, 0) == -1) return -1; } + else if (hashconfig->opts_type & OPTS_TYPE_AUX4) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX4, 1, false, 0) == -1) return -1; + } else { if (run_kernel (hashcat_ctx, device_param, KERN_RUN_3, 1, false, 0) == -1) return -1; From f9e5dcc133ef42003ac050c74d32c80ef552760a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 15 Dec 2019 11:10:04 +0100 Subject: [PATCH 085/300] Use deep comparison kernel from module function in selftest.c --- src/selftest.c | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) diff --git a/src/selftest.c b/src/selftest.c index 8ccde026a..2bff174bc 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -542,26 +542,9 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param device_param->kernel_params_buf32[28] = 0; device_param->kernel_params_buf32[29] = 1; - if (hashconfig->opts_type & OPTS_TYPE_AUX1) - { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX1, 1, false, 0) == -1) return -1; - } - else if (hashconfig->opts_type & OPTS_TYPE_AUX2) - { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX2, 1, false, 0) == -1) return -1; - } - else if (hashconfig->opts_type & OPTS_TYPE_AUX3) - { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX3, 1, false, 0) == -1) return -1; - } - else if (hashconfig->opts_type & OPTS_TYPE_AUX4) - { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX4, 1, false, 0) == -1) return -1; - } - else - { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_3, 1, false, 0) == -1) return -1; - } + const u32 deep_comp_kernel = module_ctx->module_deep_comp_kernel (hashes, 0, 0); + + if (run_kernel (hashcat_ctx, device_param, deep_comp_kernel, 1, false, 0) == -1) return -1; } else { From 2a0435440129a8537223ca13b46b84f3f763137a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 15 Dec 2019 21:09:04 +0100 Subject: [PATCH 086/300] New mode 22000 WPA-PBKDF2-PMKID+EAPOL to replace -m 2500 and -m 16800. NOTE: missing support for message_pair and nonce_error_corrections handling --- OpenCL/m22000-pure.cl | 1035 ++++++++++++++++++++++++++++++++++ src/modules/module_22000.c | 952 +++++++++++++++++++++++++++++++ src/selftest.c | 29 +- tools/test.sh | 126 ++++- tools/test_modules/m22000.pm | 557 ++++++++++++++++++ 5 files changed, 2696 insertions(+), 3 deletions(-) create mode 100644 OpenCL/m22000-pure.cl create mode 100644 src/modules/module_22000.c create mode 100644 tools/test_modules/m22000.pm diff --git a/OpenCL/m22000-pure.cl b/OpenCL/m22000-pure.cl new file mode 100644 index 000000000..98bc1d6ee --- /dev/null +++ b/OpenCL/m22000-pure.cl @@ -0,0 +1,1035 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_md5.cl" +#include "inc_hash_sha1.cl" +#include "inc_hash_sha256.cl" +#include "inc_cipher_aes.cl" +#else +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.h" +#include "inc_common.h" +#include "inc_simd.h" +#include "inc_hash_md5.h" +#include "inc_hash_sha1.h" +#include "inc_hash_sha256.h" +#include "inc_cipher_aes.h" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +typedef struct wpa_pbkdf2_tmp +{ + u32 ipad[5]; + u32 opad[5]; + + u32 dgst[10]; + u32 out[10]; + +} wpa_pbkdf2_tmp_t; + +typedef struct wpa +{ + u8 orig_mac_ap[6]; + u8 orig_mac_sta[6]; + u8 essid_len; + u32 essid_buf[16]; + + u8 type; // 1 = PMKID, 2 = EAPOL + u8 extra; + + // PMKID specific + + u32 pmkid[4]; + u32 pmkid_data[16]; + + // EAPOL specific + + u32 keymic[4]; + u32 anonce[8]; + + u8 keyver; + + u32 eapol[64 + 16]; + u16 eapol_len; + + u32 pke[32]; + + u8 message_pair; + int message_pair_chgd; + int nonce_compare; + int nonce_error_corrections; + int detected_le; + int detected_be; + +} wpa_t; + +DECLSPEC void make_kn (u32 *k) +{ + u32 kl[4]; + u32 kr[4]; + + kl[0] = (k[0] << 1) & 0xfefefefe; + kl[1] = (k[1] << 1) & 0xfefefefe; + kl[2] = (k[2] << 1) & 0xfefefefe; + kl[3] = (k[3] << 1) & 0xfefefefe; + + kr[0] = (k[0] >> 7) & 0x01010101; + kr[1] = (k[1] >> 7) & 0x01010101; + kr[2] = (k[2] >> 7) & 0x01010101; + kr[3] = (k[3] >> 7) & 0x01010101; + + const u32 c = kr[0] & 1; + + kr[0] = kr[0] >> 8 | kr[1] << 24; + kr[1] = kr[1] >> 8 | kr[2] << 24; + kr[2] = kr[2] >> 8 | kr[3] << 24; + kr[3] = kr[3] >> 8; + + k[0] = kl[0] | kr[0]; + k[1] = kl[1] | kr[1]; + k[2] = kl[2] | kr[2]; + k[3] = kl[3] | kr[3]; + + k[3] ^= c * 0x87000000; +} + +DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + + sha1_transform_vector (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = 0x80000000; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 20) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + + sha1_transform_vector (w0, w1, w2, w3, digest); +} + +KERNEL_FQ void m22000_init (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + sha1_hmac_ctx_t sha1_hmac_ctx; + + sha1_hmac_init_global_swap (&sha1_hmac_ctx, pws[gid].i, pws[gid].pw_len); + + tmps[gid].ipad[0] = sha1_hmac_ctx.ipad.h[0]; + tmps[gid].ipad[1] = sha1_hmac_ctx.ipad.h[1]; + tmps[gid].ipad[2] = sha1_hmac_ctx.ipad.h[2]; + tmps[gid].ipad[3] = sha1_hmac_ctx.ipad.h[3]; + tmps[gid].ipad[4] = sha1_hmac_ctx.ipad.h[4]; + + tmps[gid].opad[0] = sha1_hmac_ctx.opad.h[0]; + tmps[gid].opad[1] = sha1_hmac_ctx.opad.h[1]; + tmps[gid].opad[2] = sha1_hmac_ctx.opad.h[2]; + tmps[gid].opad[3] = sha1_hmac_ctx.opad.h[3]; + tmps[gid].opad[4] = sha1_hmac_ctx.opad.h[4]; + + sha1_hmac_update_global_swap (&sha1_hmac_ctx, esalt_bufs[digests_offset].essid_buf, esalt_bufs[digests_offset].essid_len); + + for (u32 i = 0, j = 1; i < 8; i += 5, j += 1) + { + sha1_hmac_ctx_t sha1_hmac_ctx2 = sha1_hmac_ctx; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = j; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + sha1_hmac_update_64 (&sha1_hmac_ctx2, w0, w1, w2, w3, 4); + + sha1_hmac_final (&sha1_hmac_ctx2); + + tmps[gid].dgst[i + 0] = sha1_hmac_ctx2.opad.h[0]; + tmps[gid].dgst[i + 1] = sha1_hmac_ctx2.opad.h[1]; + tmps[gid].dgst[i + 2] = sha1_hmac_ctx2.opad.h[2]; + tmps[gid].dgst[i + 3] = sha1_hmac_ctx2.opad.h[3]; + tmps[gid].dgst[i + 4] = sha1_hmac_ctx2.opad.h[4]; + + tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; + tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; + tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; + tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; + tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; + } +} + +KERNEL_FQ void m22000_loop (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= gid_max) return; + + u32x ipad[5]; + u32x opad[5]; + + ipad[0] = packv (tmps, ipad, gid, 0); + ipad[1] = packv (tmps, ipad, gid, 1); + ipad[2] = packv (tmps, ipad, gid, 2); + ipad[3] = packv (tmps, ipad, gid, 3); + ipad[4] = packv (tmps, ipad, gid, 4); + + opad[0] = packv (tmps, opad, gid, 0); + opad[1] = packv (tmps, opad, gid, 1); + opad[2] = packv (tmps, opad, gid, 2); + opad[3] = packv (tmps, opad, gid, 3); + opad[4] = packv (tmps, opad, gid, 4); + + for (u32 i = 0; i < 8; i += 5) + { + u32x dgst[5]; + u32x out[5]; + + dgst[0] = packv (tmps, dgst, gid, i + 0); + dgst[1] = packv (tmps, dgst, gid, i + 1); + dgst[2] = packv (tmps, dgst, gid, i + 2); + dgst[3] = packv (tmps, dgst, gid, i + 3); + dgst[4] = packv (tmps, dgst, gid, i + 4); + + out[0] = packv (tmps, out, gid, i + 0); + out[1] = packv (tmps, out, gid, i + 1); + out[2] = packv (tmps, out, gid, i + 2); + out[3] = packv (tmps, out, gid, i + 3); + out[4] = packv (tmps, out, gid, i + 4); + + for (u32 j = 0; j < loop_cnt; j++) + { + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = dgst[0]; + w0[1] = dgst[1]; + w0[2] = dgst[2]; + w0[3] = dgst[3]; + w1[0] = dgst[4]; + w1[1] = 0x80000000; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 20) * 8; + + hmac_sha1_run_V (w0, w1, w2, w3, ipad, opad, dgst); + + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + } + + unpackv (tmps, dgst, gid, i + 0, dgst[0]); + unpackv (tmps, dgst, gid, i + 1, dgst[1]); + unpackv (tmps, dgst, gid, i + 2, dgst[2]); + unpackv (tmps, dgst, gid, i + 3, dgst[3]); + unpackv (tmps, dgst, gid, i + 4, dgst[4]); + + unpackv (tmps, out, gid, i + 0, out[0]); + unpackv (tmps, out, gid, i + 1, out[1]); + unpackv (tmps, out, gid, i + 2, out[2]); + unpackv (tmps, out, gid, i + 3, out[3]); + unpackv (tmps, out, gid, i + 4, out[4]); + } +} + +KERNEL_FQ void m22000_comp (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + // not in use here, special case... +} + +KERNEL_FQ void m22000_aux1 (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 out0[4]; + u32 out1[4]; + + out0[0] = tmps[gid].out[0]; + out0[1] = tmps[gid].out[1]; + out0[2] = tmps[gid].out[2]; + out0[3] = tmps[gid].out[3]; + out1[0] = tmps[gid].out[4]; + out1[1] = tmps[gid].out[5]; + out1[2] = tmps[gid].out[6]; + out1[3] = tmps[gid].out[7]; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + u32 pke[32]; + + pke[ 0] = wpa->pke[ 0]; + pke[ 1] = wpa->pke[ 1]; + pke[ 2] = wpa->pke[ 2]; + pke[ 3] = wpa->pke[ 3]; + pke[ 4] = wpa->pke[ 4]; + pke[ 5] = wpa->pke[ 5]; + pke[ 6] = wpa->pke[ 6]; + pke[ 7] = wpa->pke[ 7]; + pke[ 8] = wpa->pke[ 8]; + pke[ 9] = wpa->pke[ 9]; + pke[10] = wpa->pke[10]; + pke[11] = wpa->pke[11]; + pke[12] = wpa->pke[12]; + pke[13] = wpa->pke[13]; + pke[14] = wpa->pke[14]; + pke[15] = wpa->pke[15]; + pke[16] = wpa->pke[16]; + pke[17] = wpa->pke[17]; + pke[18] = wpa->pke[18]; + pke[19] = wpa->pke[19]; + pke[20] = wpa->pke[20]; + pke[21] = wpa->pke[21]; + pke[22] = wpa->pke[22]; + pke[23] = wpa->pke[23]; + pke[24] = wpa->pke[24]; + pke[25] = wpa->pke[25]; + pke[26] = wpa->pke[26]; + pke[27] = wpa->pke[27]; + pke[28] = wpa->pke[28]; + pke[29] = wpa->pke[29]; + pke[30] = wpa->pke[30]; + pke[31] = wpa->pke[31]; + + u32 z[4]; + + z[0] = 0; + z[1] = 0; + z[2] = 0; + z[3] = 0; + + u32 to; + + u32 m0; + u32 m1; + + if (wpa->nonce_compare < 0) + { + m0 = pke[15] & ~0x000000ff; + m1 = pke[16] & ~0xffffff00; + + to = pke[15] << 24 + | pke[16] >> 8; + } + else + { + m0 = pke[23] & ~0x000000ff; + m1 = pke[24] & ~0xffffff00; + + to = pke[23] << 24 + | pke[24] >> 8; + } + + u32 bo_loops = wpa->detected_le + wpa->detected_be; + + bo_loops = (bo_loops == 0) ? 2 : bo_loops; + + const u32 nonce_error_corrections = wpa->nonce_error_corrections; + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + for (u32 bo_pos = 0; bo_pos < bo_loops; bo_pos++) + { + u32 t = to; + + if (bo_loops == 1) + { + if (wpa->detected_le == 1) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (wpa->detected_be == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + else + { + if (bo_pos == 0) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (bo_pos == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + + if (wpa->nonce_compare < 0) + { + pke[15] = m0 | (t >> 24); + pke[16] = m1 | (t << 8); + } + else + { + pke[23] = m0 | (t >> 24); + pke[24] = m1 | (t << 8); + } + + sha1_hmac_ctx_t ctx1; + + sha1_hmac_init_64 (&ctx1, out0, out1, z, z); + + sha1_hmac_update (&ctx1, pke, 100); + + sha1_hmac_final (&ctx1); + + ctx1.opad.h[0] = hc_swap32_S (ctx1.opad.h[0]); + ctx1.opad.h[1] = hc_swap32_S (ctx1.opad.h[1]); + ctx1.opad.h[2] = hc_swap32_S (ctx1.opad.h[2]); + ctx1.opad.h[3] = hc_swap32_S (ctx1.opad.h[3]); + + md5_hmac_ctx_t ctx2; + + md5_hmac_init_64 (&ctx2, ctx1.opad.h, z, z, z); + + md5_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len); + + md5_hmac_final (&ctx2); + + ctx2.opad.h[0] = hc_swap32_S (ctx2.opad.h[0]); + ctx2.opad.h[1] = hc_swap32_S (ctx2.opad.h[1]); + ctx2.opad.h[2] = hc_swap32_S (ctx2.opad.h[2]); + ctx2.opad.h[3] = hc_swap32_S (ctx2.opad.h[3]); + + /** + * final compare + */ + + if ((ctx2.opad.h[0] == wpa->keymic[0]) + && (ctx2.opad.h[1] == wpa->keymic[1]) + && (ctx2.opad.h[2] == wpa->keymic[2]) + && (ctx2.opad.h[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + } + } +} + +KERNEL_FQ void m22000_aux2 (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 out0[4]; + u32 out1[4]; + + out0[0] = tmps[gid].out[0]; + out0[1] = tmps[gid].out[1]; + out0[2] = tmps[gid].out[2]; + out0[3] = tmps[gid].out[3]; + out1[0] = tmps[gid].out[4]; + out1[1] = tmps[gid].out[5]; + out1[2] = tmps[gid].out[6]; + out1[3] = tmps[gid].out[7]; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + u32 pke[32]; + + pke[ 0] = wpa->pke[ 0]; + pke[ 1] = wpa->pke[ 1]; + pke[ 2] = wpa->pke[ 2]; + pke[ 3] = wpa->pke[ 3]; + pke[ 4] = wpa->pke[ 4]; + pke[ 5] = wpa->pke[ 5]; + pke[ 6] = wpa->pke[ 6]; + pke[ 7] = wpa->pke[ 7]; + pke[ 8] = wpa->pke[ 8]; + pke[ 9] = wpa->pke[ 9]; + pke[10] = wpa->pke[10]; + pke[11] = wpa->pke[11]; + pke[12] = wpa->pke[12]; + pke[13] = wpa->pke[13]; + pke[14] = wpa->pke[14]; + pke[15] = wpa->pke[15]; + pke[16] = wpa->pke[16]; + pke[17] = wpa->pke[17]; + pke[18] = wpa->pke[18]; + pke[19] = wpa->pke[19]; + pke[20] = wpa->pke[20]; + pke[21] = wpa->pke[21]; + pke[22] = wpa->pke[22]; + pke[23] = wpa->pke[23]; + pke[24] = wpa->pke[24]; + pke[25] = wpa->pke[25]; + pke[26] = wpa->pke[26]; + pke[27] = wpa->pke[27]; + pke[28] = wpa->pke[28]; + pke[29] = wpa->pke[29]; + pke[30] = wpa->pke[30]; + pke[31] = wpa->pke[31]; + + u32 z[4]; + + z[0] = 0; + z[1] = 0; + z[2] = 0; + z[3] = 0; + + u32 to; + + u32 m0; + u32 m1; + + if (wpa->nonce_compare < 0) + { + m0 = pke[15] & ~0x000000ff; + m1 = pke[16] & ~0xffffff00; + + to = pke[15] << 24 + | pke[16] >> 8; + } + else + { + m0 = pke[23] & ~0x000000ff; + m1 = pke[24] & ~0xffffff00; + + to = pke[23] << 24 + | pke[24] >> 8; + } + + u32 bo_loops = wpa->detected_le + wpa->detected_be; + + bo_loops = (bo_loops == 0) ? 2 : bo_loops; + + const u32 nonce_error_corrections = wpa->nonce_error_corrections; + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + for (u32 bo_pos = 0; bo_pos < bo_loops; bo_pos++) + { + u32 t = to; + + if (bo_loops == 1) + { + if (wpa->detected_le == 1) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (wpa->detected_be == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + else + { + if (bo_pos == 0) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (bo_pos == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + + if (wpa->nonce_compare < 0) + { + pke[15] = m0 | (t >> 24); + pke[16] = m1 | (t << 8); + } + else + { + pke[23] = m0 | (t >> 24); + pke[24] = m1 | (t << 8); + } + + sha1_hmac_ctx_t ctx1; + + sha1_hmac_init_64 (&ctx1, out0, out1, z, z); + + sha1_hmac_update (&ctx1, pke, 100); + + sha1_hmac_final (&ctx1); + + sha1_hmac_ctx_t ctx2; + + sha1_hmac_init_64 (&ctx2, ctx1.opad.h, z, z, z); + + sha1_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len); + + sha1_hmac_final (&ctx2); + + /** + * final compare + */ + + if ((ctx2.opad.h[0] == wpa->keymic[0]) + && (ctx2.opad.h[1] == wpa->keymic[1]) + && (ctx2.opad.h[2] == wpa->keymic[2]) + && (ctx2.opad.h[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + } + } +} + +KERNEL_FQ void m22000_aux3 (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + /** + * aes shared + */ + + #ifdef REAL_SHM + + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + #ifdef IS_CUDA + __syncthreads(); + #else + SYNC_THREADS (); + #endif + + #else + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 out0[4]; + u32 out1[4]; + + out0[0] = tmps[gid].out[0]; + out0[1] = tmps[gid].out[1]; + out0[2] = tmps[gid].out[2]; + out0[3] = tmps[gid].out[3]; + out1[0] = tmps[gid].out[4]; + out1[1] = tmps[gid].out[5]; + out1[2] = tmps[gid].out[6]; + out1[3] = tmps[gid].out[7]; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + u32 pke[32]; + + pke[ 0] = wpa->pke[ 0]; + pke[ 1] = wpa->pke[ 1]; + pke[ 2] = wpa->pke[ 2]; + pke[ 3] = wpa->pke[ 3]; + pke[ 4] = wpa->pke[ 4]; + pke[ 5] = wpa->pke[ 5]; + pke[ 6] = wpa->pke[ 6]; + pke[ 7] = wpa->pke[ 7]; + pke[ 8] = wpa->pke[ 8]; + pke[ 9] = wpa->pke[ 9]; + pke[10] = wpa->pke[10]; + pke[11] = wpa->pke[11]; + pke[12] = wpa->pke[12]; + pke[13] = wpa->pke[13]; + pke[14] = wpa->pke[14]; + pke[15] = wpa->pke[15]; + pke[16] = wpa->pke[16]; + pke[17] = wpa->pke[17]; + pke[18] = wpa->pke[18]; + pke[19] = wpa->pke[19]; + pke[20] = wpa->pke[20]; + pke[21] = wpa->pke[21]; + pke[22] = wpa->pke[22]; + pke[23] = wpa->pke[23]; + pke[24] = wpa->pke[24]; + pke[25] = wpa->pke[25]; + pke[26] = wpa->pke[26]; + pke[27] = wpa->pke[27]; + pke[28] = wpa->pke[28]; + pke[29] = wpa->pke[29]; + pke[30] = wpa->pke[30]; + pke[31] = wpa->pke[31]; + + u32 z[4]; + + z[0] = 0; + z[1] = 0; + z[2] = 0; + z[3] = 0; + + u32 to; + + u32 m0; + u32 m1; + + if (wpa->nonce_compare < 0) + { + m0 = pke[15] & ~0x000000ff; + m1 = pke[16] & ~0xffffff00; + + to = pke[15] << 24 + | pke[16] >> 8; + } + else + { + m0 = pke[23] & ~0x000000ff; + m1 = pke[24] & ~0xffffff00; + + to = pke[23] << 24 + | pke[24] >> 8; + } + + u32 bo_loops = wpa->detected_le + wpa->detected_be; + + bo_loops = (bo_loops == 0) ? 2 : bo_loops; + + const u32 nonce_error_corrections = wpa->nonce_error_corrections; + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + for (u32 bo_pos = 0; bo_pos < bo_loops; bo_pos++) + { + u32 t = to; + + if (bo_loops == 1) + { + if (wpa->detected_le == 1) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (wpa->detected_be == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + else + { + if (bo_pos == 0) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (bo_pos == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + + if (wpa->nonce_compare < 0) + { + pke[15] = m0 | (t >> 24); + pke[16] = m1 | (t << 8); + } + else + { + pke[23] = m0 | (t >> 24); + pke[24] = m1 | (t << 8); + } + + sha256_hmac_ctx_t ctx1; + + sha256_hmac_init_64 (&ctx1, out0, out1, z, z); + + sha256_hmac_update (&ctx1, pke, 102); + + sha256_hmac_final (&ctx1); + + ctx1.opad.h[0] = hc_swap32_S (ctx1.opad.h[0]); + ctx1.opad.h[1] = hc_swap32_S (ctx1.opad.h[1]); + ctx1.opad.h[2] = hc_swap32_S (ctx1.opad.h[2]); + ctx1.opad.h[3] = hc_swap32_S (ctx1.opad.h[3]); + + // AES CMAC + + u32 ks[44]; + + aes128_set_encrypt_key (ks, ctx1.opad.h, s_te0, s_te1, s_te2, s_te3); + + u32 m[4]; + + m[0] = 0; + m[1] = 0; + m[2] = 0; + m[3] = 0; + + u32 iv[4]; + + iv[0] = 0; + iv[1] = 0; + iv[2] = 0; + iv[3] = 0; + + int eapol_left; + int eapol_idx; + + for (eapol_left = wpa->eapol_len, eapol_idx = 0; eapol_left > 16; eapol_left -= 16, eapol_idx += 4) + { + m[0] = wpa->eapol[eapol_idx + 0] ^ iv[0]; + m[1] = wpa->eapol[eapol_idx + 1] ^ iv[1]; + m[2] = wpa->eapol[eapol_idx + 2] ^ iv[2]; + m[3] = wpa->eapol[eapol_idx + 3] ^ iv[3]; + + aes128_encrypt (ks, m, iv, s_te0, s_te1, s_te2, s_te3, s_te4); + } + + m[0] = wpa->eapol[eapol_idx + 0]; + m[1] = wpa->eapol[eapol_idx + 1]; + m[2] = wpa->eapol[eapol_idx + 2]; + m[3] = wpa->eapol[eapol_idx + 3]; + + u32 k[4]; + + k[0] = 0; + k[1] = 0; + k[2] = 0; + k[3] = 0; + + aes128_encrypt (ks, k, k, s_te0, s_te1, s_te2, s_te3, s_te4); + + make_kn (k); + + if (eapol_left < 16) + { + make_kn (k); + } + + m[0] ^= k[0]; + m[1] ^= k[1]; + m[2] ^= k[2]; + m[3] ^= k[3]; + + m[0] ^= iv[0]; + m[1] ^= iv[1]; + m[2] ^= iv[2]; + m[3] ^= iv[3]; + + u32 keymic[4]; + + keymic[0] = 0; + keymic[1] = 0; + keymic[2] = 0; + keymic[3] = 0; + + aes128_encrypt (ks, m, keymic, s_te0, s_te1, s_te2, s_te3, s_te4); + + /** + * final compare + */ + + keymic[0] = hc_swap32_S (keymic[0]); + keymic[1] = hc_swap32_S (keymic[1]); + keymic[2] = hc_swap32_S (keymic[2]); + keymic[3] = hc_swap32_S (keymic[3]); + + if ((keymic[0] == wpa->keymic[0]) + && (keymic[1] == wpa->keymic[1]) + && (keymic[2] == wpa->keymic[2]) + && (keymic[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + } + } +} + +KERNEL_FQ void m22000_aux4 (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w[16]; + + w[ 0] = tmps[gid].out[0]; + w[ 1] = tmps[gid].out[1]; + w[ 2] = tmps[gid].out[2]; + w[ 3] = tmps[gid].out[3]; + w[ 4] = tmps[gid].out[4]; + w[ 5] = tmps[gid].out[5]; + w[ 6] = tmps[gid].out[6]; + w[ 7] = tmps[gid].out[7]; + w[ 8] = 0; + w[ 9] = 0; + w[10] = 0; + w[11] = 0; + w[12] = 0; + w[13] = 0; + w[14] = 0; + w[15] = 0; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + sha1_hmac_ctx_t sha1_hmac_ctx; + + sha1_hmac_init (&sha1_hmac_ctx, w, 32); + + sha1_hmac_update_global_swap (&sha1_hmac_ctx, wpa->pmkid_data, 20); + + sha1_hmac_final (&sha1_hmac_ctx); + + const u32 r0 = sha1_hmac_ctx.opad.h[0]; + const u32 r1 = sha1_hmac_ctx.opad.h[1]; + const u32 r2 = sha1_hmac_ctx.opad.h[2]; + const u32 r3 = sha1_hmac_ctx.opad.h[3]; + + #ifdef KERNEL_STATIC + + #define il_pos 0 + #include COMPARE_M + + #else + + if ((hc_swap32_S (r0) == wpa->pmkid[0]) + && (hc_swap32_S (r1) == wpa->pmkid[1]) + && (hc_swap32_S (r2) == wpa->pmkid[2]) + && (hc_swap32_S (r3) == wpa->pmkid[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + + #endif +} diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c new file mode 100644 index 000000000..cbcc86de6 --- /dev/null +++ b/src/modules/module_22000.c @@ -0,0 +1,952 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" + +#define DGST_ELEM 4 + +#include "emu_general.h" +#include "emu_inc_cipher_aes.h" +#include "emu_inc_hash_md5.h" +#include "m22000-pure.cl" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL; +static const char *HASH_NAME = "WPA-PBKDF2-PMKID+EAPOL"; +static const u64 KERN_TYPE = 22000; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_AUX1 + | OPTS_TYPE_AUX2 + | OPTS_TYPE_AUX3 + | OPTS_TYPE_AUX4 + | OPTS_TYPE_DEEP_COMP_KERNEL + | OPTS_TYPE_COPY_TMPS; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat!"; +static const char *ST_HASH = "WPA:01:9d42bfc4ab79cf3a3a85761efd2a0cf0:e8e61d2bfe07:e21f445660bb:3c3429452aba22e9a7a6:::"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +static const u32 ROUNDS_WPA_PBKDF2 = 4096; + +struct auth_packet +{ + u8 version; + u8 type; + u16 length; + u8 key_descriptor; + u16 key_information; + u16 key_length; + u64 replay_counter; + u8 wpa_key_nonce[32]; + u8 wpa_key_iv[16]; + u8 wpa_key_rsc[8]; + u8 wpa_key_id[8]; + u8 wpa_key_mic[16]; + u16 wpa_key_data_length; + +} __attribute__((packed)); + +typedef struct auth_packet auth_packet_t; + +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const char *mask = "?a?a?a?a?a?a?a?a"; + + return mask; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (wpa_pbkdf2_tmp_t); + + return tmp_size; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (wpa_t); + + return esalt_size; +} + +bool module_hlfmt_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool hlfmt_disable = true; + + return hlfmt_disable; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 8; + + return pw_min; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 63; + + return pw_max; +} + +int module_hash_decode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len, MAYBE_UNUSED void *tmps) +{ + wpa_t *wpa = (wpa_t *) esalt_buf; + + wpa_pbkdf2_tmp_t *wpa_pbkdf2_tmp = (wpa_pbkdf2_tmp_t *) tmps; + + // here we have in line_hash_buf: PMK*essid:password + // but we don't care about the password + + // PMK + + wpa_pbkdf2_tmp->out[0] = hex_to_u32 ((const u8 *) line_buf + 0); + wpa_pbkdf2_tmp->out[1] = hex_to_u32 ((const u8 *) line_buf + 8); + wpa_pbkdf2_tmp->out[2] = hex_to_u32 ((const u8 *) line_buf + 16); + wpa_pbkdf2_tmp->out[3] = hex_to_u32 ((const u8 *) line_buf + 24); + wpa_pbkdf2_tmp->out[4] = hex_to_u32 ((const u8 *) line_buf + 32); + wpa_pbkdf2_tmp->out[5] = hex_to_u32 ((const u8 *) line_buf + 40); + wpa_pbkdf2_tmp->out[6] = hex_to_u32 ((const u8 *) line_buf + 48); + wpa_pbkdf2_tmp->out[7] = hex_to_u32 ((const u8 *) line_buf + 56); + + // essid + + char *sep_pos = strrchr (line_buf, ':'); + + if (sep_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + if ((line_buf + 64) != sep_pos) return (PARSER_HASH_LENGTH); + + char *essid_pos = sep_pos + 1; + + const int essid_len = strlen (essid_pos); + + if (essid_len & 1) return (PARSER_SALT_VALUE); + + if (essid_len > 64) return (PARSER_SALT_VALUE); + + wpa->essid_len = hex_decode ((const u8 *) essid_pos, essid_len, (u8 *) wpa->essid_buf); + + return PARSER_OK; +} + +int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size, MAYBE_UNUSED const void *tmps) +{ + const wpa_t *wpa = (const wpa_t *) esalt_buf; + + const wpa_pbkdf2_tmp_t *wpa_pbkdf2_tmp = (const wpa_pbkdf2_tmp_t *) tmps; + + char tmp_buf[128]; + + const int tmp_len = hex_encode ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf); + + tmp_buf[tmp_len] = 0; + + const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x:%s", + wpa_pbkdf2_tmp->out[0], + wpa_pbkdf2_tmp->out[1], + wpa_pbkdf2_tmp->out[2], + wpa_pbkdf2_tmp->out[3], + wpa_pbkdf2_tmp->out[4], + wpa_pbkdf2_tmp->out[5], + wpa_pbkdf2_tmp->out[6], + wpa_pbkdf2_tmp->out[7], + tmp_buf); + + return line_len; +} + +int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos, char **buf) +{ + const salt_t *salts_buf = hashes->salts_buf; + const void *esalts_buf = hashes->esalts_buf; + + const salt_t *salt = &salts_buf[salt_pos]; + + const u32 digest_cur = salt->digests_offset + digest_pos; + + const wpa_t *wpas = (const wpa_t *) esalts_buf; + const wpa_t *wpa = &wpas[digest_cur]; + + char tmp_buf[128]; + + const int tmp_len = hex_encode ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf); + + tmp_buf[tmp_len] = 0; + + if (wpa->type == 1) + { + const int len = hc_asprintf (buf, "WPA:01:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:::" EOL, + byte_swap_32 (wpa->pmkid[0]), + byte_swap_32 (wpa->pmkid[1]), + byte_swap_32 (wpa->pmkid[2]), + byte_swap_32 (wpa->pmkid[3]), + wpa->orig_mac_ap[0], + wpa->orig_mac_ap[1], + wpa->orig_mac_ap[2], + wpa->orig_mac_ap[3], + wpa->orig_mac_ap[4], + wpa->orig_mac_ap[5], + wpa->orig_mac_sta[0], + wpa->orig_mac_sta[1], + wpa->orig_mac_sta[2], + wpa->orig_mac_sta[3], + wpa->orig_mac_sta[4], + wpa->orig_mac_sta[5], + tmp_buf); + + return len; + } + else if (wpa->type == 2) + { + u32 eapol_swapped[64 + 2]; + + for (int i = 0; i < 64; i++) + { + eapol_swapped[i] = wpa->eapol[i]; + + if (wpa->keyver == 2) + { + eapol_swapped[i] = byte_swap_32 (eapol_swapped[i]); + } + } + + eapol_swapped[64] = 0; + eapol_swapped[65] = 0; + + char tmp2_buf[384]; + + const int tmp2_len = hex_encode ((const u8 *) eapol_swapped, wpa->eapol_len, (u8 *) tmp2_buf); + + tmp2_buf[tmp2_len] = 0; + + const int len = hc_asprintf (buf, "WPA:02:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:%08x%08x%08x%08x%08x%08x%08x%08x:%s:%02x" EOL, + wpa->keymic[0], + wpa->keymic[1], + wpa->keymic[2], + wpa->keymic[3], + wpa->orig_mac_ap[0], + wpa->orig_mac_ap[1], + wpa->orig_mac_ap[2], + wpa->orig_mac_ap[3], + wpa->orig_mac_ap[4], + wpa->orig_mac_ap[5], + wpa->orig_mac_sta[0], + wpa->orig_mac_sta[1], + wpa->orig_mac_sta[2], + wpa->orig_mac_sta[3], + wpa->orig_mac_sta[4], + wpa->orig_mac_sta[5], + tmp_buf, + byte_swap_32 (wpa->anonce[0]), + byte_swap_32 (wpa->anonce[1]), + byte_swap_32 (wpa->anonce[2]), + byte_swap_32 (wpa->anonce[3]), + byte_swap_32 (wpa->anonce[4]), + byte_swap_32 (wpa->anonce[5]), + byte_swap_32 (wpa->anonce[6]), + byte_swap_32 (wpa->anonce[7]), + tmp2_buf, + wpa->extra); + + return len; + } + + return 0; +} + +u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) +{ + const u32 digests_offset = hashes->salts_buf[salt_pos].digests_offset; + + wpa_t *wpas = (wpa_t *) hashes->esalts_buf; + + wpa_t *wpa = &wpas[digests_offset + digest_pos]; + + if (wpa->type == 1) + { + return KERN_RUN_AUX4; + } + else if (wpa->type == 2) + { + if (wpa->keyver == 1) + { + return KERN_RUN_AUX1; + } + else if (wpa->keyver == 2) + { + return KERN_RUN_AUX2; + } + else if (wpa->keyver == 3) + { + return KERN_RUN_AUX3; + } + } + + return 0; +} + +bool module_potfile_custom_check (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hash_t *db, MAYBE_UNUSED const hash_t *entry_hash, MAYBE_UNUSED const void *entry_tmps) +{ + const wpa_t *wpa_entry = (const wpa_t *) entry_hash->esalt; + const wpa_t *wpa_db = (const wpa_t *) db->esalt; + + if (wpa_db->essid_len != wpa_entry->essid_len) return false; + + if (strcmp ((const char *) wpa_db->essid_buf, (const char *) wpa_entry->essid_buf)) return false; + + const wpa_pbkdf2_tmp_t *wpa_pbkdf2_tmp = (const wpa_pbkdf2_tmp_t *) entry_tmps; + + wpa_pbkdf2_tmp_t tmps; + + tmps.out[0] = byte_swap_32 (wpa_pbkdf2_tmp->out[0]); + tmps.out[1] = byte_swap_32 (wpa_pbkdf2_tmp->out[1]); + tmps.out[2] = byte_swap_32 (wpa_pbkdf2_tmp->out[2]); + tmps.out[3] = byte_swap_32 (wpa_pbkdf2_tmp->out[3]); + tmps.out[4] = byte_swap_32 (wpa_pbkdf2_tmp->out[4]); + tmps.out[5] = byte_swap_32 (wpa_pbkdf2_tmp->out[5]); + tmps.out[6] = byte_swap_32 (wpa_pbkdf2_tmp->out[6]); + tmps.out[7] = byte_swap_32 (wpa_pbkdf2_tmp->out[7]); + + plain_t plains_buf; + + u32 hashes_shown = 0; + + u32 d_return_buf = 0; + + void (*m22000_aux) (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)); + + if (wpa_db->type == 1) + { + m22000_aux = m22000_aux4; + } + else if (wpa_db->type == 2) + { + if (wpa_db->keyver == 1) + { + m22000_aux = m22000_aux1; + } + else if (wpa_db->keyver == 2) + { + m22000_aux = m22000_aux2; + } + else if (wpa_db->keyver == 3) + { + m22000_aux = m22000_aux3; + } + else + { + return false; + } + } + else + { + return false; + } + + m22000_aux + ( + NULL, // pws + NULL, // rules_buf + NULL, // combs_buf + NULL, // bfs_buf + &tmps, // tmps + NULL, // hooks + NULL, // bitmaps_buf_s1_a + NULL, // bitmaps_buf_s1_b + NULL, // bitmaps_buf_s1_c + NULL, // bitmaps_buf_s1_d + NULL, // bitmaps_buf_s2_a + NULL, // bitmaps_buf_s2_b + NULL, // bitmaps_buf_s2_c + NULL, // bitmaps_buf_s2_d + &plains_buf, // plains_buf + db->digest, // digests_buf + &hashes_shown, // hashes_shown + db->salt, // salt_bufs + db->esalt, // esalt_bufs + &d_return_buf, // d_return_buf + NULL, // d_extra0_buf + NULL, // d_extra1_buf + NULL, // d_extra2_buf + NULL, // d_extra3_buf + 0, // bitmap_mask + 0, // bitmap_shift1 + 0, // bitmap_shift2 + 0, // salt_pos + 0, // loop_pos + 0, // loop_cnt + 0, // il_cnt + 1, // digests_cnt + 0, // digests_offset + 0, // combs_mode + 1 // gid_max + ); + + const bool r = (d_return_buf == 0) ? false : true; + + return r; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + wpa_t *wpa = (wpa_t *) esalt_buf; + + // start normal parsing + + token_t token; + + token.token_cnt = 9; + + token.signatures_cnt = 1; + token.signatures_buf[0] = "WPA"; + + token.sep[0] = ':'; + token.len_min[0] = 3; + token.len_max[0] = 3; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = ':'; + token.len_min[1] = 2; + token.len_max[1] = 2; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[2] = ':'; + token.len_min[2] = 32; + token.len_max[2] = 32; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = ':'; + token.len_min[3] = 12; + token.len_max[3] = 12; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[4] = ':'; + token.len_min[4] = 12; + token.len_max[4] = 12; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = ':'; + token.len_min[5] = 0; + token.len_max[5] = 64; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = ':'; + token.len_min[6] = 0; + token.len_max[6] = 64; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = ':'; + token.len_min[7] = 0; + token.len_max[7] = 512; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[8] = ':'; + token.len_min[8] = 0; + token.len_max[8] = 2; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // mac_ap + + const u8 *macap_buf = token.buf[3]; + + wpa->orig_mac_ap[0] = hex_to_u8 (macap_buf + 0); + wpa->orig_mac_ap[1] = hex_to_u8 (macap_buf + 2); + wpa->orig_mac_ap[2] = hex_to_u8 (macap_buf + 4); + wpa->orig_mac_ap[3] = hex_to_u8 (macap_buf + 6); + wpa->orig_mac_ap[4] = hex_to_u8 (macap_buf + 8); + wpa->orig_mac_ap[5] = hex_to_u8 (macap_buf + 10); + + // mac_sta + + const u8 *macsta_buf = token.buf[4]; + + wpa->orig_mac_sta[0] = hex_to_u8 (macsta_buf + 0); + wpa->orig_mac_sta[1] = hex_to_u8 (macsta_buf + 2); + wpa->orig_mac_sta[2] = hex_to_u8 (macsta_buf + 4); + wpa->orig_mac_sta[3] = hex_to_u8 (macsta_buf + 6); + wpa->orig_mac_sta[4] = hex_to_u8 (macsta_buf + 8); + wpa->orig_mac_sta[5] = hex_to_u8 (macsta_buf + 10); + + // essid + + const u8 *essid_buf = token.buf[5]; + const int essid_len = token.len[5]; + + if (essid_len & 1) return (PARSER_SALT_VALUE); + + wpa->essid_len = hex_decode (essid_buf, essid_len, (u8 *) wpa->essid_buf); + + // salt + + memcpy (salt->salt_buf, wpa->essid_buf, wpa->essid_len); + + salt->salt_len = wpa->essid_len; + + salt->salt_iter = ROUNDS_WPA_PBKDF2 - 1; + + // type + + const u8 *type_buf = token.buf[1]; + + const u8 type = hex_to_u8 (type_buf); + + if ((type != 1) && (type != 2)) return (PARSER_SALT_VALUE); + + wpa->type = type; + + // PMKID specific code + + if (type == 1) + { + // pmkid + + const u8 *pmkid_buf = token.buf[2]; + + wpa->pmkid[0] = hex_to_u32 (pmkid_buf + 0); + wpa->pmkid[1] = hex_to_u32 (pmkid_buf + 8); + wpa->pmkid[2] = hex_to_u32 (pmkid_buf + 16); + wpa->pmkid[3] = hex_to_u32 (pmkid_buf + 24); + + // pmkid_data + + wpa->pmkid_data[0] = 0x204b4d50; // "PMK " + wpa->pmkid_data[1] = 0x656d614e; // "Name" + wpa->pmkid_data[2] = (wpa->orig_mac_ap[0] << 0) + | (wpa->orig_mac_ap[1] << 8) + | (wpa->orig_mac_ap[2] << 16) + | (wpa->orig_mac_ap[3] << 24); + wpa->pmkid_data[3] = (wpa->orig_mac_ap[4] << 0) + | (wpa->orig_mac_ap[5] << 8) + | (wpa->orig_mac_sta[0] << 16) + | (wpa->orig_mac_sta[1] << 24); + wpa->pmkid_data[4] = (wpa->orig_mac_sta[2] << 0) + | (wpa->orig_mac_sta[3] << 8) + | (wpa->orig_mac_sta[4] << 16) + | (wpa->orig_mac_sta[5] << 24); + + // hash + + digest[0] = wpa->pmkid[0]; + digest[1] = wpa->pmkid[1]; + digest[2] = wpa->pmkid[2]; + digest[3] = wpa->pmkid[3]; + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + } + + // EAPOL specific code + + if (type == 2) + { + // checks + + if (token.len[6] != 64) return (PARSER_SALT_LENGTH); + + if (token.len[7] < (int) sizeof (auth_packet_t) * 2) return (PARSER_SALT_LENGTH); + + if (token.len[8] != 2) return (PARSER_SALT_LENGTH); + + // anonce + + const u8 *anonce_pos = token.buf[6]; + + wpa->anonce[0] = hex_to_u32 (anonce_pos + 0); + wpa->anonce[1] = hex_to_u32 (anonce_pos + 8); + wpa->anonce[2] = hex_to_u32 (anonce_pos + 16); + wpa->anonce[3] = hex_to_u32 (anonce_pos + 24); + wpa->anonce[4] = hex_to_u32 (anonce_pos + 32); + wpa->anonce[5] = hex_to_u32 (anonce_pos + 40); + wpa->anonce[6] = hex_to_u32 (anonce_pos + 48); + wpa->anonce[7] = hex_to_u32 (anonce_pos + 56); + + // eapol + + const u8 *eapol_pos = token.buf[7]; + + u8 *eapol_ptr = (u8 *) wpa->eapol; + + wpa->eapol_len = hex_decode ((const u8 *) eapol_pos, token.len[7], eapol_ptr); + + memset (eapol_ptr + wpa->eapol_len, 0, (256 + 64) - wpa->eapol_len); + + auth_packet_t *auth_packet = (auth_packet_t *) wpa->eapol; + + // keyver + + const u16 key_information = byte_swap_16 (auth_packet->key_information); + + wpa->keyver = key_information & 3; + + if ((wpa->keyver != 1) && (wpa->keyver != 2) && (wpa->keyver != 3)) return (PARSER_SALT_VALUE); + + // pke + + u8 *pke_ptr = (u8 *) wpa->pke; + + memset (pke_ptr, 0, 128); + + if ((wpa->keyver == 1) || (wpa->keyver == 2)) + { + memcpy (pke_ptr, "Pairwise key expansion\x00", 23); + + if (memcmp (wpa->orig_mac_ap, wpa->orig_mac_sta, 6) < 0) + { + memcpy (pke_ptr + 23, wpa->orig_mac_ap, 6); + memcpy (pke_ptr + 29, wpa->orig_mac_sta, 6); + } + else + { + memcpy (pke_ptr + 23, wpa->orig_mac_sta, 6); + memcpy (pke_ptr + 29, wpa->orig_mac_ap, 6); + } + + wpa->nonce_compare = memcmp (wpa->anonce, auth_packet->wpa_key_nonce, 32); + + if (wpa->nonce_compare < 0) + { + memcpy (pke_ptr + 35, wpa->anonce, 32); + memcpy (pke_ptr + 67, auth_packet->wpa_key_nonce, 32); + } + else + { + memcpy (pke_ptr + 35, auth_packet->wpa_key_nonce, 32); + memcpy (pke_ptr + 67, wpa->anonce, 32); + } + } + else if (wpa->keyver == 3) + { + pke_ptr[0] = 1; + pke_ptr[1] = 0; + + memcpy (pke_ptr + 2, "Pairwise key expansion", 22); + + if (memcmp (wpa->orig_mac_ap, wpa->orig_mac_sta, 6) < 0) + { + memcpy (pke_ptr + 24, wpa->orig_mac_ap, 6); + memcpy (pke_ptr + 30, wpa->orig_mac_sta, 6); + } + else + { + memcpy (pke_ptr + 24, wpa->orig_mac_sta, 6); + memcpy (pke_ptr + 30, wpa->orig_mac_ap, 6); + } + + wpa->nonce_compare = memcmp (wpa->anonce, auth_packet->wpa_key_nonce, 32); + + if (wpa->nonce_compare < 0) + { + memcpy (pke_ptr + 36, wpa->anonce, 32); + memcpy (pke_ptr + 68, auth_packet->wpa_key_nonce, 32); + } + else + { + memcpy (pke_ptr + 36, auth_packet->wpa_key_nonce, 32); + memcpy (pke_ptr + 68, wpa->anonce, 32); + } + + pke_ptr[100] = 0x80; + pke_ptr[101] = 1; + } + + for (int i = 0; i < 32; i++) + { + wpa->pke[i] = byte_swap_32 (wpa->pke[i]); + } + + if (wpa->keyver == 2) + { + for (int i = 0; i < 64; i++) + { + wpa->eapol[i] = byte_swap_32 (wpa->eapol[i]); + } + } + + if (wpa->keyver == 3) + { + eapol_ptr[wpa->eapol_len] = 0x80; + } + + // extra + + const u8 *extra_pos = token.buf[8]; + + wpa->extra = hex_to_u8 (extra_pos); + + // todo stuff + + wpa->message_pair = wpa->extra; + wpa->message_pair_chgd = 0; + wpa->nonce_error_corrections = 0; + wpa->detected_le = 0; + wpa->detected_be = 0; + + // mic + + const u8 *mic_pos = token.buf[2]; + + wpa->keymic[0] = hex_to_u32 (mic_pos + 0); + wpa->keymic[1] = hex_to_u32 (mic_pos + 8); + wpa->keymic[2] = hex_to_u32 (mic_pos + 16); + wpa->keymic[3] = hex_to_u32 (mic_pos + 24); + + wpa->keymic[0] = byte_swap_32 (wpa->keymic[0]); + wpa->keymic[1] = byte_swap_32 (wpa->keymic[1]); + wpa->keymic[2] = byte_swap_32 (wpa->keymic[2]); + wpa->keymic[3] = byte_swap_32 (wpa->keymic[3]); + + // Create a hash of the nonce as ESSID is not unique enough + // Not a regular MD5 but good enough + // We can also ignore cases where we should bzero the work buffer + + u32 hash[4]; + + hash[0] = 0; + hash[1] = 1; + hash[2] = 2; + hash[3] = 3; + + u32 block[16]; + + memset (block, 0, sizeof (block)); + + u8 *block_ptr = (u8 *) block; + + for (int i = 0; i < 16; i++) block[i] = salt->salt_buf[i]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->pke[i + 0]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->pke[i + 16]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 0]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 16]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 32]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 48]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + memcpy (block_ptr + 0, wpa->orig_mac_ap, 6); + memcpy (block_ptr + 6, wpa->orig_mac_sta, 6); + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + memcpy (block_ptr + 0, wpa->anonce, 32); + memcpy (block_ptr + 32, auth_packet->wpa_key_nonce, 32); + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + block[0] = wpa->keymic[0]; + block[1] = wpa->keymic[1]; + block[2] = wpa->keymic[2]; + block[3] = wpa->keymic[3]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + // make all this stuff unique + + digest[0] = hash[0]; + digest[1] = hash[1]; + digest[2] = hash[2]; + digest[3] = hash[3]; + } + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const wpa_t *wpa = (const wpa_t *) esalt_buf; + + int line_len = 0; + + if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, ':', 0) == true) + { + char tmp_buf[128]; + + int tmp_len = 0; + + tmp_buf[tmp_len++] = '$'; + tmp_buf[tmp_len++] = 'H'; + tmp_buf[tmp_len++] = 'E'; + tmp_buf[tmp_len++] = 'X'; + tmp_buf[tmp_len++] = '['; + + exec_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf + tmp_len); + + tmp_len += wpa->essid_len * 2; + + tmp_buf[tmp_len++] = ']'; + + tmp_buf[tmp_len++] = 0; + + line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + wpa->orig_mac_ap[0], + wpa->orig_mac_ap[1], + wpa->orig_mac_ap[2], + wpa->orig_mac_ap[3], + wpa->orig_mac_ap[4], + wpa->orig_mac_ap[5], + wpa->orig_mac_sta[0], + wpa->orig_mac_sta[1], + wpa->orig_mac_sta[2], + wpa->orig_mac_sta[3], + wpa->orig_mac_sta[4], + wpa->orig_mac_sta[5], + tmp_buf); + } + else + { + line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + wpa->orig_mac_ap[0], + wpa->orig_mac_ap[1], + wpa->orig_mac_ap[2], + wpa->orig_mac_ap[3], + wpa->orig_mac_ap[4], + wpa->orig_mac_ap[5], + wpa->orig_mac_sta[0], + wpa->orig_mac_sta[1], + wpa->orig_mac_sta[2], + wpa->orig_mac_sta[3], + wpa->orig_mac_sta[4], + wpa->orig_mac_sta[5], + (const char *) wpa->essid_buf); + } + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = module_hash_binary_save; + module_ctx->module_hash_decode_potfile = module_hash_decode_potfile; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = module_hash_encode_potfile; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = module_hlfmt_disable; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = module_potfile_custom_check; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/selftest.c b/src/selftest.c index 2bff174bc..77652f9d9 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -542,9 +542,34 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param device_param->kernel_params_buf32[28] = 0; device_param->kernel_params_buf32[29] = 1; - const u32 deep_comp_kernel = module_ctx->module_deep_comp_kernel (hashes, 0, 0); + bool test_ok = false; - if (run_kernel (hashcat_ctx, device_param, deep_comp_kernel, 1, false, 0) == -1) return -1; + if (hashconfig->opts_type & OPTS_TYPE_AUX1) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX1, 1, false, 0) == 0) test_ok = true; + } + + if (hashconfig->opts_type & OPTS_TYPE_AUX2) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX2, 1, false, 0) == 0) test_ok = true; + } + + if (hashconfig->opts_type & OPTS_TYPE_AUX3) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX3, 1, false, 0) == 0) test_ok = true; + } + + if (hashconfig->opts_type & OPTS_TYPE_AUX4) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX4, 1, false, 0) == 0) test_ok = true; + } + + else + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_3, 1, false, 0) == -1) return -1; + } + + if (test_ok == false) return -1; } else { diff --git a/tools/test.sh b/tools/test.sh index 0adb8e174..d610304d8 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -19,7 +19,7 @@ VC_MODES="13711 13712 13713 13721 13722 13723 13731 13732 13733 13741 13742 1374 NEVER_CRACK="9720 9820 14900 18100" # List of modes which return a different output hash format than the input hash format -NOCHECK_ENCODING="16800" +NOCHECK_ENCODING="16800 22000" # LUKS mode has test containers LUKS_MODE="14600" @@ -273,6 +273,8 @@ function init() min_offset=3 elif [ "${hash_type}" -eq 16800 ]; then min_offset=7 # means length 8, since we start with 0 + elif [ "${hash_type}" -eq 22000 ]; then + min_offset=7 # means length 8, since we start with 0 fi # foreach password entry split password in 2 (skip first entry, is len 1) @@ -334,6 +336,8 @@ function init() min_len=31 elif [ "${hash_type}" -eq 16800 ]; then min_len=7 # means length 8, since we start with 0 + elif [ "${hash_type}" -eq 22000 ]; then + min_len=7 # means length 8, since we start with 0 fi # generate multiple pass/hash foreach len (2 to 8) @@ -925,6 +929,8 @@ function attack_3() max=1 elif [ "${hash_type}" -eq 16800 ]; then max=7 + elif [ "${hash_type}" -eq 22000 ]; then + max=7 fi i=1 @@ -1094,6 +1100,11 @@ function attack_3() increment_max=9 fi + if [ "${hash_type}" -eq 22000 ]; then + increment_min=8 + increment_max=9 + fi + # if file_only -> decode all base64 "hashes" and put them in the temporary file if [ "${file_only}" -eq 1 ]; then @@ -1335,6 +1346,91 @@ function attack_3() custom_charsets="-1 ${charset_1} -2 ${charset_2} -3 ${charset_3} -4 ${charset_4}" fi + if [ "${hash_type}" -eq 22000 ]; then + + mask="?d?d?d?d?d?1?2?3?4" + + charset_1="" + charset_2="" + charset_3="" + charset_4="" + + # check positions (here we assume that mask is always composed of non literal chars + # i.e. something like ?d?l?u?s?1 is possible, but ?d?dsuffix not + charset_1_pos=$(expr index "${mask}" 1) + charset_2_pos=$(expr index "${mask}" 2) + charset_3_pos=$(expr index "${mask}" 3) + charset_4_pos=$(expr index "${mask}" 4) + + # divide each charset position by 2 since each of them occupies 2 positions in the mask + + charset_1_pos=$((charset_1_pos / 2)) + charset_2_pos=$((charset_2_pos / 2)) + charset_3_pos=$((charset_3_pos / 2)) + charset_4_pos=$((charset_4_pos / 2)) + + i=1 + + while read -r -u 9 hash; do + + pass=$(sed -n ${i}p "${OUTD}/${hash_type}_passwords.txt") + + # charset 1 + char=$(echo "${pass}" | cut -b ${charset_1_pos}) + charset_1=$(printf "%s\n%s\n" "${charset_1}" "${char}") + + # charset 2 + char=$(echo "${pass}" | cut -b ${charset_2_pos}) + charset_2=$(printf "%s\n%s\n" "${charset_2}" "${char}") + + # charset 3 + char=$(echo "${pass}" | cut -b ${charset_3_pos}) + charset_3=$(printf "%s\n%s\n" "${charset_3}" "${char}") + + # charset 4 + char=$(echo "${pass}" | cut -b ${charset_4_pos}) + charset_4=$(printf "%s\n%s\n" "${charset_4}" "${char}") + + i=$((i + 1)) + + done 9< "${OUTD}/${hash_type}_multihash_bruteforce.txt" + + # just make sure that all custom charset fields are initialized + + if [ -z "${charset_1}" ]; then + + charset_1="1" + + fi + + if [ -z "${charset_2}" ]; then + + charset_2="2" + + fi + + if [ -z "${charset_3}" ]; then + + charset_3="3" + + fi + + if [ -z "${charset_4}" ]; then + + charset_4="4" + + fi + + # unique and remove new lines + + charset_1=$(echo "${charset_1}" | sort -u | tr -d '\n') + charset_2=$(echo "${charset_2}" | sort -u | tr -d '\n') + charset_3=$(echo "${charset_3}" | sort -u | tr -d '\n') + charset_4=$(echo "${charset_4}" | sort -u | tr -d '\n') + + custom_charsets="-1 ${charset_1} -2 ${charset_2} -3 ${charset_3} -4 ${charset_4}" + fi + increment_charset_opts="" if [ ${need_hcmask} -eq 0 ]; then # the "normal" case without .hcmask file @@ -1449,6 +1545,8 @@ function attack_6() mask_offset=29 elif [ "${hash_type}" -eq 16800 ]; then max=6 + elif [ "${hash_type}" -eq 22000 ]; then + max=6 fi # special case: we need to split the first line @@ -1667,6 +1765,8 @@ function attack_6() max=8 elif [ "${hash_type}" -eq 16800 ]; then max=5 + elif [ "${hash_type}" -eq 22000 ]; then + max=5 fi if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then @@ -1813,6 +1913,8 @@ function attack_7() max=1 elif [ "${hash_type}" -eq 16800 ]; then max=5 + elif [ "${hash_type}" -eq 22000 ]; then + max=5 fi # special case: we need to split the first line @@ -1916,6 +2018,26 @@ function attack_7() fi + if [ "${hash_type}" -eq 22000 ]; then + + pass_part_1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1") + pass_part_2=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict2") + + pass_part_2_len=${#pass_part_2} + + pass=${pass_part_1}${pass_part_2} + pass_len=${#pass} + + # add first x chars of password to mask and append the (old) mask + + mask_len=${#mask} + mask_len=$((mask_len / 2)) + + mask_prefix=$(echo "${pass}" | cut -b -$((pass_len - mask_len - pass_part_2_len))) + mask=${mask_prefix}${mask} + + fi + if [ "${hash_type}" -eq 20510 ]; then pass_part_1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1") @@ -2060,6 +2182,8 @@ function attack_7() max=5 elif [ "${hash_type}" -eq 16800 ]; then max=5 + elif [ "${hash_type}" -eq 22000 ]; then + max=5 fi if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then diff --git a/tools/test_modules/m22000.pm b/tools/test_modules/m22000.pm new file mode 100644 index 000000000..d9eb66c9a --- /dev/null +++ b/tools/test_modules/m22000.pm @@ -0,0 +1,557 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::PBKDF2; +use Digest::MD5 qw (md5); +use Digest::SHA qw (sha1 sha256); +use Digest::HMAC qw (hmac hmac_hex); +use Digest::CMAC; +use MIME::Base64 qw (encode_base64); + +sub module_constraints { [[8, 63], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $type = shift // random_number (1, 2); + my $macap = shift; + my $macsta = shift; + my $essid = shift; + my $anonce = shift; + my $eapol = shift; + my $extra = shift; + + my $hash; + + if ($type == 1) + { + if (!defined ($macap)) + { + $macap = unpack ("H*", random_bytes (6)); + } + + if (!defined ($macsta)) + { + $macsta = unpack ("H*", random_bytes (6)); + } + + if (!defined ($essid)) + { + $essid = unpack ("H*", random_bytes (random_number (0, 32) & 0x1e)); + } + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hash_class => 'HMACSHA1', + iterations => 4096, + output_len => 32, + ); + + my $essid_bin = pack ("H*", $essid); + + my $pmk = $pbkdf2->PBKDF2 ($essid_bin, $word); + + my $macap_bin = pack ("H*", $macap); + my $macsta_bin = pack ("H*", $macsta); + + my $data = "PMK Name" . $macap_bin . $macsta_bin; + + my $pmkid = hmac_hex ($data, $pmk, \&sha1); + + $hash = sprintf ("WPA:%02x:%s:%s:%s:%s:::", $type, substr ($pmkid, 0, 32), $macap, $macsta, $essid); + } + elsif ($type == 2) + { + if (!defined ($macap)) + { + $macap = random_bytes (6); + } + else + { + $macap = pack ("H*", $macap); + } + + if (!defined ($macsta)) + { + $macsta = random_bytes (6); + } + else + { + $macsta = pack ("H*", $macsta); + } + + if (!defined ($extra)) + { + $extra = "\x00"; + } + else + { + $extra = pack ("H*", $extra); + } + + my $keyver; + + my $snonce; + + if (!defined ($eapol)) + { + $keyver = random_number (1, 3); # 1, 2 or 3 + + $snonce = random_bytes (32); + + $eapol = gen_random_wpa_eapol ($keyver, $snonce); + } + else + { + $eapol = pack ("H*", $eapol); + + my $key_info = unpack ("n*", substr ($eapol, 5, 2)); + + $keyver = $key_info & 3; + + $snonce = substr ($eapol, 17, 32); + } + + if (!defined ($anonce)) + { + $anonce = random_bytes (32); + } + else + { + $anonce = pack ("H*", $anonce); + } + + if (!defined ($essid)) + { + $essid = unpack ("H*", random_bytes (random_number (0, 32) & 0x1e)); + } + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hash_class => 'HMACSHA1', + iterations => 4096, + output_len => 32, + ); + + my $essid_bin = pack ("H*", $essid); + + my $pmk = $pbkdf2->PBKDF2 ($essid_bin, $word); + + # Pairwise Transient Key (PTK) transformation + + my $ptk = wpa_prf_512 ($keyver, $pmk, $macsta, $macap, $snonce, $anonce); + + # generate the Message Integrity Code (MIC) + + my $mic = ""; + + if ($keyver == 1) # WPA1 => MD5 + { + $mic = hmac ($eapol, $ptk, \&md5); + } + elsif ($keyver == 2) # WPA2 => SHA1 + { + $mic = hmac ($eapol, $ptk, \&sha1); + } + elsif ($keyver == 3) # WPA2 => SHA256 + AES-CMAC + { + my $omac1 = Digest::CMAC->new ($ptk, 'Crypt::Rijndael'); + + $omac1->add ($eapol); + + $mic = $omac1->digest; + } + + $mic = substr ($mic, 0, 16); + + $hash = sprintf ("WPA:%02x:%s:%s:%s:%s:%s:%s:%s", $type, unpack ("H*", $mic), unpack ("H*", $macap), unpack ("H*", $macsta), $essid, unpack ("H*", $anonce), unpack ("H*", $eapol), unpack ("H*", $extra)); + } + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my @data = split (':', $line); + + return unless scalar @data == 10; + + my ($signature, $type, undef, $macap, $macsta, $essid, $anonce, $eapol, $extra, $word) = @data; + + return unless ($signature eq "WPA"); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, undef, $type, $macap, $macsta, $essid, $anonce, $eapol, $extra); + + return ($new_hash, $word); +} + +sub gen_random_wpa_eapol +{ + my $keyver = shift; + my $snonce = shift; + + my $ret = ""; + + # version + + my $version = 1; # 802.1X-2001 + + $ret .= pack ("C*", $version); + + my $type = 3; # means that this EAPOL frame is used to transfer key information + + $ret .= pack ("C*", $type); + + my $length; # length of remaining data + + if ($keyver == 1) + { + $length = 119; + } + else + { + $length = 117; + } + + $ret .= pack ("n*", $length); + + my $descriptor_type; + + if ($keyver == 1) + { + $descriptor_type = 254; # EAPOL WPA key + } + else + { + $descriptor_type = 1; # EAPOL RSN key + } + + $ret .= pack ("C*", $descriptor_type); + + # key_info is a bit vector: + # generated from these 13 bits: encrypted key data, request, error, secure, key mic, key ack, install, key index (2), key type, key descriptor (3) + + my $key_info = 0; + + $key_info |= 1 << 8; # set key MIC + $key_info |= 1 << 3; # set if it is a pairwise key + + if ($keyver == 1) + { + $key_info |= 1; # RC4 Cipher, HMAC-MD5 MIC + } + elsif ($keyver == 2) + { + $key_info |= 2; # AES Cipher, HMAC-SHA1 MIC + } + elsif ($keyver == 3) + { + $key_info |= 3; # AES-CMAC + } + + $ret .= pack ("n*", $key_info); + + my $key_length; + + if ($keyver == 1) + { + $key_length = 32; + } + else + { + $key_length = 0; + } + + $ret .= pack ("n*", $key_length); + + my $replay_counter = 1; + + $ret .= pack ("Q>*", $replay_counter); + + $ret .= $snonce; + + my $key_iv = "\x00" x 16; + + $ret .= $key_iv; + + my $key_rsc = "\x00" x 8; + + $ret .= $key_rsc; + + my $key_id = "\x00" x 8; + + $ret .= $key_id; + + my $key_mic = "\x00" x 16; + + $ret .= $key_mic; + + my $key_data_len; + + if ($keyver == 1) + { + $key_data_len = 24; # length of the key_data (== WPA info) + } + else + { + $key_data_len = 22; # length of the key_data (== RSN info) + } + + $ret .= pack ("n*", $key_data_len); + + my $key_data = ""; + + if ($keyver == 1) + { + # wpa info + + my $wpa_info = ""; + + my $vendor_specific_data = ""; + + my $tag_number = 221; # means it is a vendor specific tag + + $vendor_specific_data .= pack ("C*", $tag_number); + + my $tag_len = 22; # length of the remaining "tag data" + + $vendor_specific_data .= pack ("C*", $tag_len); + + my $vendor_specific_oui = pack ("H*", "0050f2"); # microsoft + + $vendor_specific_data .= $vendor_specific_oui; + + my $vendor_specific_oui_type = 1; # WPA Information Element + + $vendor_specific_data .= pack ("C*", $vendor_specific_oui_type); + + my $vendor_specific_wpa_version = 1; + + $vendor_specific_data .= pack ("v*", $vendor_specific_wpa_version); + + # multicast + + my $vendor_specific_multicast_oui = pack ("H*", "0050f2"); + + $vendor_specific_data .= $vendor_specific_multicast_oui; + + my $vendor_specific_multicast_type = 2; # TKIP + + $vendor_specific_data .= pack ("C*", $vendor_specific_multicast_type); + + # unicast + + my $vendor_specific_unicast_count = 1; + + $vendor_specific_data .= pack ("v*", $vendor_specific_unicast_count); + + my $vendor_specific_unicast_oui = pack ("H*", "0050f2"); + + $vendor_specific_data .= $vendor_specific_unicast_oui; + + my $vendor_specific_unicast_type = 2; # TKIP + + $vendor_specific_data .= pack ("C*", $vendor_specific_unicast_type); + + # Auth Key Management (AKM) + + my $auth_key_management_count = 1; + + $vendor_specific_data .= pack ("v*", $auth_key_management_count); + + my $auth_key_management_oui = pack ("H*", "0050f2"); + + $vendor_specific_data .= $auth_key_management_oui; + + my $auth_key_management_type = 2; # Pre-Shared Key (PSK) + + $vendor_specific_data .= pack ("C*", $auth_key_management_type); + + $wpa_info = $vendor_specific_data; + + $key_data = $wpa_info; + } + else + { + # rsn info + + my $rsn_info = ""; + + my $tag_number = 48; # RSN info + + $rsn_info .= pack ("C*", $tag_number); + + my $tag_len = 20; # length of the remaining "tag_data" + + $rsn_info .= pack ("C*", $tag_len); + + my $rsn_version = 1; + + $rsn_info .= pack ("v*", $rsn_version); + + # group cipher suite + + my $group_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021 + + $rsn_info .= $group_cipher_suite_oui; + + my $group_cipher_suite_type = 4; # AES (CCM) + + $rsn_info .= pack ("C*", $group_cipher_suite_type); + + # pairwise cipher suite + + my $pairwise_cipher_suite_count = 1; + + $rsn_info .= pack ("v*", $pairwise_cipher_suite_count); + + my $pairwise_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021 + + $rsn_info .= $pairwise_cipher_suite_oui; + + my $pairwise_cipher_suite_type = 4; # AES (CCM) + + $rsn_info .= pack ("C*", $pairwise_cipher_suite_type); + + # Auth Key Management (AKM) + + my $auth_key_management_count = 1; + + $rsn_info .= pack ("v*", $auth_key_management_count); + + my $auth_key_management_oui = pack ("H*", "000fac"); # Ieee8021 + + $rsn_info .= $auth_key_management_oui; + + my $auth_key_management_type = 2; # Pre-Shared Key (PSK) + + $rsn_info .= pack ("C*", $auth_key_management_type); + + # RSN Capabilities + + # bit vector of these 9 bits: peerkey enabled, management frame protection (MFP) capable, MFP required, + # RSN GTKSA Capabilities (2), RSN PTKSA Capabilities (2), no pairwise Capabilities, Pre-Auth Capabilities + + my $rsn_capabilities = pack ("H*", "0000"); + + $rsn_info .= $rsn_capabilities; + + $key_data = $rsn_info; + } + + $ret .= $key_data; + + return $ret; +} + +sub wpa_prf_512 +{ + my $keyver = shift; + my $pmk = shift; + my $macsta = shift; + my $macap = shift; + my $snonce = shift; + my $anonce = shift; + + my $data = "Pairwise key expansion"; + + if (($keyver == 1) || ($keyver == 2)) + { + $data .= "\x00"; + } + + # + # Min(AA, SPA) || Max(AA, SPA) + # + + # compare if greater: Min()/Max() on the MACs (6 bytes) + + if (memcmp ($macsta, $macap, 6) < 0) + { + $data .= $macsta; + $data .= $macap; + } + else + { + $data .= $macap; + $data .= $macsta; + } + + # + # Min(ANonce,SNonce) || Max(ANonce,SNonce) + # + + # compare if greater: Min()/Max() on the nonces (32 bytes) + + if (memcmp ($snonce, $anonce, 32) < 0) + { + $data .= $snonce; + $data .= $anonce; + } + else + { + $data .= $anonce; + $data .= $snonce; + } + + my $prf_buf; + + if (($keyver == 1) || ($keyver == 2)) + { + $data .= "\x00"; + + $prf_buf = hmac ($data, $pmk, \&sha1); + } + else + { + my $data3 = "\x01\x00" . $data . "\x80\x01"; + + $prf_buf = hmac ($data3, $pmk, \&sha256); + } + + $prf_buf = substr ($prf_buf, 0, 16); + + return $prf_buf; +} + +sub memcmp +{ + my $str1 = shift; + my $str2 = shift; + my $len = shift; + + my $len_str1 = length ($str1); + my $len_str2 = length ($str2); + + if (($len > $len_str1) || ($len > $len_str2)) + { + print "ERROR: memcmp () lengths wrong"; + + exit (1); + } + + for (my $i = 0; $i < $len; $i++) + { + my $c_1 = ord (substr ($str1, $i, 1)); + my $c_2 = ord (substr ($str2, $i, 1)); + + return -1 if ($c_1 < $c_2); + return 1 if ($c_1 > $c_2); + } + + return 0; +} + +1; From 784eeb257b97b74c6a1143332bb00dc64b7c7474 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 16 Dec 2019 12:47:48 +0100 Subject: [PATCH 087/300] Make use of message_pair and set default for nonce_error_corrections in -m 22000 --- OpenCL/m22000-pure.cl | 17 ++- src/modules/module_22000.c | 222 ++++++++++++++++++++--------------- tools/test_modules/m22000.pm | 14 +-- 3 files changed, 144 insertions(+), 109 deletions(-) diff --git a/OpenCL/m22000-pure.cl b/OpenCL/m22000-pure.cl index 98bc1d6ee..a00fd0112 100644 --- a/OpenCL/m22000-pure.cl +++ b/OpenCL/m22000-pure.cl @@ -42,13 +42,13 @@ typedef struct wpa_pbkdf2_tmp typedef struct wpa { - u8 orig_mac_ap[6]; - u8 orig_mac_sta[6]; - u8 essid_len; u32 essid_buf[16]; + u32 essid_len; - u8 type; // 1 = PMKID, 2 = EAPOL - u8 extra; + u32 mac_ap[2]; + u32 mac_sta[2]; + + u32 type; // 1 = PMKID, 2 = EAPOL // PMKID specific @@ -60,15 +60,14 @@ typedef struct wpa u32 keymic[4]; u32 anonce[8]; - u8 keyver; + u32 keyver; u32 eapol[64 + 16]; - u16 eapol_len; + u32 eapol_len; u32 pke[32]; - u8 message_pair; - int message_pair_chgd; + u32 message_pair; int nonce_compare; int nonce_error_corrections; int detected_le; diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c index cbcc86de6..c19fcc14c 100644 --- a/src/modules/module_22000.c +++ b/src/modules/module_22000.c @@ -204,6 +204,9 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c tmp_buf[tmp_len] = 0; + const u8 *mac_ap = (const u8 *) wpa->mac_ap; + const u8 *mac_sta = (const u8 *) wpa->mac_sta; + if (wpa->type == 1) { const int len = hc_asprintf (buf, "WPA:01:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:::" EOL, @@ -211,18 +214,18 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c byte_swap_32 (wpa->pmkid[1]), byte_swap_32 (wpa->pmkid[2]), byte_swap_32 (wpa->pmkid[3]), - wpa->orig_mac_ap[0], - wpa->orig_mac_ap[1], - wpa->orig_mac_ap[2], - wpa->orig_mac_ap[3], - wpa->orig_mac_ap[4], - wpa->orig_mac_ap[5], - wpa->orig_mac_sta[0], - wpa->orig_mac_sta[1], - wpa->orig_mac_sta[2], - wpa->orig_mac_sta[3], - wpa->orig_mac_sta[4], - wpa->orig_mac_sta[5], + mac_ap[0], + mac_ap[1], + mac_ap[2], + mac_ap[3], + mac_ap[4], + mac_ap[5], + mac_sta[0], + mac_sta[1], + mac_sta[2], + mac_sta[3], + mac_sta[4], + mac_sta[5], tmp_buf); return len; @@ -255,18 +258,18 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c wpa->keymic[1], wpa->keymic[2], wpa->keymic[3], - wpa->orig_mac_ap[0], - wpa->orig_mac_ap[1], - wpa->orig_mac_ap[2], - wpa->orig_mac_ap[3], - wpa->orig_mac_ap[4], - wpa->orig_mac_ap[5], - wpa->orig_mac_sta[0], - wpa->orig_mac_sta[1], - wpa->orig_mac_sta[2], - wpa->orig_mac_sta[3], - wpa->orig_mac_sta[4], - wpa->orig_mac_sta[5], + mac_ap[0], + mac_ap[1], + mac_ap[2], + mac_ap[3], + mac_ap[4], + mac_ap[5], + mac_sta[0], + mac_sta[1], + mac_sta[2], + mac_sta[3], + mac_sta[4], + mac_sta[5], tmp_buf, byte_swap_32 (wpa->anonce[0]), byte_swap_32 (wpa->anonce[1]), @@ -277,7 +280,7 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c byte_swap_32 (wpa->anonce[6]), byte_swap_32 (wpa->anonce[7]), tmp2_buf, - wpa->extra); + wpa->message_pair); return len; } @@ -493,25 +496,28 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // mac_ap + u8 *mac_ap = (u8 *) wpa->mac_ap; + u8 *mac_sta = (u8 *) wpa->mac_sta; + const u8 *macap_buf = token.buf[3]; - wpa->orig_mac_ap[0] = hex_to_u8 (macap_buf + 0); - wpa->orig_mac_ap[1] = hex_to_u8 (macap_buf + 2); - wpa->orig_mac_ap[2] = hex_to_u8 (macap_buf + 4); - wpa->orig_mac_ap[3] = hex_to_u8 (macap_buf + 6); - wpa->orig_mac_ap[4] = hex_to_u8 (macap_buf + 8); - wpa->orig_mac_ap[5] = hex_to_u8 (macap_buf + 10); + mac_ap[0] = hex_to_u8 (macap_buf + 0); + mac_ap[1] = hex_to_u8 (macap_buf + 2); + mac_ap[2] = hex_to_u8 (macap_buf + 4); + mac_ap[3] = hex_to_u8 (macap_buf + 6); + mac_ap[4] = hex_to_u8 (macap_buf + 8); + mac_ap[5] = hex_to_u8 (macap_buf + 10); // mac_sta const u8 *macsta_buf = token.buf[4]; - wpa->orig_mac_sta[0] = hex_to_u8 (macsta_buf + 0); - wpa->orig_mac_sta[1] = hex_to_u8 (macsta_buf + 2); - wpa->orig_mac_sta[2] = hex_to_u8 (macsta_buf + 4); - wpa->orig_mac_sta[3] = hex_to_u8 (macsta_buf + 6); - wpa->orig_mac_sta[4] = hex_to_u8 (macsta_buf + 8); - wpa->orig_mac_sta[5] = hex_to_u8 (macsta_buf + 10); + mac_sta[0] = hex_to_u8 (macsta_buf + 0); + mac_sta[1] = hex_to_u8 (macsta_buf + 2); + mac_sta[2] = hex_to_u8 (macsta_buf + 4); + mac_sta[3] = hex_to_u8 (macsta_buf + 6); + mac_sta[4] = hex_to_u8 (macsta_buf + 8); + mac_sta[5] = hex_to_u8 (macsta_buf + 10); // essid @@ -557,18 +563,18 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE wpa->pmkid_data[0] = 0x204b4d50; // "PMK " wpa->pmkid_data[1] = 0x656d614e; // "Name" - wpa->pmkid_data[2] = (wpa->orig_mac_ap[0] << 0) - | (wpa->orig_mac_ap[1] << 8) - | (wpa->orig_mac_ap[2] << 16) - | (wpa->orig_mac_ap[3] << 24); - wpa->pmkid_data[3] = (wpa->orig_mac_ap[4] << 0) - | (wpa->orig_mac_ap[5] << 8) - | (wpa->orig_mac_sta[0] << 16) - | (wpa->orig_mac_sta[1] << 24); - wpa->pmkid_data[4] = (wpa->orig_mac_sta[2] << 0) - | (wpa->orig_mac_sta[3] << 8) - | (wpa->orig_mac_sta[4] << 16) - | (wpa->orig_mac_sta[5] << 24); + wpa->pmkid_data[2] = (mac_ap[0] << 0) + | (mac_ap[1] << 8) + | (mac_ap[2] << 16) + | (mac_ap[3] << 24); + wpa->pmkid_data[3] = (mac_ap[4] << 0) + | (mac_ap[5] << 8) + | (mac_sta[0] << 16) + | (mac_sta[1] << 24); + wpa->pmkid_data[4] = (mac_sta[2] << 0) + | (mac_sta[3] << 8) + | (mac_sta[4] << 16) + | (mac_sta[5] << 24); // hash @@ -638,15 +644,15 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE { memcpy (pke_ptr, "Pairwise key expansion\x00", 23); - if (memcmp (wpa->orig_mac_ap, wpa->orig_mac_sta, 6) < 0) + if (memcmp (mac_ap, mac_sta, 6) < 0) { - memcpy (pke_ptr + 23, wpa->orig_mac_ap, 6); - memcpy (pke_ptr + 29, wpa->orig_mac_sta, 6); + memcpy (pke_ptr + 23, mac_ap, 6); + memcpy (pke_ptr + 29, mac_sta, 6); } else { - memcpy (pke_ptr + 23, wpa->orig_mac_sta, 6); - memcpy (pke_ptr + 29, wpa->orig_mac_ap, 6); + memcpy (pke_ptr + 23, mac_sta, 6); + memcpy (pke_ptr + 29, mac_ap, 6); } wpa->nonce_compare = memcmp (wpa->anonce, auth_packet->wpa_key_nonce, 32); @@ -669,15 +675,15 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE memcpy (pke_ptr + 2, "Pairwise key expansion", 22); - if (memcmp (wpa->orig_mac_ap, wpa->orig_mac_sta, 6) < 0) + if (memcmp (mac_ap, mac_sta, 6) < 0) { - memcpy (pke_ptr + 24, wpa->orig_mac_ap, 6); - memcpy (pke_ptr + 30, wpa->orig_mac_sta, 6); + memcpy (pke_ptr + 24, mac_ap, 6); + memcpy (pke_ptr + 30, mac_sta, 6); } else { - memcpy (pke_ptr + 24, wpa->orig_mac_sta, 6); - memcpy (pke_ptr + 30, wpa->orig_mac_ap, 6); + memcpy (pke_ptr + 24, mac_sta, 6); + memcpy (pke_ptr + 30, mac_ap, 6); } wpa->nonce_compare = memcmp (wpa->anonce, auth_packet->wpa_key_nonce, 32); @@ -715,19 +721,45 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE eapol_ptr[wpa->eapol_len] = 0x80; } - // extra + // message_pair const u8 *extra_pos = token.buf[8]; - wpa->extra = hex_to_u8 (extra_pos); + wpa->message_pair = hex_to_u8 (extra_pos); - // todo stuff + if (wpa->message_pair & (1 << 4)) + { + // ap-less attack detected, nc not needed - wpa->message_pair = wpa->extra; - wpa->message_pair_chgd = 0; - wpa->nonce_error_corrections = 0; - wpa->detected_le = 0; - wpa->detected_be = 0; + wpa->nonce_error_corrections = 0; + } + else + { + if (wpa->message_pair & (1 << 7)) + { + // replaycount not checked, nc needed + + wpa->nonce_error_corrections = NONCE_ERROR_CORRECTIONS; + } + else + { + wpa->nonce_error_corrections = 0; + } + } + + wpa->detected_le = 1; + wpa->detected_be = 1; + + if (wpa->message_pair & (1 << 5)) + { + wpa->detected_le = 1; + wpa->detected_be = 0; + } + else if (wpa->message_pair & (1 << 6)) + { + wpa->detected_le = 0; + wpa->detected_be = 1; + } // mic @@ -788,8 +820,9 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE md5_transform (block + 0, block + 4, block + 8, block + 12, hash); - memcpy (block_ptr + 0, wpa->orig_mac_ap, 6); - memcpy (block_ptr + 6, wpa->orig_mac_sta, 6); + for (int i = 0; i < 2; i++) block[0 + i] = wpa->mac_ap[i]; + for (int i = 0; i < 2; i++) block[2 + i] = wpa->mac_ap[i]; + for (int i = 0; i < 12; i++) block[4 + i] = 0; md5_transform (block + 0, block + 4, block + 8, block + 12, hash); @@ -822,6 +855,9 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE int line_len = 0; + const u8 *mac_ap = (const u8 *) wpa->mac_ap; + const u8 *mac_sta = (const u8 *) wpa->mac_sta; + if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, ':', 0) == true) { char tmp_buf[128]; @@ -843,35 +879,35 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE tmp_buf[tmp_len++] = 0; line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", - wpa->orig_mac_ap[0], - wpa->orig_mac_ap[1], - wpa->orig_mac_ap[2], - wpa->orig_mac_ap[3], - wpa->orig_mac_ap[4], - wpa->orig_mac_ap[5], - wpa->orig_mac_sta[0], - wpa->orig_mac_sta[1], - wpa->orig_mac_sta[2], - wpa->orig_mac_sta[3], - wpa->orig_mac_sta[4], - wpa->orig_mac_sta[5], + mac_ap[0], + mac_ap[1], + mac_ap[2], + mac_ap[3], + mac_ap[4], + mac_ap[5], + mac_sta[0], + mac_sta[1], + mac_sta[2], + mac_sta[3], + mac_sta[4], + mac_sta[5], tmp_buf); } else { line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", - wpa->orig_mac_ap[0], - wpa->orig_mac_ap[1], - wpa->orig_mac_ap[2], - wpa->orig_mac_ap[3], - wpa->orig_mac_ap[4], - wpa->orig_mac_ap[5], - wpa->orig_mac_sta[0], - wpa->orig_mac_sta[1], - wpa->orig_mac_sta[2], - wpa->orig_mac_sta[3], - wpa->orig_mac_sta[4], - wpa->orig_mac_sta[5], + mac_ap[0], + mac_ap[1], + mac_ap[2], + mac_ap[3], + mac_ap[4], + mac_ap[5], + mac_sta[0], + mac_sta[1], + mac_sta[2], + mac_sta[3], + mac_sta[4], + mac_sta[5], (const char *) wpa->essid_buf); } diff --git a/tools/test_modules/m22000.pm b/tools/test_modules/m22000.pm index d9eb66c9a..df9da139f 100644 --- a/tools/test_modules/m22000.pm +++ b/tools/test_modules/m22000.pm @@ -27,7 +27,7 @@ sub module_generate_hash my $essid = shift; my $anonce = shift; my $eapol = shift; - my $extra = shift; + my $mp = shift; my $hash; @@ -88,13 +88,13 @@ sub module_generate_hash $macsta = pack ("H*", $macsta); } - if (!defined ($extra)) + if (!defined ($mp)) { - $extra = "\x00"; + $mp = "\x00"; } else { - $extra = pack ("H*", $extra); + $mp = pack ("H*", $mp); } my $keyver; @@ -172,7 +172,7 @@ sub module_generate_hash $mic = substr ($mic, 0, 16); - $hash = sprintf ("WPA:%02x:%s:%s:%s:%s:%s:%s:%s", $type, unpack ("H*", $mic), unpack ("H*", $macap), unpack ("H*", $macsta), $essid, unpack ("H*", $anonce), unpack ("H*", $eapol), unpack ("H*", $extra)); + $hash = sprintf ("WPA:%02x:%s:%s:%s:%s:%s:%s:%s", $type, unpack ("H*", $mic), unpack ("H*", $macap), unpack ("H*", $macsta), $essid, unpack ("H*", $anonce), unpack ("H*", $eapol), unpack ("H*", $mp)); } return $hash; @@ -186,13 +186,13 @@ sub module_verify_hash return unless scalar @data == 10; - my ($signature, $type, undef, $macap, $macsta, $essid, $anonce, $eapol, $extra, $word) = @data; + my ($signature, $type, undef, $macap, $macsta, $essid, $anonce, $eapol, $mp, $word) = @data; return unless ($signature eq "WPA"); my $word_packed = pack_if_HEX_notation ($word); - my $new_hash = module_generate_hash ($word_packed, undef, $type, $macap, $macsta, $essid, $anonce, $eapol, $extra); + my $new_hash = module_generate_hash ($word_packed, undef, $type, $macap, $macsta, $essid, $anonce, $eapol, $mp); return ($new_hash, $word); } From f2aedd3741a0679ef92a8f2ecaa162b3d95abda4 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 16 Dec 2019 19:35:00 +0100 Subject: [PATCH 088/300] Add support to load hashes for hash-mode 2500 and 16800 format from hash-mode 22000 --- OpenCL/m22000-pure.cl | 6 +- docs/changes.txt | 1 + src/modules/module_22000.c | 365 +++++++++++++++++++++++++++++++++++-- 3 files changed, 356 insertions(+), 16 deletions(-) diff --git a/OpenCL/m22000-pure.cl b/OpenCL/m22000-pure.cl index a00fd0112..954f62ce3 100644 --- a/OpenCL/m22000-pure.cl +++ b/OpenCL/m22000-pure.cl @@ -67,9 +67,13 @@ typedef struct wpa u32 pke[32]; + int message_pair_chgd; u32 message_pair; - int nonce_compare; + + int nonce_error_corrections_chgd; int nonce_error_corrections; + + int nonce_compare; int detected_le; int detected_be; diff --git a/docs/changes.txt b/docs/changes.txt index 21b46601d..f02d1c2d7 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -55,6 +55,7 @@ - Added hash-mode: sha256(sha256_bin(pass)) - Added hash-mode: sha256(sha256($pass).$salt) - Added hash-mode: Web2py pbkdf2-sha512 +- Added hash-mode: WPA-PBKDF2-PMKID+EAPOL ## ## Bugs diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c index c19fcc14c..2fc25c275 100644 --- a/src/modules/module_22000.c +++ b/src/modules/module_22000.c @@ -34,6 +34,7 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_AUX2 | OPTS_TYPE_AUX3 | OPTS_TYPE_AUX4 + | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_DEEP_COMP_KERNEL | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; @@ -57,6 +58,9 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, static const u32 ROUNDS_WPA_PBKDF2 = 4096; +// this is required to force mingw to accept the packed attribute +#pragma pack(push,1) + struct auth_packet { u8 version; @@ -75,8 +79,38 @@ struct auth_packet } __attribute__((packed)); +#pragma pack(pop) + typedef struct auth_packet auth_packet_t; +#define HCCAPX_VERSION 4 +#define HCCAPX_SIGNATURE 0x58504348 // HCPX + +// this is required to force mingw to accept the packed attribute +#pragma pack(push,1) + +struct hccapx +{ + u32 signature; + u32 version; + u8 message_pair; + u8 essid_len; + u8 essid[32]; + u8 keyver; + u8 keymic[16]; + u8 mac_ap[6]; + u8 nonce_ap[32]; + u8 mac_sta[6]; + u8 nonce_sta[32]; + u16 eapol_len; + u8 eapol[256]; + +} __attribute__((packed)); + +typedef struct hccapx hccapx_t; + +#pragma pack(pop) + const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const char *mask = "?a?a?a?a?a?a?a?a"; @@ -98,6 +132,158 @@ u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED return esalt_size; } +static bool is_hccapx (HCFILE *fp) +{ + hccapx_t hccapx; + + const size_t nread = hc_fread (&hccapx, sizeof (hccapx_t), 1, fp); + + if (nread == 1) + { + if (hccapx.signature == HCCAPX_SIGNATURE) + { + return true; + } + } + + return false; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, hashconfig->st_hash, strlen (hashconfig->st_hash)); + + wpa_t *wpa = (wpa_t *) hash->esalt; + + wpa->detected_le = 1; + wpa->detected_be = 0; + + wpa->nonce_error_corrections = 3; + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + hash_t *hashes_buf = hashes->hashes_buf; + + int hashes_cnt = 0; + + HCFILE fp; + + if (hc_fopen (&fp, hashes->hashfile, "rb") == false) return -1; + + const bool r = is_hccapx (&fp); + + hc_rewind (&fp); + + if (r == true) + { + char *in = (char *) hcmalloc (sizeof (hccapx_t)); + + while (!hc_feof (&fp)) + { + const size_t nread = hc_fread (in, sizeof (hccapx_t), 1, &fp); + + if (nread == 0) break; + + memset (hashes_buf[hashes_cnt].salt, 0, sizeof (salt_t)); + + memset (hashes_buf[hashes_cnt].esalt, 0, sizeof (wpa_t)); + + wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt; + + wpa->message_pair_chgd = user_options->hccapx_message_pair_chgd; + wpa->message_pair = user_options->hccapx_message_pair; + + wpa->nonce_error_corrections_chgd = user_options->nonce_error_corrections_chgd; + wpa->nonce_error_corrections = user_options->nonce_error_corrections; + + hash_t *hash = &hashes_buf[hashes_cnt]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, sizeof (hccapx_t)); + + if (parser_status != PARSER_OK) continue; + + hashes_cnt++; + } + + hcfree (in); + } + else + { + char *line_buf = (char *) hcmalloc (HCBUFSIZ_LARGE); + + while (!hc_feof (&fp)) + { + const size_t line_len = fgetl (&fp, line_buf, HCBUFSIZ_LARGE); + + if (line_len == 0) continue; + + memset (hashes_buf[hashes_cnt].salt, 0, sizeof (salt_t)); + + memset (hashes_buf[hashes_cnt].esalt, 0, sizeof (wpa_t)); + + wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt; + + wpa->message_pair_chgd = user_options->hccapx_message_pair_chgd; + wpa->message_pair = user_options->hccapx_message_pair; + + wpa->nonce_error_corrections_chgd = user_options->nonce_error_corrections_chgd; + wpa->nonce_error_corrections = user_options->nonce_error_corrections; + + hash_t *hash = &hashes_buf[hashes_cnt]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, line_buf, line_len); + + if (parser_status != PARSER_OK) continue; + + hashes_cnt++; + } + + hcfree (line_buf); + } + + hc_fclose (&fp); + + return hashes_cnt; +} + +int module_hash_binary_count (MAYBE_UNUSED const hashes_t *hashes) +{ + // this mode actually works on a plaintext file + // but to stay in a .hccapx backward compatibility mode we have to tell the module + // the file is in binary. + // we then have to iterated through the file ourself + + HCFILE fp; + + if (hc_fopen (&fp, hashes->hashfile, "rb") == false) return -1; + + const bool r = is_hccapx (&fp); + + hc_rewind (&fp); + + int count = 0; + + if (r == true) + { + struct stat st; + + stat (hashes->hashfile, &st); + + count = st.st_size / sizeof (hccapx_t); + } + else + { + count = count_lines (&fp); + } + + hc_fclose (&fp); + + return count; +} + bool module_hlfmt_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool hlfmt_disable = true; @@ -209,7 +395,7 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c if (wpa->type == 1) { - const int len = hc_asprintf (buf, "WPA:01:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:::" EOL, + const int len = hc_asprintf (buf, "WPA:01:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:::", byte_swap_32 (wpa->pmkid[0]), byte_swap_32 (wpa->pmkid[1]), byte_swap_32 (wpa->pmkid[2]), @@ -427,6 +613,133 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE wpa_t *wpa = (wpa_t *) esalt_buf; + char *input_buf = (char *) line_buf; + int input_len = line_len; + + // start old pmkid/hccapx compatibility parsing + // idea is to find out if parsing succeeds and in this case to build a + // valid 22000 hash line and replace line_buf pointer + + char tmp_buf[1024]; + int tmp_len; + + // hccapx parser + + if (line_len == sizeof (hccapx_t)) + { + hccapx_t *hccapx = (hccapx_t *) line_buf; + + if ((hccapx->signature == HCCAPX_SIGNATURE) && (hccapx->version == HCCAPX_VERSION)) + { + tmp_len = 0; + + tmp_len += snprintf (tmp_buf, sizeof (tmp_buf) - tmp_len, "WPA:02:"); + + tmp_len += hex_encode ((const u8 *) hccapx->keymic, 16, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = ':'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) hccapx->mac_ap, 6, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = ':'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) hccapx->mac_sta, 6, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = ':'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) hccapx->essid, hccapx->essid_len, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = ':'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) hccapx->nonce_ap, 32, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = ':'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) hccapx->eapol, hccapx->eapol_len, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = ':'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) &hccapx->message_pair, 1, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = 0; + + input_buf = tmp_buf; + input_len = tmp_len; + } + } + + // pmkid parser + + if (1) + { + // detect super-old/old format + + int old_sep = 0; + int new_sep = 0; + + for (int i = 0; i < line_len; i++) + { + const char c = line_buf[i]; + + if (c == '*') old_sep++; + if (c == ':') new_sep++; + } + + const u8 sep = (new_sep > old_sep) ? ':' : '*'; + + // start normal parsing + + token_t token; + + token.token_cnt = 4; + + token.sep[0] = sep; + token.len_min[0] = 32; + token.len_max[0] = 32; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[1] = sep; + token.len_min[1] = 12; + token.len_max[1] = 12; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[2] = sep; + token.len_min[2] = 12; + token.len_max[2] = 12; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = sep; + token.len_min[3] = 0; + token.len_max[3] = 64; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer == PARSER_OK) + { + tmp_len = snprintf (tmp_buf, sizeof (tmp_buf), "WPA:01:%s:::", line_buf); + + input_buf = tmp_buf; + input_len = tmp_len; + } + } + // start normal parsing token_t token; @@ -490,7 +803,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + const int rc_tokenizer = input_tokenizer ((const u8 *) input_buf, input_len, &token); if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); @@ -723,30 +1036,52 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // message_pair - const u8 *extra_pos = token.buf[8]; + const u8 *message_pair_pos = token.buf[8]; - wpa->message_pair = hex_to_u8 (extra_pos); + const u8 message_pair = hex_to_u8 (message_pair_pos); - if (wpa->message_pair & (1 << 4)) + if (wpa->message_pair_chgd == true) { - // ap-less attack detected, nc not needed + // we can filter some message types here - wpa->nonce_error_corrections = 0; + if (wpa->message_pair != (message_pair & 0x7f)) return (PARSER_HCCAPX_MESSAGE_PAIR); } else { - if (wpa->message_pair & (1 << 7)) - { - // replaycount not checked, nc needed + wpa->message_pair = message_pair; + } - wpa->nonce_error_corrections = NONCE_ERROR_CORRECTIONS; + if (wpa->nonce_error_corrections_chgd == true) + { + // value was set in module_hash_binary_parse() + } + else + { + if (wpa->message_pair & (1 << 4)) + { + // ap-less attack detected, nc not needed + + wpa->nonce_error_corrections = 0; } else { - wpa->nonce_error_corrections = 0; + if (wpa->message_pair & (1 << 7)) + { + // replaycount not checked, nc needed + } + else + { + wpa->nonce_error_corrections = 0; + } } } + // now some optimization related to replay counter endianess + // hcxtools has techniques to detect them + // since we can not guarantee to get our handshakes from hcxtools we enable both by default + // this means that we check both even if both are not set! + // however if one of them is set, we can assume that the endianess has been checked and the other one is not needed + wpa->detected_le = 1; wpa->detected_be = 1; @@ -936,8 +1271,8 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_extra_buffer_size = MODULE_DEFAULT; module_ctx->module_extra_tmp_size = MODULE_DEFAULT; module_ctx->module_forced_outfile_format = MODULE_DEFAULT; - module_ctx->module_hash_binary_count = MODULE_DEFAULT; - module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = module_hash_binary_count; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; module_ctx->module_hash_binary_save = module_hash_binary_save; module_ctx->module_hash_decode_potfile = module_hash_decode_potfile; module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; @@ -945,7 +1280,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hash_encode_status = MODULE_DEFAULT; module_ctx->module_hash_encode_potfile = module_hash_encode_potfile; module_ctx->module_hash_encode = module_hash_encode; - module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; module_ctx->module_hash_mode = MODULE_DEFAULT; module_ctx->module_hash_category = module_hash_category; module_ctx->module_hash_name = module_hash_name; From be38eefdadfb054f15ccdd67ec96752b16be4807 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 17 Dec 2019 16:01:57 +0100 Subject: [PATCH 089/300] Do not expect hashes encoded in base64 for -m 22000 in test.sh --- tools/test.sh | 80 +++++++++++++++++++++++++++++------- tools/test_modules/m22000.pm | 1 - 2 files changed, 65 insertions(+), 16 deletions(-) diff --git a/tools/test.sh b/tools/test.sh index d610304d8..16d7a111d 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -473,7 +473,13 @@ function attack_0() if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" - echo "${hash}" | base64 -d > "${temp_file}" + + if [ "${hash_type}" -ne 22000 ]; then + echo "${hash}" | base64 -d > "${temp_file}" + else + echo "${hash}" > "${temp_file}" + fi + hash="${temp_file}" fi @@ -557,9 +563,13 @@ function attack_0() hash_file=${temp_file} - while read -r base64_hash; do + while read -r file_only_hash; do - echo -n "${base64_hash}" | base64 -d >> "${temp_file}" + if [ "${hash_type}" -ne 22000 ]; then + echo -n "${file_only_hash}" | base64 -d >> "${temp_file}" + else + echo "${file_only_hash}" >> "${temp_file}" + fi done < "${OUTD}/${hash_type}_hashes.txt" @@ -661,7 +671,13 @@ function attack_1() if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" - echo "${hash}" | base64 -d > "${temp_file}" + + if [ "${hash_type}" -ne 22000 ]; then + echo "${hash}" | base64 -d > "${temp_file}" + else + echo "${hash}" > "${temp_file}" + fi + hash="${temp_file}" fi @@ -819,9 +835,13 @@ function attack_1() hash_file=${temp_file} - while read -r base64_hash; do + while read -r file_only_hash; do - echo -n "${base64_hash}" | base64 -d >> "${temp_file}" + if [ "${hash_type}" -ne 22000 ]; then + echo -n "${file_only_hash}" | base64 -d >> "${temp_file}" + else + echo "${file_only_hash}" >> "${temp_file}" + fi done < "${OUTD}/${hash_type}_multihash_combi.txt" @@ -950,7 +970,13 @@ function attack_3() if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" - echo "${hash}" | base64 -d > "${temp_file}" + + if [ "${hash_type}" -ne 22000 ]; then + echo "${hash}" | base64 -d > "${temp_file}" + else + echo "${hash}" > "${temp_file}" + fi + hash="${temp_file}" fi @@ -1114,9 +1140,13 @@ function attack_3() hash_file=${temp_file} - while read -r base64_hash; do + while read -r file_only_hash; do - echo -n "${base64_hash}" | base64 -d >> "${temp_file}" + if [ "${hash_type}" -ne 22000 ]; then + echo -n "${file_only_hash}" | base64 -d >> "${temp_file}" + else + echo "${file_only_hash}" >> "${temp_file}" + fi done < "${OUTD}/${hash_type}_multihash_bruteforce.txt" @@ -1605,7 +1635,13 @@ function attack_6() if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" - echo "${hash}" | base64 -d > "${temp_file}" + + if [ "${hash_type}" -ne 22000 ]; then + echo "${hash}" | base64 -d > "${temp_file}" + else + echo "${hash}" > "${temp_file}" + fi + hash="${temp_file}" fi @@ -1795,9 +1831,13 @@ function attack_6() hash_file=${temp_file} - while read -r base64_hash; do + while read -r file_only_hash; do - echo -n "${base64_hash}" | base64 -d >> "${temp_file}" + if [ "${hash_type}" -ne 22000 ]; then + echo -n "${file_only_hash}" | base64 -d >> "${temp_file}" + else + echo "${file_only_hash}" >> "${temp_file}" + fi done < "${OUTD}/${hash_type}_hashes_multi_${i}.txt" @@ -1962,7 +2002,13 @@ function attack_7() if [ "${file_only}" -eq 1 ]; then temp_file="${OUTD}/${hash_type}_filebased_only_temp.txt" - echo "${hash}" | base64 -d > "${temp_file}" + + if [ "${hash_type}" -ne 22000 ]; then + echo "${hash}" | base64 -d > "${temp_file}" + else + echo "${hash}" > "${temp_file}" + fi + hash="${temp_file}" fi @@ -2215,9 +2261,13 @@ function attack_7() hash_file=${temp_file} - while read -r base64_hash; do + while read -r file_only_hash; do - echo -n "${base64_hash}" | base64 -d >> "${temp_file}" + if [ "${hash_type}" -ne 22000 ]; then + echo -n "${file_only_hash}" | base64 -d >> "${temp_file}" + else + echo "${file_only_hash}" >> "${temp_file}" + fi done < "${OUTD}/${hash_type}_hashes_multi_${i}.txt" diff --git a/tools/test_modules/m22000.pm b/tools/test_modules/m22000.pm index df9da139f..4339e2b11 100644 --- a/tools/test_modules/m22000.pm +++ b/tools/test_modules/m22000.pm @@ -13,7 +13,6 @@ use Digest::MD5 qw (md5); use Digest::SHA qw (sha1 sha256); use Digest::HMAC qw (hmac hmac_hex); use Digest::CMAC; -use MIME::Base64 qw (encode_base64); sub module_constraints { [[8, 63], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } From 161775b1b6544f8dc52b1f98d9e3955203236a68 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 19 Dec 2019 19:17:01 +0100 Subject: [PATCH 090/300] Switch separator character in -m 22000 from ':' to '*' --- src/modules/module_22000.c | 40 ++++++++++++++++++------------------ tools/test_modules/m22000.pm | 4 ++-- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c index 2fc25c275..47d5df2f3 100644 --- a/src/modules/module_22000.c +++ b/src/modules/module_22000.c @@ -39,7 +39,7 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat!"; -static const char *ST_HASH = "WPA:01:9d42bfc4ab79cf3a3a85761efd2a0cf0:e8e61d2bfe07:e21f445660bb:3c3429452aba22e9a7a6:::"; +static const char *ST_HASH = "WPA*01*9d42bfc4ab79cf3a3a85761efd2a0cf0*e8e61d2bfe07*e21f445660bb*3c3429452aba22e9a7a6***"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } @@ -395,7 +395,7 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c if (wpa->type == 1) { - const int len = hc_asprintf (buf, "WPA:01:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:::", + const int len = hc_asprintf (buf, "WPA*01*%08x%08x%08x%08x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%s***", byte_swap_32 (wpa->pmkid[0]), byte_swap_32 (wpa->pmkid[1]), byte_swap_32 (wpa->pmkid[2]), @@ -439,7 +439,7 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c tmp2_buf[tmp2_len] = 0; - const int len = hc_asprintf (buf, "WPA:02:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:%08x%08x%08x%08x%08x%08x%08x%08x:%s:%02x" EOL, + const int len = hc_asprintf (buf, "WPA*02*%08x%08x%08x%08x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%s*%08x%08x%08x%08x%08x%08x%08x%08x*%s*%02x" EOL, wpa->keymic[0], wpa->keymic[1], wpa->keymic[2], @@ -633,41 +633,41 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE { tmp_len = 0; - tmp_len += snprintf (tmp_buf, sizeof (tmp_buf) - tmp_len, "WPA:02:"); + tmp_len += snprintf (tmp_buf, sizeof (tmp_buf) - tmp_len, "WPA*02*"); tmp_len += hex_encode ((const u8 *) hccapx->keymic, 16, (u8 *) tmp_buf + tmp_len); - tmp_buf[tmp_len] = ':'; + tmp_buf[tmp_len] = '*'; tmp_len++; tmp_len += hex_encode ((const u8 *) hccapx->mac_ap, 6, (u8 *) tmp_buf + tmp_len); - tmp_buf[tmp_len] = ':'; + tmp_buf[tmp_len] = '*'; tmp_len++; tmp_len += hex_encode ((const u8 *) hccapx->mac_sta, 6, (u8 *) tmp_buf + tmp_len); - tmp_buf[tmp_len] = ':'; + tmp_buf[tmp_len] = '*'; tmp_len++; tmp_len += hex_encode ((const u8 *) hccapx->essid, hccapx->essid_len, (u8 *) tmp_buf + tmp_len); - tmp_buf[tmp_len] = ':'; + tmp_buf[tmp_len] = '*'; tmp_len++; tmp_len += hex_encode ((const u8 *) hccapx->nonce_ap, 32, (u8 *) tmp_buf + tmp_len); - tmp_buf[tmp_len] = ':'; + tmp_buf[tmp_len] = '*'; tmp_len++; tmp_len += hex_encode ((const u8 *) hccapx->eapol, hccapx->eapol_len, (u8 *) tmp_buf + tmp_len); - tmp_buf[tmp_len] = ':'; + tmp_buf[tmp_len] = '*'; tmp_len++; @@ -733,7 +733,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE if (rc_tokenizer == PARSER_OK) { - tmp_len = snprintf (tmp_buf, sizeof (tmp_buf), "WPA:01:%s:::", line_buf); + tmp_len = snprintf (tmp_buf, sizeof (tmp_buf), "WPA*01*%s***", line_buf); input_buf = tmp_buf; input_len = tmp_len; @@ -749,55 +749,55 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.signatures_cnt = 1; token.signatures_buf[0] = "WPA"; - token.sep[0] = ':'; + token.sep[0] = '*'; token.len_min[0] = 3; token.len_max[0] = 3; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_SIGNATURE; - token.sep[1] = ':'; + token.sep[1] = '*'; token.len_min[1] = 2; token.len_max[1] = 2; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - token.sep[2] = ':'; + token.sep[2] = '*'; token.len_min[2] = 32; token.len_max[2] = 32; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - token.sep[3] = ':'; + token.sep[3] = '*'; token.len_min[3] = 12; token.len_max[3] = 12; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - token.sep[4] = ':'; + token.sep[4] = '*'; token.len_min[4] = 12; token.len_max[4] = 12; token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - token.sep[5] = ':'; + token.sep[5] = '*'; token.len_min[5] = 0; token.len_max[5] = 64; token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - token.sep[6] = ':'; + token.sep[6] = '*'; token.len_min[6] = 0; token.len_max[6] = 64; token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - token.sep[7] = ':'; + token.sep[7] = '*'; token.len_min[7] = 0; token.len_max[7] = 512; token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - token.sep[8] = ':'; + token.sep[8] = '*'; token.len_min[8] = 0; token.len_max[8] = 2; token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH diff --git a/tools/test_modules/m22000.pm b/tools/test_modules/m22000.pm index 4339e2b11..06bcc2f46 100644 --- a/tools/test_modules/m22000.pm +++ b/tools/test_modules/m22000.pm @@ -65,7 +65,7 @@ sub module_generate_hash my $pmkid = hmac_hex ($data, $pmk, \&sha1); - $hash = sprintf ("WPA:%02x:%s:%s:%s:%s:::", $type, substr ($pmkid, 0, 32), $macap, $macsta, $essid); + $hash = sprintf ("WPA*%02x*%s*%s*%s*%s***", $type, substr ($pmkid, 0, 32), $macap, $macsta, $essid); } elsif ($type == 2) { @@ -171,7 +171,7 @@ sub module_generate_hash $mic = substr ($mic, 0, 16); - $hash = sprintf ("WPA:%02x:%s:%s:%s:%s:%s:%s:%s", $type, unpack ("H*", $mic), unpack ("H*", $macap), unpack ("H*", $macsta), $essid, unpack ("H*", $anonce), unpack ("H*", $eapol), unpack ("H*", $mp)); + $hash = sprintf ("WPA*%02x*%s*%s*%s*%s*%s*%s*%s", $type, unpack ("H*", $mic), unpack ("H*", $macap), unpack ("H*", $macsta), $essid, unpack ("H*", $anonce), unpack ("H*", $eapol), unpack ("H*", $mp)); } return $hash; From 2cc4244e147a3459a1203789de8646b13f5f50d9 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 19 Dec 2019 22:14:42 +0100 Subject: [PATCH 091/300] Initial -m 22001 support --- OpenCL/m22001-pure.cl | 945 ++++++++++++++++++++++++ docs/changes.txt | 1 + docs/readme.txt | 6 +- src/modules/module_22001.c | 1324 ++++++++++++++++++++++++++++++++++ tools/test_modules/m22000.pm | 19 +- 5 files changed, 2288 insertions(+), 7 deletions(-) create mode 100644 OpenCL/m22001-pure.cl create mode 100644 src/modules/module_22001.c diff --git a/OpenCL/m22001-pure.cl b/OpenCL/m22001-pure.cl new file mode 100644 index 000000000..e3a9d23f9 --- /dev/null +++ b/OpenCL/m22001-pure.cl @@ -0,0 +1,945 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_md5.cl" +#include "inc_hash_sha1.cl" +#include "inc_hash_sha256.cl" +#include "inc_cipher_aes.cl" +#else +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.h" +#include "inc_common.h" +#include "inc_simd.h" +#include "inc_hash_md5.h" +#include "inc_hash_sha1.h" +#include "inc_hash_sha256.h" +#include "inc_cipher_aes.h" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +typedef struct wpa_pmk_tmp +{ + u32 out[8]; + +} wpa_pmk_tmp_t; + +typedef struct wpa +{ + u32 essid_buf[16]; + u32 essid_len; + + u32 mac_ap[2]; + u32 mac_sta[2]; + + u32 type; // 1 = PMKID, 2 = EAPOL + + // PMKID specific + + u32 pmkid[4]; + u32 pmkid_data[16]; + + // EAPOL specific + + u32 keymic[4]; + u32 anonce[8]; + + u32 keyver; + + u32 eapol[64 + 16]; + u32 eapol_len; + + u32 pke[32]; + + int message_pair_chgd; + u32 message_pair; + + int nonce_error_corrections_chgd; + int nonce_error_corrections; + + int nonce_compare; + int detected_le; + int detected_be; + +} wpa_t; + +#ifdef KERNEL_STATIC +DECLSPEC u8 hex_convert (const u8 c) +{ + return (c & 15) + (c >> 6) * 9; +} + +DECLSPEC u8 hex_to_u8 (const u8 *hex) +{ + u8 v = 0; + + v |= ((u8) hex_convert (hex[1]) << 0); + v |= ((u8) hex_convert (hex[0]) << 4); + + return (v); +} +#endif + +DECLSPEC void make_kn (u32 *k) +{ + u32 kl[4]; + u32 kr[4]; + + kl[0] = (k[0] << 1) & 0xfefefefe; + kl[1] = (k[1] << 1) & 0xfefefefe; + kl[2] = (k[2] << 1) & 0xfefefefe; + kl[3] = (k[3] << 1) & 0xfefefefe; + + kr[0] = (k[0] >> 7) & 0x01010101; + kr[1] = (k[1] >> 7) & 0x01010101; + kr[2] = (k[2] >> 7) & 0x01010101; + kr[3] = (k[3] >> 7) & 0x01010101; + + const u32 c = kr[0] & 1; + + kr[0] = kr[0] >> 8 | kr[1] << 24; + kr[1] = kr[1] >> 8 | kr[2] << 24; + kr[2] = kr[2] >> 8 | kr[3] << 24; + kr[3] = kr[3] >> 8; + + k[0] = kl[0] | kr[0]; + k[1] = kl[1] | kr[1]; + k[2] = kl[2] | kr[2]; + k[3] = kl[3] | kr[3]; + + k[3] ^= c * 0x87000000; +} + +DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + + sha1_transform_vector (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = 0x80000000; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 20) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + + sha1_transform_vector (w0, w1, w2, w3, digest); +} + +KERNEL_FQ void m22001_init (KERN_ATTR_TMPS_ESALT (wpa_pmk_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 in[16]; + + in[ 0] = pws[gid].i[ 0]; + in[ 1] = pws[gid].i[ 1]; + in[ 2] = pws[gid].i[ 2]; + in[ 3] = pws[gid].i[ 3]; + in[ 4] = pws[gid].i[ 4]; + in[ 5] = pws[gid].i[ 5]; + in[ 6] = pws[gid].i[ 6]; + in[ 7] = pws[gid].i[ 7]; + in[ 8] = pws[gid].i[ 8]; + in[ 9] = pws[gid].i[ 9]; + in[10] = pws[gid].i[10]; + in[11] = pws[gid].i[11]; + in[12] = pws[gid].i[12]; + in[13] = pws[gid].i[13]; + in[14] = pws[gid].i[14]; + in[15] = pws[gid].i[15]; + + u8 *in_ptr = (u8 *) in; + + u32 out[8]; + + u8 *out_ptr = (u8 *) out; + + for (int i = 0, j = 0; i < 32; i += 1, j += 2) + { + out_ptr[i] = hex_to_u8 (in_ptr + j); + } + + tmps[gid].out[0] = hc_swap32_S (out[0]); + tmps[gid].out[1] = hc_swap32_S (out[1]); + tmps[gid].out[2] = hc_swap32_S (out[2]); + tmps[gid].out[3] = hc_swap32_S (out[3]); + tmps[gid].out[4] = hc_swap32_S (out[4]); + tmps[gid].out[5] = hc_swap32_S (out[5]); + tmps[gid].out[6] = hc_swap32_S (out[6]); + tmps[gid].out[7] = hc_swap32_S (out[7]); +} + +KERNEL_FQ void m22001_loop (KERN_ATTR_TMPS_ESALT (wpa_pmk_tmp_t, wpa_t)) +{ + // not in use here, special case... +} + +KERNEL_FQ void m22001_comp (KERN_ATTR_TMPS_ESALT (wpa_pmk_tmp_t, wpa_t)) +{ + // not in use here, special case... +} + +KERNEL_FQ void m22001_aux1 (KERN_ATTR_TMPS_ESALT (wpa_pmk_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 out0[4]; + u32 out1[4]; + + out0[0] = tmps[gid].out[0]; + out0[1] = tmps[gid].out[1]; + out0[2] = tmps[gid].out[2]; + out0[3] = tmps[gid].out[3]; + out1[0] = tmps[gid].out[4]; + out1[1] = tmps[gid].out[5]; + out1[2] = tmps[gid].out[6]; + out1[3] = tmps[gid].out[7]; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + u32 pke[32]; + + pke[ 0] = wpa->pke[ 0]; + pke[ 1] = wpa->pke[ 1]; + pke[ 2] = wpa->pke[ 2]; + pke[ 3] = wpa->pke[ 3]; + pke[ 4] = wpa->pke[ 4]; + pke[ 5] = wpa->pke[ 5]; + pke[ 6] = wpa->pke[ 6]; + pke[ 7] = wpa->pke[ 7]; + pke[ 8] = wpa->pke[ 8]; + pke[ 9] = wpa->pke[ 9]; + pke[10] = wpa->pke[10]; + pke[11] = wpa->pke[11]; + pke[12] = wpa->pke[12]; + pke[13] = wpa->pke[13]; + pke[14] = wpa->pke[14]; + pke[15] = wpa->pke[15]; + pke[16] = wpa->pke[16]; + pke[17] = wpa->pke[17]; + pke[18] = wpa->pke[18]; + pke[19] = wpa->pke[19]; + pke[20] = wpa->pke[20]; + pke[21] = wpa->pke[21]; + pke[22] = wpa->pke[22]; + pke[23] = wpa->pke[23]; + pke[24] = wpa->pke[24]; + pke[25] = wpa->pke[25]; + pke[26] = wpa->pke[26]; + pke[27] = wpa->pke[27]; + pke[28] = wpa->pke[28]; + pke[29] = wpa->pke[29]; + pke[30] = wpa->pke[30]; + pke[31] = wpa->pke[31]; + + u32 z[4]; + + z[0] = 0; + z[1] = 0; + z[2] = 0; + z[3] = 0; + + u32 to; + + u32 m0; + u32 m1; + + if (wpa->nonce_compare < 0) + { + m0 = pke[15] & ~0x000000ff; + m1 = pke[16] & ~0xffffff00; + + to = pke[15] << 24 + | pke[16] >> 8; + } + else + { + m0 = pke[23] & ~0x000000ff; + m1 = pke[24] & ~0xffffff00; + + to = pke[23] << 24 + | pke[24] >> 8; + } + + u32 bo_loops = wpa->detected_le + wpa->detected_be; + + bo_loops = (bo_loops == 0) ? 2 : bo_loops; + + const u32 nonce_error_corrections = wpa->nonce_error_corrections; + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + for (u32 bo_pos = 0; bo_pos < bo_loops; bo_pos++) + { + u32 t = to; + + if (bo_loops == 1) + { + if (wpa->detected_le == 1) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (wpa->detected_be == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + else + { + if (bo_pos == 0) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (bo_pos == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + + if (wpa->nonce_compare < 0) + { + pke[15] = m0 | (t >> 24); + pke[16] = m1 | (t << 8); + } + else + { + pke[23] = m0 | (t >> 24); + pke[24] = m1 | (t << 8); + } + + sha1_hmac_ctx_t ctx1; + + sha1_hmac_init_64 (&ctx1, out0, out1, z, z); + + sha1_hmac_update (&ctx1, pke, 100); + + sha1_hmac_final (&ctx1); + + ctx1.opad.h[0] = hc_swap32_S (ctx1.opad.h[0]); + ctx1.opad.h[1] = hc_swap32_S (ctx1.opad.h[1]); + ctx1.opad.h[2] = hc_swap32_S (ctx1.opad.h[2]); + ctx1.opad.h[3] = hc_swap32_S (ctx1.opad.h[3]); + + md5_hmac_ctx_t ctx2; + + md5_hmac_init_64 (&ctx2, ctx1.opad.h, z, z, z); + + md5_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len); + + md5_hmac_final (&ctx2); + + ctx2.opad.h[0] = hc_swap32_S (ctx2.opad.h[0]); + ctx2.opad.h[1] = hc_swap32_S (ctx2.opad.h[1]); + ctx2.opad.h[2] = hc_swap32_S (ctx2.opad.h[2]); + ctx2.opad.h[3] = hc_swap32_S (ctx2.opad.h[3]); + + /** + * final compare + */ + + if ((ctx2.opad.h[0] == wpa->keymic[0]) + && (ctx2.opad.h[1] == wpa->keymic[1]) + && (ctx2.opad.h[2] == wpa->keymic[2]) + && (ctx2.opad.h[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + } + } +} + +KERNEL_FQ void m22001_aux2 (KERN_ATTR_TMPS_ESALT (wpa_pmk_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 out0[4]; + u32 out1[4]; + + out0[0] = tmps[gid].out[0]; + out0[1] = tmps[gid].out[1]; + out0[2] = tmps[gid].out[2]; + out0[3] = tmps[gid].out[3]; + out1[0] = tmps[gid].out[4]; + out1[1] = tmps[gid].out[5]; + out1[2] = tmps[gid].out[6]; + out1[3] = tmps[gid].out[7]; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + u32 pke[32]; + + pke[ 0] = wpa->pke[ 0]; + pke[ 1] = wpa->pke[ 1]; + pke[ 2] = wpa->pke[ 2]; + pke[ 3] = wpa->pke[ 3]; + pke[ 4] = wpa->pke[ 4]; + pke[ 5] = wpa->pke[ 5]; + pke[ 6] = wpa->pke[ 6]; + pke[ 7] = wpa->pke[ 7]; + pke[ 8] = wpa->pke[ 8]; + pke[ 9] = wpa->pke[ 9]; + pke[10] = wpa->pke[10]; + pke[11] = wpa->pke[11]; + pke[12] = wpa->pke[12]; + pke[13] = wpa->pke[13]; + pke[14] = wpa->pke[14]; + pke[15] = wpa->pke[15]; + pke[16] = wpa->pke[16]; + pke[17] = wpa->pke[17]; + pke[18] = wpa->pke[18]; + pke[19] = wpa->pke[19]; + pke[20] = wpa->pke[20]; + pke[21] = wpa->pke[21]; + pke[22] = wpa->pke[22]; + pke[23] = wpa->pke[23]; + pke[24] = wpa->pke[24]; + pke[25] = wpa->pke[25]; + pke[26] = wpa->pke[26]; + pke[27] = wpa->pke[27]; + pke[28] = wpa->pke[28]; + pke[29] = wpa->pke[29]; + pke[30] = wpa->pke[30]; + pke[31] = wpa->pke[31]; + + u32 z[4]; + + z[0] = 0; + z[1] = 0; + z[2] = 0; + z[3] = 0; + + u32 to; + + u32 m0; + u32 m1; + + if (wpa->nonce_compare < 0) + { + m0 = pke[15] & ~0x000000ff; + m1 = pke[16] & ~0xffffff00; + + to = pke[15] << 24 + | pke[16] >> 8; + } + else + { + m0 = pke[23] & ~0x000000ff; + m1 = pke[24] & ~0xffffff00; + + to = pke[23] << 24 + | pke[24] >> 8; + } + + u32 bo_loops = wpa->detected_le + wpa->detected_be; + + bo_loops = (bo_loops == 0) ? 2 : bo_loops; + + const u32 nonce_error_corrections = wpa->nonce_error_corrections; + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + for (u32 bo_pos = 0; bo_pos < bo_loops; bo_pos++) + { + u32 t = to; + + if (bo_loops == 1) + { + if (wpa->detected_le == 1) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (wpa->detected_be == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + else + { + if (bo_pos == 0) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (bo_pos == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + + if (wpa->nonce_compare < 0) + { + pke[15] = m0 | (t >> 24); + pke[16] = m1 | (t << 8); + } + else + { + pke[23] = m0 | (t >> 24); + pke[24] = m1 | (t << 8); + } + + sha1_hmac_ctx_t ctx1; + + sha1_hmac_init_64 (&ctx1, out0, out1, z, z); + + sha1_hmac_update (&ctx1, pke, 100); + + sha1_hmac_final (&ctx1); + + sha1_hmac_ctx_t ctx2; + + sha1_hmac_init_64 (&ctx2, ctx1.opad.h, z, z, z); + + sha1_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len); + + sha1_hmac_final (&ctx2); + + /** + * final compare + */ + + if ((ctx2.opad.h[0] == wpa->keymic[0]) + && (ctx2.opad.h[1] == wpa->keymic[1]) + && (ctx2.opad.h[2] == wpa->keymic[2]) + && (ctx2.opad.h[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + } + } +} + +KERNEL_FQ void m22001_aux3 (KERN_ATTR_TMPS_ESALT (wpa_pmk_tmp_t, wpa_t)) +{ + /** + * aes shared + */ + + #ifdef REAL_SHM + + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + #ifdef IS_CUDA + __syncthreads(); + #else + SYNC_THREADS (); + #endif + + #else + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 out0[4]; + u32 out1[4]; + + out0[0] = tmps[gid].out[0]; + out0[1] = tmps[gid].out[1]; + out0[2] = tmps[gid].out[2]; + out0[3] = tmps[gid].out[3]; + out1[0] = tmps[gid].out[4]; + out1[1] = tmps[gid].out[5]; + out1[2] = tmps[gid].out[6]; + out1[3] = tmps[gid].out[7]; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + u32 pke[32]; + + pke[ 0] = wpa->pke[ 0]; + pke[ 1] = wpa->pke[ 1]; + pke[ 2] = wpa->pke[ 2]; + pke[ 3] = wpa->pke[ 3]; + pke[ 4] = wpa->pke[ 4]; + pke[ 5] = wpa->pke[ 5]; + pke[ 6] = wpa->pke[ 6]; + pke[ 7] = wpa->pke[ 7]; + pke[ 8] = wpa->pke[ 8]; + pke[ 9] = wpa->pke[ 9]; + pke[10] = wpa->pke[10]; + pke[11] = wpa->pke[11]; + pke[12] = wpa->pke[12]; + pke[13] = wpa->pke[13]; + pke[14] = wpa->pke[14]; + pke[15] = wpa->pke[15]; + pke[16] = wpa->pke[16]; + pke[17] = wpa->pke[17]; + pke[18] = wpa->pke[18]; + pke[19] = wpa->pke[19]; + pke[20] = wpa->pke[20]; + pke[21] = wpa->pke[21]; + pke[22] = wpa->pke[22]; + pke[23] = wpa->pke[23]; + pke[24] = wpa->pke[24]; + pke[25] = wpa->pke[25]; + pke[26] = wpa->pke[26]; + pke[27] = wpa->pke[27]; + pke[28] = wpa->pke[28]; + pke[29] = wpa->pke[29]; + pke[30] = wpa->pke[30]; + pke[31] = wpa->pke[31]; + + u32 z[4]; + + z[0] = 0; + z[1] = 0; + z[2] = 0; + z[3] = 0; + + u32 to; + + u32 m0; + u32 m1; + + if (wpa->nonce_compare < 0) + { + m0 = pke[15] & ~0x000000ff; + m1 = pke[16] & ~0xffffff00; + + to = pke[15] << 24 + | pke[16] >> 8; + } + else + { + m0 = pke[23] & ~0x000000ff; + m1 = pke[24] & ~0xffffff00; + + to = pke[23] << 24 + | pke[24] >> 8; + } + + u32 bo_loops = wpa->detected_le + wpa->detected_be; + + bo_loops = (bo_loops == 0) ? 2 : bo_loops; + + const u32 nonce_error_corrections = wpa->nonce_error_corrections; + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + for (u32 bo_pos = 0; bo_pos < bo_loops; bo_pos++) + { + u32 t = to; + + if (bo_loops == 1) + { + if (wpa->detected_le == 1) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (wpa->detected_be == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + else + { + if (bo_pos == 0) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (bo_pos == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + + if (wpa->nonce_compare < 0) + { + pke[15] = m0 | (t >> 24); + pke[16] = m1 | (t << 8); + } + else + { + pke[23] = m0 | (t >> 24); + pke[24] = m1 | (t << 8); + } + + sha256_hmac_ctx_t ctx1; + + sha256_hmac_init_64 (&ctx1, out0, out1, z, z); + + sha256_hmac_update (&ctx1, pke, 102); + + sha256_hmac_final (&ctx1); + + ctx1.opad.h[0] = hc_swap32_S (ctx1.opad.h[0]); + ctx1.opad.h[1] = hc_swap32_S (ctx1.opad.h[1]); + ctx1.opad.h[2] = hc_swap32_S (ctx1.opad.h[2]); + ctx1.opad.h[3] = hc_swap32_S (ctx1.opad.h[3]); + + // AES CMAC + + u32 ks[44]; + + aes128_set_encrypt_key (ks, ctx1.opad.h, s_te0, s_te1, s_te2, s_te3); + + u32 m[4]; + + m[0] = 0; + m[1] = 0; + m[2] = 0; + m[3] = 0; + + u32 iv[4]; + + iv[0] = 0; + iv[1] = 0; + iv[2] = 0; + iv[3] = 0; + + int eapol_left; + int eapol_idx; + + for (eapol_left = wpa->eapol_len, eapol_idx = 0; eapol_left > 16; eapol_left -= 16, eapol_idx += 4) + { + m[0] = wpa->eapol[eapol_idx + 0] ^ iv[0]; + m[1] = wpa->eapol[eapol_idx + 1] ^ iv[1]; + m[2] = wpa->eapol[eapol_idx + 2] ^ iv[2]; + m[3] = wpa->eapol[eapol_idx + 3] ^ iv[3]; + + aes128_encrypt (ks, m, iv, s_te0, s_te1, s_te2, s_te3, s_te4); + } + + m[0] = wpa->eapol[eapol_idx + 0]; + m[1] = wpa->eapol[eapol_idx + 1]; + m[2] = wpa->eapol[eapol_idx + 2]; + m[3] = wpa->eapol[eapol_idx + 3]; + + u32 k[4]; + + k[0] = 0; + k[1] = 0; + k[2] = 0; + k[3] = 0; + + aes128_encrypt (ks, k, k, s_te0, s_te1, s_te2, s_te3, s_te4); + + make_kn (k); + + if (eapol_left < 16) + { + make_kn (k); + } + + m[0] ^= k[0]; + m[1] ^= k[1]; + m[2] ^= k[2]; + m[3] ^= k[3]; + + m[0] ^= iv[0]; + m[1] ^= iv[1]; + m[2] ^= iv[2]; + m[3] ^= iv[3]; + + u32 keymic[4]; + + keymic[0] = 0; + keymic[1] = 0; + keymic[2] = 0; + keymic[3] = 0; + + aes128_encrypt (ks, m, keymic, s_te0, s_te1, s_te2, s_te3, s_te4); + + /** + * final compare + */ + + keymic[0] = hc_swap32_S (keymic[0]); + keymic[1] = hc_swap32_S (keymic[1]); + keymic[2] = hc_swap32_S (keymic[2]); + keymic[3] = hc_swap32_S (keymic[3]); + + if ((keymic[0] == wpa->keymic[0]) + && (keymic[1] == wpa->keymic[1]) + && (keymic[2] == wpa->keymic[2]) + && (keymic[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + } + } +} + +KERNEL_FQ void m22001_aux4 (KERN_ATTR_TMPS_ESALT (wpa_pmk_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w[16]; + + w[ 0] = tmps[gid].out[0]; + w[ 1] = tmps[gid].out[1]; + w[ 2] = tmps[gid].out[2]; + w[ 3] = tmps[gid].out[3]; + w[ 4] = tmps[gid].out[4]; + w[ 5] = tmps[gid].out[5]; + w[ 6] = tmps[gid].out[6]; + w[ 7] = tmps[gid].out[7]; + w[ 8] = 0; + w[ 9] = 0; + w[10] = 0; + w[11] = 0; + w[12] = 0; + w[13] = 0; + w[14] = 0; + w[15] = 0; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + sha1_hmac_ctx_t sha1_hmac_ctx; + + sha1_hmac_init (&sha1_hmac_ctx, w, 32); + + sha1_hmac_update_global_swap (&sha1_hmac_ctx, wpa->pmkid_data, 20); + + sha1_hmac_final (&sha1_hmac_ctx); + + const u32 r0 = sha1_hmac_ctx.opad.h[0]; + const u32 r1 = sha1_hmac_ctx.opad.h[1]; + const u32 r2 = sha1_hmac_ctx.opad.h[2]; + const u32 r3 = sha1_hmac_ctx.opad.h[3]; + + #ifdef KERNEL_STATIC + + #define il_pos 0 + #include COMPARE_M + + #else + + if ((hc_swap32_S (r0) == wpa->pmkid[0]) + && (hc_swap32_S (r1) == wpa->pmkid[1]) + && (hc_swap32_S (r2) == wpa->pmkid[2]) + && (hc_swap32_S (r3) == wpa->pmkid[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + + #endif +} diff --git a/docs/changes.txt b/docs/changes.txt index f02d1c2d7..ff7d14d3c 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -56,6 +56,7 @@ - Added hash-mode: sha256(sha256($pass).$salt) - Added hash-mode: Web2py pbkdf2-sha512 - Added hash-mode: WPA-PBKDF2-PMKID+EAPOL +- Added hash-mode: WPA-PMK-PMKID+EAPOL ## ## Bugs diff --git a/docs/readme.txt b/docs/readme.txt index f1fdeb7e2..45afddf4d 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -144,10 +144,8 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - SIP digest authentication (MD5) - IKE-PSK MD5 - IKE-PSK SHA1 -- WPA-EAPOL-PBKDF2 -- WPA-EAPOL-PMK -- WPA-PMKID-PBKDF2 -- WPA-PMKID-PMK +- WPA-PBKDF2-PMKID+EAPOL +- WPA-PMK-PMKID+EAPOL - IPMI2 RAKP HMAC-SHA1 - CRAM-MD5 - iSCSI CHAP authentication, MD5(CHAP) diff --git a/src/modules/module_22001.c b/src/modules/module_22001.c new file mode 100644 index 000000000..0ecaba32c --- /dev/null +++ b/src/modules/module_22001.c @@ -0,0 +1,1324 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" + +#define DGST_ELEM 4 + +#include "emu_general.h" +#include "emu_inc_cipher_aes.h" +#include "emu_inc_hash_md5.h" +#include "m22001-pure.cl" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL; +static const char *HASH_NAME = "WPA-PMK-PMKID+EAPOL"; +static const u64 KERN_TYPE = 22001; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_AUX1 + | OPTS_TYPE_AUX2 + | OPTS_TYPE_AUX3 + | OPTS_TYPE_AUX4 + | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_DEEP_COMP_KERNEL + | OPTS_TYPE_COPY_TMPS + | OPTS_TYPE_POTFILE_NOPASS; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "4189cd288e84c91adc4cc076a68f6004bff528b3112ed20b31d43b9e453bdc31"; +static const char *ST_HASH = "WPA*01*9d42bfc4ab79cf3a3a85761efd2a0cf0*e8e61d2bfe07*e21f445660bb*3c3429452aba22e9a7a6***"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +static const u32 ROUNDS_WPA_PMK = 0; + +// this is required to force mingw to accept the packed attribute +#pragma pack(push,1) + +struct auth_packet +{ + u8 version; + u8 type; + u16 length; + u8 key_descriptor; + u16 key_information; + u16 key_length; + u64 replay_counter; + u8 wpa_key_nonce[32]; + u8 wpa_key_iv[16]; + u8 wpa_key_rsc[8]; + u8 wpa_key_id[8]; + u8 wpa_key_mic[16]; + u16 wpa_key_data_length; + +} __attribute__((packed)); + +#pragma pack(pop) + +typedef struct auth_packet auth_packet_t; + +#define HCCAPX_VERSION 4 +#define HCCAPX_SIGNATURE 0x58504348 // HCPX + +// this is required to force mingw to accept the packed attribute +#pragma pack(push,1) + +struct hccapx +{ + u32 signature; + u32 version; + u8 message_pair; + u8 essid_len; + u8 essid[32]; + u8 keyver; + u8 keymic[16]; + u8 mac_ap[6]; + u8 nonce_ap[32]; + u8 mac_sta[6]; + u8 nonce_sta[32]; + u16 eapol_len; + u8 eapol[256]; + +} __attribute__((packed)); + +typedef struct hccapx hccapx_t; + +#pragma pack(pop) + +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const char *mask = "?a?a?a?a?a?a?a?axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; + + return mask; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (wpa_pmk_tmp_t); + + return tmp_size; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (wpa_t); + + return esalt_size; +} + +static bool is_hccapx (HCFILE *fp) +{ + hccapx_t hccapx; + + const size_t nread = hc_fread (&hccapx, sizeof (hccapx_t), 1, fp); + + if (nread == 1) + { + if (hccapx.signature == HCCAPX_SIGNATURE) + { + return true; + } + } + + return false; +} + +int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) +{ + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, hashconfig->st_hash, strlen (hashconfig->st_hash)); + + wpa_t *wpa = (wpa_t *) hash->esalt; + + wpa->detected_le = 1; + wpa->detected_be = 0; + + wpa->nonce_error_corrections = 3; + + return parser_status; +} + +int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes) +{ + hash_t *hashes_buf = hashes->hashes_buf; + + int hashes_cnt = 0; + + HCFILE fp; + + if (hc_fopen (&fp, hashes->hashfile, "rb") == false) return -1; + + const bool r = is_hccapx (&fp); + + hc_rewind (&fp); + + if (r == true) + { + char *in = (char *) hcmalloc (sizeof (hccapx_t)); + + while (!hc_feof (&fp)) + { + const size_t nread = hc_fread (in, sizeof (hccapx_t), 1, &fp); + + if (nread == 0) break; + + memset (hashes_buf[hashes_cnt].salt, 0, sizeof (salt_t)); + + memset (hashes_buf[hashes_cnt].esalt, 0, sizeof (wpa_t)); + + wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt; + + wpa->message_pair_chgd = user_options->hccapx_message_pair_chgd; + wpa->message_pair = user_options->hccapx_message_pair; + + wpa->nonce_error_corrections_chgd = user_options->nonce_error_corrections_chgd; + wpa->nonce_error_corrections = user_options->nonce_error_corrections; + + hash_t *hash = &hashes_buf[hashes_cnt]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, in, sizeof (hccapx_t)); + + if (parser_status != PARSER_OK) continue; + + hashes_cnt++; + } + + hcfree (in); + } + else + { + char *line_buf = (char *) hcmalloc (HCBUFSIZ_LARGE); + + while (!hc_feof (&fp)) + { + const size_t line_len = fgetl (&fp, line_buf, HCBUFSIZ_LARGE); + + if (line_len == 0) continue; + + memset (hashes_buf[hashes_cnt].salt, 0, sizeof (salt_t)); + + memset (hashes_buf[hashes_cnt].esalt, 0, sizeof (wpa_t)); + + wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt; + + wpa->message_pair_chgd = user_options->hccapx_message_pair_chgd; + wpa->message_pair = user_options->hccapx_message_pair; + + wpa->nonce_error_corrections_chgd = user_options->nonce_error_corrections_chgd; + wpa->nonce_error_corrections = user_options->nonce_error_corrections; + + hash_t *hash = &hashes_buf[hashes_cnt]; + + const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, line_buf, line_len); + + if (parser_status != PARSER_OK) continue; + + hashes_cnt++; + } + + hcfree (line_buf); + } + + hc_fclose (&fp); + + return hashes_cnt; +} + +int module_hash_binary_count (MAYBE_UNUSED const hashes_t *hashes) +{ + // this mode actually works on a plaintext file + // but to stay in a .hccapx backward compatibility mode we have to tell the module + // the file is in binary. + // we then have to iterated through the file ourself + + HCFILE fp; + + if (hc_fopen (&fp, hashes->hashfile, "rb") == false) return -1; + + const bool r = is_hccapx (&fp); + + hc_rewind (&fp); + + int count = 0; + + if (r == true) + { + struct stat st; + + stat (hashes->hashfile, &st); + + count = st.st_size / sizeof (hccapx_t); + } + else + { + count = count_lines (&fp); + } + + hc_fclose (&fp); + + return count; +} + +bool module_hlfmt_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool hlfmt_disable = true; + + return hlfmt_disable; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 64; + + return pw_min; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 64; + + return pw_max; +} + +int module_hash_decode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len, MAYBE_UNUSED void *tmps) +{ + wpa_t *wpa = (wpa_t *) esalt_buf; + + wpa_pmk_tmp_t *wpa_pmk_tmp = (wpa_pmk_tmp_t *) tmps; + + // here we have in line_hash_buf: PMK*essid:password + // but we don't care about the password + + // PMK + + wpa_pmk_tmp->out[0] = hex_to_u32 ((const u8 *) line_buf + 0); + wpa_pmk_tmp->out[1] = hex_to_u32 ((const u8 *) line_buf + 8); + wpa_pmk_tmp->out[2] = hex_to_u32 ((const u8 *) line_buf + 16); + wpa_pmk_tmp->out[3] = hex_to_u32 ((const u8 *) line_buf + 24); + wpa_pmk_tmp->out[4] = hex_to_u32 ((const u8 *) line_buf + 32); + wpa_pmk_tmp->out[5] = hex_to_u32 ((const u8 *) line_buf + 40); + wpa_pmk_tmp->out[6] = hex_to_u32 ((const u8 *) line_buf + 48); + wpa_pmk_tmp->out[7] = hex_to_u32 ((const u8 *) line_buf + 56); + + // essid + + char *sep_pos = strrchr (line_buf, ':'); + + if (sep_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + if ((line_buf + 64) != sep_pos) return (PARSER_HASH_LENGTH); + + char *essid_pos = sep_pos + 1; + + const int essid_len = strlen (essid_pos); + + if (essid_len & 1) return (PARSER_SALT_VALUE); + + if (essid_len > 64) return (PARSER_SALT_VALUE); + + wpa->essid_len = hex_decode ((const u8 *) essid_pos, essid_len, (u8 *) wpa->essid_buf); + + return PARSER_OK; +} + +int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size, MAYBE_UNUSED const void *tmps) +{ + const wpa_t *wpa = (const wpa_t *) esalt_buf; + + const wpa_pmk_tmp_t *wpa_pmk_tmp = (const wpa_pmk_tmp_t *) tmps; + + char tmp_buf[128]; + + const int tmp_len = hex_encode ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf); + + tmp_buf[tmp_len] = 0; + + const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x:%s", + wpa_pmk_tmp->out[0], + wpa_pmk_tmp->out[1], + wpa_pmk_tmp->out[2], + wpa_pmk_tmp->out[3], + wpa_pmk_tmp->out[4], + wpa_pmk_tmp->out[5], + wpa_pmk_tmp->out[6], + wpa_pmk_tmp->out[7], + tmp_buf); + + return line_len; +} + +int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos, char **buf) +{ + const salt_t *salts_buf = hashes->salts_buf; + const void *esalts_buf = hashes->esalts_buf; + + const salt_t *salt = &salts_buf[salt_pos]; + + const u32 digest_cur = salt->digests_offset + digest_pos; + + const wpa_t *wpas = (const wpa_t *) esalts_buf; + const wpa_t *wpa = &wpas[digest_cur]; + + char tmp_buf[128]; + + const int tmp_len = hex_encode ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf); + + tmp_buf[tmp_len] = 0; + + const u8 *mac_ap = (const u8 *) wpa->mac_ap; + const u8 *mac_sta = (const u8 *) wpa->mac_sta; + + if (wpa->type == 1) + { + const int len = hc_asprintf (buf, "WPA*01*%08x%08x%08x%08x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%s***", + byte_swap_32 (wpa->pmkid[0]), + byte_swap_32 (wpa->pmkid[1]), + byte_swap_32 (wpa->pmkid[2]), + byte_swap_32 (wpa->pmkid[3]), + mac_ap[0], + mac_ap[1], + mac_ap[2], + mac_ap[3], + mac_ap[4], + mac_ap[5], + mac_sta[0], + mac_sta[1], + mac_sta[2], + mac_sta[3], + mac_sta[4], + mac_sta[5], + tmp_buf); + + return len; + } + else if (wpa->type == 2) + { + u32 eapol_swapped[64 + 2]; + + for (int i = 0; i < 64; i++) + { + eapol_swapped[i] = wpa->eapol[i]; + + if (wpa->keyver == 2) + { + eapol_swapped[i] = byte_swap_32 (eapol_swapped[i]); + } + } + + eapol_swapped[64] = 0; + eapol_swapped[65] = 0; + + char tmp2_buf[384]; + + const int tmp2_len = hex_encode ((const u8 *) eapol_swapped, wpa->eapol_len, (u8 *) tmp2_buf); + + tmp2_buf[tmp2_len] = 0; + + const int len = hc_asprintf (buf, "WPA*02*%08x%08x%08x%08x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%s*%08x%08x%08x%08x%08x%08x%08x%08x*%s*%02x" EOL, + wpa->keymic[0], + wpa->keymic[1], + wpa->keymic[2], + wpa->keymic[3], + mac_ap[0], + mac_ap[1], + mac_ap[2], + mac_ap[3], + mac_ap[4], + mac_ap[5], + mac_sta[0], + mac_sta[1], + mac_sta[2], + mac_sta[3], + mac_sta[4], + mac_sta[5], + tmp_buf, + byte_swap_32 (wpa->anonce[0]), + byte_swap_32 (wpa->anonce[1]), + byte_swap_32 (wpa->anonce[2]), + byte_swap_32 (wpa->anonce[3]), + byte_swap_32 (wpa->anonce[4]), + byte_swap_32 (wpa->anonce[5]), + byte_swap_32 (wpa->anonce[6]), + byte_swap_32 (wpa->anonce[7]), + tmp2_buf, + wpa->message_pair); + + return len; + } + + return 0; +} + +u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) +{ + const u32 digests_offset = hashes->salts_buf[salt_pos].digests_offset; + + wpa_t *wpas = (wpa_t *) hashes->esalts_buf; + + wpa_t *wpa = &wpas[digests_offset + digest_pos]; + + if (wpa->type == 1) + { + return KERN_RUN_AUX4; + } + else if (wpa->type == 2) + { + if (wpa->keyver == 1) + { + return KERN_RUN_AUX1; + } + else if (wpa->keyver == 2) + { + return KERN_RUN_AUX2; + } + else if (wpa->keyver == 3) + { + return KERN_RUN_AUX3; + } + } + + return 0; +} + +bool module_potfile_custom_check (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hash_t *db, MAYBE_UNUSED const hash_t *entry_hash, MAYBE_UNUSED const void *entry_tmps) +{ + const wpa_t *wpa_entry = (const wpa_t *) entry_hash->esalt; + const wpa_t *wpa_db = (const wpa_t *) db->esalt; + + if (wpa_db->essid_len != wpa_entry->essid_len) return false; + + if (strcmp ((const char *) wpa_db->essid_buf, (const char *) wpa_entry->essid_buf)) return false; + + const wpa_pmk_tmp_t *wpa_pmk_tmp = (const wpa_pmk_tmp_t *) entry_tmps; + + wpa_pmk_tmp_t tmps; + + tmps.out[0] = byte_swap_32 (wpa_pmk_tmp->out[0]); + tmps.out[1] = byte_swap_32 (wpa_pmk_tmp->out[1]); + tmps.out[2] = byte_swap_32 (wpa_pmk_tmp->out[2]); + tmps.out[3] = byte_swap_32 (wpa_pmk_tmp->out[3]); + tmps.out[4] = byte_swap_32 (wpa_pmk_tmp->out[4]); + tmps.out[5] = byte_swap_32 (wpa_pmk_tmp->out[5]); + tmps.out[6] = byte_swap_32 (wpa_pmk_tmp->out[6]); + tmps.out[7] = byte_swap_32 (wpa_pmk_tmp->out[7]); + + plain_t plains_buf; + + u32 hashes_shown = 0; + + u32 d_return_buf = 0; + + void (*m22001_aux) (KERN_ATTR_TMPS_ESALT (wpa_pmk_tmp_t, wpa_t)); + + if (wpa_db->type == 1) + { + m22001_aux = m22001_aux4; + } + else if (wpa_db->type == 2) + { + if (wpa_db->keyver == 1) + { + m22001_aux = m22001_aux1; + } + else if (wpa_db->keyver == 2) + { + m22001_aux = m22001_aux2; + } + else if (wpa_db->keyver == 3) + { + m22001_aux = m22001_aux3; + } + else + { + return false; + } + } + else + { + return false; + } + + m22001_aux + ( + NULL, // pws + NULL, // rules_buf + NULL, // combs_buf + NULL, // bfs_buf + &tmps, // tmps + NULL, // hooks + NULL, // bitmaps_buf_s1_a + NULL, // bitmaps_buf_s1_b + NULL, // bitmaps_buf_s1_c + NULL, // bitmaps_buf_s1_d + NULL, // bitmaps_buf_s2_a + NULL, // bitmaps_buf_s2_b + NULL, // bitmaps_buf_s2_c + NULL, // bitmaps_buf_s2_d + &plains_buf, // plains_buf + db->digest, // digests_buf + &hashes_shown, // hashes_shown + db->salt, // salt_bufs + db->esalt, // esalt_bufs + &d_return_buf, // d_return_buf + NULL, // d_extra0_buf + NULL, // d_extra1_buf + NULL, // d_extra2_buf + NULL, // d_extra3_buf + 0, // bitmap_mask + 0, // bitmap_shift1 + 0, // bitmap_shift2 + 0, // salt_pos + 0, // loop_pos + 0, // loop_cnt + 0, // il_cnt + 1, // digests_cnt + 0, // digests_offset + 0, // combs_mode + 1 // gid_max + ); + + const bool r = (d_return_buf == 0) ? false : true; + + return r; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + wpa_t *wpa = (wpa_t *) esalt_buf; + + char *input_buf = (char *) line_buf; + int input_len = line_len; + + // start old pmkid/hccapx compatibility parsing + // idea is to find out if parsing succeeds and in this case to build a + // valid 22001 hash line and replace line_buf pointer + + char tmp_buf[1024]; + int tmp_len; + + // hccapx parser + + if (line_len == sizeof (hccapx_t)) + { + hccapx_t *hccapx = (hccapx_t *) line_buf; + + if ((hccapx->signature == HCCAPX_SIGNATURE) && (hccapx->version == HCCAPX_VERSION)) + { + tmp_len = 0; + + tmp_len += snprintf (tmp_buf, sizeof (tmp_buf) - tmp_len, "WPA*02*"); + + tmp_len += hex_encode ((const u8 *) hccapx->keymic, 16, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = '*'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) hccapx->mac_ap, 6, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = '*'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) hccapx->mac_sta, 6, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = '*'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) hccapx->essid, hccapx->essid_len, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = '*'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) hccapx->nonce_ap, 32, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = '*'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) hccapx->eapol, hccapx->eapol_len, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = '*'; + + tmp_len++; + + tmp_len += hex_encode ((const u8 *) &hccapx->message_pair, 1, (u8 *) tmp_buf + tmp_len); + + tmp_buf[tmp_len] = 0; + + input_buf = tmp_buf; + input_len = tmp_len; + } + } + + // pmkid parser + + if (1) + { + // detect super-old/old format + + int old_sep = 0; + int new_sep = 0; + + for (int i = 0; i < line_len; i++) + { + const char c = line_buf[i]; + + if (c == '*') old_sep++; + if (c == ':') new_sep++; + } + + const u8 sep = (new_sep > old_sep) ? ':' : '*'; + + // start normal parsing + + token_t token; + + token.token_cnt = 4; + + token.sep[0] = sep; + token.len_min[0] = 32; + token.len_max[0] = 32; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[1] = sep; + token.len_min[1] = 12; + token.len_max[1] = 12; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[2] = sep; + token.len_min[2] = 12; + token.len_max[2] = 12; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = sep; + token.len_min[3] = 0; + token.len_max[3] = 64; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer == PARSER_OK) + { + tmp_len = snprintf (tmp_buf, sizeof (tmp_buf), "WPA*01*%s***", line_buf); + + input_buf = tmp_buf; + input_len = tmp_len; + } + } + + // start normal parsing + + token_t token; + + token.token_cnt = 9; + + token.signatures_cnt = 1; + token.signatures_buf[0] = "WPA"; + + token.sep[0] = '*'; + token.len_min[0] = 3; + token.len_max[0] = 3; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '*'; + token.len_min[1] = 2; + token.len_max[1] = 2; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[2] = '*'; + token.len_min[2] = 32; + token.len_max[2] = 32; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = '*'; + token.len_min[3] = 12; + token.len_max[3] = 12; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[4] = '*'; + token.len_min[4] = 12; + token.len_max[4] = 12; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = '*'; + token.len_min[5] = 0; + token.len_max[5] = 64; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = '*'; + token.len_min[6] = 0; + token.len_max[6] = 64; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = '*'; + token.len_min[7] = 0; + token.len_max[7] = 512; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[8] = '*'; + token.len_min[8] = 0; + token.len_max[8] = 2; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) input_buf, input_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // mac_ap + + u8 *mac_ap = (u8 *) wpa->mac_ap; + u8 *mac_sta = (u8 *) wpa->mac_sta; + + const u8 *macap_buf = token.buf[3]; + + mac_ap[0] = hex_to_u8 (macap_buf + 0); + mac_ap[1] = hex_to_u8 (macap_buf + 2); + mac_ap[2] = hex_to_u8 (macap_buf + 4); + mac_ap[3] = hex_to_u8 (macap_buf + 6); + mac_ap[4] = hex_to_u8 (macap_buf + 8); + mac_ap[5] = hex_to_u8 (macap_buf + 10); + + // mac_sta + + const u8 *macsta_buf = token.buf[4]; + + mac_sta[0] = hex_to_u8 (macsta_buf + 0); + mac_sta[1] = hex_to_u8 (macsta_buf + 2); + mac_sta[2] = hex_to_u8 (macsta_buf + 4); + mac_sta[3] = hex_to_u8 (macsta_buf + 6); + mac_sta[4] = hex_to_u8 (macsta_buf + 8); + mac_sta[5] = hex_to_u8 (macsta_buf + 10); + + // essid + + const u8 *essid_buf = token.buf[5]; + const int essid_len = token.len[5]; + + if (essid_len & 1) return (PARSER_SALT_VALUE); + + wpa->essid_len = hex_decode (essid_buf, essid_len, (u8 *) wpa->essid_buf); + + // salt + + memcpy (salt->salt_buf, wpa->essid_buf, wpa->essid_len); + + salt->salt_len = wpa->essid_len; + + salt->salt_iter = ROUNDS_WPA_PMK; + + // type + + const u8 *type_buf = token.buf[1]; + + const u8 type = hex_to_u8 (type_buf); + + if ((type != 1) && (type != 2)) return (PARSER_SALT_VALUE); + + wpa->type = type; + + // PMKID specific code + + if (type == 1) + { + // pmkid + + const u8 *pmkid_buf = token.buf[2]; + + wpa->pmkid[0] = hex_to_u32 (pmkid_buf + 0); + wpa->pmkid[1] = hex_to_u32 (pmkid_buf + 8); + wpa->pmkid[2] = hex_to_u32 (pmkid_buf + 16); + wpa->pmkid[3] = hex_to_u32 (pmkid_buf + 24); + + // pmkid_data + + wpa->pmkid_data[0] = 0x204b4d50; // "PMK " + wpa->pmkid_data[1] = 0x656d614e; // "Name" + wpa->pmkid_data[2] = (mac_ap[0] << 0) + | (mac_ap[1] << 8) + | (mac_ap[2] << 16) + | (mac_ap[3] << 24); + wpa->pmkid_data[3] = (mac_ap[4] << 0) + | (mac_ap[5] << 8) + | (mac_sta[0] << 16) + | (mac_sta[1] << 24); + wpa->pmkid_data[4] = (mac_sta[2] << 0) + | (mac_sta[3] << 8) + | (mac_sta[4] << 16) + | (mac_sta[5] << 24); + + // hash + + digest[0] = wpa->pmkid[0]; + digest[1] = wpa->pmkid[1]; + digest[2] = wpa->pmkid[2]; + digest[3] = wpa->pmkid[3]; + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + } + + // EAPOL specific code + + if (type == 2) + { + // checks + + if (token.len[6] != 64) return (PARSER_SALT_LENGTH); + + if (token.len[7] < (int) sizeof (auth_packet_t) * 2) return (PARSER_SALT_LENGTH); + + if (token.len[8] != 2) return (PARSER_SALT_LENGTH); + + // anonce + + const u8 *anonce_pos = token.buf[6]; + + wpa->anonce[0] = hex_to_u32 (anonce_pos + 0); + wpa->anonce[1] = hex_to_u32 (anonce_pos + 8); + wpa->anonce[2] = hex_to_u32 (anonce_pos + 16); + wpa->anonce[3] = hex_to_u32 (anonce_pos + 24); + wpa->anonce[4] = hex_to_u32 (anonce_pos + 32); + wpa->anonce[5] = hex_to_u32 (anonce_pos + 40); + wpa->anonce[6] = hex_to_u32 (anonce_pos + 48); + wpa->anonce[7] = hex_to_u32 (anonce_pos + 56); + + // eapol + + const u8 *eapol_pos = token.buf[7]; + + u8 *eapol_ptr = (u8 *) wpa->eapol; + + wpa->eapol_len = hex_decode ((const u8 *) eapol_pos, token.len[7], eapol_ptr); + + memset (eapol_ptr + wpa->eapol_len, 0, (256 + 64) - wpa->eapol_len); + + auth_packet_t *auth_packet = (auth_packet_t *) wpa->eapol; + + // keyver + + const u16 key_information = byte_swap_16 (auth_packet->key_information); + + wpa->keyver = key_information & 3; + + if ((wpa->keyver != 1) && (wpa->keyver != 2) && (wpa->keyver != 3)) return (PARSER_SALT_VALUE); + + // pke + + u8 *pke_ptr = (u8 *) wpa->pke; + + memset (pke_ptr, 0, 128); + + if ((wpa->keyver == 1) || (wpa->keyver == 2)) + { + memcpy (pke_ptr, "Pairwise key expansion\x00", 23); + + if (memcmp (mac_ap, mac_sta, 6) < 0) + { + memcpy (pke_ptr + 23, mac_ap, 6); + memcpy (pke_ptr + 29, mac_sta, 6); + } + else + { + memcpy (pke_ptr + 23, mac_sta, 6); + memcpy (pke_ptr + 29, mac_ap, 6); + } + + wpa->nonce_compare = memcmp (wpa->anonce, auth_packet->wpa_key_nonce, 32); + + if (wpa->nonce_compare < 0) + { + memcpy (pke_ptr + 35, wpa->anonce, 32); + memcpy (pke_ptr + 67, auth_packet->wpa_key_nonce, 32); + } + else + { + memcpy (pke_ptr + 35, auth_packet->wpa_key_nonce, 32); + memcpy (pke_ptr + 67, wpa->anonce, 32); + } + } + else if (wpa->keyver == 3) + { + pke_ptr[0] = 1; + pke_ptr[1] = 0; + + memcpy (pke_ptr + 2, "Pairwise key expansion", 22); + + if (memcmp (mac_ap, mac_sta, 6) < 0) + { + memcpy (pke_ptr + 24, mac_ap, 6); + memcpy (pke_ptr + 30, mac_sta, 6); + } + else + { + memcpy (pke_ptr + 24, mac_sta, 6); + memcpy (pke_ptr + 30, mac_ap, 6); + } + + wpa->nonce_compare = memcmp (wpa->anonce, auth_packet->wpa_key_nonce, 32); + + if (wpa->nonce_compare < 0) + { + memcpy (pke_ptr + 36, wpa->anonce, 32); + memcpy (pke_ptr + 68, auth_packet->wpa_key_nonce, 32); + } + else + { + memcpy (pke_ptr + 36, auth_packet->wpa_key_nonce, 32); + memcpy (pke_ptr + 68, wpa->anonce, 32); + } + + pke_ptr[100] = 0x80; + pke_ptr[101] = 1; + } + + for (int i = 0; i < 32; i++) + { + wpa->pke[i] = byte_swap_32 (wpa->pke[i]); + } + + if (wpa->keyver == 2) + { + for (int i = 0; i < 64; i++) + { + wpa->eapol[i] = byte_swap_32 (wpa->eapol[i]); + } + } + + if (wpa->keyver == 3) + { + eapol_ptr[wpa->eapol_len] = 0x80; + } + + // message_pair + + const u8 *message_pair_pos = token.buf[8]; + + const u8 message_pair = hex_to_u8 (message_pair_pos); + + if (wpa->message_pair_chgd == true) + { + // we can filter some message types here + + if (wpa->message_pair != (message_pair & 0x7f)) return (PARSER_HCCAPX_MESSAGE_PAIR); + } + else + { + wpa->message_pair = message_pair; + } + + if (wpa->nonce_error_corrections_chgd == true) + { + // value was set in module_hash_binary_parse() + } + else + { + if (wpa->message_pair & (1 << 4)) + { + // ap-less attack detected, nc not needed + + wpa->nonce_error_corrections = 0; + } + else + { + if (wpa->message_pair & (1 << 7)) + { + // replaycount not checked, nc needed + } + else + { + wpa->nonce_error_corrections = 0; + } + } + } + + // now some optimization related to replay counter endianess + // hcxtools has techniques to detect them + // since we can not guarantee to get our handshakes from hcxtools we enable both by default + // this means that we check both even if both are not set! + // however if one of them is set, we can assume that the endianess has been checked and the other one is not needed + + wpa->detected_le = 1; + wpa->detected_be = 1; + + if (wpa->message_pair & (1 << 5)) + { + wpa->detected_le = 1; + wpa->detected_be = 0; + } + else if (wpa->message_pair & (1 << 6)) + { + wpa->detected_le = 0; + wpa->detected_be = 1; + } + + // mic + + const u8 *mic_pos = token.buf[2]; + + wpa->keymic[0] = hex_to_u32 (mic_pos + 0); + wpa->keymic[1] = hex_to_u32 (mic_pos + 8); + wpa->keymic[2] = hex_to_u32 (mic_pos + 16); + wpa->keymic[3] = hex_to_u32 (mic_pos + 24); + + wpa->keymic[0] = byte_swap_32 (wpa->keymic[0]); + wpa->keymic[1] = byte_swap_32 (wpa->keymic[1]); + wpa->keymic[2] = byte_swap_32 (wpa->keymic[2]); + wpa->keymic[3] = byte_swap_32 (wpa->keymic[3]); + + // Create a hash of the nonce as ESSID is not unique enough + // Not a regular MD5 but good enough + // We can also ignore cases where we should bzero the work buffer + + u32 hash[4]; + + hash[0] = 0; + hash[1] = 1; + hash[2] = 2; + hash[3] = 3; + + u32 block[16]; + + memset (block, 0, sizeof (block)); + + u8 *block_ptr = (u8 *) block; + + for (int i = 0; i < 16; i++) block[i] = salt->salt_buf[i]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->pke[i + 0]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->pke[i + 16]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 0]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 16]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 32]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 48]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 2; i++) block[0 + i] = wpa->mac_ap[i]; + for (int i = 0; i < 2; i++) block[2 + i] = wpa->mac_ap[i]; + for (int i = 0; i < 12; i++) block[4 + i] = 0; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + memcpy (block_ptr + 0, wpa->anonce, 32); + memcpy (block_ptr + 32, auth_packet->wpa_key_nonce, 32); + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + block[0] = wpa->keymic[0]; + block[1] = wpa->keymic[1]; + block[2] = wpa->keymic[2]; + block[3] = wpa->keymic[3]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + // make all this stuff unique + + digest[0] = hash[0]; + digest[1] = hash[1]; + digest[2] = hash[2]; + digest[3] = hash[3]; + } + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const wpa_t *wpa = (const wpa_t *) esalt_buf; + + int line_len = 0; + + const u8 *mac_ap = (const u8 *) wpa->mac_ap; + const u8 *mac_sta = (const u8 *) wpa->mac_sta; + + if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, ':', 0) == true) + { + char tmp_buf[128]; + + int tmp_len = 0; + + tmp_buf[tmp_len++] = '$'; + tmp_buf[tmp_len++] = 'H'; + tmp_buf[tmp_len++] = 'E'; + tmp_buf[tmp_len++] = 'X'; + tmp_buf[tmp_len++] = '['; + + exec_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf + tmp_len); + + tmp_len += wpa->essid_len * 2; + + tmp_buf[tmp_len++] = ']'; + + tmp_buf[tmp_len++] = 0; + + line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + mac_ap[0], + mac_ap[1], + mac_ap[2], + mac_ap[3], + mac_ap[4], + mac_ap[5], + mac_sta[0], + mac_sta[1], + mac_sta[2], + mac_sta[3], + mac_sta[4], + mac_sta[5], + tmp_buf); + } + else + { + line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + mac_ap[0], + mac_ap[1], + mac_ap[2], + mac_ap[3], + mac_ap[4], + mac_ap[5], + mac_sta[0], + mac_sta[1], + mac_sta[2], + mac_sta[3], + mac_sta[4], + mac_sta[5], + (const char *) wpa->essid_buf); + } + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = module_hash_binary_count; + module_ctx->module_hash_binary_parse = module_hash_binary_parse; + module_ctx->module_hash_binary_save = module_hash_binary_save; + module_ctx->module_hash_decode_potfile = module_hash_decode_potfile; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = module_hash_encode_potfile; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = module_hash_init_selftest; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = module_hlfmt_disable; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = module_potfile_custom_check; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m22000.pm b/tools/test_modules/m22000.pm index 06bcc2f46..210eaaa75 100644 --- a/tools/test_modules/m22000.pm +++ b/tools/test_modules/m22000.pm @@ -181,11 +181,24 @@ sub module_verify_hash { my $line = shift; - my @data = split (':', $line); + my $index1 = index ($line, ":"); - return unless scalar @data == 10; + return if $index1 < 1; - my ($signature, $type, undef, $macap, $macsta, $essid, $anonce, $eapol, $mp, $word) = @data; + my $word = substr ($line, $index1 + 1); + + my $hash_in = substr ($line, 0, $index1); + + my @data = split ('\*', $hash_in); + + my ($signature, $type, $pmkidmic, $macap, $macsta, $essid, $anonce, $eapol, $mp) = @data; + + return unless defined $signature; + return unless defined $type; + return unless defined $pmkidmic; + return unless defined $macap; + return unless defined $macsta; + return unless defined $essid; return unless ($signature eq "WPA"); From c9b4e796b0af61f1c45c13acf715b925ad8d4d0e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 22 Dec 2019 10:11:25 +0100 Subject: [PATCH 092/300] Fix missing EOL in -m 22000 and -m 22001 --- src/modules/module_22000.c | 2 +- src/modules/module_22001.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c index 47d5df2f3..7517c51b5 100644 --- a/src/modules/module_22000.c +++ b/src/modules/module_22000.c @@ -395,7 +395,7 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c if (wpa->type == 1) { - const int len = hc_asprintf (buf, "WPA*01*%08x%08x%08x%08x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%s***", + const int len = hc_asprintf (buf, "WPA*01*%08x%08x%08x%08x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%s***" EOL, byte_swap_32 (wpa->pmkid[0]), byte_swap_32 (wpa->pmkid[1]), byte_swap_32 (wpa->pmkid[2]), diff --git a/src/modules/module_22001.c b/src/modules/module_22001.c index 0ecaba32c..deb80e6f3 100644 --- a/src/modules/module_22001.c +++ b/src/modules/module_22001.c @@ -396,7 +396,7 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c if (wpa->type == 1) { - const int len = hc_asprintf (buf, "WPA*01*%08x%08x%08x%08x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%s***", + const int len = hc_asprintf (buf, "WPA*01*%08x%08x%08x%08x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%s***" EOL, byte_swap_32 (wpa->pmkid[0]), byte_swap_32 (wpa->pmkid[1]), byte_swap_32 (wpa->pmkid[2]), From 81903e95eec0f6f2d284d1bcf4e88a3d6cebf1ae Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 22 Dec 2019 10:35:40 +0100 Subject: [PATCH 093/300] Fix EAPOL temporary buffer overflow in -m 22000 and -m 22001 --- src/modules/module_22000.c | 2 +- src/modules/module_22001.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c index 7517c51b5..173c3f377 100644 --- a/src/modules/module_22000.c +++ b/src/modules/module_22000.c @@ -433,7 +433,7 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c eapol_swapped[64] = 0; eapol_swapped[65] = 0; - char tmp2_buf[384]; + char tmp2_buf[1024]; const int tmp2_len = hex_encode ((const u8 *) eapol_swapped, wpa->eapol_len, (u8 *) tmp2_buf); diff --git a/src/modules/module_22001.c b/src/modules/module_22001.c index deb80e6f3..dc37532d1 100644 --- a/src/modules/module_22001.c +++ b/src/modules/module_22001.c @@ -434,7 +434,7 @@ int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED c eapol_swapped[64] = 0; eapol_swapped[65] = 0; - char tmp2_buf[384]; + char tmp2_buf[1024]; const int tmp2_len = hex_encode ((const u8 *) eapol_swapped, wpa->eapol_len, (u8 *) tmp2_buf); From 2110bd2b24486e0526b94e0f5710b9f996d5e4db Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 22 Dec 2019 15:05:33 +0100 Subject: [PATCH 094/300] Fix benchmark_deep.pl for -m 22000 and -m 22001 --- tools/benchmark_deep.pl | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tools/benchmark_deep.pl b/tools/benchmark_deep.pl index 279faa568..e75332dba 100755 --- a/tools/benchmark_deep.pl +++ b/tools/benchmark_deep.pl @@ -35,7 +35,7 @@ else system ("nvidia-smi -rac"); system ("nvidia-smi -pm ENABLED"); system ("nvidia-smi -acp UNRESTRICTED"); - system ("nvidia-smi -pl 1"); ## needs per-gpu adjust + system ("nvidia-smi -pl 225"); ## needs per-gpu adjust system ("nvidia-settings -a GPUPowerMizerMode=1 -a GPUFanControlState=1 -a GPUTargetFanSpeed=100"); } @@ -433,7 +433,14 @@ sub get_module if ($line =~ /OPTS_TYPE_BINARY_HASHFILE/) { - $is_binary = 1; + if (($hash_type == 22000) || ($hash_type == 22001)) + { + ## problem while in -m 2500 backward compatiblity mode + } + else + { + $is_binary = 1; + } } if ($line =~ /ST_HASH *= \"(.*)\"/) From 4c85c0e54f12d4df35283dd5b423b7da98eb2443 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 23 Dec 2019 15:00:15 +0100 Subject: [PATCH 095/300] Revert a671d501aab08cd24308a7d253d7bc3b9ff5919a --- OpenCL/inc_hash_md4.cl | 16 ++++------------ OpenCL/inc_hash_md5.cl | 16 ++++------------ OpenCL/inc_hash_ripemd160.cl | 16 ++++------------ OpenCL/inc_hash_sha1.cl | 16 ++++------------ OpenCL/inc_hash_sha224.cl | 16 ++++------------ OpenCL/inc_hash_sha256.cl | 16 ++++------------ OpenCL/inc_hash_sha384.cl | 16 ++++------------ OpenCL/inc_hash_sha512.cl | 16 ++++------------ OpenCL/inc_hash_streebog256.cl | 16 ++++------------ OpenCL/inc_hash_streebog512.cl | 16 ++++------------ OpenCL/inc_hash_whirlpool.cl | 16 ++++------------ 11 files changed, 44 insertions(+), 132 deletions(-) diff --git a/OpenCL/inc_hash_md4.cl b/OpenCL/inc_hash_md4.cl index 28720b25c..eeb28cd17 100644 --- a/OpenCL/inc_hash_md4.cl +++ b/OpenCL/inc_hash_md4.cl @@ -799,9 +799,7 @@ DECLSPEC void md4_hmac_init_64 (md4_hmac_ctx_t *ctx, const u32 *w0, const u32 *w md4_init (&ctx->ipad); - md4_transform (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + md4_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -824,9 +822,7 @@ DECLSPEC void md4_hmac_init_64 (md4_hmac_ctx_t *ctx, const u32 *w0, const u32 *w md4_init (&ctx->opad); - md4_transform (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + md4_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void md4_hmac_init (md4_hmac_ctx_t *ctx, const u32 *w, const int len) @@ -1686,9 +1682,7 @@ DECLSPEC void md4_hmac_init_vector_64 (md4_hmac_ctx_vector_t *ctx, const u32x *w md4_init_vector (&ctx->ipad); - md4_transform_vector (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + md4_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -1711,9 +1705,7 @@ DECLSPEC void md4_hmac_init_vector_64 (md4_hmac_ctx_vector_t *ctx, const u32x *w md4_init_vector (&ctx->opad); - md4_transform_vector (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + md4_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void md4_hmac_init_vector (md4_hmac_ctx_vector_t *ctx, const u32x *w, const int len) diff --git a/OpenCL/inc_hash_md5.cl b/OpenCL/inc_hash_md5.cl index 2fee96f96..3c52c1f40 100644 --- a/OpenCL/inc_hash_md5.cl +++ b/OpenCL/inc_hash_md5.cl @@ -835,9 +835,7 @@ DECLSPEC void md5_hmac_init_64 (md5_hmac_ctx_t *ctx, const u32 *w0, const u32 *w md5_init (&ctx->ipad); - md5_transform (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + md5_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -860,9 +858,7 @@ DECLSPEC void md5_hmac_init_64 (md5_hmac_ctx_t *ctx, const u32 *w0, const u32 *w md5_init (&ctx->opad); - md5_transform (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + md5_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void md5_hmac_init (md5_hmac_ctx_t *ctx, const u32 *w, const int len) @@ -1758,9 +1754,7 @@ DECLSPEC void md5_hmac_init_vector_64 (md5_hmac_ctx_vector_t *ctx, const u32x *w md5_init_vector (&ctx->ipad); - md5_transform_vector (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + md5_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -1783,9 +1777,7 @@ DECLSPEC void md5_hmac_init_vector_64 (md5_hmac_ctx_vector_t *ctx, const u32x *w md5_init_vector (&ctx->opad); - md5_transform_vector (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + md5_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void md5_hmac_init_vector (md5_hmac_ctx_vector_t *ctx, const u32x *w, const int len) diff --git a/OpenCL/inc_hash_ripemd160.cl b/OpenCL/inc_hash_ripemd160.cl index 703f0dcc8..bcf1074ac 100644 --- a/OpenCL/inc_hash_ripemd160.cl +++ b/OpenCL/inc_hash_ripemd160.cl @@ -933,9 +933,7 @@ DECLSPEC void ripemd160_hmac_init_64 (ripemd160_hmac_ctx_t *ctx, const u32 *w0, ripemd160_init (&ctx->ipad); - ripemd160_transform (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + ripemd160_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -958,9 +956,7 @@ DECLSPEC void ripemd160_hmac_init_64 (ripemd160_hmac_ctx_t *ctx, const u32 *w0, ripemd160_init (&ctx->opad); - ripemd160_transform (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + ripemd160_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void ripemd160_hmac_init (ripemd160_hmac_ctx_t *ctx, const u32 *w, const int len) @@ -1955,9 +1951,7 @@ DECLSPEC void ripemd160_hmac_init_vector_64 (ripemd160_hmac_ctx_vector_t *ctx, c ripemd160_init_vector (&ctx->ipad); - ripemd160_transform_vector (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + ripemd160_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -1980,9 +1974,7 @@ DECLSPEC void ripemd160_hmac_init_vector_64 (ripemd160_hmac_ctx_vector_t *ctx, c ripemd160_init_vector (&ctx->opad); - ripemd160_transform_vector (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + ripemd160_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void ripemd160_hmac_init_vector (ripemd160_hmac_ctx_vector_t *ctx, const u32x *w, const int len) diff --git a/OpenCL/inc_hash_sha1.cl b/OpenCL/inc_hash_sha1.cl index 0166bcad5..7f1da4105 100644 --- a/OpenCL/inc_hash_sha1.cl +++ b/OpenCL/inc_hash_sha1.cl @@ -1165,9 +1165,7 @@ DECLSPEC void sha1_hmac_init_64 (sha1_hmac_ctx_t *ctx, const u32 *w0, const u32 sha1_init (&ctx->ipad); - sha1_transform (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + sha1_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -1190,9 +1188,7 @@ DECLSPEC void sha1_hmac_init_64 (sha1_hmac_ctx_t *ctx, const u32 *w0, const u32 sha1_init (&ctx->opad); - sha1_transform (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + sha1_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void sha1_hmac_init (sha1_hmac_ctx_t *ctx, const u32 *w, const int len) @@ -2267,9 +2263,7 @@ DECLSPEC void sha1_hmac_init_vector_64 (sha1_hmac_ctx_vector_t *ctx, const u32x sha1_init_vector (&ctx->ipad); - sha1_transform_vector (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + sha1_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -2292,9 +2286,7 @@ DECLSPEC void sha1_hmac_init_vector_64 (sha1_hmac_ctx_vector_t *ctx, const u32x sha1_init_vector (&ctx->opad); - sha1_transform_vector (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + sha1_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void sha1_hmac_init_vector (sha1_hmac_ctx_vector_t *ctx, const u32x *w, const int len) diff --git a/OpenCL/inc_hash_sha224.cl b/OpenCL/inc_hash_sha224.cl index e93206e44..72f3dac99 100644 --- a/OpenCL/inc_hash_sha224.cl +++ b/OpenCL/inc_hash_sha224.cl @@ -850,9 +850,7 @@ DECLSPEC void sha224_hmac_init_64 (sha224_hmac_ctx_t *ctx, const u32 *w0, const sha224_init (&ctx->ipad); - sha224_transform (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + sha224_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -875,9 +873,7 @@ DECLSPEC void sha224_hmac_init_64 (sha224_hmac_ctx_t *ctx, const u32 *w0, const sha224_init (&ctx->opad); - sha224_transform (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + sha224_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void sha224_hmac_init (sha224_hmac_ctx_t *ctx, const u32 *w, const int len) @@ -1814,9 +1810,7 @@ DECLSPEC void sha224_hmac_init_vector_64 (sha224_hmac_ctx_vector_t *ctx, const u sha224_init_vector (&ctx->ipad); - sha224_transform_vector (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + sha224_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -1839,9 +1833,7 @@ DECLSPEC void sha224_hmac_init_vector_64 (sha224_hmac_ctx_vector_t *ctx, const u sha224_init_vector (&ctx->opad); - sha224_transform_vector (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + sha224_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void sha224_hmac_init_vector (sha224_hmac_ctx_vector_t *ctx, const u32x *w, const int len) diff --git a/OpenCL/inc_hash_sha256.cl b/OpenCL/inc_hash_sha256.cl index de2bd5897..430b0e8b9 100644 --- a/OpenCL/inc_hash_sha256.cl +++ b/OpenCL/inc_hash_sha256.cl @@ -850,9 +850,7 @@ DECLSPEC void sha256_hmac_init_64 (sha256_hmac_ctx_t *ctx, const u32 *w0, const sha256_init (&ctx->ipad); - sha256_transform (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + sha256_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -875,9 +873,7 @@ DECLSPEC void sha256_hmac_init_64 (sha256_hmac_ctx_t *ctx, const u32 *w0, const sha256_init (&ctx->opad); - sha256_transform (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + sha256_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void sha256_hmac_init (sha256_hmac_ctx_t *ctx, const u32 *w, const int len) @@ -1814,9 +1810,7 @@ DECLSPEC void sha256_hmac_init_vector_64 (sha256_hmac_ctx_vector_t *ctx, const u sha256_init_vector (&ctx->ipad); - sha256_transform_vector (t0, t1, t2, t3, ctx->ipad.h); - - ctx->ipad.len = 64; + sha256_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -1839,9 +1833,7 @@ DECLSPEC void sha256_hmac_init_vector_64 (sha256_hmac_ctx_vector_t *ctx, const u sha256_init_vector (&ctx->opad); - sha256_transform_vector (t0, t1, t2, t3, ctx->opad.h); - - ctx->opad.len = 64; + sha256_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void sha256_hmac_init_vector (sha256_hmac_ctx_vector_t *ctx, const u32x *w, const int len) diff --git a/OpenCL/inc_hash_sha384.cl b/OpenCL/inc_hash_sha384.cl index ea26ec734..c145210d5 100644 --- a/OpenCL/inc_hash_sha384.cl +++ b/OpenCL/inc_hash_sha384.cl @@ -1358,9 +1358,7 @@ DECLSPEC void sha384_hmac_init_128 (sha384_hmac_ctx_t *ctx, const u32 *w0, const sha384_init (&ctx->ipad); - sha384_transform (t0, t1, t2, t3, t4, t5, t6, t7, ctx->ipad.h); - - ctx->ipad.len = 128; + sha384_update_128 (&ctx->ipad, t0, t1, t2, t3, t4, t5, t6, t7, 128); // opad @@ -1399,9 +1397,7 @@ DECLSPEC void sha384_hmac_init_128 (sha384_hmac_ctx_t *ctx, const u32 *w0, const sha384_init (&ctx->opad); - sha384_transform (t0, t1, t2, t3, t4, t5, t6, t7, ctx->opad.h); - - ctx->opad.len = 128; + sha384_update_128 (&ctx->opad, t0, t1, t2, t3, t4, t5, t6, t7, 128); } DECLSPEC void sha384_hmac_init (sha384_hmac_ctx_t *ctx, const u32 *w, const int len) @@ -2858,9 +2854,7 @@ DECLSPEC void sha384_hmac_init_vector_128 (sha384_hmac_ctx_vector_t *ctx, const sha384_init_vector (&ctx->ipad); - sha384_transform_vector (t0, t1, t2, t3, t4, t5, t6, t7, ctx->ipad.h); - - ctx->ipad.len = 128; + sha384_update_vector_128 (&ctx->ipad, t0, t1, t2, t3, t4, t5, t6, t7, 128); // opad @@ -2899,9 +2893,7 @@ DECLSPEC void sha384_hmac_init_vector_128 (sha384_hmac_ctx_vector_t *ctx, const sha384_init_vector (&ctx->opad); - sha384_transform_vector (t0, t1, t2, t3, t4, t5, t6, t7, ctx->opad.h); - - ctx->opad.len = 128; + sha384_update_vector_128 (&ctx->opad, t0, t1, t2, t3, t4, t5, t6, t7, 128); } DECLSPEC void sha384_hmac_init_vector (sha384_hmac_ctx_vector_t *ctx, const u32x *w, const int len) diff --git a/OpenCL/inc_hash_sha512.cl b/OpenCL/inc_hash_sha512.cl index 783a66fbe..0f5ca288a 100644 --- a/OpenCL/inc_hash_sha512.cl +++ b/OpenCL/inc_hash_sha512.cl @@ -1358,9 +1358,7 @@ DECLSPEC void sha512_hmac_init_128 (sha512_hmac_ctx_t *ctx, const u32 *w0, const sha512_init (&ctx->ipad); - sha512_transform (t0, t1, t2, t3, t4, t5, t6, t7, ctx->ipad.h); - - ctx->ipad.len = 128; + sha512_update_128 (&ctx->ipad, t0, t1, t2, t3, t4, t5, t6, t7, 128); // opad @@ -1399,9 +1397,7 @@ DECLSPEC void sha512_hmac_init_128 (sha512_hmac_ctx_t *ctx, const u32 *w0, const sha512_init (&ctx->opad); - sha512_transform (t0, t1, t2, t3, t4, t5, t6, t7, ctx->opad.h); - - ctx->opad.len = 128; + sha512_update_128 (&ctx->opad, t0, t1, t2, t3, t4, t5, t6, t7, 128); } DECLSPEC void sha512_hmac_init (sha512_hmac_ctx_t *ctx, const u32 *w, const int len) @@ -2975,9 +2971,7 @@ DECLSPEC void sha512_hmac_init_vector_128 (sha512_hmac_ctx_vector_t *ctx, const sha512_init_vector (&ctx->ipad); - sha512_transform_vector (t0, t1, t2, t3, t4, t5, t6, t7, ctx->ipad.h); - - ctx->ipad.len = 128; + sha512_update_vector_128 (&ctx->ipad, t0, t1, t2, t3, t4, t5, t6, t7, 128); // opad @@ -3016,9 +3010,7 @@ DECLSPEC void sha512_hmac_init_vector_128 (sha512_hmac_ctx_vector_t *ctx, const sha512_init_vector (&ctx->opad); - sha512_transform_vector (t0, t1, t2, t3, t4, t5, t6, t7, ctx->opad.h); - - ctx->opad.len = 128; + sha512_update_vector_128 (&ctx->opad, t0, t1, t2, t3, t4, t5, t6, t7, 128); } DECLSPEC void sha512_hmac_init_vector (sha512_hmac_ctx_vector_t *ctx, const u32x *w, const int len) diff --git a/OpenCL/inc_hash_streebog256.cl b/OpenCL/inc_hash_streebog256.cl index 92534db1d..3983ef70a 100644 --- a/OpenCL/inc_hash_streebog256.cl +++ b/OpenCL/inc_hash_streebog256.cl @@ -1106,9 +1106,7 @@ DECLSPEC void streebog256_hmac_init_64 (streebog256_hmac_ctx_t *ctx, const u32 * streebog256_init (&ctx->ipad, s_sbob_sl64); - streebog256_transform (&ctx->ipad, t0, t1, t2, t3); - - ctx->ipad.len = 64; + streebog256_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -1131,9 +1129,7 @@ DECLSPEC void streebog256_hmac_init_64 (streebog256_hmac_ctx_t *ctx, const u32 * streebog256_init (&ctx->opad, s_sbob_sl64); - streebog256_transform (&ctx->opad, t0, t1, t2, t3); - - ctx->opad.len = 64; + streebog256_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void streebog256_hmac_init (streebog256_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64a (*s_sbob_sl64)[256]) @@ -1752,9 +1748,7 @@ DECLSPEC void streebog256_hmac_init_vector_64 (streebog256_hmac_ctx_vector_t *ct streebog256_init_vector (&ctx->ipad, s_sbob_sl64); - streebog256_transform_vector (&ctx->ipad, t0, t1, t2, t3); - - ctx->ipad.len = 64; + streebog256_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -1777,9 +1771,7 @@ DECLSPEC void streebog256_hmac_init_vector_64 (streebog256_hmac_ctx_vector_t *ct streebog256_init_vector (&ctx->opad, s_sbob_sl64); - streebog256_transform_vector (&ctx->opad, t0, t1, t2, t3); - - ctx->opad.len = 64; + streebog256_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void streebog256_hmac_init_vector (streebog256_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64a (*s_sbob_sl64)[256]) diff --git a/OpenCL/inc_hash_streebog512.cl b/OpenCL/inc_hash_streebog512.cl index 08580981d..85aaea233 100644 --- a/OpenCL/inc_hash_streebog512.cl +++ b/OpenCL/inc_hash_streebog512.cl @@ -1106,9 +1106,7 @@ DECLSPEC void streebog512_hmac_init_64 (streebog512_hmac_ctx_t *ctx, const u32 * streebog512_init (&ctx->ipad, s_sbob_sl64); - streebog512_transform (&ctx->ipad, t0, t1, t2, t3); - - ctx->ipad.len = 64; + streebog512_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -1131,9 +1129,7 @@ DECLSPEC void streebog512_hmac_init_64 (streebog512_hmac_ctx_t *ctx, const u32 * streebog512_init (&ctx->opad, s_sbob_sl64); - streebog512_transform (&ctx->opad, t0, t1, t2, t3); - - ctx->opad.len = 64; + streebog512_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void streebog512_hmac_init (streebog512_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64a (*s_sbob_sl64)[256]) @@ -1771,9 +1767,7 @@ DECLSPEC void streebog512_hmac_init_vector_64 (streebog512_hmac_ctx_vector_t *ct streebog512_init_vector (&ctx->ipad, s_sbob_sl64); - streebog512_transform_vector (&ctx->ipad, t0, t1, t2, t3); - - ctx->ipad.len = 64; + streebog512_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -1796,9 +1790,7 @@ DECLSPEC void streebog512_hmac_init_vector_64 (streebog512_hmac_ctx_vector_t *ct streebog512_init_vector (&ctx->opad, s_sbob_sl64); - streebog512_transform_vector (&ctx->opad, t0, t1, t2, t3); - - ctx->opad.len = 64; + streebog512_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void streebog512_hmac_init_vector (streebog512_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64a (*s_sbob_sl64)[256]) diff --git a/OpenCL/inc_hash_whirlpool.cl b/OpenCL/inc_hash_whirlpool.cl index b4933e6f7..e4e1f22eb 100644 --- a/OpenCL/inc_hash_whirlpool.cl +++ b/OpenCL/inc_hash_whirlpool.cl @@ -2014,9 +2014,7 @@ DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, whirlpool_init (&ctx->ipad, s_Ch, s_Cl); - whirlpool_transform (t0, t1, t2, t3, ctx->ipad.h, ctx->ipad.s_Ch, ctx->ipad.s_Cl); - - ctx->ipad.len = 64; + whirlpool_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -2039,9 +2037,7 @@ DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, whirlpool_init (&ctx->opad, s_Ch, s_Cl); - whirlpool_transform (t0, t1, t2, t3, ctx->opad.h, ctx->opad.s_Ch, ctx->opad.s_Cl); - - ctx->opad.len = 64; + whirlpool_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) @@ -3056,9 +3052,7 @@ DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, c whirlpool_init_vector (&ctx->ipad, s_Ch, s_Cl); - whirlpool_transform_vector (t0, t1, t2, t3, ctx->ipad.h, ctx->ipad.s_Ch, ctx->ipad.s_Cl); - - ctx->ipad.len = 64; + whirlpool_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); // opad @@ -3081,9 +3075,7 @@ DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, c whirlpool_init_vector (&ctx->opad, s_Ch, s_Cl); - whirlpool_transform_vector (t0, t1, t2, t3, ctx->opad.h, ctx->opad.s_Ch, ctx->opad.s_Cl); - - ctx->opad.len = 64; + whirlpool_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) From bbb1f97dc31c0d44efd91e40a21d86f677402fbd Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 23 Dec 2019 15:06:36 +0100 Subject: [PATCH 096/300] Fixed some typos in changes.txt --- docs/changes.txt | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index ff7d14d3c..435474a99 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -4,13 +4,13 @@ ## Feature ## -- Fully modularized hash-mode integration via plugin interface and converted all existing hash-modes +- Fully modularized hash-mode integration via plugin interface and conversion of all existing hash-modes - Refactor hashcat backend interface to allow adding compute API other than OpenCL -- Added CUDA as a new compute API to hashcat backend (enables hashcat to run on NVIDIA Jetson or IBM POWER9) +- Added CUDA as a new compute API to hashcat backend (enables hashcat to run on NVIDIA Jetson, IBM POWER9 w/ Nvidia V100, etc.) - Support use of all available GPU memory using CUDA backend - Support use of all available CPU cores for hash-mode specific hooks - Support on-the-fly loading of compressed wordlists in zip and gzip format -- Support for inline VeraCrypt PIM Brute-Force +- Support for inline VeraCrypt PIM brute-force - Support deflate decompression for the 7-Zip hash-mode using zlib hook - Added documentation on hashcat brain, slow-candidate and keyboard-layout mapping features - Keep output of --show and --left in the original ordering of the input hash file @@ -31,6 +31,9 @@ - Added hash-mode: Kerberos 5 Pre-Auth etype 18 (AES256-CTS-HMAC-SHA1-96) - Added hash-mode: Kerberos 5 TGS-REP etype 17 (AES128-CTS-HMAC-SHA1-96) - Added hash-mode: Kerberos 5 TGS-REP etype 18 (AES256-CTS-HMAC-SHA1-96) +- Added hash-mode: md5($salt.sha1($salt.$pass)) +- Added hash-mode: md5(sha1($pass).md5($pass).sha1($pass)) +- Added hash-mode: md5(sha1($salt).md5($pass)) - Added hash-mode: Open Document Format (ODF) 1.1 (SHA-1, Blowfish) - Added hash-mode: Open Document Format (ODF) 1.2 (SHA-256, AES) - Added hash-mode: Oracle Transportation Management (SHA256) @@ -43,10 +46,6 @@ - Added hash-mode: QNX /etc/shadow (SHA256) - Added hash-mode: QNX /etc/shadow (SHA512) - Added hash-mode: Ruby on Rails Restful-Authentication -- Added hash-mode: SolarWinds Orion -- Added hash-mode: md5($salt.sha1($salt.$pass)) -- Added hash-mode: md5(sha1($pass).md5($pass).sha1($pass)) -- Added hash-mode: md5(sha1($salt).md5($pass)) - Added hash-mode: sha1(md5(md5($pass))) - Added hash-mode: sha1(md5($pass.$salt)) - Added hash-mode: sha1(md5($pass).$salt) @@ -54,6 +53,7 @@ - Added hash-mode: sha256(md5($pass)) - Added hash-mode: sha256(sha256_bin(pass)) - Added hash-mode: sha256(sha256($pass).$salt) +- Added hash-mode: SolarWinds Orion - Added hash-mode: Web2py pbkdf2-sha512 - Added hash-mode: WPA-PBKDF2-PMKID+EAPOL - Added hash-mode: WPA-PMK-PMKID+EAPOL @@ -64,13 +64,12 @@ - Fixed buffer overflow in build_plain() function - Fixed copy/paste error leading to invalid "Integer overflow detected in keyspace of mask" in attack-mode 6 and 7 -- Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes with unexpected decrypted data +- Fixed cracking multiple Office hashes (modes 9500, 9600) with the same salt - Fixed cracking of Cisco-PIX and Cisco-ASA MD5 passwords in mask-attack mode if mask > length 16 - Fixed cracking of Electrum Wallet Salt-Type 2 hashes - Fixed cracking of NetNTLMv1 passwords in mask-attack mode if mask > length 16 (optimized kernels only) - Fixed cracking raw Streebog-HMAC 256 and 512 hashes with password of length >= 64 - Fixed cracking raw Whirlpool hashes cracking with password of length >= 32 -- Fixed cracking multiple Office hashes(modes 9500, 9600) with the same salt - Fixed incorrect progress-only result in a special race condition - Fixed invalid call of mp_css_utf16le_expand()/mp_css_utf16be_expand() in a slow-candidate session - Fixed invalid password truncation in attack-mode 1 if final password is longer than 32 character @@ -94,21 +93,21 @@ - Building: Updated BUILD.md - Cracking bcrypt and Password Safe v2: Use a feedback from the compute API backend to dynamically find out optimal thread count - Documents: Added README on how to build hashcat on MSYS2 -- Filehandling: Print a truncation warning in case an oversized line was detected +- File handling: Print a truncation warning when an oversized line is detected - My Wallet: Added additional plaintext pattern used in newer versions - OpenCL Runtime: Disable OpenCL kernel cache on Apple for Intel CPU (throws CL_BUILD_PROGRAM_FAILURE for no reason) -- OpenCL Runtime: Do not run a shared- and constant-memory size check if their memory type is of type global memory (typically CPU) -- OpenCL Runtime: Improve ROCM detection and make sure to not confuse with recent AMDGPU drivers +- OpenCL Runtime: Do not run shared- and constant-memory size checks if their memory type is of type global memory (typically CPU) +- OpenCL Runtime: Improve ROCm detection and make sure to not confuse with recent AMDGPU drivers - OpenCL Runtime: Not using amd_bytealign (amd_bitalign is fine) on AMDGPU driver drastically reduces JiT segfaults - OpenCL Runtime: Reenabled support for Intel GPU OpenCL runtime - OpenCL Runtime: Unlocked maximum thread count - OpenCL Runtime: Update unstable mode warnings for Apple and AMDGPU drivers - OpenCL Runtime: Workaround JiT compiler error on AMDGPU driver compiling WPA-EAPOL-PBKDF2 OpenCL kernel -- OpenCL Runtime: Workaround JiT compiler error on ROCM 2.3 driver if the 'inline' keyword is used in function declaration +- OpenCL Runtime: Workaround JiT compiler error on ROCm 2.3 driver if the 'inline' keyword is used in function declaration - OpenCL Runtime: Workaround memory allocation error on AMD driver on Windows leading to CL_MEM_OBJECT_ALLOCATION_FAILURE - OpenCL Runtime: Workaround ROCm OpenCL driver problem trying to write temporary file into readonly folder by setting TMPDIR -- Startup Checks: Prevent the user to modify options which are overwritten automatically in benchmark mode - Startup Checks: Improved the pidfile check: Do not just check for existing PID but also check executable filename +- Startup Checks: Prevent the user to modify options which are overwritten automatically in benchmark mode - Startup Screen: Add extra warning when using --force - Startup Screen: Add extra warning when using --keep-guessing - Startup Screen: Provide an estimate of host memory requirements for the requested attack @@ -124,7 +123,7 @@ ## Technical ## -- Binary Distribution: Removed 32 bit binary executables +- Binary Distribution: Removed 32-bit binary executables - Building: On macOS, switch from ar to /usr/bin/ar to improve building compatibility - Building: Skipping Travis/Appveyor build for non-code changes - Codebase: Cleanup of many unused rc_* variables @@ -139,8 +138,8 @@ - Hash-Mode 1680x (WPA-PMKID) specific: Changed separator character from '*' to ':' - Hash-Mode 8300 (DNSSEC (NSEC3)) specific: Allow empty salt - Keep Guessing: No longer automatically activate --keep-guessing for modes 9720, 9820, 14900 and 18100 -- Kernel Cache: Reactivate OpenCL runtime specific kernel caches - Keep Guessing: No longer mark hashes as cracked/removed when in potfile +- Kernel Cache: Reactivate OpenCL runtime specific kernel caches - Kernel Compile: Removed -cl-std= from all kernel build options since we're compatible to all OpenCL versions - OpenCL Kernels: Fix OpenCL compiler warning on double precision constants - OpenCL Options: Removed --opencl-platforms filter in order to force backend device numbers to stay constant From 55d52160a37879d50b1653967844d69b7fcecb68 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 23 Dec 2019 15:48:35 +0100 Subject: [PATCH 097/300] Put back missing entry in changes.txt --- docs/changes.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changes.txt b/docs/changes.txt index 435474a99..bb1bdd31b 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -65,6 +65,7 @@ - Fixed buffer overflow in build_plain() function - Fixed copy/paste error leading to invalid "Integer overflow detected in keyspace of mask" in attack-mode 6 and 7 - Fixed cracking multiple Office hashes (modes 9500, 9600) with the same salt +- Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes with unexpected decrypted data - Fixed cracking of Cisco-PIX and Cisco-ASA MD5 passwords in mask-attack mode if mask > length 16 - Fixed cracking of Electrum Wallet Salt-Type 2 hashes - Fixed cracking of NetNTLMv1 passwords in mask-attack mode if mask > length 16 (optimized kernels only) From 6ed3003a301be43074c0eeb511b522544730033b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 23 Dec 2019 15:59:14 +0100 Subject: [PATCH 098/300] Fix for -m 3000 loading hashes in pwdump format --- src/modules/module_03000.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/modules/module_03000.c b/src/modules/module_03000.c index e5c819941..5cf3e2b5e 100644 --- a/src/modules/module_03000.c +++ b/src/modules/module_03000.c @@ -27,6 +27,7 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_PT_ALWAYS_ASCII | OPTS_TYPE_PT_LM | OPTS_TYPE_HASH_SPLIT; +static const u32 PWDUMP_COLUMN = PWDUMP_COLUMN_LM_HASH; static const u32 SALT_TYPE = SALT_TYPE_NONE; static const char *ST_PASS = "hashcat1"; static const char *ST_HASH = "299bd128c1101fd6"; @@ -42,6 +43,7 @@ const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_pwdump_column (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return PWDUMP_COLUMN; } u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } @@ -227,7 +229,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_potfile_custom_check = MODULE_DEFAULT; module_ctx->module_potfile_disable = MODULE_DEFAULT; module_ctx->module_potfile_keep_all_hashes = module_potfile_keep_all_hashes; - module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pwdump_column = module_pwdump_column; module_ctx->module_pw_max = module_pw_max; module_ctx->module_pw_min = MODULE_DEFAULT; module_ctx->module_salt_max = MODULE_DEFAULT; From 4d286d5dc7a3b8b8602ea893a5f6da8a4b757ac3 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 24 Dec 2019 17:24:27 +0100 Subject: [PATCH 099/300] Fix selftest in case OPTS_TYPE_DEEP_COMP_KERNEL is active --- src/selftest.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/src/selftest.c b/src/selftest.c index 77652f9d9..972aba475 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -542,39 +542,28 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param device_param->kernel_params_buf32[28] = 0; device_param->kernel_params_buf32[29] = 1; - bool test_ok = false; - if (hashconfig->opts_type & OPTS_TYPE_AUX1) { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX1, 1, false, 0) == 0) test_ok = true; + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX1, 1, false, 0) == -1) return -1; } if (hashconfig->opts_type & OPTS_TYPE_AUX2) { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX2, 1, false, 0) == 0) test_ok = true; + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX2, 1, false, 0) == -1) return -1; } if (hashconfig->opts_type & OPTS_TYPE_AUX3) { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX3, 1, false, 0) == 0) test_ok = true; + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX3, 1, false, 0) == -1) return -1; } if (hashconfig->opts_type & OPTS_TYPE_AUX4) { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX4, 1, false, 0) == 0) test_ok = true; + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX4, 1, false, 0) == -1) return -1; } - - else - { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_3, 1, false, 0) == -1) return -1; - } - - if (test_ok == false) return -1; - } - else - { - if (run_kernel (hashcat_ctx, device_param, KERN_RUN_3, 1, false, 0) == -1) return -1; } + + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_3, 1, false, 0) == -1) return -1; } device_param->spin_damp = spin_damp_sav; From 7ef92379d8dc012e106880c0e07f6b9c9b6fd2ed Mon Sep 17 00:00:00 2001 From: philsmd Date: Fri, 27 Dec 2019 09:12:22 +0100 Subject: [PATCH 100/300] Electrum 4/5: speedup by using w-NAF (Non-Adjacent Form) --- OpenCL/inc_ecc_secp256k1.cl | 969 +++++++++++++++++++++--------------- OpenCL/inc_ecc_secp256k1.h | 2 +- 2 files changed, 574 insertions(+), 397 deletions(-) diff --git a/OpenCL/inc_ecc_secp256k1.cl b/OpenCL/inc_ecc_secp256k1.cl index 3318298ff..350d90171 100644 --- a/OpenCL/inc_ecc_secp256k1.cl +++ b/OpenCL/inc_ecc_secp256k1.cl @@ -63,12 +63,11 @@ * ladder. Of course, this claim would need to be verified and tested to see which one is faster * for our specific scenario at the end. * - * A speedup could also be possible by using scalars converted to (w)NAF (non-adjacent form) or by - * just using the windowed (precomputed zi) method or similar improvements: - * The general idea of w-NAF would be to pre-compute some zi coefficients like below to reduce the + * We accomplish a "little" speedup by using scalars converted to w-NAF (non-adjacent form): + * The general idea of w-NAF is to pre-compute some zi coefficients like below to reduce the * costly point additions by using a non-binary ("signed") number system (values other than just - * 0 and 1, but ranging from -2^(w-1)-1 to 2^(w-1)-1). This would work best with the left-to-right - * binary algorithm such that we could just add zi * P when adding point P (pre-compute all the + * 0 and 1, but ranging from -2^(w-1)-1 to 2^(w-1)-1). This works best with the left-to-right + * binary algorithm such that we just add zi * P when adding point P (we pre-compute all the * possible zi * P values because the x/y coordinates are known before the kernel starts): * * // Example with window size w = 2 (i.e. mod 4 => & 3): @@ -1202,7 +1201,30 @@ DECLSPEC void point_double (u32 x[8], u32 y[8], u32 z[8]) z[7] = t3[7]; } -DECLSPEC void point_add (u32 x1[8], u32 y1[8], u32 z1[8], const u32 x2[8], const u32 y2[8], const u32 z2[8]) +/* + * madd-2004-hmv: + * (from https://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html) + * t1 = z1^2 + * t2 = t1*z1 + * t1 = t1*x2 + * t2 = t2*y2 + * t1 = t1-x1 + * t2 = t2-y1 + * z3 = z1*t1 + * t3 = t1^2 + * t4 = t3*t1 + * t3 = t3*x1 + * t1 = 2*t3 + * x3 = t2^2 + * x3 = x3-t1 + * x3 = x3-t4 + * t3 = t3-x3 + * t3 = t3*t2 + * t4 = t4*y1 + * y3 = t3-t4 + */ + +void point_add (u32 x1[8], u32 y1[8], u32 z1[8], u32 x2[8], u32 y2[8]) // z2 = 1 { // How often does this really happen? it should "almost" never happen (but would be safer) @@ -1279,7 +1301,7 @@ DECLSPEC void point_add (u32 x1[8], u32 y1[8], u32 z1[8], const u32 x2[8], const t3[6] = z1[6]; t3[7] = z1[7]; - // x2/y2/z2: + // x2/y2: u32 t4[8]; @@ -1304,468 +1326,623 @@ DECLSPEC void point_add (u32 x1[8], u32 y1[8], u32 z1[8], const u32 x2[8], const t5[7] = y2[7]; u32 t6[8]; - - t6[0] = z2[0]; - t6[1] = z2[1]; - t6[2] = z2[2]; - t6[3] = z2[3]; - t6[4] = z2[4]; - t6[5] = z2[5]; - t6[6] = z2[6]; - t6[7] = z2[7]; - u32 t7[8]; + u32 t8[8]; + u32 t9[8]; - mul_mod (t7, t3, t3); // t7 = z1^2 - mul_mod (t4, t4, t7); // t4 = x2 * z1^2 = B + mul_mod (t6, t3, t3); // t6 = t3^2 - mul_mod (t5, t5, t3); // t5 = y2 * z1 - mul_mod (t5, t5, t7); // t5 = y2 * z1^3 = D + mul_mod (t7, t6, t3); // t7 = t6*t3 + mul_mod (t6, t6, t4); // t6 = t6*t4 + mul_mod (t7, t7, t5); // t7 = t7*t5 - mul_mod (t7, t6, t6); // t7 = z2^2 + sub_mod (t6, t6, t1); // t6 = t6-t1 + sub_mod (t7, t7, t2); // t7 = t7-t2 - mul_mod (t1, t1, t7); // t1 = x1 * z2^2 + mul_mod (t8, t3, t6); // t8 = t3*t6 + mul_mod (t4, t6, t6); // t4 = t6^2 + mul_mod (t9, t4, t6); // t9 = t4*t6 + mul_mod (t4, t4, t1); // t4 = t4*t1 - mul_mod (t2, t2, t6); // t2 = y1 * z2 - mul_mod (t2, t2, t7); // t2 = y1 * z2^3 = C + // left shift (t4 * 2): - sub_mod (t1, t1, t4); // t1 = A - B = E + t6[7] = t4[7] << 1 | t4[6] >> 31; + t6[6] = t4[6] << 1 | t4[5] >> 31; + t6[5] = t4[5] << 1 | t4[4] >> 31; + t6[4] = t4[4] << 1 | t4[3] >> 31; + t6[3] = t4[3] << 1 | t4[2] >> 31; + t6[2] = t4[2] << 1 | t4[1] >> 31; + t6[1] = t4[1] << 1 | t4[0] >> 31; + t6[0] = t4[0] << 1; - mul_mod (t3, t6, t3); // t3 = z1 * z2 - mul_mod (t3, t1, t3); // t3 = z1 * z2 * E = Z3 + // don't discard the most significant bit, it's important too! - sub_mod (t2, t2, t5); // t2 = C - D = F + if (t4[7] & 0x80000000) + { + // use most significant bit and perform mod P, since we have: t4 * 2 % P - mul_mod (t7, t1, t1); // t7 = E^2 - mul_mod (t6, t2, t2); // t6 = F^2 + u32 a[8] = { 0 }; - mul_mod (t4, t4, t7); // t4 = B * E^2 - mul_mod (t1, t7, t1); // t1 = E^3 + a[1] = 1; + a[0] = 0x000003d1; // omega (see: mul_mod ()) - sub_mod (t6, t6, t1); // t6 = F^2 - E^3 + add (t6, t6, a); + } - add_mod (t7, t4, t4); // t7 = 2 * B * E^2 + mul_mod (t5, t7, t7); // t5 = t7*t7 - sub_mod (t6, t6, t7); // t6 = F^2 - E^2 - 2 * B * E^2 = X3 - sub_mod (t4, t4, t6); // t4 = B * E^2 - X3 + sub_mod (t5, t5, t6); // t5 = t5-t6 + sub_mod (t5, t5, t9); // t5 = t5-t9 + sub_mod (t4, t4, t5); // t4 = t4-t5 - mul_mod (t2, t2, t4); // t2 = F * (B * E^2 - X3) - mul_mod (t7, t5, t1); // t7 = D * E^3 + mul_mod (t4, t4, t7); // t4 = t4*t7 + mul_mod (t9, t9, t2); // t9 = t9*t2 - sub_mod (t7, t2, t7); // t7 = F * (B * E^2 - X3) - D * E^3 = Y3 + sub_mod (t9, t4, t9); // t9 = t4-t9 - x1[0] = t6[0]; - x1[1] = t6[1]; - x1[2] = t6[2]; - x1[3] = t6[3]; - x1[4] = t6[4]; - x1[5] = t6[5]; - x1[6] = t6[6]; - x1[7] = t6[7]; + x1[0] = t5[0]; + x1[1] = t5[1]; + x1[2] = t5[2]; + x1[3] = t5[3]; + x1[4] = t5[4]; + x1[5] = t5[5]; + x1[6] = t5[6]; + x1[7] = t5[7]; - y1[0] = t7[0]; - y1[1] = t7[1]; - y1[2] = t7[2]; - y1[3] = t7[3]; - y1[4] = t7[4]; - y1[5] = t7[5]; - y1[6] = t7[6]; - y1[7] = t7[7]; + y1[0] = t9[0]; + y1[1] = t9[1]; + y1[2] = t9[2]; + y1[3] = t9[3]; + y1[4] = t9[4]; + y1[5] = t9[5]; + y1[6] = t9[6]; + y1[7] = t9[7]; - z1[0] = t3[0]; - z1[1] = t3[1]; - z1[2] = t3[2]; - z1[3] = t3[3]; - z1[4] = t3[4]; - z1[5] = t3[5]; - z1[6] = t3[6]; - z1[7] = t3[7]; + z1[0] = t8[0]; + z1[1] = t8[1]; + z1[2] = t8[2]; + z1[3] = t8[3]; + z1[4] = t8[4]; + z1[5] = t8[5]; + z1[6] = t8[6]; + z1[7] = t8[7]; } DECLSPEC void point_get_coords (secp256k1_t *r, const u32 x[8], const u32 y[8]) { - // init the values with x and y: + /* + pre-compute 1/-1, 3/-3, 5/-5, 7/-7 times P (x, y) + for wNAF with window size 4 (max/min: +/- 2^3-1): -7, -5, -3, -1, 1, 3, 5, 7 - u32 x1[8]; + +x1 ( 0) + +y1 ( 8) + -y1 (16) - x1[0] = x[0]; - x1[1] = x[1]; - x1[2] = x[2]; - x1[3] = x[3]; - x1[4] = x[4]; - x1[5] = x[5]; - x1[6] = x[6]; - x1[7] = x[7]; + +x3 (24) + +y3 (32) + -y3 (40) - u32 y1[8]; + +x5 (48) + +y5 (56) + -y5 (64) - y1[0] = y[0]; - y1[1] = y[1]; - y1[2] = y[2]; - y1[3] = y[3]; - y1[4] = y[4]; - y1[5] = y[5]; - y1[6] = y[6]; - y1[7] = y[7]; + +x7 (72) + +y7 (80) + -y7 (88) + */ - u32 t1[8]; + // note: we use jacobian forms with (x, y, z) for computation, but affine + // (or just converted to z = 1) for storage - t1[0] = y[0]; - t1[1] = y[1]; - t1[2] = y[2]; - t1[3] = y[3]; - t1[4] = y[4]; - t1[5] = y[5]; - t1[6] = y[6]; - t1[7] = y[7]; + // 1: - // we use jacobian forms and the convertion with z = 1 is basically a NO-OP: - // X = X1 * z^2 = X1, Y = Y1 * z^3 = Y1 - - // https://eprint.iacr.org/2011/338.pdf - - // initial jacobian doubling - - u32 t2[8]; - u32 t3[8]; - u32 t4[8]; - - mul_mod (t2, x1, x1); // t2 = x1^2 - mul_mod (t3, y1, y1); // t3 = y1^2 - - mul_mod (x1, x1, t3); // x1 = x1*y1^2 - - mul_mod (t3, t3, t3); // t3 = t3^2 = y1^4 - - // here the z^2 and z^4 is not needed for a = 0 (and furthermore we have z = 1) - - add_mod (y1, t2, t2); // y1 = 2 * t2 = 2 * x1^2 - add_mod (t2, y1, t2); // t2 = 3 * t2 = 3 * x1^2 - - // a * z^4 = 0 * 1^4 = 0 - - // don't discard the least significant bit it's important too! - - u32 c = 0; - - if (t2[0] & 1) - { - u32 t[8]; - - t[0] = SECP256K1_P0; - t[1] = SECP256K1_P1; - t[2] = SECP256K1_P2; - t[3] = SECP256K1_P3; - t[4] = SECP256K1_P4; - t[5] = SECP256K1_P5; - t[6] = SECP256K1_P6; - t[7] = SECP256K1_P7; - - c = add (t2, t2, t); // t2 + SECP256K1_P - } - - // right shift (t2 / 2): - - t2[0] = t2[0] >> 1 | t2[1] << 31; - t2[1] = t2[1] >> 1 | t2[2] << 31; - t2[2] = t2[2] >> 1 | t2[3] << 31; - t2[3] = t2[3] >> 1 | t2[4] << 31; - t2[4] = t2[4] >> 1 | t2[5] << 31; - t2[5] = t2[5] >> 1 | t2[6] << 31; - t2[6] = t2[6] >> 1 | t2[7] << 31; - t2[7] = t2[7] >> 1 | c << 31; - - mul_mod (t4, t2, t2); // t4 = t2^2 = (3/2*x1^2)^2 - - add_mod (y1, x1, x1); // y1 = 2 * x1_new - - sub_mod (t4, t4, y1); // t4 = t4 - y1_new - sub_mod (x1, x1, t4); // x1 = x1 - t4 - - mul_mod (t2, t2, x1); // t2 = t2 * x1_new - - sub_mod (x1, t2, t3); // x1 = t2 - t3 - - // => X = t4, Y = x1, Z = t1: - // (and t2, t3 can now be safely reused) - - // convert to affine coordinates (to save some bytes copied around) and store it: - - u32 inv[8]; - - inv[0] = t1[0]; - inv[1] = t1[1]; - inv[2] = t1[2]; - inv[3] = t1[3]; - inv[4] = t1[4]; - inv[5] = t1[5]; - inv[6] = t1[6]; - inv[7] = t1[7]; - - inv_mod (inv); - - mul_mod (t2, inv, inv); // t2 = inv^2 - mul_mod (t3, inv, t2); // t3 = inv^3 - - // output to y1 - - mul_mod (t3, t3, x1); - - r->xy[31] = t3[7]; - r->xy[30] = t3[6]; - r->xy[29] = t3[5]; - r->xy[28] = t3[4]; - r->xy[27] = t3[3]; - r->xy[26] = t3[2]; - r->xy[25] = t3[1]; - r->xy[24] = t3[0]; - - // output to x1 - - mul_mod (t3, t2, t4); - - r->xy[23] = t3[7]; - r->xy[22] = t3[6]; - r->xy[21] = t3[5]; - r->xy[20] = t3[4]; - r->xy[19] = t3[3]; - r->xy[18] = t3[2]; - r->xy[17] = t3[1]; - r->xy[16] = t3[0]; - - // also store orginal x/y: - - r->xy[15] = y[7]; - r->xy[14] = y[6]; - r->xy[13] = y[5]; - r->xy[12] = y[4]; - r->xy[11] = y[3]; - r->xy[10] = y[2]; - r->xy[ 9] = y[1]; - r->xy[ 8] = y[0]; - - r->xy[ 7] = x[7]; - r->xy[ 6] = x[6]; - r->xy[ 5] = x[5]; - r->xy[ 4] = x[4]; - r->xy[ 3] = x[3]; - r->xy[ 2] = x[2]; - r->xy[ 1] = x[1]; r->xy[ 0] = x[0]; + r->xy[ 1] = x[1]; + r->xy[ 2] = x[2]; + r->xy[ 3] = x[3]; + r->xy[ 4] = x[4]; + r->xy[ 5] = x[5]; + r->xy[ 6] = x[6]; + r->xy[ 7] = x[7]; + + r->xy[ 8] = y[0]; + r->xy[ 9] = y[1]; + r->xy[10] = y[2]; + r->xy[11] = y[3]; + r->xy[12] = y[4]; + r->xy[13] = y[5]; + r->xy[14] = y[6]; + r->xy[15] = y[7]; + + // -1: + + u32 p[8]; + + p[0] = SECP256K1_P0; + p[1] = SECP256K1_P1; + p[2] = SECP256K1_P2; + p[3] = SECP256K1_P3; + p[4] = SECP256K1_P4; + p[5] = SECP256K1_P5; + p[6] = SECP256K1_P6; + p[7] = SECP256K1_P7; + + u32 neg[8]; + + neg[0] = y[0]; + neg[1] = y[1]; + neg[2] = y[2]; + neg[3] = y[3]; + neg[4] = y[4]; + neg[5] = y[5]; + neg[6] = y[6]; + neg[7] = y[7]; + + sub_mod (neg, p, neg); // -y = p - y + + r->xy[16] = neg[0]; + r->xy[17] = neg[1]; + r->xy[18] = neg[2]; + r->xy[19] = neg[3]; + r->xy[20] = neg[4]; + r->xy[21] = neg[5]; + r->xy[22] = neg[6]; + r->xy[23] = neg[7]; - // do the double of the double (i.e. "triple") too, just in case we need it in the main loop: + // copy of 1: - point_double (t4, x1, t1); + u32 tx[8]; - // convert to affine coordinates and store it: + tx[0] = x[0]; + tx[1] = x[1]; + tx[2] = x[2]; + tx[3] = x[3]; + tx[4] = x[4]; + tx[5] = x[5]; + tx[6] = x[6]; + tx[7] = x[7]; - inv_mod (t1); + u32 ty[8]; - mul_mod (t2, t1, t1); // t2 = t1^2 - mul_mod (t3, t1, t2); // t3 = t1^3 + ty[0] = y[0]; + ty[1] = y[1]; + ty[2] = y[2]; + ty[3] = y[3]; + ty[4] = y[4]; + ty[5] = y[5]; + ty[6] = y[6]; + ty[7] = y[7]; - // output to y2 + u32 rx[8]; - mul_mod (t3, t3, x1); + rx[0] = x[0]; + rx[1] = x[1]; + rx[2] = x[2]; + rx[3] = x[3]; + rx[4] = x[4]; + rx[5] = x[5]; + rx[6] = x[6]; + rx[7] = x[7]; - r->xy[47] = t3[7]; - r->xy[46] = t3[6]; - r->xy[45] = t3[5]; - r->xy[44] = t3[4]; - r->xy[43] = t3[3]; - r->xy[42] = t3[2]; - r->xy[41] = t3[1]; - r->xy[40] = t3[0]; + u32 ry[8]; - // output to x2 + ry[0] = y[0]; + ry[1] = y[1]; + ry[2] = y[2]; + ry[3] = y[3]; + ry[4] = y[4]; + ry[5] = y[5]; + ry[6] = y[6]; + ry[7] = y[7]; - mul_mod (t3, t2, t4); + u32 rz[8] = { 0 }; - r->xy[39] = t3[7]; - r->xy[38] = t3[6]; - r->xy[37] = t3[5]; - r->xy[36] = t3[4]; - r->xy[35] = t3[3]; - r->xy[34] = t3[2]; - r->xy[33] = t3[1]; - r->xy[32] = t3[0]; + rz[0] = 1; + + + // 3: + + point_double (rx, ry, rz); // 2 + point_add (rx, ry, rz, tx, ty); // 3 + + // to affine: + + inv_mod (rz); + + mul_mod (neg, rz, rz); // neg is temporary variable (z^2) + mul_mod (rx, rx, neg); + + mul_mod (rz, neg, rz); + mul_mod (ry, ry, rz); + + r->xy[24] = rx[0]; + r->xy[25] = rx[1]; + r->xy[26] = rx[2]; + r->xy[27] = rx[3]; + r->xy[28] = rx[4]; + r->xy[29] = rx[5]; + r->xy[30] = rx[6]; + r->xy[31] = rx[7]; + + r->xy[32] = ry[0]; + r->xy[33] = ry[1]; + r->xy[34] = ry[2]; + r->xy[35] = ry[3]; + r->xy[36] = ry[4]; + r->xy[37] = ry[5]; + r->xy[38] = ry[6]; + r->xy[39] = ry[7]; + + // -3: + + neg[0] = ry[0]; + neg[1] = ry[1]; + neg[2] = ry[2]; + neg[3] = ry[3]; + neg[4] = ry[4]; + neg[5] = ry[5]; + neg[6] = ry[6]; + neg[7] = ry[7]; + + sub_mod (neg, p, neg); + + r->xy[40] = neg[0]; + r->xy[41] = neg[1]; + r->xy[42] = neg[2]; + r->xy[43] = neg[3]; + r->xy[44] = neg[4]; + r->xy[45] = neg[5]; + r->xy[46] = neg[6]; + r->xy[47] = neg[7]; + + + // 5: + + rz[0] = 1; // actually we could take advantage of rz being 1 too (alternative point_add ()), + rz[1] = 0; // but it is not important because this is performed only once per "hash" + rz[2] = 0; + rz[3] = 0; + rz[4] = 0; + rz[5] = 0; + rz[6] = 0; + rz[7] = 0; + + point_add (rx, ry, rz, tx, ty); // 4 + point_add (rx, ry, rz, tx, ty); // 5 + + // to affine: + + inv_mod (rz); + + mul_mod (neg, rz, rz); + mul_mod (rx, rx, neg); + + mul_mod (rz, neg, rz); + mul_mod (ry, ry, rz); + + r->xy[48] = rx[0]; + r->xy[49] = rx[1]; + r->xy[50] = rx[2]; + r->xy[51] = rx[3]; + r->xy[52] = rx[4]; + r->xy[53] = rx[5]; + r->xy[54] = rx[6]; + r->xy[55] = rx[7]; + + r->xy[56] = ry[0]; + r->xy[57] = ry[1]; + r->xy[58] = ry[2]; + r->xy[59] = ry[3]; + r->xy[60] = ry[4]; + r->xy[61] = ry[5]; + r->xy[62] = ry[6]; + r->xy[63] = ry[7]; + + // -5: + + neg[0] = ry[0]; + neg[1] = ry[1]; + neg[2] = ry[2]; + neg[3] = ry[3]; + neg[4] = ry[4]; + neg[5] = ry[5]; + neg[6] = ry[6]; + neg[7] = ry[7]; + + sub_mod (neg, p, neg); + + r->xy[64] = neg[0]; + r->xy[65] = neg[1]; + r->xy[66] = neg[2]; + r->xy[67] = neg[3]; + r->xy[68] = neg[4]; + r->xy[69] = neg[5]; + r->xy[70] = neg[6]; + r->xy[71] = neg[7]; + + + // 7: + + rz[0] = 1; + rz[1] = 0; + rz[2] = 0; + rz[3] = 0; + rz[4] = 0; + rz[5] = 0; + rz[6] = 0; + rz[7] = 0; + + point_add (rx, ry, rz, tx, ty); // 6 + point_add (rx, ry, rz, tx, ty); // 7 + + // to affine: + + inv_mod (rz); + + mul_mod (neg, rz, rz); + mul_mod (rx, rx, neg); + + mul_mod (rz, neg, rz); + mul_mod (ry, ry, rz); + + r->xy[72] = rx[0]; + r->xy[73] = rx[1]; + r->xy[74] = rx[2]; + r->xy[75] = rx[3]; + r->xy[76] = rx[4]; + r->xy[77] = rx[5]; + r->xy[78] = rx[6]; + r->xy[79] = rx[7]; + + r->xy[80] = ry[0]; + r->xy[81] = ry[1]; + r->xy[82] = ry[2]; + r->xy[83] = ry[3]; + r->xy[84] = ry[4]; + r->xy[85] = ry[5]; + r->xy[86] = ry[6]; + r->xy[87] = ry[7]; + + // -7: + + neg[0] = ry[0]; + neg[1] = ry[1]; + neg[2] = ry[2]; + neg[3] = ry[3]; + neg[4] = ry[4]; + neg[5] = ry[5]; + neg[6] = ry[6]; + neg[7] = ry[7]; + + sub_mod (neg, p, neg); + + r->xy[88] = neg[0]; + r->xy[89] = neg[1]; + r->xy[90] = neg[2]; + r->xy[91] = neg[3]; + r->xy[92] = neg[4]; + r->xy[93] = neg[5]; + r->xy[94] = neg[6]; + r->xy[95] = neg[7]; } DECLSPEC void point_mul (u32 r[9], const u32 k[8], GLOBAL_AS const secp256k1_t *tmps) { - // first check the position of the least significant bit + /* + * Convert the tweak/scalar k to w-NAF (window size is 4) + */ - // the following fancy shift operation just checks the last 2 bits, finds the - // least significant bit (set to 1) and updates idx according to this table: - // last bits | idx - // 0bxxxxxx00 | 2 - // 0bxxxxxx01 | 0 - // 0bxxxxxx10 | 1 - // 0bxxxxxx11 | 0 + u32 n[9]; - const u32 idx = (0x0102 >> ((k[0] & 3) << 2)) & 3; + n[0] = 0; // we need this extra slot sometimes for the subtraction to work + n[1] = k[7]; + n[2] = k[6]; + n[3] = k[5]; + n[4] = k[4]; + n[5] = k[3]; + n[6] = k[2]; + n[7] = k[1]; + n[8] = k[0]; - const u32 offset = idx << 4; // * (8 + 8) = 16 (=> offset of 16 u32 = 16 * 4 bytes) + u32 naf[32 + 1] = { 0 }; // we need one extra slot + + int loop_start = 0; + + for (int i = 0; i <= 256; i++) + { + if (n[8] & 1) + { + // for window size w = 4: + // => 2^(w-0) = 2^4 = 16 (0x10) + // => 2^(w-1) = 2^3 = 8 (0x08) + + int diff = n[8] & 0x0f; // n % 2^w == n & (2^w - 1) + + // convert diff to val according to this table: + // 1 -> +1 -> 1 + // 3 -> +3 -> 3 + // 5 -> +5 -> 5 + // 7 -> +7 -> 7 + // 9 -> -7 -> 8 + // 11 -> -5 -> 6 + // 13 -> -3 -> 4 + // 15 -> -1 -> 2 + + int val = diff; + + if (diff >= 0x08) + { + diff -= 0x10; + + val = 0x11 - val; + } + + naf[i >> 3] |= val << ((i & 7) << 2); + + u32 t = n[8]; // t is the (temporary) old/unmodified value + + n[8] -= diff; + + // we need to take care of the carry/borrow: + + u32 k = 8; + + if (diff > 0) + { + while (n[k] > t) // overflow propagation + { + if (k == 0) break; // needed ? + + k--; + + t = n[k]; + + n[k]--; + } + } + else // if (diff < 0) + { + while (t > n[k]) // overflow propagation + { + if (k == 0) break; + + k--; + + t = n[k]; + + n[k]++; + } + } + + // update start/stop: + + if (i > loop_start) loop_start = i; + } + + // n = n / 2: + + n[8] = n[8] >> 1 | n[7] << 31; + n[7] = n[7] >> 1 | n[6] << 31; + n[6] = n[6] >> 1 | n[5] << 31; + n[5] = n[5] >> 1 | n[4] << 31; + n[4] = n[4] >> 1 | n[3] << 31; + n[3] = n[3] >> 1 | n[2] << 31; + n[2] = n[2] >> 1 | n[1] << 31; + n[1] = n[1] >> 1 | n[0] << 31; + n[0] = n[0] >> 1; + } + + + // first set: + + const u32 multiplier = (naf[loop_start >> 3] >> ((loop_start & 7) << 2)) & 0x0f; // or use u8 ? + + const u32 odd = multiplier & 1; + + const u32 x_pos = ((multiplier - 1 + odd) >> 1) * 24; + const u32 y_pos = odd ? (x_pos + 8) : (x_pos + 16); u32 x1[8]; - x1[0] = tmps->xy[offset + 0]; - x1[1] = tmps->xy[offset + 1]; - x1[2] = tmps->xy[offset + 2]; - x1[3] = tmps->xy[offset + 3]; - x1[4] = tmps->xy[offset + 4]; - x1[5] = tmps->xy[offset + 5]; - x1[6] = tmps->xy[offset + 6]; - x1[7] = tmps->xy[offset + 7]; + x1[0] = tmps->xy[x_pos + 0]; + x1[1] = tmps->xy[x_pos + 1]; + x1[2] = tmps->xy[x_pos + 2]; + x1[3] = tmps->xy[x_pos + 3]; + x1[4] = tmps->xy[x_pos + 4]; + x1[5] = tmps->xy[x_pos + 5]; + x1[6] = tmps->xy[x_pos + 6]; + x1[7] = tmps->xy[x_pos + 7]; u32 y1[8]; - y1[0] = tmps->xy[offset + 8]; - y1[1] = tmps->xy[offset + 9]; - y1[2] = tmps->xy[offset + 10]; - y1[3] = tmps->xy[offset + 11]; - y1[4] = tmps->xy[offset + 12]; - y1[5] = tmps->xy[offset + 13]; - y1[6] = tmps->xy[offset + 14]; - y1[7] = tmps->xy[offset + 15]; + y1[0] = tmps->xy[y_pos + 0]; + y1[1] = tmps->xy[y_pos + 1]; + y1[2] = tmps->xy[y_pos + 2]; + y1[3] = tmps->xy[y_pos + 3]; + y1[4] = tmps->xy[y_pos + 4]; + y1[5] = tmps->xy[y_pos + 5]; + y1[6] = tmps->xy[y_pos + 6]; + y1[7] = tmps->xy[y_pos + 7]; u32 z1[8] = { 0 }; z1[0] = 1; - // do NOT allow to overflow the tmps->xy buffer: - - u32 final_offset = offset; - - if (final_offset > 16) final_offset = 16; - - u32 x2[8]; - - x2[0] = tmps->xy[final_offset + 16]; - x2[1] = tmps->xy[final_offset + 17]; - x2[2] = tmps->xy[final_offset + 18]; - x2[3] = tmps->xy[final_offset + 19]; - x2[4] = tmps->xy[final_offset + 20]; - x2[5] = tmps->xy[final_offset + 21]; - x2[6] = tmps->xy[final_offset + 22]; - x2[7] = tmps->xy[final_offset + 23]; - - u32 y2[8]; - - y2[0] = tmps->xy[final_offset + 24]; - y2[1] = tmps->xy[final_offset + 25]; - y2[2] = tmps->xy[final_offset + 26]; - y2[3] = tmps->xy[final_offset + 27]; - y2[4] = tmps->xy[final_offset + 28]; - y2[5] = tmps->xy[final_offset + 29]; - y2[6] = tmps->xy[final_offset + 30]; - y2[7] = tmps->xy[final_offset + 31]; - - u32 z2[8] = { 0 }; - - z2[0] = 1; - - // ... then find out the position of the most significant bit - - int loop_start = idx; - int loop_end = 255; - - for (int i = 255; i > 0; i--) // or use: i > idx - { - u32 idx = i >> 5; // the current u32 (each consisting of 2^5 = 32 bits) to inspect - - u32 mask = 1 << (i & 0x1f); - - if (k[idx] & mask) break; // found it ! - - loop_end--; - } - /* - * Start + * Start: */ - // "just" double until we find the first add (where the first bit is set): + // main loop (left-to-right binary algorithm): - for (int pos = loop_start; pos < loop_end; pos++) + for (int pos = loop_start - 1; pos >= 0; pos--) // -1 because we've set/add the point already { - const u32 idx = pos >> 5; + // always double: - const u32 mask = 1 << (pos & 0x1f); - - if (k[idx] & mask) break; - - point_double (x2, y2, z2); - - loop_start++; - } - - // for case 0 and 1 we can skip the double (we already did it in the host) - - if (idx > 1) - { - x1[0] = x2[0]; - x1[1] = x2[1]; - x1[2] = x2[2]; - x1[3] = x2[3]; - x1[4] = x2[4]; - x1[5] = x2[5]; - x1[6] = x2[6]; - x1[7] = x2[7]; - - y1[0] = y2[0]; - y1[1] = y2[1]; - y1[2] = y2[2]; - y1[3] = y2[3]; - y1[4] = y2[4]; - y1[5] = y2[5]; - y1[6] = y2[6]; - y1[7] = y2[7]; - - z1[0] = z2[0]; - z1[1] = z2[1]; - z1[2] = z2[2]; - z1[3] = z2[3]; - z1[4] = z2[4]; - z1[5] = z2[5]; - z1[6] = z2[6]; - z1[7] = z2[7]; - - point_double (x2, y2, z2); - } - - // main loop (right-to-left binary algorithm): - - for (int pos = loop_start + 1; pos < loop_end; pos++) - { - u32 idx = pos >> 5; - - u32 mask = 1 << (pos & 0x1f); + point_double (x1, y1, z1); // add only if needed: - if (k[idx] & mask) + const u32 multiplier = (naf[pos >> 3] >> ((pos & 7) << 2)) & 0x0f; + + if (multiplier) { - point_add (x1, y1, z1, x2, y2, z2); + /* + m -> y | y = ((m - (m & 1)) / 2) * 24 + ---------------------------------- + 1 -> 0 | 1/2 * 24 = 0 + 2 -> 16 + 3 -> 24 | 3/2 * 24 = 24 + 4 -> 40 + 5 -> 48 | 5/2 * 24 = 2*24 + 6 -> 64 + 7 -> 72 | 7/2 * 24 = 3*24 + 8 -> 88 + */ + + const u32 odd = multiplier & 1; + + const u32 x_pos = ((multiplier - 1 + odd) >> 1) * 24; + const u32 y_pos = odd ? (x_pos + 8) : (x_pos + 16); + + u32 x2[8]; + + x2[0] = tmps->xy[x_pos + 0]; + x2[1] = tmps->xy[x_pos + 1]; + x2[2] = tmps->xy[x_pos + 2]; + x2[3] = tmps->xy[x_pos + 3]; + x2[4] = tmps->xy[x_pos + 4]; + x2[5] = tmps->xy[x_pos + 5]; + x2[6] = tmps->xy[x_pos + 6]; + x2[7] = tmps->xy[x_pos + 7]; + + u32 y2[8]; + + y2[0] = tmps->xy[y_pos + 0]; + y2[1] = tmps->xy[y_pos + 1]; + y2[2] = tmps->xy[y_pos + 2]; + y2[3] = tmps->xy[y_pos + 3]; + y2[4] = tmps->xy[y_pos + 4]; + y2[5] = tmps->xy[y_pos + 5]; + y2[6] = tmps->xy[y_pos + 6]; + y2[7] = tmps->xy[y_pos + 7]; + + // (x1, y1, z1) + multiplier * (x, y, z) = (x1, y1, z1) + (x2, y2, z2) + + point_add (x1, y1, z1, x2, y2); + + // optimization (there can't be any adds after an add for w-1 times): + // (but it seems to be faster without this manipulation of "pos") + + //for (u32 i = 0; i < 3; i++) + //{ + // if (pos == 0) break; + // point_double (x1, y1, z1); + // pos--; + //} } - - // always double: - - point_double (x2, y2, z2); } - // handle last one: - - //const u32 final_idx = loop_end >> 5; - //const u32 mask = 1 << (loop_end & 0x1f); - - //if (k[final_idx] & mask) - //{ - // here we just assume that we have at least 2 bits set (an initial one and one additional bit) - // this could be dangerous/wrong in some situations, but very, very, very unlikely - point_add (x1, y1, z1, x2, y2, z2); - //} /* * Get the corresponding affine coordinates x/y: @@ -1778,7 +1955,7 @@ DECLSPEC void point_mul (u32 r[9], const u32 k[8], GLOBAL_AS const secp256k1_t * inv_mod (z1); - // z2 is just used as temporary storage to keep the unmodified z1 for calculating z1^3: + u32 z2[8]; mul_mod (z2, z1, z1); // z1^2 mul_mod (x1, x1, z2); // x1_affine diff --git a/OpenCL/inc_ecc_secp256k1.h b/OpenCL/inc_ecc_secp256k1.h index 954dba69a..d9cd75a4a 100644 --- a/OpenCL/inc_ecc_secp256k1.h +++ b/OpenCL/inc_ecc_secp256k1.h @@ -30,7 +30,7 @@ typedef struct secp256k1 { - u32 xy[48]; // all 3 pairs of 32+32 bytes: x,y, x1,y1, x2,y2 + u32 xy[96]; // pre-computed points: (x1,y1,-y1),(x3,y3,-y3),(x5,y5,-y5),(x7,y7,-y7) } secp256k1_t; From 4338f100e92ab23c4dac4e6c47fb1fed44bb78fd Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Fri, 27 Dec 2019 11:50:02 +0100 Subject: [PATCH 101/300] remove condition which is always true --- OpenCL/inc_ecc_secp256k1.cl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/OpenCL/inc_ecc_secp256k1.cl b/OpenCL/inc_ecc_secp256k1.cl index 350d90171..fa5362b78 100644 --- a/OpenCL/inc_ecc_secp256k1.cl +++ b/OpenCL/inc_ecc_secp256k1.cl @@ -1815,9 +1815,9 @@ DECLSPEC void point_mul (u32 r[9], const u32 k[8], GLOBAL_AS const secp256k1_t * } } - // update start/stop: + // update start: - if (i > loop_start) loop_start = i; + loop_start = i; } // n = n / 2: From 1c1ed72c6584b81ce81a611dda2df83760a222b7 Mon Sep 17 00:00:00 2001 From: philsmd Date: Tue, 31 Dec 2019 18:42:13 +0100 Subject: [PATCH 102/300] fixes #1117: added -m 22100 = BitLocker --- OpenCL/m22100-pure.cl | 403 +++++++++++++++++++++++++++++++++++ docs/changes.txt | 1 + docs/readme.txt | 1 + src/modules/module_22100.c | 400 ++++++++++++++++++++++++++++++++++ tools/test_modules/m22100.pm | 302 ++++++++++++++++++++++++++ 5 files changed, 1107 insertions(+) create mode 100644 OpenCL/m22100-pure.cl create mode 100644 src/modules/module_22100.c create mode 100644 tools/test_modules/m22100.pm diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl new file mode 100644 index 000000000..0b30542f0 --- /dev/null +++ b/OpenCL/m22100-pure.cl @@ -0,0 +1,403 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha256.cl" +#include "inc_cipher_aes.cl" +#endif + +typedef struct bitlocker +{ + u32 type; + u32 iv[4]; + u32 data[15]; + +} bitlocker_t; + +typedef struct bitlocker_tmp +{ + u32 last_hash[8]; + u32 init_hash[8]; + u32 salt[4]; + +} bitlocker_tmp_t; + +KERNEL_FQ void m22100_init (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + + // sha256 of utf16le converted password: + + sha256_ctx_t ctx0; + + sha256_init (&ctx0); + + sha256_update_global_utf16le_swap (&ctx0, pws[gid].i, pws[gid].pw_len); + + sha256_final (&ctx0); + + u32 w[16] = { 0 }; // 64 bytes blocks/aligned, we need 32 bytes + + w[0] = ctx0.h[0]; + w[1] = ctx0.h[1]; + w[2] = ctx0.h[2]; + w[3] = ctx0.h[3]; + w[4] = ctx0.h[4]; + w[5] = ctx0.h[5]; + w[6] = ctx0.h[6]; + w[7] = ctx0.h[7]; + + + // sha256 of sha256: + + sha256_ctx_t ctx1; + + sha256_init (&ctx1); + sha256_update (&ctx1, w, 32); + sha256_final (&ctx1); + + + // set tmps: + + tmps[gid].init_hash[0] = ctx1.h[0]; + tmps[gid].init_hash[1] = ctx1.h[1]; + tmps[gid].init_hash[2] = ctx1.h[2]; + tmps[gid].init_hash[3] = ctx1.h[3]; + tmps[gid].init_hash[4] = ctx1.h[4]; + tmps[gid].init_hash[5] = ctx1.h[5]; + tmps[gid].init_hash[6] = ctx1.h[6]; + tmps[gid].init_hash[7] = ctx1.h[7]; + + tmps[gid].last_hash[0] = 0; + tmps[gid].last_hash[1] = 0; + tmps[gid].last_hash[2] = 0; + tmps[gid].last_hash[3] = 0; + tmps[gid].last_hash[4] = 0; + tmps[gid].last_hash[5] = 0; + tmps[gid].last_hash[6] = 0; + tmps[gid].last_hash[7] = 0; + + tmps[gid].salt[0] = salt_bufs[salt_pos].salt_buf[0]; + tmps[gid].salt[1] = salt_bufs[salt_pos].salt_buf[1]; + tmps[gid].salt[2] = salt_bufs[salt_pos].salt_buf[2]; + tmps[gid].salt[3] = salt_bufs[salt_pos].salt_buf[3]; +} + +KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= gid_max) return; + + // init + + u32x w[32] = { 0 }; // 64 bytes blocks/aligned, 88 bytes needed (22 u32 = 22 * 4) + + w[ 0] = packv (tmps, last_hash, gid, 0); + w[ 1] = packv (tmps, last_hash, gid, 1); + w[ 2] = packv (tmps, last_hash, gid, 2); + w[ 3] = packv (tmps, last_hash, gid, 3); + w[ 4] = packv (tmps, last_hash, gid, 4); + w[ 5] = packv (tmps, last_hash, gid, 5); + w[ 6] = packv (tmps, last_hash, gid, 6); + w[ 7] = packv (tmps, last_hash, gid, 7); + + w[ 8] = packv (tmps, init_hash, gid, 0); + w[ 9] = packv (tmps, init_hash, gid, 1); + w[10] = packv (tmps, init_hash, gid, 2); + w[11] = packv (tmps, init_hash, gid, 3); + w[12] = packv (tmps, init_hash, gid, 4); + w[13] = packv (tmps, init_hash, gid, 5); + w[14] = packv (tmps, init_hash, gid, 6); + w[15] = packv (tmps, init_hash, gid, 7); + + w[16] = packv (tmps, salt, gid, 0); + w[17] = packv (tmps, salt, gid, 1); + w[18] = packv (tmps, salt, gid, 2); + w[19] = packv (tmps, salt, gid, 3); + + // main loop + + for (u32 i = 0, j = loop_pos; i < loop_cnt; i++, j++) + { + w[20] = hc_swap32 (j); + + sha256_ctx_vector_t ctx; + + sha256_init_vector (&ctx); + sha256_update_vector (&ctx, w, 88); + sha256_final_vector (&ctx); + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + w[4] = ctx.h[4]; + w[5] = ctx.h[5]; + w[6] = ctx.h[6]; + w[7] = ctx.h[7]; + } + + unpackv (tmps, last_hash, gid, 0, w[0]); + unpackv (tmps, last_hash, gid, 1, w[1]); + unpackv (tmps, last_hash, gid, 2, w[2]); + unpackv (tmps, last_hash, gid, 3, w[3]); + unpackv (tmps, last_hash, gid, 4, w[4]); + unpackv (tmps, last_hash, gid, 5, w[5]); + unpackv (tmps, last_hash, gid, 6, w[6]); + unpackv (tmps, last_hash, gid, 7, w[7]); +} + +KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + + /* + * AES decrypt the data_buf + */ + + // init AES + + u32 ukey[8]; + + ukey[0] = tmps[gid].last_hash[0]; + ukey[1] = tmps[gid].last_hash[1]; + ukey[2] = tmps[gid].last_hash[2]; + ukey[3] = tmps[gid].last_hash[3]; + ukey[4] = tmps[gid].last_hash[4]; + ukey[5] = tmps[gid].last_hash[5]; + ukey[6] = tmps[gid].last_hash[6]; + ukey[7] = tmps[gid].last_hash[7]; + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + AES256_set_encrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3); + + + // decrypt: + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + + + // in total we've 60 bytes: we need out0 (16 bytes) to out3 (16 bytes) for MAC verification + + // 1 + + u32 out1[4]; + + AES256_encrypt (ks, iv, out1, s_te0, s_te1, s_te2, s_te3, s_te4); + + + // some early reject: + + out1[0] ^= esalt_bufs[digests_offset].data[4]; // skip MAC for now (first 16 bytes) + + if ((out1[0] & 0xffff0000) != 0x2c000000) return; // data_size must be 0x2c00 + + + out1[1] ^= esalt_bufs[digests_offset].data[5]; + + if ((out1[1] & 0xffff0000) != 0x01000000) return; // version must be 0x0100 + + + out1[2] ^= esalt_bufs[digests_offset].data[6]; + + if ((out1[2] & 0x00ff0000) != 0x00200000) return; // v2 must be 0x20 + + + if ((out1[2] >> 24) > 0x05) return; // v1 must be <= 5 + + + + // if no MAC verification should be performed, we are already done: + + u32 type = esalt_bufs[digests_offset].type; + + if (type == 0) + { + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, 0, 0, 0); + } + + return; + } + + out1[3] ^= esalt_bufs[digests_offset].data[7]; + + + /* + * Decrypt the whole data buffer for MAC verification (type == 1): + */ + + // 0 + + iv[3] = iv[3] & 0xff000000; // xx000000 + + u32 out0[4]; + + AES256_encrypt (ks, iv, out0, s_te0, s_te1, s_te2, s_te3, s_te4); + + out0[0] ^= esalt_bufs[digests_offset].data[0]; + out0[1] ^= esalt_bufs[digests_offset].data[1]; + out0[2] ^= esalt_bufs[digests_offset].data[2]; + out0[3] ^= esalt_bufs[digests_offset].data[3]; + + // 2 + + // add 2 because we already did block 1 for the early reject + + iv[3] += 2; // xx000002 + + u32 out2[4]; + + AES256_encrypt (ks, iv, out2, s_te0, s_te1, s_te2, s_te3, s_te4); + + out2[0] ^= esalt_bufs[digests_offset].data[ 8]; + out2[1] ^= esalt_bufs[digests_offset].data[ 9]; + out2[2] ^= esalt_bufs[digests_offset].data[10]; + out2[3] ^= esalt_bufs[digests_offset].data[11]; + + // 3 + + iv[3] += 1; // xx000003 + + u32 out3[4]; // actually only 3 needed + + AES256_encrypt (ks, iv, out3, s_te0, s_te1, s_te2, s_te3, s_te4); + + out3[0] ^= esalt_bufs[digests_offset].data[12]; + out3[1] ^= esalt_bufs[digests_offset].data[13]; + out3[2] ^= esalt_bufs[digests_offset].data[14]; + + + // compute MAC: + + // out1 + + iv[0] = (iv[0] & 0x00ffffff) | 0x3a000000; + iv[3] = (iv[3] & 0xff000000) | 0x0000002c; + + u32 mac[4]; + + AES256_encrypt (ks, iv, mac, s_te0, s_te1, s_te2, s_te3, s_te4); + + iv[0] = mac[0] ^ out1[0]; + iv[1] = mac[1] ^ out1[1]; + iv[2] = mac[2] ^ out1[2]; + iv[3] = mac[3] ^ out1[3]; + + // out2 + + AES256_encrypt (ks, iv, mac, s_te0, s_te1, s_te2, s_te3, s_te4); + + iv[0] = mac[0] ^ out2[0]; + iv[1] = mac[1] ^ out2[1]; + iv[2] = mac[2] ^ out2[2]; + iv[3] = mac[3] ^ out2[3]; + + // out3 + + AES256_encrypt (ks, iv, mac, s_te0, s_te1, s_te2, s_te3, s_te4); + + iv[0] = mac[0] ^ out3[0]; + iv[1] = mac[1] ^ out3[1]; + iv[2] = mac[2] ^ out3[2]; + iv[3] = mac[3]; + + // final + + AES256_encrypt (ks, iv, mac, s_te0, s_te1, s_te2, s_te3, s_te4); + + if (mac[0] != out0[0]) return; + if (mac[1] != out0[1]) return; + if (mac[2] != out0[2]) return; + if (mac[3] != out0[3]) return; + + + // if we end up here, we are sure to have found the correct password: + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, 0, 0, 0); + } +} diff --git a/docs/changes.txt b/docs/changes.txt index bb1bdd31b..c9f5593a5 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -21,6 +21,7 @@ - Added hash-mode: Android Backup - Added hash-mode: AuthMe sha256 +- Added hash-mode: BitLocker - Added hash-mode: BitShares v0.x - Added hash-mode: Blockchain, My Wallet, Second Password (SHA256) - Added hash-mode: DiskCryptor diff --git a/docs/readme.txt b/docs/readme.txt index 45afddf4d..2027a54d5 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -237,6 +237,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - Oracle Transportation Management (SHA256) - Huawei sha1(md5($pass).$salt) - AuthMe sha256 +- BitLocker - eCryptfs - LUKS - VeraCrypt diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c new file mode 100644 index 000000000..455d1f246 --- /dev/null +++ b/src/modules/module_22100.c @@ -0,0 +1,400 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "BitLocker"; +static const u64 KERN_TYPE = 22100; +static const u32 OPTI_TYPE = OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +//static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE +// | OPTI_TYPE_EARLY_SKIP +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$bitlocker$1$16$6f972989ddc209f1eccf07313a7266a2$1048576$12$3a33a8eaff5e6f81d907b591$60$316b0f6d4cb445fb056f0e3e0633c413526ff4481bbf588917b70a4e8f8075f5ceb45958a800b42cb7ff9b7f5e17c6145bf8561ea86f52d3592059fb"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct bitlocker +{ + u32 type; + u32 iv[4]; + u32 data[15]; + +} bitlocker_t; + +typedef struct bitlocker_tmp +{ + u32 last_hash[8]; + u32 init_hash[8]; + u32 salt[4]; + +} bitlocker_tmp_t; + +static const char *SIGNATURE_BITLOCKER = "$bitlocker$"; + +#define ITERATION_BITLOCKER 0x100000 +#define SALT_LEN_BITLOCKER 16 +#define IV_LEN_BITLOCKER 12 +#define DATA_LEN_BITLOCKER 60 + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (bitlocker_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (bitlocker_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + bitlocker_t *bitlocker = (bitlocker_t *) esalt_buf; + + token_t token; + + token.token_cnt = 9; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_BITLOCKER; + + token.len[0] = 11; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '$'; + token.len_min[1] = 1; + token.len_max[1] = 1; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '$'; + token.len_min[2] = 2; + token.len_max[2] = 2; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[3] = '$'; + token.len_min[3] = 32; + token.len_max[3] = 32; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[4] = '$'; + token.len_min[4] = 7; + token.len_max[4] = 7; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[5] = '$'; + token.len_min[5] = 2; + token.len_max[5] = 2; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[6] = '$'; + token.len_min[6] = 24; + token.len_max[6] = 24; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = '$'; + token.len_min[7] = 2; + token.len_max[7] = 2; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[8] = '$'; + token.len_min[8] = 120; + token.len_max[8] = 120; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // type + + const u8 *type_pos = token.buf[1]; + + const u32 type = hc_strtoul ((const char *) type_pos, NULL, 10); + + if ((type != 0) && (type != 1)) return PARSER_SALT_VALUE; + + bitlocker->type = type; + + // salt + + const u8 *salt_len_pos = token.buf[2]; + + const u32 salt_len = hc_strtoul ((const char *) salt_len_pos, NULL, 10); + + if (salt_len != SALT_LEN_BITLOCKER) return PARSER_SALT_LENGTH; + + const u8 *salt_pos = token.buf[3]; + + salt->salt_buf[0] = hex_to_u32 (salt_pos + 0); + salt->salt_buf[1] = hex_to_u32 (salt_pos + 8); + salt->salt_buf[2] = hex_to_u32 (salt_pos + 16); + salt->salt_buf[3] = hex_to_u32 (salt_pos + 24); + + salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); + salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); + salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); + salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); + + salt->salt_len = SALT_LEN_BITLOCKER; + + // iter + + const u8 *iter_pos = token.buf[4]; + + const u32 iter = hc_strtoul ((const char *) iter_pos, NULL, 10); + + if (iter != ITERATION_BITLOCKER) return PARSER_SALT_VALUE; + + salt->salt_iter = ITERATION_BITLOCKER; + + // IV (nonce) + + const u8 *iv_len_pos = token.buf[5]; // aka nonce_len + + const u32 iv_len = hc_strtoul ((const char *) iv_len_pos, NULL, 10); + + if (iv_len != IV_LEN_BITLOCKER) return PARSER_SALT_LENGTH; + + const u8 *iv_pos = token.buf[6]; + + u32 iv[4] = { 0 }; + + iv[0] = hex_to_u32 (iv_pos + 0); + iv[1] = hex_to_u32 (iv_pos + 8); + iv[2] = hex_to_u32 (iv_pos + 16); + + iv[0] = byte_swap_32 (iv[0]); + iv[1] = byte_swap_32 (iv[1]); + iv[2] = byte_swap_32 (iv[2]); + + // prefix 0x02 and shift-right by 1 byte: + + iv[3] = (iv[2] << 24) | 0x01; // 0x01 because we start with the VMK (skip MAC) + iv[2] = (iv[1] << 24) | (iv[2] >> 8); + iv[1] = (iv[0] << 24) | (iv[1] >> 8); + iv[0] = (0x02 << 24) | (iv[0] >> 8); // 15 - strlen (iv) - 1 = 14 - 12 = 0x02 + + bitlocker->iv[0] = iv[0]; + bitlocker->iv[1] = iv[1]; + bitlocker->iv[2] = iv[2]; + bitlocker->iv[3] = iv[3]; + + // data and digest: + + const u8 *data_len_pos = token.buf[7]; + + const u32 data_len = hc_strtoul ((const char *) data_len_pos, NULL, 10); + + if (data_len != DATA_LEN_BITLOCKER) return PARSER_SALT_LENGTH; + + const u8 *data_pos = token.buf[8]; + + for (u32 i = 0, j = 0; i < DATA_LEN_BITLOCKER / 4; i += 1, j += 8) + { + bitlocker->data[i] = hex_to_u32 (data_pos + j); + + bitlocker->data[i] = byte_swap_32 (bitlocker->data[i]); + } + + // fake digest: + + memcpy (digest, bitlocker->data, 16); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + bitlocker_t *bitlocker = (bitlocker_t *) esalt_buf; + + // type + + u32 type = bitlocker->type; + + // salt + + #define SALT_HEX_LEN SALT_LEN_BITLOCKER * 2 + 1 + + char salt_buf[SALT_HEX_LEN] = { 0 }; + + for (u32 i = 0, j = 0; i < SALT_LEN_BITLOCKER / 4; i += 1, j += 8) + { + snprintf (salt_buf + j, SALT_HEX_LEN - j, "%08x", salt->salt_buf[i]); + } + + // iv + + u32 iv[4] = { 0 }; + + iv[0] = bitlocker->iv[0]; + iv[1] = bitlocker->iv[1]; + iv[2] = bitlocker->iv[2]; + iv[3] = bitlocker->iv[3]; + + // remove 0x02 from start (left-shift by 1 byte): + + iv[0] = (iv[0] << 8) | (iv[1] >> 24); + iv[1] = (iv[1] << 8) | (iv[2] >> 24); + iv[2] = (iv[2] << 8) | (iv[3] >> 24); + iv[3] = 0; + + #define IV_HEX_LEN IV_LEN_BITLOCKER * 2 + 1 + + char iv_buf[IV_HEX_LEN] = { 0 }; + + for (u32 i = 0, j = 0; i < IV_LEN_BITLOCKER / 4; i += 1, j += 8) + { + snprintf (iv_buf + j, IV_HEX_LEN - j, "%08x", iv[i]); + } + + // data + + #define DATA_HEX_LEN DATA_LEN_BITLOCKER * 2 + 1 + + char data_buf[DATA_HEX_LEN] = { 0 }; + + for (u32 i = 0, j = 0; i < DATA_LEN_BITLOCKER / 4; i += 1, j += 8) + { + snprintf (data_buf + j, DATA_HEX_LEN - j, "%08x", bitlocker->data[i]); + } + + // output + + int line_len = snprintf (line_buf, line_size, "$bitlocker$%i$%i$%s$%i$%i$%s$%i$%s", + type, + SALT_LEN_BITLOCKER, + salt_buf, + ITERATION_BITLOCKER, + IV_LEN_BITLOCKER, + iv_buf, + DATA_LEN_BITLOCKER, + data_buf); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m22100.pm b/tools/test_modules/m22100.pm new file mode 100644 index 000000000..7fe99761b --- /dev/null +++ b/tools/test_modules/m22100.pm @@ -0,0 +1,302 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::SHA qw (sha256); +use Crypt::Mode::ECB; +use Encode; + +sub module_constraints { [[0, 256], [16, 16], [-1, -1], [-1, -1], [-1, -1]] } + +my $ITER = 1048576; # 0x100000 +my $SALT_LEN = 16; +my $IV_LEN = 12; +my $MAC_LEN = 16; +my $VMK_LEN = 44; # note: MAC_LEN + VMK_LEN = 60 + +sub bitlocker_kdf +{ + my $initial_hash = shift; + my $salt = shift; + + # password_key_data (88 bytes): + # 0-31 (32): last_hash + # 32-63 (32): init_hash + # 64-79 (16): salt + # 80-87 ( 8): iter + + my $password_key_data = "\x00" x (32 + 32 + 16 + 8); + + substr ($password_key_data, 32, 32) = $initial_hash; + substr ($password_key_data, 64, 16) = $salt; + + for (my $iter = 0; $iter < 0x100000; $iter++) + { + substr ($password_key_data, 80, 8) = pack ("Q", $iter); + + substr ($password_key_data, 0, 32) = sha256 ($password_key_data); + } + + return substr ($password_key_data, 0, 32); # AES-CCM key +} + +# non-standard/variant of AES-CCM (encrypt or decrypt, both => crypt): + +sub bitlocker_crypt_data +{ + my $key = shift; + my $data = shift; + my $iv = shift; + + my $ret = ""; # return value (output buffer) + + my $iiv = "\x02"; # 15 - length ($iv) - 1 = 14 - length ($iv) + + $iiv = $iiv . $iv . "\x00\x00\x00"; # add "\x00" x (16 - length ($iv)) + + # we could do this in a loop (but let's unroll it to make it clear what is going on): + # (first and last are special) + + # 0 + + # substr ($iiv, 15, 1) = "\x00"; + + my $aes = Crypt::Mode::ECB->new ('AES', 0); + + my $block = $aes->encrypt ($iiv, $key); + + for (my $i = 0; $i < 16; $i++) + { + $ret .= chr (ord (substr ($data, $i, 1)) ^ ord (substr ($block, $i, 1))); + } + + # 1 + + substr ($iiv, 15, 1) = "\x01"; + + $block = $aes->encrypt ($iiv, $key); + + for (my $i = 0; $i < 16; $i++) + { + $ret .= chr (ord (substr ($data, 16 + $i, 1)) ^ ord (substr ($block, $i, 1))); + } + + # 2 + + substr ($iiv, 15, 1) = "\x02"; + + $block = $aes->encrypt ($iiv, $key); + + for (my $i = 0; $i < 16; $i++) + { + $ret .= chr (ord (substr ($data, 32 + $i, 1)) ^ ord (substr ($block, $i, 1))); + } + + # 3 (final/remaining data: 12 bytes): + + substr ($iiv, 15, 1) = "\x03"; + + $block = $aes->encrypt ($iiv, $key); + + for (my $i = 0; $i < 12; $i++) + { + $ret .= chr (ord (substr ($data, 48 + $i, 1)) ^ ord (substr ($block, $i, 1))); + } + + return $ret; +} + +sub bitlocker_generate_mac +{ + my $key = shift; + my $data = shift; + my $iv = shift; + + my $iiv = "\x3a" . $iv . "\x00\x00" . "\x2c"; + + # we could do this in a loop (but let's unroll it to make it clear what is going on): + # (first and last are special) + + # 0 + + my $aes = Crypt::Mode::ECB->new ('AES', 0); + + my $block = $aes->encrypt ($iiv, $key); + + my $res = ""; + + for (my $i = 0; $i < 16; $i++) + { + $res .= chr (ord (substr ($data, $i, 1)) ^ ord (substr ($block, $i, 1))); + } + + # 1 + + $block = $aes->encrypt ($res, $key); + + $res = ""; + + for (my $i = 0; $i < 16; $i++) + { + $res .= chr (ord (substr ($data, 16 + $i, 1)) ^ ord (substr ($block, $i, 1))); + } + + # 2 + + $block = $aes->encrypt ($res, $key); + + $res = ""; + + for (my $i = 0; $i < 12; $i++) + { + $res .= chr (ord (substr ($data, 32 + $i, 1)) ^ ord (substr ($block, $i, 1))); + } + + # 3 + + $block = $aes->encrypt ($res . substr ($block, 12, 4), $key); + + return $block; +} + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $iv = shift // random_bytes (12); + my $data = shift; # if not set, we're going to "generate"/fake it below + my $type = shift // random_number (0, 1); # if set to 1: check also the MAC in hashcat + + + # key generation (KDF): + + my $word_utf16le = encode ("UTF-16LE", $word); + + my $pass_hash = sha256 (sha256 ($word_utf16le)); + + my $key = bitlocker_kdf ($pass_hash, $salt); + + + if (! $data) + { + $data = pack ("H*", "2c000000"); # actually, only 0x2c00 can be expected for sure + $data .= pack ("H*", "01000000"); # actually, only 0x0100 can be expected for sure + $data .= chr (random_number (0, 5)); + $data .= pack ("H*", "200000"); # actually, only 0x20 can be expected for sure + + $data .= random_bytes (44 - 12); # 44 - bytes that we set above + } + else + { + # verification: + + my $dec_data = bitlocker_crypt_data ($key, $data, $iv); # decryption + + my $data_size = ord (substr ($dec_data, 16, 1)) | (ord (substr ($dec_data, 17, 1)) << 8); + my $version = ord (substr ($dec_data, 20, 1)) | (ord (substr ($dec_data, 21, 1)) << 8); + + my $v1 = ord (substr ($dec_data, 16 + 8, 1)); # Volume Master Key (VMK) + 8 + my $v2 = ord (substr ($dec_data, 16 + 9, 1)); # Volume Master Key (VMK) + 9 + + # early ejects / failed: + + return unless ($data_size == 0x2c); + return unless ($version == 0x01); + return unless ($v2 == 0x20); + return unless ($v1 <= 0x05); + + $data = substr ($dec_data, 16); # skip the MAC such that we get only the raw data (VMK etc) + + # note: we do NOT check the $type value ... we do the MAC verification anyway to be safe + # (for "verify" and $type set to 0 - no MAC verification -, we could early exit here already) + } + + + # MAC (authenticate-then-encrypt, MAC first!): + + my $mac = bitlocker_generate_mac ($key, $data, $iv); + + + # encrypt (both, MAC + VMK): + + my $mac_vmk = $mac . $data; + + my $enc_data = bitlocker_crypt_data ($key, $mac_vmk, $iv); # encryption + + + # output: + + my $hash = sprintf ("\$bitlocker\$%i\$%i\$%s\$%i\$%i\$%s\$%i\$%s", + $type, + $SALT_LEN, + unpack ("H*", $salt), + $ITER, + $IV_LEN, + unpack ("H*", $iv), + $MAC_LEN + $VMK_LEN, + unpack ("H*", $enc_data)); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $idx = index ($line, ':'); + + return if ($idx < 0); + + my $hash = substr ($line, 0, $idx); + my $word = substr ($line, $idx + 1); + + return unless defined $hash; + return unless defined $word; + + my @data = split ('\$', $hash); + + return unless (scalar (@data) == 10); + + my $signature = $data[1]; + my $type = $data[2]; + my $salt_len = $data[3]; + my $salt = $data[4]; + my $iter = $data[5]; + my $iv_len = $data[6]; + my $iv = $data[7]; + my $data_len = $data[8]; + my $data = $data[9]; + + # sanity checks: + + return unless ($signature eq "bitlocker"); + + return unless ($salt_len == $SALT_LEN); + return unless ($iv_len == $IV_LEN); + return unless ($data_len == $MAC_LEN + $VMK_LEN); + + # hex to binary conversion: + + $salt = pack ("H*", $salt); + $iv = pack ("H*", $iv); + $data = pack ("H*", $data); + + return unless (length ($salt) == $SALT_LEN); + return unless (length ($iv) == $IV_LEN); + return unless (length ($data) == $MAC_LEN + $VMK_LEN); + + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt, $iv, $data, $type); + + return ($new_hash, $word); +} + +1; From 5d1d48f5d7713620e738fb81377e27ee60282165 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 31 Dec 2019 21:25:37 +0100 Subject: [PATCH 103/300] Do not check for COPY_PW limits in outside kernels --- src/backend.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/backend.c b/src/backend.c index c70d47095..b25e33aa4 100644 --- a/src/backend.c +++ b/src/backend.c @@ -9402,13 +9402,16 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (user_options->attack_mode == ATTACK_MODE_STRAIGHT) { - if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) + if (hashconfig->attack_exec == ATTACK_EXEC_INSIDE_KERNEL) { - // not required - } - else - { - device_param->kernel_threads_max = MIN (device_param->kernel_threads_max, 64); + if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) + { + // not required + } + else + { + device_param->kernel_threads_max = MIN (device_param->kernel_threads_max, 64); + } } } From c9c09418b44ba0d99b2b570d16af90b46b257b78 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 31 Dec 2019 21:27:34 +0100 Subject: [PATCH 104/300] Small Bitlocker speed boost --- OpenCL/m22100-pure.cl | 111 ++++++++++++++++++++++++++---------------- 1 file changed, 69 insertions(+), 42 deletions(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index 0b30542f0..d2642ebb5 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -107,61 +107,88 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) // init - u32x w[32] = { 0 }; // 64 bytes blocks/aligned, 88 bytes needed (22 u32 = 22 * 4) + u32x wa0[4]; + u32x wa1[4]; + u32x wa2[4]; + u32x wa3[4]; - w[ 0] = packv (tmps, last_hash, gid, 0); - w[ 1] = packv (tmps, last_hash, gid, 1); - w[ 2] = packv (tmps, last_hash, gid, 2); - w[ 3] = packv (tmps, last_hash, gid, 3); - w[ 4] = packv (tmps, last_hash, gid, 4); - w[ 5] = packv (tmps, last_hash, gid, 5); - w[ 6] = packv (tmps, last_hash, gid, 6); - w[ 7] = packv (tmps, last_hash, gid, 7); + wa0[0] = packv (tmps, last_hash, gid, 0); // last_hash + wa0[1] = packv (tmps, last_hash, gid, 1); + wa0[2] = packv (tmps, last_hash, gid, 2); + wa0[3] = packv (tmps, last_hash, gid, 3); + wa1[0] = packv (tmps, last_hash, gid, 4); + wa1[1] = packv (tmps, last_hash, gid, 5); + wa1[2] = packv (tmps, last_hash, gid, 6); + wa1[3] = packv (tmps, last_hash, gid, 7); + wa2[0] = packv (tmps, init_hash, gid, 0); // init_hash + wa2[1] = packv (tmps, init_hash, gid, 1); + wa2[2] = packv (tmps, init_hash, gid, 2); + wa2[3] = packv (tmps, init_hash, gid, 3); + wa3[0] = packv (tmps, init_hash, gid, 4); + wa3[1] = packv (tmps, init_hash, gid, 5); + wa3[2] = packv (tmps, init_hash, gid, 6); + wa3[3] = packv (tmps, init_hash, gid, 7); - w[ 8] = packv (tmps, init_hash, gid, 0); - w[ 9] = packv (tmps, init_hash, gid, 1); - w[10] = packv (tmps, init_hash, gid, 2); - w[11] = packv (tmps, init_hash, gid, 3); - w[12] = packv (tmps, init_hash, gid, 4); - w[13] = packv (tmps, init_hash, gid, 5); - w[14] = packv (tmps, init_hash, gid, 6); - w[15] = packv (tmps, init_hash, gid, 7); + u32x wb0[4]; + u32x wb1[4]; + u32x wb2[4]; + u32x wb3[4]; - w[16] = packv (tmps, salt, gid, 0); - w[17] = packv (tmps, salt, gid, 1); - w[18] = packv (tmps, salt, gid, 2); - w[19] = packv (tmps, salt, gid, 3); + wb0[0] = packv (tmps, salt, gid, 0); + wb0[1] = packv (tmps, salt, gid, 1); + wb0[2] = packv (tmps, salt, gid, 2); + wb0[3] = packv (tmps, salt, gid, 3); + wb1[0] = 0; + wb1[1] = 0; + wb1[2] = 0x80000000; + wb1[3] = 0; + wb2[0] = 0; + wb2[1] = 0; + wb2[2] = 0; + wb2[3] = 0; + wb3[0] = 0; + wb3[1] = 0; + wb3[2] = 0; + wb3[3] = 88 * 8; // main loop for (u32 i = 0, j = loop_pos; i < loop_cnt; i++, j++) { - w[20] = hc_swap32 (j); + wb1[0] = hc_swap32 (j); - sha256_ctx_vector_t ctx; + u32 digest[8]; - sha256_init_vector (&ctx); - sha256_update_vector (&ctx, w, 88); - sha256_final_vector (&ctx); + digest[0] = SHA256M_A; + digest[1] = SHA256M_B; + digest[2] = SHA256M_C; + digest[3] = SHA256M_D; + digest[4] = SHA256M_E; + digest[5] = SHA256M_F; + digest[6] = SHA256M_G; + digest[7] = SHA256M_H; - w[0] = ctx.h[0]; - w[1] = ctx.h[1]; - w[2] = ctx.h[2]; - w[3] = ctx.h[3]; - w[4] = ctx.h[4]; - w[5] = ctx.h[5]; - w[6] = ctx.h[6]; - w[7] = ctx.h[7]; + sha256_transform_vector (wa0, wa1, wa2, wa3, digest); + sha256_transform_vector (wb0, wb1, wb2, wb3, digest); // this one gives the boost + + wa0[0] = digest[0]; + wa0[1] = digest[1]; + wa0[2] = digest[2]; + wa0[3] = digest[3]; + wa1[0] = digest[4]; + wa1[1] = digest[5]; + wa1[2] = digest[6]; + wa1[3] = digest[7]; } - unpackv (tmps, last_hash, gid, 0, w[0]); - unpackv (tmps, last_hash, gid, 1, w[1]); - unpackv (tmps, last_hash, gid, 2, w[2]); - unpackv (tmps, last_hash, gid, 3, w[3]); - unpackv (tmps, last_hash, gid, 4, w[4]); - unpackv (tmps, last_hash, gid, 5, w[5]); - unpackv (tmps, last_hash, gid, 6, w[6]); - unpackv (tmps, last_hash, gid, 7, w[7]); + unpackv (tmps, last_hash, gid, 0, wa0[0]); + unpackv (tmps, last_hash, gid, 1, wa0[1]); + unpackv (tmps, last_hash, gid, 2, wa0[2]); + unpackv (tmps, last_hash, gid, 3, wa0[3]); + unpackv (tmps, last_hash, gid, 4, wa1[0]); + unpackv (tmps, last_hash, gid, 5, wa1[1]); + unpackv (tmps, last_hash, gid, 6, wa1[2]); + unpackv (tmps, last_hash, gid, 7, wa1[3]); } KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) From bc442ad821357c873a821acc5e7278cfe824504a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 31 Dec 2019 21:29:09 +0100 Subject: [PATCH 105/300] Add Bitlocker minimum password length 8 restriction --- src/modules/module_22100.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index 455d1f246..03c9111f2 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -79,6 +79,13 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return tmp_size; } +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 8; + + return pw_min; +} + u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { // this overrides the reductions of PW_MAX in case optimized kernel is selected @@ -387,7 +394,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; module_ctx->module_pwdump_column = MODULE_DEFAULT; module_ctx->module_pw_max = module_pw_max; - module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_pw_min = module_pw_min; module_ctx->module_salt_max = MODULE_DEFAULT; module_ctx->module_salt_min = MODULE_DEFAULT; module_ctx->module_salt_type = module_salt_type; From 50907c5fff3cd2afa03798ca336997b53553732b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 31 Dec 2019 22:03:53 +0100 Subject: [PATCH 106/300] Update Bitlocker minimum password length 4 --- src/modules/module_22100.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index 03c9111f2..74bc92276 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -81,7 +81,10 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 pw_min = 8; + // https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings + // The startup PIN must have a minimum length of 4 digits, and it can have a maximum length of 20 digits. By default, the minimum PIN length is 6. + + const u32 pw_min = 4; return pw_min; } From 0c6b12b0a7e3688034e16c885dc1d1c57ea28eca Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 31 Dec 2019 22:04:31 +0100 Subject: [PATCH 107/300] Update Bitlocker minimum password length 4 --- tools/test_modules/m22100.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/test_modules/m22100.pm b/tools/test_modules/m22100.pm index 7fe99761b..c839c45b4 100644 --- a/tools/test_modules/m22100.pm +++ b/tools/test_modules/m22100.pm @@ -12,7 +12,7 @@ use Digest::SHA qw (sha256); use Crypt::Mode::ECB; use Encode; -sub module_constraints { [[0, 256], [16, 16], [-1, -1], [-1, -1], [-1, -1]] } +sub module_constraints { [[4, 256], [16, 16], [-1, -1], [-1, -1], [-1, -1]] } my $ITER = 1048576; # 0x100000 my $SALT_LEN = 16; From 0f9ad6f974f3960acc49814356fa8cd8b07d53f2 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 31 Dec 2019 22:54:50 +0100 Subject: [PATCH 108/300] Limit Bitlocker threads to 256 --- src/modules/module_22100.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index 74bc92276..3d909e690 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -79,6 +79,20 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return tmp_size; } +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 256; + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 256; + + return kernel_threads_max; +} + u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { // https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings @@ -384,8 +398,8 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_kernel_accel_min = MODULE_DEFAULT; module_ctx->module_kernel_loops_max = MODULE_DEFAULT; module_ctx->module_kernel_loops_min = MODULE_DEFAULT; - module_ctx->module_kernel_threads_max = MODULE_DEFAULT; - module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_min = module_kernel_threads_min; module_ctx->module_kern_type = module_kern_type; module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; module_ctx->module_opti_type = module_opti_type; From 7215d4e9c03b102aef112b52cb9095efd81c1bdb Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 31 Dec 2019 23:01:47 +0100 Subject: [PATCH 109/300] Limit Bitlocker threads to 256 --- src/modules/module_22100.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index 3d909e690..5222825f2 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -79,13 +79,6 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return tmp_size; } -u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u32 kernel_threads_min = 256; - - return kernel_threads_min; -} - u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u32 kernel_threads_max = 256; @@ -399,7 +392,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_kernel_loops_max = MODULE_DEFAULT; module_ctx->module_kernel_loops_min = MODULE_DEFAULT; module_ctx->module_kernel_threads_max = module_kernel_threads_max; - module_ctx->module_kernel_threads_min = module_kernel_threads_min; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; module_ctx->module_kern_type = module_kern_type; module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; module_ctx->module_opti_type = module_opti_type; From e31e7690ed2f2b4444743fd41abb523a182f5306 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 1 Jan 2020 10:49:04 +0100 Subject: [PATCH 110/300] Add BitCracker optimization to precompute KE of second sha256_transform since input data is static --- OpenCL/m22100-pure.cl | 214 +++++++++++++++++++++++-------------- src/modules/module_22100.c | 50 +++++++-- 2 files changed, 175 insertions(+), 89 deletions(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index d2642ebb5..d43528fe9 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -15,11 +15,17 @@ #include "inc_cipher_aes.cl" #endif +#define ITERATION_BITLOCKER 0x100000 +#define SALT_LEN_BITLOCKER 16 +#define IV_LEN_BITLOCKER 12 +#define DATA_LEN_BITLOCKER 60 + typedef struct bitlocker { u32 type; u32 iv[4]; u32 data[15]; + u32 wb_ke_pc[ITERATION_BITLOCKER][64]; // only 48 needed } bitlocker_t; @@ -27,10 +33,98 @@ typedef struct bitlocker_tmp { u32 last_hash[8]; u32 init_hash[8]; - u32 salt[4]; } bitlocker_tmp_t; +DECLSPEC void sha256_transform_vector_pc (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, const GLOBAL_AS u32 wb_ke_pc[64]) +{ + u32x a = digest[0]; + u32x b = digest[1]; + u32x c = digest[2]; + u32x d = digest[3]; + u32x e = digest[4]; + u32x f = digest[5]; + u32x g = digest[6]; + u32x h = digest[7]; + + u32x w0_t = w0[0]; + u32x w1_t = w0[1]; + u32x w2_t = w0[2]; + u32x w3_t = w0[3]; + u32x w4_t = w1[0]; + u32x w5_t = w1[1]; + u32x w6_t = w1[2]; + u32x w7_t = w1[3]; + u32x w8_t = w2[0]; + u32x w9_t = w2[1]; + u32x wa_t = w2[2]; + u32x wb_t = w2[3]; + u32x wc_t = w3[0]; + u32x wd_t = w3[1]; + u32x we_t = w3[2]; + u32x wf_t = w3[3]; + + #define ROUND_EXPAND_PC(i) \ + { \ + w0_t = wb_ke_pc[i + 0]; \ + w1_t = wb_ke_pc[i + 1]; \ + w2_t = wb_ke_pc[i + 2]; \ + w3_t = wb_ke_pc[i + 3]; \ + w4_t = wb_ke_pc[i + 4]; \ + w5_t = wb_ke_pc[i + 5]; \ + w6_t = wb_ke_pc[i + 6]; \ + w7_t = wb_ke_pc[i + 7]; \ + w8_t = wb_ke_pc[i + 8]; \ + w9_t = wb_ke_pc[i + 9]; \ + wa_t = wb_ke_pc[i + 10]; \ + wb_t = wb_ke_pc[i + 11]; \ + wc_t = wb_ke_pc[i + 12]; \ + wd_t = wb_ke_pc[i + 13]; \ + we_t = wb_ke_pc[i + 14]; \ + wf_t = wb_ke_pc[i + 15]; \ + } + + #define ROUND_STEP(i) \ + { \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \ + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \ + } + + #ifdef _unroll + #pragma unroll + #endif + for (int i = 0; i < 64; i += 16) + { + ROUND_EXPAND_PC (i); ROUND_STEP (i); + } + + #undef ROUND_EXPAND_PC + #undef ROUND_STEP + + digest[0] += a; + digest[1] += b; + digest[2] += c; + digest[3] += d; + digest[4] += e; + digest[5] += f; + digest[6] += g; + digest[7] += h; +} + KERNEL_FQ void m22100_init (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) { /** @@ -41,7 +135,6 @@ KERNEL_FQ void m22100_init (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) if (gid >= gid_max) return; - // sha256 of utf16le converted password: sha256_ctx_t ctx0; @@ -63,7 +156,6 @@ KERNEL_FQ void m22100_init (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) w[6] = ctx0.h[6]; w[7] = ctx0.h[7]; - // sha256 of sha256: sha256_ctx_t ctx1; @@ -72,7 +164,6 @@ KERNEL_FQ void m22100_init (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) sha256_update (&ctx1, w, 32); sha256_final (&ctx1); - // set tmps: tmps[gid].init_hash[0] = ctx1.h[0]; @@ -92,11 +183,6 @@ KERNEL_FQ void m22100_init (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) tmps[gid].last_hash[5] = 0; tmps[gid].last_hash[6] = 0; tmps[gid].last_hash[7] = 0; - - tmps[gid].salt[0] = salt_bufs[salt_pos].salt_buf[0]; - tmps[gid].salt[1] = salt_bufs[salt_pos].salt_buf[1]; - tmps[gid].salt[2] = salt_bufs[salt_pos].salt_buf[2]; - tmps[gid].salt[3] = salt_bufs[salt_pos].salt_buf[3]; } KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) @@ -107,56 +193,32 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) // init - u32x wa0[4]; - u32x wa1[4]; - u32x wa2[4]; - u32x wa3[4]; + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; - wa0[0] = packv (tmps, last_hash, gid, 0); // last_hash - wa0[1] = packv (tmps, last_hash, gid, 1); - wa0[2] = packv (tmps, last_hash, gid, 2); - wa0[3] = packv (tmps, last_hash, gid, 3); - wa1[0] = packv (tmps, last_hash, gid, 4); - wa1[1] = packv (tmps, last_hash, gid, 5); - wa1[2] = packv (tmps, last_hash, gid, 6); - wa1[3] = packv (tmps, last_hash, gid, 7); - wa2[0] = packv (tmps, init_hash, gid, 0); // init_hash - wa2[1] = packv (tmps, init_hash, gid, 1); - wa2[2] = packv (tmps, init_hash, gid, 2); - wa2[3] = packv (tmps, init_hash, gid, 3); - wa3[0] = packv (tmps, init_hash, gid, 4); - wa3[1] = packv (tmps, init_hash, gid, 5); - wa3[2] = packv (tmps, init_hash, gid, 6); - wa3[3] = packv (tmps, init_hash, gid, 7); - - u32x wb0[4]; - u32x wb1[4]; - u32x wb2[4]; - u32x wb3[4]; - - wb0[0] = packv (tmps, salt, gid, 0); - wb0[1] = packv (tmps, salt, gid, 1); - wb0[2] = packv (tmps, salt, gid, 2); - wb0[3] = packv (tmps, salt, gid, 3); - wb1[0] = 0; - wb1[1] = 0; - wb1[2] = 0x80000000; - wb1[3] = 0; - wb2[0] = 0; - wb2[1] = 0; - wb2[2] = 0; - wb2[3] = 0; - wb3[0] = 0; - wb3[1] = 0; - wb3[2] = 0; - wb3[3] = 88 * 8; + w0[0] = packv (tmps, last_hash, gid, 0); // last_hash + w0[1] = packv (tmps, last_hash, gid, 1); + w0[2] = packv (tmps, last_hash, gid, 2); + w0[3] = packv (tmps, last_hash, gid, 3); + w1[0] = packv (tmps, last_hash, gid, 4); + w1[1] = packv (tmps, last_hash, gid, 5); + w1[2] = packv (tmps, last_hash, gid, 6); + w1[3] = packv (tmps, last_hash, gid, 7); + w2[0] = packv (tmps, init_hash, gid, 0); // init_hash + w2[1] = packv (tmps, init_hash, gid, 1); + w2[2] = packv (tmps, init_hash, gid, 2); + w2[3] = packv (tmps, init_hash, gid, 3); + w3[0] = packv (tmps, init_hash, gid, 4); + w3[1] = packv (tmps, init_hash, gid, 5); + w3[2] = packv (tmps, init_hash, gid, 6); + w3[3] = packv (tmps, init_hash, gid, 7); // main loop for (u32 i = 0, j = loop_pos; i < loop_cnt; i++, j++) { - wb1[0] = hc_swap32 (j); - u32 digest[8]; digest[0] = SHA256M_A; @@ -168,27 +230,27 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) digest[6] = SHA256M_G; digest[7] = SHA256M_H; - sha256_transform_vector (wa0, wa1, wa2, wa3, digest); - sha256_transform_vector (wb0, wb1, wb2, wb3, digest); // this one gives the boost + sha256_transform_vector (w0, w1, w2, w3, digest); + sha256_transform_vector_pc (w0, w1, w2, w3, digest, esalt_bufs[digests_offset].wb_ke_pc[j]); - wa0[0] = digest[0]; - wa0[1] = digest[1]; - wa0[2] = digest[2]; - wa0[3] = digest[3]; - wa1[0] = digest[4]; - wa1[1] = digest[5]; - wa1[2] = digest[6]; - wa1[3] = digest[7]; + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = digest[5]; + w1[2] = digest[6]; + w1[3] = digest[7]; } - unpackv (tmps, last_hash, gid, 0, wa0[0]); - unpackv (tmps, last_hash, gid, 1, wa0[1]); - unpackv (tmps, last_hash, gid, 2, wa0[2]); - unpackv (tmps, last_hash, gid, 3, wa0[3]); - unpackv (tmps, last_hash, gid, 4, wa1[0]); - unpackv (tmps, last_hash, gid, 5, wa1[1]); - unpackv (tmps, last_hash, gid, 6, wa1[2]); - unpackv (tmps, last_hash, gid, 7, wa1[3]); + unpackv (tmps, last_hash, gid, 0, w0[0]); + unpackv (tmps, last_hash, gid, 1, w0[1]); + unpackv (tmps, last_hash, gid, 2, w0[2]); + unpackv (tmps, last_hash, gid, 3, w0[3]); + unpackv (tmps, last_hash, gid, 4, w1[0]); + unpackv (tmps, last_hash, gid, 5, w1[1]); + unpackv (tmps, last_hash, gid, 6, w1[2]); + unpackv (tmps, last_hash, gid, 7, w1[3]); } KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) @@ -250,7 +312,6 @@ KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) if (gid >= gid_max) return; - /* * AES decrypt the data_buf */ @@ -274,7 +335,6 @@ KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) AES256_set_encrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3); - // decrypt: u32 iv[4]; @@ -284,7 +344,6 @@ KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) iv[2] = esalt_bufs[digests_offset].iv[2]; iv[3] = esalt_bufs[digests_offset].iv[3]; - // in total we've 60 bytes: we need out0 (16 bytes) to out3 (16 bytes) for MAC verification // 1 @@ -293,7 +352,6 @@ KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) AES256_encrypt (ks, iv, out1, s_te0, s_te1, s_te2, s_te3, s_te4); - // some early reject: out1[0] ^= esalt_bufs[digests_offset].data[4]; // skip MAC for now (first 16 bytes) @@ -310,11 +368,8 @@ KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) if ((out1[2] & 0x00ff0000) != 0x00200000) return; // v2 must be 0x20 - if ((out1[2] >> 24) > 0x05) return; // v1 must be <= 5 - - // if no MAC verification should be performed, we are already done: u32 type = esalt_bufs[digests_offset].type; @@ -331,7 +386,6 @@ KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) out1[3] ^= esalt_bufs[digests_offset].data[7]; - /* * Decrypt the whole data buffer for MAC verification (type == 1): */ @@ -376,7 +430,6 @@ KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) out3[1] ^= esalt_bufs[digests_offset].data[13]; out3[2] ^= esalt_bufs[digests_offset].data[14]; - // compute MAC: // out1 @@ -420,7 +473,6 @@ KERNEL_FQ void m22100_comp (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) if (mac[2] != out0[2]) return; if (mac[3] != out0[3]) return; - // if we end up here, we are sure to have found the correct password: if (atomic_inc (&hashes_shown[digests_offset]) == 0) diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index 5222825f2..da1e4c2f7 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -9,6 +9,7 @@ #include "bitops.h" #include "convert.h" #include "shared.h" +#include "emu_inc_hash_sha256.h" static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; static const u32 DGST_POS0 = 0; @@ -20,8 +21,6 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "BitLocker"; static const u64 KERN_TYPE = 22100; static const u32 OPTI_TYPE = OPTI_TYPE_SLOW_HASH_SIMD_LOOP; -//static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE -// | OPTI_TYPE_EARLY_SKIP static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -42,11 +41,17 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +#define ITERATION_BITLOCKER 0x100000 +#define SALT_LEN_BITLOCKER 16 +#define IV_LEN_BITLOCKER 12 +#define DATA_LEN_BITLOCKER 60 + typedef struct bitlocker { u32 type; u32 iv[4]; u32 data[15]; + u32 wb_ke_pc[ITERATION_BITLOCKER][64]; // only 48 needed } bitlocker_t; @@ -54,17 +59,11 @@ typedef struct bitlocker_tmp { u32 last_hash[8]; u32 init_hash[8]; - u32 salt[4]; } bitlocker_tmp_t; static const char *SIGNATURE_BITLOCKER = "$bitlocker$"; -#define ITERATION_BITLOCKER 0x100000 -#define SALT_LEN_BITLOCKER 16 -#define IV_LEN_BITLOCKER 12 -#define DATA_LEN_BITLOCKER 60 - u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (bitlocker_t); @@ -207,6 +206,41 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE salt->salt_len = SALT_LEN_BITLOCKER; + // wb_ke_pc + + for (int i = 0; i < ITERATION_BITLOCKER; i++) + { + bitlocker->wb_ke_pc[i][ 0] = salt->salt_buf[0]; + bitlocker->wb_ke_pc[i][ 1] = salt->salt_buf[1]; + bitlocker->wb_ke_pc[i][ 2] = salt->salt_buf[2]; + bitlocker->wb_ke_pc[i][ 3] = salt->salt_buf[3]; + bitlocker->wb_ke_pc[i][ 4] = byte_swap_32 (i); + bitlocker->wb_ke_pc[i][ 5] = 0; + bitlocker->wb_ke_pc[i][ 6] = 0x80000000; + bitlocker->wb_ke_pc[i][ 7] = 0; + bitlocker->wb_ke_pc[i][ 8] = 0; + bitlocker->wb_ke_pc[i][ 9] = 0; + bitlocker->wb_ke_pc[i][10] = 0; + bitlocker->wb_ke_pc[i][11] = 0; + bitlocker->wb_ke_pc[i][12] = 0; + bitlocker->wb_ke_pc[i][13] = 0; + bitlocker->wb_ke_pc[i][14] = 0; + bitlocker->wb_ke_pc[i][15] = 88 * 8; + + #define hc_rotl32_S rotl32 + + for (int j = 16; j < 64; j++) + { + bitlocker->wb_ke_pc[i][j] = SHA256_EXPAND_S + ( + bitlocker->wb_ke_pc[i][j - 2], + bitlocker->wb_ke_pc[i][j - 7], + bitlocker->wb_ke_pc[i][j - 15], + bitlocker->wb_ke_pc[i][j - 16] + ); + } + } + // iter const u8 *iter_pos = token.buf[4]; From 49b6520ca8d2110d59427fee816ea4d8efef1385 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 1 Jan 2020 10:49:39 +0100 Subject: [PATCH 111/300] Make thread selection for -m 22100 mode flexible --- src/modules/module_22100.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index da1e4c2f7..82d008100 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -80,7 +80,7 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 kernel_threads_max = 256; + const u32 kernel_threads_max = (user_options->kernel_threads_chgd == true) ? user_options->kernel_threads : 256; return kernel_threads_max; } From db5decb750c79fb61205b3c87608b9894e093dbc Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 1 Jan 2020 13:39:17 +0100 Subject: [PATCH 112/300] Fix vector datatype in -m 22100 --- OpenCL/m22100-pure.cl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index d43528fe9..c279c3dde 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -219,7 +219,7 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) for (u32 i = 0, j = loop_pos; i < loop_cnt; i++, j++) { - u32 digest[8]; + u32x digest[8]; digest[0] = SHA256M_A; digest[1] = SHA256M_B; From 311d36305452e88fdbdbbcbad3d50a73357ec3b3 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 1 Jan 2020 20:48:55 +0100 Subject: [PATCH 113/300] Store precomputed KE for -m 22100 in shared memory and lock the loops per kernel invocation to a fixed value --- OpenCL/m22100-pure.cl | 110 +++++++++++++++++++++++++++++-------- src/modules/module_22100.c | 68 +++++++++++++---------- 2 files changed, 124 insertions(+), 54 deletions(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index c279c3dde..270cc52ef 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -25,7 +25,7 @@ typedef struct bitlocker u32 type; u32 iv[4]; u32 data[15]; - u32 wb_ke_pc[ITERATION_BITLOCKER][64]; // only 48 needed + u32 wb_ke_pc[ITERATION_BITLOCKER][48]; } bitlocker_t; @@ -36,7 +36,13 @@ typedef struct bitlocker_tmp } bitlocker_tmp_t; -DECLSPEC void sha256_transform_vector_pc (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, const GLOBAL_AS u32 wb_ke_pc[64]) +#ifdef REAL_SHM +#define SHM_TYPE2 LOCAL_AS +#else +#define SHM_TYPE2 GLOBAL_AS +#endif + +DECLSPEC void sha256_transform_vector_pc (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE2 u32 s_wb_ke_pc[48]) { u32x a = digest[0]; u32x b = digest[1]; @@ -64,24 +70,24 @@ DECLSPEC void sha256_transform_vector_pc (const u32x *w0, const u32x *w1, const u32x we_t = w3[2]; u32x wf_t = w3[3]; - #define ROUND_EXPAND_PC(i) \ - { \ - w0_t = wb_ke_pc[i + 0]; \ - w1_t = wb_ke_pc[i + 1]; \ - w2_t = wb_ke_pc[i + 2]; \ - w3_t = wb_ke_pc[i + 3]; \ - w4_t = wb_ke_pc[i + 4]; \ - w5_t = wb_ke_pc[i + 5]; \ - w6_t = wb_ke_pc[i + 6]; \ - w7_t = wb_ke_pc[i + 7]; \ - w8_t = wb_ke_pc[i + 8]; \ - w9_t = wb_ke_pc[i + 9]; \ - wa_t = wb_ke_pc[i + 10]; \ - wb_t = wb_ke_pc[i + 11]; \ - wc_t = wb_ke_pc[i + 12]; \ - wd_t = wb_ke_pc[i + 13]; \ - we_t = wb_ke_pc[i + 14]; \ - wf_t = wb_ke_pc[i + 15]; \ + #define ROUND_EXPAND_PC(i) \ + { \ + w0_t = s_wb_ke_pc[i + 0]; \ + w1_t = s_wb_ke_pc[i + 1]; \ + w2_t = s_wb_ke_pc[i + 2]; \ + w3_t = s_wb_ke_pc[i + 3]; \ + w4_t = s_wb_ke_pc[i + 4]; \ + w5_t = s_wb_ke_pc[i + 5]; \ + w6_t = s_wb_ke_pc[i + 6]; \ + w7_t = s_wb_ke_pc[i + 7]; \ + w8_t = s_wb_ke_pc[i + 8]; \ + w9_t = s_wb_ke_pc[i + 9]; \ + wa_t = s_wb_ke_pc[i + 10]; \ + wb_t = s_wb_ke_pc[i + 11]; \ + wc_t = s_wb_ke_pc[i + 12]; \ + wd_t = s_wb_ke_pc[i + 13]; \ + we_t = s_wb_ke_pc[i + 14]; \ + wf_t = s_wb_ke_pc[i + 15]; \ } #define ROUND_STEP(i) \ @@ -104,12 +110,14 @@ DECLSPEC void sha256_transform_vector_pc (const u32x *w0, const u32x *w1, const SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \ } + ROUND_STEP (0); + #ifdef _unroll #pragma unroll #endif - for (int i = 0; i < 64; i += 16) + for (int i = 16; i < 64; i += 16) { - ROUND_EXPAND_PC (i); ROUND_STEP (i); + ROUND_EXPAND_PC (i - 16); ROUND_STEP (i); } #undef ROUND_EXPAND_PC @@ -188,9 +196,60 @@ KERNEL_FQ void m22100_init (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) { const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * load 256 full w[] precomputed KE buffers into shared memory since its all static data + * in order for this to work we need to set a fixed loop count to 256 + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_wb_ke_pc[256][48]; + + for (u32 i = lid; i < 256; i += lsz) + { + for (u32 j = 0; j < 48; j++) // first 16 set to register + { + s_wb_ke_pc[i][j] = esalt_bufs[digests_offset].wb_ke_pc[loop_pos + i][j]; + } + } + + SYNC_THREADS (); + + #else + + GLOBAL_AS u32 (*s_wb_ke_pc)[48] = &esalt_bufs[digests_offset].wb_ke_pc[loop_pos]; + + #endif if ((gid * VECT_SIZE) >= gid_max) return; + // salt to register + + u32x t0[4]; + u32x t1[4]; + u32x t2[4]; + u32x t3[4]; + + t0[0] = salt_bufs[salt_pos].salt_buf[0]; + t0[1] = salt_bufs[salt_pos].salt_buf[1]; + t0[2] = salt_bufs[salt_pos].salt_buf[2]; + t0[3] = salt_bufs[salt_pos].salt_buf[3]; + t1[0] = 0; + t1[1] = 0; + t1[2] = 0x80000000; + t1[3] = 0; + t2[0] = 0; + t2[1] = 0; + t2[2] = 0; + t2[3] = 0; + t3[0] = 0; + t3[1] = 0; + t3[2] = 0; + t3[3] = 88 * 8; + // init u32x w0[4]; @@ -230,8 +289,11 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) digest[6] = SHA256M_G; digest[7] = SHA256M_H; - sha256_transform_vector (w0, w1, w2, w3, digest); - sha256_transform_vector_pc (w0, w1, w2, w3, digest, esalt_bufs[digests_offset].wb_ke_pc[j]); + sha256_transform_vector (w0, w1, w2, w3, digest); + + t1[0] = hc_swap32_S (j); // only moving part + + sha256_transform_vector_pc (t0, t1, t2, t3, digest, s_wb_ke_pc[i]); w0[0] = digest[0]; w0[1] = digest[1]; diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index 82d008100..bdf3d667a 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -51,7 +51,7 @@ typedef struct bitlocker u32 type; u32 iv[4]; u32 data[15]; - u32 wb_ke_pc[ITERATION_BITLOCKER][64]; // only 48 needed + u32 wb_ke_pc[ITERATION_BITLOCKER][48]; } bitlocker_t; @@ -78,11 +78,18 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return tmp_size; } -u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +u32 module_kernel_loops_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 kernel_threads_max = (user_options->kernel_threads_chgd == true) ? user_options->kernel_threads : 256; + const u32 kernel_loops_min = 256; - return kernel_threads_max; + return kernel_loops_min; +} + +u32 module_kernel_loops_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_loops_max = 256; + + return kernel_loops_max; } u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) @@ -210,34 +217,35 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE for (int i = 0; i < ITERATION_BITLOCKER; i++) { - bitlocker->wb_ke_pc[i][ 0] = salt->salt_buf[0]; - bitlocker->wb_ke_pc[i][ 1] = salt->salt_buf[1]; - bitlocker->wb_ke_pc[i][ 2] = salt->salt_buf[2]; - bitlocker->wb_ke_pc[i][ 3] = salt->salt_buf[3]; - bitlocker->wb_ke_pc[i][ 4] = byte_swap_32 (i); - bitlocker->wb_ke_pc[i][ 5] = 0; - bitlocker->wb_ke_pc[i][ 6] = 0x80000000; - bitlocker->wb_ke_pc[i][ 7] = 0; - bitlocker->wb_ke_pc[i][ 8] = 0; - bitlocker->wb_ke_pc[i][ 9] = 0; - bitlocker->wb_ke_pc[i][10] = 0; - bitlocker->wb_ke_pc[i][11] = 0; - bitlocker->wb_ke_pc[i][12] = 0; - bitlocker->wb_ke_pc[i][13] = 0; - bitlocker->wb_ke_pc[i][14] = 0; - bitlocker->wb_ke_pc[i][15] = 88 * 8; + u32 tmp[64]; + + tmp[ 0] = salt->salt_buf[0]; + tmp[ 1] = salt->salt_buf[1]; + tmp[ 2] = salt->salt_buf[2]; + tmp[ 3] = salt->salt_buf[3]; + tmp[ 4] = byte_swap_32 (i); + tmp[ 5] = 0; + tmp[ 6] = 0x80000000; + tmp[ 7] = 0; + tmp[ 8] = 0; + tmp[ 9] = 0; + tmp[10] = 0; + tmp[11] = 0; + tmp[12] = 0; + tmp[13] = 0; + tmp[14] = 0; + tmp[15] = 88 * 8; #define hc_rotl32_S rotl32 for (int j = 16; j < 64; j++) { - bitlocker->wb_ke_pc[i][j] = SHA256_EXPAND_S - ( - bitlocker->wb_ke_pc[i][j - 2], - bitlocker->wb_ke_pc[i][j - 7], - bitlocker->wb_ke_pc[i][j - 15], - bitlocker->wb_ke_pc[i][j - 16] - ); + tmp[j] = SHA256_EXPAND_S (tmp[j - 2], tmp[j - 7], tmp[j - 15], tmp[j - 16]); + } + + for (int j = 0; j < 48; j++) + { + bitlocker->wb_ke_pc[i][j] = tmp[16 + j]; } } @@ -423,9 +431,9 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; - module_ctx->module_kernel_loops_max = MODULE_DEFAULT; - module_ctx->module_kernel_loops_min = MODULE_DEFAULT; - module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_loops_max = module_kernel_loops_max; + module_ctx->module_kernel_loops_min = module_kernel_loops_min; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; module_ctx->module_kernel_threads_min = MODULE_DEFAULT; module_ctx->module_kern_type = module_kern_type; module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; From daaf5d365c0cc1ed1564cf41683cd66d45a4c07a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 2 Jan 2020 10:41:22 +0100 Subject: [PATCH 114/300] Use * in potfile entries for -m 22000 and -m 22001 --- src/modules/module_22000.c | 6 +++--- src/modules/module_22001.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c index 173c3f377..1942303f8 100644 --- a/src/modules/module_22000.c +++ b/src/modules/module_22000.c @@ -327,7 +327,7 @@ int module_hash_decode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY // essid - char *sep_pos = strrchr (line_buf, ':'); + char *sep_pos = strrchr (line_buf, '*'); if (sep_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); @@ -358,7 +358,7 @@ int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY tmp_buf[tmp_len] = 0; - const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x:%s", + const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x*%s", wpa_pbkdf2_tmp->out[0], wpa_pbkdf2_tmp->out[1], wpa_pbkdf2_tmp->out[2], @@ -1193,7 +1193,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *mac_ap = (const u8 *) wpa->mac_ap; const u8 *mac_sta = (const u8 *) wpa->mac_sta; - if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, ':', 0) == true) + if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, '*', 0) == true) { char tmp_buf[128]; diff --git a/src/modules/module_22001.c b/src/modules/module_22001.c index dc37532d1..446d710f4 100644 --- a/src/modules/module_22001.c +++ b/src/modules/module_22001.c @@ -328,7 +328,7 @@ int module_hash_decode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY // essid - char *sep_pos = strrchr (line_buf, ':'); + char *sep_pos = strrchr (line_buf, '*'); if (sep_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); @@ -1194,7 +1194,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *mac_ap = (const u8 *) wpa->mac_ap; const u8 *mac_sta = (const u8 *) wpa->mac_sta; - if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, ':', 0) == true) + if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, '*', 0) == true) { char tmp_buf[128]; From 349b3c46736726b367c10eafe8eb004edbab98a4 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 2 Jan 2020 11:59:37 +0100 Subject: [PATCH 115/300] Fix Bitlocker in OpenCL mode on NV --- OpenCL/m22100-pure.cl | 156 +++++++++++++++++++++++++++++------------- 1 file changed, 110 insertions(+), 46 deletions(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index 270cc52ef..bfb4b7908 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -199,32 +199,29 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) const u64 lid = get_local_id (0); const u64 lsz = get_local_size (0); - /** - * load 256 full w[] precomputed KE buffers into shared memory since its all static data - * in order for this to work we need to set a fixed loop count to 256 - */ + // init - #ifdef REAL_SHM + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; - LOCAL_VK u32 s_wb_ke_pc[256][48]; - - for (u32 i = lid; i < 256; i += lsz) - { - for (u32 j = 0; j < 48; j++) // first 16 set to register - { - s_wb_ke_pc[i][j] = esalt_bufs[digests_offset].wb_ke_pc[loop_pos + i][j]; - } - } - - SYNC_THREADS (); - - #else - - GLOBAL_AS u32 (*s_wb_ke_pc)[48] = &esalt_bufs[digests_offset].wb_ke_pc[loop_pos]; - - #endif - - if ((gid * VECT_SIZE) >= gid_max) return; + w0[0] = packv (tmps, last_hash, gid, 0); // last_hash + w0[1] = packv (tmps, last_hash, gid, 1); + w0[2] = packv (tmps, last_hash, gid, 2); + w0[3] = packv (tmps, last_hash, gid, 3); + w1[0] = packv (tmps, last_hash, gid, 4); + w1[1] = packv (tmps, last_hash, gid, 5); + w1[2] = packv (tmps, last_hash, gid, 6); + w1[3] = packv (tmps, last_hash, gid, 7); + w2[0] = packv (tmps, init_hash, gid, 0); // init_hash + w2[1] = packv (tmps, init_hash, gid, 1); + w2[2] = packv (tmps, init_hash, gid, 2); + w2[3] = packv (tmps, init_hash, gid, 3); + w3[0] = packv (tmps, init_hash, gid, 4); + w3[1] = packv (tmps, init_hash, gid, 5); + w3[2] = packv (tmps, init_hash, gid, 6); + w3[3] = packv (tmps, init_hash, gid, 7); // salt to register @@ -250,33 +247,46 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) t3[2] = 0; t3[3] = 88 * 8; - // init + /** + * load FIXED_ITER_COUNT full w[] precomputed KE buffers into shared memory since its all static data + * in order for this to work we need to set a fixed loop count to FIXED_ITER_COUNT + * We also need to handle OpenCL and CUDA differently because of: + * ptxas error : Entry function 'm22100_loop' uses too much shared data (0xc004 bytes, 0xc000 max) + */ - u32x w0[4]; - u32x w1[4]; - u32x w2[4]; - u32x w3[4]; + #ifdef IS_CUDA + #define FIXED_ITER_COUNT 256 + #else + #define FIXED_ITER_COUNT 128 + #endif - w0[0] = packv (tmps, last_hash, gid, 0); // last_hash - w0[1] = packv (tmps, last_hash, gid, 1); - w0[2] = packv (tmps, last_hash, gid, 2); - w0[3] = packv (tmps, last_hash, gid, 3); - w1[0] = packv (tmps, last_hash, gid, 4); - w1[1] = packv (tmps, last_hash, gid, 5); - w1[2] = packv (tmps, last_hash, gid, 6); - w1[3] = packv (tmps, last_hash, gid, 7); - w2[0] = packv (tmps, init_hash, gid, 0); // init_hash - w2[1] = packv (tmps, init_hash, gid, 1); - w2[2] = packv (tmps, init_hash, gid, 2); - w2[3] = packv (tmps, init_hash, gid, 3); - w3[0] = packv (tmps, init_hash, gid, 4); - w3[1] = packv (tmps, init_hash, gid, 5); - w3[2] = packv (tmps, init_hash, gid, 6); - w3[3] = packv (tmps, init_hash, gid, 7); + #ifdef REAL_SHM + LOCAL_VK u32 s_wb_ke_pc[FIXED_ITER_COUNT][48]; + #else + GLOBAL_AS u32 (*s_wb_ke_pc)[48] = NULL; + #endif + + #ifdef REAL_SHM + + for (u32 i = lid; i < FIXED_ITER_COUNT; i += lsz) + { + for (u32 j = 0; j < 48; j++) // first 16 set to register + { + s_wb_ke_pc[i][j] = esalt_bufs[digests_offset].wb_ke_pc[loop_pos + i][j]; + } + } + + SYNC_THREADS (); + + #else + + s_wb_ke_pc = &esalt_bufs[digests_offset].wb_ke_pc[loop_pos]; + + #endif // main loop - for (u32 i = 0, j = loop_pos; i < loop_cnt; i++, j++) + for (u32 i = 0, j = loop_pos; i < FIXED_ITER_COUNT; i++, j++) { u32x digest[8]; @@ -305,6 +315,60 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) w1[3] = digest[7]; } + #ifdef IS_CUDA + // nothing to do + #else + // remaining 128 iterations for non-cuda devices + #ifdef REAL_SHM + + for (u32 i = lid; i < FIXED_ITER_COUNT; i += lsz) + { + for (u32 j = 0; j < 48; j++) // first 16 set to register + { + s_wb_ke_pc[i][j] = esalt_bufs[digests_offset].wb_ke_pc[loop_pos + 128 + i][j]; + } + } + + SYNC_THREADS (); + + #else + + s_wb_ke_pc = &esalt_bufs[digests_offset].wb_ke_pc[loop_pos + 128]; + + #endif + + // main loop + + for (u32 i = 0, j = loop_pos + 128; i < FIXED_ITER_COUNT; i++, j++) + { + u32x digest[8]; + + digest[0] = SHA256M_A; + digest[1] = SHA256M_B; + digest[2] = SHA256M_C; + digest[3] = SHA256M_D; + digest[4] = SHA256M_E; + digest[5] = SHA256M_F; + digest[6] = SHA256M_G; + digest[7] = SHA256M_H; + + sha256_transform_vector (w0, w1, w2, w3, digest); + + t1[0] = hc_swap32_S (j); // only moving part + + sha256_transform_vector_pc (t0, t1, t2, t3, digest, s_wb_ke_pc[i]); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = digest[5]; + w1[2] = digest[6]; + w1[3] = digest[7]; + } + #endif + unpackv (tmps, last_hash, gid, 0, w0[0]); unpackv (tmps, last_hash, gid, 1, w0[1]); unpackv (tmps, last_hash, gid, 2, w0[2]); From 931e29d333aba13f98ecd0a2e93d96e071808e5d Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 2 Jan 2020 12:34:19 +0100 Subject: [PATCH 116/300] Another Bitlocker boost, reduce shared mem consumption to give some of them to the compiler for more efficient calculating of memory pointer addresses --- OpenCL/m22100-pure.cl | 160 ++++++++++++------------------------- src/modules/module_22100.c | 4 +- 2 files changed, 54 insertions(+), 110 deletions(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index bfb4b7908..61640901e 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -248,127 +248,71 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) t3[3] = 88 * 8; /** - * load FIXED_ITER_COUNT full w[] precomputed KE buffers into shared memory since its all static data - * in order for this to work we need to set a fixed loop count to FIXED_ITER_COUNT - * We also need to handle OpenCL and CUDA differently because of: - * ptxas error : Entry function 'm22100_loop' uses too much shared data (0xc004 bytes, 0xc000 max) + * load FIXED_ITER_INCR full w[] precomputed KE buffers into shared memory since its all static data + * in order for this to work we need to set a fixed loop count to FIXED_ITER_TOTAL in module */ - #ifdef IS_CUDA - #define FIXED_ITER_COUNT 256 - #else - #define FIXED_ITER_COUNT 128 - #endif + #define FIXED_ITER_TOTAL 1024 + #define FIXED_ITER_INCR 8 // seems to be a good trade-off between memory reads and available registers #ifdef REAL_SHM - LOCAL_VK u32 s_wb_ke_pc[FIXED_ITER_COUNT][48]; + LOCAL_VK u32 s_wb_ke_pc[FIXED_ITER_INCR][48]; #else GLOBAL_AS u32 (*s_wb_ke_pc)[48] = NULL; #endif - #ifdef REAL_SHM - - for (u32 i = lid; i < FIXED_ITER_COUNT; i += lsz) + for (u32 t = 0; t < FIXED_ITER_TOTAL; t += FIXED_ITER_INCR) { - for (u32 j = 0; j < 48; j++) // first 16 set to register + #ifdef REAL_SHM + + for (u32 i = lid; i < FIXED_ITER_INCR; i += lsz) { - s_wb_ke_pc[i][j] = esalt_bufs[digests_offset].wb_ke_pc[loop_pos + i][j]; + for (u32 j = 0; j < 48; j++) // first 16 set to register + { + s_wb_ke_pc[i][j] = esalt_bufs[digests_offset].wb_ke_pc[loop_pos + t + i][j]; + } + } + + SYNC_THREADS (); + + #else + + s_wb_ke_pc = &esalt_bufs[digests_offset].wb_ke_pc[loop_pos + t]; + + #endif + + // main loop + + for (u32 i = 0, j = loop_pos + t; i < FIXED_ITER_INCR; i++, j++) + { + u32x digest[8]; + + digest[0] = SHA256M_A; + digest[1] = SHA256M_B; + digest[2] = SHA256M_C; + digest[3] = SHA256M_D; + digest[4] = SHA256M_E; + digest[5] = SHA256M_F; + digest[6] = SHA256M_G; + digest[7] = SHA256M_H; + + sha256_transform_vector (w0, w1, w2, w3, digest); + + t1[0] = hc_swap32_S (j); // only moving part + + sha256_transform_vector_pc (t0, t1, t2, t3, digest, s_wb_ke_pc[i]); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = digest[5]; + w1[2] = digest[6]; + w1[3] = digest[7]; } } - SYNC_THREADS (); - - #else - - s_wb_ke_pc = &esalt_bufs[digests_offset].wb_ke_pc[loop_pos]; - - #endif - - // main loop - - for (u32 i = 0, j = loop_pos; i < FIXED_ITER_COUNT; i++, j++) - { - u32x digest[8]; - - digest[0] = SHA256M_A; - digest[1] = SHA256M_B; - digest[2] = SHA256M_C; - digest[3] = SHA256M_D; - digest[4] = SHA256M_E; - digest[5] = SHA256M_F; - digest[6] = SHA256M_G; - digest[7] = SHA256M_H; - - sha256_transform_vector (w0, w1, w2, w3, digest); - - t1[0] = hc_swap32_S (j); // only moving part - - sha256_transform_vector_pc (t0, t1, t2, t3, digest, s_wb_ke_pc[i]); - - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; - w1[1] = digest[5]; - w1[2] = digest[6]; - w1[3] = digest[7]; - } - - #ifdef IS_CUDA - // nothing to do - #else - // remaining 128 iterations for non-cuda devices - #ifdef REAL_SHM - - for (u32 i = lid; i < FIXED_ITER_COUNT; i += lsz) - { - for (u32 j = 0; j < 48; j++) // first 16 set to register - { - s_wb_ke_pc[i][j] = esalt_bufs[digests_offset].wb_ke_pc[loop_pos + 128 + i][j]; - } - } - - SYNC_THREADS (); - - #else - - s_wb_ke_pc = &esalt_bufs[digests_offset].wb_ke_pc[loop_pos + 128]; - - #endif - - // main loop - - for (u32 i = 0, j = loop_pos + 128; i < FIXED_ITER_COUNT; i++, j++) - { - u32x digest[8]; - - digest[0] = SHA256M_A; - digest[1] = SHA256M_B; - digest[2] = SHA256M_C; - digest[3] = SHA256M_D; - digest[4] = SHA256M_E; - digest[5] = SHA256M_F; - digest[6] = SHA256M_G; - digest[7] = SHA256M_H; - - sha256_transform_vector (w0, w1, w2, w3, digest); - - t1[0] = hc_swap32_S (j); // only moving part - - sha256_transform_vector_pc (t0, t1, t2, t3, digest, s_wb_ke_pc[i]); - - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; - w1[1] = digest[5]; - w1[2] = digest[6]; - w1[3] = digest[7]; - } - #endif - unpackv (tmps, last_hash, gid, 0, w0[0]); unpackv (tmps, last_hash, gid, 1, w0[1]); unpackv (tmps, last_hash, gid, 2, w0[2]); diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index bdf3d667a..3b4581715 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -80,14 +80,14 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c u32 module_kernel_loops_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 kernel_loops_min = 256; + const u32 kernel_loops_min = 1024; return kernel_loops_min; } u32 module_kernel_loops_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 kernel_loops_max = 256; + const u32 kernel_loops_max = 1024; return kernel_loops_max; } From 1cbd02b1b579691e99ccc782079e1994fc2ae30b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 2 Jan 2020 12:37:08 +0100 Subject: [PATCH 117/300] Fix s_wb_ke_pc initialization in -m 22100 kernel --- OpenCL/m22100-pure.cl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index 61640901e..afd143534 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -258,7 +258,7 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) #ifdef REAL_SHM LOCAL_VK u32 s_wb_ke_pc[FIXED_ITER_INCR][48]; #else - GLOBAL_AS u32 (*s_wb_ke_pc)[48] = NULL; + GLOBAL_AS u32 (*s_wb_ke_pc)[48]; #endif for (u32 t = 0; t < FIXED_ITER_TOTAL; t += FIXED_ITER_INCR) From 09c0cfcc04842dda2101a21ff101ccc7b7b33efc Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 2 Jan 2020 12:51:25 +0100 Subject: [PATCH 118/300] Set -u for -m 22100 to 4k with the idea to force -n value to go down to 1 --- OpenCL/m22100-pure.cl | 2 +- src/modules/module_22100.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index afd143534..67fa3d73b 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -252,7 +252,7 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) * in order for this to work we need to set a fixed loop count to FIXED_ITER_TOTAL in module */ - #define FIXED_ITER_TOTAL 1024 + #define FIXED_ITER_TOTAL 4096 #define FIXED_ITER_INCR 8 // seems to be a good trade-off between memory reads and available registers #ifdef REAL_SHM diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index 3b4581715..4565ff7f1 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -80,14 +80,14 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c u32 module_kernel_loops_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 kernel_loops_min = 1024; + const u32 kernel_loops_min = 4096; return kernel_loops_min; } u32 module_kernel_loops_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 kernel_loops_max = 1024; + const u32 kernel_loops_max = 4096; return kernel_loops_max; } From 20ef9725ef30cb992d5ba422ea6e2cf2e3e3683c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 2 Jan 2020 19:40:18 +0100 Subject: [PATCH 119/300] Use * in potfile entries for -m 250x and -m 1680x --- src/modules/module_02500.c | 4 ++-- src/modules/module_02501.c | 4 ++-- src/modules/module_16800.c | 4 ++-- src/modules/module_16801.c | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/modules/module_02500.c b/src/modules/module_02500.c index 8907f8677..753636dc1 100644 --- a/src/modules/module_02500.c +++ b/src/modules/module_02500.c @@ -261,7 +261,7 @@ int module_hash_decode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY // essid - char *sep_pos = strrchr (line_buf, ':'); + char *sep_pos = strrchr (line_buf, '*'); if (sep_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); @@ -292,7 +292,7 @@ int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY tmp_buf[tmp_len] = 0; - const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x:%s", + const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x*%s", wpa_pbkdf2_tmp->out[0], wpa_pbkdf2_tmp->out[1], wpa_pbkdf2_tmp->out[2], diff --git a/src/modules/module_02501.c b/src/modules/module_02501.c index a7ce17b04..41aa86acd 100644 --- a/src/modules/module_02501.c +++ b/src/modules/module_02501.c @@ -258,7 +258,7 @@ int module_hash_decode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY // essid - char *sep_pos = strrchr (line_buf, ':'); + char *sep_pos = strrchr (line_buf, '*'); if (sep_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); @@ -289,7 +289,7 @@ int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY tmp_buf[tmp_len] = 0; - const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x:%s", + const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x*%s", wpa_pmk_tmp->out[0], wpa_pmk_tmp->out[1], wpa_pmk_tmp->out[2], diff --git a/src/modules/module_16800.c b/src/modules/module_16800.c index d77ddd8ed..b236b0cea 100644 --- a/src/modules/module_16800.c +++ b/src/modules/module_16800.c @@ -132,7 +132,7 @@ int module_hash_decode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY // essid - char *sep_pos = strrchr (line_buf, ':'); + char *sep_pos = strrchr (line_buf, '*'); if (sep_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); @@ -163,7 +163,7 @@ int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY tmp_buf[tmp_len] = 0; - const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x:%s", + const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x*%s", wpa_pbkdf2_tmp->out[0], wpa_pbkdf2_tmp->out[1], wpa_pbkdf2_tmp->out[2], diff --git a/src/modules/module_16801.c b/src/modules/module_16801.c index f34c449d0..2e8ef9987 100644 --- a/src/modules/module_16801.c +++ b/src/modules/module_16801.c @@ -129,7 +129,7 @@ int module_hash_decode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY // essid - char *sep_pos = strrchr (line_buf, ':'); + char *sep_pos = strrchr (line_buf, '*'); if (sep_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); @@ -160,7 +160,7 @@ int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY tmp_buf[tmp_len] = 0; - const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x:%s", + const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x*%s", wpa_pmk_tmp->out[0], wpa_pmk_tmp->out[1], wpa_pmk_tmp->out[2], From c201d15ab8873d3cd1156082d948835b7c9e6a23 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 3 Jan 2020 09:54:03 +0100 Subject: [PATCH 120/300] Fix JiT compiler warning on intel for -m 22100 --- OpenCL/m22100-pure.cl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index 67fa3d73b..9af1d0b92 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -39,7 +39,7 @@ typedef struct bitlocker_tmp #ifdef REAL_SHM #define SHM_TYPE2 LOCAL_AS #else -#define SHM_TYPE2 GLOBAL_AS +#define SHM_TYPE2 GLOBAL_AS const #endif DECLSPEC void sha256_transform_vector_pc (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE2 u32 s_wb_ke_pc[48]) @@ -258,7 +258,7 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) #ifdef REAL_SHM LOCAL_VK u32 s_wb_ke_pc[FIXED_ITER_INCR][48]; #else - GLOBAL_AS u32 (*s_wb_ke_pc)[48]; + GLOBAL_AS const u32 (*s_wb_ke_pc)[48]; #endif for (u32 t = 0; t < FIXED_ITER_TOTAL; t += FIXED_ITER_INCR) From 2b4d0656d56ab08b86827d79fc273cca1d32180d Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 3 Jan 2020 10:44:10 +0100 Subject: [PATCH 121/300] Cache inline assembly instruction check results for same devices types --- src/backend.c | 44 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/src/backend.c b/src/backend.c index b25e33aa4..303e106ec 100644 --- a/src/backend.c +++ b/src/backend.c @@ -5432,14 +5432,42 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) // //if (rc_cuCtxSetCacheConfig == -1) return -1; - device_param->has_add = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"add.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_addc = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"addc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_sub = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"sub.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_subc = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"subc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_bfe = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"bfe.u32 %0, 0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_lop3 = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"lop3.b32 %0, 0, 0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_mov64 = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned long long r; unsigned int a; unsigned int b; asm volatile (\"mov.b64 %0, {%1, %2};\" : \"=l\"(r) : \"r\"(a), \"r\"(b)); }"); - device_param->has_prmt = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"prmt.b32 %0, 0, 0, 0;\" : \"=r\"(r)); }"); + #define RUN_INSTRUCTION_CHECKS() \ + device_param->has_add = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"add.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_addc = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"addc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_sub = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"sub.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_subc = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"subc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_bfe = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"bfe.u32 %0, 0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_lop3 = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"lop3.b32 %0, 0, 0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_mov64 = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned long long r; unsigned int a; unsigned int b; asm volatile (\"mov.b64 %0, {%1, %2};\" : \"=l\"(r) : \"r\"(a), \"r\"(b)); }"); \ + device_param->has_prmt = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"prmt.b32 %0, 0, 0, 0;\" : \"=r\"(r)); }"); \ + + if (backend_devices_idx > 0) + { + hc_device_param_t *device_param_prev = &devices_param[backend_devices_idx - 1]; + + if (is_same_device_type (device_param, device_param_prev) == true) + { + device_param->has_add = device_param_prev->has_add; + device_param->has_addc = device_param_prev->has_addc; + device_param->has_sub = device_param_prev->has_sub; + device_param->has_subc = device_param_prev->has_subc; + device_param->has_bfe = device_param_prev->has_bfe; + device_param->has_lop3 = device_param_prev->has_lop3; + device_param->has_mov64 = device_param_prev->has_mov64; + device_param->has_prmt = device_param_prev->has_prmt; + } + else + { + RUN_INSTRUCTION_CHECKS(); + } + } + else + { + RUN_INSTRUCTION_CHECKS(); + } + + #undef RUN_INSTRUCTION_CHECKS // device_available_mem From 3fbcbe0f76079cc46da0a13e19c82a924938cb07 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Fri, 3 Jan 2020 10:59:19 +0100 Subject: [PATCH 122/300] license: update license year to 2020 Happy new year 2020 --- docs/license.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/license.txt b/docs/license.txt index f000a072c..48d77100c 100644 --- a/docs/license.txt +++ b/docs/license.txt @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2015-2019 Jens Steube +Copyright (c) 2015-2020 Jens Steube Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From b3690fcd05c40a4307571307b625ccd31ae4d061 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 3 Jan 2020 11:06:55 +0100 Subject: [PATCH 123/300] Backport instruction test cache from CUDA to OpenCL --- src/backend.c | 89 ++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 73 insertions(+), 16 deletions(-) diff --git a/src/backend.c b/src/backend.c index 303e106ec..3b4892c3a 100644 --- a/src/backend.c +++ b/src/backend.c @@ -98,7 +98,9 @@ static bool is_same_device_type (const hc_device_param_t *src, const hc_device_p if (src->is_cuda != dst->is_cuda) return false; if (src->is_opencl != dst->is_opencl) return false; - if (src->is_cuda == true) + if (strcmp (src->device_name, dst->device_name) != 0) return false; + + if (src->is_opencl == true) { if (strcmp (src->opencl_device_vendor, dst->opencl_device_vendor) != 0) return false; if (strcmp (src->opencl_device_version, dst->opencl_device_version) != 0) return false; @@ -6164,25 +6166,80 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) if ((device_param->opencl_device_type & CL_DEVICE_TYPE_GPU) && (device_param->opencl_platform_vendor_id == VENDOR_ID_AMD)) { - device_param->has_vadd = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADD_U32 %0, 0, 0;\" : \"=v\"(r)); }"); - device_param->has_vaddc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADDC_U32 %0, 0, 0;\" : \"=v\"(r)); }"); - device_param->has_vsub = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_SUB_U32 %0, 0, 0;\" : \"=v\"(r)); }"); - device_param->has_vsubb = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_SUBB_U32 %0, 0, 0;\" : \"=v\"(r)); }"); - device_param->has_vadd3 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADD3_U32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); - device_param->has_vbfe = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_BFE_U32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); - device_param->has_vperm = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_PERM_B32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); + #define RUN_INSTRUCTION_CHECKS() \ + device_param->has_vadd = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADD_U32 %0, 0, 0;\" : \"=v\"(r)); }"); \ + device_param->has_vaddc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADDC_U32 %0, 0, 0;\" : \"=v\"(r)); }"); \ + device_param->has_vsub = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_SUB_U32 %0, 0, 0;\" : \"=v\"(r)); }"); \ + device_param->has_vsubb = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_SUBB_U32 %0, 0, 0;\" : \"=v\"(r)); }"); \ + device_param->has_vadd3 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADD3_U32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); \ + device_param->has_vbfe = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_BFE_U32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); \ + device_param->has_vperm = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_PERM_B32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); \ + + if (backend_devices_idx > 0) + { + hc_device_param_t *device_param_prev = &devices_param[backend_devices_idx - 1]; + + if (is_same_device_type (device_param, device_param_prev) == true) + { + device_param->has_vadd = device_param_prev->has_vadd; + device_param->has_vaddc = device_param_prev->has_vaddc; + device_param->has_vsub = device_param_prev->has_vsub; + device_param->has_vsubb = device_param_prev->has_vsubb; + device_param->has_vadd3 = device_param_prev->has_vadd3; + device_param->has_vbfe = device_param_prev->has_vbfe; + device_param->has_vperm = device_param_prev->has_vperm; + } + else + { + RUN_INSTRUCTION_CHECKS(); + } + } + else + { + RUN_INSTRUCTION_CHECKS(); + } + + #undef RUN_INSTRUCTION_CHECKS } if ((device_param->opencl_device_type & CL_DEVICE_TYPE_GPU) && (device_param->opencl_platform_vendor_id == VENDOR_ID_NV)) { - device_param->has_add = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"add.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_addc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"addc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_sub = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"sub.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_subc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"subc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_bfe = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"bfe.u32 %0, 0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_lop3 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"lop3.b32 %0, 0, 0, 0, 0;\" : \"=r\"(r)); }"); - device_param->has_mov64 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { ulong r; uint a; uint b; asm volatile (\"mov.b64 %0, {%1, %2};\" : \"=l\"(r) : \"r\"(a), \"r\"(b)); }"); - device_param->has_prmt = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"prmt.b32 %0, 0, 0, 0;\" : \"=r\"(r)); }"); + #define RUN_INSTRUCTION_CHECKS() \ + device_param->has_add = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"add.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_addc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"addc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_sub = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"sub.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_subc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"subc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_bfe = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"bfe.u32 %0, 0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_lop3 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"lop3.b32 %0, 0, 0, 0, 0;\" : \"=r\"(r)); }"); \ + device_param->has_mov64 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { ulong r; uint a; uint b; asm volatile (\"mov.b64 %0, {%1, %2};\" : \"=l\"(r) : \"r\"(a), \"r\"(b)); }"); \ + device_param->has_prmt = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"prmt.b32 %0, 0, 0, 0;\" : \"=r\"(r)); }"); \ + + if (backend_devices_idx > 0) + { + hc_device_param_t *device_param_prev = &devices_param[backend_devices_idx - 1]; + + if (is_same_device_type (device_param, device_param_prev) == true) + { + device_param->has_add = device_param_prev->has_add; + device_param->has_addc = device_param_prev->has_addc; + device_param->has_sub = device_param_prev->has_sub; + device_param->has_subc = device_param_prev->has_subc; + device_param->has_bfe = device_param_prev->has_bfe; + device_param->has_lop3 = device_param_prev->has_lop3; + device_param->has_mov64 = device_param_prev->has_mov64; + device_param->has_prmt = device_param_prev->has_prmt; + } + else + { + RUN_INSTRUCTION_CHECKS(); + } + } + else + { + RUN_INSTRUCTION_CHECKS(); + } + + #undef RUN_INSTRUCTION_CHECKS } // device_available_mem From 36fab0aa674a1b1333ffb1a1e69075dc0e77cb47 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Fri, 3 Jan 2020 11:21:48 +0100 Subject: [PATCH 124/300] usage/help: use crack_pos everywhere instead of mixing crackpos w/ crack_pos --- src/usage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/usage.c b/src/usage.c index 657e5eb2b..e77ed9cc9 100644 --- a/src/usage.c +++ b/src/usage.c @@ -162,7 +162,7 @@ static const char *const USAGE_BIG_POST_HASHMODES[] = " 5 | hash[:salt]:hex_plain", " 6 | plain:hex_plain", " 7 | hash[:salt]:plain:hex_plain", - " 8 | crackpos", + " 8 | crack_pos", " 9 | hash[:salt]:crack_pos", " 10 | plain:crack_pos", " 11 | hash[:salt]:plain:crack_pos", From febb6692e097ba5915dd2167ec77829591be4665 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Fri, 3 Jan 2020 11:41:10 +0100 Subject: [PATCH 125/300] fixes #2121: explain the utf16-le / utf16-be limitation in docs/limits.txt --- docs/limits.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/limits.txt b/docs/limits.txt index 884a781be..0ee928080 100644 --- a/docs/limits.txt +++ b/docs/limits.txt @@ -22,6 +22,17 @@ Important: That does not mean UTF-16 file content, which is fully supported. It only means the filename itself. +## +## Hashing algorithms that internally use UTF-16 characters could in special cases lead to false negatives +## + +The UTF-16 conversion implementation used within the kernel code is very elementary and for performance +reasons does not respect all complicated encoding rules required to correctly convert, for instance, ASCII +or UTF-8 to UTF-16LE (or UTF-16BE). + +The implementation most likely fails with multi-byte characters, because we basically add a zero byte every +second byte within the kernel conversion code. + ## ## The use of --keep-guessing eventually skips reporting duplicate passwords ## From d0fb171da985c4974043ac385dde11e91fefe9d1 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 3 Jan 2020 11:51:24 +0100 Subject: [PATCH 126/300] Added new options --backend-ignore-cuda and --backend-ingore-opencl, to ignore CUDA and/or OpenCL interface from being load on startup --- docs/changes.txt | 1 + extra/tab_completion/hashcat.sh | 2 +- include/types.h | 152 ++++++++++---------- src/backend.c | 236 +++++++++++++++++--------------- src/usage.c | 2 + src/user_options.c | 6 + 6 files changed, 212 insertions(+), 187 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index c9f5593a5..8124c71da 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -7,6 +7,7 @@ - Fully modularized hash-mode integration via plugin interface and conversion of all existing hash-modes - Refactor hashcat backend interface to allow adding compute API other than OpenCL - Added CUDA as a new compute API to hashcat backend (enables hashcat to run on NVIDIA Jetson, IBM POWER9 w/ Nvidia V100, etc.) +- Added new options --backend-ignore-cuda and --backend-ingore-opencl, to ignore CUDA and/or OpenCL interface from being load on startup - Support use of all available GPU memory using CUDA backend - Support use of all available CPU cores for hash-mode specific hooks - Support on-the-fly loading of compressed wordlists in zip and gzip format diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh index 96d426c22..a96c0248c 100644 --- a/extra/tab_completion/hashcat.sh +++ b/extra/tab_completion/hashcat.sh @@ -250,7 +250,7 @@ _hashcat () local BUILD_IN_CHARSETS='?l ?u ?d ?a ?b ?s ?h ?H' local SHORT_OPTS="-m -a -V -h -b -t -T -o -p -c -d -D -w -n -u -j -k -r -g -1 -2 -3 -4 -i -I -s -l -O -S -z" - local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --benchmark-all --hex-salt --hex-wordlist --hex-charset --force --status --status-json --status-timer --stdin-timeout-abort --machine-readable --loopback --markov-hcstat2 --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --wordlist-autohex-disable --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --example-hashes --backend-info --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-disable --hwmon-temp-abort --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --optimized-kernel-enable --self-test-disable --slow-candidates --brain-server --brain-client --brain-client-features --brain-host --brain-port --brain-session --brain-session-whitelist --brain-password" + local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --benchmark-all --hex-salt --hex-wordlist --hex-charset --force --status --status-json --status-timer --stdin-timeout-abort --machine-readable --loopback --markov-hcstat2 --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --wordlist-autohex-disable --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --example-hashes --backend-ignore-cuda --backend-ignore-opencl --backend-info --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-disable --hwmon-temp-abort --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --optimized-kernel-enable --self-test-disable --slow-candidates --brain-server --brain-client --brain-client-features --brain-host --brain-port --brain-session --brain-session-whitelist --brain-password" local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --stdin-timeout-abort --markov-hcstat2 --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-temp-abort --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment-min --increment-max --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --brain-client-features --brain-host --brain-password --brain-port --brain-session --brain-session-whitelist" COMPREPLY=() diff --git a/include/types.h b/include/types.h index 0b38e27aa..3f0d2e12e 100644 --- a/include/types.h +++ b/include/types.h @@ -604,6 +604,8 @@ typedef enum user_options_defaults MARKOV_DISABLE = false, MARKOV_THRESHOLD = 0, NONCE_ERROR_CORRECTIONS = 8, + BACKEND_IGNORE_CUDA = false, + BACKEND_IGNORE_OPENCL = false, BACKEND_INFO = false, BACKEND_VECTOR_WIDTH = 0, OPTIMIZED_KERNEL_ENABLE = false, @@ -650,109 +652,111 @@ typedef enum user_options_map IDX_ADVICE_DISABLE = 0xff00, IDX_ATTACK_MODE = 'a', IDX_BACKEND_DEVICES = 'd', + IDX_BACKEND_IGNORE_CUDA = 0xff01, + IDX_BACKEND_IGNORE_OPENCL = 0xff02, IDX_BACKEND_INFO = 'I', - IDX_BACKEND_VECTOR_WIDTH = 0xff01, - IDX_BENCHMARK_ALL = 0xff02, + IDX_BACKEND_VECTOR_WIDTH = 0xff03, + IDX_BENCHMARK_ALL = 0xff04, IDX_BENCHMARK = 'b', - IDX_BITMAP_MAX = 0xff03, - IDX_BITMAP_MIN = 0xff04, + IDX_BITMAP_MAX = 0xff05, + IDX_BITMAP_MIN = 0xff06, #ifdef WITH_BRAIN IDX_BRAIN_CLIENT = 'z', - IDX_BRAIN_CLIENT_FEATURES = 0xff05, - IDX_BRAIN_HOST = 0xff06, - IDX_BRAIN_PASSWORD = 0xff07, - IDX_BRAIN_PORT = 0xff08, - IDX_BRAIN_SERVER = 0xff09, - IDX_BRAIN_SESSION = 0xff0a, - IDX_BRAIN_SESSION_WHITELIST = 0xff0b, + IDX_BRAIN_CLIENT_FEATURES = 0xff07, + IDX_BRAIN_HOST = 0xff08, + IDX_BRAIN_PASSWORD = 0xff09, + IDX_BRAIN_PORT = 0xff0a, + IDX_BRAIN_SERVER = 0xff0b, + IDX_BRAIN_SESSION = 0xff0c, + IDX_BRAIN_SESSION_WHITELIST = 0xff0d, #endif - IDX_CPU_AFFINITY = 0xff0c, + IDX_CPU_AFFINITY = 0xff0e, IDX_CUSTOM_CHARSET_1 = '1', IDX_CUSTOM_CHARSET_2 = '2', IDX_CUSTOM_CHARSET_3 = '3', IDX_CUSTOM_CHARSET_4 = '4', - IDX_DEBUG_FILE = 0xff0d, - IDX_DEBUG_MODE = 0xff0e, - IDX_ENCODING_FROM = 0xff0f, - IDX_ENCODING_TO = 0xff10, - IDX_EXAMPLE_HASHES = 0xff11, - IDX_FORCE = 0xff12, - IDX_HWMON_DISABLE = 0xff13, - IDX_HWMON_TEMP_ABORT = 0xff14, + IDX_DEBUG_FILE = 0xff0f, + IDX_DEBUG_MODE = 0xff10, + IDX_ENCODING_FROM = 0xff11, + IDX_ENCODING_TO = 0xff12, + IDX_EXAMPLE_HASHES = 0xff13, + IDX_FORCE = 0xff14, + IDX_HWMON_DISABLE = 0xff15, + IDX_HWMON_TEMP_ABORT = 0xff16, IDX_HASH_MODE = 'm', - IDX_HCCAPX_MESSAGE_PAIR = 0xff15, + IDX_HCCAPX_MESSAGE_PAIR = 0xff17, IDX_HELP = 'h', - IDX_HEX_CHARSET = 0xff16, - IDX_HEX_SALT = 0xff17, - IDX_HEX_WORDLIST = 0xff18, - IDX_HOOK_THREADS = 0xff19, + IDX_HEX_CHARSET = 0xff18, + IDX_HEX_SALT = 0xff19, + IDX_HEX_WORDLIST = 0xff1a, + IDX_HOOK_THREADS = 0xff1b, IDX_INCREMENT = 'i', - IDX_INCREMENT_MAX = 0xff1a, - IDX_INCREMENT_MIN = 0xff1b, - IDX_INDUCTION_DIR = 0xff1c, - IDX_KEEP_GUESSING = 0xff1d, + IDX_INCREMENT_MAX = 0xff1c, + IDX_INCREMENT_MIN = 0xff1d, + IDX_INDUCTION_DIR = 0xff1e, + IDX_KEEP_GUESSING = 0xff1f, IDX_KERNEL_ACCEL = 'n', IDX_KERNEL_LOOPS = 'u', IDX_KERNEL_THREADS = 'T', - IDX_KEYBOARD_LAYOUT_MAPPING = 0xff1e, - IDX_KEYSPACE = 0xff1f, - IDX_LEFT = 0xff20, + IDX_KEYBOARD_LAYOUT_MAPPING = 0xff20, + IDX_KEYSPACE = 0xff21, + IDX_LEFT = 0xff22, IDX_LIMIT = 'l', - IDX_LOGFILE_DISABLE = 0xff21, - IDX_LOOPBACK = 0xff22, - IDX_MACHINE_READABLE = 0xff23, - IDX_MARKOV_CLASSIC = 0xff24, - IDX_MARKOV_DISABLE = 0xff25, - IDX_MARKOV_HCSTAT2 = 0xff26, + IDX_LOGFILE_DISABLE = 0xff23, + IDX_LOOPBACK = 0xff24, + IDX_MACHINE_READABLE = 0xff25, + IDX_MARKOV_CLASSIC = 0xff26, + IDX_MARKOV_DISABLE = 0xff27, + IDX_MARKOV_HCSTAT2 = 0xff28, IDX_MARKOV_THRESHOLD = 't', - IDX_NONCE_ERROR_CORRECTIONS = 0xff27, + IDX_NONCE_ERROR_CORRECTIONS = 0xff29, IDX_OPENCL_DEVICE_TYPES = 'D', IDX_OPTIMIZED_KERNEL_ENABLE = 'O', - IDX_OUTFILE_AUTOHEX_DISABLE = 0xff28, - IDX_OUTFILE_CHECK_DIR = 0xff29, - IDX_OUTFILE_CHECK_TIMER = 0xff2a, - IDX_OUTFILE_FORMAT = 0xff2b, + IDX_OUTFILE_AUTOHEX_DISABLE = 0xff2a, + IDX_OUTFILE_CHECK_DIR = 0xff2b, + IDX_OUTFILE_CHECK_TIMER = 0xff2c, + IDX_OUTFILE_FORMAT = 0xff2d, IDX_OUTFILE = 'o', - IDX_POTFILE_DISABLE = 0xff2c, - IDX_POTFILE_PATH = 0xff2d, - IDX_PROGRESS_ONLY = 0xff2e, - IDX_QUIET = 0xff2f, - IDX_REMOVE = 0xff30, - IDX_REMOVE_TIMER = 0xff31, - IDX_RESTORE = 0xff32, - IDX_RESTORE_DISABLE = 0xff33, - IDX_RESTORE_FILE_PATH = 0xff34, + IDX_POTFILE_DISABLE = 0xff2e, + IDX_POTFILE_PATH = 0xff2f, + IDX_PROGRESS_ONLY = 0xff30, + IDX_QUIET = 0xff31, + IDX_REMOVE = 0xff32, + IDX_REMOVE_TIMER = 0xff33, + IDX_RESTORE = 0xff34, + IDX_RESTORE_DISABLE = 0xff35, + IDX_RESTORE_FILE_PATH = 0xff36, IDX_RP_FILE = 'r', - IDX_RP_GEN_FUNC_MAX = 0xff35, - IDX_RP_GEN_FUNC_MIN = 0xff36, + IDX_RP_GEN_FUNC_MAX = 0xff37, + IDX_RP_GEN_FUNC_MIN = 0xff38, IDX_RP_GEN = 'g', - IDX_RP_GEN_SEED = 0xff37, + IDX_RP_GEN_SEED = 0xff39, IDX_RULE_BUF_L = 'j', IDX_RULE_BUF_R = 'k', - IDX_RUNTIME = 0xff38, - IDX_SCRYPT_TMTO = 0xff39, + IDX_RUNTIME = 0xff3a, + IDX_SCRYPT_TMTO = 0xff3b, IDX_SEGMENT_SIZE = 'c', - IDX_SELF_TEST_DISABLE = 0xff3a, + IDX_SELF_TEST_DISABLE = 0xff3c, IDX_SEPARATOR = 'p', - IDX_SESSION = 0xff3b, - IDX_SHOW = 0xff3c, + IDX_SESSION = 0xff3d, + IDX_SHOW = 0xff3e, IDX_SKIP = 's', IDX_SLOW_CANDIDATES = 'S', - IDX_SPEED_ONLY = 0xff3d, - IDX_SPIN_DAMP = 0xff3e, - IDX_STATUS = 0xff3f, - IDX_STATUS_JSON = 0xff40, - IDX_STATUS_TIMER = 0xff41, - IDX_STDOUT_FLAG = 0xff42, - IDX_STDIN_TIMEOUT_ABORT = 0xff43, - IDX_TRUECRYPT_KEYFILES = 0xff44, - IDX_USERNAME = 0xff45, - IDX_VERACRYPT_KEYFILES = 0xff46, - IDX_VERACRYPT_PIM_START = 0xff47, - IDX_VERACRYPT_PIM_STOP = 0xff48, + IDX_SPEED_ONLY = 0xff3f, + IDX_SPIN_DAMP = 0xff40, + IDX_STATUS = 0xff41, + IDX_STATUS_JSON = 0xff42, + IDX_STATUS_TIMER = 0xff43, + IDX_STDOUT_FLAG = 0xff44, + IDX_STDIN_TIMEOUT_ABORT = 0xff45, + IDX_TRUECRYPT_KEYFILES = 0xff46, + IDX_USERNAME = 0xff47, + IDX_VERACRYPT_KEYFILES = 0xff48, + IDX_VERACRYPT_PIM_START = 0xff49, + IDX_VERACRYPT_PIM_STOP = 0xff4a, IDX_VERSION_LOWER = 'v', IDX_VERSION = 'V', - IDX_WORDLIST_AUTOHEX_DISABLE = 0xff49, + IDX_WORDLIST_AUTOHEX_DISABLE = 0xff4b, IDX_WORKLOAD_PROFILE = 'w', } user_options_map_t; @@ -1875,6 +1879,8 @@ typedef struct user_options bool machine_readable; bool markov_classic; bool markov_disable; + bool backend_ignore_cuda; + bool backend_ignore_opencl; bool backend_info; bool optimized_kernel_enable; bool outfile_autohex; diff --git a/src/backend.c b/src/backend.c index 3b4892c3a..530477b4c 100644 --- a/src/backend.c +++ b/src/backend.c @@ -4743,137 +4743,147 @@ int backend_ctx_init (hashcat_ctx_t *hashcat_ctx) * Load and map CUDA library calls, then init CUDA */ - CUDA_PTR *cuda = (CUDA_PTR *) hcmalloc (sizeof (CUDA_PTR)); + int rc_cuda_init = -1; - backend_ctx->cuda = cuda; - - int rc_cuda_init = cuda_init (hashcat_ctx); - - if (rc_cuda_init == -1) + if (user_options->backend_ignore_cuda == false) { - cuda_close (hashcat_ctx); - } + CUDA_PTR *cuda = (CUDA_PTR *) hcmalloc (sizeof (CUDA_PTR)); - /** - * Load and map NVRTC library calls - */ + backend_ctx->cuda = cuda; - NVRTC_PTR *nvrtc = (NVRTC_PTR *) hcmalloc (sizeof (NVRTC_PTR)); + rc_cuda_init = cuda_init (hashcat_ctx); - backend_ctx->nvrtc = nvrtc; - - int rc_nvrtc_init = nvrtc_init (hashcat_ctx); - - if (rc_nvrtc_init == -1) - { - nvrtc_close (hashcat_ctx); - } - - /** - * Check if both CUDA and NVRTC were load successful - */ - - if ((rc_cuda_init == 0) && (rc_nvrtc_init == 0)) - { - // nvrtc version - - int nvrtc_major = 0; - int nvrtc_minor = 0; - - if (hc_nvrtcVersion (hashcat_ctx, &nvrtc_major, &nvrtc_minor) == -1) return -1; - - int nvrtc_driver_version = (nvrtc_major * 1000) + (nvrtc_minor * 10); - - backend_ctx->nvrtc_driver_version = nvrtc_driver_version; - - // cuda version - - int cuda_driver_version = 0; - - if (hc_cuDriverGetVersion (hashcat_ctx, &cuda_driver_version) == -1) return -1; - - backend_ctx->cuda_driver_version = cuda_driver_version; - - // some pre-check - - if ((nvrtc_driver_version < 10000) || (cuda_driver_version < 10000)) + if (rc_cuda_init == -1) { - event_log_error (hashcat_ctx, "Outdated NVIDIA CUDA Toolkit version '%d' detected!", cuda_driver_version); - - event_log_warning (hashcat_ctx, "See hashcat.net for officially supported NVIDIA CUDA Toolkit versions."); - event_log_warning (hashcat_ctx, NULL); - - return -1; + cuda_close (hashcat_ctx); } - } - else - { - rc_cuda_init = -1; - rc_nvrtc_init = -1; - cuda_close (hashcat_ctx); - nvrtc_close (hashcat_ctx); + /** + * Load and map NVRTC library calls + */ + + NVRTC_PTR *nvrtc = (NVRTC_PTR *) hcmalloc (sizeof (NVRTC_PTR)); + + backend_ctx->nvrtc = nvrtc; + + int rc_nvrtc_init = nvrtc_init (hashcat_ctx); + + if (rc_nvrtc_init == -1) + { + nvrtc_close (hashcat_ctx); + } + + /** + * Check if both CUDA and NVRTC were load successful + */ + + if ((rc_cuda_init == 0) && (rc_nvrtc_init == 0)) + { + // nvrtc version + + int nvrtc_major = 0; + int nvrtc_minor = 0; + + if (hc_nvrtcVersion (hashcat_ctx, &nvrtc_major, &nvrtc_minor) == -1) return -1; + + int nvrtc_driver_version = (nvrtc_major * 1000) + (nvrtc_minor * 10); + + backend_ctx->nvrtc_driver_version = nvrtc_driver_version; + + // cuda version + + int cuda_driver_version = 0; + + if (hc_cuDriverGetVersion (hashcat_ctx, &cuda_driver_version) == -1) return -1; + + backend_ctx->cuda_driver_version = cuda_driver_version; + + // some pre-check + + if ((nvrtc_driver_version < 10000) || (cuda_driver_version < 10000)) + { + event_log_error (hashcat_ctx, "Outdated NVIDIA CUDA Toolkit version '%d' detected!", cuda_driver_version); + + event_log_warning (hashcat_ctx, "See hashcat.net for officially supported NVIDIA CUDA Toolkit versions."); + event_log_warning (hashcat_ctx, NULL); + + return -1; + } + } + else + { + rc_cuda_init = -1; + rc_nvrtc_init = -1; + + cuda_close (hashcat_ctx); + nvrtc_close (hashcat_ctx); + } } /** * Load and map OpenCL library calls */ - OCL_PTR *ocl = (OCL_PTR *) hcmalloc (sizeof (OCL_PTR)); + int rc_ocl_init = -1; - backend_ctx->ocl = ocl; - - const int rc_ocl_init = ocl_init (hashcat_ctx); - - if (rc_ocl_init == -1) + if (user_options->backend_ignore_opencl == false) { - ocl_close (hashcat_ctx); + OCL_PTR *ocl = (OCL_PTR *) hcmalloc (sizeof (OCL_PTR)); + + backend_ctx->ocl = ocl; + + rc_ocl_init = ocl_init (hashcat_ctx); + + if (rc_ocl_init == -1) + { + ocl_close (hashcat_ctx); + } + + /** + * return if both CUDA and OpenCL initialization failed + */ + + if ((rc_cuda_init == -1) && (rc_ocl_init == -1)) + { + event_log_error (hashcat_ctx, "ATTENTION! No OpenCL or CUDA installation found."); + + event_log_warning (hashcat_ctx, "You are probably missing the CUDA or OpenCL runtime installation."); + event_log_warning (hashcat_ctx, NULL); + + #if defined (__linux__) + event_log_warning (hashcat_ctx, "* AMD GPUs on Linux require this driver:"); + event_log_warning (hashcat_ctx, " \"RadeonOpenCompute (ROCm)\" Software Platform (1.6.180 or later)"); + #elif defined (_WIN) + event_log_warning (hashcat_ctx, "* AMD GPUs on Windows require this driver:"); + event_log_warning (hashcat_ctx, " \"AMD Radeon Software Crimson Edition\" (15.12 or later)"); + #endif + + event_log_warning (hashcat_ctx, "* Intel CPUs require this runtime:"); + event_log_warning (hashcat_ctx, " \"OpenCL Runtime for Intel Core and Intel Xeon Processors\" (16.1.1 or later)"); + + #if defined (__linux__) + event_log_warning (hashcat_ctx, "* Intel GPUs on Linux require this driver:"); + event_log_warning (hashcat_ctx, " \"OpenCL 2.0 GPU Driver Package for Linux\" (2.0 or later)"); + #elif defined (_WIN) + event_log_warning (hashcat_ctx, "* Intel GPUs on Windows require this driver:"); + event_log_warning (hashcat_ctx, " \"OpenCL Driver for Intel Iris and Intel HD Graphics\""); + #endif + + event_log_warning (hashcat_ctx, "* NVIDIA GPUs require this runtime and/or driver (both):"); + event_log_warning (hashcat_ctx, " \"NVIDIA Driver\" (418.56 or later)"); + event_log_warning (hashcat_ctx, " \"CUDA Toolkit\" (10.1 or later)"); + event_log_warning (hashcat_ctx, NULL); + + return -1; + } + + /** + * Some permission pre-check, because AMDGPU-PRO Driver crashes if the user has no permission to do this + */ + + if (ocl_check_dri (hashcat_ctx) == -1) return -1; } - /** - * return if both CUDA and OpenCL initialization failed - */ - - if ((rc_cuda_init == -1) && (rc_ocl_init == -1)) - { - event_log_error (hashcat_ctx, "ATTENTION! No OpenCL or CUDA installation found."); - - event_log_warning (hashcat_ctx, "You are probably missing the CUDA or OpenCL runtime installation."); - event_log_warning (hashcat_ctx, NULL); - - #if defined (__linux__) - event_log_warning (hashcat_ctx, "* AMD GPUs on Linux require this driver:"); - event_log_warning (hashcat_ctx, " \"RadeonOpenCompute (ROCm)\" Software Platform (1.6.180 or later)"); - #elif defined (_WIN) - event_log_warning (hashcat_ctx, "* AMD GPUs on Windows require this driver:"); - event_log_warning (hashcat_ctx, " \"AMD Radeon Software Crimson Edition\" (15.12 or later)"); - #endif - - event_log_warning (hashcat_ctx, "* Intel CPUs require this runtime:"); - event_log_warning (hashcat_ctx, " \"OpenCL Runtime for Intel Core and Intel Xeon Processors\" (16.1.1 or later)"); - - #if defined (__linux__) - event_log_warning (hashcat_ctx, "* Intel GPUs on Linux require this driver:"); - event_log_warning (hashcat_ctx, " \"OpenCL 2.0 GPU Driver Package for Linux\" (2.0 or later)"); - #elif defined (_WIN) - event_log_warning (hashcat_ctx, "* Intel GPUs on Windows require this driver:"); - event_log_warning (hashcat_ctx, " \"OpenCL Driver for Intel Iris and Intel HD Graphics\""); - #endif - - event_log_warning (hashcat_ctx, "* NVIDIA GPUs require this runtime and/or driver (both):"); - event_log_warning (hashcat_ctx, " \"NVIDIA Driver\" (418.56 or later)"); - event_log_warning (hashcat_ctx, " \"CUDA Toolkit\" (10.1 or later)"); - event_log_warning (hashcat_ctx, NULL); - - return -1; - } - - /** - * Some permission pre-check, because AMDGPU-PRO Driver crashes if the user has no permission to do this - */ - - if (ocl_check_dri (hashcat_ctx) == -1) return -1; - /** * Backend device selection */ diff --git a/src/usage.c b/src/usage.c index e77ed9cc9..f82a0f22f 100644 --- a/src/usage.c +++ b/src/usage.c @@ -90,6 +90,8 @@ static const char *const USAGE_BIG_PRE_HASHMODES[] = " --cpu-affinity | Str | Locks to CPU devices, separated with commas | --cpu-affinity=1,2,3", " --hook-threads | Num | Sets number of threads for a hook (per compute unit) | --hook-threads=8", " --example-hashes | | Show an example hash for each hash-mode |", + " --backend-ignore-cuda | | Do not try to open CUDA interface on startup |", + " --backend-ignore-opencl | | Do not try to open OpenCL interface on startup |", " -I, --backend-info | | Show info about detected backend API devices | -I", " -d, --backend-devices | Str | Backend devices to use, separated with commas | -d 1", " -D, --opencl-device-types | Str | OpenCL device-types to use, separated with commas | -D 1", diff --git a/src/user_options.c b/src/user_options.c index 1f74cf1e9..cdc604bf9 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -29,6 +29,8 @@ static const struct option long_options[] = {"advice-disable", no_argument, NULL, IDX_ADVICE_DISABLE}, {"attack-mode", required_argument, NULL, IDX_ATTACK_MODE}, {"backend-devices", required_argument, NULL, IDX_BACKEND_DEVICES}, + {"backend-ignore-cuda", no_argument, NULL, IDX_BACKEND_IGNORE_CUDA}, + {"backend-ignore-opencl", no_argument, NULL, IDX_BACKEND_IGNORE_OPENCL}, {"backend-info", no_argument, NULL, IDX_BACKEND_INFO}, {"backend-vector-width", required_argument, NULL, IDX_BACKEND_VECTOR_WIDTH}, {"benchmark-all", no_argument, NULL, IDX_BENCHMARK_ALL}, @@ -153,6 +155,8 @@ int user_options_init (hashcat_ctx_t *hashcat_ctx) user_options->advice_disable = ADVICE_DISABLE; user_options->attack_mode = ATTACK_MODE; user_options->backend_devices = NULL; + user_options->backend_ignore_cuda = BACKEND_IGNORE_CUDA; + user_options->backend_ignore_opencl = BACKEND_IGNORE_OPENCL; user_options->backend_info = BACKEND_INFO; user_options->backend_vector_width = BACKEND_VECTOR_WIDTH; user_options->benchmark_all = BENCHMARK_ALL; @@ -426,6 +430,8 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_HEX_SALT: user_options->hex_salt = true; break; case IDX_HEX_WORDLIST: user_options->hex_wordlist = true; break; case IDX_CPU_AFFINITY: user_options->cpu_affinity = optarg; break; + case IDX_BACKEND_IGNORE_CUDA: user_options->backend_ignore_cuda = true; break; + case IDX_BACKEND_IGNORE_OPENCL: user_options->backend_ignore_opencl = true; break; case IDX_BACKEND_INFO: user_options->backend_info = true; break; case IDX_BACKEND_DEVICES: user_options->backend_devices = optarg; break; case IDX_BACKEND_VECTOR_WIDTH: user_options->backend_vector_width = hc_strtoul (optarg, NULL, 10); From df5e2361d32d14948d391b48515dc22f3d512a83 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 3 Jan 2020 12:27:27 +0100 Subject: [PATCH 127/300] Disable inline assembly instruction tests for CUDA and refer to documented requirements --- src/backend.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/backend.c b/src/backend.c index 530477b4c..49afe8680 100644 --- a/src/backend.c +++ b/src/backend.c @@ -280,6 +280,7 @@ static bool setup_opencl_device_types_filter (hashcat_ctx_t *hashcat_ctx, const return true; } +/* static bool cuda_test_instruction (hashcat_ctx_t *hashcat_ctx, const int sm_major, const int sm_minor, const char *kernel_buf) { nvrtcProgram program; @@ -356,6 +357,7 @@ static bool cuda_test_instruction (hashcat_ctx_t *hashcat_ctx, const int sm_majo return true; } +*/ static bool opencl_test_instruction (hashcat_ctx_t *hashcat_ctx, cl_context context, cl_device_id device, const char *kernel_buf) { @@ -5444,6 +5446,18 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) // //if (rc_cuCtxSetCacheConfig == -1) return -1; + const int sm = (device_param->sm_major * 10) + device_param->sm_minor; + + device_param->has_add = (sm >= 12) ? true : false; + device_param->has_addc = (sm >= 12) ? true : false; + device_param->has_sub = (sm >= 12) ? true : false; + device_param->has_subc = (sm >= 12) ? true : false; + device_param->has_bfe = (sm >= 20) ? true : false; + device_param->has_lop3 = (sm >= 50) ? true : false; + device_param->has_mov64 = (sm >= 10) ? true : false; + device_param->has_prmt = (sm >= 20) ? true : false; + + /* #define RUN_INSTRUCTION_CHECKS() \ device_param->has_add = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"add.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ device_param->has_addc = cuda_test_instruction (hashcat_ctx, sm_major, sm_minor, "__global__ void test () { unsigned int r; asm volatile (\"addc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ @@ -5480,6 +5494,7 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) } #undef RUN_INSTRUCTION_CHECKS + */ // device_available_mem @@ -6214,6 +6229,18 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) if ((device_param->opencl_device_type & CL_DEVICE_TYPE_GPU) && (device_param->opencl_platform_vendor_id == VENDOR_ID_NV)) { + const int sm = (device_param->sm_major * 10) + device_param->sm_minor; + + device_param->has_add = (sm >= 12) ? true : false; + device_param->has_addc = (sm >= 12) ? true : false; + device_param->has_sub = (sm >= 12) ? true : false; + device_param->has_subc = (sm >= 12) ? true : false; + device_param->has_bfe = (sm >= 20) ? true : false; + device_param->has_lop3 = (sm >= 50) ? true : false; + device_param->has_mov64 = (sm >= 10) ? true : false; + device_param->has_prmt = (sm >= 20) ? true : false; + + /* #define RUN_INSTRUCTION_CHECKS() \ device_param->has_add = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"add.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ device_param->has_addc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; asm volatile (\"addc.cc.u32 %0, 0, 0;\" : \"=r\"(r)); }"); \ @@ -6250,6 +6277,7 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) } #undef RUN_INSTRUCTION_CHECKS + */ } // device_available_mem From b2c28289c8ea5f3da3575bceb684b0f59f4f29d1 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Sat, 4 Jan 2020 14:08:30 +0100 Subject: [PATCH 128/300] PDF module: -m 10700 missing assignment of tmp_size --- src/modules/module_10700.c | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/src/modules/module_10700.c b/src/modules/module_10700.c index 3577e173e..97c4555a6 100644 --- a/src/modules/module_10700.c +++ b/src/modules/module_10700.c @@ -108,12 +108,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // OpenCL 1.2 pocl HSTR: pthread-x86_64-pc-linux-gnu-skylake: Segmentation fault - if (device_param->opencl_platform_vendor_id == VENDOR_ID_POCL) - { - return true; - } - // l_opencl_p_18.1.0.013: password not found if (device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) { @@ -123,15 +117,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE } } - // amdgpu-pro-18.50-708488-ubuntu-18.04: Segmentation fault - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 1) - { - return true; - } - } - // amdgpu-pro-18.50-708488-ubuntu-18.04: self-test failed. if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { @@ -141,12 +126,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE } } - // l_opencl_p_18.1.0.013.tgz: Segmentation fault - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) - { - return true; - } - return false; } @@ -402,7 +381,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_separator = MODULE_DEFAULT; module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; - module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_tmp_size = module_tmp_size; module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } From 2b9715944fb047097f21916499ec032f5dc6d13c Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Sun, 5 Jan 2020 16:12:20 +0100 Subject: [PATCH 129/300] fixes #2123: -m 10700 pure kernel false negative fixed --- OpenCL/m10700-pure.cl | 68 ++++++++++++++++++++++++++++++------------- 1 file changed, 48 insertions(+), 20 deletions(-) diff --git a/OpenCL/m10700-pure.cl b/OpenCL/m10700-pure.cl index f43c024cf..7351d5c7a 100644 --- a/OpenCL/m10700-pure.cl +++ b/OpenCL/m10700-pure.cl @@ -257,8 +257,10 @@ DECLSPEC void sha256_final_aes (sha256_ctx_t *ctx, const u32 *aes_ks, u32 *aes_i sha256_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h); } -DECLSPEC void sha384_update_aes_128 (sha384_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, u32 *w4, u32 *w5, u32 *w6, u32 *w7, const int len, const u32 *aes_ks, u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) +DECLSPEC u32 sha384_update_aes_128 (sha384_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, u32 *w4, u32 *w5, u32 *w6, u32 *w7, const int len, const u32 *aes_ks, u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) { + u32 ex = 0; + MAYBE_VOLATILE const int pos = ctx->len & 127; ctx->len += len; @@ -355,6 +357,8 @@ DECLSPEC void sha384_update_aes_128 (sha384_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w6, ctx->w6, s_te0, s_te1, s_te2, s_te3, s_te4); aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w7, ctx->w7, s_te0, s_te1, s_te2, s_te3, s_te4); + ex = ctx->w7[3] & 0xff; + sha384_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->w4, ctx->w5, ctx->w6, ctx->w7, ctx->h); ctx->w0[0] = c0[0]; @@ -390,6 +394,8 @@ DECLSPEC void sha384_update_aes_128 (sha384_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w ctx->w7[2] = c7[2]; ctx->w7[3] = c7[3]; } + + return ex; } DECLSPEC void sha384_update_aes (sha384_ctx_t *ctx, const u32 *w, const int len, const u32 *aes_ks, u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) @@ -480,14 +486,21 @@ DECLSPEC void sha384_update_aes (sha384_ctx_t *ctx, const u32 *w, const int len, sha384_update_aes_128 (ctx, w0, w1, w2, w3, w4, w5, w6, w7, len - pos1, aes_ks, aes_iv, s_te0, s_te1, s_te2, s_te3, s_te4); } -DECLSPEC void sha384_final_aes (sha384_ctx_t *ctx, const u32 *aes_ks, u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) +DECLSPEC u32 sha384_final_aes (sha384_ctx_t *ctx, const u32 ex, const u32 *aes_ks, u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) { + u32 ret = ex; + int pos = ctx->len & 127; - aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w0, ctx->w0, s_te0, s_te1, s_te2, s_te3, s_te4); - aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w1, ctx->w1, s_te0, s_te1, s_te2, s_te3, s_te4); - aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w2, ctx->w2, s_te0, s_te1, s_te2, s_te3, s_te4); - aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w3, ctx->w3, s_te0, s_te1, s_te2, s_te3, s_te4); + if (pos) + { + aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w0, ctx->w0, s_te0, s_te1, s_te2, s_te3, s_te4); + aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w1, ctx->w1, s_te0, s_te1, s_te2, s_te3, s_te4); + aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w2, ctx->w2, s_te0, s_te1, s_te2, s_te3, s_te4); + aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w3, ctx->w3, s_te0, s_te1, s_te2, s_te3, s_te4); + + ret = ctx->w3[3] & 0xff; + } append_0x80_8x4_S (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->w4, ctx->w5, ctx->w6, ctx->w7, pos ^ 3); @@ -533,10 +546,14 @@ DECLSPEC void sha384_final_aes (sha384_ctx_t *ctx, const u32 *aes_ks, u32 *aes_i ctx->w7[3] = ctx->len * 8; sha384_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->w4, ctx->w5, ctx->w6, ctx->w7, ctx->h); + + return ret; } -DECLSPEC void sha512_update_aes_128 (sha512_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, u32 *w4, u32 *w5, u32 *w6, u32 *w7, const int len, const u32 *aes_ks, u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) +DECLSPEC u32 sha512_update_aes_128 (sha512_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, u32 *w4, u32 *w5, u32 *w6, u32 *w7, const int len, const u32 *aes_ks, u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) { + u32 ex = 0; + MAYBE_VOLATILE const int pos = ctx->len & 127; ctx->len += len; @@ -633,6 +650,8 @@ DECLSPEC void sha512_update_aes_128 (sha512_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w6, ctx->w6, s_te0, s_te1, s_te2, s_te3, s_te4); aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w7, ctx->w7, s_te0, s_te1, s_te2, s_te3, s_te4); + ex = ctx->w7[3] & 0xff; + sha512_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->w4, ctx->w5, ctx->w6, ctx->w7, ctx->h); ctx->w0[0] = c0[0]; @@ -668,6 +687,8 @@ DECLSPEC void sha512_update_aes_128 (sha512_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w ctx->w7[2] = c7[2]; ctx->w7[3] = c7[3]; } + + return ex; } DECLSPEC void sha512_update_aes (sha512_ctx_t *ctx, const u32 *w, const int len, const u32 *aes_ks, u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) @@ -758,14 +779,21 @@ DECLSPEC void sha512_update_aes (sha512_ctx_t *ctx, const u32 *w, const int len, sha512_update_aes_128 (ctx, w0, w1, w2, w3, w4, w5, w6, w7, len - pos1, aes_ks, aes_iv, s_te0, s_te1, s_te2, s_te3, s_te4); } -DECLSPEC void sha512_final_aes (sha512_ctx_t *ctx, const u32 *aes_ks, u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) +DECLSPEC u32 sha512_final_aes (sha512_ctx_t *ctx, const u32 ex, const u32 *aes_ks, u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) { + u32 ret = ex; + int pos = ctx->len & 127; - aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w0, ctx->w0, s_te0, s_te1, s_te2, s_te3, s_te4); - aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w1, ctx->w1, s_te0, s_te1, s_te2, s_te3, s_te4); - aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w2, ctx->w2, s_te0, s_te1, s_te2, s_te3, s_te4); - aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w3, ctx->w3, s_te0, s_te1, s_te2, s_te3, s_te4); + if (pos) + { + aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w0, ctx->w0, s_te0, s_te1, s_te2, s_te3, s_te4); + aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w1, ctx->w1, s_te0, s_te1, s_te2, s_te3, s_te4); + aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w2, ctx->w2, s_te0, s_te1, s_te2, s_te3, s_te4); + aes128_encrypt_cbc (aes_ks, aes_iv, ctx->w3, ctx->w3, s_te0, s_te1, s_te2, s_te3, s_te4); + + ret = ctx->w3[3] & 0xff; + } append_0x80_8x4_S (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->w4, ctx->w5, ctx->w6, ctx->w7, pos ^ 3); @@ -811,6 +839,8 @@ DECLSPEC void sha512_final_aes (sha512_ctx_t *ctx, const u32 *aes_ks, u32 *aes_i ctx->w7[3] = ctx->len * 8; sha512_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->w4, ctx->w5, ctx->w6, ctx->w7, ctx->h); + + return ret; } DECLSPEC int find_sum (const u32 *w, const u32 pw_len, u32 *bb, const u32 *aes_ks, const u32 *aes_iv, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) @@ -1040,12 +1070,10 @@ DECLSPEC u32 do_round (const u32 *w, const u32 pw_len, pdf17l8_tmp_t *tmp, SHM_T w7[2] = 0; w7[3] = 0; - sha384_update_aes_128 (&ctx384, w0, w1, w2, w3, w4, w5, w6, w7, tmp->dgst_len, aes_ks, aes_iv, s_te0, s_te1, s_te2, s_te3, s_te4); + ex = sha384_update_aes_128 (&ctx384, w0, w1, w2, w3, w4, w5, w6, w7, tmp->dgst_len, aes_ks, aes_iv, s_te0, s_te1, s_te2, s_te3, s_te4); } - sha384_final_aes (&ctx384, aes_ks, aes_iv, s_te0, s_te1, s_te2, s_te3, s_te4); - - ex = ctx384.w3[3] & 0xff; + ex = sha384_final_aes (&ctx384, ex, aes_ks, aes_iv, s_te0, s_te1, s_te2, s_te3, s_te4); tmp->dgst32[ 0] = h32_from_64_S (ctx384.h[0]); tmp->dgst32[ 1] = l32_from_64_S (ctx384.h[0]); @@ -1109,12 +1137,10 @@ DECLSPEC u32 do_round (const u32 *w, const u32 pw_len, pdf17l8_tmp_t *tmp, SHM_T w7[2] = 0; w7[3] = 0; - sha512_update_aes_128 (&ctx512, w0, w1, w2, w3, w4, w5, w6, w7, tmp->dgst_len, aes_ks, aes_iv, s_te0, s_te1, s_te2, s_te3, s_te4); + ex = sha512_update_aes_128 (&ctx512, w0, w1, w2, w3, w4, w5, w6, w7, tmp->dgst_len, aes_ks, aes_iv, s_te0, s_te1, s_te2, s_te3, s_te4); } - sha512_final_aes (&ctx512, aes_ks, aes_iv, s_te0, s_te1, s_te2, s_te3, s_te4); - - ex = ctx512.w3[3] & 0xff; + ex = sha512_final_aes (&ctx512, ex, aes_ks, aes_iv, s_te0, s_te1, s_te2, s_te3, s_te4); tmp->dgst32[ 0] = h32_from_64_S (ctx512.h[0]); tmp->dgst32[ 1] = l32_from_64_S (ctx512.h[0]); @@ -1230,6 +1256,8 @@ KERNEL_FQ void m10700_loop (KERN_ATTR_TMPS_ESALT (pdf17l8_tmp_t, pdf_t)) const u32 pw_len = pws[gid].pw_len; + if (pw_len == 0) return; + u32 w[64] = { 0 }; for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) From fe372dffb7ae6bc9ca90817cab55f3e34269cb26 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 6 Jan 2020 12:49:57 +0100 Subject: [PATCH 130/300] Add RDNA ISA instructions test for ADD/ADDC/SUB/SUBB --- include/types.h | 4 ++++ src/backend.c | 42 +++++++++++++++++++++++++----------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/include/types.h b/include/types.h index 3f0d2e12e..a7dbd34c5 100644 --- a/include/types.h +++ b/include/types.h @@ -1244,8 +1244,12 @@ typedef struct hc_device_param // AMD bool has_vadd; bool has_vaddc; + bool has_vadd_co; + bool has_vaddc_co; bool has_vsub; bool has_vsubb; + bool has_vsub_co; + bool has_vsubb_co; bool has_vadd3; bool has_vbfe; bool has_vperm; diff --git a/src/backend.c b/src/backend.c index 49afe8680..3204e7968 100644 --- a/src/backend.c +++ b/src/backend.c @@ -6191,14 +6191,18 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) if ((device_param->opencl_device_type & CL_DEVICE_TYPE_GPU) && (device_param->opencl_platform_vendor_id == VENDOR_ID_AMD)) { - #define RUN_INSTRUCTION_CHECKS() \ - device_param->has_vadd = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADD_U32 %0, 0, 0;\" : \"=v\"(r)); }"); \ - device_param->has_vaddc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADDC_U32 %0, 0, 0;\" : \"=v\"(r)); }"); \ - device_param->has_vsub = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_SUB_U32 %0, 0, 0;\" : \"=v\"(r)); }"); \ - device_param->has_vsubb = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_SUBB_U32 %0, 0, 0;\" : \"=v\"(r)); }"); \ - device_param->has_vadd3 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_ADD3_U32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); \ - device_param->has_vbfe = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_BFE_U32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); \ - device_param->has_vperm = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r; __asm__ __volatile__ (\"V_PERM_B32 %0, 0, 0, 0;\" : \"=v\"(r)); }"); \ + #define RUN_INSTRUCTION_CHECKS() + device_param->has_vadd = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_ADD_U32 %0, vcc, 0, 0;\" : \"=v\"(r1)); }"); \ + device_param->has_vaddc = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_ADDC_U32 %0, vcc, 0, 0, vcc;\" : \"=v\"(r1)); }"); \ + device_param->has_vadd_co = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_ADD_CO_U32 %0, vcc, 0, 0;\" : \"=v\"(r1)); }"); \ + device_param->has_vaddc_co = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_ADDC_CO_U32 %0, vcc, 0, 0, vcc;\" : \"=v\"(r1)); }"); \ + device_param->has_vsub = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_SUB_U32 %0, vcc, 0, 0;\" : \"=v\"(r1)); }"); \ + device_param->has_vsubb = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_SUBB_U32 %0, vcc, 0, 0, vcc;\" : \"=v\"(r1)); }"); \ + device_param->has_vsub_co = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_SUB_CO_U32 %0, vcc, 0, 0;\" : \"=v\"(r1)); }"); \ + device_param->has_vsubb_co = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_SUBB_CO_U32 %0, vcc, 0, 0, vcc;\" : \"=v\"(r1)); }"); \ + device_param->has_vadd3 = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_ADD3_U32 %0, 0, 0, 0;\" : \"=v\"(r1)); }"); \ + device_param->has_vbfe = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_BFE_U32 %0, 0, 0, 0;\" : \"=v\"(r1)); }"); \ + device_param->has_vperm = opencl_test_instruction (hashcat_ctx, context, device_param->opencl_device, "__kernel void test () { uint r1; __asm__ __volatile__ (\"V_PERM_B32 %0, 0, 0, 0;\" : \"=v\"(r1)); }"); \ if (backend_devices_idx > 0) { @@ -6206,13 +6210,17 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) if (is_same_device_type (device_param, device_param_prev) == true) { - device_param->has_vadd = device_param_prev->has_vadd; - device_param->has_vaddc = device_param_prev->has_vaddc; - device_param->has_vsub = device_param_prev->has_vsub; - device_param->has_vsubb = device_param_prev->has_vsubb; - device_param->has_vadd3 = device_param_prev->has_vadd3; - device_param->has_vbfe = device_param_prev->has_vbfe; - device_param->has_vperm = device_param_prev->has_vperm; + device_param->has_vadd = device_param_prev->has_vadd; + device_param->has_vaddc = device_param_prev->has_vaddc; + device_param->has_vadd_co = device_param_prev->has_vadd_co; + device_param->has_vaddc_co = device_param_prev->has_vaddc_co; + device_param->has_vsub = device_param_prev->has_vsub; + device_param->has_vsubb = device_param_prev->has_vsubb; + device_param->has_vsub_co = device_param_prev->has_vsub_co; + device_param->has_vsubb_co = device_param_prev->has_vsubb_co; + device_param->has_vadd3 = device_param_prev->has_vadd3; + device_param->has_vbfe = device_param_prev->has_vbfe; + device_param->has_vperm = device_param_prev->has_vperm; } else { @@ -7142,9 +7150,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) // we don't have sm_* on vendors not NV but it doesn't matter #if defined (DEBUG) - build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_ADD=%u -D HAS_ADDC=%u -D HAS_SUB=%u -D HAS_SUBC=%u -D HAS_VADD=%u -D HAS_VADDC=%u -D HAS_VSUB=%u -D HAS_VSUBB=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -D _unroll ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_add, device_param->has_addc, device_param->has_sub, device_param->has_subc, device_param->has_vadd, device_param->has_vaddc, device_param->has_vsub, device_param->has_vsubb, device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); + build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_ADD=%u -D HAS_ADDC=%u -D HAS_SUB=%u -D HAS_SUBC=%u -D HAS_VADD=%u -D HAS_VADDC=%u -D HAS_VADD_CO=%u -D HAS_VADDC_CO=%u -D HAS_VSUB=%u -D HAS_VSUBB=%u -D HAS_VSUB_CO=%u -D HAS_VSUBB_CO=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -D _unroll ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_add, device_param->has_addc, device_param->has_sub, device_param->has_subc, device_param->has_vadd, device_param->has_vaddc, device_param->has_vadd_co, device_param->has_vaddc_co, device_param->has_vsub, device_param->has_vsubb, device_param->has_vsub_co, device_param->has_vsubb_co, device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); #else - build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_ADD=%u -D HAS_ADDC=%u -D HAS_SUB=%u -D HAS_SUBC=%u -D HAS_VADD=%u -D HAS_VADDC=%u -D HAS_VSUB=%u -D HAS_VSUBB=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -D _unroll -w ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_add, device_param->has_addc, device_param->has_sub, device_param->has_subc, device_param->has_vadd, device_param->has_vaddc, device_param->has_vsub, device_param->has_vsubb, device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); + build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_ADD=%u -D HAS_ADDC=%u -D HAS_SUB=%u -D HAS_SUBC=%u -D HAS_VADD=%u -D HAS_VADDC=%u -D HAS_VADD_CO=%u -D HAS_VADDC_CO=%u -D HAS_VSUB=%u -D HAS_VSUBB=%u -D HAS_VSUB_CO=%u -D HAS_VSUBB_CO=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -D _unroll -w ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_add, device_param->has_addc, device_param->has_sub, device_param->has_subc, device_param->has_vadd, device_param->has_vaddc, device_param->has_vadd_co, device_param->has_vaddc_co, device_param->has_vsub, device_param->has_vsubb, device_param->has_vsub_co, device_param->has_vsubb_co, device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); #endif build_options_buf[build_options_len] = 0; From 4bef41ed1bae9fb77aab7fa2c7267cca4cac928b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 6 Jan 2020 13:24:47 +0100 Subject: [PATCH 131/300] Update -m 10700 unstable warning and disable JiT compiler optimization in pure kernel mode --- src/Makefile | 2 +- src/modules/module_10700.c | 24 ++++++++++-------------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/src/Makefile b/src/Makefile index a922a2362..f61c6e641 100644 --- a/src/Makefile +++ b/src/Makefile @@ -4,7 +4,7 @@ ## SHARED := 0 -DEBUG := 0 +DEBUG := 1 PRODUCTION := 0 PRODUCTION_VERSION := v5.1.0 ENABLE_BRAIN := 1 diff --git a/src/modules/module_10700.c b/src/modules/module_10700.c index 97c4555a6..c885098b6 100644 --- a/src/modules/module_10700.c +++ b/src/modules/module_10700.c @@ -108,22 +108,10 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // l_opencl_p_18.1.0.013: password not found - if (device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) - { - if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 0) - { - return true; - } - } - // amdgpu-pro-18.50-708488-ubuntu-18.04: self-test failed. if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { - if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 0) - { - return true; - } + return true; } return false; @@ -133,7 +121,15 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY { char *jit_build_options = NULL; - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 0) + { + // this is a workaround to avoid a compile time of over an hour (and then to not work) on ROCM in pure kernel mode + + hc_asprintf (&jit_build_options, "-cl-opt-disable"); + } + } return jit_build_options; } From a86235a68c775d0f43a67bdfceb511ecaaf92721 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Mon, 6 Jan 2020 13:25:58 +0100 Subject: [PATCH 132/300] fixes #2009: padding problem in -m 13400 tests --- tools/test_modules/m13400.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/test_modules/m13400.pm b/tools/test_modules/m13400.pm index 51dd1c326..f4a641df5 100644 --- a/tools/test_modules/m13400.pm +++ b/tools/test_modules/m13400.pm @@ -299,6 +299,8 @@ sub module_generate_hash $expected_bytes = $cipher->decrypt ($contents_hash); + $expected_bytes = substr ($expected_bytes . "\x00" x 32, 0, 32); # padding + $hash = sprintf ('$keepass$*%d*%d*%d*%s*%s*%s*%s*%s%s', $version, $iteration, From 8039290cd0d2a0b06240038548b413df037df4a4 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 6 Jan 2020 13:36:17 +0100 Subject: [PATCH 133/300] Update -m 10700 unstable warning and disable JiT compiler optimization for AMD GPU PRO, too --- src/Makefile | 2 +- src/modules/module_10700.c | 20 ++++++++------------ 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/src/Makefile b/src/Makefile index f61c6e641..a922a2362 100644 --- a/src/Makefile +++ b/src/Makefile @@ -4,7 +4,7 @@ ## SHARED := 0 -DEBUG := 1 +DEBUG := 0 PRODUCTION := 0 PRODUCTION_VERSION := v5.1.0 ENABLE_BRAIN := 1 diff --git a/src/modules/module_10700.c b/src/modules/module_10700.c index c885098b6..5dfa6f6a5 100644 --- a/src/modules/module_10700.c +++ b/src/modules/module_10700.c @@ -106,21 +106,17 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-18.50-708488-ubuntu-18.04: self-test failed. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - return false; -} - char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + // this is a workaround to avoid a Segmentation fault and self-test fails on AMD GPU PRO + + hc_asprintf (&jit_build_options, "-cl-opt-disable"); + } + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) { if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 0) @@ -378,6 +374,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } From 74c1bf81950f989501a01c9f08da137db513f593 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 6 Jan 2020 23:08:59 +0100 Subject: [PATCH 134/300] Decrypt another 16 byte in -m 12700 and -m 15200 to reduce false positives --- OpenCL/m12700-pure.cl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenCL/m12700-pure.cl b/OpenCL/m12700-pure.cl index 5fac76466..8a4cd983a 100644 --- a/OpenCL/m12700-pure.cl +++ b/OpenCL/m12700-pure.cl @@ -341,7 +341,7 @@ KERNEL_FQ void m12700_comp (KERN_ATTR_TMPS (mywallet_tmp_t)) // decrypted data should be a JSON string consisting only of ASCII chars (0x09-0x7e) - for (u32 i = 4; i < 12; i += 4) + for (u32 i = 4; i < 16; i += 4) { u32 data[4]; From c826558b495aa2c4a8f0f2c657154a7946ae7989 Mon Sep 17 00:00:00 2001 From: philsmd Date: Sat, 11 Jan 2020 10:46:11 +0100 Subject: [PATCH 135/300] fixes #2271: added --brain-server-timer for scheduled backup time --- docs/changes.txt | 3 +- include/brain.h | 4 +- include/types.h | 131 +++++++++++++++++++++++---------------------- src/brain.c | 13 +++-- src/main.c | 2 +- src/usage.c | 1 + src/user_options.c | 25 +++++++++ 7 files changed, 108 insertions(+), 71 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 8124c71da..0b6c9ace9 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -7,7 +7,8 @@ - Fully modularized hash-mode integration via plugin interface and conversion of all existing hash-modes - Refactor hashcat backend interface to allow adding compute API other than OpenCL - Added CUDA as a new compute API to hashcat backend (enables hashcat to run on NVIDIA Jetson, IBM POWER9 w/ Nvidia V100, etc.) -- Added new options --backend-ignore-cuda and --backend-ingore-opencl, to ignore CUDA and/or OpenCL interface from being load on startup +- Added new options --backend-ignore-cuda and --backend-ingore-opencl to ignore CUDA and/or OpenCL interface from being load on startup +- Added new parameter --brain-server-timer to specify the seconds for the next scheduled backup - Support use of all available GPU memory using CUDA backend - Support use of all available CPU cores for hash-mode specific hooks - Support on-the-fly loading of compressed wordlists in zip and gzip format diff --git a/include/brain.h b/include/brain.h index cad19cd45..e119a8f03 100644 --- a/include/brain.h +++ b/include/brain.h @@ -173,6 +173,8 @@ typedef struct brain_server_dumper_options { brain_server_dbs_t *brain_server_dbs; + u32 brain_server_timer; + } brain_server_dumper_options_t; typedef struct brain_server_client_options @@ -211,7 +213,7 @@ bool brain_client_connect (hc_device_param_t *device_param, const void brain_client_disconnect (hc_device_param_t *device_param); void brain_client_generate_hash (u64 *hash, const char *line_buf, const size_t line_len); -int brain_server (const char *listen_host, const int listen_port, const char *brain_password, const char *brain_session_whitelist); +int brain_server (const char *listen_host, const int listen_port, const char *brain_password, const char *brain_session_whitelist, const u32 brain_server_timer); bool brain_server_read_hash_dumps (brain_server_dbs_t *brain_server_dbs, const char *path); bool brain_server_write_hash_dumps (brain_server_dbs_t *brain_server_dbs, const char *path); bool brain_server_read_hash_dump (brain_server_db_hash_t *brain_server_db_hash, const char *file); diff --git a/include/types.h b/include/types.h index a7dbd34c5..099cdb19c 100644 --- a/include/types.h +++ b/include/types.h @@ -667,96 +667,97 @@ typedef enum user_options_map IDX_BRAIN_PASSWORD = 0xff09, IDX_BRAIN_PORT = 0xff0a, IDX_BRAIN_SERVER = 0xff0b, - IDX_BRAIN_SESSION = 0xff0c, - IDX_BRAIN_SESSION_WHITELIST = 0xff0d, + IDX_BRAIN_SERVER_TIMER = 0xff0c, + IDX_BRAIN_SESSION = 0xff0d, + IDX_BRAIN_SESSION_WHITELIST = 0xff0e, #endif - IDX_CPU_AFFINITY = 0xff0e, + IDX_CPU_AFFINITY = 0xff0f, IDX_CUSTOM_CHARSET_1 = '1', IDX_CUSTOM_CHARSET_2 = '2', IDX_CUSTOM_CHARSET_3 = '3', IDX_CUSTOM_CHARSET_4 = '4', - IDX_DEBUG_FILE = 0xff0f, - IDX_DEBUG_MODE = 0xff10, - IDX_ENCODING_FROM = 0xff11, - IDX_ENCODING_TO = 0xff12, - IDX_EXAMPLE_HASHES = 0xff13, - IDX_FORCE = 0xff14, - IDX_HWMON_DISABLE = 0xff15, - IDX_HWMON_TEMP_ABORT = 0xff16, + IDX_DEBUG_FILE = 0xff10, + IDX_DEBUG_MODE = 0xff11, + IDX_ENCODING_FROM = 0xff12, + IDX_ENCODING_TO = 0xff13, + IDX_EXAMPLE_HASHES = 0xff14, + IDX_FORCE = 0xff15, + IDX_HWMON_DISABLE = 0xff16, + IDX_HWMON_TEMP_ABORT = 0xff17, IDX_HASH_MODE = 'm', - IDX_HCCAPX_MESSAGE_PAIR = 0xff17, + IDX_HCCAPX_MESSAGE_PAIR = 0xff18, IDX_HELP = 'h', - IDX_HEX_CHARSET = 0xff18, - IDX_HEX_SALT = 0xff19, - IDX_HEX_WORDLIST = 0xff1a, - IDX_HOOK_THREADS = 0xff1b, + IDX_HEX_CHARSET = 0xff19, + IDX_HEX_SALT = 0xff1a, + IDX_HEX_WORDLIST = 0xff1b, + IDX_HOOK_THREADS = 0xff1c, IDX_INCREMENT = 'i', - IDX_INCREMENT_MAX = 0xff1c, - IDX_INCREMENT_MIN = 0xff1d, - IDX_INDUCTION_DIR = 0xff1e, - IDX_KEEP_GUESSING = 0xff1f, + IDX_INCREMENT_MAX = 0xff1d, + IDX_INCREMENT_MIN = 0xff1e, + IDX_INDUCTION_DIR = 0xff1f, + IDX_KEEP_GUESSING = 0xff20, IDX_KERNEL_ACCEL = 'n', IDX_KERNEL_LOOPS = 'u', IDX_KERNEL_THREADS = 'T', - IDX_KEYBOARD_LAYOUT_MAPPING = 0xff20, - IDX_KEYSPACE = 0xff21, - IDX_LEFT = 0xff22, + IDX_KEYBOARD_LAYOUT_MAPPING = 0xff21, + IDX_KEYSPACE = 0xff22, + IDX_LEFT = 0xff23, IDX_LIMIT = 'l', - IDX_LOGFILE_DISABLE = 0xff23, - IDX_LOOPBACK = 0xff24, - IDX_MACHINE_READABLE = 0xff25, - IDX_MARKOV_CLASSIC = 0xff26, - IDX_MARKOV_DISABLE = 0xff27, - IDX_MARKOV_HCSTAT2 = 0xff28, + IDX_LOGFILE_DISABLE = 0xff24, + IDX_LOOPBACK = 0xff25, + IDX_MACHINE_READABLE = 0xff26, + IDX_MARKOV_CLASSIC = 0xff27, + IDX_MARKOV_DISABLE = 0xff28, + IDX_MARKOV_HCSTAT2 = 0xff29, IDX_MARKOV_THRESHOLD = 't', - IDX_NONCE_ERROR_CORRECTIONS = 0xff29, + IDX_NONCE_ERROR_CORRECTIONS = 0xff2a, IDX_OPENCL_DEVICE_TYPES = 'D', IDX_OPTIMIZED_KERNEL_ENABLE = 'O', - IDX_OUTFILE_AUTOHEX_DISABLE = 0xff2a, - IDX_OUTFILE_CHECK_DIR = 0xff2b, - IDX_OUTFILE_CHECK_TIMER = 0xff2c, - IDX_OUTFILE_FORMAT = 0xff2d, + IDX_OUTFILE_AUTOHEX_DISABLE = 0xff2b, + IDX_OUTFILE_CHECK_DIR = 0xff2c, + IDX_OUTFILE_CHECK_TIMER = 0xff2d, + IDX_OUTFILE_FORMAT = 0xff2e, IDX_OUTFILE = 'o', - IDX_POTFILE_DISABLE = 0xff2e, - IDX_POTFILE_PATH = 0xff2f, - IDX_PROGRESS_ONLY = 0xff30, - IDX_QUIET = 0xff31, - IDX_REMOVE = 0xff32, - IDX_REMOVE_TIMER = 0xff33, - IDX_RESTORE = 0xff34, - IDX_RESTORE_DISABLE = 0xff35, - IDX_RESTORE_FILE_PATH = 0xff36, + IDX_POTFILE_DISABLE = 0xff2f, + IDX_POTFILE_PATH = 0xff30, + IDX_PROGRESS_ONLY = 0xff31, + IDX_QUIET = 0xff32, + IDX_REMOVE = 0xff33, + IDX_REMOVE_TIMER = 0xff34, + IDX_RESTORE = 0xff35, + IDX_RESTORE_DISABLE = 0xff36, + IDX_RESTORE_FILE_PATH = 0xff37, IDX_RP_FILE = 'r', - IDX_RP_GEN_FUNC_MAX = 0xff37, - IDX_RP_GEN_FUNC_MIN = 0xff38, + IDX_RP_GEN_FUNC_MAX = 0xff38, + IDX_RP_GEN_FUNC_MIN = 0xff39, IDX_RP_GEN = 'g', - IDX_RP_GEN_SEED = 0xff39, + IDX_RP_GEN_SEED = 0xff3a, IDX_RULE_BUF_L = 'j', IDX_RULE_BUF_R = 'k', - IDX_RUNTIME = 0xff3a, - IDX_SCRYPT_TMTO = 0xff3b, + IDX_RUNTIME = 0xff3b, + IDX_SCRYPT_TMTO = 0xff3c, IDX_SEGMENT_SIZE = 'c', - IDX_SELF_TEST_DISABLE = 0xff3c, + IDX_SELF_TEST_DISABLE = 0xff3d, IDX_SEPARATOR = 'p', - IDX_SESSION = 0xff3d, - IDX_SHOW = 0xff3e, + IDX_SESSION = 0xff3e, + IDX_SHOW = 0xff3f, IDX_SKIP = 's', IDX_SLOW_CANDIDATES = 'S', - IDX_SPEED_ONLY = 0xff3f, - IDX_SPIN_DAMP = 0xff40, - IDX_STATUS = 0xff41, - IDX_STATUS_JSON = 0xff42, - IDX_STATUS_TIMER = 0xff43, - IDX_STDOUT_FLAG = 0xff44, - IDX_STDIN_TIMEOUT_ABORT = 0xff45, - IDX_TRUECRYPT_KEYFILES = 0xff46, - IDX_USERNAME = 0xff47, - IDX_VERACRYPT_KEYFILES = 0xff48, - IDX_VERACRYPT_PIM_START = 0xff49, - IDX_VERACRYPT_PIM_STOP = 0xff4a, + IDX_SPEED_ONLY = 0xff40, + IDX_SPIN_DAMP = 0xff41, + IDX_STATUS = 0xff42, + IDX_STATUS_JSON = 0xff43, + IDX_STATUS_TIMER = 0xff44, + IDX_STDOUT_FLAG = 0xff45, + IDX_STDIN_TIMEOUT_ABORT = 0xff46, + IDX_TRUECRYPT_KEYFILES = 0xff47, + IDX_USERNAME = 0xff48, + IDX_VERACRYPT_KEYFILES = 0xff49, + IDX_VERACRYPT_PIM_START = 0xff4a, + IDX_VERACRYPT_PIM_STOP = 0xff4b, IDX_VERSION_LOWER = 'v', IDX_VERSION = 'V', - IDX_WORDLIST_AUTOHEX_DISABLE = 0xff4b, + IDX_WORDLIST_AUTOHEX_DISABLE = 0xff4c, IDX_WORKLOAD_PROFILE = 'w', } user_options_map_t; @@ -1841,6 +1842,7 @@ typedef struct user_options bool brain_host_chgd; bool brain_port_chgd; bool brain_password_chgd; + bool brain_server_timer_chgd; #endif bool hash_mode_chgd; bool hccapx_message_pair_chgd; @@ -1939,6 +1941,7 @@ typedef struct user_options u32 bitmap_max; u32 bitmap_min; #ifdef WITH_BRAIN + u32 brain_server_timer; u32 brain_client_features; u32 brain_port; u32 brain_session; diff --git a/src/brain.c b/src/brain.c index 3685d5111..e91347c8b 100644 --- a/src/brain.c +++ b/src/brain.c @@ -1950,11 +1950,15 @@ void *brain_server_handle_dumps (void *p) brain_server_dbs_t *brain_server_dbs = brain_server_dumper_options->brain_server_dbs; - int i = 0; + u32 brain_server_timer = brain_server_dumper_options->brain_server_timer; + + if (brain_server_timer == 0) return NULL; + + u32 i = 0; while (keep_running == true) { - if (i == BRAIN_SERVER_DUMP_EVERY) + if (i == brain_server_timer) { brain_server_write_hash_dumps (brain_server_dbs, "."); brain_server_write_attack_dumps (brain_server_dbs, "."); @@ -2923,7 +2927,7 @@ void *brain_server_handle_client (void *p) return NULL; } -int brain_server (const char *listen_host, const int listen_port, const char *brain_password, const char *brain_session_whitelist) +int brain_server (const char *listen_host, const int listen_port, const char *brain_password, const char *brain_session_whitelist, const u32 brain_server_timer) { #if defined (_WIN) WSADATA wsaData; @@ -3193,7 +3197,8 @@ int brain_server (const char *listen_host, const int listen_port, const char *br brain_server_dumper_options_t brain_server_dumper_options; - brain_server_dumper_options.brain_server_dbs = brain_server_dbs; + brain_server_dumper_options.brain_server_dbs = brain_server_dbs; + brain_server_dumper_options.brain_server_timer = brain_server_timer; hc_thread_t dump_thr; diff --git a/src/main.c b/src/main.c index 8a17a4e1e..d235db109 100644 --- a/src/main.c +++ b/src/main.c @@ -1125,7 +1125,7 @@ int main (int argc, char **argv) #ifdef WITH_BRAIN if (user_options->brain_server == true) { - const int rc = brain_server (user_options->brain_host, user_options->brain_port, user_options->brain_password, user_options->brain_session_whitelist); + const int rc = brain_server (user_options->brain_host, user_options->brain_port, user_options->brain_password, user_options->brain_session_whitelist, user_options->brain_server_timer); hcfree (hashcat_ctx); diff --git a/src/usage.c b/src/usage.c index f82a0f22f..c7af49a18 100644 --- a/src/usage.c +++ b/src/usage.c @@ -125,6 +125,7 @@ static const char *const USAGE_BIG_PRE_HASHMODES[] = " -S, --slow-candidates | | Enable slower (but advanced) candidate generators |", #ifdef WITH_BRAIN " --brain-server | | Enable brain server |", + " --brain-server-timer | Num | Update the brain server dump each X seconds (min:60) | --brain-server-timer=300", " -z, --brain-client | | Enable brain client, activates -S |", " --brain-client-features | Num | Define brain client features, see below | --brain-client-features=3", " --brain-host | Str | Brain server host (IP or domain) | --brain-host=127.0.0.1", diff --git a/src/user_options.c b/src/user_options.c index cdc604bf9..a470a9b24 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -129,6 +129,7 @@ static const struct option long_options[] = {"brain-client", no_argument, NULL, IDX_BRAIN_CLIENT}, {"brain-client-features", required_argument, NULL, IDX_BRAIN_CLIENT_FEATURES}, {"brain-server", no_argument, NULL, IDX_BRAIN_SERVER}, + {"brain-server-timer", required_argument, NULL, IDX_BRAIN_SERVER_TIMER}, {"brain-host", required_argument, NULL, IDX_BRAIN_HOST}, {"brain-port", required_argument, NULL, IDX_BRAIN_PORT}, {"brain-password", required_argument, NULL, IDX_BRAIN_PASSWORD}, @@ -169,6 +170,7 @@ int user_options_init (hashcat_ctx_t *hashcat_ctx) user_options->brain_host = NULL; user_options->brain_port = BRAIN_PORT; user_options->brain_server = BRAIN_SERVER; + user_options->brain_server_timer = BRAIN_SERVER_DUMP_EVERY; user_options->brain_session = BRAIN_SESSION; user_options->brain_session_whitelist = NULL; #endif @@ -481,6 +483,8 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_BRAIN_CLIENT: user_options->brain_client = true; break; case IDX_BRAIN_CLIENT_FEATURES: user_options->brain_client_features = hc_strtoul (optarg, NULL, 10); break; case IDX_BRAIN_SERVER: user_options->brain_server = true; break; + case IDX_BRAIN_SERVER_TIMER: user_options->brain_server_timer = hc_strtoul (optarg, NULL, 10); + user_options->brain_server_timer_chgd = true; break; case IDX_BRAIN_PASSWORD: user_options->brain_password = optarg; user_options->brain_password_chgd = true; break; case IDX_BRAIN_HOST: user_options->brain_host = optarg; @@ -540,6 +544,26 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) return -1; } + + if (user_options->brain_server_timer_chgd) + { + if (user_options->brain_server == false) + { + event_log_error (hashcat_ctx, "The --brain-server-timer flag requires --brain-server."); + + return -1; + } + + if (user_options->brain_server_timer != 0) // special case (no intermediate dumps) + { + if (user_options->brain_server_timer < 60) + { + event_log_error (hashcat_ctx, "Brain server backup timer must be at least 60 seconds."); + + return -1; + } + } + } #endif if (user_options->slow_candidates == true) @@ -2890,6 +2914,7 @@ void user_options_logger (hashcat_ctx_t *hashcat_ctx) logfile_top_uint (user_options->brain_client); logfile_top_uint (user_options->brain_client_features); logfile_top_uint (user_options->brain_server); + logfile_top_uint (user_options->brain_server_timer); logfile_top_uint (user_options->brain_port); logfile_top_uint (user_options->brain_session); #endif From 844f12abf70b61b75ff4d168d766a3728592c055 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Sat, 11 Jan 2020 11:25:37 +0100 Subject: [PATCH 136/300] use BRAIN_SERVER_TIMER instead of BRAIN_SERVER_DUMP_EVERY --- src/user_options.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/user_options.c b/src/user_options.c index a470a9b24..a395850f4 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -170,7 +170,7 @@ int user_options_init (hashcat_ctx_t *hashcat_ctx) user_options->brain_host = NULL; user_options->brain_port = BRAIN_PORT; user_options->brain_server = BRAIN_SERVER; - user_options->brain_server_timer = BRAIN_SERVER_DUMP_EVERY; + user_options->brain_server_timer = BRAIN_SERVER_TIMER; user_options->brain_session = BRAIN_SESSION; user_options->brain_session_whitelist = NULL; #endif From 744e4bfd6f6323979ce154617e8b454292913696 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Sat, 11 Jan 2020 11:26:55 +0100 Subject: [PATCH 137/300] use BRAIN_SERVER_TIMER instead of BRAIN_SERVER_DUMP_EVERY --- include/brain.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/brain.h b/include/brain.h index e119a8f03..fcd370772 100644 --- a/include/brain.h +++ b/include/brain.h @@ -41,7 +41,7 @@ #include "xxhash.h" static const int BRAIN_CLIENT_CONNECT_TIMEOUT = 5; -static const int BRAIN_SERVER_DUMP_EVERY = 5 * 60; +static const int BRAIN_SERVER_TIMER = 5 * 60; static const int BRAIN_SERVER_SESSIONS_MAX = 64; static const int BRAIN_SERVER_ATTACKS_MAX = 64 * 1024; static const int BRAIN_SERVER_CLIENTS_MAX = 256; From cc2bd2b554ec680aabb8f3b2a2c39fdb2ba25390 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 12 Jan 2020 08:52:15 +0100 Subject: [PATCH 138/300] Fix rocm compiler warning --- OpenCL/inc_common.cl | 2 +- OpenCL/inc_common.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/OpenCL/inc_common.cl b/OpenCL/inc_common.cl index 64300e80a..f7d0f40fa 100644 --- a/OpenCL/inc_common.cl +++ b/OpenCL/inc_common.cl @@ -1474,7 +1474,7 @@ DECLSPEC int hc_find_keyboard_layout_map (const u32 search, const int search_len return -1; } -DECLSPEC int hc_execute_keyboard_layout_mapping (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], const int pw_len, LOCAL_AS keyboard_layout_mapping_t *s_keyboard_layout_mapping_buf, const int keyboard_layout_mapping_cnt) +DECLSPEC int hc_execute_keyboard_layout_mapping (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int pw_len, LOCAL_AS keyboard_layout_mapping_t *s_keyboard_layout_mapping_buf, const int keyboard_layout_mapping_cnt) { u32 out_buf[16] = { 0 }; diff --git a/OpenCL/inc_common.h b/OpenCL/inc_common.h index 36bbb8998..2fc520fba 100644 --- a/OpenCL/inc_common.h +++ b/OpenCL/inc_common.h @@ -219,7 +219,7 @@ DECLSPEC int is_valid_hex_32 (const u32 v); DECLSPEC int is_valid_base58_8 (const u8 v); DECLSPEC int is_valid_base58_32 (const u32 v); DECLSPEC int hc_find_keyboard_layout_map (const u32 search, const int search_len, LOCAL_AS keyboard_layout_mapping_t *s_keyboard_layout_mapping_buf, const int keyboard_layout_mapping_cnt); -DECLSPEC int hc_execute_keyboard_layout_mapping (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], const int pw_len, LOCAL_AS keyboard_layout_mapping_t *s_keyboard_layout_mapping_buf, const int keyboard_layout_mapping_cnt); +DECLSPEC int hc_execute_keyboard_layout_mapping (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int pw_len, LOCAL_AS keyboard_layout_mapping_t *s_keyboard_layout_mapping_buf, const int keyboard_layout_mapping_cnt); DECLSPEC void make_utf16be (const u32x *in, u32x *out1, u32x *out2); DECLSPEC void make_utf16beN (const u32x *in, u32x *out1, u32x *out2); DECLSPEC void make_utf16le (const u32x *in, u32x *out1, u32x *out2); From 0378a014227ceebe5e688d540eaae872aa7520e5 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 12 Jan 2020 11:22:26 +0100 Subject: [PATCH 139/300] Fix more rocm compiler warning --- OpenCL/inc_ecc_secp256k1.cl | 26 +++++++++++++------------- OpenCL/inc_ecc_secp256k1.h | 4 ++-- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/OpenCL/inc_ecc_secp256k1.cl b/OpenCL/inc_ecc_secp256k1.cl index fa5362b78..f9ec34194 100644 --- a/OpenCL/inc_ecc_secp256k1.cl +++ b/OpenCL/inc_ecc_secp256k1.cl @@ -103,7 +103,7 @@ #include "inc_ecc_secp256k1.h" -DECLSPEC u32 sub (u32 r[8], const u32 a[8], const u32 b[8]) +DECLSPEC u32 sub (u32 *r, const u32 *a, const u32 *b) { u32 c = 0; // carry/borrow @@ -155,7 +155,7 @@ DECLSPEC u32 sub (u32 r[8], const u32 a[8], const u32 b[8]) return c; } -DECLSPEC u32 add (u32 r[8], const u32 a[8], const u32 b[8]) +DECLSPEC u32 add (u32 *r, const u32 *a, const u32 *b) { u32 c = 0; // carry/borrow @@ -207,7 +207,7 @@ DECLSPEC u32 add (u32 r[8], const u32 a[8], const u32 b[8]) return c; } -DECLSPEC void sub_mod (u32 r[8], const u32 a[8], const u32 b[8]) +DECLSPEC void sub_mod (u32 *r, const u32 *a, const u32 *b) { const u32 c = sub (r, a, b); // carry @@ -228,7 +228,7 @@ DECLSPEC void sub_mod (u32 r[8], const u32 a[8], const u32 b[8]) } } -DECLSPEC void add_mod (u32 r[8], const u32 a[8], const u32 b[8]) +DECLSPEC void add_mod (u32 *r, const u32 *a, const u32 *b) { const u32 c = add (r, a, b); // carry @@ -274,7 +274,7 @@ DECLSPEC void add_mod (u32 r[8], const u32 a[8], const u32 b[8]) } } -DECLSPEC void mod_512 (u32 n[16]) +DECLSPEC void mod_512 (u32 *n) { // we need to perform a modulo operation with 512-bit % 256-bit (bignum modulo): // the modulus is the secp256k1 group order @@ -583,7 +583,7 @@ DECLSPEC void mod_512 (u32 n[16]) n[15] = a[15]; } -DECLSPEC void mul_mod (u32 r[8], const u32 a[8], const u32 b[8]) // TODO get rid of u64 ? +DECLSPEC void mul_mod (u32 *r, const u32 *a, const u32 *b) // TODO get rid of u64 ? { u32 t[16] = { 0 }; // we need up to double the space (2 * 8) @@ -736,7 +736,7 @@ DECLSPEC void mul_mod (u32 r[8], const u32 a[8], const u32 b[8]) // TODO get rid } } -DECLSPEC void sqrt_mod (u32 r[8]) +DECLSPEC void sqrt_mod (u32 *r) { // Fermat's Little Theorem // secp256k1: y^2 = x^3 + 7 % p @@ -788,7 +788,7 @@ DECLSPEC void sqrt_mod (u32 r[8]) // (inverse (a, p) * a) % p == 1 (or think of a * a^-1 = a / a = 1) -DECLSPEC void inv_mod (u32 a[8]) +DECLSPEC void inv_mod (u32 *a) { // How often does this really happen? it should "almost" never happen (but would be safer) // if ((a[0] | a[1] | a[2] | a[3] | a[4] | a[5] | a[6] | a[7]) == 0) return; @@ -1037,7 +1037,7 @@ DECLSPEC void inv_mod (u32 a[8]) Z = 2 * y * z */ -DECLSPEC void point_double (u32 x[8], u32 y[8], u32 z[8]) +DECLSPEC void point_double (u32 *x, u32 *y, u32 *z) { // How often does this really happen? it should "almost" never happen (but would be safer) @@ -1224,7 +1224,7 @@ DECLSPEC void point_double (u32 x[8], u32 y[8], u32 z[8]) * y3 = t3-t4 */ -void point_add (u32 x1[8], u32 y1[8], u32 z1[8], u32 x2[8], u32 y2[8]) // z2 = 1 +DECLSPEC void point_add (u32 *x1, u32 *y1, u32 *z1, u32 *x2, u32 *y2) // z2 = 1 { // How often does this really happen? it should "almost" never happen (but would be safer) @@ -1408,7 +1408,7 @@ void point_add (u32 x1[8], u32 y1[8], u32 z1[8], u32 x2[8], u32 y2[8]) // z2 = 1 z1[7] = t8[7]; } -DECLSPEC void point_get_coords (secp256k1_t *r, const u32 x[8], const u32 y[8]) +DECLSPEC void point_get_coords (secp256k1_t *r, const u32 *x, const u32 *y) { /* pre-compute 1/-1, 3/-3, 5/-5, 7/-7 times P (x, y) @@ -1727,7 +1727,7 @@ DECLSPEC void point_get_coords (secp256k1_t *r, const u32 x[8], const u32 y[8]) r->xy[95] = neg[7]; } -DECLSPEC void point_mul (u32 r[9], const u32 k[8], GLOBAL_AS const secp256k1_t *tmps) +DECLSPEC void point_mul (u32 *r, const u32 *k, GLOBAL_AS const secp256k1_t *tmps) { /* * Convert the tweak/scalar k to w-NAF (window size is 4) @@ -1984,7 +1984,7 @@ DECLSPEC void point_mul (u32 r[9], const u32 k[8], GLOBAL_AS const secp256k1_t * r[0] = r[0] | type << 24; // 0x02 or 0x03 } -DECLSPEC u32 parse_public (secp256k1_t *r, const u32 k[9]) +DECLSPEC u32 parse_public (secp256k1_t *r, const u32 *k) { // verify: diff --git a/OpenCL/inc_ecc_secp256k1.h b/OpenCL/inc_ecc_secp256k1.h index d9cd75a4a..9a8e069d2 100644 --- a/OpenCL/inc_ecc_secp256k1.h +++ b/OpenCL/inc_ecc_secp256k1.h @@ -34,8 +34,8 @@ typedef struct secp256k1 } secp256k1_t; -DECLSPEC u32 parse_public (secp256k1_t *r, const u32 k[9]); +DECLSPEC u32 parse_public (secp256k1_t *r, const u32 *k); -DECLSPEC void point_mul (u32 r[9], const u32 k[8], GLOBAL_AS const secp256k1_t *tmps); +DECLSPEC void point_mul (u32 *r, const u32 *k, GLOBAL_AS const secp256k1_t *tmps); #endif // _INC_ECC_SECP256K1_H From 89f9ef45b68ce5c0d23fe3c04f0ed7e3c84ca0cc Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 12 Jan 2020 13:32:02 +0100 Subject: [PATCH 140/300] Whitelist some OpenCL specific functions --- OpenCL/inc_common.cl | 76 +++++++++++++++++++++++++++++++++++++ OpenCL/inc_hash_md4.h | 18 ++------- OpenCL/inc_hash_md5.h | 22 +---------- OpenCL/inc_hash_ripemd160.h | 22 ++--------- OpenCL/inc_hash_sha1.h | 18 ++------- OpenCL/inc_hash_sha224.h | 16 ++------ OpenCL/inc_hash_sha256.h | 16 ++------ OpenCL/inc_hash_sha384.h | 11 +----- OpenCL/inc_hash_sha512.h | 11 +----- OpenCL/inc_vendor.h | 9 +++++ 10 files changed, 106 insertions(+), 113 deletions(-) diff --git a/OpenCL/inc_common.cl b/OpenCL/inc_common.cl index f7d0f40fa..2d086c4b6 100644 --- a/OpenCL/inc_common.cl +++ b/OpenCL/inc_common.cl @@ -310,7 +310,11 @@ DECLSPEC u32x hc_rotl32 (const u32x a, const int n) #elif defined IS_CUDA return rotl32 (a, n); #else + #ifdef USE_ROTATE return rotate (a, make_u32x (n)); + #else + return ((a << n) | (a >> (32 - n))); + #endif #endif } @@ -321,7 +325,11 @@ DECLSPEC u32x hc_rotr32 (const u32x a, const int n) #elif defined IS_CUDA return rotr32 (a, n); #else + #ifdef USE_ROTATE return rotate (a, make_u32x (32 - n)); + #else + return ((a >> n) | (a << (32 - n))); + #endif #endif } @@ -332,7 +340,11 @@ DECLSPEC u32 hc_rotl32_S (const u32 a, const int n) #elif defined IS_CUDA return rotl32_S (a, n); #else + #ifdef USE_ROTATE return rotate (a, (u32) (n)); + #else + return ((a << n) | (a >> (32 - n))); + #endif #endif } @@ -343,7 +355,11 @@ DECLSPEC u32 hc_rotr32_S (const u32 a, const int n) #elif defined IS_CUDA return rotr32_S (a, n); #else + #ifdef USE_ROTATE return rotate (a, (u32) (32 - n)); + #else + return ((a >> n) | (a << (32 - n))); + #endif #endif } @@ -356,7 +372,11 @@ DECLSPEC u64x hc_rotl64 (const u64x a, const int n) #elif defined IS_AMD return rotl64 (a, n); #else + #ifdef USE_ROTATE return rotate (a, make_u64x (n)); + #else + return ((a << n) | (a >> (64 - n))); + #endif #endif } @@ -369,7 +389,11 @@ DECLSPEC u64x hc_rotr64 (const u64x a, const int n) #elif defined IS_AMD return rotr64 (a, n); #else + #ifdef USE_ROTATE return rotate (a, make_u64x (64 - n)); + #else + return ((a >> n) | (a << (64 - n))); + #endif #endif } @@ -382,7 +406,11 @@ DECLSPEC u64 hc_rotl64_S (const u64 a, const int n) #elif defined IS_AMD return rotl64_S (a, n); #else + #ifdef USE_ROTATE return rotate (a, (u64) (n)); + #else + return ((a << n) | (a >> (64 - n))); + #endif #endif } @@ -395,7 +423,11 @@ DECLSPEC u64 hc_rotr64_S (const u64 a, const int n) #elif defined IS_AMD return rotr64_S (a, n); #else + #ifdef USE_ROTATE return rotate (a, (u64) (64 - n)); + #else + return ((a >> n) | (a << (64 - n))); + #endif #endif } @@ -479,10 +511,20 @@ DECLSPEC u32x hc_swap32 (const u32x v) #endif #else + + #if defined USE_BITSELECT && defined USE_ROTATE r = bitselect (rotate (v, make_u32x (24)), rotate (v, make_u32x ( 8)), make_u32x (0x00ff00ff)); + #else + r = ((v & make_u32x (0xff000000)) >> 24) + | ((v & make_u32x (0x00ff0000)) >> 8) + | ((v & make_u32x (0x0000ff00)) << 8) + | ((v & make_u32x (0x000000ff)) << 24); #endif + + #endif + #endif return r; @@ -500,7 +542,14 @@ DECLSPEC u32 hc_swap32_S (const u32 v) #elif defined IS_NV && HAS_PRMT == 1 asm volatile ("prmt.b32 %0, %1, 0, 0x0123;" : "=r"(r) : "r"(v)); #else + #ifdef USE_SWIZZLE r = as_uint (as_uchar4 (v).s3210); + #else + r = ((v & 0xff000000) >> 24) + | ((v & 0x00ff0000) >> 8) + | ((v & 0x0000ff00) << 8) + | ((v & 0x000000ff) << 24); + #endif #endif #endif @@ -697,6 +746,9 @@ DECLSPEC u64x hc_swap64 (const u64x v) #endif #else + + #if defined USE_BITSELECT && defined USE_ROTATE + r = bitselect (bitselect (rotate (v, make_u64x (24)), rotate (v, make_u64x ( 8)), make_u64x (0x000000ff000000ff)), @@ -704,6 +756,19 @@ DECLSPEC u64x hc_swap64 (const u64x v) rotate (v, make_u64x (40)), make_u64x (0x00ff000000ff0000)), make_u64x (0xffff0000ffff0000)); + #else + + r = ((v & make_u64x (0xff00000000000000ULL)) >> 56) + | ((v & make_u64x (0x00ff000000000000ULL)) >> 40) + | ((v & make_u64x (0x0000ff0000000000ULL)) >> 24) + | ((v & make_u64x (0x000000ff00000000ULL)) >> 8) + | ((v & make_u64x (0x00000000ff000000ULL)) << 8) + | ((v & make_u64x (0x0000000000ff0000ULL)) << 24) + | ((v & make_u64x (0x000000000000ff00ULL)) << 40) + | ((v & make_u64x (0x00000000000000ffULL)) << 56); + + #endif + #endif #endif @@ -744,7 +809,18 @@ DECLSPEC u64 hc_swap64_S (const u64 v) asm volatile ("mov.b64 %0, {%1, %2};" : "=l"(r) : "r"(tr), "r"(tl)); #else + #ifdef USE_SWIZZLE r = as_ulong (as_uchar8 (v).s76543210); + #else + r = ((v & 0xff00000000000000ULL) >> 56) + | ((v & 0x00ff000000000000ULL) >> 40) + | ((v & 0x0000ff0000000000ULL) >> 24) + | ((v & 0x000000ff00000000ULL) >> 8) + | ((v & 0x00000000ff000000ULL) << 8) + | ((v & 0x0000000000ff0000ULL) << 24) + | ((v & 0x000000000000ff00ULL) << 40) + | ((v & 0x00000000000000ffULL) << 56); + #endif #endif #endif diff --git a/OpenCL/inc_hash_md4.h b/OpenCL/inc_hash_md4.h index 8dcebba55..7c3b31894 100644 --- a/OpenCL/inc_hash_md4.h +++ b/OpenCL/inc_hash_md4.h @@ -10,26 +10,14 @@ #define MD4_G_S(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) #define MD4_H_S(x,y,z) ((x) ^ (y) ^ (z)) -#ifdef IS_NV #define MD4_F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) #define MD4_G(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) #define MD4_H(x,y,z) ((x) ^ (y) ^ (z)) + +#ifdef USE_BITSELECT #define MD4_Fo(x,y,z) (bitselect ((z), (y), (x))) #define MD4_Go(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) -#endif - -#ifdef IS_AMD -#define MD4_F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) -#define MD4_G(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) -#define MD4_H(x,y,z) ((x) ^ (y) ^ (z)) -#define MD4_Fo(x,y,z) (bitselect ((z), (y), (x))) -#define MD4_Go(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) -#endif - -#ifdef IS_GENERIC -#define MD4_F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) -#define MD4_G(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) -#define MD4_H(x,y,z) ((x) ^ (y) ^ (z)) +#else #define MD4_Fo(x,y,z) (MD4_F((x), (y), (z))) #define MD4_Go(x,y,z) (MD4_G((x), (y), (z))) #endif diff --git a/OpenCL/inc_hash_md5.h b/OpenCL/inc_hash_md5.h index f6b4a00b3..1e6eaaf93 100644 --- a/OpenCL/inc_hash_md5.h +++ b/OpenCL/inc_hash_md5.h @@ -11,35 +11,17 @@ #define MD5_H_S(x,y,z) ((x) ^ (y) ^ (z)) #define MD5_I_S(x,y,z) ((y) ^ ((x) | ~(z))) -#ifdef IS_NV #define MD5_F(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) #define MD5_G(x,y,z) ((y) ^ ((z) & ((x) ^ (y)))) #define MD5_H(x,y,z) ((x) ^ (y) ^ (z)) #define MD5_H1(x,y,z) ((t = (x) ^ (y)) ^ (z)) #define MD5_H2(x,y,z) ((x) ^ t) #define MD5_I(x,y,z) ((y) ^ ((x) | ~(z))) -#define MD5_Fo(x,y,z) (MD5_F((x), (y), (z))) -#define MD5_Go(x,y,z) (MD5_G((x), (y), (z))) -#endif -#ifdef IS_AMD -#define MD5_F(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) -#define MD5_G(x,y,z) ((y) ^ ((z) & ((x) ^ (y)))) -#define MD5_H(x,y,z) ((x) ^ (y) ^ (z)) -#define MD5_H1(x,y,z) ((t = (x) ^ (y)) ^ (z)) -#define MD5_H2(x,y,z) ((x) ^ t) -#define MD5_I(x,y,z) ((y) ^ ((x) | ~(z))) +#ifdef USE_BITSELECT #define MD5_Fo(x,y,z) (bitselect ((z), (y), (x))) #define MD5_Go(x,y,z) (bitselect ((y), (x), (z))) -#endif - -#ifdef IS_GENERIC -#define MD5_F(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) -#define MD5_G(x,y,z) ((y) ^ ((z) & ((x) ^ (y)))) -#define MD5_H(x,y,z) ((x) ^ (y) ^ (z)) -#define MD5_H1(x,y,z) ((t = (x) ^ (y)) ^ (z)) -#define MD5_H2(x,y,z) ((x) ^ t) -#define MD5_I(x,y,z) ((y) ^ ((x) | ~(z))) +#else #define MD5_Fo(x,y,z) (MD5_F((x), (y), (z))) #define MD5_Go(x,y,z) (MD5_G((x), (y), (z))) #endif diff --git a/OpenCL/inc_hash_ripemd160.h b/OpenCL/inc_hash_ripemd160.h index 982f4fdb2..25a69ed56 100644 --- a/OpenCL/inc_hash_ripemd160.h +++ b/OpenCL/inc_hash_ripemd160.h @@ -6,32 +6,16 @@ #ifndef _INC_HASH_RIPEMD160_H #define _INC_HASH_RIPEMD160_H -#ifdef IS_NV #define RIPEMD160_F(x,y,z) ((x) ^ (y) ^ (z)) #define RIPEMD160_G(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) /* x ? y : z */ #define RIPEMD160_H(x,y,z) (((x) | ~(y)) ^ (z)) #define RIPEMD160_I(x,y,z) ((y) ^ ((z) & ((x) ^ (y)))) /* z ? x : y */ #define RIPEMD160_J(x,y,z) ((x) ^ ((y) | ~(z))) + +#ifdef USE_BITSELECT #define RIPEMD160_Go(x,y,z) (bitselect ((z), (y), (x))) #define RIPEMD160_Io(x,y,z) (bitselect ((y), (x), (z))) -#endif - -#ifdef IS_AMD -#define RIPEMD160_F(x,y,z) ((x) ^ (y) ^ (z)) -#define RIPEMD160_G(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) /* x ? y : z */ -#define RIPEMD160_H(x,y,z) (((x) | ~(y)) ^ (z)) -#define RIPEMD160_I(x,y,z) ((y) ^ ((z) & ((x) ^ (y)))) /* z ? x : y */ -#define RIPEMD160_J(x,y,z) ((x) ^ ((y) | ~(z))) -#define RIPEMD160_Go(x,y,z) (bitselect ((z), (y), (x))) -#define RIPEMD160_Io(x,y,z) (bitselect ((y), (x), (z))) -#endif - -#ifdef IS_GENERIC -#define RIPEMD160_F(x,y,z) ((x) ^ (y) ^ (z)) -#define RIPEMD160_G(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) /* x ? y : z */ -#define RIPEMD160_H(x,y,z) (((x) | ~(y)) ^ (z)) -#define RIPEMD160_I(x,y,z) ((y) ^ ((z) & ((x) ^ (y)))) /* z ? x : y */ -#define RIPEMD160_J(x,y,z) ((x) ^ ((y) | ~(z))) +#else #define RIPEMD160_Go(x,y,z) (RIPEMD160_G ((x), (y), (z))) #define RIPEMD160_Io(x,y,z) (RIPEMD160_I ((x), (y), (z))) #endif diff --git a/OpenCL/inc_hash_sha1.h b/OpenCL/inc_hash_sha1.h index 055516cb8..2ff36fdad 100644 --- a/OpenCL/inc_hash_sha1.h +++ b/OpenCL/inc_hash_sha1.h @@ -6,26 +6,14 @@ #ifndef _INC_HASH_SHA1_H #define _INC_HASH_SHA1_H -#ifdef IS_NV #define SHA1_F0(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) #define SHA1_F1(x,y,z) ((x) ^ (y) ^ (z)) #define SHA1_F2(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) + +#ifdef USE_BITSELECT #define SHA1_F0o(x,y,z) (bitselect ((z), (y), (x))) #define SHA1_F2o(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) -#endif - -#ifdef IS_AMD -#define SHA1_F0(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) -#define SHA1_F1(x,y,z) ((x) ^ (y) ^ (z)) -#define SHA1_F2(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) -#define SHA1_F0o(x,y,z) (bitselect ((z), (y), (x))) -#define SHA1_F2o(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) -#endif - -#ifdef IS_GENERIC -#define SHA1_F0(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) -#define SHA1_F1(x,y,z) ((x) ^ (y) ^ (z)) -#define SHA1_F2(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) +#else #define SHA1_F0o(x,y,z) (SHA1_F0 ((x), (y), (z))) #define SHA1_F2o(x,y,z) (SHA1_F2 ((x), (y), (z))) #endif diff --git a/OpenCL/inc_hash_sha224.h b/OpenCL/inc_hash_sha224.h index 6f243f7b4..d68c79d65 100644 --- a/OpenCL/inc_hash_sha224.h +++ b/OpenCL/inc_hash_sha224.h @@ -18,23 +18,13 @@ #define SHA224_S2(x) (hc_rotl32 ((x), 30u) ^ hc_rotl32 ((x), 19u) ^ hc_rotl32 ((x), 10u)) #define SHA224_S3(x) (hc_rotl32 ((x), 26u) ^ hc_rotl32 ((x), 21u) ^ hc_rotl32 ((x), 7u)) -#ifdef IS_NV #define SHA224_F0(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) #define SHA224_F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) + +#ifdef USE_BITSELECT #define SHA224_F0o(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) #define SHA224_F1o(x,y,z) (bitselect ((z), (y), (x))) -#endif - -#ifdef IS_AMD -#define SHA224_F0(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) -#define SHA224_F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) -#define SHA224_F0o(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) -#define SHA224_F1o(x,y,z) (bitselect ((z), (y), (x))) -#endif - -#ifdef IS_GENERIC -#define SHA224_F0(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) -#define SHA224_F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) +#else #define SHA224_F0o(x,y,z) (SHA224_F0 ((x), (y), (z))) #define SHA224_F1o(x,y,z) (SHA224_F1 ((x), (y), (z))) #endif diff --git a/OpenCL/inc_hash_sha256.h b/OpenCL/inc_hash_sha256.h index 89421be23..ccf5a79f8 100644 --- a/OpenCL/inc_hash_sha256.h +++ b/OpenCL/inc_hash_sha256.h @@ -18,23 +18,13 @@ #define SHA256_S2(x) (hc_rotl32 ((x), 30u) ^ hc_rotl32 ((x), 19u) ^ hc_rotl32 ((x), 10u)) #define SHA256_S3(x) (hc_rotl32 ((x), 26u) ^ hc_rotl32 ((x), 21u) ^ hc_rotl32 ((x), 7u)) -#ifdef IS_NV #define SHA256_F0(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) #define SHA256_F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) + +#ifdef USE_BITSELECT #define SHA256_F0o(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) #define SHA256_F1o(x,y,z) (bitselect ((z), (y), (x))) -#endif - -#ifdef IS_AMD -#define SHA256_F0(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) -#define SHA256_F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) -#define SHA256_F0o(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) -#define SHA256_F1o(x,y,z) (bitselect ((z), (y), (x))) -#endif - -#ifdef IS_GENERIC -#define SHA256_F0(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) -#define SHA256_F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) +#else #define SHA256_F0o(x,y,z) (SHA256_F0 ((x), (y), (z))) #define SHA256_F1o(x,y,z) (SHA256_F1 ((x), (y), (z))) #endif diff --git a/OpenCL/inc_hash_sha384.h b/OpenCL/inc_hash_sha384.h index e19c9ec9a..92266b24a 100644 --- a/OpenCL/inc_hash_sha384.h +++ b/OpenCL/inc_hash_sha384.h @@ -21,17 +21,10 @@ #define SHA384_F0(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) #define SHA384_F1(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) -#ifdef IS_NV +#ifdef USE_BITSELECT #define SHA384_F0o(x,y,z) (bitselect ((z), (y), (x))) #define SHA384_F1o(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) -#endif - -#ifdef IS_AMD -#define SHA384_F0o(x,y,z) (bitselect ((z), (y), (x))) -#define SHA384_F1o(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) -#endif - -#ifdef IS_GENERIC +#else #define SHA384_F0o(x,y,z) (SHA384_F0 ((x), (y), (z))) #define SHA384_F1o(x,y,z) (SHA384_F1 ((x), (y), (z))) #endif diff --git a/OpenCL/inc_hash_sha512.h b/OpenCL/inc_hash_sha512.h index f30dc2b86..c66aa1fb9 100644 --- a/OpenCL/inc_hash_sha512.h +++ b/OpenCL/inc_hash_sha512.h @@ -21,17 +21,10 @@ #define SHA512_F0(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) #define SHA512_F1(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) -#ifdef IS_NV +#ifdef USE_BITSELECT #define SHA512_F0o(x,y,z) (bitselect ((z), (y), (x))) #define SHA512_F1o(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) -#endif - -#ifdef IS_AMD -#define SHA512_F0o(x,y,z) (bitselect ((z), (y), (x))) -#define SHA512_F1o(x,y,z) (bitselect ((x), (y), ((x) ^ (z)))) -#endif - -#ifdef IS_GENERIC +#else #define SHA512_F0o(x,y,z) (SHA512_F0 ((x), (y), (z))) #define SHA512_F1o(x,y,z) (SHA512_F1 ((x), (y), (z))) #endif diff --git a/OpenCL/inc_vendor.h b/OpenCL/inc_vendor.h index f2f201e19..b1a656ce8 100644 --- a/OpenCL/inc_vendor.h +++ b/OpenCL/inc_vendor.h @@ -144,4 +144,13 @@ #undef _unroll #endif +// Whitelist some OpenCL specific functions +// This could create more stable kernels on systems with bad OpenCL drivers + +#ifdef IS_NV +#define USE_BITSELECT +#define USE_ROTATE +#define USE_SWIZZLE +#endif + #endif From 3a633e60acfcf6c8cbdaddfe6a2c56abab50fc1b Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Mon, 13 Jan 2020 10:31:20 +0100 Subject: [PATCH 141/300] improve/refactor tab completion script --- extra/tab_completion/hashcat.sh | 208 +++++++++++++++++++------------- 1 file changed, 126 insertions(+), 82 deletions(-) diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh index a96c0248c..20032b64f 100644 --- a/extra/tab_completion/hashcat.sh +++ b/extra/tab_completion/hashcat.sh @@ -17,10 +17,10 @@ _hashcat_backend_devices () if [ ! -x "${executable}" ]; then executable="${HASHCAT_ROOT}"/hashcat.bin fi - + if [ ! -x "${executable}" ]; then local which_hashcat=$(which hashcat 2>/dev/null) - + if [ -n "${which_hashcat}" ]; then executable="${which_hashcat}" fi @@ -217,6 +217,69 @@ _hashcat_cpu_devices () done } +_hashcat_files_replace_home () +{ + local cur_select="${1}" + local cur_files="${2}" + + hashcat_select="${cur_select}" + hashcat_file_list="${cur_files}" + + if echo ${cur_select} | grep -q "^~/"; then + home_dir="${HOME}" + + if [ -n "${home_dir}" ]; then + hashcat_file_list=$(echo -n "${cur_files}" | sed "s!^${home_dir}!~\\\\!") + hashcat_select=$(echo -n "${cur_select}" | sed "s!^~/!~\\\\/!") + fi + fi +} + +_hashcat_files_include () +{ + local cur_select="${1}" + local cur_filter="${2}" + + # allow starting/ending quotes (" and '): + + cur_select=$(echo -n "${cur_select}" | sed 's/^["'"'"']//' | sed 's/["'"'"']\$//') + + hashcat_file_list=$(bash -c "ls -d ${cur_select}*" 2> /dev/null | grep -Ei "${cur_filter}" 2> /dev/null) + + + # special case: add all folders/directories (ending with "/") + + local all_dirs=$(bash -c "ls -d ${cur_select}*/" 2> /dev/null) + + hashcat_file_list="${hashcat_file_list} ${all_dirs}" + + + # special case: $HOME directory (~/) + + _hashcat_files_replace_home "${cur_select}" "${hashcat_file_list}" + + # (hashcat_select and hashcat_file_list are modified and "returned") +} + +_hashcat_files_exclude () +{ + local cur_select="${1}" + local cur_filter="${2}" + + # allow starting/ending quotes (" and '): + + cur_select=$(echo -n "${cur_select}" | sed 's/^["'"'"']//' | sed 's/["'"'"']\$//') + + hashcat_file_list=$(bash -c "ls -d ${cur_select}*" 2> /dev/null | grep -Eiv '*\.('${cur_filter}')' 2> /dev/null) + + + # handle special case for $HOME directory (~/) + + _hashcat_files_replace_home "${cur_select}" "${hashcat_file_list}" + + # (hashcat_select and hashcat_file_list are modified and "returned") +} + _hashcat_contains () { local haystack=${1} @@ -246,7 +309,7 @@ _hashcat () local WORKLOAD_PROFILE="1 2 3 4" local BRAIN_CLIENT_FEATURES="1 2 3" local HIDDEN_FILES="exe|bin|potfile|hcstat2|dictstat2|sh|cmd|bat|restore" - local HIDDEN_FILES_AGGRESIVE="${HIDDEN_FILES}|hcmask|hcchr" + local HIDDEN_FILES_AGGRESSIVE="${HIDDEN_FILES}|hcmask|hcchr" local BUILD_IN_CHARSETS='?l ?u ?d ?a ?b ?s ?h ?H' local SHORT_OPTS="-m -a -V -h -b -t -T -o -p -c -d -D -w -n -u -j -k -r -g -1 -2 -3 -4 -i -I -s -l -O -S -z" @@ -300,14 +363,14 @@ _hashcat () ;; -o|--outfile|-r|--rules-file|--debug-file|--potfile-path| --restore-file-path) - local files=$(ls -d ${cur}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESIVE}')' 2> /dev/null) - COMPREPLY=($(compgen -W "${files}" -- ${cur})) # or $(compgen -f -X '*.+('${HIDDEN_FILES_AGGRESIVE}')' -- ${cur}) + _hashcat_files_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" + COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) # or $(compgen -f -X '*.+('${HIDDEN_FILES_AGGRESSIVE}')' -- ${cur}) return 0 ;; --markov-hcstat2) - local files=$(ls -d ${cur}* 2> /dev/null | grep '.*\.hcstat2$' 2> /dev/null) - COMPREPLY=($(compgen -W "${files}" -- ${cur})) # or $(compgen -f -X '*.+('${HIDDEN_FILES_AGGRESIVE}')' -- ${cur}) + _hashcat_files_include "${cur}" '.*\.hcstat2$' + COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) return 0 ;; @@ -336,8 +399,8 @@ _hashcat () ;; --keyboard-layout-mapping) - local files=$(ls -d ${cur}* 2> /dev/null | grep '.*\.hckmap$' 2> /dev/null) - COMPREPLY=($(compgen -W "${files}" -- ${cur})) # or $(compgen -f -X '*.+('${HIDDEN_FILES_AGGRESIVE}')' -- ${cur}) + _hashcat_files_include "${cur}" '.*\.hckmap$' + COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) return 0 ;; @@ -355,7 +418,6 @@ _hashcat () local cur_var=$(echo "${cur}" | sed 's/\?$//') - mask="${mask} ${cur_var}" local h for h in ${mask}; do @@ -378,17 +440,18 @@ _hashcat () fi mask="${mask} ${cur_var}${h}" - fi done + + mask="${mask} ${cur_var}" fi - local files=$(ls -d ${cur}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES}')' 2> /dev/null) + _hashcat_files_exclude "${cur}" "${HIDDEN_FILES}" - mask="${mask} ${files}" + mask="${mask} ${hashcat_file_list}" - COMPREPLY=($(compgen -W "${mask}" -- ${cur})) + COMPREPLY=($(compgen -W "${mask}" -- ${hashcat_select})) return 0 ;; @@ -446,16 +509,26 @@ _hashcat () local cur_part0=$(echo "${cur}" | grep -Eo '^("|'"'"')') - local cur_mod=$(echo "${cur}" | sed 's/^["'"'"']//') - local cur_part1=$(echo "${cur_mod}" | grep ',' 2> /dev/null | sed 's/^\(.*, *\)[^,]*$/\1/') - local cur_part2=$(echo "${cur_mod}" | sed 's/^.*, *\([^,]*\)$/\1/') + local cur_sel=$(echo "${cur}" | sed 's/["'"'"']//g') + + local cur_part1=$(echo "${cur_sel}" | grep ',' 2> /dev/null | sed 's/^\(.*, *\)[^,]*$/\1/') + local cur_part2=$(echo "${cur_sel}" | sed 's/^.*, *\([^,]*\)$/\1/') + + _hashcat_files_exclude "${cur_part2}" "${HIDDEN_FILES_AGGRESSIVE}" + # generate lines with the file name and a duplicate of it with a comma at the end - local files=$(ls -d ${cur_part2}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESIVE}')' 2> /dev/null | sed 's/^\(.*\)$/\1\n\1,\n/' | sed "s/^/${cur_part0}${cur_part1}/" | sed "s/$/${cur_part0}/") - COMPREPLY=($(compgen -W "${files}" -- ${cur})) - return 0 + hashcat_file_list=$(echo "${hashcat_file_list}" | \ + sed "s/^/${cur_part1}/" | \ + sed "s/^/${cur_part0}/" | \ + sed 's/^\(.*\)$/\1\n\1,\n/' | \ + sed 's/,\+$/,/g' | \ + sed 's/^\(.*\)$/\1\n\1"/' | \ + sed 's/,\+"$/"/') + COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${cur_sel})) + return 0 esac # allow also the VARIANTS w/o spaces @@ -476,14 +549,14 @@ _hashcat () ;; -o*) - local outfile_var=$(ls -d ${cur:2}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESIVE}')' 2> /dev/null) + local outfile_var=$(ls -d ${cur:2}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESSIVE}')' 2> /dev/null) outfile_var="$(echo -e "\n${outfile_var}" | sed 's/^/-o/')" COMPREPLY=($(compgen -W "${outfile_var}" -- ${cur})) return 0 ;; -r*) - local outfile_var=$(ls -d ${cur:2}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESIVE}')' 2> /dev/null) + local outfile_var=$(ls -d ${cur:2}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESSIVE}')' 2> /dev/null) outfile_var="$(echo -e "\n${outfile_var}" | sed 's/^/-r/')" COMPREPLY=($(compgen -W "${outfile_var}" -- ${cur})) return 0 @@ -607,8 +680,8 @@ _hashcat () ;; 1) - local files=$(ls -d ${cur}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESIVE}')' 2> /dev/null) - COMPREPLY=($(compgen -W "${files}" -- ${cur})) + _hashcat_files_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" + COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) return 0 ;; @@ -617,8 +690,8 @@ _hashcat () 0) # dict/directory are files here - local files=$(ls -d ${cur}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESIVE}')' 2> /dev/null) - COMPREPLY=($(compgen -W "${files}" -- ${cur})) + _hashcat_files_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" + COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) return 0 ;; @@ -627,8 +700,8 @@ _hashcat () return 0 fi - local files=$(ls -d ${cur}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESIVE}')' 2> /dev/null) - COMPREPLY=($(compgen -W "${files}" -- ${cur})) + _hashcat_files_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" + COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) return 0 ;; @@ -637,27 +710,19 @@ _hashcat () local mask=${BUILD_IN_CHARSETS} if [ "${has_charset_1}" -eq 1 ]; then - mask="${mask} ?1" - fi if [ "${has_charset_2}" -eq 1 ]; then - mask="${mask} ?2" - fi if [ "${has_charset_3}" -eq 1 ]; then - mask="${mask} ?3" - fi if [ "${has_charset_4}" -eq 1 ]; then - mask="${mask} ?4" - fi if [ -e "${cur}" ]; then # should be hcmask file (but not enforced) @@ -671,21 +736,20 @@ _hashcat () local cur_var=$(echo "${cur}" | sed 's/\?$//') - mask="${mask} ${cur_var}" - local h for h in ${mask}; do - - mask="${mask} ${cur_var}${h}" - + mask="${mask} ${cur_var}${h}" done + + mask="${mask} ${cur_var}" fi - local files=$(ls -d ${cur}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES}')' 2> /dev/null) + _hashcat_files_exclude "${cur}" "${HIDDEN_FILES}" - mask="${mask} ${files}" + mask="${mask} ${hashcat_file_list}" + + COMPREPLY=($(compgen -W "${mask}" -- ${hashcat_select})) - COMPREPLY=($(compgen -W "${mask}" -- ${cur})) return 0 fi ;; @@ -693,34 +757,26 @@ _hashcat () 6) if [ "${no_opts}" -eq 2 ]; then - local files=$(ls -d ${cur}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESIVE}')' 2> /dev/null) - COMPREPLY=($(compgen -W "${files}" -- ${cur})) + _hashcat_files_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" + COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) elif [ "${no_opts}" -eq 3 ]; then local mask=${BUILD_IN_CHARSETS} if [ "${has_charset_1}" -eq 1 ]; then - mask="${mask} ?1" - fi if [ "${has_charset_2}" -eq 1 ]; then - mask="${mask} ?2" - fi if [ "${has_charset_3}" -eq 1 ]; then - mask="${mask} ?3" - fi if [ "${has_charset_4}" -eq 1 ]; then - mask="${mask} ?4" - fi if [ -e "${cur}" ]; then # should be hcmask file (but not enforced) @@ -734,21 +790,19 @@ _hashcat () local cur_var=$(echo "${cur}" | sed 's/\?$//') - mask="${mask} ${cur_var}" - local h for h in ${mask}; do - - mask="${mask} ${cur_var}${h}" - + mask="${mask} ${cur_var}${h}" done + + mask="${mask} ${cur_var}" fi - local files=$(ls -d ${cur}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES}')' 2> /dev/null) + _hashcat_files_exclude "${cur}" "${HIDDEN_FILES}" - mask="${mask} ${files}" + mask="${mask} ${hashcat_file_list}" - COMPREPLY=($(compgen -W "${mask}" -- ${cur})) + COMPREPLY=($(compgen -W "${mask}" -- ${hashcat_select})) return 0 fi @@ -759,27 +813,19 @@ _hashcat () local mask=${BUILD_IN_CHARSETS} if [ "${has_charset_1}" -eq 1 ]; then - mask="${mask} ?1" - fi if [ "${has_charset_2}" -eq 1 ]; then - mask="${mask} ?2" - fi if [ "${has_charset_3}" -eq 1 ]; then - mask="${mask} ?3" - fi if [ "${has_charset_4}" -eq 1 ]; then - mask="${mask} ?4" - fi if [ -e "${cur}" ]; then # should be hcmask file (but not enforced) @@ -793,28 +839,26 @@ _hashcat () local cur_var=$(echo "${cur}" | sed 's/\?$//') - mask="${mask} ${cur_var}" - local h for h in ${mask}; do - - mask="${mask} ${cur_var}${h}" - + mask="${mask} ${cur_var}${h}" done + + mask="${mask} ${cur_var}" fi - local files=$(ls -d ${cur}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES}')' 2> /dev/null) + _hashcat_files_exclude "${cur}" "${HIDDEN_FILES}" - mask="${mask} ${files}" + mask="${mask} ${hashcat_file_list}" - COMPREPLY=($(compgen -W "${mask}" -- ${cur})) + COMPREPLY=($(compgen -W "${mask}" -- ${hashcat_select})) return 0 elif [ "${no_opts}" -eq 3 ]; then - local files=$(ls -d ${cur}* 2> /dev/null | grep -Eiv '*\.('${HIDDEN_FILES_AGGRESIVE}')' 2> /dev/null) - COMPREPLY=($(compgen -W "${files}" -- ${cur})) - return + _hashcat_files_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" + COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) + return 0 fi ;; @@ -824,4 +868,4 @@ _hashcat () esac } -complete -F _hashcat -o filenames "${HASHCAT_ROOT}"/hashcat.bin "${HASHCAT_ROOT}"/hashcat hashcat +complete -F _hashcat "${HASHCAT_ROOT}"/hashcat.bin "${HASHCAT_ROOT}"/hashcat hashcat From b3cce7c4df11f73d8d40cf354a2c834d9ac9dba8 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Mon, 13 Jan 2020 10:36:14 +0100 Subject: [PATCH 142/300] tab completion: added missing --brain-server-timer --- extra/tab_completion/hashcat.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh index 20032b64f..d420faf23 100644 --- a/extra/tab_completion/hashcat.sh +++ b/extra/tab_completion/hashcat.sh @@ -313,8 +313,8 @@ _hashcat () local BUILD_IN_CHARSETS='?l ?u ?d ?a ?b ?s ?h ?H' local SHORT_OPTS="-m -a -V -h -b -t -T -o -p -c -d -D -w -n -u -j -k -r -g -1 -2 -3 -4 -i -I -s -l -O -S -z" - local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --benchmark-all --hex-salt --hex-wordlist --hex-charset --force --status --status-json --status-timer --stdin-timeout-abort --machine-readable --loopback --markov-hcstat2 --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --wordlist-autohex-disable --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --example-hashes --backend-ignore-cuda --backend-ignore-opencl --backend-info --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-disable --hwmon-temp-abort --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --optimized-kernel-enable --self-test-disable --slow-candidates --brain-server --brain-client --brain-client-features --brain-host --brain-port --brain-session --brain-session-whitelist --brain-password" - local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --stdin-timeout-abort --markov-hcstat2 --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-temp-abort --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment-min --increment-max --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --brain-client-features --brain-host --brain-password --brain-port --brain-session --brain-session-whitelist" + local LONG_OPTS="--hash-type --attack-mode --version --help --quiet --benchmark --benchmark-all --hex-salt --hex-wordlist --hex-charset --force --status --status-json --status-timer --stdin-timeout-abort --machine-readable --loopback --markov-hcstat2 --markov-disable --markov-classic --markov-threshold --runtime --session --speed-only --progress-only --restore --restore-file-path --restore-disable --outfile --outfile-format --outfile-autohex-disable --outfile-check-timer --outfile-check-dir --wordlist-autohex-disable --separator --show --left --username --remove --remove-timer --potfile-disable --potfile-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --example-hashes --backend-ignore-cuda --backend-ignore-opencl --backend-info --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-disable --hwmon-temp-abort --skip --limit --keyspace --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment --increment-min --increment-max --logfile-disable --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --stdout --keep-guessing --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --optimized-kernel-enable --self-test-disable --slow-candidates --brain-server --brain-server-timer --brain-client --brain-client-features --brain-host --brain-port --brain-session --brain-session-whitelist --brain-password" + local OPTIONS="-m -a -t -o -p -c -d -w -n -u -j -k -r -g -1 -2 -3 -4 -s -l --hash-type --attack-mode --status-timer --stdin-timeout-abort --markov-hcstat2 --markov-threshold --runtime --session --timer --outfile --outfile-format --outfile-check-timer --outfile-check-dir --separator --remove-timer --potfile-path --restore-file-path --debug-mode --debug-file --induction-dir --segment-size --bitmap-min --bitmap-max --cpu-affinity --backend-devices --opencl-device-types --backend-vector-width --workload-profile --kernel-accel --kernel-loops --kernel-threads --spin-damp --hwmon-temp-abort --skip --limit --rule-left --rule-right --rules-file --generate-rules --generate-rules-func-min --generate-rules-func-max --generate-rules-seed --custom-charset1 --custom-charset2 --custom-charset3 --custom-charset4 --hook-threads --increment-min --increment-max --scrypt-tmto --keyboard-layout-mapping --truecrypt-keyfiles --veracrypt-keyfiles --veracrypt-pim-start --veracrypt-pim-stop --hccapx-message-pair --nonce-error-corrections --encoding-from --encoding-to --brain-server-timer --brain-client-features --brain-host --brain-password --brain-port --brain-session --brain-session-whitelist" COMPREPLY=() local cur="${COMP_WORDS[COMP_CWORD]}" From 587ca752e74c87d0544c539c85420628bd748a75 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Mon, 13 Jan 2020 10:40:28 +0100 Subject: [PATCH 143/300] tests: fixed new problem with -m 20510 and hash type ranges --- tools/test.sh | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/tools/test.sh b/tools/test.sh index 16d7a111d..35df022e5 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -2979,13 +2979,6 @@ if [ "${TYPE}" = "null" ]; then TYPE="Gpu" fi -if [ "${HT}" -eq 20510 ]; then # special case for PKZIP Master Key - if [ "${MODE}" -eq 1 ]; then # if "multi" was forced we need to exit - echo "ERROR: -m 20510 = PKZIP Master Key can only be run with a single hash" - exit 1 - fi -fi - if [ -n "${ARCHITECTURE}" ]; then BIN="${BIN}${ARCHITECTURE}" @@ -3117,6 +3110,18 @@ if [ "${PACKAGE}" -eq 0 ] || [ -z "${PACKAGE_FOLDER}" ]; then fi fi + if [ "${hash_type}" -eq 20510 ]; then # special case for PKZIP Master Key + if [ "${MODE}" -eq 1 ]; then # if "multi" was forced we need to skip it + if [ "${HT_MIN}" -lt "${HT_MAX}" ]; then + echo "WARNING: -m 20510 = PKZIP Master Key can only be run with a single hash" + else + echo "ERROR: -m 20510 = PKZIP Master Key can only be run with a single hash" + fi + + continue + fi + fi + if [ -z "${PACKAGE_FOLDER}" ]; then # init test data From fd4068df4c30b7a9497801cab42aecc9c7314fd0 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Mon, 13 Jan 2020 14:29:25 +0100 Subject: [PATCH 144/300] tests: prevent -m 20510 multi error message for -m all --- tools/test.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/test.sh b/tools/test.sh index 35df022e5..594d5888c 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -3112,10 +3112,10 @@ if [ "${PACKAGE}" -eq 0 ] || [ -z "${PACKAGE_FOLDER}" ]; then if [ "${hash_type}" -eq 20510 ]; then # special case for PKZIP Master Key if [ "${MODE}" -eq 1 ]; then # if "multi" was forced we need to skip it - if [ "${HT_MIN}" -lt "${HT_MAX}" ]; then - echo "WARNING: -m 20510 = PKZIP Master Key can only be run with a single hash" - else - echo "ERROR: -m 20510 = PKZIP Master Key can only be run with a single hash" + if [ "${HT_MIN}" -eq 20510 ]; then + if [ "${HT_MAX}" -eq 20510 ]; then + echo "ERROR: -m 20510 = PKZIP Master Key can only be run with a single hash" + fi fi continue From 84209dd2ffa2ef8ef826ad4989730f7dadf6e3d9 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 13 Jan 2020 14:40:52 +0100 Subject: [PATCH 145/300] Fix buffer overflow in src/hashes.c --- src/hashes.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/hashes.c b/src/hashes.c index 51abdb6c2..73ea47c3b 100644 --- a/src/hashes.c +++ b/src/hashes.c @@ -330,22 +330,23 @@ void check_hash (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, pl // plain - u8 plain_buf[256+1]; + u8 plain_buf[0x1000]; // while the password itself can have only length 256, the module could encode it with something like base64 which inflates the requires buffer size memset (plain_buf, 0, sizeof (plain_buf)); u8 *plain_ptr = plain_buf; + int plain_len = 0; - build_plain (hashcat_ctx, device_param, plain, (u32 *)plain_buf, &plain_len); + build_plain (hashcat_ctx, device_param, plain, (u32 *) plain_buf, &plain_len); if (module_ctx->module_build_plain_postprocess != MODULE_DEFAULT) { - u8 temp_buf[256+1] = { 0 }; + u8 temp_buf[0x1000]; memset (temp_buf, 0, sizeof (temp_buf)); - const int temp_len = module_ctx->module_build_plain_postprocess (hashcat_ctx->hashconfig, hashcat_ctx->hashes, tmps, (u32 *)plain_buf, sizeof (plain_buf), plain_len, (u32 *)temp_buf, sizeof (temp_buf)); + const int temp_len = module_ctx->module_build_plain_postprocess (hashcat_ctx->hashconfig, hashcat_ctx->hashes, tmps, (u32 *) plain_buf, sizeof (plain_buf), plain_len, (u32 *)temp_buf, sizeof (temp_buf)); if (temp_len < (int) sizeof (plain_buf)) { From 8a905d19aa12142efa20de03a4ea7bff12625d3f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 13 Jan 2020 16:06:04 +0100 Subject: [PATCH 146/300] Updated optimized kernel unstable markers to amdgpu-pro-18.50-708488-ubuntu-18.04 --- src/modules/module_04010.c | 16 +++++++++++++++- src/modules/module_04110.c | 16 +++++++++++++++- src/modules/module_07800.c | 7 +++++-- src/modules/module_07801.c | 7 +++++-- src/modules/module_08600.c | 13 +------------ src/modules/module_09600.c | 13 ++++++++++++- src/modules/module_11600.c | 2 +- src/modules/module_11750.c | 2 +- src/modules/module_11760.c | 2 +- src/modules/module_11850.c | 2 +- src/modules/module_11860.c | 2 +- src/modules/module_14400.c | 2 +- src/modules/module_15300.c | 4 ++-- src/modules/module_15900.c | 6 ------ src/modules/module_19500.c | 13 ++++++++++++- 15 files changed, 73 insertions(+), 34 deletions(-) diff --git a/src/modules/module_04010.c b/src/modules/module_04010.c index 052b0a889..875f0c4e8 100644 --- a/src/modules/module_04010.c +++ b/src/modules/module_04010.c @@ -44,6 +44,20 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // amdgpu-pro-19.30-934563-ubuntu-18.04: self-test failure. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 1) + { + return true; + } + } + + return false; +} + int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -208,6 +222,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_04110.c b/src/modules/module_04110.c index 7aa0bbc8f..0f43d8d81 100644 --- a/src/modules/module_04110.c +++ b/src/modules/module_04110.c @@ -42,6 +42,20 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // amdgpu-pro-19.30-934563-ubuntu-18.04: self-test failure. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 1) + { + return true; + } + } + + return false; +} + int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -206,6 +220,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_07800.c b/src/modules/module_07800.c index c47ad7e0c..ebf476908 100644 --- a/src/modules/module_07800.c +++ b/src/modules/module_07800.c @@ -53,10 +53,13 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: password not found + // amdgpu-pro-19.30-934563-ubuntu-18.04: password not found if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { - return true; + if (user_options->attack_mode == ATTACK_MODE_BF) + { + return true; + } } return false; diff --git a/src/modules/module_07801.c b/src/modules/module_07801.c index 71d4928e8..469bbbc6a 100644 --- a/src/modules/module_07801.c +++ b/src/modules/module_07801.c @@ -53,10 +53,13 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: password not found + // amdgpu-pro-19.30-934563-ubuntu-18.04: password not found if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { - return true; + if (user_options->attack_mode == ATTACK_MODE_BF) + { + return true; + } } return false; diff --git a/src/modules/module_08600.c b/src/modules/module_08600.c index 422df3893..8cb8ee957 100644 --- a/src/modules/module_08600.c +++ b/src/modules/module_08600.c @@ -50,17 +50,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-18.50-708488-ubuntu-18.04: Segmentation fault - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -173,6 +162,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_09600.c b/src/modules/module_09600.c index 7fbd4c5da..7e5fe1f82 100644 --- a/src/modules/module_09600.c +++ b/src/modules/module_09600.c @@ -86,6 +86,17 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // amdgpu-pro-19.30-934563-ubuntu-18.04: self-test failure. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -338,6 +349,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_11600.c b/src/modules/module_11600.c index 29f0ef400..ae556b6c2 100644 --- a/src/modules/module_11600.c +++ b/src/modules/module_11600.c @@ -334,7 +334,7 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: Segmentation fault + // amdgpu-pro-19.30-934563-ubuntu-18.04: Segmentation fault if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { return true; diff --git a/src/modules/module_11750.c b/src/modules/module_11750.c index 180c9134f..e47c6cafd 100644 --- a/src/modules/module_11750.c +++ b/src/modules/module_11750.c @@ -43,7 +43,7 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: CL_OUT_OF_RESOURCES + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { return true; diff --git a/src/modules/module_11760.c b/src/modules/module_11760.c index a8239650a..115becc19 100644 --- a/src/modules/module_11760.c +++ b/src/modules/module_11760.c @@ -43,7 +43,7 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: CL_OUT_OF_RESOURCES + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { return true; diff --git a/src/modules/module_11850.c b/src/modules/module_11850.c index 427c4c58c..6be38b709 100644 --- a/src/modules/module_11850.c +++ b/src/modules/module_11850.c @@ -43,7 +43,7 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: CL_OUT_OF_RESOURCES + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { return true; diff --git a/src/modules/module_11860.c b/src/modules/module_11860.c index a14e200f2..bf0fa79b5 100644 --- a/src/modules/module_11860.c +++ b/src/modules/module_11860.c @@ -43,7 +43,7 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: CL_OUT_OF_RESOURCES + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { return true; diff --git a/src/modules/module_14400.c b/src/modules/module_14400.c index d08c521eb..a68ea80d3 100644 --- a/src/modules/module_14400.c +++ b/src/modules/module_14400.c @@ -58,7 +58,7 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: Segmentation fault + // amdgpu-pro-19.30-934563-ubuntu-18.04: Segmentation fault if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 1) diff --git a/src/modules/module_15300.c b/src/modules/module_15300.c index 9a19cc9ae..71b883ece 100644 --- a/src/modules/module_15300.c +++ b/src/modules/module_15300.c @@ -107,13 +107,13 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE } } - // amdgpu-pro-18.50-708488-ubuntu-18.04: self-test failed + // amdgpu-pro-19.30-934563-ubuntu-18.04: self-test failed if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { return true; } - //l_opencl_p_18.1.0.013.tgz: self-test failed + // l_opencl_p_18.1.0.013.tgz: self-test failed if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) { return true; diff --git a/src/modules/module_15900.c b/src/modules/module_15900.c index f53679d02..33a240e23 100644 --- a/src/modules/module_15900.c +++ b/src/modules/module_15900.c @@ -108,12 +108,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE } } - // amdgpu-pro-18.50-708488-ubuntu-18.04: self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - return false; } diff --git a/src/modules/module_19500.c b/src/modules/module_19500.c index 9969ff202..042440d0a 100644 --- a/src/modules/module_19500.c +++ b/src/modules/module_19500.c @@ -52,6 +52,17 @@ typedef struct devise_hash } devise_hash_t; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // amdgpu-pro-19.30-934563-ubuntu-18.04: self-test failure. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + return true; + } + + return false; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (devise_hash_t); @@ -260,6 +271,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } From cc85d1bd9797a8b7c11bcd8625dffd8b227d183a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 13 Jan 2020 16:26:22 +0100 Subject: [PATCH 147/300] Update salt limit in -m 1460 from 64 to 256 --- src/modules/module_01460.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/modules/module_01460.c b/src/modules/module_01460.c index 309338d1b..3d73e6a40 100644 --- a/src/modules/module_01460.c +++ b/src/modules/module_01460.c @@ -16,7 +16,6 @@ static const u32 DGST_POS1 = 7; static const u32 DGST_POS2 = 2; static const u32 DGST_POS3 = 6; static const u32 DGST_SIZE = DGST_SIZE_4_8; -static const u32 DGST_BLK_SIZE = 64; static const u32 HASH_CATEGORY = HASH_CATEGORY_RAW_HASH_AUTHENTICATED; static const char *HASH_NAME = "HMAC-SHA256 (key = $salt)"; static const u64 KERN_TYPE = 1460; @@ -41,7 +40,6 @@ u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } -u32 module_salt_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_BLK_SIZE; } const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } @@ -216,7 +214,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_pwdump_column = MODULE_DEFAULT; module_ctx->module_pw_max = MODULE_DEFAULT; module_ctx->module_pw_min = MODULE_DEFAULT; - module_ctx->module_salt_max = module_salt_max; + module_ctx->module_salt_max = MODULE_DEFAULT; module_ctx->module_salt_min = MODULE_DEFAULT; module_ctx->module_salt_type = module_salt_type; module_ctx->module_separator = MODULE_DEFAULT; From 7306786eb01624a778893f6d321518c725ad7262 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 13 Jan 2020 18:54:19 +0100 Subject: [PATCH 148/300] Do not check password in test.sh if NEVER_CRACK is set --- tools/test.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/test.sh b/tools/test.sh index 594d5888c..fe593cb30 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -406,6 +406,10 @@ function status() ;; 10) + if is_in_array "${hash_type}" ${NEVER_CRACK_ALGOS}; then + return + fi + if [ "${pass_only}" -eq 1 ]; then echo "plains not found in output, cmdline : ${CMD}" >> "${OUTD}/logfull.txt" 2>> "${OUTD}/logfull.txt" else From 40a9473070771162a4c2080bb99c43be603bb051 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 13 Jan 2020 21:20:06 +0100 Subject: [PATCH 149/300] Updated pure kernel unstable markers to amdgpu-pro-18.50-708488-ubuntu-18.04 --- src/modules/module_06100.c | 13 ++++++++++++- src/modules/module_11700.c | 2 +- src/modules/module_11800.c | 2 +- src/modules/module_13100.c | 2 +- src/modules/module_14400.c | 5 +---- src/modules/module_18200.c | 2 +- 6 files changed, 17 insertions(+), 9 deletions(-) diff --git a/src/modules/module_06100.c b/src/modules/module_06100.c index dd1c9f75d..2daba037c 100644 --- a/src/modules/module_06100.c +++ b/src/modules/module_06100.c @@ -41,6 +41,17 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -242,6 +253,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_11700.c b/src/modules/module_11700.c index 760f7396f..b7a5cb3cd 100644 --- a/src/modules/module_11700.c +++ b/src/modules/module_11700.c @@ -43,7 +43,7 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: CL_OUT_OF_RESOURCES + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 0) diff --git a/src/modules/module_11800.c b/src/modules/module_11800.c index 834a9824d..485cc066b 100644 --- a/src/modules/module_11800.c +++ b/src/modules/module_11800.c @@ -43,7 +43,7 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: CL_OUT_OF_RESOURCES + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 0) diff --git a/src/modules/module_13100.c b/src/modules/module_13100.c index d425ad799..2f6b98b45 100644 --- a/src/modules/module_13100.c +++ b/src/modules/module_13100.c @@ -75,7 +75,7 @@ u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYB bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: CL_OUT_OF_RESOURCES + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 0) diff --git a/src/modules/module_14400.c b/src/modules/module_14400.c index a68ea80d3..4a290039e 100644 --- a/src/modules/module_14400.c +++ b/src/modules/module_14400.c @@ -61,10 +61,7 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE // amdgpu-pro-19.30-934563-ubuntu-18.04: Segmentation fault if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { - if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 1) - { - return true; - } + return true; } return false; diff --git a/src/modules/module_18200.c b/src/modules/module_18200.c index c6df66777..37414779a 100644 --- a/src/modules/module_18200.c +++ b/src/modules/module_18200.c @@ -77,7 +77,7 @@ u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYB bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - // amdgpu-pro-18.50-708488-ubuntu-18.04: CL_OUT_OF_RESOURCES + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 0) From cef13008dc0d23530d9aad7e475952d4c99d7d2e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 14 Jan 2020 09:57:07 +0100 Subject: [PATCH 150/300] Fix some bugs in -m 10800, -m 15400 and -m 18700 in --backend-vector-width mode > 1 --- OpenCL/inc_hash_sha384.cl | 4 ++-- OpenCL/m15400_a0-optimized.cl | 34 ++++++++++++++++++++++++++++++++-- OpenCL/m15400_a1-optimized.cl | 34 ++++++++++++++++++++++++++++++++-- OpenCL/m15400_a3-optimized.cl | 34 ++++++++++++++++++++++++++++++++-- OpenCL/m18700_a1-optimized.cl | 2 +- 5 files changed, 99 insertions(+), 9 deletions(-) diff --git a/OpenCL/inc_hash_sha384.cl b/OpenCL/inc_hash_sha384.cl index c145210d5..d63a5ab2b 100644 --- a/OpenCL/inc_hash_sha384.cl +++ b/OpenCL/inc_hash_sha384.cl @@ -219,7 +219,7 @@ DECLSPEC void sha384_update_128 (sha384_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u if (len == 128) { - sha384_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->w4, ctx->w5, ctx->w6, ctx->w7, ctx->h); + sha384_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->w4, ctx->w5, ctx->w6, ctx->w7, ctx->h); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -2089,7 +2089,7 @@ DECLSPEC void sha384_update_vector_128 (sha384_ctx_vector_t *ctx, u32x *w0, u32x if (len == 128) { - sha384_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->w4, ctx->w5, ctx->w6, ctx->w7, ctx->h); + sha384_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->w4, ctx->w5, ctx->w6, ctx->w7, ctx->h); ctx->w0[0] = 0; ctx->w0[1] = 0; diff --git a/OpenCL/m15400_a0-optimized.cl b/OpenCL/m15400_a0-optimized.cl index 294e086e0..c87d53ba2 100644 --- a/OpenCL/m15400_a0-optimized.cl +++ b/OpenCL/m15400_a0-optimized.cl @@ -128,9 +128,39 @@ DECLSPEC void chacha20_transform (const u32x *w0, const u32x *w1, const u32 *pos * Generate a second 64 byte keystream */ - ctx[12]++; + ctx[12] += 1; - if (all(ctx[12] == 0)) ctx[13]++; + #if VECT_SIZE == 1 + if (ctx[12] == 0) ctx[13] += 1; + #endif + + #if VECT_SIZE >= 2 + if (ctx[12].s0 == 0) ctx[13].s0 += 1; + if (ctx[12].s1 == 0) ctx[13].s1 += 1; + #endif + + #if VECT_SIZE >= 4 + if (ctx[12].s2 == 0) ctx[13].s2 += 1; + if (ctx[12].s3 == 0) ctx[13].s3 += 1; + #endif + + #if VECT_SIZE >= 8 + if (ctx[12].s4 == 0) ctx[13].s4 += 1; + if (ctx[12].s5 == 0) ctx[13].s5 += 1; + if (ctx[12].s6 == 0) ctx[13].s6 += 1; + if (ctx[12].s7 == 0) ctx[13].s7 += 1; + #endif + + #if VECT_SIZE >= 16 + if (ctx[12].s8 == 0) ctx[13].s8 += 1; + if (ctx[12].s9 == 0) ctx[13].s9 += 1; + if (ctx[12].sa == 0) ctx[13].sa += 1; + if (ctx[12].sb == 0) ctx[13].sb += 1; + if (ctx[12].sc == 0) ctx[13].sc += 1; + if (ctx[12].sd == 0) ctx[13].sd += 1; + if (ctx[12].se == 0) ctx[13].se += 1; + if (ctx[12].sf == 0) ctx[13].sf += 1; + #endif x[16] = ctx[ 0]; x[17] = ctx[ 1]; diff --git a/OpenCL/m15400_a1-optimized.cl b/OpenCL/m15400_a1-optimized.cl index 94de59707..7b1ab79c9 100644 --- a/OpenCL/m15400_a1-optimized.cl +++ b/OpenCL/m15400_a1-optimized.cl @@ -126,9 +126,39 @@ DECLSPEC void chacha20_transform (const u32x *w0, const u32x *w1, const u32 *pos * Generate a second 64 byte keystream */ - ctx[12]++; + ctx[12] += 1; - if (all(ctx[12] == 0)) ctx[13]++; + #if VECT_SIZE == 1 + if (ctx[12] == 0) ctx[13] += 1; + #endif + + #if VECT_SIZE >= 2 + if (ctx[12].s0 == 0) ctx[13].s0 += 1; + if (ctx[12].s1 == 0) ctx[13].s1 += 1; + #endif + + #if VECT_SIZE >= 4 + if (ctx[12].s2 == 0) ctx[13].s2 += 1; + if (ctx[12].s3 == 0) ctx[13].s3 += 1; + #endif + + #if VECT_SIZE >= 8 + if (ctx[12].s4 == 0) ctx[13].s4 += 1; + if (ctx[12].s5 == 0) ctx[13].s5 += 1; + if (ctx[12].s6 == 0) ctx[13].s6 += 1; + if (ctx[12].s7 == 0) ctx[13].s7 += 1; + #endif + + #if VECT_SIZE >= 16 + if (ctx[12].s8 == 0) ctx[13].s8 += 1; + if (ctx[12].s9 == 0) ctx[13].s9 += 1; + if (ctx[12].sa == 0) ctx[13].sa += 1; + if (ctx[12].sb == 0) ctx[13].sb += 1; + if (ctx[12].sc == 0) ctx[13].sc += 1; + if (ctx[12].sd == 0) ctx[13].sd += 1; + if (ctx[12].se == 0) ctx[13].se += 1; + if (ctx[12].sf == 0) ctx[13].sf += 1; + #endif x[16] = ctx[ 0]; x[17] = ctx[ 1]; diff --git a/OpenCL/m15400_a3-optimized.cl b/OpenCL/m15400_a3-optimized.cl index 7f0782b71..5923316f1 100644 --- a/OpenCL/m15400_a3-optimized.cl +++ b/OpenCL/m15400_a3-optimized.cl @@ -126,9 +126,39 @@ DECLSPEC void chacha20_transform (const u32x *w0, const u32x *w1, const u32 *pos * Generate a second 64 byte keystream */ - ctx[12]++; + ctx[12] += 1; - if (all(ctx[12] == 0)) ctx[13]++; + #if VECT_SIZE == 1 + if (ctx[12] == 0) ctx[13] += 1; + #endif + + #if VECT_SIZE >= 2 + if (ctx[12].s0 == 0) ctx[13].s0 += 1; + if (ctx[12].s1 == 0) ctx[13].s1 += 1; + #endif + + #if VECT_SIZE >= 4 + if (ctx[12].s2 == 0) ctx[13].s2 += 1; + if (ctx[12].s3 == 0) ctx[13].s3 += 1; + #endif + + #if VECT_SIZE >= 8 + if (ctx[12].s4 == 0) ctx[13].s4 += 1; + if (ctx[12].s5 == 0) ctx[13].s5 += 1; + if (ctx[12].s6 == 0) ctx[13].s6 += 1; + if (ctx[12].s7 == 0) ctx[13].s7 += 1; + #endif + + #if VECT_SIZE >= 16 + if (ctx[12].s8 == 0) ctx[13].s8 += 1; + if (ctx[12].s9 == 0) ctx[13].s9 += 1; + if (ctx[12].sa == 0) ctx[13].sa += 1; + if (ctx[12].sb == 0) ctx[13].sb += 1; + if (ctx[12].sc == 0) ctx[13].sc += 1; + if (ctx[12].sd == 0) ctx[13].sd += 1; + if (ctx[12].se == 0) ctx[13].se += 1; + if (ctx[12].sf == 0) ctx[13].sf += 1; + #endif x[16] = ctx[ 0]; x[17] = ctx[ 1]; diff --git a/OpenCL/m18700_a1-optimized.cl b/OpenCL/m18700_a1-optimized.cl index 18ea7ffbd..584cdcd54 100644 --- a/OpenCL/m18700_a1-optimized.cl +++ b/OpenCL/m18700_a1-optimized.cl @@ -15,7 +15,7 @@ #include "inc_hash_md5.cl" #endif -DECLSPEC u32 hashCode_g (const u32 init, GLOBAL_AS u32 *w, const u32 pw_len) +DECLSPEC u32 hashCode_g (const u32 init, GLOBAL_AS const u32 *w, const u32 pw_len) { u32 hash = init; From 7672c49f7ed6cc0eccc40593293efc8ec04e0cd2 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 14 Jan 2020 13:17:45 +0100 Subject: [PATCH 151/300] gcc: disable picky gcc-8 function pointer warnings --- include/common.h | 11 +++++++++++ src/Makefile | 1 - 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/include/common.h b/include/common.h index d4b54936d..3838cd3cb 100644 --- a/include/common.h +++ b/include/common.h @@ -95,6 +95,17 @@ but this is nededed for VS compiler which doesn't have inline keyword but has __ #define STAT_NANOSECONDS_ACCESS_TIME st_atimespec.tv_nsec #endif +/** + * Disable this picky gcc-8 compiler warning + * We're in good company: + * https://github.com/curl/curl/blob/fc3743c31bb3c84e31a2eff99e958337571eb5f0/lib/md5.c#L487-L490 + * https://github.com/kivadiu/thread/blob/ee607c86d4acd1d7733304526eb25d742b533071/src/win32/thread_primitives.cpp#L105-L113 + */ + +#if defined (__GNUC__) && (__GNUC__ >= 8) +#pragma GCC diagnostic ignored "-Wcast-function-type" +#endif + // config section // do not try to simply change this, it will not work diff --git a/src/Makefile b/src/Makefile index a922a2362..ea4eea152 100644 --- a/src/Makefile +++ b/src/Makefile @@ -169,7 +169,6 @@ ifeq ($(PRODUCTION),0) CFLAGS += -W CFLAGS += -Wall CFLAGS += -Wextra -CFLAGS += -Wno-cast-function-type endif ## because LZMA SDK From 9824e6e91b360ff1010951ed39dfc5a8937c7d4e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 14 Jan 2020 13:29:02 +0100 Subject: [PATCH 152/300] Update unstable warnings for Intel GPU on macOSX 10.15 --- OpenCL/m22100-pure.cl | 2 +- src/filehandling.c | 2 +- src/modules/module_06231.c | 16 +++++++++++++++- src/modules/module_06232.c | 16 +++++++++++++++- src/modules/module_06233.c | 16 +++++++++++++++- src/modules/module_07500.c | 9 +++++++++ src/modules/module_08000.c | 16 +++++++++++++++- src/modules/module_12500.c | 9 +++++++++ src/modules/module_13100.c | 9 +++++++++ src/modules/module_13731.c | 16 +++++++++++++++- src/modules/module_13732.c | 16 +++++++++++++++- src/modules/module_13733.c | 16 +++++++++++++++- src/modules/module_15700.c | 11 ++++++++++- src/modules/module_18200.c | 9 +++++++++ src/modules/module_21700.c | 16 +++++++++++++++- src/modules/module_21800.c | 9 +++++++++ 16 files changed, 177 insertions(+), 11 deletions(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index 9af1d0b92..af98a712a 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -42,7 +42,7 @@ typedef struct bitlocker_tmp #define SHM_TYPE2 GLOBAL_AS const #endif -DECLSPEC void sha256_transform_vector_pc (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE2 u32 s_wb_ke_pc[48]) +DECLSPEC void sha256_transform_vector_pc (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE2 u32 *s_wb_ke_pc) { u32x a = digest[0]; u32x b = digest[1]; diff --git a/src/filehandling.c b/src/filehandling.c index 0ed5fd1ab..421d09d5a 100644 --- a/src/filehandling.c +++ b/src/filehandling.c @@ -482,7 +482,7 @@ size_t fgetl (HCFILE *fp, char *line_buf, const size_t line_sz) if (line_truncated > 0) { - fprintf (stderr, "\nOversized line detected! Truncated %" PRIu64 " bytes\n", line_truncated); + fprintf (stderr, "\nOversized line detected! Truncated %" PRIu64 " bytes\n", (u64) line_truncated); } if (line_len == 0) return 0; diff --git a/src/modules/module_06231.c b/src/modules/module_06231.c index e01fd7300..5586ad2cb 100644 --- a/src/modules/module_06231.c +++ b/src/modules/module_06231.c @@ -70,6 +70,20 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_1K = 1000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -304,6 +318,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_06232.c b/src/modules/module_06232.c index b8a404670..75c51d4ed 100644 --- a/src/modules/module_06232.c +++ b/src/modules/module_06232.c @@ -70,6 +70,20 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_1K = 1000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -304,6 +318,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_06233.c b/src/modules/module_06233.c index 499f0714a..25217984b 100644 --- a/src/modules/module_06233.c +++ b/src/modules/module_06233.c @@ -70,6 +70,20 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_1K = 1000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -304,6 +318,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_07500.c b/src/modules/module_07500.c index cae72985d..468380134 100644 --- a/src/modules/module_07500.c +++ b/src/modules/module_07500.c @@ -78,6 +78,15 @@ u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYB bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + // amdgpu-pro-18.50-708488-ubuntu-18.04: Segmentation fault if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { diff --git a/src/modules/module_08000.c b/src/modules/module_08000.c index b32d0da9f..7d420fc90 100644 --- a/src/modules/module_08000.c +++ b/src/modules/module_08000.c @@ -56,6 +56,20 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -223,6 +237,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_12500.c b/src/modules/module_12500.c index c95b57400..a1688eeac 100644 --- a/src/modules/module_12500.c +++ b/src/modules/module_12500.c @@ -93,6 +93,15 @@ const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // Kernel minimum runtime larger than default TDR + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + // amdgpu-pro-18.50-708488-ubuntu-18.04: self-test failed if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { diff --git a/src/modules/module_13100.c b/src/modules/module_13100.c index 2f6b98b45..1203e34aa 100644 --- a/src/modules/module_13100.c +++ b/src/modules/module_13100.c @@ -75,6 +75,15 @@ u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYB bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { diff --git a/src/modules/module_13731.c b/src/modules/module_13731.c index 3afff8644..850af5c39 100644 --- a/src/modules/module_13731.c +++ b/src/modules/module_13731.c @@ -77,6 +77,20 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -348,6 +362,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13732.c b/src/modules/module_13732.c index 965776e9e..4cbfd30a5 100644 --- a/src/modules/module_13732.c +++ b/src/modules/module_13732.c @@ -77,6 +77,20 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -348,6 +362,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13733.c b/src/modules/module_13733.c index 3a7d0bbbb..442343804 100644 --- a/src/modules/module_13733.c +++ b/src/modules/module_13733.c @@ -77,6 +77,20 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -348,6 +362,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_15700.c b/src/modules/module_15700.c index 2b814cc05..ac04271df 100644 --- a/src/modules/module_15700.c +++ b/src/modules/module_15700.c @@ -247,6 +247,15 @@ u64 module_extra_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UN bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // Invalid extra buffer size. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + // amdgpu-pro-18.50-708488-ubuntu-18.04: Segmentation fault if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { @@ -519,6 +528,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_18200.c b/src/modules/module_18200.c index 37414779a..576f8c642 100644 --- a/src/modules/module_18200.c +++ b/src/modules/module_18200.c @@ -77,6 +77,15 @@ u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYB bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { diff --git a/src/modules/module_21700.c b/src/modules/module_21700.c index 49155aabe..612915934 100644 --- a/src/modules/module_21700.c +++ b/src/modules/module_21700.c @@ -86,6 +86,20 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -324,6 +338,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_21800.c b/src/modules/module_21800.c index 3b0eb3ba1..be304d205 100644 --- a/src/modules/module_21800.c +++ b/src/modules/module_21800.c @@ -96,6 +96,15 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + // hangs somewhere in zlib inflate if (device_param->opencl_platform_vendor_id == VENDOR_ID_AMD) { From 53105abeb47a6c325dee6714b1503cd68bd0c9c8 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 14 Jan 2020 17:15:34 +0100 Subject: [PATCH 153/300] Added hash-mode: Citrix NetScaler (SHA512) --- OpenCL/m22200_a0-optimized.cl | 382 ++++++++++++++++++ OpenCL/m22200_a0-pure.cl | 133 ++++++ OpenCL/m22200_a1-optimized.cl | 511 +++++++++++++++++++++++ OpenCL/m22200_a1-pure.cl | 124 ++++++ OpenCL/m22200_a3-optimized.cl | 735 ++++++++++++++++++++++++++++++++++ OpenCL/m22200_a3-pure.cl | 157 ++++++++ docs/changes.txt | 1 + docs/readme.txt | 3 +- src/modules/module_08100.c | 2 +- src/modules/module_22200.c | 261 ++++++++++++ tools/test_modules/m22200.pm | 51 +++ 11 files changed, 2358 insertions(+), 2 deletions(-) create mode 100644 OpenCL/m22200_a0-optimized.cl create mode 100644 OpenCL/m22200_a0-pure.cl create mode 100644 OpenCL/m22200_a1-optimized.cl create mode 100644 OpenCL/m22200_a1-pure.cl create mode 100644 OpenCL/m22200_a3-optimized.cl create mode 100644 OpenCL/m22200_a3-pure.cl create mode 100644 src/modules/module_22200.c create mode 100644 tools/test_modules/m22200.pm diff --git a/OpenCL/m22200_a0-optimized.cl b/OpenCL/m22200_a0-optimized.cl new file mode 100644 index 000000000..8c0e51b03 --- /dev/null +++ b/OpenCL/m22200_a0-optimized.cl @@ -0,0 +1,382 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_rp_optimized.h" +#include "inc_rp_optimized.cl" +#include "inc_simd.cl" +#include "inc_hash_sha512.cl" +#endif + +DECLSPEC void sha512_transform_intern (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u64x *digest) +{ + u64x w0_t = hl32_to_64 (w0[0], w0[1]); + u64x w1_t = hl32_to_64 (w0[2], w0[3]); + u64x w2_t = hl32_to_64 (w1[0], w1[1]); + u64x w3_t = hl32_to_64 (w1[2], w1[3]); + u64x w4_t = hl32_to_64 (w2[0], w2[1]); + u64x w5_t = hl32_to_64 (w2[2], w2[3]); + u64x w6_t = hl32_to_64 (w3[0], w3[1]); + u64x w7_t = 0; + u64x w8_t = 0; + u64x w9_t = 0; + u64x wa_t = 0; + u64x wb_t = 0; + u64x wc_t = 0; + u64x wd_t = 0; + u64x we_t = 0; + u64x wf_t = hl32_to_64 (w3[2], w3[3]); + + u64x a = digest[0]; + u64x b = digest[1]; + u64x c = digest[2]; + u64x d = digest[3]; + u64x e = digest[4]; + u64x f = digest[5]; + u64x g = digest[6]; + u64x h = digest[7]; + + #define ROUND_EXPAND() \ + { \ + w0_t = SHA512_EXPAND (we_t, w9_t, w1_t, w0_t); \ + w1_t = SHA512_EXPAND (wf_t, wa_t, w2_t, w1_t); \ + w2_t = SHA512_EXPAND (w0_t, wb_t, w3_t, w2_t); \ + w3_t = SHA512_EXPAND (w1_t, wc_t, w4_t, w3_t); \ + w4_t = SHA512_EXPAND (w2_t, wd_t, w5_t, w4_t); \ + w5_t = SHA512_EXPAND (w3_t, we_t, w6_t, w5_t); \ + w6_t = SHA512_EXPAND (w4_t, wf_t, w7_t, w6_t); \ + w7_t = SHA512_EXPAND (w5_t, w0_t, w8_t, w7_t); \ + w8_t = SHA512_EXPAND (w6_t, w1_t, w9_t, w8_t); \ + w9_t = SHA512_EXPAND (w7_t, w2_t, wa_t, w9_t); \ + wa_t = SHA512_EXPAND (w8_t, w3_t, wb_t, wa_t); \ + wb_t = SHA512_EXPAND (w9_t, w4_t, wc_t, wb_t); \ + wc_t = SHA512_EXPAND (wa_t, w5_t, wd_t, wc_t); \ + wd_t = SHA512_EXPAND (wb_t, w6_t, we_t, wd_t); \ + we_t = SHA512_EXPAND (wc_t, w7_t, wf_t, we_t); \ + wf_t = SHA512_EXPAND (wd_t, w8_t, w0_t, wf_t); \ + } + + #define ROUND_STEP(i) \ + { \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha512[i + 0]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha512[i + 1]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha512[i + 2]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha512[i + 3]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha512[i + 4]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha512[i + 5]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha512[i + 6]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha512[i + 7]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha512[i + 8]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha512[i + 9]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha512[i + 10]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha512[i + 11]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha512[i + 12]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha512[i + 13]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, we_t, k_sha512[i + 14]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha512[i + 15]); \ + } + + ROUND_STEP (0); + + #ifdef IS_CUDA + ROUND_EXPAND (); ROUND_STEP (16); + ROUND_EXPAND (); ROUND_STEP (32); + ROUND_EXPAND (); ROUND_STEP (48); + ROUND_EXPAND (); ROUND_STEP (64); + #else + #ifdef _unroll + #pragma unroll + #endif + for (int i = 16; i < 80; i += 16) + { + ROUND_EXPAND (); ROUND_STEP (i); + } + #endif + + /* rev + digest[0] += a; + digest[1] += b; + digest[2] += c; + digest[3] += d; + digest[4] += e; + digest[5] += f; + digest[6] += g; + digest[7] += h; + */ + + digest[0] = a; + digest[1] = b; + digest[2] = c; + digest[3] = d; + digest[4] = e; + digest[5] = f; + digest[6] = g; + digest[7] = h; +} + +KERNEL_FQ void m22200_m04 (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf0[2]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + u32x w0[4] = { 0 }; + u32x w1[4] = { 0 }; + u32x w2[4] = { 0 }; + u32x w3[4] = { 0 }; + + const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + + append_0x80_4x4_VV (w0, w1, w2, w3, out_len + 1); + + w0[0] = hc_swap32 (w0[0]); + w0[1] = hc_swap32 (w0[1]); + w0[2] = hc_swap32 (w0[2]); + w0[3] = hc_swap32 (w0[3]); + w1[0] = hc_swap32 (w1[0]); + w1[1] = hc_swap32 (w1[1]); + w1[2] = hc_swap32 (w1[2]); + w1[3] = hc_swap32 (w1[3]); + w2[0] = hc_swap32 (w2[0]); + + /** + * prepend salt + */ + + const u32x out_salt_len = out_len + salt_len; + + u32x w0_t[4]; + u32x w1_t[4]; + u32x w2_t[4]; + u32x w3_t[4]; + + w0_t[0] = salt_buf0[0]; + w0_t[1] = salt_buf0[1]; + w0_t[2] = w0[0]; + w0_t[3] = w0[1]; + w1_t[0] = w0[2]; + w1_t[1] = w0[3]; + w1_t[2] = w1[0]; + w1_t[3] = w1[1]; + w2_t[0] = w1[2]; + w2_t[1] = w1[3]; + w2_t[2] = w2[0]; + w2_t[3] = 0; + w3_t[0] = 0; + w3_t[1] = 0; + w3_t[2] = 0; + w3_t[3] = (out_salt_len + 1) * 8; + u64x digest[8]; + + digest[0] = SHA512M_A; + digest[1] = SHA512M_B; + digest[2] = SHA512M_C; + digest[3] = SHA512M_D; + digest[4] = SHA512M_E; + digest[5] = SHA512M_F; + digest[6] = SHA512M_G; + digest[7] = SHA512M_H; + + sha512_transform_intern (w0_t, w1_t, w2_t, w3_t, digest); + + const u32x r0 = l32_from_64 (digest[7]); + const u32x r1 = h32_from_64 (digest[7]); + const u32x r2 = l32_from_64 (digest[3]); + const u32x r3 = h32_from_64 (digest[3]); + + COMPARE_M_SIMD (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m22200_m08 (KERN_ATTR_RULES ()) +{ +} + +KERNEL_FQ void m22200_m16 (KERN_ATTR_RULES ()) +{ +} + +KERNEL_FQ void m22200_s04 (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf0[2]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + u32x w0[4] = { 0 }; + u32x w1[4] = { 0 }; + u32x w2[4] = { 0 }; + u32x w3[4] = { 0 }; + + const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + + append_0x80_4x4_VV (w0, w1, w2, w3, out_len + 1); + + w0[0] = hc_swap32 (w0[0]); + w0[1] = hc_swap32 (w0[1]); + w0[2] = hc_swap32 (w0[2]); + w0[3] = hc_swap32 (w0[3]); + w1[0] = hc_swap32 (w1[0]); + w1[1] = hc_swap32 (w1[1]); + w1[2] = hc_swap32 (w1[2]); + w1[3] = hc_swap32 (w1[3]); + w2[0] = hc_swap32 (w2[0]); + + /** + * prepend salt + */ + + const u32x out_salt_len = out_len + salt_len; + + u32x w0_t[4]; + u32x w1_t[4]; + u32x w2_t[4]; + u32x w3_t[4]; + + w0_t[0] = salt_buf0[0]; + w0_t[1] = salt_buf0[1]; + w0_t[2] = w0[0]; + w0_t[3] = w0[1]; + w1_t[0] = w0[2]; + w1_t[1] = w0[3]; + w1_t[2] = w1[0]; + w1_t[3] = w1[1]; + w2_t[0] = w1[2]; + w2_t[1] = w1[3]; + w2_t[2] = w2[0]; + w2_t[3] = 0; + w3_t[0] = 0; + w3_t[1] = 0; + w3_t[2] = 0; + w3_t[3] = (out_salt_len + 1) * 8; + + u64x digest[8]; + + digest[0] = SHA512M_A; + digest[1] = SHA512M_B; + digest[2] = SHA512M_C; + digest[3] = SHA512M_D; + digest[4] = SHA512M_E; + digest[5] = SHA512M_F; + digest[6] = SHA512M_G; + digest[7] = SHA512M_H; + + sha512_transform_intern (w0_t, w1_t, w2_t, w3_t, digest); + + const u32x r0 = l32_from_64 (digest[7]); + const u32x r1 = h32_from_64 (digest[7]); + const u32x r2 = l32_from_64 (digest[3]); + const u32x r3 = h32_from_64 (digest[3]); + + COMPARE_S_SIMD (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m22200_s08 (KERN_ATTR_RULES ()) +{ +} + +KERNEL_FQ void m22200_s16 (KERN_ATTR_RULES ()) +{ +} diff --git a/OpenCL/m22200_a0-pure.cl b/OpenCL/m22200_a0-pure.cl new file mode 100644 index 000000000..ce07ea73a --- /dev/null +++ b/OpenCL/m22200_a0-pure.cl @@ -0,0 +1,133 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_rp.h" +#include "inc_rp.cl" +#include "inc_scalar.cl" +#include "inc_hash_sha512.cl" +#endif + +KERNEL_FQ void m22200_mxx (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * base + */ + + u32 z[32] = { 0 }; + + COPY_PW (pws[gid]); + + sha512_ctx_t ctx0; + + sha512_init (&ctx0); + + sha512_update_global (&ctx0, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + pw_t tmp = PASTE_PW; + + tmp.pw_len = apply_rules (rules_buf[il_pos].cmds, tmp.i, tmp.pw_len); + + sha512_ctx_t ctx = ctx0; + + sha512_update_swap (&ctx, tmp.i, tmp.pw_len); + + sha512_update (&ctx, z, 1); + + sha512_final (&ctx); + + const u32 r0 = l32_from_64_S (ctx.h[7]); + const u32 r1 = h32_from_64_S (ctx.h[7]); + const u32 r2 = l32_from_64_S (ctx.h[3]); + const u32 r3 = h32_from_64_S (ctx.h[3]); + + COMPARE_M_SCALAR (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m22200_sxx (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * base + */ + + u32 z[32] = { 0 }; + + COPY_PW (pws[gid]); + + sha512_ctx_t ctx0; + + sha512_init (&ctx0); + + sha512_update_global (&ctx0, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + pw_t tmp = PASTE_PW; + + tmp.pw_len = apply_rules (rules_buf[il_pos].cmds, tmp.i, tmp.pw_len); + + sha512_ctx_t ctx = ctx0; + + sha512_update_swap (&ctx, tmp.i, tmp.pw_len); + + sha512_update (&ctx, z, 1); + + sha512_final (&ctx); + + const u32 r0 = l32_from_64_S (ctx.h[7]); + const u32 r1 = h32_from_64_S (ctx.h[7]); + const u32 r2 = l32_from_64_S (ctx.h[3]); + const u32 r3 = h32_from_64_S (ctx.h[3]); + + COMPARE_S_SCALAR (r0, r1, r2, r3); + } +} diff --git a/OpenCL/m22200_a1-optimized.cl b/OpenCL/m22200_a1-optimized.cl new file mode 100644 index 000000000..39ca46c20 --- /dev/null +++ b/OpenCL/m22200_a1-optimized.cl @@ -0,0 +1,511 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha512.cl" +#endif + +DECLSPEC void sha512_transform_intern (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u64x *digest) +{ + u64x w0_t = hl32_to_64 (w0[0], w0[1]); + u64x w1_t = hl32_to_64 (w0[2], w0[3]); + u64x w2_t = hl32_to_64 (w1[0], w1[1]); + u64x w3_t = hl32_to_64 (w1[2], w1[3]); + u64x w4_t = hl32_to_64 (w2[0], w2[1]); + u64x w5_t = hl32_to_64 (w2[2], w2[3]); + u64x w6_t = hl32_to_64 (w3[0], w3[1]); + u64x w7_t = 0; + u64x w8_t = 0; + u64x w9_t = 0; + u64x wa_t = 0; + u64x wb_t = 0; + u64x wc_t = 0; + u64x wd_t = 0; + u64x we_t = 0; + u64x wf_t = hl32_to_64 (w3[2], w3[3]); + + u64x a = digest[0]; + u64x b = digest[1]; + u64x c = digest[2]; + u64x d = digest[3]; + u64x e = digest[4]; + u64x f = digest[5]; + u64x g = digest[6]; + u64x h = digest[7]; + + #define ROUND_EXPAND() \ + { \ + w0_t = SHA512_EXPAND (we_t, w9_t, w1_t, w0_t); \ + w1_t = SHA512_EXPAND (wf_t, wa_t, w2_t, w1_t); \ + w2_t = SHA512_EXPAND (w0_t, wb_t, w3_t, w2_t); \ + w3_t = SHA512_EXPAND (w1_t, wc_t, w4_t, w3_t); \ + w4_t = SHA512_EXPAND (w2_t, wd_t, w5_t, w4_t); \ + w5_t = SHA512_EXPAND (w3_t, we_t, w6_t, w5_t); \ + w6_t = SHA512_EXPAND (w4_t, wf_t, w7_t, w6_t); \ + w7_t = SHA512_EXPAND (w5_t, w0_t, w8_t, w7_t); \ + w8_t = SHA512_EXPAND (w6_t, w1_t, w9_t, w8_t); \ + w9_t = SHA512_EXPAND (w7_t, w2_t, wa_t, w9_t); \ + wa_t = SHA512_EXPAND (w8_t, w3_t, wb_t, wa_t); \ + wb_t = SHA512_EXPAND (w9_t, w4_t, wc_t, wb_t); \ + wc_t = SHA512_EXPAND (wa_t, w5_t, wd_t, wc_t); \ + wd_t = SHA512_EXPAND (wb_t, w6_t, we_t, wd_t); \ + we_t = SHA512_EXPAND (wc_t, w7_t, wf_t, we_t); \ + wf_t = SHA512_EXPAND (wd_t, w8_t, w0_t, wf_t); \ + } + + #define ROUND_STEP(i) \ + { \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha512[i + 0]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha512[i + 1]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha512[i + 2]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha512[i + 3]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha512[i + 4]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha512[i + 5]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha512[i + 6]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha512[i + 7]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha512[i + 8]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha512[i + 9]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha512[i + 10]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha512[i + 11]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha512[i + 12]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha512[i + 13]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, we_t, k_sha512[i + 14]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha512[i + 15]); \ + } + + ROUND_STEP (0); + + #ifdef IS_CUDA + ROUND_EXPAND (); ROUND_STEP (16); + ROUND_EXPAND (); ROUND_STEP (32); + ROUND_EXPAND (); ROUND_STEP (48); + ROUND_EXPAND (); ROUND_STEP (64); + #else + #ifdef _unroll + #pragma unroll + #endif + for (int i = 16; i < 80; i += 16) + { + ROUND_EXPAND (); ROUND_STEP (i); + } + #endif + + /* rev + digest[0] += a; + digest[1] += b; + digest[2] += c; + digest[3] += d; + digest[4] += e; + digest[5] += f; + digest[6] += g; + digest[7] += h; + */ + + digest[0] = a; + digest[1] = b; + digest[2] = c; + digest[3] = d; + digest[4] = e; + digest[5] = f; + digest[6] = g; + digest[7] = h; +} + +KERNEL_FQ void m22200_m04 (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_l_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf0[2]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos) & 63; + + const u32x pw_len = (pw_l_len + pw_r_len) & 63; + + /** + * concat password candidate + */ + + u32x wordl0[4] = { 0 }; + u32x wordl1[4] = { 0 }; + u32x wordl2[4] = { 0 }; + u32x wordl3[4] = { 0 }; + + wordl0[0] = pw_buf0[0]; + wordl0[1] = pw_buf0[1]; + wordl0[2] = pw_buf0[2]; + wordl0[3] = pw_buf0[3]; + wordl1[0] = pw_buf1[0]; + wordl1[1] = pw_buf1[1]; + wordl1[2] = pw_buf1[2]; + wordl1[3] = pw_buf1[3]; + + u32x wordr0[4] = { 0 }; + u32x wordr1[4] = { 0 }; + u32x wordr2[4] = { 0 }; + u32x wordr3[4] = { 0 }; + + wordr0[0] = ix_create_combt (combs_buf, il_pos, 0); + wordr0[1] = ix_create_combt (combs_buf, il_pos, 1); + wordr0[2] = ix_create_combt (combs_buf, il_pos, 2); + wordr0[3] = ix_create_combt (combs_buf, il_pos, 3); + wordr1[0] = ix_create_combt (combs_buf, il_pos, 4); + wordr1[1] = ix_create_combt (combs_buf, il_pos, 5); + wordr1[2] = ix_create_combt (combs_buf, il_pos, 6); + wordr1[3] = ix_create_combt (combs_buf, il_pos, 7); + + if (combs_mode == COMBINATOR_MODE_BASE_LEFT) + { + switch_buffer_by_offset_le_VV (wordr0, wordr1, wordr2, wordr3, pw_l_len); + } + else + { + switch_buffer_by_offset_le_VV (wordl0, wordl1, wordl2, wordl3, pw_r_len); + } + + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = wordl0[0] | wordr0[0]; + w0[1] = wordl0[1] | wordr0[1]; + w0[2] = wordl0[2] | wordr0[2]; + w0[3] = wordl0[3] | wordr0[3]; + w1[0] = wordl1[0] | wordr1[0]; + w1[1] = wordl1[1] | wordr1[1]; + w1[2] = wordl1[2] | wordr1[2]; + w1[3] = wordl1[3] | wordr1[3]; + w2[0] = wordl2[0] | wordr2[0]; + w2[1] = wordl2[1] | wordr2[1]; + w2[2] = wordl2[2] | wordr2[2]; + w2[3] = wordl2[3] | wordr2[3]; + + append_0x80_4x4_VV (w0, w1, w2, w3, pw_len + 1); + + w0[0] = hc_swap32 (w0[0]); + w0[1] = hc_swap32 (w0[1]); + w0[2] = hc_swap32 (w0[2]); + w0[3] = hc_swap32 (w0[3]); + w1[0] = hc_swap32 (w1[0]); + w1[1] = hc_swap32 (w1[1]); + w1[2] = hc_swap32 (w1[2]); + w1[3] = hc_swap32 (w1[3]); + w2[0] = hc_swap32 (w2[0]); + w2[1] = hc_swap32 (w2[1]); + w2[2] = hc_swap32 (w2[2]); + w2[3] = hc_swap32 (w2[3]); + + /** + * prepend salt + */ + + const u32x pw_salt_len = pw_len + salt_len; + + u32x w0_t[4]; + u32x w1_t[4]; + u32x w2_t[4]; + u32x w3_t[4]; + + w0_t[0] = salt_buf0[0]; + w0_t[1] = salt_buf0[1]; + w0_t[2] = w0[0]; + w0_t[3] = w0[1]; + w1_t[0] = w0[2]; + w1_t[1] = w0[3]; + w1_t[2] = w1[0]; + w1_t[3] = w1[1]; + w2_t[0] = w1[2]; + w2_t[1] = w1[3]; + w2_t[2] = w2[0]; + w2_t[3] = w2[1]; + w3_t[0] = w2[2]; + w3_t[1] = w2[3]; + w3_t[2] = 0; + w3_t[3] = (pw_salt_len + 1) * 8; + + u64x digest[8]; + + digest[0] = SHA512M_A; + digest[1] = SHA512M_B; + digest[2] = SHA512M_C; + digest[3] = SHA512M_D; + digest[4] = SHA512M_E; + digest[5] = SHA512M_F; + digest[6] = SHA512M_G; + digest[7] = SHA512M_H; + + sha512_transform_intern (w0_t, w1_t, w2_t, w3_t, digest); + + const u32x r0 = l32_from_64 (digest[7]); + const u32x r1 = h32_from_64 (digest[7]); + const u32x r2 = l32_from_64 (digest[3]); + const u32x r3 = h32_from_64 (digest[3]); + + COMPARE_M_SIMD (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m22200_m08 (KERN_ATTR_BASIC ()) +{ +} + +KERNEL_FQ void m22200_m16 (KERN_ATTR_BASIC ()) +{ +} + +KERNEL_FQ void m22200_s04 (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_l_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf0[2]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos) & 63; + + const u32x pw_len = (pw_l_len + pw_r_len) & 63; + + /** + * concat password candidate + */ + + u32x wordl0[4] = { 0 }; + u32x wordl1[4] = { 0 }; + u32x wordl2[4] = { 0 }; + u32x wordl3[4] = { 0 }; + + wordl0[0] = pw_buf0[0]; + wordl0[1] = pw_buf0[1]; + wordl0[2] = pw_buf0[2]; + wordl0[3] = pw_buf0[3]; + wordl1[0] = pw_buf1[0]; + wordl1[1] = pw_buf1[1]; + wordl1[2] = pw_buf1[2]; + wordl1[3] = pw_buf1[3]; + + u32x wordr0[4] = { 0 }; + u32x wordr1[4] = { 0 }; + u32x wordr2[4] = { 0 }; + u32x wordr3[4] = { 0 }; + + wordr0[0] = ix_create_combt (combs_buf, il_pos, 0); + wordr0[1] = ix_create_combt (combs_buf, il_pos, 1); + wordr0[2] = ix_create_combt (combs_buf, il_pos, 2); + wordr0[3] = ix_create_combt (combs_buf, il_pos, 3); + wordr1[0] = ix_create_combt (combs_buf, il_pos, 4); + wordr1[1] = ix_create_combt (combs_buf, il_pos, 5); + wordr1[2] = ix_create_combt (combs_buf, il_pos, 6); + wordr1[3] = ix_create_combt (combs_buf, il_pos, 7); + + if (combs_mode == COMBINATOR_MODE_BASE_LEFT) + { + switch_buffer_by_offset_le_VV (wordr0, wordr1, wordr2, wordr3, pw_l_len); + } + else + { + switch_buffer_by_offset_le_VV (wordl0, wordl1, wordl2, wordl3, pw_r_len); + } + + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = wordl0[0] | wordr0[0]; + w0[1] = wordl0[1] | wordr0[1]; + w0[2] = wordl0[2] | wordr0[2]; + w0[3] = wordl0[3] | wordr0[3]; + w1[0] = wordl1[0] | wordr1[0]; + w1[1] = wordl1[1] | wordr1[1]; + w1[2] = wordl1[2] | wordr1[2]; + w1[3] = wordl1[3] | wordr1[3]; + w2[0] = wordl2[0] | wordr2[0]; + w2[1] = wordl2[1] | wordr2[1]; + w2[2] = wordl2[2] | wordr2[2]; + w2[3] = wordl2[3] | wordr2[3]; + + append_0x80_4x4_VV (w0, w1, w2, w3, pw_len + 1); + + w0[0] = hc_swap32 (w0[0]); + w0[1] = hc_swap32 (w0[1]); + w0[2] = hc_swap32 (w0[2]); + w0[3] = hc_swap32 (w0[3]); + w1[0] = hc_swap32 (w1[0]); + w1[1] = hc_swap32 (w1[1]); + w1[2] = hc_swap32 (w1[2]); + w1[3] = hc_swap32 (w1[3]); + w2[0] = hc_swap32 (w2[0]); + w2[1] = hc_swap32 (w2[1]); + w2[2] = hc_swap32 (w2[2]); + w2[3] = hc_swap32 (w2[3]); + + /** + * prepend salt + */ + + const u32x pw_salt_len = pw_len + salt_len; + + u32x w0_t[4]; + u32x w1_t[4]; + u32x w2_t[4]; + u32x w3_t[4]; + + w0_t[0] = salt_buf0[0]; + w0_t[1] = salt_buf0[1]; + w0_t[2] = w0[0]; + w0_t[3] = w0[1]; + w1_t[0] = w0[2]; + w1_t[1] = w0[3]; + w1_t[2] = w1[0]; + w1_t[3] = w1[1]; + w2_t[0] = w1[2]; + w2_t[1] = w1[3]; + w2_t[2] = w2[0]; + w2_t[3] = w2[1]; + w3_t[0] = w2[2]; + w3_t[1] = w2[3]; + w3_t[2] = 0; + w3_t[3] = (pw_salt_len + 1) * 8; + + u64x digest[8]; + + digest[0] = SHA512M_A; + digest[1] = SHA512M_B; + digest[2] = SHA512M_C; + digest[3] = SHA512M_D; + digest[4] = SHA512M_E; + digest[5] = SHA512M_F; + digest[6] = SHA512M_G; + digest[7] = SHA512M_H; + + sha512_transform_intern (w0_t, w1_t, w2_t, w3_t, digest); + + const u32x r0 = l32_from_64 (digest[7]); + const u32x r1 = h32_from_64 (digest[7]); + const u32x r2 = l32_from_64 (digest[3]); + const u32x r3 = h32_from_64 (digest[3]); + + COMPARE_S_SIMD (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m22200_s08 (KERN_ATTR_BASIC ()) +{ +} + +KERNEL_FQ void m22200_s16 (KERN_ATTR_BASIC ()) +{ +} diff --git a/OpenCL/m22200_a1-pure.cl b/OpenCL/m22200_a1-pure.cl new file mode 100644 index 000000000..5ee5567af --- /dev/null +++ b/OpenCL/m22200_a1-pure.cl @@ -0,0 +1,124 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_scalar.cl" +#include "inc_hash_sha512.cl" +#endif + +KERNEL_FQ void m22200_mxx (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * base + */ + + u32 z[32] = { 0 }; + + sha512_ctx_t ctx0; + + sha512_init (&ctx0); + + sha512_update_global (&ctx0, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); + + sha512_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + sha512_ctx_t ctx = ctx0; + + sha512_update_global_swap (&ctx, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + + sha512_update (&ctx, z, 1); + + sha512_final (&ctx); + + const u32 r0 = l32_from_64_S (ctx.h[7]); + const u32 r1 = h32_from_64_S (ctx.h[7]); + const u32 r2 = l32_from_64_S (ctx.h[3]); + const u32 r3 = h32_from_64_S (ctx.h[3]); + + COMPARE_M_SCALAR (r0, r1, r2, r3); + } +} + + +KERNEL_FQ void m22200_sxx (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * base + */ + + u32 z[32] = { 0 }; + + sha512_ctx_t ctx0; + + sha512_init (&ctx0); + + sha512_update_global (&ctx0, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); + + sha512_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + sha512_ctx_t ctx = ctx0; + + sha512_update_global_swap (&ctx, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + + sha512_update (&ctx, z, 1); + + sha512_final (&ctx); + + const u32 r0 = l32_from_64_S (ctx.h[7]); + const u32 r1 = h32_from_64_S (ctx.h[7]); + const u32 r2 = l32_from_64_S (ctx.h[3]); + const u32 r3 = h32_from_64_S (ctx.h[3]); + + COMPARE_S_SCALAR (r0, r1, r2, r3); + } +} diff --git a/OpenCL/m22200_a3-optimized.cl b/OpenCL/m22200_a3-optimized.cl new file mode 100644 index 000000000..c04f8c8c4 --- /dev/null +++ b/OpenCL/m22200_a3-optimized.cl @@ -0,0 +1,735 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha512.cl" +#endif + +DECLSPEC void sha512_transform_intern (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u64x *digest) +{ + u64x w0_t = hl32_to_64 (w0[0], w0[1]); + u64x w1_t = hl32_to_64 (w0[2], w0[3]); + u64x w2_t = hl32_to_64 (w1[0], w1[1]); + u64x w3_t = hl32_to_64 (w1[2], w1[3]); + u64x w4_t = hl32_to_64 (w2[0], w2[1]); + u64x w5_t = hl32_to_64 (w2[2], w2[3]); + u64x w6_t = hl32_to_64 (w3[0], w3[1]); + u64x w7_t = 0; + u64x w8_t = 0; + u64x w9_t = 0; + u64x wa_t = 0; + u64x wb_t = 0; + u64x wc_t = 0; + u64x wd_t = 0; + u64x we_t = 0; + u64x wf_t = hl32_to_64 (w3[2], w3[3]); + + u64x a = digest[0]; + u64x b = digest[1]; + u64x c = digest[2]; + u64x d = digest[3]; + u64x e = digest[4]; + u64x f = digest[5]; + u64x g = digest[6]; + u64x h = digest[7]; + + #define ROUND_EXPAND() \ + { \ + w0_t = SHA512_EXPAND (we_t, w9_t, w1_t, w0_t); \ + w1_t = SHA512_EXPAND (wf_t, wa_t, w2_t, w1_t); \ + w2_t = SHA512_EXPAND (w0_t, wb_t, w3_t, w2_t); \ + w3_t = SHA512_EXPAND (w1_t, wc_t, w4_t, w3_t); \ + w4_t = SHA512_EXPAND (w2_t, wd_t, w5_t, w4_t); \ + w5_t = SHA512_EXPAND (w3_t, we_t, w6_t, w5_t); \ + w6_t = SHA512_EXPAND (w4_t, wf_t, w7_t, w6_t); \ + w7_t = SHA512_EXPAND (w5_t, w0_t, w8_t, w7_t); \ + w8_t = SHA512_EXPAND (w6_t, w1_t, w9_t, w8_t); \ + w9_t = SHA512_EXPAND (w7_t, w2_t, wa_t, w9_t); \ + wa_t = SHA512_EXPAND (w8_t, w3_t, wb_t, wa_t); \ + wb_t = SHA512_EXPAND (w9_t, w4_t, wc_t, wb_t); \ + wc_t = SHA512_EXPAND (wa_t, w5_t, wd_t, wc_t); \ + wd_t = SHA512_EXPAND (wb_t, w6_t, we_t, wd_t); \ + we_t = SHA512_EXPAND (wc_t, w7_t, wf_t, we_t); \ + wf_t = SHA512_EXPAND (wd_t, w8_t, w0_t, wf_t); \ + } + + #define ROUND_STEP(i) \ + { \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha512[i + 0]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha512[i + 1]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha512[i + 2]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha512[i + 3]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha512[i + 4]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha512[i + 5]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha512[i + 6]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha512[i + 7]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha512[i + 8]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha512[i + 9]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha512[i + 10]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha512[i + 11]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha512[i + 12]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha512[i + 13]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, we_t, k_sha512[i + 14]); \ + SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha512[i + 15]); \ + } + + ROUND_STEP (0); + + #ifdef IS_CUDA + ROUND_EXPAND (); ROUND_STEP (16); + ROUND_EXPAND (); ROUND_STEP (32); + ROUND_EXPAND (); ROUND_STEP (48); + ROUND_EXPAND (); ROUND_STEP (64); + #else + #ifdef _unroll + #pragma unroll + #endif + for (int i = 16; i < 80; i += 16) + { + ROUND_EXPAND (); ROUND_STEP (i); + } + #endif + + /* rev + digest[0] += a; + digest[1] += b; + digest[2] += c; + digest[3] += d; + digest[4] += e; + digest[5] += f; + digest[6] += g; + digest[7] += h; + */ + + digest[0] = a; + digest[1] = b; + digest[2] = c; + digest[3] = d; + digest[4] = e; + digest[5] = f; + digest[6] = g; + digest[7] = h; +} + +DECLSPEC void m22200m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + + /** + * salt + */ + + u32 salt_buf0[2]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + const u32 pw_salt_len = pw_len + salt_len; + + /** + * loop + */ + + const u32 w0l = w0[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = ix_create_bft (bfs_buf, il_pos); + + const u32x w0lr = w0l | w0r; + + u32x w0_t[4]; + u32x w1_t[4]; + u32x w2_t[4]; + u32x w3_t[4]; + + w0_t[0] = salt_buf0[0]; + w0_t[1] = salt_buf0[1]; + w0_t[2] = w0lr; + w0_t[3] = w0[1]; + w1_t[0] = w0[2]; + w1_t[1] = w0[3]; + w1_t[2] = w1[0]; + w1_t[3] = w1[1]; + w2_t[0] = w1[2]; + w2_t[1] = w1[3]; + w2_t[2] = w2[0]; + w2_t[3] = w2[1]; + w3_t[0] = w2[2]; + w3_t[1] = w2[3]; + w3_t[2] = 0; + w3_t[3] = (pw_salt_len + 1) * 8; + + u64x digest[8]; + + digest[0] = SHA512M_A; + digest[1] = SHA512M_B; + digest[2] = SHA512M_C; + digest[3] = SHA512M_D; + digest[4] = SHA512M_E; + digest[5] = SHA512M_F; + digest[6] = SHA512M_G; + digest[7] = SHA512M_H; + + sha512_transform_intern (w0_t, w1_t, w2_t, w3_t, digest); + + const u32x r0 = l32_from_64 (digest[7]); + const u32x r1 = h32_from_64 (digest[7]); + const u32x r2 = l32_from_64 (digest[3]); + const u32x r3 = h32_from_64 (digest[3]); + + COMPARE_M_SIMD (r0, r1, r2, r3); + } +} + +DECLSPEC void m22200s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + + /** + * salt + */ + + u32 salt_buf0[2]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + const u32 pw_salt_len = pw_len + salt_len; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * loop + */ + + const u32 w0l = w0[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = ix_create_bft (bfs_buf, il_pos); + + const u32x w0lr = w0l | w0r; + + u32x w0_t[4]; + u32x w1_t[4]; + u32x w2_t[4]; + u32x w3_t[4]; + + w0_t[0] = salt_buf0[0]; + w0_t[1] = salt_buf0[1]; + w0_t[2] = w0lr; + w0_t[3] = w0[1]; + w1_t[0] = w0[2]; + w1_t[1] = w0[3]; + w1_t[2] = w1[0]; + w1_t[3] = w1[1]; + w2_t[0] = w1[2]; + w2_t[1] = w1[3]; + w2_t[2] = w2[0]; + w2_t[3] = w2[1]; + w3_t[0] = w2[2]; + w3_t[1] = w2[3]; + w3_t[2] = 0; + w3_t[3] = (pw_salt_len + 1) * 8; + + u64x digest[8]; + + digest[0] = SHA512M_A; + digest[1] = SHA512M_B; + digest[2] = SHA512M_C; + digest[3] = SHA512M_D; + digest[4] = SHA512M_E; + digest[5] = SHA512M_F; + digest[6] = SHA512M_G; + digest[7] = SHA512M_H; + + sha512_transform_intern (w0_t, w1_t, w2_t, w3_t, digest); + + const u32x r0 = l32_from_64 (digest[7]); + const u32x r1 = h32_from_64 (digest[7]); + const u32x r2 = l32_from_64 (digest[3]); + const u32x r3 = h32_from_64 (digest[3]); + + COMPARE_S_SIMD (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m22200_m04 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + + u32 w2[4]; + + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + + u32 w3[4]; + + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * base + */ + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + + append_0x80_2x4_S (w0, w1, pw_len + 1); + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + + /** + * main + */ + + m22200m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22200_m08 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + u32 w2[4]; + + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + + u32 w3[4]; + + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * base + */ + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + + append_0x80_3x4_S (w0, w1, w2, pw_len + 1); + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + w2[0] = hc_swap32_S (w2[0]); + + /** + * main + */ + + m22200m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22200_m16 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + u32 w2[4]; + + w2[0] = pws[gid].i[ 8]; + w2[1] = pws[gid].i[ 9]; + w2[2] = pws[gid].i[10]; + w2[3] = pws[gid].i[11]; + + u32 w3[4]; + + w3[0] = pws[gid].i[12]; + w3[1] = pws[gid].i[13]; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * base + */ + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + w2[0] = hc_swap32_S (w2[0]); + w2[1] = hc_swap32_S (w2[1]); + w2[2] = hc_swap32_S (w2[2]); + w2[3] = hc_swap32_S (w2[3]); + w3[0] = hc_swap32_S (w3[0]); + w3[1] = hc_swap32_S (w3[1]); + w3[2] = 0; + w3[3] = 0; + + append_0x80_4x4_S (w0, w1, w2, w3, pw_len + 1); + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + w2[0] = hc_swap32_S (w2[0]); + w2[1] = hc_swap32_S (w2[1]); + w2[2] = hc_swap32_S (w2[2]); + w2[3] = hc_swap32_S (w2[3]); + w3[0] = hc_swap32_S (w3[0]); + w3[1] = hc_swap32_S (w3[1]); + w3[2] = 0; + w3[3] = 0; + + /** + * main + */ + + m22200m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22200_s04 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + + u32 w2[4]; + + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + + u32 w3[4]; + + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * base + */ + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + + append_0x80_2x4_S (w0, w1, pw_len + 1); + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + + /** + * main + */ + + m22200s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22200_s08 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + u32 w2[4]; + + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + + u32 w3[4]; + + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * base + */ + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + + append_0x80_3x4_S (w0, w1, w2, pw_len + 1); + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + w2[0] = hc_swap32_S (w2[0]); + + /** + * main + */ + + m22200s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22200_s16 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + u32 w2[4]; + + w2[0] = pws[gid].i[ 8]; + w2[1] = pws[gid].i[ 9]; + w2[2] = pws[gid].i[10]; + w2[3] = pws[gid].i[11]; + + u32 w3[4]; + + w3[0] = pws[gid].i[12]; + w3[1] = pws[gid].i[13]; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * base + */ + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + w2[0] = hc_swap32_S (w2[0]); + w2[1] = hc_swap32_S (w2[1]); + w2[2] = hc_swap32_S (w2[2]); + w2[3] = hc_swap32_S (w2[3]); + w3[0] = hc_swap32_S (w3[0]); + w3[1] = hc_swap32_S (w3[1]); + w3[2] = 0; + w3[3] = 0; + + append_0x80_4x4_S (w0, w1, w2, w3, pw_len + 1); + + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + w2[0] = hc_swap32_S (w2[0]); + w2[1] = hc_swap32_S (w2[1]); + w2[2] = hc_swap32_S (w2[2]); + w2[3] = hc_swap32_S (w2[3]); + w3[0] = hc_swap32_S (w3[0]); + w3[1] = hc_swap32_S (w3[1]); + w3[2] = 0; + w3[3] = 0; + + /** + * main + */ + + m22200s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} diff --git a/OpenCL/m22200_a3-pure.cl b/OpenCL/m22200_a3-pure.cl new file mode 100644 index 000000000..294230f5e --- /dev/null +++ b/OpenCL/m22200_a3-pure.cl @@ -0,0 +1,157 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha512.cl" +#endif + +KERNEL_FQ void m22200_mxx (KERN_ATTR_VECTOR ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * base + */ + + u32x z[32] = { 0 }; + + const u32 pw_len = pws[gid].pw_len; + + u32x w[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + { + w[idx] = pws[gid].i[idx]; + } + + sha512_ctx_t ctx0; + + sha512_init (&ctx0); + + sha512_update_global (&ctx0, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); + + /** + * loop + */ + + u32x w0l = w[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32x w0 = w0l | w0r; + + w[0] = w0; + + sha512_ctx_vector_t ctx; + + sha512_init_vector_from_scalar (&ctx, &ctx0); + + sha512_update_vector (&ctx, w, pw_len); + + sha512_update_vector (&ctx, z, 1); + + sha512_final_vector (&ctx); + + const u32x r0 = l32_from_64 (ctx.h[7]); + const u32x r1 = h32_from_64 (ctx.h[7]); + const u32x r2 = l32_from_64 (ctx.h[3]); + const u32x r3 = h32_from_64 (ctx.h[3]); + + COMPARE_M_SIMD (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m22200_sxx (KERN_ATTR_VECTOR ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * base + */ + + u32x z[32] = { 0 }; + + const u32 pw_len = pws[gid].pw_len; + + u32x w[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + { + w[idx] = pws[gid].i[idx]; + } + + sha512_ctx_t ctx0; + + sha512_init (&ctx0); + + sha512_update_global (&ctx0, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); + + /** + * loop + */ + + u32x w0l = w[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32x w0 = w0l | w0r; + + w[0] = w0; + + sha512_ctx_vector_t ctx; + + sha512_init_vector_from_scalar (&ctx, &ctx0); + + sha512_update_vector (&ctx, w, pw_len); + + sha512_update_vector (&ctx, z, 1); + + sha512_final_vector (&ctx); + + const u32x r0 = l32_from_64 (ctx.h[7]); + const u32x r1 = h32_from_64 (ctx.h[7]); + const u32x r2 = l32_from_64 (ctx.h[3]); + const u32x r3 = h32_from_64 (ctx.h[3]); + + COMPARE_S_SIMD (r0, r1, r2, r3); + } +} diff --git a/docs/changes.txt b/docs/changes.txt index 0b6c9ace9..5d36cd84a 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -26,6 +26,7 @@ - Added hash-mode: BitLocker - Added hash-mode: BitShares v0.x - Added hash-mode: Blockchain, My Wallet, Second Password (SHA256) +- Added hash-mode: Citrix NetScaler (SHA512) - Added hash-mode: DiskCryptor - Added hash-mode: Electrum Wallet (Salt-Type 3-5) - Added hash-mode: Huawei Router sha1(md5($pass).$salt) diff --git a/docs/readme.txt b/docs/readme.txt index 2027a54d5..003176bd8 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -193,7 +193,8 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - Cisco-IOS $9$ (scrypt) - Cisco-IOS type 4 (SHA256) - Cisco-PIX MD5 -- Citrix NetScaler +- Citrix NetScaler (SHA1) +- Citrix NetScaler (SHA512) - Domain Cached Credentials (DCC), MS Cache - Domain Cached Credentials 2 (DCC2), MS Cache 2 - FortiGate (FortiOS) diff --git a/src/modules/module_08100.c b/src/modules/module_08100.c index c84e4f38b..23211af1d 100644 --- a/src/modules/module_08100.c +++ b/src/modules/module_08100.c @@ -17,7 +17,7 @@ static const u32 DGST_POS2 = 2; static const u32 DGST_POS3 = 1; static const u32 DGST_SIZE = DGST_SIZE_4_5; static const u32 HASH_CATEGORY = HASH_CATEGORY_OS; -static const char *HASH_NAME = "Citrix NetScaler"; +static const char *HASH_NAME = "Citrix NetScaler (SHA1)"; static const u64 KERN_TYPE = 8100; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_PRECOMPUTE_INIT diff --git a/src/modules/module_22200.c b/src/modules/module_22200.c new file mode 100644 index 000000000..04ec5fd81 --- /dev/null +++ b/src/modules/module_22200.c @@ -0,0 +1,261 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 14; +static const u32 DGST_POS1 = 15; +static const u32 DGST_POS2 = 6; +static const u32 DGST_POS3 = 7; +static const u32 DGST_SIZE = DGST_SIZE_8_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_OS; +static const char *HASH_NAME = "Citrix NetScaler (SHA512)"; +static const u64 KERN_TYPE = 22200; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_EARLY_SKIP + | OPTI_TYPE_NOT_ITERATED + | OPTI_TYPE_PREPENDED_SALT + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_RAW_HASH; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_BE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "2f9282ade42ce148175dc3b4d8b5916dae5211eee49886c3f7cc768f6b9f2eb982a5ac2f2672a0223999bfd15349093278adf12f6276e8b61dacf5572b3f93d0b4fa886ce"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +static const char *SIGNATURE_NETSCALER = "2"; + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u64 *digest = (u64 *) digest_buf; + + token_t token; + + token.token_cnt = 3; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_NETSCALER; + + token.len[0] = 1; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len[1] = 8; + token.attr[1] = TOKEN_ATTR_FIXED_LENGTH; + + token.len[2] = 128; + token.attr[2] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // salt + + const u8 *salt_pos = token.buf[1]; + const int salt_len = token.len[1]; + + memcpy (salt->salt_buf, salt_pos, salt_len); + + salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); + salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); + + salt->salt_len = salt_len; + + // hash + + const u8 *hash_pos = token.buf[2]; + + digest[0] = hex_to_u64 (hash_pos + 0); + digest[1] = hex_to_u64 (hash_pos + 16); + digest[2] = hex_to_u64 (hash_pos + 32); + digest[3] = hex_to_u64 (hash_pos + 48); + digest[4] = hex_to_u64 (hash_pos + 64); + digest[5] = hex_to_u64 (hash_pos + 80); + digest[6] = hex_to_u64 (hash_pos + 96); + digest[7] = hex_to_u64 (hash_pos + 112); + + digest[0] = byte_swap_64 (digest[0]); + digest[1] = byte_swap_64 (digest[1]); + digest[2] = byte_swap_64 (digest[2]); + digest[3] = byte_swap_64 (digest[3]); + digest[4] = byte_swap_64 (digest[4]); + digest[5] = byte_swap_64 (digest[5]); + digest[6] = byte_swap_64 (digest[6]); + digest[7] = byte_swap_64 (digest[7]); + + if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) + { + digest[0] -= SHA512M_A; + digest[1] -= SHA512M_B; + digest[2] -= SHA512M_C; + digest[3] -= SHA512M_D; + digest[4] -= SHA512M_E; + digest[5] -= SHA512M_F; + digest[6] -= SHA512M_G; + digest[7] -= SHA512M_H; + } + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u64 *digest = (const u64 *) digest_buf; + + // we can not change anything in the original buffer, otherwise destroying sorting + // therefore create some local buffer + + u64 tmp[8]; + + tmp[0] = digest[0]; + tmp[1] = digest[1]; + tmp[2] = digest[2]; + tmp[3] = digest[3]; + tmp[4] = digest[4]; + tmp[5] = digest[5]; + tmp[6] = digest[6]; + tmp[7] = digest[7]; + + if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) + { + tmp[0] += SHA512M_A; + tmp[1] += SHA512M_B; + tmp[2] += SHA512M_C; + tmp[3] += SHA512M_D; + tmp[4] += SHA512M_E; + tmp[5] += SHA512M_F; + tmp[6] += SHA512M_G; + tmp[7] += SHA512M_H; + } + + tmp[0] = byte_swap_64 (tmp[0]); + tmp[1] = byte_swap_64 (tmp[1]); + tmp[2] = byte_swap_64 (tmp[2]); + tmp[3] = byte_swap_64 (tmp[3]); + tmp[4] = byte_swap_64 (tmp[4]); + tmp[5] = byte_swap_64 (tmp[5]); + tmp[6] = byte_swap_64 (tmp[6]); + tmp[7] = byte_swap_64 (tmp[7]); + + u32 tmp_salt[2]; + + tmp_salt[0] = byte_swap_32 (salt->salt_buf[0]); + tmp_salt[1] = byte_swap_32 (salt->salt_buf[1]); + + u8 *out_buf = (u8 *) line_buf; + + int out_len = 0; + + out_buf[0] = '2'; out_len += 1; + + memcpy (out_buf + out_len, tmp_salt, 8); out_len += 8; + + u64_to_hex (tmp[0], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[1], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[2], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[3], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[4], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[5], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[6], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[7], out_buf + out_len); out_len += 16; + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m22200.pm b/tools/test_modules/m22200.pm new file mode 100644 index 000000000..e8876c224 --- /dev/null +++ b/tools/test_modules/m22200.pm @@ -0,0 +1,51 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::SHA qw (sha512_hex); + +sub module_constraints { [[0, 256], [8, 8], [0, 54], [8, 8], [8, 54]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + + my $hash_buf = sha512_hex ($salt . $word . "\x00"); + + my $hash = sprintf ("2%s%s", $salt, $hash_buf); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $salt = substr ($line, 1, 8); + + my $rest = substr ($line, 1 + 8); + + my $index2 = index ($rest, ":"); + + return if $index2 < 1; + + my $word = substr ($rest, $index2 + 1); + + return unless defined $salt; + return unless defined $word; + + $word = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word, $salt); + + return ($new_hash, $word); +} + +1; From 3353a6fb5db59d252493a13d5728e8bad1a93f06 Mon Sep 17 00:00:00 2001 From: philsmd Date: Wed, 15 Jan 2020 09:16:05 +0100 Subject: [PATCH 154/300] Added -m 22300 = sha256($salt.$pass.$salt) --- OpenCL/m22300_a0-optimized.cl | 574 +++++++++++++++++++++++ OpenCL/m22300_a0-pure.cl | 147 ++++++ OpenCL/m22300_a1-optimized.cl | 692 ++++++++++++++++++++++++++++ OpenCL/m22300_a1-pure.cl | 137 ++++++ OpenCL/m22300_a3-optimized.cl | 826 ++++++++++++++++++++++++++++++++++ OpenCL/m22300_a3-pure.cl | 171 +++++++ docs/changes.txt | 3 +- docs/readme.txt | 3 +- src/modules/module_21400.c | 2 +- src/modules/module_22300.c | 251 +++++++++++ tools/test_modules/m22300.pm | 44 ++ 11 files changed, 2847 insertions(+), 3 deletions(-) create mode 100644 OpenCL/m22300_a0-optimized.cl create mode 100644 OpenCL/m22300_a0-pure.cl create mode 100644 OpenCL/m22300_a1-optimized.cl create mode 100644 OpenCL/m22300_a1-pure.cl create mode 100644 OpenCL/m22300_a3-optimized.cl create mode 100644 OpenCL/m22300_a3-pure.cl create mode 100644 src/modules/module_22300.c create mode 100644 tools/test_modules/m22300.pm diff --git a/OpenCL/m22300_a0-optimized.cl b/OpenCL/m22300_a0-optimized.cl new file mode 100644 index 000000000..8ca94cb57 --- /dev/null +++ b/OpenCL/m22300_a0-optimized.cl @@ -0,0 +1,574 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_rp_optimized.h" +#include "inc_rp_optimized.cl" +#include "inc_simd.cl" +#include "inc_hash_sha256.cl" +#endif + +#define SHA256_STEP_REV(a,b,c,d,e,f,g,h) \ +{ \ + u32 t2 = SHA256_S2_S(b) + SHA256_F0o(b,c,d); \ + u32 t1 = a - t2; \ + a = b; \ + b = c; \ + c = d; \ + d = e - t1; \ + e = f; \ + f = g; \ + g = h; \ + h = 0; \ +} + +KERNEL_FQ void m22300_m04 (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf0[4]; + u32 salt_buf1[4]; + u32 salt_buf2[4]; + u32 salt_buf3[4]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[ 0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[ 1]; + salt_buf0[2] = salt_bufs[salt_pos].salt_buf[ 2]; + salt_buf0[3] = salt_bufs[salt_pos].salt_buf[ 3]; + salt_buf1[0] = salt_bufs[salt_pos].salt_buf[ 4]; + salt_buf1[1] = salt_bufs[salt_pos].salt_buf[ 5]; + salt_buf1[2] = salt_bufs[salt_pos].salt_buf[ 6]; + salt_buf1[3] = salt_bufs[salt_pos].salt_buf[ 7]; + salt_buf2[0] = salt_bufs[salt_pos].salt_buf[ 8]; + salt_buf2[1] = salt_bufs[salt_pos].salt_buf[ 9]; + salt_buf2[2] = salt_bufs[salt_pos].salt_buf[10]; + salt_buf2[3] = salt_bufs[salt_pos].salt_buf[11]; + salt_buf3[0] = salt_bufs[salt_pos].salt_buf[12]; + salt_buf3[1] = salt_bufs[salt_pos].salt_buf[13]; + salt_buf3[2] = salt_bufs[salt_pos].salt_buf[14]; + salt_buf3[3] = salt_bufs[salt_pos].salt_buf[15]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + u32x w0[4] = { 0 }; + u32x w1[4] = { 0 }; + u32x w2[4] = { 0 }; + u32x w3[4] = { 0 }; + + const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + + /** + * prepend salt + */ + + const u32x out_salt_len = out_len + salt_len; + + switch_buffer_by_offset_le_VV (w0, w1, w2, w3, salt_len); + + w0[0] |= salt_buf0[0]; + w0[1] |= salt_buf0[1]; + w0[2] |= salt_buf0[2]; + w0[3] |= salt_buf0[3]; + w1[0] |= salt_buf1[0]; + w1[1] |= salt_buf1[1]; + w1[2] |= salt_buf1[2]; + w1[3] |= salt_buf1[3]; + w2[0] |= salt_buf2[0]; + w2[1] |= salt_buf2[1]; + w2[2] |= salt_buf2[2]; + w2[3] |= salt_buf2[3]; + w3[0] |= salt_buf3[0]; + w3[1] |= salt_buf3[1]; + w3[2] |= salt_buf3[2]; + w3[3] |= salt_buf3[3]; + + /** + * append salt + */ + + u32x s0[4]; + u32x s1[4]; + u32x s2[4]; + u32x s3[4]; + + s0[0] = salt_buf0[0]; + s0[1] = salt_buf0[1]; + s0[2] = salt_buf0[2]; + s0[3] = salt_buf0[3]; + s1[0] = salt_buf1[0]; + s1[1] = salt_buf1[1]; + s1[2] = salt_buf1[2]; + s1[3] = salt_buf1[3]; + s2[0] = salt_buf2[0]; + s2[1] = salt_buf2[1]; + s2[2] = salt_buf2[2]; + s2[3] = salt_buf2[3]; + s3[0] = salt_buf3[0]; + s3[1] = salt_buf3[1]; + s3[2] = salt_buf3[2]; + s3[3] = salt_buf3[3]; + + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_salt_len); + + w0[0] |= s0[0]; + w0[1] |= s0[1]; + w0[2] |= s0[2]; + w0[3] |= s0[3]; + w1[0] |= s1[0]; + w1[1] |= s1[1]; + w1[2] |= s1[2]; + w1[3] |= s1[3]; + w2[0] |= s2[0]; + w2[1] |= s2[1]; + w2[2] |= s2[2]; + w2[3] |= s2[3]; + w3[0] |= s3[0]; + w3[1] |= s3[1]; + w3[2] |= s3[2]; + w3[3] |= s3[3]; + + const u32x salt_out_salt_len = salt_len + out_len + salt_len; + + append_0x80_4x4_VV (w0, w1, w2, w3, salt_out_salt_len); + + /** + * sha256 + */ + + u32x w0_t = hc_swap32 (w0[0]); + u32x w1_t = hc_swap32 (w0[1]); + u32x w2_t = hc_swap32 (w0[2]); + u32x w3_t = hc_swap32 (w0[3]); + u32x w4_t = hc_swap32 (w1[0]); + u32x w5_t = hc_swap32 (w1[1]); + u32x w6_t = hc_swap32 (w1[2]); + u32x w7_t = hc_swap32 (w1[3]); + u32x w8_t = hc_swap32 (w2[0]); + u32x w9_t = hc_swap32 (w2[1]); + u32x wa_t = hc_swap32 (w2[2]); + u32x wb_t = hc_swap32 (w2[3]); + u32x wc_t = hc_swap32 (w3[0]); + u32x wd_t = hc_swap32 (w3[1]); + u32x we_t = 0; + u32x wf_t = salt_out_salt_len * 8; + + u32x a = SHA256M_A; + u32x b = SHA256M_B; + u32x c = SHA256M_C; + u32x d = SHA256M_D; + u32x e = SHA256M_E; + u32x f = SHA256M_F; + u32x g = SHA256M_G; + u32x h = SHA256M_H; + + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C00); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C01); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C02); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C03); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C04); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C05); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C06); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C07); + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C08); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C09); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C0a); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C0b); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C0c); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C0d); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C0e); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C0f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C10); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C11); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C12); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C13); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C14); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C15); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C16); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C17); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C18); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C19); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C1a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C1b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C1c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C1d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C1e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C1f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C20); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C21); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C22); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C23); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C24); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C25); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C26); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C27); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C28); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C29); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C2a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C2b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C2c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C2d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C2e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C2f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C30); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C31); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C32); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C33); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C34); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C35); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C36); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C37); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C38); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C39); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C3a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C3b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C3c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C3d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C3e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C3f); + + COMPARE_M_SIMD (d, h, c, g); + } +} + +KERNEL_FQ void m22300_m08 (KERN_ATTR_RULES ()) +{ +} + +KERNEL_FQ void m22300_m16 (KERN_ATTR_RULES ()) +{ +} + +KERNEL_FQ void m22300_s04 (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf0[4]; + u32 salt_buf1[4]; + u32 salt_buf2[4]; + u32 salt_buf3[4]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[ 0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[ 1]; + salt_buf0[2] = salt_bufs[salt_pos].salt_buf[ 2]; + salt_buf0[3] = salt_bufs[salt_pos].salt_buf[ 3]; + salt_buf1[0] = salt_bufs[salt_pos].salt_buf[ 4]; + salt_buf1[1] = salt_bufs[salt_pos].salt_buf[ 5]; + salt_buf1[2] = salt_bufs[salt_pos].salt_buf[ 6]; + salt_buf1[3] = salt_bufs[salt_pos].salt_buf[ 7]; + salt_buf2[0] = salt_bufs[salt_pos].salt_buf[ 8]; + salt_buf2[1] = salt_bufs[salt_pos].salt_buf[ 9]; + salt_buf2[2] = salt_bufs[salt_pos].salt_buf[10]; + salt_buf2[3] = salt_bufs[salt_pos].salt_buf[11]; + salt_buf3[0] = salt_bufs[salt_pos].salt_buf[12]; + salt_buf3[1] = salt_bufs[salt_pos].salt_buf[13]; + salt_buf3[2] = salt_bufs[salt_pos].salt_buf[14]; + salt_buf3[3] = salt_bufs[salt_pos].salt_buf[15]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * reverse + */ + + u32 a_rev = digests_buf[digests_offset].digest_buf[0]; + u32 b_rev = digests_buf[digests_offset].digest_buf[1]; + u32 c_rev = digests_buf[digests_offset].digest_buf[2]; + u32 d_rev = digests_buf[digests_offset].digest_buf[3]; + u32 e_rev = digests_buf[digests_offset].digest_buf[4]; + u32 f_rev = digests_buf[digests_offset].digest_buf[5]; + u32 g_rev = digests_buf[digests_offset].digest_buf[6]; + u32 h_rev = digests_buf[digests_offset].digest_buf[7]; + + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + u32x w0[4] = { 0 }; + u32x w1[4] = { 0 }; + u32x w2[4] = { 0 }; + u32x w3[4] = { 0 }; + + const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + + /** + * prepend salt + */ + + const u32x out_salt_len = out_len + salt_len; + + switch_buffer_by_offset_le_VV (w0, w1, w2, w3, salt_len); + + w0[0] |= salt_buf0[0]; + w0[1] |= salt_buf0[1]; + w0[2] |= salt_buf0[2]; + w0[3] |= salt_buf0[3]; + w1[0] |= salt_buf1[0]; + w1[1] |= salt_buf1[1]; + w1[2] |= salt_buf1[2]; + w1[3] |= salt_buf1[3]; + w2[0] |= salt_buf2[0]; + w2[1] |= salt_buf2[1]; + w2[2] |= salt_buf2[2]; + w2[3] |= salt_buf2[3]; + w3[0] |= salt_buf3[0]; + w3[1] |= salt_buf3[1]; + w3[2] |= salt_buf3[2]; + w3[3] |= salt_buf3[3]; + + /** + * append salt + */ + + u32x s0[4]; + u32x s1[4]; + u32x s2[4]; + u32x s3[4]; + + s0[0] = salt_buf0[0]; + s0[1] = salt_buf0[1]; + s0[2] = salt_buf0[2]; + s0[3] = salt_buf0[3]; + s1[0] = salt_buf1[0]; + s1[1] = salt_buf1[1]; + s1[2] = salt_buf1[2]; + s1[3] = salt_buf1[3]; + s2[0] = salt_buf2[0]; + s2[1] = salt_buf2[1]; + s2[2] = salt_buf2[2]; + s2[3] = salt_buf2[3]; + s3[0] = salt_buf3[0]; + s3[1] = salt_buf3[1]; + s3[2] = salt_buf3[2]; + s3[3] = salt_buf3[3]; + + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_salt_len); + + w0[0] |= s0[0]; + w0[1] |= s0[1]; + w0[2] |= s0[2]; + w0[3] |= s0[3]; + w1[0] |= s1[0]; + w1[1] |= s1[1]; + w1[2] |= s1[2]; + w1[3] |= s1[3]; + w2[0] |= s2[0]; + w2[1] |= s2[1]; + w2[2] |= s2[2]; + w2[3] |= s2[3]; + w3[0] |= s3[0]; + w3[1] |= s3[1]; + w3[2] |= s3[2]; + w3[3] |= s3[3]; + + const u32x salt_out_salt_len = salt_len + out_len + salt_len; + + append_0x80_4x4_VV (w0, w1, w2, w3, salt_out_salt_len); + + /** + * sha256 + */ + + u32x w0_t = hc_swap32 (w0[0]); + u32x w1_t = hc_swap32 (w0[1]); + u32x w2_t = hc_swap32 (w0[2]); + u32x w3_t = hc_swap32 (w0[3]); + u32x w4_t = hc_swap32 (w1[0]); + u32x w5_t = hc_swap32 (w1[1]); + u32x w6_t = hc_swap32 (w1[2]); + u32x w7_t = hc_swap32 (w1[3]); + u32x w8_t = hc_swap32 (w2[0]); + u32x w9_t = hc_swap32 (w2[1]); + u32x wa_t = hc_swap32 (w2[2]); + u32x wb_t = hc_swap32 (w2[3]); + u32x wc_t = hc_swap32 (w3[0]); + u32x wd_t = hc_swap32 (w3[1]); + u32x we_t = 0; + u32x wf_t = salt_out_salt_len * 8; + + u32x a = SHA256M_A; + u32x b = SHA256M_B; + u32x c = SHA256M_C; + u32x d = SHA256M_D; + u32x e = SHA256M_E; + u32x f = SHA256M_F; + u32x g = SHA256M_G; + u32x h = SHA256M_H; + + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C00); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C01); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C02); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C03); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C04); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C05); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C06); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C07); + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C08); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C09); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C0a); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C0b); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C0c); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C0d); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C0e); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C0f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C10); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C11); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C12); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C13); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C14); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C15); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C16); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C17); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C18); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C19); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C1a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C1b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C1c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C1d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C1e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C1f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C20); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C21); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C22); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C23); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C24); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C25); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C26); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C27); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C28); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C29); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C2a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C2b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C2c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C2d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C2e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C2f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C30); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C31); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C32); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C33); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C34); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C35); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C36); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C37); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C38); + + if (MATCHES_NONE_VS (h, d_rev)) continue; + + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C39); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C3a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C3b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C3c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C3d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C3e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C3f); + + COMPARE_S_SIMD (d, h, c, g); + } +} + +KERNEL_FQ void m22300_s08 (KERN_ATTR_RULES ()) +{ +} + +KERNEL_FQ void m22300_s16 (KERN_ATTR_RULES ()) +{ +} diff --git a/OpenCL/m22300_a0-pure.cl b/OpenCL/m22300_a0-pure.cl new file mode 100644 index 000000000..bfb212751 --- /dev/null +++ b/OpenCL/m22300_a0-pure.cl @@ -0,0 +1,147 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_rp.h" +#include "inc_rp.cl" +#include "inc_scalar.cl" +#include "inc_hash_sha256.cl" +#endif + +KERNEL_FQ void m22300_mxx (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * base + */ + + COPY_PW (pws[gid]); + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + u32 s[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < salt_len; i += 4, idx += 1) + { + s[idx] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[idx]); + } + + sha256_ctx_t ctx0; + + sha256_init (&ctx0); + + sha256_update (&ctx0, s, salt_len); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + pw_t tmp = PASTE_PW; + + tmp.pw_len = apply_rules (rules_buf[il_pos].cmds, tmp.i, tmp.pw_len); + + sha256_ctx_t ctx = ctx0; + + sha256_update_swap (&ctx, tmp.i, tmp.pw_len); + + sha256_update (&ctx, s, salt_len); + + sha256_final (&ctx); + + const u32 r0 = ctx.h[DGST_R0]; + const u32 r1 = ctx.h[DGST_R1]; + const u32 r2 = ctx.h[DGST_R2]; + const u32 r3 = ctx.h[DGST_R3]; + + COMPARE_M_SCALAR (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m22300_sxx (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * base + */ + + COPY_PW (pws[gid]); + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + u32 s[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < salt_len; i += 4, idx += 1) + { + s[idx] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[idx]); + } + + sha256_ctx_t ctx0; + + sha256_init (&ctx0); + + sha256_update (&ctx0, s, salt_len); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + pw_t tmp = PASTE_PW; + + tmp.pw_len = apply_rules (rules_buf[il_pos].cmds, tmp.i, tmp.pw_len); + + sha256_ctx_t ctx = ctx0; + + sha256_update_swap (&ctx, tmp.i, tmp.pw_len); + + sha256_update (&ctx, s, salt_len); + + sha256_final (&ctx); + + const u32 r0 = ctx.h[DGST_R0]; + const u32 r1 = ctx.h[DGST_R1]; + const u32 r2 = ctx.h[DGST_R2]; + const u32 r3 = ctx.h[DGST_R3]; + + COMPARE_S_SCALAR (r0, r1, r2, r3); + } +} diff --git a/OpenCL/m22300_a1-optimized.cl b/OpenCL/m22300_a1-optimized.cl new file mode 100644 index 000000000..ce683086f --- /dev/null +++ b/OpenCL/m22300_a1-optimized.cl @@ -0,0 +1,692 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha256.cl" +#endif + +#define SHA256_STEP_REV(a,b,c,d,e,f,g,h) \ +{ \ + u32 t2 = SHA256_S2_S(b) + SHA256_F0o(b,c,d); \ + u32 t1 = a - t2; \ + a = b; \ + b = c; \ + c = d; \ + d = e - t1; \ + e = f; \ + f = g; \ + g = h; \ + h = 0; \ +} + +KERNEL_FQ void m22300_m04 (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_l_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf0[4]; + u32 salt_buf1[4]; + u32 salt_buf2[4]; + u32 salt_buf3[4]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[ 0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[ 1]; + salt_buf0[2] = salt_bufs[salt_pos].salt_buf[ 2]; + salt_buf0[3] = salt_bufs[salt_pos].salt_buf[ 3]; + salt_buf1[0] = salt_bufs[salt_pos].salt_buf[ 4]; + salt_buf1[1] = salt_bufs[salt_pos].salt_buf[ 5]; + salt_buf1[2] = salt_bufs[salt_pos].salt_buf[ 6]; + salt_buf1[3] = salt_bufs[salt_pos].salt_buf[ 7]; + salt_buf2[0] = salt_bufs[salt_pos].salt_buf[ 8]; + salt_buf2[1] = salt_bufs[salt_pos].salt_buf[ 9]; + salt_buf2[2] = salt_bufs[salt_pos].salt_buf[10]; + salt_buf2[3] = salt_bufs[salt_pos].salt_buf[11]; + salt_buf3[0] = salt_bufs[salt_pos].salt_buf[12]; + salt_buf3[1] = salt_bufs[salt_pos].salt_buf[13]; + salt_buf3[2] = salt_bufs[salt_pos].salt_buf[14]; + salt_buf3[3] = salt_bufs[salt_pos].salt_buf[15]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos) & 63; + + const u32x pw_len = (pw_l_len + pw_r_len) & 63; + + /** + * concat password candidate + */ + + u32x wordl0[4] = { 0 }; + u32x wordl1[4] = { 0 }; + u32x wordl2[4] = { 0 }; + u32x wordl3[4] = { 0 }; + + wordl0[0] = pw_buf0[0]; + wordl0[1] = pw_buf0[1]; + wordl0[2] = pw_buf0[2]; + wordl0[3] = pw_buf0[3]; + wordl1[0] = pw_buf1[0]; + wordl1[1] = pw_buf1[1]; + wordl1[2] = pw_buf1[2]; + wordl1[3] = pw_buf1[3]; + + u32x wordr0[4] = { 0 }; + u32x wordr1[4] = { 0 }; + u32x wordr2[4] = { 0 }; + u32x wordr3[4] = { 0 }; + + wordr0[0] = ix_create_combt (combs_buf, il_pos, 0); + wordr0[1] = ix_create_combt (combs_buf, il_pos, 1); + wordr0[2] = ix_create_combt (combs_buf, il_pos, 2); + wordr0[3] = ix_create_combt (combs_buf, il_pos, 3); + wordr1[0] = ix_create_combt (combs_buf, il_pos, 4); + wordr1[1] = ix_create_combt (combs_buf, il_pos, 5); + wordr1[2] = ix_create_combt (combs_buf, il_pos, 6); + wordr1[3] = ix_create_combt (combs_buf, il_pos, 7); + + if (combs_mode == COMBINATOR_MODE_BASE_LEFT) + { + switch_buffer_by_offset_le_VV (wordr0, wordr1, wordr2, wordr3, pw_l_len); + } + else + { + switch_buffer_by_offset_le_VV (wordl0, wordl1, wordl2, wordl3, pw_r_len); + } + + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = wordl0[0] | wordr0[0]; + w0[1] = wordl0[1] | wordr0[1]; + w0[2] = wordl0[2] | wordr0[2]; + w0[3] = wordl0[3] | wordr0[3]; + w1[0] = wordl1[0] | wordr1[0]; + w1[1] = wordl1[1] | wordr1[1]; + w1[2] = wordl1[2] | wordr1[2]; + w1[3] = wordl1[3] | wordr1[3]; + w2[0] = wordl2[0] | wordr2[0]; + w2[1] = wordl2[1] | wordr2[1]; + w2[2] = wordl2[2] | wordr2[2]; + w2[3] = wordl2[3] | wordr2[3]; + w3[0] = wordl3[0] | wordr3[0]; + w3[1] = wordl3[1] | wordr3[1]; + w3[2] = wordl3[2] | wordr3[2]; + w3[3] = wordl3[3] | wordr3[3]; + + /** + * prepend salt + */ + + switch_buffer_by_offset_le (w0, w1, w2, w3, salt_len); + + const u32x pw_salt_len = pw_len + salt_len; + + w0[0] |= salt_buf0[0]; + w0[1] |= salt_buf0[1]; + w0[2] |= salt_buf0[2]; + w0[3] |= salt_buf0[3]; + w1[0] |= salt_buf1[0]; + w1[1] |= salt_buf1[1]; + w1[2] |= salt_buf1[2]; + w1[3] |= salt_buf1[3]; + w2[0] |= salt_buf2[0]; + w2[1] |= salt_buf2[1]; + w2[2] |= salt_buf2[2]; + w2[3] |= salt_buf2[3]; + w3[0] |= salt_buf3[0]; + w3[1] |= salt_buf3[1]; + w3[2] |= salt_buf3[2]; + w3[3] |= salt_buf3[3]; + + /** + * append salt + */ + + u32x s0[4]; + u32x s1[4]; + u32x s2[4]; + u32x s3[4]; + + s0[0] = salt_buf0[0]; + s0[1] = salt_buf0[1]; + s0[2] = salt_buf0[2]; + s0[3] = salt_buf0[3]; + s1[0] = salt_buf1[0]; + s1[1] = salt_buf1[1]; + s1[2] = salt_buf1[2]; + s1[3] = salt_buf1[3]; + s2[0] = salt_buf2[0]; + s2[1] = salt_buf2[1]; + s2[2] = salt_buf2[2]; + s2[3] = salt_buf2[3]; + s3[0] = salt_buf3[0]; + s3[1] = salt_buf3[1]; + s3[2] = salt_buf3[2]; + s3[3] = salt_buf3[3]; + + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_salt_len); + + w0[0] |= s0[0]; + w0[1] |= s0[1]; + w0[2] |= s0[2]; + w0[3] |= s0[3]; + w1[0] |= s1[0]; + w1[1] |= s1[1]; + w1[2] |= s1[2]; + w1[3] |= s1[3]; + w2[0] |= s2[0]; + w2[1] |= s2[1]; + w2[2] |= s2[2]; + w2[3] |= s2[3]; + w3[0] |= s3[0]; + w3[1] |= s3[1]; + w3[2] |= s3[2]; + w3[3] |= s3[3]; + + const u32x salt_pw_salt_len = salt_len + pw_len + salt_len; + + append_0x80_4x4_VV (w0, w1, w2, w3, salt_pw_salt_len); + + /** + * sha256 + */ + + u32x w0_t = hc_swap32 (w0[0]); + u32x w1_t = hc_swap32 (w0[1]); + u32x w2_t = hc_swap32 (w0[2]); + u32x w3_t = hc_swap32 (w0[3]); + u32x w4_t = hc_swap32 (w1[0]); + u32x w5_t = hc_swap32 (w1[1]); + u32x w6_t = hc_swap32 (w1[2]); + u32x w7_t = hc_swap32 (w1[3]); + u32x w8_t = hc_swap32 (w2[0]); + u32x w9_t = hc_swap32 (w2[1]); + u32x wa_t = hc_swap32 (w2[2]); + u32x wb_t = hc_swap32 (w2[3]); + u32x wc_t = hc_swap32 (w3[0]); + u32x wd_t = hc_swap32 (w3[1]); + u32x we_t = 0; + u32x wf_t = salt_pw_salt_len * 8; + + u32x a = SHA256M_A; + u32x b = SHA256M_B; + u32x c = SHA256M_C; + u32x d = SHA256M_D; + u32x e = SHA256M_E; + u32x f = SHA256M_F; + u32x g = SHA256M_G; + u32x h = SHA256M_H; + + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C00); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C01); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C02); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C03); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C04); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C05); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C06); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C07); + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C08); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C09); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C0a); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C0b); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C0c); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C0d); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C0e); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C0f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C10); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C11); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C12); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C13); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C14); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C15); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C16); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C17); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C18); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C19); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C1a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C1b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C1c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C1d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C1e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C1f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C20); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C21); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C22); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C23); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C24); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C25); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C26); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C27); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C28); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C29); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C2a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C2b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C2c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C2d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C2e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C2f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C30); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C31); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C32); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C33); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C34); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C35); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C36); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C37); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C38); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C39); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C3a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C3b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C3c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C3d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C3e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C3f); + + COMPARE_M_SIMD (d, h, c, g); + } +} + +KERNEL_FQ void m22300_m08 (KERN_ATTR_BASIC ()) +{ +} + +KERNEL_FQ void m22300_m16 (KERN_ATTR_BASIC ()) +{ +} + +KERNEL_FQ void m22300_s04 (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_l_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf0[4]; + u32 salt_buf1[4]; + u32 salt_buf2[4]; + u32 salt_buf3[4]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[ 0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[ 1]; + salt_buf0[2] = salt_bufs[salt_pos].salt_buf[ 2]; + salt_buf0[3] = salt_bufs[salt_pos].salt_buf[ 3]; + salt_buf1[0] = salt_bufs[salt_pos].salt_buf[ 4]; + salt_buf1[1] = salt_bufs[salt_pos].salt_buf[ 5]; + salt_buf1[2] = salt_bufs[salt_pos].salt_buf[ 6]; + salt_buf1[3] = salt_bufs[salt_pos].salt_buf[ 7]; + salt_buf2[0] = salt_bufs[salt_pos].salt_buf[ 8]; + salt_buf2[1] = salt_bufs[salt_pos].salt_buf[ 9]; + salt_buf2[2] = salt_bufs[salt_pos].salt_buf[10]; + salt_buf2[3] = salt_bufs[salt_pos].salt_buf[11]; + salt_buf3[0] = salt_bufs[salt_pos].salt_buf[12]; + salt_buf3[1] = salt_bufs[salt_pos].salt_buf[13]; + salt_buf3[2] = salt_bufs[salt_pos].salt_buf[14]; + salt_buf3[3] = salt_bufs[salt_pos].salt_buf[15]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * reverse + */ + + u32 a_rev = digests_buf[digests_offset].digest_buf[0]; + u32 b_rev = digests_buf[digests_offset].digest_buf[1]; + u32 c_rev = digests_buf[digests_offset].digest_buf[2]; + u32 d_rev = digests_buf[digests_offset].digest_buf[3]; + u32 e_rev = digests_buf[digests_offset].digest_buf[4]; + u32 f_rev = digests_buf[digests_offset].digest_buf[5]; + u32 g_rev = digests_buf[digests_offset].digest_buf[6]; + u32 h_rev = digests_buf[digests_offset].digest_buf[7]; + + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos) & 63; + + const u32x pw_len = (pw_l_len + pw_r_len) & 63; + + /** + * concat password candidate + */ + + u32x wordl0[4] = { 0 }; + u32x wordl1[4] = { 0 }; + u32x wordl2[4] = { 0 }; + u32x wordl3[4] = { 0 }; + + wordl0[0] = pw_buf0[0]; + wordl0[1] = pw_buf0[1]; + wordl0[2] = pw_buf0[2]; + wordl0[3] = pw_buf0[3]; + wordl1[0] = pw_buf1[0]; + wordl1[1] = pw_buf1[1]; + wordl1[2] = pw_buf1[2]; + wordl1[3] = pw_buf1[3]; + + u32x wordr0[4] = { 0 }; + u32x wordr1[4] = { 0 }; + u32x wordr2[4] = { 0 }; + u32x wordr3[4] = { 0 }; + + wordr0[0] = ix_create_combt (combs_buf, il_pos, 0); + wordr0[1] = ix_create_combt (combs_buf, il_pos, 1); + wordr0[2] = ix_create_combt (combs_buf, il_pos, 2); + wordr0[3] = ix_create_combt (combs_buf, il_pos, 3); + wordr1[0] = ix_create_combt (combs_buf, il_pos, 4); + wordr1[1] = ix_create_combt (combs_buf, il_pos, 5); + wordr1[2] = ix_create_combt (combs_buf, il_pos, 6); + wordr1[3] = ix_create_combt (combs_buf, il_pos, 7); + + if (combs_mode == COMBINATOR_MODE_BASE_LEFT) + { + switch_buffer_by_offset_le_VV (wordr0, wordr1, wordr2, wordr3, pw_l_len); + } + else + { + switch_buffer_by_offset_le_VV (wordl0, wordl1, wordl2, wordl3, pw_r_len); + } + + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = wordl0[0] | wordr0[0]; + w0[1] = wordl0[1] | wordr0[1]; + w0[2] = wordl0[2] | wordr0[2]; + w0[3] = wordl0[3] | wordr0[3]; + w1[0] = wordl1[0] | wordr1[0]; + w1[1] = wordl1[1] | wordr1[1]; + w1[2] = wordl1[2] | wordr1[2]; + w1[3] = wordl1[3] | wordr1[3]; + w2[0] = wordl2[0] | wordr2[0]; + w2[1] = wordl2[1] | wordr2[1]; + w2[2] = wordl2[2] | wordr2[2]; + w2[3] = wordl2[3] | wordr2[3]; + w3[0] = wordl3[0] | wordr3[0]; + w3[1] = wordl3[1] | wordr3[1]; + w3[2] = wordl3[2] | wordr3[2]; + w3[3] = wordl3[3] | wordr3[3]; + + /** + * prepend salt + */ + + switch_buffer_by_offset_le (w0, w1, w2, w3, salt_len); + + const u32x pw_salt_len = pw_len + salt_len; + + w0[0] |= salt_buf0[0]; + w0[1] |= salt_buf0[1]; + w0[2] |= salt_buf0[2]; + w0[3] |= salt_buf0[3]; + w1[0] |= salt_buf1[0]; + w1[1] |= salt_buf1[1]; + w1[2] |= salt_buf1[2]; + w1[3] |= salt_buf1[3]; + w2[0] |= salt_buf2[0]; + w2[1] |= salt_buf2[1]; + w2[2] |= salt_buf2[2]; + w2[3] |= salt_buf2[3]; + w3[0] |= salt_buf3[0]; + w3[1] |= salt_buf3[1]; + w3[2] |= salt_buf3[2]; + w3[3] |= salt_buf3[3]; + + /** + * append salt + */ + + u32x s0[4]; + u32x s1[4]; + u32x s2[4]; + u32x s3[4]; + + s0[0] = salt_buf0[0]; + s0[1] = salt_buf0[1]; + s0[2] = salt_buf0[2]; + s0[3] = salt_buf0[3]; + s1[0] = salt_buf1[0]; + s1[1] = salt_buf1[1]; + s1[2] = salt_buf1[2]; + s1[3] = salt_buf1[3]; + s2[0] = salt_buf2[0]; + s2[1] = salt_buf2[1]; + s2[2] = salt_buf2[2]; + s2[3] = salt_buf2[3]; + s3[0] = salt_buf3[0]; + s3[1] = salt_buf3[1]; + s3[2] = salt_buf3[2]; + s3[3] = salt_buf3[3]; + + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_salt_len); + + w0[0] |= s0[0]; + w0[1] |= s0[1]; + w0[2] |= s0[2]; + w0[3] |= s0[3]; + w1[0] |= s1[0]; + w1[1] |= s1[1]; + w1[2] |= s1[2]; + w1[3] |= s1[3]; + w2[0] |= s2[0]; + w2[1] |= s2[1]; + w2[2] |= s2[2]; + w2[3] |= s2[3]; + w3[0] |= s3[0]; + w3[1] |= s3[1]; + w3[2] |= s3[2]; + w3[3] |= s3[3]; + + const u32x salt_pw_salt_len = salt_len + pw_len + salt_len; + + append_0x80_4x4_VV (w0, w1, w2, w3, salt_pw_salt_len); + + /** + * sha256 + */ + + u32x w0_t = hc_swap32 (w0[0]); + u32x w1_t = hc_swap32 (w0[1]); + u32x w2_t = hc_swap32 (w0[2]); + u32x w3_t = hc_swap32 (w0[3]); + u32x w4_t = hc_swap32 (w1[0]); + u32x w5_t = hc_swap32 (w1[1]); + u32x w6_t = hc_swap32 (w1[2]); + u32x w7_t = hc_swap32 (w1[3]); + u32x w8_t = hc_swap32 (w2[0]); + u32x w9_t = hc_swap32 (w2[1]); + u32x wa_t = hc_swap32 (w2[2]); + u32x wb_t = hc_swap32 (w2[3]); + u32x wc_t = hc_swap32 (w3[0]); + u32x wd_t = hc_swap32 (w3[1]); + u32x we_t = 0; + u32x wf_t = salt_pw_salt_len * 8; + + u32x a = SHA256M_A; + u32x b = SHA256M_B; + u32x c = SHA256M_C; + u32x d = SHA256M_D; + u32x e = SHA256M_E; + u32x f = SHA256M_F; + u32x g = SHA256M_G; + u32x h = SHA256M_H; + + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C00); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C01); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C02); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C03); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C04); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C05); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C06); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C07); + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C08); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C09); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C0a); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C0b); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C0c); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C0d); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C0e); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C0f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C10); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C11); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C12); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C13); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C14); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C15); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C16); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C17); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C18); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C19); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C1a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C1b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C1c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C1d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C1e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C1f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C20); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C21); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C22); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C23); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C24); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C25); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C26); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C27); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C28); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C29); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C2a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C2b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C2c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C2d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C2e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C2f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C30); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C31); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C32); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C33); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C34); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C35); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C36); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C37); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C38); + + if (MATCHES_NONE_VS (h, d_rev)) continue; + + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C39); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C3a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C3b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C3c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C3d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C3e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C3f); + + COMPARE_S_SIMD (d, h, c, g); + } +} + +KERNEL_FQ void m22300_s08 (KERN_ATTR_BASIC ()) +{ +} + +KERNEL_FQ void m22300_s16 (KERN_ATTR_BASIC ()) +{ +} diff --git a/OpenCL/m22300_a1-pure.cl b/OpenCL/m22300_a1-pure.cl new file mode 100644 index 000000000..018bdc6f9 --- /dev/null +++ b/OpenCL/m22300_a1-pure.cl @@ -0,0 +1,137 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_scalar.cl" +#include "inc_hash_sha256.cl" +#endif + +KERNEL_FQ void m22300_mxx (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * base + */ + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + u32 s[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < salt_len; i += 4, idx += 1) + { + s[idx] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[idx]); + } + + sha256_ctx_t ctx0; + + sha256_init (&ctx0); + + sha256_update (&ctx0, s, salt_len); + + sha256_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + sha256_ctx_t ctx = ctx0; + + sha256_update_global_swap (&ctx, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + + sha256_update (&ctx, s, salt_len); + + sha256_final (&ctx); + + const u32 r0 = ctx.h[DGST_R0]; + const u32 r1 = ctx.h[DGST_R1]; + const u32 r2 = ctx.h[DGST_R2]; + const u32 r3 = ctx.h[DGST_R3]; + + COMPARE_M_SCALAR (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m22300_sxx (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * base + */ + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + u32 s[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < salt_len; i += 4, idx += 1) + { + s[idx] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[idx]); + } + + sha256_ctx_t ctx0; + + sha256_init (&ctx0); + + sha256_update (&ctx0, s, salt_len); + + sha256_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + sha256_ctx_t ctx = ctx0; + + sha256_update_global_swap (&ctx, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + + sha256_update (&ctx, s, salt_len); + + sha256_final (&ctx); + + const u32 r0 = ctx.h[DGST_R0]; + const u32 r1 = ctx.h[DGST_R1]; + const u32 r2 = ctx.h[DGST_R2]; + const u32 r3 = ctx.h[DGST_R3]; + + COMPARE_S_SCALAR (r0, r1, r2, r3); + } +} diff --git a/OpenCL/m22300_a3-optimized.cl b/OpenCL/m22300_a3-optimized.cl new file mode 100644 index 000000000..338c6ce46 --- /dev/null +++ b/OpenCL/m22300_a3-optimized.cl @@ -0,0 +1,826 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha256.cl" +#endif + +#define SHA256_STEP_REV(a,b,c,d,e,f,g,h) \ +{ \ + u32 t2 = SHA256_S2_S(b) + SHA256_F0o(b,c,d); \ + u32 t1 = a - t2; \ + a = b; \ + b = c; \ + c = d; \ + d = e - t1; \ + e = f; \ + f = g; \ + g = h; \ + h = 0; \ +} + +DECLSPEC void m22300m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + + /** + * salt + */ + + u32 salt_buf0[4]; + u32 salt_buf1[4]; + u32 salt_buf2[4]; + u32 salt_buf3[4]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[ 0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[ 1]; + salt_buf0[2] = salt_bufs[salt_pos].salt_buf[ 2]; + salt_buf0[3] = salt_bufs[salt_pos].salt_buf[ 3]; + salt_buf1[0] = salt_bufs[salt_pos].salt_buf[ 4]; + salt_buf1[1] = salt_bufs[salt_pos].salt_buf[ 5]; + salt_buf1[2] = salt_bufs[salt_pos].salt_buf[ 6]; + salt_buf1[3] = salt_bufs[salt_pos].salt_buf[ 7]; + salt_buf2[0] = salt_bufs[salt_pos].salt_buf[ 8]; + salt_buf2[1] = salt_bufs[salt_pos].salt_buf[ 9]; + salt_buf2[2] = salt_bufs[salt_pos].salt_buf[10]; + salt_buf2[3] = salt_bufs[salt_pos].salt_buf[11]; + salt_buf3[0] = salt_bufs[salt_pos].salt_buf[12]; + salt_buf3[1] = salt_bufs[salt_pos].salt_buf[13]; + salt_buf3[2] = salt_bufs[salt_pos].salt_buf[14]; + salt_buf3[3] = salt_bufs[salt_pos].salt_buf[15]; + + u32 salt_buf0_t[4]; + u32 salt_buf1_t[4]; + u32 salt_buf2_t[4]; + u32 salt_buf3_t[4]; + + salt_buf0_t[0] = salt_bufs[salt_pos].salt_buf[ 0]; + salt_buf0_t[1] = salt_bufs[salt_pos].salt_buf[ 1]; + salt_buf0_t[2] = salt_bufs[salt_pos].salt_buf[ 2]; + salt_buf0_t[3] = salt_bufs[salt_pos].salt_buf[ 3]; + salt_buf1_t[0] = salt_bufs[salt_pos].salt_buf[ 4]; + salt_buf1_t[1] = salt_bufs[salt_pos].salt_buf[ 5]; + salt_buf1_t[2] = salt_bufs[salt_pos].salt_buf[ 6]; + salt_buf1_t[3] = salt_bufs[salt_pos].salt_buf[ 7]; + salt_buf2_t[0] = salt_bufs[salt_pos].salt_buf[ 8]; + salt_buf2_t[1] = salt_bufs[salt_pos].salt_buf[ 9]; + salt_buf2_t[2] = salt_bufs[salt_pos].salt_buf[10]; + salt_buf2_t[3] = salt_bufs[salt_pos].salt_buf[11]; + salt_buf3_t[0] = salt_bufs[salt_pos].salt_buf[12]; + salt_buf3_t[1] = salt_bufs[salt_pos].salt_buf[13]; + salt_buf3_t[2] = salt_bufs[salt_pos].salt_buf[14]; + salt_buf3_t[3] = salt_bufs[salt_pos].salt_buf[15]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + const u32 pw_salt_len = pw_len + salt_len; + + const u32 salt_pw_salt_len = salt_len + pw_len + salt_len; + + switch_buffer_by_offset_le_S (salt_buf0_t, salt_buf1_t, salt_buf2_t, salt_buf3_t, pw_salt_len); + + salt_buf0[0] |= salt_buf0_t[0]; + salt_buf0[1] |= salt_buf0_t[1]; + salt_buf0[2] |= salt_buf0_t[2]; + salt_buf0[3] |= salt_buf0_t[3]; + salt_buf1[0] |= salt_buf1_t[0]; + salt_buf1[1] |= salt_buf1_t[1]; + salt_buf1[2] |= salt_buf1_t[2]; + salt_buf1[3] |= salt_buf1_t[3]; + salt_buf2[0] |= salt_buf2_t[0]; + salt_buf2[1] |= salt_buf2_t[1]; + salt_buf2[2] |= salt_buf2_t[2]; + salt_buf2[3] |= salt_buf2_t[3]; + salt_buf3[0] |= salt_buf3_t[0]; + salt_buf3[1] |= salt_buf3_t[1]; + salt_buf3[2] |= salt_buf3_t[2]; + salt_buf3[3] |= salt_buf3_t[3]; + + append_0x80_4x4_S (salt_buf0, salt_buf1, salt_buf2, salt_buf3, salt_pw_salt_len); + + /** + * loop + */ + + const u32 w0l = w0[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = ix_create_bft (bfs_buf, il_pos); + + const u32x w0lr = w0l | w0r; + + u32x t0[4]; + u32x t1[4]; + u32x t2[4]; + u32x t3[4]; + + t0[0] = hc_swap32 (w0lr ); + t0[1] = hc_swap32 (w0[1]); + t0[2] = hc_swap32 (w0[2]); + t0[3] = hc_swap32 (w0[3]); + t1[0] = hc_swap32 (w1[0]); + t1[1] = hc_swap32 (w1[1]); + t1[2] = hc_swap32 (w1[2]); + t1[3] = hc_swap32 (w1[3]); + t2[0] = hc_swap32 (w2[0]); + t2[1] = hc_swap32 (w2[1]); + t2[2] = hc_swap32 (w2[2]); + t2[3] = hc_swap32 (w2[3]); + t3[0] = hc_swap32 (w3[0]); + t3[1] = hc_swap32 (w3[1]); + t3[2] = hc_swap32 (w3[2]); + t3[3] = hc_swap32 (w3[3]); + + /** + * put the password after the first salt, but before the second salt + */ + + switch_buffer_by_offset_le (t0, t1, t2, t3, salt_len); + + t0[0] |= salt_buf0[0]; + t0[1] |= salt_buf0[1]; + t0[2] |= salt_buf0[2]; + t0[3] |= salt_buf0[3]; + t1[0] |= salt_buf1[0]; + t1[1] |= salt_buf1[1]; + t1[2] |= salt_buf1[2]; + t1[3] |= salt_buf1[3]; + t2[0] |= salt_buf2[0]; + t2[1] |= salt_buf2[1]; + t2[2] |= salt_buf2[2]; + t2[3] |= salt_buf2[3]; + t3[0] |= salt_buf3[0]; + t3[1] |= salt_buf3[1]; + + /** + * sha256 + */ + + u32x w0_t = hc_swap32 (t0[0]); + u32x w1_t = hc_swap32 (t0[1]); + u32x w2_t = hc_swap32 (t0[2]); + u32x w3_t = hc_swap32 (t0[3]); + u32x w4_t = hc_swap32 (t1[0]); + u32x w5_t = hc_swap32 (t1[1]); + u32x w6_t = hc_swap32 (t1[2]); + u32x w7_t = hc_swap32 (t1[3]); + u32x w8_t = hc_swap32 (t2[0]); + u32x w9_t = hc_swap32 (t2[1]); + u32x wa_t = hc_swap32 (t2[2]); + u32x wb_t = hc_swap32 (t2[3]); + u32x wc_t = hc_swap32 (t3[0]); + u32x wd_t = hc_swap32 (t3[1]); + u32x we_t = 0; + u32x wf_t = salt_pw_salt_len * 8; + + u32x a = SHA256M_A; + u32x b = SHA256M_B; + u32x c = SHA256M_C; + u32x d = SHA256M_D; + u32x e = SHA256M_E; + u32x f = SHA256M_F; + u32x g = SHA256M_G; + u32x h = SHA256M_H; + + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C00); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C01); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C02); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C03); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C04); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C05); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C06); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C07); + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C08); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C09); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C0a); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C0b); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C0c); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C0d); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C0e); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C0f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C10); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C11); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C12); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C13); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C14); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C15); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C16); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C17); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C18); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C19); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C1a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C1b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C1c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C1d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C1e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C1f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C20); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C21); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C22); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C23); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C24); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C25); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C26); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C27); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C28); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C29); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C2a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C2b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C2c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C2d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C2e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C2f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C30); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C31); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C32); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C33); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C34); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C35); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C36); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C37); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C38); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C39); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C3a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C3b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C3c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C3d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C3e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C3f); + + COMPARE_M_SIMD (d, h, c, g); + } +} + +DECLSPEC void m22300s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * reverse + */ + + u32 a_rev = digests_buf[digests_offset].digest_buf[0]; + u32 b_rev = digests_buf[digests_offset].digest_buf[1]; + u32 c_rev = digests_buf[digests_offset].digest_buf[2]; + u32 d_rev = digests_buf[digests_offset].digest_buf[3]; + u32 e_rev = digests_buf[digests_offset].digest_buf[4]; + u32 f_rev = digests_buf[digests_offset].digest_buf[5]; + u32 g_rev = digests_buf[digests_offset].digest_buf[6]; + u32 h_rev = digests_buf[digests_offset].digest_buf[7]; + + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + SHA256_STEP_REV (a_rev, b_rev, c_rev, d_rev, e_rev, f_rev, g_rev, h_rev); + + /** + * salt + */ + + u32 salt_buf0[4]; + u32 salt_buf1[4]; + u32 salt_buf2[4]; + u32 salt_buf3[4]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[ 0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[ 1]; + salt_buf0[2] = salt_bufs[salt_pos].salt_buf[ 2]; + salt_buf0[3] = salt_bufs[salt_pos].salt_buf[ 3]; + salt_buf1[0] = salt_bufs[salt_pos].salt_buf[ 4]; + salt_buf1[1] = salt_bufs[salt_pos].salt_buf[ 5]; + salt_buf1[2] = salt_bufs[salt_pos].salt_buf[ 6]; + salt_buf1[3] = salt_bufs[salt_pos].salt_buf[ 7]; + salt_buf2[0] = salt_bufs[salt_pos].salt_buf[ 8]; + salt_buf2[1] = salt_bufs[salt_pos].salt_buf[ 9]; + salt_buf2[2] = salt_bufs[salt_pos].salt_buf[10]; + salt_buf2[3] = salt_bufs[salt_pos].salt_buf[11]; + salt_buf3[0] = salt_bufs[salt_pos].salt_buf[12]; + salt_buf3[1] = salt_bufs[salt_pos].salt_buf[13]; + salt_buf3[2] = salt_bufs[salt_pos].salt_buf[14]; + salt_buf3[3] = salt_bufs[salt_pos].salt_buf[15]; + + u32 salt_buf0_t[4]; + u32 salt_buf1_t[4]; + u32 salt_buf2_t[4]; + u32 salt_buf3_t[4]; + + salt_buf0_t[0] = salt_bufs[salt_pos].salt_buf[ 0]; + salt_buf0_t[1] = salt_bufs[salt_pos].salt_buf[ 1]; + salt_buf0_t[2] = salt_bufs[salt_pos].salt_buf[ 2]; + salt_buf0_t[3] = salt_bufs[salt_pos].salt_buf[ 3]; + salt_buf1_t[0] = salt_bufs[salt_pos].salt_buf[ 4]; + salt_buf1_t[1] = salt_bufs[salt_pos].salt_buf[ 5]; + salt_buf1_t[2] = salt_bufs[salt_pos].salt_buf[ 6]; + salt_buf1_t[3] = salt_bufs[salt_pos].salt_buf[ 7]; + salt_buf2_t[0] = salt_bufs[salt_pos].salt_buf[ 8]; + salt_buf2_t[1] = salt_bufs[salt_pos].salt_buf[ 9]; + salt_buf2_t[2] = salt_bufs[salt_pos].salt_buf[10]; + salt_buf2_t[3] = salt_bufs[salt_pos].salt_buf[11]; + salt_buf3_t[0] = salt_bufs[salt_pos].salt_buf[12]; + salt_buf3_t[1] = salt_bufs[salt_pos].salt_buf[13]; + salt_buf3_t[2] = salt_bufs[salt_pos].salt_buf[14]; + salt_buf3_t[3] = salt_bufs[salt_pos].salt_buf[15]; + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + const u32 pw_salt_len = pw_len + salt_len; + + const u32 salt_pw_salt_len = salt_len + pw_len + salt_len; + + switch_buffer_by_offset_le_S (salt_buf0_t, salt_buf1_t, salt_buf2_t, salt_buf3_t, pw_salt_len); + + salt_buf0[0] |= salt_buf0_t[0]; + salt_buf0[1] |= salt_buf0_t[1]; + salt_buf0[2] |= salt_buf0_t[2]; + salt_buf0[3] |= salt_buf0_t[3]; + salt_buf1[0] |= salt_buf1_t[0]; + salt_buf1[1] |= salt_buf1_t[1]; + salt_buf1[2] |= salt_buf1_t[2]; + salt_buf1[3] |= salt_buf1_t[3]; + salt_buf2[0] |= salt_buf2_t[0]; + salt_buf2[1] |= salt_buf2_t[1]; + salt_buf2[2] |= salt_buf2_t[2]; + salt_buf2[3] |= salt_buf2_t[3]; + salt_buf3[0] |= salt_buf3_t[0]; + salt_buf3[1] |= salt_buf3_t[1]; + salt_buf3[2] |= salt_buf3_t[2]; + salt_buf3[3] |= salt_buf3_t[3]; + + append_0x80_4x4_S (salt_buf0, salt_buf1, salt_buf2, salt_buf3, salt_pw_salt_len); + + /** + * loop + */ + + const u32 w0l = w0[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = ix_create_bft (bfs_buf, il_pos); + + const u32x w0lr = w0l | w0r; + + u32x t0[4]; + u32x t1[4]; + u32x t2[4]; + u32x t3[4]; + + t0[0] = hc_swap32 (w0lr ); + t0[1] = hc_swap32 (w0[1]); + t0[2] = hc_swap32 (w0[2]); + t0[3] = hc_swap32 (w0[3]); + t1[0] = hc_swap32 (w1[0]); + t1[1] = hc_swap32 (w1[1]); + t1[2] = hc_swap32 (w1[2]); + t1[3] = hc_swap32 (w1[3]); + t2[0] = hc_swap32 (w2[0]); + t2[1] = hc_swap32 (w2[1]); + t2[2] = hc_swap32 (w2[2]); + t2[3] = hc_swap32 (w2[3]); + t3[0] = hc_swap32 (w3[0]); + t3[1] = hc_swap32 (w3[1]); + t3[2] = hc_swap32 (w3[2]); + t3[3] = hc_swap32 (w3[3]); + + /** + * put the password after the first salt, but before the second salt + */ + + switch_buffer_by_offset_le (t0, t1, t2, t3, salt_len); + + t0[0] |= salt_buf0[0]; + t0[1] |= salt_buf0[1]; + t0[2] |= salt_buf0[2]; + t0[3] |= salt_buf0[3]; + t1[0] |= salt_buf1[0]; + t1[1] |= salt_buf1[1]; + t1[2] |= salt_buf1[2]; + t1[3] |= salt_buf1[3]; + t2[0] |= salt_buf2[0]; + t2[1] |= salt_buf2[1]; + t2[2] |= salt_buf2[2]; + t2[3] |= salt_buf2[3]; + t3[0] |= salt_buf3[0]; + t3[1] |= salt_buf3[1]; + + /** + * sha256 + */ + + u32x w0_t = hc_swap32 (t0[0]); + u32x w1_t = hc_swap32 (t0[1]); + u32x w2_t = hc_swap32 (t0[2]); + u32x w3_t = hc_swap32 (t0[3]); + u32x w4_t = hc_swap32 (t1[0]); + u32x w5_t = hc_swap32 (t1[1]); + u32x w6_t = hc_swap32 (t1[2]); + u32x w7_t = hc_swap32 (t1[3]); + u32x w8_t = hc_swap32 (t2[0]); + u32x w9_t = hc_swap32 (t2[1]); + u32x wa_t = hc_swap32 (t2[2]); + u32x wb_t = hc_swap32 (t2[3]); + u32x wc_t = hc_swap32 (t3[0]); + u32x wd_t = hc_swap32 (t3[1]); + u32x we_t = 0; + u32x wf_t = salt_pw_salt_len * 8; + + u32x a = SHA256M_A; + u32x b = SHA256M_B; + u32x c = SHA256M_C; + u32x d = SHA256M_D; + u32x e = SHA256M_E; + u32x f = SHA256M_F; + u32x g = SHA256M_G; + u32x h = SHA256M_H; + + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C00); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C01); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C02); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C03); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C04); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C05); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C06); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C07); + SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C08); + SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C09); + SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C0a); + SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C0b); + SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C0c); + SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C0d); + SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C0e); + SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C0f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C10); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C11); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C12); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C13); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C14); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C15); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C16); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C17); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C18); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C19); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C1a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C1b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C1c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C1d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C1e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C1f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C20); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C21); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C22); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C23); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C24); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C25); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C26); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C27); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C28); + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C29); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C2a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C2b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C2c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C2d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C2e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C2f); + + w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C30); + w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C31); + w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C32); + w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C33); + w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C34); + w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C35); + w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C36); + w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C37); + w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C38); + + if (MATCHES_NONE_VS (h, d_rev)) continue; + + w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C39); + wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C3a); + wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C3b); + wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C3c); + wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C3d); + we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C3e); + wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C3f); + + COMPARE_S_SIMD (d, h, c, g); + } +} + +KERNEL_FQ void m22300_m04 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + + u32 w2[4]; + + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + + u32 w3[4]; + + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22300m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22300_m08 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + u32 w2[4]; + + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + + u32 w3[4]; + + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22300m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22300_m16 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + u32 w2[4]; + + w2[0] = pws[gid].i[ 8]; + w2[1] = pws[gid].i[ 9]; + w2[2] = pws[gid].i[10]; + w2[3] = pws[gid].i[11]; + + u32 w3[4]; + + w3[0] = pws[gid].i[12]; + w3[1] = pws[gid].i[13]; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22300m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22300_s04 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + + u32 w2[4]; + + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + + u32 w3[4]; + + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22300s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22300_s08 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + u32 w2[4]; + + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + + u32 w3[4]; + + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22300s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22300_s16 (KERN_ATTR_BASIC ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + u32 w2[4]; + + w2[0] = pws[gid].i[ 8]; + w2[1] = pws[gid].i[ 9]; + w2[2] = pws[gid].i[10]; + w2[3] = pws[gid].i[11]; + + u32 w3[4]; + + w3[0] = pws[gid].i[12]; + w3[1] = pws[gid].i[13]; + w3[2] = 0; + w3[3] = 0; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22300s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} diff --git a/OpenCL/m22300_a3-pure.cl b/OpenCL/m22300_a3-pure.cl new file mode 100644 index 000000000..398027754 --- /dev/null +++ b/OpenCL/m22300_a3-pure.cl @@ -0,0 +1,171 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha256.cl" +#endif + +KERNEL_FQ void m22300_mxx (KERN_ATTR_VECTOR ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + u32x w[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + { + w[idx] = pws[gid].i[idx]; + } + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + u32x s[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < salt_len; i += 4, idx += 1) + { + s[idx] = hc_swap32 (salt_bufs[salt_pos].salt_buf[idx]); + } + + sha256_ctx_t ctx0; + + sha256_init (&ctx0); + + sha256_update_global_swap (&ctx0, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); + + /** + * loop + */ + + u32x w0l = w[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32x w0 = w0l | w0r; + + w[0] = w0; + + sha256_ctx_vector_t ctx; + + sha256_init_vector_from_scalar (&ctx, &ctx0); + + sha256_update_vector (&ctx, w, pw_len); + + sha256_update_vector (&ctx, s, salt_len); + + sha256_final_vector (&ctx); + + const u32x r0 = ctx.h[DGST_R0]; + const u32x r1 = ctx.h[DGST_R1]; + const u32x r2 = ctx.h[DGST_R2]; + const u32x r3 = ctx.h[DGST_R3]; + + COMPARE_M_SIMD (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m22300_sxx (KERN_ATTR_VECTOR ()) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + digests_buf[digests_offset].digest_buf[DGST_R2], + digests_buf[digests_offset].digest_buf[DGST_R3] + }; + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + u32x w[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + { + w[idx] = pws[gid].i[idx]; + } + + const u32 salt_len = salt_bufs[salt_pos].salt_len; + + u32x s[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < salt_len; i += 4, idx += 1) + { + s[idx] = hc_swap32 (salt_bufs[salt_pos].salt_buf[idx]); + } + + sha256_ctx_t ctx0; + + sha256_init (&ctx0); + + sha256_update_global_swap (&ctx0, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); + + /** + * loop + */ + + u32x w0l = w[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32x w0 = w0l | w0r; + + w[0] = w0; + + sha256_ctx_vector_t ctx; + + sha256_init_vector_from_scalar (&ctx, &ctx0); + + sha256_update_vector (&ctx, w, pw_len); + + sha256_update_vector (&ctx, s, salt_len); + + sha256_final_vector (&ctx); + + const u32x r0 = ctx.h[DGST_R0]; + const u32x r1 = ctx.h[DGST_R1]; + const u32x r2 = ctx.h[DGST_R2]; + const u32x r3 = ctx.h[DGST_R3]; + + COMPARE_S_SIMD (r0, r1, r2, r3); + } +} diff --git a/docs/changes.txt b/docs/changes.txt index 5d36cd84a..b98db01d7 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -55,7 +55,8 @@ - Added hash-mode: sha1(md5($pass).$salt) - Added hash-mode: sha1($salt1.$pass.$salt2) - Added hash-mode: sha256(md5($pass)) -- Added hash-mode: sha256(sha256_bin(pass)) +- Added hash-mode: sha256($salt.$pass.$salt) +- Added hash-mode: sha256(sha256_bin($pass)) - Added hash-mode: sha256(sha256($pass).$salt) - Added hash-mode: SolarWinds Orion - Added hash-mode: Web2py pbkdf2-sha512 diff --git a/docs/readme.txt b/docs/readme.txt index 003176bd8..c52413052 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -69,7 +69,6 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - Keccak-256 - Keccak-384 - Keccak-512 -- sha256(sha256_bin(pass)) - Whirlpool - SipHash - BitShares v0.x - sha512(sha512_bin(pass)) @@ -103,9 +102,11 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - sha1(utf16le($pass).$salt) - sha256($pass.$salt) - sha256($salt.$pass) +- sha256($salt.$pass.$salt) - sha256($salt.utf16le($pass)) - sha256(md5($pass)) - sha256(sha256($pass).$salt) +- sha256(sha256_bin($pass)) - sha256(utf16le($pass).$salt) - sha512($pass.$salt) - sha512($salt.$pass) diff --git a/src/modules/module_21400.c b/src/modules/module_21400.c index dc92ef5c8..daaa73b0a 100644 --- a/src/modules/module_21400.c +++ b/src/modules/module_21400.c @@ -17,7 +17,7 @@ static const u32 DGST_POS2 = 2; static const u32 DGST_POS3 = 6; static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_RAW_HASH; -static const char *HASH_NAME = "sha256(sha256_bin(pass))"; +static const char *HASH_NAME = "sha256(sha256_bin($pass))"; static const u64 KERN_TYPE = 21400; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_PRECOMPUTE_INIT diff --git a/src/modules/module_22300.c b/src/modules/module_22300.c new file mode 100644 index 000000000..9432c3a27 --- /dev/null +++ b/src/modules/module_22300.c @@ -0,0 +1,251 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 3; +static const u32 DGST_POS1 = 7; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 6; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_RAW_HASH_SALTED; +static const char *HASH_NAME = "sha256($salt.$pass.$salt)"; +static const u64 KERN_TYPE = 22300; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_EARLY_SKIP + | OPTI_TYPE_NOT_ITERATED + | OPTI_TYPE_RAW_HASH; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_BE; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "755a8ce4e0cf0baee41d714aa35c9fca803106608f718f973eab006578285007:11265"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 2; + + token.sep[0] = hashconfig->separator; + token.len_min[0] = 64; + token.len_max[0] = 64; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[1] = SALT_MIN; + token.len_max[1] = SALT_MAX; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + if (hashconfig->opts_type & OPTS_TYPE_ST_HEX) + { + token.len_min[1] *= 2; + token.len_max[1] *= 2; + + token.attr[1] |= TOKEN_ATTR_VERIFY_HEX; + } + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *hash_pos = token.buf[0]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + digest[4] = hex_to_u32 (hash_pos + 32); + digest[5] = hex_to_u32 (hash_pos + 40); + digest[6] = hex_to_u32 (hash_pos + 48); + digest[7] = hex_to_u32 (hash_pos + 56); + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + digest[4] = byte_swap_32 (digest[4]); + digest[5] = byte_swap_32 (digest[5]); + digest[6] = byte_swap_32 (digest[6]); + digest[7] = byte_swap_32 (digest[7]); + + if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) + { + digest[0] -= SHA256M_A; + digest[1] -= SHA256M_B; + digest[2] -= SHA256M_C; + digest[3] -= SHA256M_D; + digest[4] -= SHA256M_E; + digest[5] -= SHA256M_F; + digest[6] -= SHA256M_G; + digest[7] -= SHA256M_H; + } + + const u8 *salt_pos = token.buf[1]; + const int salt_len = token.len[1]; + + const bool parse_rc = generic_salt_decode (hashconfig, salt_pos, salt_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + // we can not change anything in the original buffer, otherwise destroying sorting + // therefore create some local buffer + + u32 tmp[8]; + + tmp[0] = digest[0]; + tmp[1] = digest[1]; + tmp[2] = digest[2]; + tmp[3] = digest[3]; + tmp[4] = digest[4]; + tmp[5] = digest[5]; + tmp[6] = digest[6]; + tmp[7] = digest[7]; + + if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) + { + tmp[0] += SHA256M_A; + tmp[1] += SHA256M_B; + tmp[2] += SHA256M_C; + tmp[3] += SHA256M_D; + tmp[4] += SHA256M_E; + tmp[5] += SHA256M_F; + tmp[6] += SHA256M_G; + tmp[7] += SHA256M_H; + } + + tmp[0] = byte_swap_32 (tmp[0]); + tmp[1] = byte_swap_32 (tmp[1]); + tmp[2] = byte_swap_32 (tmp[2]); + tmp[3] = byte_swap_32 (tmp[3]); + tmp[4] = byte_swap_32 (tmp[4]); + tmp[5] = byte_swap_32 (tmp[5]); + tmp[6] = byte_swap_32 (tmp[6]); + tmp[7] = byte_swap_32 (tmp[7]); + + u8 *out_buf = (u8 *) line_buf; + + int out_len = 0; + + u32_to_hex (tmp[0], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[1], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[2], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[3], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[4], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[5], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[6], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[7], out_buf + out_len); out_len += 8; + + out_buf[out_len] = hashconfig->separator; + + out_len += 1; + + out_len += generic_salt_encode (hashconfig, (const u8 *) salt->salt_buf, (const int) salt->salt_len, out_buf + out_len); + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m22300.pm b/tools/test_modules/m22300.pm new file mode 100644 index 000000000..e6cda0756 --- /dev/null +++ b/tools/test_modules/m22300.pm @@ -0,0 +1,44 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::SHA qw (sha256_hex); + +sub module_constraints { [[0, 256], [0, 127], [0, 27], [0, 27], [0, 27]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + + my $digest = sha256_hex ($salt . $word . $salt); + + my $hash = sprintf ("%s:%s", $digest, $salt); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my ($hash, $salt, $word) = split (':', $line); + + return unless defined $hash; + return unless defined $salt; + return unless defined $word; + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt); + + return ($new_hash, $word); +} + +1; From 706727ad64e5ed6aceb5adbbd0d49b01ebc118b6 Mon Sep 17 00:00:00 2001 From: philsmd Date: Wed, 15 Jan 2020 09:18:41 +0100 Subject: [PATCH 155/300] Fixed #1534: added -m 22301 = Telegram (SHA256) --- docs/changes.txt | 1 + docs/readme.txt | 1 + src/modules/module_22301.c | 253 +++++++++++++++++++++++++++++++++++ tools/test_modules/m22301.pm | 58 ++++++++ 4 files changed, 313 insertions(+) create mode 100644 src/modules/module_22301.c create mode 100644 tools/test_modules/m22301.pm diff --git a/docs/changes.txt b/docs/changes.txt index b98db01d7..e94b39baf 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -59,6 +59,7 @@ - Added hash-mode: sha256(sha256_bin($pass)) - Added hash-mode: sha256(sha256($pass).$salt) - Added hash-mode: SolarWinds Orion +- Added hash-mode: Telegram (SHA256) - Added hash-mode: Web2py pbkdf2-sha512 - Added hash-mode: WPA-PBKDF2-PMKID+EAPOL - Added hash-mode: WPA-PMK-PMKID+EAPOL diff --git a/docs/readme.txt b/docs/readme.txt index c52413052..570999d3b 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -161,6 +161,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - NetNTLMv1 / NetNTLMv1+ESS - NetNTLMv2 - Skype +- Telegram (SHA256) - PostgreSQL CRAM (MD5) - MySQL CRAM (SHA1) - RACF diff --git a/src/modules/module_22301.c b/src/modules/module_22301.c new file mode 100644 index 000000000..e45ed713a --- /dev/null +++ b/src/modules/module_22301.c @@ -0,0 +1,253 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 3; +static const u32 DGST_POS1 = 7; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 6; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_RAW_HASH_SALTED; +static const char *HASH_NAME = "Telegram (SHA256)"; +static const u64 KERN_TYPE = 22300; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_EARLY_SKIP + | OPTI_TYPE_NOT_ITERATED + | OPTI_TYPE_RAW_HASH; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_BE; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$telegram$1*518c001aeb3b4ae96c6173be4cebe60a85f67b1e087b045935849e2f815b5e41*25184098058621950709328221838128"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +static const char *SIGNATURE_TELEGRAM = "$telegram$"; + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 4; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_TELEGRAM; + + token.len[0] = 10; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 64; + token.len_max[2] = 64; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[3] = 32; + token.len_max[3] = 32; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *version_pos = token.buf[1]; + + if (version_pos[0] != '1') return (PARSER_SALT_VALUE); + + const u8 *hash_pos = token.buf[2]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + digest[4] = hex_to_u32 (hash_pos + 32); + digest[5] = hex_to_u32 (hash_pos + 40); + digest[6] = hex_to_u32 (hash_pos + 48); + digest[7] = hex_to_u32 (hash_pos + 56); + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + digest[4] = byte_swap_32 (digest[4]); + digest[5] = byte_swap_32 (digest[5]); + digest[6] = byte_swap_32 (digest[6]); + digest[7] = byte_swap_32 (digest[7]); + + if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) + { + digest[0] -= SHA256M_A; + digest[1] -= SHA256M_B; + digest[2] -= SHA256M_C; + digest[3] -= SHA256M_D; + digest[4] -= SHA256M_E; + digest[5] -= SHA256M_F; + digest[6] -= SHA256M_G; + digest[7] -= SHA256M_H; + } + + const u8 *salt_pos = token.buf[3]; + + salt->salt_buf[0] = hex_to_u32 (salt_pos + 0); + salt->salt_buf[1] = hex_to_u32 (salt_pos + 8); + salt->salt_buf[2] = hex_to_u32 (salt_pos + 16); + salt->salt_buf[3] = hex_to_u32 (salt_pos + 24); + + salt->salt_len = 16; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + // we can not change anything in the original buffer, otherwise destroying sorting + // therefore create some local buffer + + u32 tmp[8]; + + tmp[0] = digest[0]; + tmp[1] = digest[1]; + tmp[2] = digest[2]; + tmp[3] = digest[3]; + tmp[4] = digest[4]; + tmp[5] = digest[5]; + tmp[6] = digest[6]; + tmp[7] = digest[7]; + + if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) + { + tmp[0] += SHA256M_A; + tmp[1] += SHA256M_B; + tmp[2] += SHA256M_C; + tmp[3] += SHA256M_D; + tmp[4] += SHA256M_E; + tmp[5] += SHA256M_F; + tmp[6] += SHA256M_G; + tmp[7] += SHA256M_H; + } + + const int line_len = snprintf (line_buf, line_size, "%s%i*%08x%08x%08x%08x%08x%08x%08x%08x*%08x%08x%08x%08x", + SIGNATURE_TELEGRAM, + 1, + tmp[0], + tmp[1], + tmp[2], + tmp[3], + tmp[4], + tmp[5], + tmp[6], + tmp[7], + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1]), + byte_swap_32 (salt->salt_buf[2]), + byte_swap_32 (salt->salt_buf[3])); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m22301.pm b/tools/test_modules/m22301.pm new file mode 100644 index 000000000..6a3a32e79 --- /dev/null +++ b/tools/test_modules/m22301.pm @@ -0,0 +1,58 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::SHA qw (sha256_hex); + +sub module_constraints { [[0, 256], [32, 32], [0, 55], [32, 32], [0, 55]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + + my $salt_bin = pack ("H*", $salt); + + my $digest = sha256_hex ($salt_bin . $word . $salt_bin); + + my $hash = sprintf ("\$telegram\$1*%s*%s", $digest, $salt); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my ($hash, $word) = split (':', $line); + + my @data = split ('\*', $hash); + + return unless (scalar (@data) == 3); + + return unless (substr ($data[0], 0, 10) eq '$telegram$'); + + my $version = substr ($data[0], 10); + + return unless ($version eq "1"); + + my $digest = $data[1]; + my $salt = $data[2]; + + return unless (length ($digest) eq 64); + return unless (length ($salt) eq 32); # hex length + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt); + + return ($new_hash, $word); +} + +1; From ce9b9ef015a9d243b61943c4b7cbe33fb981677f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 15 Jan 2020 10:22:28 +0100 Subject: [PATCH 156/300] Fix compiler warnings in -m 18700 pure mode --- OpenCL/m18700_a1-pure.cl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenCL/m18700_a1-pure.cl b/OpenCL/m18700_a1-pure.cl index 1f69f8e90..2a34b7911 100644 --- a/OpenCL/m18700_a1-pure.cl +++ b/OpenCL/m18700_a1-pure.cl @@ -14,7 +14,7 @@ #include "inc_hash_md5.cl" #endif -DECLSPEC u32 hashCode_g (const u32 init, GLOBAL_AS u32 *w, const u32 pw_len) +DECLSPEC u32 hashCode_g (const u32 init, GLOBAL_AS const u32 *w, const u32 pw_len) { u32 hash = init; From ae03120981bbac206dfb38696a7ebc4499ba149c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 15 Jan 2020 10:33:36 +0100 Subject: [PATCH 157/300] Update HASH_NAME in -m 22301 --- docs/changes.txt | 2 +- docs/readme.txt | 2 +- src/modules/module_22301.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index e94b39baf..48769885c 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -59,7 +59,7 @@ - Added hash-mode: sha256(sha256_bin($pass)) - Added hash-mode: sha256(sha256($pass).$salt) - Added hash-mode: SolarWinds Orion -- Added hash-mode: Telegram (SHA256) +- Added hash-mode: Telegram client app passcode (SHA256) - Added hash-mode: Web2py pbkdf2-sha512 - Added hash-mode: WPA-PBKDF2-PMKID+EAPOL - Added hash-mode: WPA-PMK-PMKID+EAPOL diff --git a/docs/readme.txt b/docs/readme.txt index 570999d3b..d46c16d92 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -161,7 +161,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - NetNTLMv1 / NetNTLMv1+ESS - NetNTLMv2 - Skype -- Telegram (SHA256) +- Telegram client app passcode (SHA256) - PostgreSQL CRAM (MD5) - MySQL CRAM (SHA1) - RACF diff --git a/src/modules/module_22301.c b/src/modules/module_22301.c index e45ed713a..9f87465c7 100644 --- a/src/modules/module_22301.c +++ b/src/modules/module_22301.c @@ -17,7 +17,7 @@ static const u32 DGST_POS2 = 2; static const u32 DGST_POS3 = 6; static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_RAW_HASH_SALTED; -static const char *HASH_NAME = "Telegram (SHA256)"; +static const char *HASH_NAME = "Telegram client app passcode (SHA256)"; static const u64 KERN_TYPE = 22300; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_PRECOMPUTE_INIT From e72bd958baf684fb5b5d181c1e1fa91483556555 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 15 Jan 2020 20:27:08 +0100 Subject: [PATCH 158/300] Fix some formating --- src/modules/module_00300.c | 10 +++++----- src/modules/module_01300.c | 14 +++++++------- src/modules/module_01700.c | 16 ++++++++-------- src/modules/module_15000.c | 16 ++++++++-------- src/modules/module_21000.c | 16 ++++++++-------- src/modules/module_22200.c | 16 ++++++++-------- src/user_options.c | 2 +- tools/benchmark_deep.pl | 2 +- 8 files changed, 46 insertions(+), 46 deletions(-) diff --git a/src/modules/module_00300.c b/src/modules/module_00300.c index 3764d565b..00fccfe0a 100644 --- a/src/modules/module_00300.c +++ b/src/modules/module_00300.c @@ -121,11 +121,11 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE u8 *out_buf = (u8 *) line_buf; - u32_to_hex (tmp[0], out_buf + 0); - u32_to_hex (tmp[1], out_buf + 8); - u32_to_hex (tmp[2], out_buf + 16); - u32_to_hex (tmp[3], out_buf + 24); - u32_to_hex (tmp[4], out_buf + 32); + u32_to_hex (tmp[0], out_buf + 0); + u32_to_hex (tmp[1], out_buf + 8); + u32_to_hex (tmp[2], out_buf + 16); + u32_to_hex (tmp[3], out_buf + 24); + u32_to_hex (tmp[4], out_buf + 32); const int out_len = 40; diff --git a/src/modules/module_01300.c b/src/modules/module_01300.c index 3d0172a4a..7811626e7 100644 --- a/src/modules/module_01300.c +++ b/src/modules/module_01300.c @@ -134,13 +134,13 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE u8 *out_buf = (u8 *) line_buf; - u32_to_hex (tmp[ 0], out_buf + 0); - u32_to_hex (tmp[ 1], out_buf + 8); - u32_to_hex (tmp[ 2], out_buf + 16); - u32_to_hex (tmp[ 3], out_buf + 24); - u32_to_hex (tmp[ 4], out_buf + 32); - u32_to_hex (tmp[ 5], out_buf + 40); - u32_to_hex (tmp[ 6], out_buf + 48); + u32_to_hex (tmp[ 0], out_buf + 0); + u32_to_hex (tmp[ 1], out_buf + 8); + u32_to_hex (tmp[ 2], out_buf + 16); + u32_to_hex (tmp[ 3], out_buf + 24); + u32_to_hex (tmp[ 4], out_buf + 32); + u32_to_hex (tmp[ 5], out_buf + 40); + u32_to_hex (tmp[ 6], out_buf + 48); const int out_len = 56; diff --git a/src/modules/module_01700.c b/src/modules/module_01700.c index fda53c0e0..79b5cb8b8 100644 --- a/src/modules/module_01700.c +++ b/src/modules/module_01700.c @@ -142,14 +142,14 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE u8 *out_buf = (u8 *) line_buf; - u64_to_hex (tmp[0], out_buf + 0); - u64_to_hex (tmp[1], out_buf + 16); - u64_to_hex (tmp[2], out_buf + 32); - u64_to_hex (tmp[3], out_buf + 48); - u64_to_hex (tmp[4], out_buf + 64); - u64_to_hex (tmp[5], out_buf + 80); - u64_to_hex (tmp[6], out_buf + 96); - u64_to_hex (tmp[7], out_buf + 112); + u64_to_hex (tmp[0], out_buf + 0); + u64_to_hex (tmp[1], out_buf + 16); + u64_to_hex (tmp[2], out_buf + 32); + u64_to_hex (tmp[3], out_buf + 48); + u64_to_hex (tmp[4], out_buf + 64); + u64_to_hex (tmp[5], out_buf + 80); + u64_to_hex (tmp[6], out_buf + 96); + u64_to_hex (tmp[7], out_buf + 112); const int out_len = 128; diff --git a/src/modules/module_15000.c b/src/modules/module_15000.c index ea57ea224..3ccc9c068 100644 --- a/src/modules/module_15000.c +++ b/src/modules/module_15000.c @@ -188,14 +188,14 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE int out_len = 0; - u64_to_hex (tmp[0], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[1], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[2], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[3], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[4], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[5], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[6], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[7], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[0], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[1], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[2], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[3], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[4], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[5], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[6], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[7], out_buf + out_len); out_len += 16; out_buf[out_len] = hashconfig->separator; diff --git a/src/modules/module_21000.c b/src/modules/module_21000.c index 41e32c006..737d3679f 100644 --- a/src/modules/module_21000.c +++ b/src/modules/module_21000.c @@ -142,14 +142,14 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE u8 *out_buf = (u8 *) line_buf; - u64_to_hex (tmp[0], out_buf + 0); - u64_to_hex (tmp[1], out_buf + 16); - u64_to_hex (tmp[2], out_buf + 32); - u64_to_hex (tmp[3], out_buf + 48); - u64_to_hex (tmp[4], out_buf + 64); - u64_to_hex (tmp[5], out_buf + 80); - u64_to_hex (tmp[6], out_buf + 96); - u64_to_hex (tmp[7], out_buf + 112); + u64_to_hex (tmp[0], out_buf + 0); + u64_to_hex (tmp[1], out_buf + 16); + u64_to_hex (tmp[2], out_buf + 32); + u64_to_hex (tmp[3], out_buf + 48); + u64_to_hex (tmp[4], out_buf + 64); + u64_to_hex (tmp[5], out_buf + 80); + u64_to_hex (tmp[6], out_buf + 96); + u64_to_hex (tmp[7], out_buf + 112); const int out_len = 128; diff --git a/src/modules/module_22200.c b/src/modules/module_22200.c index 04ec5fd81..d9ba12286 100644 --- a/src/modules/module_22200.c +++ b/src/modules/module_22200.c @@ -175,14 +175,14 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE memcpy (out_buf + out_len, tmp_salt, 8); out_len += 8; - u64_to_hex (tmp[0], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[1], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[2], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[3], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[4], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[5], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[6], out_buf + out_len); out_len += 16; - u64_to_hex (tmp[7], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[0], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[1], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[2], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[3], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[4], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[5], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[6], out_buf + out_len); out_len += 16; + u64_to_hex (tmp[7], out_buf + out_len); out_len += 16; return out_len; } diff --git a/src/user_options.c b/src/user_options.c index a395850f4..e6811f87e 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -399,7 +399,7 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_RESTORE_DISABLE: user_options->restore_disable = true; break; case IDX_RESTORE_FILE_PATH: user_options->restore_file_path = optarg; break; case IDX_STATUS: user_options->status = true; break; - case IDX_STATUS_JSON: user_options->status_json = true; break; + case IDX_STATUS_JSON: user_options->status_json = true; break; case IDX_STATUS_TIMER: user_options->status_timer = hc_strtoul (optarg, NULL, 10); break; case IDX_MACHINE_READABLE: user_options->machine_readable = true; break; case IDX_LOOPBACK: user_options->loopback = true; break; diff --git a/tools/benchmark_deep.pl b/tools/benchmark_deep.pl index e75332dba..a8ab578bf 100755 --- a/tools/benchmark_deep.pl +++ b/tools/benchmark_deep.pl @@ -8,7 +8,7 @@ my $amd_cache = "~/.AMD"; my $hashcat_path = "."; my $kernels_cache = "$hashcat_path/kernels"; my $hashcat_bin = "$hashcat_path/hashcat"; -my $device = 1; +my $device = 5; my $workload_profile = 3; my $runtime = 24; my $sleep_sec = 12; From da7a13afcb0a4df43ddc920302ec3b842502b363 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 15 Jan 2020 20:33:26 +0100 Subject: [PATCH 159/300] Fix some formating --- OpenCL/inc_zip_inflate.cl | 2 +- OpenCL/m20900_a1-pure.cl | 2 +- OpenCL/m21200_a1-pure.cl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/OpenCL/inc_zip_inflate.cl b/OpenCL/inc_zip_inflate.cl index b980e4674..d05f6a792 100644 --- a/OpenCL/inc_zip_inflate.cl +++ b/OpenCL/inc_zip_inflate.cl @@ -866,7 +866,7 @@ DECLSPEC tinfl_status tinfl_decompress(tinfl_decompressor *r, MAYBE_GLOBAL const pOut_buf_cur[2] = pSrc[2]; pOut_buf_cur += 3; pSrc += 3; - counter -= 3; + counter -= 3; } if (counter > 0) { diff --git a/OpenCL/m20900_a1-pure.cl b/OpenCL/m20900_a1-pure.cl index 7c8474c56..710fa8be2 100644 --- a/OpenCL/m20900_a1-pure.cl +++ b/OpenCL/m20900_a1-pure.cl @@ -80,7 +80,7 @@ KERNEL_FQ void m20900_mxx (KERN_ATTR_BASIC ()) u32 w1[4]; u32 w2[4]; u32 w3[4]; - + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) { sha1_ctx_t ctx0 = ctx00; diff --git a/OpenCL/m21200_a1-pure.cl b/OpenCL/m21200_a1-pure.cl index c06f0d633..4442de477 100644 --- a/OpenCL/m21200_a1-pure.cl +++ b/OpenCL/m21200_a1-pure.cl @@ -97,7 +97,7 @@ KERNEL_FQ void m21200_mxx (KERN_ATTR_BASIC ()) u32 w1[4]; u32 w2[4]; u32 w3[4]; - + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) { md5_ctx_t ctx1 = ctx11; From 4887cc47b85f5fb1675fa197796d2b3b2b246305 Mon Sep 17 00:00:00 2001 From: philsmd Date: Thu, 16 Jan 2020 12:15:17 +0100 Subject: [PATCH 160/300] Fixes #2267: added support for -m 22400 = AES Crypt (SHA256) --- OpenCL/m22400-pure.cl | 236 +++++++++++++++++++++++++ docs/changes.txt | 1 + docs/readme.txt | 1 + src/modules/module_22400.c | 325 +++++++++++++++++++++++++++++++++++ tools/aescrypt2hashcat.pl | 131 ++++++++++++++ tools/test_modules/m22400.pm | 89 ++++++++++ 6 files changed, 783 insertions(+) create mode 100644 OpenCL/m22400-pure.cl create mode 100644 src/modules/module_22400.c create mode 100755 tools/aescrypt2hashcat.pl create mode 100644 tools/test_modules/m22400.pm diff --git a/OpenCL/m22400-pure.cl b/OpenCL/m22400-pure.cl new file mode 100644 index 000000000..68054989c --- /dev/null +++ b/OpenCL/m22400-pure.cl @@ -0,0 +1,236 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha256.cl" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +typedef struct aescrypt +{ + u32 iv[4]; + u32 key[8]; + +} aescrypt_t; + +typedef struct aescrypt_tmp +{ + u32 dgst[8]; + u32 pass[128]; + u32 len; + +} aescrypt_tmp_t; + +KERNEL_FQ void m22400_init (KERN_ATTR_TMPS_ESALT (aescrypt_tmp_t, aescrypt_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + // salt: + + u32 s[16] = { 0 }; // 64-byte aligned + + s[0] = salt_bufs[salt_pos].salt_buf[0]; + s[1] = salt_bufs[salt_pos].salt_buf[1]; + s[2] = salt_bufs[salt_pos].salt_buf[2]; + s[3] = salt_bufs[salt_pos].salt_buf[3]; + + // convert password to utf16le: + + const u32 pw_len = pws[gid].pw_len; + + const u32 pw_len_utf16le = pw_len * 2; + + u32 w[128] = { 0 }; + + for (u32 i = 0, j = 0; i < 64; i += 4, j += 8) + { + u32 in[4]; + + in[0] = pws[gid].i[i + 0]; + in[1] = pws[gid].i[i + 1]; + in[2] = pws[gid].i[i + 2]; + in[3] = pws[gid].i[i + 3]; + + u32 out0[4]; + u32 out1[4]; + + make_utf16le_S (in, out0, out1); + + w[j + 0] = hc_swap32_S (out0[0]); + w[j + 1] = hc_swap32_S (out0[1]); + w[j + 2] = hc_swap32_S (out0[2]); + w[j + 3] = hc_swap32_S (out0[3]); + + w[j + 4] = hc_swap32_S (out1[0]); + w[j + 5] = hc_swap32_S (out1[1]); + w[j + 6] = hc_swap32_S (out1[2]); + w[j + 7] = hc_swap32_S (out1[3]); + } + + // sha256: + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, s, 32); + sha256_update (&ctx, w, pw_len_utf16le); + sha256_final (&ctx); + + // set tmps: + + tmps[gid].dgst[0] = ctx.h[0]; + tmps[gid].dgst[1] = ctx.h[1]; + tmps[gid].dgst[2] = ctx.h[2]; + tmps[gid].dgst[3] = ctx.h[3]; + tmps[gid].dgst[4] = ctx.h[4]; + tmps[gid].dgst[5] = ctx.h[5]; + tmps[gid].dgst[6] = ctx.h[6]; + tmps[gid].dgst[7] = ctx.h[7]; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 128; i++) + { + tmps[gid].pass[i] = w[i]; + } + + tmps[gid].len = 32 + pw_len_utf16le; +} + +KERNEL_FQ void m22400_loop (KERN_ATTR_TMPS_ESALT (aescrypt_tmp_t, aescrypt_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + // init + + u32 w[144] = { 0 }; // we only need max 136*4, but it's 16-byte-aligned + + w[0] = tmps[gid].dgst[0]; + w[1] = tmps[gid].dgst[1]; + w[2] = tmps[gid].dgst[2]; + w[3] = tmps[gid].dgst[3]; + w[4] = tmps[gid].dgst[4]; + w[5] = tmps[gid].dgst[5]; + w[6] = tmps[gid].dgst[6]; + w[7] = tmps[gid].dgst[7]; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 128; i++) + { + w[8 + i] = tmps[gid].pass[i]; + } + + const u32 pw_len = tmps[gid].len; + + // main loop + + for (u32 i = 0; i < loop_cnt; i++) + { + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, w, pw_len); + sha256_final (&ctx); + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + w[4] = ctx.h[4]; + w[5] = ctx.h[5]; + w[6] = ctx.h[6]; + w[7] = ctx.h[7]; + } + + tmps[gid].dgst[0] = w[0]; + tmps[gid].dgst[1] = w[1]; + tmps[gid].dgst[2] = w[2]; + tmps[gid].dgst[3] = w[3]; + tmps[gid].dgst[4] = w[4]; + tmps[gid].dgst[5] = w[5]; + tmps[gid].dgst[6] = w[6]; + tmps[gid].dgst[7] = w[7]; +} + +KERNEL_FQ void m22400_comp (KERN_ATTR_TMPS_ESALT (aescrypt_tmp_t, aescrypt_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + // digest + + u32 dgst[16] = { 0 }; + + dgst[0] = tmps[gid].dgst[0]; + dgst[1] = tmps[gid].dgst[1]; + dgst[2] = tmps[gid].dgst[2]; + dgst[3] = tmps[gid].dgst[3]; + dgst[4] = tmps[gid].dgst[4]; + dgst[5] = tmps[gid].dgst[5]; + dgst[6] = tmps[gid].dgst[6]; + dgst[7] = tmps[gid].dgst[7]; + + // IV + + u32 data[16] = { 0 }; + + data[ 0] = esalt_bufs[digests_offset].iv[0]; + data[ 1] = esalt_bufs[digests_offset].iv[1]; + data[ 2] = esalt_bufs[digests_offset].iv[2]; + data[ 3] = esalt_bufs[digests_offset].iv[3]; + + // key + + data[ 4] = esalt_bufs[digests_offset].key[0]; + data[ 5] = esalt_bufs[digests_offset].key[1]; + data[ 6] = esalt_bufs[digests_offset].key[2]; + data[ 7] = esalt_bufs[digests_offset].key[3]; + data[ 8] = esalt_bufs[digests_offset].key[4]; + data[ 9] = esalt_bufs[digests_offset].key[5]; + data[10] = esalt_bufs[digests_offset].key[6]; + data[11] = esalt_bufs[digests_offset].key[7]; + + /* + * HMAC-SHA256: + */ + + sha256_hmac_ctx_t ctx; + + sha256_hmac_init (&ctx, dgst, 32); + sha256_hmac_update (&ctx, data, 48); + sha256_hmac_final (&ctx); + + const u32 r0 = ctx.opad.h[DGST_R0]; + const u32 r1 = ctx.opad.h[DGST_R1]; + const u32 r2 = ctx.opad.h[DGST_R2]; + const u32 r3 = ctx.opad.h[DGST_R3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} diff --git a/docs/changes.txt b/docs/changes.txt index 48769885c..8436120af 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -21,6 +21,7 @@ ## Algorithms ## +- Added hash-mode: AES Crypt (SHA256) - Added hash-mode: Android Backup - Added hash-mode: AuthMe sha256 - Added hash-mode: BitLocker diff --git a/docs/readme.txt b/docs/readme.txt index d46c16d92..49a32db75 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -240,6 +240,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - Oracle Transportation Management (SHA256) - Huawei sha1(md5($pass).$salt) - AuthMe sha256 +- AES Crypt (SHA256) - BitLocker - eCryptfs - LUKS diff --git a/src/modules/module_22400.c b/src/modules/module_22400.c new file mode 100644 index 000000000..53d64cb15 --- /dev/null +++ b/src/modules/module_22400.c @@ -0,0 +1,325 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; +static const char *HASH_NAME = "AES Crypt (SHA256)"; +static const u64 KERN_TYPE = 22400; +static const u32 OPTI_TYPE = 0; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$aescrypt$1*efc648908ca7ec727f37f3316dfd885c*eff5c87a35545406a57b56de57bd0554*3a66401271aec08cbd10cf2070332214093a33f36bd0dced4a4bb09fab817184*6a3c49fea0cafb19190dc4bdadb787e73b1df244c51780beef912598bd3bdf7e"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +#define ITERATION_AESCRYPT 0x2000 +#define SALT_LEN_AESCRYPT 16 +#define IV_LEN_AESCRYPT 16 +#define KEY_LEN_AESCRYPT 32 + +typedef struct aescrypt +{ + u32 iv[4]; + u32 key[8]; + +} aescrypt_t; + +typedef struct aescrypt_tmp +{ + u32 dgst[8]; + u32 pass[128]; + u32 len; + +} aescrypt_tmp_t; + +static const char *SIGNATURE_AESCRYPT = "$aescrypt$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (aescrypt_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (aescrypt_tmp_t); + + return tmp_size; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + aescrypt_t *aescrypt = (aescrypt_t *) esalt_buf; + + token_t token; + + token.token_cnt = 6; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_AESCRYPT; + + token.len[0] = 10; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '*'; + token.len_min[1] = 1; + token.len_max[1] = 1; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '*'; + token.len_min[2] = 32; + token.len_max[2] = 32; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = '*'; + token.len_min[3] = 32; + token.len_max[3] = 32; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[4] = '*'; + token.len_min[4] = 64; + token.len_max[4] = 64; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = '*'; + token.len_min[5] = 64; + token.len_max[5] = 64; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // version + + const u8 *version_pos = token.buf[1]; + + const u32 version = hc_strtoul ((const char *) version_pos, NULL, 10); + + if (version != 1) return PARSER_SALT_VALUE; + + // salt + + const u8 *salt_pos = token.buf[2]; + + salt->salt_buf[0] = hex_to_u32 (salt_pos + 0); + salt->salt_buf[1] = hex_to_u32 (salt_pos + 8); + salt->salt_buf[2] = hex_to_u32 (salt_pos + 16); + salt->salt_buf[3] = hex_to_u32 (salt_pos + 24); + + salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); + salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); + salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); + salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); + + salt->salt_len = SALT_LEN_AESCRYPT; + + salt->salt_iter = ITERATION_AESCRYPT - 1; + + // IV + + const u8 *iv_pos = token.buf[3]; + + aescrypt->iv[0] = hex_to_u32 (iv_pos + 0); + aescrypt->iv[1] = hex_to_u32 (iv_pos + 8); + aescrypt->iv[2] = hex_to_u32 (iv_pos + 16); + aescrypt->iv[3] = hex_to_u32 (iv_pos + 24); + + aescrypt->iv[0] = byte_swap_32 (aescrypt->iv[0]); + aescrypt->iv[1] = byte_swap_32 (aescrypt->iv[1]); + aescrypt->iv[2] = byte_swap_32 (aescrypt->iv[2]); + aescrypt->iv[3] = byte_swap_32 (aescrypt->iv[3]); + + // key + + const u8 *key_pos = token.buf[4]; + + for (u32 i = 0, j = 0; i < 8; i += 1, j += 8) + { + aescrypt->key[i] = hex_to_u32 (key_pos + j); + + aescrypt->key[i] = byte_swap_32 (aescrypt->key[i]); + } + + // digest + + const u8 *hmac_pos = token.buf[5]; + + for (u32 i = 0, j = 0; i < 8; i += 1, j += 8) + { + digest[i] = hex_to_u32 (hmac_pos + j); + + digest[i] = byte_swap_32 (digest[i]); + } + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + aescrypt_t *aescrypt = (aescrypt_t *) esalt_buf; + + // salt + + #define SALT_HEX_LEN SALT_LEN_AESCRYPT * 2 + 1 + + char salt_buf[SALT_HEX_LEN] = { 0 }; + + for (u32 i = 0, j = 0; i < SALT_LEN_AESCRYPT / 4; i += 1, j += 8) + { + snprintf (salt_buf + j, SALT_HEX_LEN - j, "%08x", salt->salt_buf[i]); + } + + // iv + + #define IV_HEX_LEN IV_LEN_AESCRYPT * 2 + 1 + + char iv_buf[IV_HEX_LEN] = { 0 }; + + for (u32 i = 0, j = 0; i < IV_LEN_AESCRYPT / 4; i += 1, j += 8) + { + snprintf (iv_buf + j, IV_HEX_LEN - j, "%08x", aescrypt->iv[i]); + } + + // key + + #define KEY_HEX_LEN KEY_LEN_AESCRYPT * 2 + 1 + + char key_buf[KEY_HEX_LEN] = { 0 }; + + for (u32 i = 0, j = 0; i < KEY_LEN_AESCRYPT / 4; i += 1, j += 8) + { + snprintf (key_buf + j, KEY_HEX_LEN - j, "%08x", aescrypt->key[i]); + } + + // output + + int line_len = snprintf (line_buf, line_size, "%s%i*%s*%s*%s*%08x%08x%08x%08x%08x%08x%08x%08x", + SIGNATURE_AESCRYPT, + 1, + salt_buf, + iv_buf, + key_buf, + digest[0], + digest[1], + digest[2], + digest[3], + digest[4], + digest[5], + digest[6], + digest[7]); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/aescrypt2hashcat.pl b/tools/aescrypt2hashcat.pl new file mode 100755 index 000000000..8cb2c6efa --- /dev/null +++ b/tools/aescrypt2hashcat.pl @@ -0,0 +1,131 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +# +# Helper functions +# + +sub read_bytes +{ + my $handle = shift; + my $size = shift; + + my $data = ""; + + read ($handle, $data, $size); + + # this function is very strict: + # it only returns something if all the bytes can be read + + if (length ($data) != $size) + { + die "ERROR: Couldn't read data from the file. Maybe incorrect file format?\n"; + } + + return $data; +} + +# +# Start +# + +if (scalar (@ARGV) != 1) +{ + die "usage: $0 file.txt.aes\n"; +} + +my $file_name = $ARGV[0]; + +my $file_handle; + +if (! open ($file_handle, "<", $file_name)) +{ + die "ERROR: Couldn't open file '$file_name'\n"; +} + +binmode ($file_handle); + + +# Signature: + +my $signature = read_bytes ($file_handle, 3); + +if ($signature ne "AES") +{ + die "ERROR: The file doesn't seem to be a correct aescrypt file (signature mismatch)\n"; +} + +# Version + +my $version = read_bytes ($file_handle, 1); + +if ($version ne "\x02") +{ + die "ERROR: Currently only aescrypt file version 2 is supported by this script\n"; +} + + +read_bytes ($file_handle, 1); # reservered/skip (normally should be just \x00) + + +# Loop over the extensions until we got extension size 0 + +my $extension_size = read_bytes ($file_handle, 2); + +while ($extension_size ne "\x00\x00") +{ + my $skip_size = unpack ("S>", $extension_size); # 16-bit lengths + + read_bytes ($file_handle, $skip_size); # skip the extension + + $extension_size = read_bytes ($file_handle, 2); +} + +# IV (for KDF) + +my $iv = read_bytes ($file_handle, 16); + + +# IV (encrypted IV for AES decryption) + +my $iv_enc = read_bytes ($file_handle, 16); + + +# key_enc + +my $key_enc = read_bytes ($file_handle, 32); + + +# HMAC + +my $hmac = read_bytes ($file_handle, 32); + +# +# Hex conversion +# + +$iv = unpack ("H*", $iv); +$iv_enc = unpack ("H*", $iv_enc); +$key_enc = unpack ("H*", $key_enc); +$hmac = unpack ("H*", $hmac); + +# +# Final output +# + +print sprintf ("\$aescrypt\$1*%s*%s*%s*%s\n", $iv, $iv_enc, $key_enc, $hmac); + +# +# Cleanup +# + +close ($file_handle); + +exit (0); diff --git a/tools/test_modules/m22400.pm b/tools/test_modules/m22400.pm new file mode 100644 index 000000000..e9aa0318e --- /dev/null +++ b/tools/test_modules/m22400.pm @@ -0,0 +1,89 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::SHA qw (sha256); +use Digest::HMAC qw (hmac_hex); +use Encode; + +sub module_constraints { [[0, 256], [16, 16], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + + my $iv_aes = shift // random_bytes (16); + my $key_aes = shift // random_bytes (32); + + my $word_utf16le = encode ('UTF-16le', $word); + + my $key = $salt . "\x00" x 16; + + for (my $i = 0; $i < 8192; $i++) + { + $key = sha256 ($key . $word_utf16le); + } + + my $digest = hmac_hex ($iv_aes . $key_aes, $key, \&sha256, 64); + + # hex conversion: + + my $salt_hex = unpack ("H*", $salt); + my $iv_hex = unpack ("H*", $iv_aes); + my $key_hex = unpack ("H*", $key_aes); + + my $hash = sprintf ("\$aescrypt\$1*%s*%s*%s*%s", $salt_hex, $iv_hex, $key_hex, $digest); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my ($hash, $word) = split (':', $line); + + return unless defined $hash; + return unless defined $word; + + my @data = split ('\*', $hash); + + return unless (scalar (@data) == 5); + + my $signature = substr ($data[0], 0, 10); + + return unless ($signature eq "\$aescrypt\$"); + + my $version = substr ($data[0], 10); + + return unless ($version eq "1"); + + my $salt = $data[1]; + my $iv = $data[2]; + my $key = $data[3]; + + return unless (length ($salt) == 32); # hex lengths + return unless (length ($iv) == 32); + return unless (length ($key) == 64); + + # binary conversion: + + $salt = pack ("H*", $salt); + $iv = pack ("H*", $iv); + $key = pack ("H*", $key); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt, $iv, $key); + + return ($new_hash, $word); +} + +1; From c3c4178791d9be9c4e3f38aa6e6eb287a4676905 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Thu, 16 Jan 2020 12:22:30 +0100 Subject: [PATCH 161/300] tests: fix return code check in attack_0 () function --- tools/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/test.sh b/tools/test.sh index fe593cb30..e64e6685c 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -500,10 +500,10 @@ function attack_0() output=$(echo "${pass}" | ./${BIN} ${OPTS} -a 0 -m ${hash_type} "${hash}" 2>&1) - pass=${pass_old} - ret=${?} + pass=${pass_old} + echo "${output}" >> "${OUTD}/logfull.txt" if [ "${ret}" -eq 0 ]; then From dce54151ae52be0f286c3e2207329b2ee0da25e9 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Thu, 16 Jan 2020 12:25:18 +0100 Subject: [PATCH 162/300] minor: fix type in README.md of test modules --- tools/test_modules/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/test_modules/README.md b/tools/test_modules/README.md index a8b4e5f2b..8f91e1828 100644 --- a/tools/test_modules/README.md +++ b/tools/test_modules/README.md @@ -3,7 +3,7 @@ Each module provides the functions `module_constraints`, `module_generate_hash` and `module_verify_hash`. * The `module_constraints` function should return the minimum and maximum length of the password, salt and the combination of password and salt in following order: password (pure), salt (pure), password (optimized), salt (optimized) and combination (optimized). -Each pair should be set to -1 if the hash mode is not supporting the appropriate field. For example, if a hash-mode does not support a salt, it should be set to -1. The last field (combination) is important if the the password and the salt is stored in the same buffer in the kernel (typically raw hashes only). +Each pair should be set to -1 if the hash mode is not supporting the appropriate field. For example, if a hash-mode does not support a salt, it should be set to -1. The last field (combination) is important if the password and the salt is stored in the same buffer in the kernel (typically raw hashes only). * The first parameter to `module_generate_hash` is the password, which can be either in ASCII or binary (packed) form. The second parameter is the salt *which can be undefined for unsalted hash modes). * The `module_verify_hash` function accepts a line from the cracks file, without the newline characters. From c58a889aa6fd898b598fd144f8d1fb465f0d167e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 16 Jan 2020 15:00:19 +0100 Subject: [PATCH 163/300] Small performance boost in -m 22400 --- OpenCL/m22400-pure.cl | 173 +++++++++++++++++++++++++------------ src/modules/module_22400.c | 5 +- 2 files changed, 119 insertions(+), 59 deletions(-) diff --git a/OpenCL/m22400-pure.cl b/OpenCL/m22400-pure.cl index 68054989c..c8dded678 100644 --- a/OpenCL/m22400-pure.cl +++ b/OpenCL/m22400-pure.cl @@ -26,9 +26,8 @@ typedef struct aescrypt typedef struct aescrypt_tmp { - u32 dgst[8]; - u32 pass[128]; - u32 len; + u32 pass[144]; + int len; } aescrypt_tmp_t; @@ -57,7 +56,7 @@ KERNEL_FQ void m22400_init (KERN_ATTR_TMPS_ESALT (aescrypt_tmp_t, aescrypt_t)) const u32 pw_len_utf16le = pw_len * 2; - u32 w[128] = { 0 }; + u32 w[144] = { 0 }; for (u32 i = 0, j = 0; i < 64; i += 4, j += 8) { @@ -77,7 +76,6 @@ KERNEL_FQ void m22400_init (KERN_ATTR_TMPS_ESALT (aescrypt_tmp_t, aescrypt_t)) w[j + 1] = hc_swap32_S (out0[1]); w[j + 2] = hc_swap32_S (out0[2]); w[j + 3] = hc_swap32_S (out0[3]); - w[j + 4] = hc_swap32_S (out1[0]); w[j + 5] = hc_swap32_S (out1[1]); w[j + 6] = hc_swap32_S (out1[2]); @@ -95,24 +93,42 @@ KERNEL_FQ void m22400_init (KERN_ATTR_TMPS_ESALT (aescrypt_tmp_t, aescrypt_t)) // set tmps: - tmps[gid].dgst[0] = ctx.h[0]; - tmps[gid].dgst[1] = ctx.h[1]; - tmps[gid].dgst[2] = ctx.h[2]; - tmps[gid].dgst[3] = ctx.h[3]; - tmps[gid].dgst[4] = ctx.h[4]; - tmps[gid].dgst[5] = ctx.h[5]; - tmps[gid].dgst[6] = ctx.h[6]; - tmps[gid].dgst[7] = ctx.h[7]; + #ifdef _unroll + #pragma unroll + #endif + for (int i = 127; i >= 0; i--) // create some space for the first digest without extra buffer + { + w[8 + i] = w[i]; + } + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + w[4] = ctx.h[4]; + w[5] = ctx.h[5]; + w[6] = ctx.h[6]; + w[7] = ctx.h[7]; + + const u32 final_len = 32 + pw_len_utf16le; + + const u32 idx_floor = (final_len / 64) * 16; + const u32 idx_ceil = ((final_len & 63) >= 56) ? idx_floor + 16 : idx_floor; + + append_0x80_4x4_S (&w[idx_floor + 0], &w[idx_floor + 4], &w[idx_floor + 8], &w[idx_floor + 12], (final_len & 63) ^ 3); + + w[idx_ceil + 14] = 0; + w[idx_ceil + 15] = final_len * 8; #ifdef _unroll #pragma unroll #endif - for (u32 i = 0; i < 128; i++) + for (u32 i = 0; i < 144; i++) { tmps[gid].pass[i] = w[i]; } - tmps[gid].len = 32 + pw_len_utf16le; + tmps[gid].len = final_len; } KERNEL_FQ void m22400_loop (KERN_ATTR_TMPS_ESALT (aescrypt_tmp_t, aescrypt_t)) @@ -123,55 +139,100 @@ KERNEL_FQ void m22400_loop (KERN_ATTR_TMPS_ESALT (aescrypt_tmp_t, aescrypt_t)) // init - u32 w[144] = { 0 }; // we only need max 136*4, but it's 16-byte-aligned - - w[0] = tmps[gid].dgst[0]; - w[1] = tmps[gid].dgst[1]; - w[2] = tmps[gid].dgst[2]; - w[3] = tmps[gid].dgst[3]; - w[4] = tmps[gid].dgst[4]; - w[5] = tmps[gid].dgst[5]; - w[6] = tmps[gid].dgst[6]; - w[7] = tmps[gid].dgst[7]; + u32 w[144]; #ifdef _unroll #pragma unroll #endif - for (u32 i = 0; i < 128; i++) + for (u32 i = 0; i < 144; i++) { - w[8 + i] = tmps[gid].pass[i]; + w[i] = tmps[gid].pass[i]; } - const u32 pw_len = tmps[gid].len; + const int pw_len = tmps[gid].len; // main loop for (u32 i = 0; i < loop_cnt; i++) { - sha256_ctx_t ctx; + u32 h[8]; - sha256_init (&ctx); - sha256_update (&ctx, w, pw_len); - sha256_final (&ctx); + h[0] = SHA256M_A; + h[1] = SHA256M_B; + h[2] = SHA256M_C; + h[3] = SHA256M_D; + h[4] = SHA256M_E; + h[5] = SHA256M_F; + h[6] = SHA256M_G; + h[7] = SHA256M_H; - w[0] = ctx.h[0]; - w[1] = ctx.h[1]; - w[2] = ctx.h[2]; - w[3] = ctx.h[3]; - w[4] = ctx.h[4]; - w[5] = ctx.h[5]; - w[6] = ctx.h[6]; - w[7] = ctx.h[7]; + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + int left; + int idx; + + for (left = pw_len, idx = 0; left >= 56; left -= 64, idx += 16) + { + w0[0] = w[idx + 0]; + w0[1] = w[idx + 1]; + w0[2] = w[idx + 2]; + w0[3] = w[idx + 3]; + w1[0] = w[idx + 4]; + w1[1] = w[idx + 5]; + w1[2] = w[idx + 6]; + w1[3] = w[idx + 7]; + w2[0] = w[idx + 8]; + w2[1] = w[idx + 9]; + w2[2] = w[idx + 10]; + w2[3] = w[idx + 11]; + w3[0] = w[idx + 12]; + w3[1] = w[idx + 13]; + w3[2] = w[idx + 14]; + w3[3] = w[idx + 15]; + + sha256_transform (w0, w1, w2, w3, h); + } + + w0[0] = w[idx + 0]; + w0[1] = w[idx + 1]; + w0[2] = w[idx + 2]; + w0[3] = w[idx + 3]; + w1[0] = w[idx + 4]; + w1[1] = w[idx + 5]; + w1[2] = w[idx + 6]; + w1[3] = w[idx + 7]; + w2[0] = w[idx + 8]; + w2[1] = w[idx + 9]; + w2[2] = w[idx + 10]; + w2[3] = w[idx + 11]; + w3[0] = w[idx + 12]; + w3[1] = w[idx + 13]; + w3[2] = w[idx + 14]; + w3[3] = w[idx + 15]; + + sha256_transform (w0, w1, w2, w3, h); + + w[0] = h[0]; + w[1] = h[1]; + w[2] = h[2]; + w[3] = h[3]; + w[4] = h[4]; + w[5] = h[5]; + w[6] = h[6]; + w[7] = h[7]; } - tmps[gid].dgst[0] = w[0]; - tmps[gid].dgst[1] = w[1]; - tmps[gid].dgst[2] = w[2]; - tmps[gid].dgst[3] = w[3]; - tmps[gid].dgst[4] = w[4]; - tmps[gid].dgst[5] = w[5]; - tmps[gid].dgst[6] = w[6]; - tmps[gid].dgst[7] = w[7]; + tmps[gid].pass[0] = w[0]; + tmps[gid].pass[1] = w[1]; + tmps[gid].pass[2] = w[2]; + tmps[gid].pass[3] = w[3]; + tmps[gid].pass[4] = w[4]; + tmps[gid].pass[5] = w[5]; + tmps[gid].pass[6] = w[6]; + tmps[gid].pass[7] = w[7]; } KERNEL_FQ void m22400_comp (KERN_ATTR_TMPS_ESALT (aescrypt_tmp_t, aescrypt_t)) @@ -184,14 +245,14 @@ KERNEL_FQ void m22400_comp (KERN_ATTR_TMPS_ESALT (aescrypt_tmp_t, aescrypt_t)) u32 dgst[16] = { 0 }; - dgst[0] = tmps[gid].dgst[0]; - dgst[1] = tmps[gid].dgst[1]; - dgst[2] = tmps[gid].dgst[2]; - dgst[3] = tmps[gid].dgst[3]; - dgst[4] = tmps[gid].dgst[4]; - dgst[5] = tmps[gid].dgst[5]; - dgst[6] = tmps[gid].dgst[6]; - dgst[7] = tmps[gid].dgst[7]; + dgst[0] = tmps[gid].pass[0]; + dgst[1] = tmps[gid].pass[1]; + dgst[2] = tmps[gid].pass[2]; + dgst[3] = tmps[gid].pass[3]; + dgst[4] = tmps[gid].pass[4]; + dgst[5] = tmps[gid].pass[5]; + dgst[6] = tmps[gid].pass[6]; + dgst[7] = tmps[gid].pass[7]; // IV diff --git a/src/modules/module_22400.c b/src/modules/module_22400.c index 53d64cb15..53186aeb1 100644 --- a/src/modules/module_22400.c +++ b/src/modules/module_22400.c @@ -54,9 +54,8 @@ typedef struct aescrypt typedef struct aescrypt_tmp { - u32 dgst[8]; - u32 pass[128]; - u32 len; + u32 pass[144]; + int len; } aescrypt_tmp_t; From 4b16631710bcc56494450cca1cf8794b95155d92 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 16 Jan 2020 19:20:57 +0100 Subject: [PATCH 164/300] Do REAL_SHM check in -m 9100 --- OpenCL/m09100-pure.cl | 62 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 52 insertions(+), 10 deletions(-) diff --git a/OpenCL/m09100-pure.cl b/OpenCL/m09100-pure.cl index 8ccc65020..14ab60f9e 100644 --- a/OpenCL/m09100-pure.cl +++ b/OpenCL/m09100-pure.cl @@ -27,6 +27,42 @@ typedef struct lotus8_tmp } lotus8_tmp_t; +CONSTANT_VK u32a bin2asc[256] = +{ + 0x00003030, 0x00003130, 0x00003230, 0x00003330, 0x00003430, 0x00003530, 0x00003630, 0x00003730, + 0x00003830, 0x00003930, 0x00004130, 0x00004230, 0x00004330, 0x00004430, 0x00004530, 0x00004630, + 0x00003031, 0x00003131, 0x00003231, 0x00003331, 0x00003431, 0x00003531, 0x00003631, 0x00003731, + 0x00003831, 0x00003931, 0x00004131, 0x00004231, 0x00004331, 0x00004431, 0x00004531, 0x00004631, + 0x00003032, 0x00003132, 0x00003232, 0x00003332, 0x00003432, 0x00003532, 0x00003632, 0x00003732, + 0x00003832, 0x00003932, 0x00004132, 0x00004232, 0x00004332, 0x00004432, 0x00004532, 0x00004632, + 0x00003033, 0x00003133, 0x00003233, 0x00003333, 0x00003433, 0x00003533, 0x00003633, 0x00003733, + 0x00003833, 0x00003933, 0x00004133, 0x00004233, 0x00004333, 0x00004433, 0x00004533, 0x00004633, + 0x00003034, 0x00003134, 0x00003234, 0x00003334, 0x00003434, 0x00003534, 0x00003634, 0x00003734, + 0x00003834, 0x00003934, 0x00004134, 0x00004234, 0x00004334, 0x00004434, 0x00004534, 0x00004634, + 0x00003035, 0x00003135, 0x00003235, 0x00003335, 0x00003435, 0x00003535, 0x00003635, 0x00003735, + 0x00003835, 0x00003935, 0x00004135, 0x00004235, 0x00004335, 0x00004435, 0x00004535, 0x00004635, + 0x00003036, 0x00003136, 0x00003236, 0x00003336, 0x00003436, 0x00003536, 0x00003636, 0x00003736, + 0x00003836, 0x00003936, 0x00004136, 0x00004236, 0x00004336, 0x00004436, 0x00004536, 0x00004636, + 0x00003037, 0x00003137, 0x00003237, 0x00003337, 0x00003437, 0x00003537, 0x00003637, 0x00003737, + 0x00003837, 0x00003937, 0x00004137, 0x00004237, 0x00004337, 0x00004437, 0x00004537, 0x00004637, + 0x00003038, 0x00003138, 0x00003238, 0x00003338, 0x00003438, 0x00003538, 0x00003638, 0x00003738, + 0x00003838, 0x00003938, 0x00004138, 0x00004238, 0x00004338, 0x00004438, 0x00004538, 0x00004638, + 0x00003039, 0x00003139, 0x00003239, 0x00003339, 0x00003439, 0x00003539, 0x00003639, 0x00003739, + 0x00003839, 0x00003939, 0x00004139, 0x00004239, 0x00004339, 0x00004439, 0x00004539, 0x00004639, + 0x00003041, 0x00003141, 0x00003241, 0x00003341, 0x00003441, 0x00003541, 0x00003641, 0x00003741, + 0x00003841, 0x00003941, 0x00004141, 0x00004241, 0x00004341, 0x00004441, 0x00004541, 0x00004641, + 0x00003042, 0x00003142, 0x00003242, 0x00003342, 0x00003442, 0x00003542, 0x00003642, 0x00003742, + 0x00003842, 0x00003942, 0x00004142, 0x00004242, 0x00004342, 0x00004442, 0x00004542, 0x00004642, + 0x00003043, 0x00003143, 0x00003243, 0x00003343, 0x00003443, 0x00003543, 0x00003643, 0x00003743, + 0x00003843, 0x00003943, 0x00004143, 0x00004243, 0x00004343, 0x00004443, 0x00004543, 0x00004643, + 0x00003044, 0x00003144, 0x00003244, 0x00003344, 0x00003444, 0x00003544, 0x00003644, 0x00003744, + 0x00003844, 0x00003944, 0x00004144, 0x00004244, 0x00004344, 0x00004444, 0x00004544, 0x00004644, + 0x00003045, 0x00003145, 0x00003245, 0x00003345, 0x00003445, 0x00003545, 0x00003645, 0x00003745, + 0x00003845, 0x00003945, 0x00004145, 0x00004245, 0x00004345, 0x00004445, 0x00004545, 0x00004645, + 0x00003046, 0x00003146, 0x00003246, 0x00003346, 0x00003446, 0x00003546, 0x00003646, 0x00003746, + 0x00003846, 0x00003946, 0x00004146, 0x00004246, 0x00004346, 0x00004446, 0x00004546, 0x00004646, +}; + CONSTANT_VK u32a lotus64_table[64] = { '0', '1', '2', '3', '4', '5', '6', '7', @@ -79,7 +115,7 @@ CONSTANT_VK u32a lotus_magic_table[256] = #define BOX1(S,i) (S)[(i)] -DECLSPEC void lotus_mix (u32 *in, LOCAL_AS const u32 *s_lotus_magic_table) +DECLSPEC void lotus_mix (u32 *in, SHM_TYPE const u32 *s_lotus_magic_table) { u8 p = 0; @@ -102,7 +138,7 @@ DECLSPEC void lotus_mix (u32 *in, LOCAL_AS const u32 *s_lotus_magic_table) } } -DECLSPEC void lotus_transform_password (const u32 *in, u32 *out, LOCAL_AS const u32 *s_lotus_magic_table) +DECLSPEC void lotus_transform_password (const u32 *in, u32 *out, SHM_TYPE const u32 *s_lotus_magic_table) { u8 t = (u8) (out[3] >> 24); @@ -199,7 +235,7 @@ DECLSPEC void pad (u32 *w, const u32 len) } } -DECLSPEC void mdtransform_norecalc (u32 *state, const u32 *block, LOCAL_AS const u32 *s_lotus_magic_table) +DECLSPEC void mdtransform_norecalc (u32 *state, const u32 *block, SHM_TYPE const u32 *s_lotus_magic_table) { u32 x[12]; @@ -224,14 +260,14 @@ DECLSPEC void mdtransform_norecalc (u32 *state, const u32 *block, LOCAL_AS const state[3] = x[3]; } -DECLSPEC void mdtransform (u32 *state, u32 *checksum, const u32 *block, LOCAL_AS const u32 *s_lotus_magic_table) +DECLSPEC void mdtransform (u32 *state, u32 *checksum, const u32 *block, SHM_TYPE const u32 *s_lotus_magic_table) { mdtransform_norecalc (state, block, s_lotus_magic_table); lotus_transform_password (block, checksum, s_lotus_magic_table); } -DECLSPEC void domino_big_md (const u32 *saved_key, const u32 size, u32 *state, LOCAL_AS const u32 *s_lotus_magic_table) +DECLSPEC void domino_big_md (const u32 *saved_key, const u32 size, u32 *state, SHM_TYPE const u32 *s_lotus_magic_table) { u32 checksum[4]; @@ -402,6 +438,8 @@ KERNEL_FQ void m09100_init (KERN_ATTR_TMPS (lotus8_tmp_t)) * sbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_lotus_magic_table[256]; for (u32 i = lid; i < 256; i += lsz) @@ -413,15 +451,19 @@ KERNEL_FQ void m09100_init (KERN_ATTR_TMPS (lotus8_tmp_t)) for (u32 i = lid; i < 256; i += lsz) { - const u32 i0 = (i >> 0) & 15; - const u32 i1 = (i >> 4) & 15; - - l_bin2asc[i] = ((i0 < 10) ? '0' + i0 : 'A' - 10 + i0) << 8 - | ((i1 < 10) ? '0' + i1 : 'A' - 10 + i1) << 0; + l_bin2asc[i] = bin2asc[i]; } SYNC_THREADS (); + #else + + CONSTANT_AS u32a *s_lotus_magic_table = lotus_magic_table; + + CONSTANT_AS u32a *l_bin2asc = bin2asc; + + #endif + if (gid >= gid_max) return; /** From abd4b99fd9512f608b892f01d8d21bedeec2ccb4 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 18 Jan 2020 15:29:06 +0100 Subject: [PATCH 165/300] Use an easier example hash for -m 22000 --- src/modules/module_22000.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c index 1942303f8..fcbc3971c 100644 --- a/src/modules/module_22000.c +++ b/src/modules/module_22000.c @@ -39,7 +39,7 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat!"; -static const char *ST_HASH = "WPA*01*9d42bfc4ab79cf3a3a85761efd2a0cf0*e8e61d2bfe07*e21f445660bb*3c3429452aba22e9a7a6***"; +static const char *ST_HASH = "WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964***"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } From 616683df5c40e3729d1e0ae253b72034557204c5 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 19 Jan 2020 10:50:47 +0100 Subject: [PATCH 166/300] Use an easier example hash for -m 22001 --- src/modules/module_22001.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/module_22001.c b/src/modules/module_22001.c index 446d710f4..d24dbac86 100644 --- a/src/modules/module_22001.c +++ b/src/modules/module_22001.c @@ -39,8 +39,8 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_COPY_TMPS | OPTS_TYPE_POTFILE_NOPASS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; -static const char *ST_PASS = "4189cd288e84c91adc4cc076a68f6004bff528b3112ed20b31d43b9e453bdc31"; -static const char *ST_HASH = "WPA*01*9d42bfc4ab79cf3a3a85761efd2a0cf0*e8e61d2bfe07*e21f445660bb*3c3429452aba22e9a7a6***"; +static const char *ST_PASS = "88f43854ae7b1624fc2ab7724859e795130f4843c7535729e819cf92f39535dc"; +static const char *ST_HASH = "WPA*01*5ce7ebe97a1bbfeb2822ae627b726d5b*27462da350ac*accd10fb464e*686173686361742d6573736964***"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } From 7797488a12c657df97c8195388eabba3b36aa28a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 19 Jan 2020 18:12:16 +0100 Subject: [PATCH 167/300] Add PMKID/MIC to cracked output line in -m 22000 and -m 22001 --- src/modules/module_22000.c | 25 ++++++++++++++++++++++--- src/modules/module_22001.c | 25 ++++++++++++++++++++++--- 2 files changed, 44 insertions(+), 6 deletions(-) diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c index fcbc3971c..9f25c6dd3 100644 --- a/src/modules/module_22000.c +++ b/src/modules/module_22000.c @@ -1193,7 +1193,26 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *mac_ap = (const u8 *) wpa->mac_ap; const u8 *mac_sta = (const u8 *) wpa->mac_sta; - if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, '*', 0) == true) + if (wpa->type == 1) + { + u32_to_hex (wpa->pmkid[0], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->pmkid[1], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->pmkid[2], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->pmkid[3], (u8 *) line_buf + line_len); line_len += 8; + } + else if (wpa->type == 2) + { + u32_to_hex (wpa->keymic[0], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->keymic[1], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->keymic[2], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->keymic[3], (u8 *) line_buf + line_len); line_len += 8; + } + + line_buf[line_len] = ':'; + + line_len++; + + if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, ':', 0) == true) { char tmp_buf[128]; @@ -1213,7 +1232,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE tmp_buf[tmp_len++] = 0; - line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + line_len += snprintf (line_buf + line_len, line_size - line_len, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", mac_ap[0], mac_ap[1], mac_ap[2], @@ -1230,7 +1249,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE } else { - line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + line_len += snprintf (line_buf + line_len, line_size - line_len, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", mac_ap[0], mac_ap[1], mac_ap[2], diff --git a/src/modules/module_22001.c b/src/modules/module_22001.c index d24dbac86..8a0ad8710 100644 --- a/src/modules/module_22001.c +++ b/src/modules/module_22001.c @@ -1194,7 +1194,26 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *mac_ap = (const u8 *) wpa->mac_ap; const u8 *mac_sta = (const u8 *) wpa->mac_sta; - if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, '*', 0) == true) + if (wpa->type == 1) + { + u32_to_hex (wpa->pmkid[0], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->pmkid[1], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->pmkid[2], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->pmkid[3], (u8 *) line_buf + line_len); line_len += 8; + } + else if (wpa->type == 2) + { + u32_to_hex (wpa->keymic[0], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->keymic[1], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->keymic[2], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (wpa->keymic[3], (u8 *) line_buf + line_len); line_len += 8; + } + + line_buf[line_len] = ':'; + + line_len++; + + if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, ':', 0) == true) { char tmp_buf[128]; @@ -1214,7 +1233,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE tmp_buf[tmp_len++] = 0; - line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + line_len += snprintf (line_buf + line_len, line_size - line_len, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", mac_ap[0], mac_ap[1], mac_ap[2], @@ -1231,7 +1250,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE } else { - line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + line_len += snprintf (line_buf + line_len, line_size - line_len, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", mac_ap[0], mac_ap[1], mac_ap[2], From 441fcea8a152fd27b9ec46938a7afe58030ff23f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 19 Jan 2020 19:24:11 +0100 Subject: [PATCH 168/300] Replace mode 2500 with 22000 as default WPA benchmark mode --- src/benchmark.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/benchmark.c b/src/benchmark.c index 05f0c35a6..3653b4fd1 100644 --- a/src/benchmark.c +++ b/src/benchmark.c @@ -16,7 +16,7 @@ static const int DEFAULT_BENCHMARK_ALGORITHMS_BUF[] = 100, 1400, 1700, - 2500, + 22000, 1000, 3000, 5500, From cf4cee2f2fe04a1c2fe13d83677f2c89cfe37d18 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 20 Jan 2020 09:20:12 +0100 Subject: [PATCH 169/300] Update selection of API to make use of bitselect and rotate --- OpenCL/inc_vendor.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/OpenCL/inc_vendor.h b/OpenCL/inc_vendor.h index b1a656ce8..c2238a838 100644 --- a/OpenCL/inc_vendor.h +++ b/OpenCL/inc_vendor.h @@ -147,7 +147,12 @@ // Whitelist some OpenCL specific functions // This could create more stable kernels on systems with bad OpenCL drivers -#ifdef IS_NV +#ifdef IS_CUDA +#define USE_BITSELECT +#define USE_ROTATE +#endif + +#ifdef IS_OPENCL #define USE_BITSELECT #define USE_ROTATE #define USE_SWIZZLE From 3a5544a55453df38ae26fc5b1a159103cb35cc42 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 21 Jan 2020 22:09:56 +0100 Subject: [PATCH 170/300] Help some compiler with 64 bit constants --- OpenCL/inc_common.cl | 16 ++++++++-------- OpenCL/inc_vendor.h | 6 +++--- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/OpenCL/inc_common.cl b/OpenCL/inc_common.cl index 2d086c4b6..cb6f9a534 100644 --- a/OpenCL/inc_common.cl +++ b/OpenCL/inc_common.cl @@ -812,14 +812,14 @@ DECLSPEC u64 hc_swap64_S (const u64 v) #ifdef USE_SWIZZLE r = as_ulong (as_uchar8 (v).s76543210); #else - r = ((v & 0xff00000000000000ULL) >> 56) - | ((v & 0x00ff000000000000ULL) >> 40) - | ((v & 0x0000ff0000000000ULL) >> 24) - | ((v & 0x000000ff00000000ULL) >> 8) - | ((v & 0x00000000ff000000ULL) << 8) - | ((v & 0x0000000000ff0000ULL) << 24) - | ((v & 0x000000000000ff00ULL) << 40) - | ((v & 0x00000000000000ffULL) << 56); + r = ((v & (u64) 0xff00000000000000ULL) >> 56) + | ((v & (u64) 0x00ff000000000000ULL) >> 40) + | ((v & (u64) 0x0000ff0000000000ULL) >> 24) + | ((v & (u64) 0x000000ff00000000ULL) >> 8) + | ((v & (u64) 0x00000000ff000000ULL) << 8) + | ((v & (u64) 0x0000000000ff0000ULL) << 24) + | ((v & (u64) 0x000000000000ff00ULL) << 40) + | ((v & (u64) 0x00000000000000ffULL) << 56); #endif #endif #endif diff --git a/OpenCL/inc_vendor.h b/OpenCL/inc_vendor.h index c2238a838..6924fd37c 100644 --- a/OpenCL/inc_vendor.h +++ b/OpenCL/inc_vendor.h @@ -153,9 +153,9 @@ #endif #ifdef IS_OPENCL -#define USE_BITSELECT -#define USE_ROTATE -#define USE_SWIZZLE +//#define USE_BITSELECT +//#define USE_ROTATE +//#define USE_SWIZZLE #endif #endif From 42358dc2f069ab74a67586e7d769d97080ca243a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 22 Jan 2020 09:28:48 +0100 Subject: [PATCH 171/300] Remove OPTS_TYPE_PT_NEVERCRACK leftover when merging PR from an older source base --- src/modules/module_17210.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_17210.c b/src/modules/module_17210.c index c1f405f2e..834de1ccd 100644 --- a/src/modules/module_17210.c +++ b/src/modules/module_17210.c @@ -102,7 +102,7 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_ARCHIVE; static const char *HASH_NAME = "PKZIP (Uncompressed)"; static const u64 KERN_TYPE = 17210; static const u32 OPTI_TYPE = 0; -static const u64 OPTS_TYPE = OPTS_TYPE_PT_NEVERCRACK; // nevercrack is required because it's quite likely that a collision is found which will not necessarily work as password for the archive +static const u64 OPTS_TYPE = 0; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "$pkzip2$1*1*2*0*1d1*1c5*eda7a8de*0*28*0*1d1*eda7*5096*1dea673da43d9fc7e2be1a1f4f664269fceb6cb88723a97408ae1fe07f774d31d1442ea8485081e63f919851ca0b7588d5e3442317fff19fe547a4ef97492ed75417c427eea3c4e146e16c100a2f8b6abd7e5988dc967e5a0e51f641401605d673630ea52ebb04da4b388489901656532c9aa474ca090dbac7cf8a21428d57b42a71da5f3d83fed927361e5d385ca8e480a6d42dea5b4bf497d3a24e79fc7be37c8d1721238cbe9e1ea3ae1eb91fc02aabdf33070d718d5105b70b3d7f3d2c28b3edd822e89a5abc0c8fee117c7fbfbfd4b4c8e130977b75cb0b1da080bfe1c0859e6483c42f459c8069d45a76220e046e6c2a2417392fd87e4aa4a2559eaab3baf78a77a1b94d8c8af16a977b4bb45e3da211838ad044f209428dba82666bf3d54d4eed82c64a9b3444a44746b9e398d0516a2596d84243b4a1d7e87d9843f38e45b6be67fd980107f3ad7b8453d87300e6c51ac9f5e3f6c3b702654440c543b1d808b62f7a313a83b31a6faaeedc2620de7057cd0df80f70346fe2d4dccc318f0b5ed128bcf0643e63d754bb05f53afb2b0fa90b34b538b2ad3648209dff587df4fa18698e4fa6d858ad44aa55d2bba3b08dfdedd3e28b8b7caf394d5d9d95e452c2ab1c836b9d74538c2f0d24b9b577*$/pkzip2$"; From 13675d2965418be7d4129066cffb5a6b1964a24b Mon Sep 17 00:00:00 2001 From: philsmd Date: Thu, 23 Jan 2020 09:03:22 +0100 Subject: [PATCH 172/300] Fixes #2255: new --outfile-format with support for timestamps --- docs/changes.txt | 1 + extra/tab_completion/hashcat.sh | 26 +++++- include/outfile.h | 2 + include/types.h | 6 +- src/interface.c | 3 +- src/outfile.c | 141 ++++++++++++++++++++++++++++++-- src/usage.c | 19 ++--- src/user_options.c | 36 +++++--- 8 files changed, 200 insertions(+), 34 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 8436120af..14b1f8fc3 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -9,6 +9,7 @@ - Added CUDA as a new compute API to hashcat backend (enables hashcat to run on NVIDIA Jetson, IBM POWER9 w/ Nvidia V100, etc.) - Added new options --backend-ignore-cuda and --backend-ingore-opencl to ignore CUDA and/or OpenCL interface from being load on startup - Added new parameter --brain-server-timer to specify the seconds for the next scheduled backup +- Added new way to specify the outfile format, the new --outfile-format now also supports timestamps - Support use of all available GPU memory using CUDA backend - Support use of all available CPU cores for hash-mode specific hooks - Support on-the-fly loading of compressed wordlists in zip and gzip format diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh index d420faf23..ad32a61f4 100644 --- a/extra/tab_completion/hashcat.sh +++ b/extra/tab_completion/hashcat.sh @@ -302,7 +302,7 @@ _hashcat () local ATTACK_MODES="0 1 3 6 7" local HCCAPX_MESSAGE_PAIRS="0 1 2 3 4 5" - local OUTFILE_FORMATS="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15" + local OUTFILE_FORMATS="1 2 3 4 5 6" local OPENCL_DEVICE_TYPES="1 2 3" local BACKEND_VECTOR_WIDTH="1 2 4 8 16" local DEBUG_MODE="1 2 3 4" @@ -348,7 +348,29 @@ _hashcat () ;; --outfile-format) - COMPREPLY=($(compgen -W "${OUTFILE_FORMATS}" -- ${cur})) + local outfile_format_list="" + + local filter_list=$(echo -n "${OUTFILE_FORMATS}" | sed 's/ //g') + + if echo "${cur}" | grep -q "^[,${filter_list}]*$"; then + outfile_format_list="${cur}" + + # remove formats already used in the command line: + local formats_used=$(echo -n "${cur}" | sed 's/,/\n/g') + local allowed_formats=$(echo -n "${OUTFILE_FORMATS}" | sed 's/ /\n/g') + + local i + for i in $formats_used; do + allowed_formats=$(echo -n "${allowed_formats}" | grep -v "${formats_used}") + done + + outfile_format_list="${cur}" + for i in $allowed_formats; do + outfile_format_list="${outfile_format_list} ${cur},${i}" + done + fi + + COMPREPLY=($(compgen -W "${outfile_format_list}" -- ${cur})) return 0 ;; diff --git a/include/outfile.h b/include/outfile.h index 79790cf61..e54c09a35 100644 --- a/include/outfile.h +++ b/include/outfile.h @@ -14,6 +14,8 @@ int build_plain (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_para int build_crackpos (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, plain_t *plain, u64 *out_pos); int build_debugdata (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, plain_t *plain, u8 *debug_rule_buf, int *debug_rule_len, u8 *debug_plain_ptr, int *debug_plain_len); +u32 outfile_format_parse (const char *format_string); + int outfile_init (hashcat_ctx_t *hashcat_ctx); void outfile_destroy (hashcat_ctx_t *hashcat_ctx); int outfile_write_open (hashcat_ctx_t *hashcat_ctx); diff --git a/include/types.h b/include/types.h index 099cdb19c..057085768 100644 --- a/include/types.h +++ b/include/types.h @@ -485,7 +485,9 @@ typedef enum outfile_fmt OUTFILE_FMT_HASH = (1 << 0), OUTFILE_FMT_PLAIN = (1 << 1), OUTFILE_FMT_HEXPLAIN = (1 << 2), - OUTFILE_FMT_CRACKPOS = (1 << 3) + OUTFILE_FMT_CRACKPOS = (1 << 3), + OUTFILE_FMT_TIME_ABS = (1 << 4), + OUTFILE_FMT_TIME_REL = (1 << 5) } outfile_fmt_t; @@ -1923,6 +1925,7 @@ typedef struct user_options char *opencl_device_types; char *outfile; char *outfile_check_dir; + char *outfile_format; char *potfile_path; char *restore_file_path; char **rp_files; @@ -1962,7 +1965,6 @@ typedef struct user_options u32 spin_damp; u32 backend_vector_width; u32 outfile_check_timer; - u32 outfile_format; u32 remove_timer; u32 restore_timer; u32 rp_files_cnt; diff --git a/src/interface.c b/src/interface.c index 68be9f796..76ef8b330 100644 --- a/src/interface.c +++ b/src/interface.c @@ -12,6 +12,7 @@ #include "modules.h" #include "dynloader.h" #include "interface.h" +#include "outfile.h" /** * parsing @@ -515,7 +516,7 @@ u32 default_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY u32 default_forced_outfile_format (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 forced_outfile_format = user_options->outfile_format; + const u32 forced_outfile_format = outfile_format_parse (user_options->outfile_format); return forced_outfile_format; } diff --git a/src/outfile.c b/src/outfile.c index 8dc949b50..f1d2b4989 100644 --- a/src/outfile.c +++ b/src/outfile.c @@ -5,6 +5,7 @@ #include "common.h" #include "types.h" +#include "memory.h" #include "event.h" #include "convert.h" #include "mpsp.h" @@ -16,6 +17,94 @@ #include "locking.h" #include "outfile.h" +u32 outfile_format_parse (const char *format_string) +{ + if (format_string == NULL) return OUTFILE_FORMAT; // default outfile format + + char *format = hcstrdup (format_string); + + if (format == NULL) return 0; + + char *saveptr = NULL; + + char *next = strtok_r (format, ",", &saveptr); + + u32 outfile_format = 0; + + do + { + const int tok_len = strlen (next); + + // reject non-numbers: + + if (is_valid_digit_string ((const u8 *) next, tok_len) == false) + { + outfile_format = 0; + break; + } + + // string to number conversion: + + const u32 num = hc_strtoul (next, NULL, 10); + + if (num == 0) + { + outfile_format = 0; + break; + } + + if (num > 31) + { + outfile_format = 0; + break; + } + + // to bitmask: + + const u32 bit = 1 << (num - 1); + + bool accepted = false; + + switch (bit) + { + // allowed formats: + case OUTFILE_FMT_HASH: + case OUTFILE_FMT_PLAIN: + case OUTFILE_FMT_HEXPLAIN: + case OUTFILE_FMT_CRACKPOS: + case OUTFILE_FMT_TIME_ABS: + case OUTFILE_FMT_TIME_REL: + accepted = true; + break; + // NOT acceptable formats: + default: + accepted = false; + break; + } + + if (accepted == false) + { + outfile_format = 0; + break; + } + + // the user should specify any format at most once: + + if (outfile_format & bit) + { + outfile_format = 0; + break; + } + + outfile_format |= bit; + + } while ((next = strtok_r ((char *) NULL, ",", &saveptr)) != NULL); + + hcfree (format); + + return outfile_format; +} + int build_plain (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, plain_t *plain, u32 *plain_buf, int *out_len) { const combinator_ctx_t *combinator_ctx = hashcat_ctx->combinator_ctx; @@ -391,10 +480,10 @@ int outfile_init (hashcat_ctx_t *hashcat_ctx) outfile_ctx_t *outfile_ctx = hashcat_ctx->outfile_ctx; user_options_t *user_options = hashcat_ctx->user_options; - outfile_ctx->fp.pfp = NULL; - outfile_ctx->filename = user_options->outfile; - outfile_ctx->outfile_format = user_options->outfile_format; - outfile_ctx->outfile_autohex = user_options->outfile_autohex; + outfile_ctx->fp.pfp = NULL; + outfile_ctx->filename = user_options->outfile; + outfile_ctx->outfile_format = outfile_format_parse (user_options->outfile_format); + outfile_ctx->outfile_autohex = user_options->outfile_autohex; return 0; } @@ -445,6 +534,7 @@ int outfile_write (hashcat_ctx_t *hashcat_ctx, const char *out_buf, const int ou const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; const user_options_t *user_options = hashcat_ctx->user_options; outfile_ctx_t *outfile_ctx = hashcat_ctx->outfile_ctx; + status_ctx_t *status_ctx = hashcat_ctx->status_ctx; const u32 outfile_format = (hashconfig->opts_type & OPTS_TYPE_PT_ALWAYS_HEXIFY) ? 5 : outfile_ctx->outfile_format; @@ -458,7 +548,7 @@ int outfile_write (hashcat_ctx_t *hashcat_ctx, const char *out_buf, const int ou tmp_len += user_len; - if (outfile_format & (OUTFILE_FMT_HASH | OUTFILE_FMT_PLAIN | OUTFILE_FMT_HEXPLAIN | OUTFILE_FMT_CRACKPOS)) + if (outfile_format & (OUTFILE_FMT_TIME_ABS | OUTFILE_FMT_TIME_REL | OUTFILE_FMT_HASH | OUTFILE_FMT_PLAIN | OUTFILE_FMT_HEXPLAIN | OUTFILE_FMT_CRACKPOS)) { tmp_buf[tmp_len] = hashconfig->separator; @@ -467,6 +557,47 @@ int outfile_write (hashcat_ctx_t *hashcat_ctx, const char *out_buf, const int ou } } + if (outfile_format & OUTFILE_FMT_TIME_ABS) + { + time_t now; + + time (&now); + + tmp_len += snprintf (tmp_buf + tmp_len, HCBUFSIZ_LARGE - tmp_len, "%" PRIu64, (u64) now); + + if (outfile_format & (OUTFILE_FMT_TIME_REL | OUTFILE_FMT_HASH | OUTFILE_FMT_PLAIN | OUTFILE_FMT_HEXPLAIN | OUTFILE_FMT_CRACKPOS)) + { + tmp_buf[tmp_len] = hashconfig->separator; + + tmp_len += 1; + } + } + + if (outfile_format & OUTFILE_FMT_TIME_REL) + { + time_t time_now; + + time (&time_now); + + time_t time_started = status_ctx->runtime_start; + + u64 diff = 0; + + if (time_now > time_started) // should always be true, but you never know + { + diff = (u64) time_now - (u64) time_started; + } + + tmp_len += snprintf (tmp_buf + tmp_len, HCBUFSIZ_LARGE - tmp_len, "%" PRIu64, diff); + + if (outfile_format & (OUTFILE_FMT_HASH | OUTFILE_FMT_PLAIN | OUTFILE_FMT_HEXPLAIN | OUTFILE_FMT_CRACKPOS)) + { + tmp_buf[tmp_len] = hashconfig->separator; + + tmp_len += 1; + } + } + if (outfile_format & OUTFILE_FMT_HASH) { memcpy (tmp_buf + tmp_len, out_buf, out_len); diff --git a/src/usage.c b/src/usage.c index c7af49a18..6f5df8c74 100644 --- a/src/usage.c +++ b/src/usage.c @@ -53,7 +53,7 @@ static const char *const USAGE_BIG_PRE_HASHMODES[] = " --restore-disable | | Do not write restore file |", " --restore-file-path | File | Specific path to restore file | --restore-file-path=x.restore", " -o, --outfile | File | Define outfile for recovered hash | -o outfile.txt", - " --outfile-format | Num | Define outfile-format X for recovered hash | --outfile-format=7", + " --outfile-format | Str | Outfile format to use, separated with commas | --outfile-format=1,3", " --outfile-autohex-disable | | Disable the use of $HEX[] in output plains |", " --outfile-check-timer | Num | Sets seconds between outfile checks to X | --outfile-check=30", " --wordlist-autohex-disable | | Disable the conversion of $HEX[] from the wordlist |", @@ -160,19 +160,10 @@ static const char *const USAGE_BIG_POST_HASHMODES[] = " ===+========", " 1 | hash[:salt]", " 2 | plain", - " 3 | hash[:salt]:plain", - " 4 | hex_plain", - " 5 | hash[:salt]:hex_plain", - " 6 | plain:hex_plain", - " 7 | hash[:salt]:plain:hex_plain", - " 8 | crack_pos", - " 9 | hash[:salt]:crack_pos", - " 10 | plain:crack_pos", - " 11 | hash[:salt]:plain:crack_pos", - " 12 | hex_plain:crack_pos", - " 13 | hash[:salt]:hex_plain:crack_pos", - " 14 | plain:hex_plain:crack_pos", - " 15 | hash[:salt]:plain:hex_plain:crack_pos", + " 3 | hex_plain", + " 4 | crack_pos", + " 5 | timestamp absolute", + " 6 | timestamp relative", "", "- [ Rule Debugging Modes ] -", "", diff --git a/src/user_options.c b/src/user_options.c index e6811f87e..9d7fa473e 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -13,6 +13,7 @@ #include "usage.h" #include "backend.h" #include "user_options.h" +#include "outfile.h" #ifdef WITH_BRAIN #include "brain.h" @@ -218,7 +219,7 @@ int user_options_init (hashcat_ctx_t *hashcat_ctx) user_options->outfile_autohex = OUTFILE_AUTOHEX; user_options->outfile_check_dir = NULL; user_options->outfile_check_timer = OUTFILE_CHECK_TIMER; - user_options->outfile_format = OUTFILE_FORMAT; + user_options->outfile_format = NULL; user_options->outfile = NULL; user_options->potfile_disable = POTFILE_DISABLE; user_options->potfile_path = NULL; @@ -310,7 +311,6 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_RP_GEN_FUNC_MAX: case IDX_RP_GEN_SEED: case IDX_MARKOV_THRESHOLD: - case IDX_OUTFILE_FORMAT: case IDX_OUTFILE_CHECK_TIMER: case IDX_BACKEND_VECTOR_WIDTH: case IDX_WORKLOAD_PROFILE: @@ -423,7 +423,7 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_MARKOV_THRESHOLD: user_options->markov_threshold = hc_strtoul (optarg, NULL, 10); break; case IDX_MARKOV_HCSTAT2: user_options->markov_hcstat2 = optarg; break; case IDX_OUTFILE: user_options->outfile = optarg; break; - case IDX_OUTFILE_FORMAT: user_options->outfile_format = hc_strtoul (optarg, NULL, 10); + case IDX_OUTFILE_FORMAT: user_options->outfile_format = optarg; user_options->outfile_format_chgd = true; break; case IDX_OUTFILE_AUTOHEX_DISABLE: user_options->outfile_autohex = false; break; case IDX_OUTFILE_CHECK_TIMER: user_options->outfile_check_timer = hc_strtoul (optarg, NULL, 10); break; @@ -659,7 +659,9 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) return -1; } - if (user_options->outfile_format > 16) + const u32 outfile_format = outfile_format_parse (user_options->outfile_format); + + if (outfile_format == 0) { event_log_error (hashcat_ctx, "Invalid --outfile-format value specified."); @@ -670,7 +672,7 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) { if (user_options->outfile_format_chgd == true) { - if (user_options->outfile_format > 1) + if (outfile_format > 1) { event_log_error (hashcat_ctx, "Combining --outfile-format > 1 with --left is not allowed."); @@ -683,9 +685,23 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) { if (user_options->outfile_format_chgd == true) { - if (user_options->outfile_format > 7) + if (outfile_format & OUTFILE_FMT_CRACKPOS) { - event_log_error (hashcat_ctx, "Combining --outfile-format > 7 with --show is not allowed."); + event_log_error (hashcat_ctx, "Using crack_pos in --outfile-format for --show is not allowed."); + + return -1; + } + + if (outfile_format & OUTFILE_FMT_TIME_ABS) + { + event_log_error (hashcat_ctx, "Using the absolute timestamp in --outfile-format for --show is not allowed."); + + return -1; + } + + if (outfile_format & OUTFILE_FMT_TIME_REL) + { + event_log_error (hashcat_ctx, "Using the relative timestamp in --outfile-format for --show is not allowed."); return -1; } @@ -1688,7 +1704,7 @@ void user_options_preprocess (hashcat_ctx_t *hashcat_ctx) user_options->hash_mode = 2000; user_options->kernel_accel = 1024; user_options->backend_vector_width = 1; - user_options->outfile_format = OUTFILE_FMT_PLAIN; + user_options->outfile_format = hcstrdup ("2"); user_options->quiet = true; if (user_options->attack_mode == ATTACK_MODE_STRAIGHT) @@ -1722,7 +1738,7 @@ void user_options_preprocess (hashcat_ctx_t *hashcat_ctx) if (user_options->left == true) { - user_options->outfile_format = OUTFILE_FMT_HASH; + user_options->outfile_format = hcstrdup ("1"); } if (user_options->show == true || user_options->left == true) @@ -2829,6 +2845,7 @@ void user_options_logger (hashcat_ctx_t *hashcat_ctx) logfile_top_string (user_options->opencl_device_types); logfile_top_string (user_options->outfile); logfile_top_string (user_options->outfile_check_dir); + logfile_top_string (user_options->outfile_format); logfile_top_string (user_options->potfile_path); logfile_top_string (user_options->restore_file_path); logfile_top_string (user_options->rp_files[0]); @@ -2877,7 +2894,6 @@ void user_options_logger (hashcat_ctx_t *hashcat_ctx) logfile_top_uint (user_options->optimized_kernel_enable); logfile_top_uint (user_options->outfile_autohex); logfile_top_uint (user_options->outfile_check_timer); - logfile_top_uint (user_options->outfile_format); logfile_top_uint (user_options->wordlist_autohex_disable); logfile_top_uint (user_options->potfile_disable); logfile_top_uint (user_options->progress_only); From 0b082e2e3101c2704d85c9d3297bce7b86441b82 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Fri, 24 Jan 2020 09:42:44 +0100 Subject: [PATCH 173/300] outfile: add missing check for empty string for --outfile-format --- src/outfile.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/outfile.c b/src/outfile.c index f1d2b4989..b04a59a7a 100644 --- a/src/outfile.c +++ b/src/outfile.c @@ -29,6 +29,8 @@ u32 outfile_format_parse (const char *format_string) char *next = strtok_r (format, ",", &saveptr); + if (next == NULL) return 0; + u32 outfile_format = 0; do From ccacc508cb08d2a2b5592df0e85203e4d3a45e6a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 24 Jan 2020 10:52:12 +0100 Subject: [PATCH 174/300] Reenabled support for Intel GPU OpenCL runtime (Beignet and NEO) because a workaround was found (force -cl-std=CL2.0) --- docs/changes.txt | 2 +- include/types.h | 5 ++++ src/backend.c | 53 ++++++++++++++++++++++++++++++-------- src/modules/module_08000.c | 9 +++---- src/modules/module_21800.c | 9 +++---- 5 files changed, 54 insertions(+), 24 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 8436120af..beb33943f 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -107,7 +107,7 @@ - OpenCL Runtime: Do not run shared- and constant-memory size checks if their memory type is of type global memory (typically CPU) - OpenCL Runtime: Improve ROCm detection and make sure to not confuse with recent AMDGPU drivers - OpenCL Runtime: Not using amd_bytealign (amd_bitalign is fine) on AMDGPU driver drastically reduces JiT segfaults -- OpenCL Runtime: Reenabled support for Intel GPU OpenCL runtime +- OpenCL Runtime: Reenabled support for Intel GPU OpenCL runtime (Beignet and NEO) because a workaround was found (force -cl-std=CL2.0) - OpenCL Runtime: Unlocked maximum thread count - OpenCL Runtime: Update unstable mode warnings for Apple and AMDGPU drivers - OpenCL Runtime: Workaround JiT compiler error on AMDGPU driver compiling WPA-EAPOL-PBKDF2 OpenCL kernel diff --git a/include/types.h b/include/types.h index 099cdb19c..448b94699 100644 --- a/include/types.h +++ b/include/types.h @@ -1242,6 +1242,11 @@ typedef struct hc_device_param hc_timer_t timer_speed; + // Some more attributes + + bool use_opencl12; + bool use_opencl20; + // AMD bool has_vadd; bool has_vaddc; diff --git a/src/backend.c b/src/backend.c index 3204e7968..4961a773f 100644 --- a/src/backend.c +++ b/src/backend.c @@ -5242,6 +5242,11 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) device_param->is_cuda = true; + device_param->is_opencl = false; + + device_param->use_opencl12 = false; + device_param->use_opencl20 = false; + // device_name char *device_name = (char *) hcmalloc (HCBUFSIZ_TINY); @@ -5550,8 +5555,13 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) //device_param->opencl_platform = opencl_platform; + device_param->is_cuda = false; + device_param->is_opencl = true; + device_param->use_opencl12 = false; + device_param->use_opencl20 = false; + size_t param_value_size = 0; // opencl_device_type @@ -5665,6 +5675,23 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) device_param->opencl_device_c_version = opencl_device_c_version; + // check OpenCL version + + int opencl_version_min = 0; + int opencl_version_maj = 0; + + if (sscanf (opencl_device_c_version, "OpenCL C %d.%d", &opencl_version_min, &opencl_version_maj) == 2) + { + if ((opencl_version_min == 1) && (opencl_version_maj == 2)) + { + device_param->use_opencl12 = true; + } + else if ((opencl_version_min == 2) && (opencl_version_maj == 0)) + { + device_param->use_opencl20 = true; + } + } + // max_compute_units cl_uint device_processors = 0; @@ -6142,17 +6169,6 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) if (user_options->quiet == false) event_log_warning (hashcat_ctx, " To disable the timeout, see: https://hashcat.net/q/timeoutpatch"); } } - - if ((strstr (device_param->opencl_device_c_version, "beignet")) || (strstr (device_param->opencl_device_version, "beignet"))) - { - event_log_error (hashcat_ctx, "* Device #%u: Intel beignet driver detected!", device_id + 1); - - event_log_warning (hashcat_ctx, "The beignet driver has been marked as likely to fail kernel compilation."); - event_log_warning (hashcat_ctx, "You can use --force to override this, but do not report related errors."); - event_log_warning (hashcat_ctx, NULL); - - return -1; - } } } @@ -7147,6 +7163,21 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D KERNEL_STATIC -I OpenCL -I %s ", folder_config->cpath_real); #endif + // workarounds reproduceable bugs on some OpenCL runtimes (Beignet and NEO) + // ex: remove empty code in m04, m08 and m16 in OpenCL/m05600_a3-optimized.cl will break s04 kernel (not cracking anymore) + + if (device_param->is_opencl == true) + { + if (device_param->use_opencl12 == true) + { + build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-cl-std=CL1.2 "); + } + else if (device_param->use_opencl20 == true) + { + build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-cl-std=CL2.0 "); + } + } + // we don't have sm_* on vendors not NV but it doesn't matter #if defined (DEBUG) diff --git a/src/modules/module_08000.c b/src/modules/module_08000.c index 7d420fc90..9ac33a4a5 100644 --- a/src/modules/module_08000.c +++ b/src/modules/module_08000.c @@ -58,13 +58,10 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) { - // self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } + return true; } return false; diff --git a/src/modules/module_21800.c b/src/modules/module_21800.c index be304d205..1bb067efc 100644 --- a/src/modules/module_21800.c +++ b/src/modules/module_21800.c @@ -96,13 +96,10 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) { - // self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } + return true; } // hangs somewhere in zlib inflate From 041a77702507adc64e7ab799e24893d56a3e023c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 24 Jan 2020 13:24:19 +0100 Subject: [PATCH 175/300] OpenCL Runtime: Unlocked maximum thread count for NVIDIA GPU --- docs/changes.txt | 2 +- src/backend.c | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index beb33943f..8df8cadeb 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -108,7 +108,7 @@ - OpenCL Runtime: Improve ROCm detection and make sure to not confuse with recent AMDGPU drivers - OpenCL Runtime: Not using amd_bytealign (amd_bitalign is fine) on AMDGPU driver drastically reduces JiT segfaults - OpenCL Runtime: Reenabled support for Intel GPU OpenCL runtime (Beignet and NEO) because a workaround was found (force -cl-std=CL2.0) -- OpenCL Runtime: Unlocked maximum thread count +- OpenCL Runtime: Unlocked maximum thread count for NVIDIA GPU - OpenCL Runtime: Update unstable mode warnings for Apple and AMDGPU drivers - OpenCL Runtime: Workaround JiT compiler error on AMDGPU driver compiling WPA-EAPOL-PBKDF2 OpenCL kernel - OpenCL Runtime: Workaround JiT compiler error on ROCm 2.3 driver if the 'inline' keyword is used in function declaration diff --git a/src/backend.c b/src/backend.c index 4961a773f..0f43a29d1 100644 --- a/src/backend.c +++ b/src/backend.c @@ -6722,14 +6722,31 @@ static u32 get_kernel_threads (const hc_device_param_t *device_param) kernel_threads_max = MIN (kernel_threads_max, device_maxworkgroup_size); - // for CPU we just do 1 ... - if (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU) { + // for all CPU we just do 1 ... + const u32 cpu_prefered_thread_count = 1; kernel_threads_max = MIN (kernel_threads_max, cpu_prefered_thread_count); } + else if (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU) + { + // for GPU we need to distinguish by vendor + + if (device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) + { + const u32 gpu_prefered_thread_count = 8; + + kernel_threads_max = MIN (kernel_threads_max, gpu_prefered_thread_count); + } + else if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) + { + const u32 gpu_prefered_thread_count = 64; + + kernel_threads_max = MIN (kernel_threads_max, gpu_prefered_thread_count); + } + } // this is intenionally! at this point, kernel_threads_min can be higher than kernel_threads_max. // in this case we actually want kernel_threads_min selected. From ebd904a179b4282c66bef3b9c62d8f8c336aae82 Mon Sep 17 00:00:00 2001 From: philsmd Date: Fri, 24 Jan 2020 18:43:13 +0100 Subject: [PATCH 176/300] outfile: improved version of OUTFILE_FORMAT assignment --- include/types.h | 2 +- src/interface.c | 2 +- src/modules/module_09710.c | 2 +- src/modules/module_09810.c | 2 +- src/modules/module_10410.c | 2 +- src/outfile.c | 11 ++++++++--- src/user_options.c | 22 ++++++++++------------ 7 files changed, 23 insertions(+), 20 deletions(-) diff --git a/include/types.h b/include/types.h index 057085768..b0237d13b 100644 --- a/include/types.h +++ b/include/types.h @@ -1925,7 +1925,6 @@ typedef struct user_options char *opencl_device_types; char *outfile; char *outfile_check_dir; - char *outfile_format; char *potfile_path; char *restore_file_path; char **rp_files; @@ -1965,6 +1964,7 @@ typedef struct user_options u32 spin_damp; u32 backend_vector_width; u32 outfile_check_timer; + u32 outfile_format; u32 remove_timer; u32 restore_timer; u32 rp_files_cnt; diff --git a/src/interface.c b/src/interface.c index 76ef8b330..9b5ca7b14 100644 --- a/src/interface.c +++ b/src/interface.c @@ -516,7 +516,7 @@ u32 default_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY u32 default_forced_outfile_format (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 forced_outfile_format = outfile_format_parse (user_options->outfile_format); + const u32 forced_outfile_format = user_options->outfile_format; return forced_outfile_format; } diff --git a/src/modules/module_09710.c b/src/modules/module_09710.c index f2f8b662a..2f7a5957a 100644 --- a/src/modules/module_09710.c +++ b/src/modules/module_09710.c @@ -99,7 +99,7 @@ const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, u32 module_forced_outfile_format (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 forced_outfile_format = 5; + const u32 forced_outfile_format = OUTFILE_FMT_HASH | OUTFILE_FMT_HEXPLAIN; return forced_outfile_format; } diff --git a/src/modules/module_09810.c b/src/modules/module_09810.c index ecbba7c64..fd80151fa 100644 --- a/src/modules/module_09810.c +++ b/src/modules/module_09810.c @@ -98,7 +98,7 @@ const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, u32 module_forced_outfile_format (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 forced_outfile_format = 5; + const u32 forced_outfile_format = OUTFILE_FMT_HASH | OUTFILE_FMT_HEXPLAIN; return forced_outfile_format; } diff --git a/src/modules/module_10410.c b/src/modules/module_10410.c index 96624d904..d641ae03c 100644 --- a/src/modules/module_10410.c +++ b/src/modules/module_10410.c @@ -107,7 +107,7 @@ const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, u32 module_forced_outfile_format (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 forced_outfile_format = 5; + const u32 forced_outfile_format = OUTFILE_FMT_HASH | OUTFILE_FMT_HEXPLAIN; return forced_outfile_format; } diff --git a/src/outfile.c b/src/outfile.c index b04a59a7a..2e49a4597 100644 --- a/src/outfile.c +++ b/src/outfile.c @@ -19,7 +19,7 @@ u32 outfile_format_parse (const char *format_string) { - if (format_string == NULL) return OUTFILE_FORMAT; // default outfile format + if (format_string == NULL) return 0; char *format = hcstrdup (format_string); @@ -29,7 +29,12 @@ u32 outfile_format_parse (const char *format_string) char *next = strtok_r (format, ",", &saveptr); - if (next == NULL) return 0; + if (next == NULL) + { + hcfree (format); + + return 0; + } u32 outfile_format = 0; @@ -484,7 +489,7 @@ int outfile_init (hashcat_ctx_t *hashcat_ctx) outfile_ctx->fp.pfp = NULL; outfile_ctx->filename = user_options->outfile; - outfile_ctx->outfile_format = outfile_format_parse (user_options->outfile_format); + outfile_ctx->outfile_format = user_options->outfile_format; outfile_ctx->outfile_autohex = user_options->outfile_autohex; return 0; diff --git a/src/user_options.c b/src/user_options.c index 9d7fa473e..57e09a7ce 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -219,7 +219,7 @@ int user_options_init (hashcat_ctx_t *hashcat_ctx) user_options->outfile_autohex = OUTFILE_AUTOHEX; user_options->outfile_check_dir = NULL; user_options->outfile_check_timer = OUTFILE_CHECK_TIMER; - user_options->outfile_format = NULL; + user_options->outfile_format = OUTFILE_FORMAT; user_options->outfile = NULL; user_options->potfile_disable = POTFILE_DISABLE; user_options->potfile_path = NULL; @@ -423,7 +423,7 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_MARKOV_THRESHOLD: user_options->markov_threshold = hc_strtoul (optarg, NULL, 10); break; case IDX_MARKOV_HCSTAT2: user_options->markov_hcstat2 = optarg; break; case IDX_OUTFILE: user_options->outfile = optarg; break; - case IDX_OUTFILE_FORMAT: user_options->outfile_format = optarg; + case IDX_OUTFILE_FORMAT: user_options->outfile_format = outfile_format_parse (optarg); user_options->outfile_format_chgd = true; break; case IDX_OUTFILE_AUTOHEX_DISABLE: user_options->outfile_autohex = false; break; case IDX_OUTFILE_CHECK_TIMER: user_options->outfile_check_timer = hc_strtoul (optarg, NULL, 10); break; @@ -659,9 +659,7 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) return -1; } - const u32 outfile_format = outfile_format_parse (user_options->outfile_format); - - if (outfile_format == 0) + if (user_options->outfile_format == 0) { event_log_error (hashcat_ctx, "Invalid --outfile-format value specified."); @@ -672,7 +670,7 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) { if (user_options->outfile_format_chgd == true) { - if (outfile_format > 1) + if (user_options->outfile_format > 1) { event_log_error (hashcat_ctx, "Combining --outfile-format > 1 with --left is not allowed."); @@ -685,21 +683,21 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) { if (user_options->outfile_format_chgd == true) { - if (outfile_format & OUTFILE_FMT_CRACKPOS) + if (user_options->outfile_format & OUTFILE_FMT_CRACKPOS) { event_log_error (hashcat_ctx, "Using crack_pos in --outfile-format for --show is not allowed."); return -1; } - if (outfile_format & OUTFILE_FMT_TIME_ABS) + if (user_options->outfile_format & OUTFILE_FMT_TIME_ABS) { event_log_error (hashcat_ctx, "Using the absolute timestamp in --outfile-format for --show is not allowed."); return -1; } - if (outfile_format & OUTFILE_FMT_TIME_REL) + if (user_options->outfile_format & OUTFILE_FMT_TIME_REL) { event_log_error (hashcat_ctx, "Using the relative timestamp in --outfile-format for --show is not allowed."); @@ -1704,7 +1702,7 @@ void user_options_preprocess (hashcat_ctx_t *hashcat_ctx) user_options->hash_mode = 2000; user_options->kernel_accel = 1024; user_options->backend_vector_width = 1; - user_options->outfile_format = hcstrdup ("2"); + user_options->outfile_format = OUTFILE_FMT_PLAIN; user_options->quiet = true; if (user_options->attack_mode == ATTACK_MODE_STRAIGHT) @@ -1738,7 +1736,7 @@ void user_options_preprocess (hashcat_ctx_t *hashcat_ctx) if (user_options->left == true) { - user_options->outfile_format = hcstrdup ("1"); + user_options->outfile_format = OUTFILE_FMT_HASH; } if (user_options->show == true || user_options->left == true) @@ -2845,7 +2843,6 @@ void user_options_logger (hashcat_ctx_t *hashcat_ctx) logfile_top_string (user_options->opencl_device_types); logfile_top_string (user_options->outfile); logfile_top_string (user_options->outfile_check_dir); - logfile_top_string (user_options->outfile_format); logfile_top_string (user_options->potfile_path); logfile_top_string (user_options->restore_file_path); logfile_top_string (user_options->rp_files[0]); @@ -2894,6 +2891,7 @@ void user_options_logger (hashcat_ctx_t *hashcat_ctx) logfile_top_uint (user_options->optimized_kernel_enable); logfile_top_uint (user_options->outfile_autohex); logfile_top_uint (user_options->outfile_check_timer); + logfile_top_uint (user_options->outfile_format); logfile_top_uint (user_options->wordlist_autohex_disable); logfile_top_uint (user_options->potfile_disable); logfile_top_uint (user_options->progress_only); From 7764d1e7e10645512c78d96b9b5bda34fe22efd7 Mon Sep 17 00:00:00 2001 From: philsmd Date: Fri, 24 Jan 2020 18:47:01 +0100 Subject: [PATCH 177/300] outfile: remove unnecessary include --- src/interface.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/interface.c b/src/interface.c index 9b5ca7b14..68be9f796 100644 --- a/src/interface.c +++ b/src/interface.c @@ -12,7 +12,6 @@ #include "modules.h" #include "dynloader.h" #include "interface.h" -#include "outfile.h" /** * parsing From 42b3ef7b90959a0cc27b6af9067815369d16f73e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 25 Jan 2020 11:26:34 +0100 Subject: [PATCH 178/300] Mark -m 137xx as unstable on rocm --- src/modules/module_13711.c | 13 ++++++++++++- src/modules/module_13712.c | 13 ++++++++++++- src/modules/module_13713.c | 13 ++++++++++++- src/modules/module_13721.c | 13 ++++++++++++- src/modules/module_13722.c | 13 ++++++++++++- src/modules/module_13723.c | 13 ++++++++++++- src/modules/module_13731.c | 6 ++++++ src/modules/module_13732.c | 6 ++++++ src/modules/module_13733.c | 6 ++++++ src/modules/module_13741.c | 13 ++++++++++++- src/modules/module_13742.c | 13 ++++++++++++- src/modules/module_13743.c | 13 ++++++++++++- src/modules/module_13751.c | 13 ++++++++++++- src/modules/module_13752.c | 13 ++++++++++++- src/modules/module_13753.c | 13 ++++++++++++- src/modules/module_13761.c | 13 ++++++++++++- src/modules/module_13762.c | 13 ++++++++++++- src/modules/module_13763.c | 13 ++++++++++++- src/modules/module_13771.c | 13 ++++++++++++- src/modules/module_13772.c | 13 ++++++++++++- src/modules/module_13773.c | 13 ++++++++++++- 21 files changed, 234 insertions(+), 18 deletions(-) diff --git a/src/modules/module_13711.c b/src/modules/module_13711.c index 87852ec44..3f9b114d5 100644 --- a/src/modules/module_13711.c +++ b/src/modules/module_13711.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_655331 = 655331; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -348,6 +359,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13712.c b/src/modules/module_13712.c index c8179fb71..ff2cb7825 100644 --- a/src/modules/module_13712.c +++ b/src/modules/module_13712.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_655331 = 655331; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -348,6 +359,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13713.c b/src/modules/module_13713.c index 062378441..2477326d2 100644 --- a/src/modules/module_13713.c +++ b/src/modules/module_13713.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_655331 = 655331; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -348,6 +359,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13721.c b/src/modules/module_13721.c index fba2cc96d..e1ffa152d 100644 --- a/src/modules/module_13721.c +++ b/src/modules/module_13721.c @@ -78,6 +78,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_tmp_t *vc64_tmp = (const vc64_tmp_t *) tmps; @@ -346,6 +357,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13722.c b/src/modules/module_13722.c index 7e8257b77..efde93aa3 100644 --- a/src/modules/module_13722.c +++ b/src/modules/module_13722.c @@ -78,6 +78,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_tmp_t *vc64_tmp = (const vc64_tmp_t *) tmps; @@ -346,6 +357,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13723.c b/src/modules/module_13723.c index 5b9c5cb94..852a31fde 100644 --- a/src/modules/module_13723.c +++ b/src/modules/module_13723.c @@ -78,6 +78,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_tmp_t *vc64_tmp = (const vc64_tmp_t *) tmps; @@ -346,6 +357,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13731.c b/src/modules/module_13731.c index 850af5c39..06e5fde42 100644 --- a/src/modules/module_13731.c +++ b/src/modules/module_13731.c @@ -79,6 +79,12 @@ static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) { // self-test failed diff --git a/src/modules/module_13732.c b/src/modules/module_13732.c index 4cbfd30a5..a916d6b0d 100644 --- a/src/modules/module_13732.c +++ b/src/modules/module_13732.c @@ -79,6 +79,12 @@ static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) { // self-test failed diff --git a/src/modules/module_13733.c b/src/modules/module_13733.c index 442343804..e0ee9d78c 100644 --- a/src/modules/module_13733.c +++ b/src/modules/module_13733.c @@ -79,6 +79,12 @@ static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) { // self-test failed diff --git a/src/modules/module_13741.c b/src/modules/module_13741.c index 45fa7d48c..2c66fbd02 100644 --- a/src/modules/module_13741.c +++ b/src/modules/module_13741.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_327661 = 327661; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -349,6 +360,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13742.c b/src/modules/module_13742.c index eda71240c..90ae74e1c 100644 --- a/src/modules/module_13742.c +++ b/src/modules/module_13742.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_327661 = 327661; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -349,6 +360,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13743.c b/src/modules/module_13743.c index fb3b75f0f..e9fba371d 100644 --- a/src/modules/module_13743.c +++ b/src/modules/module_13743.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_327661 = 327661; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -349,6 +360,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13751.c b/src/modules/module_13751.c index dae3c2d94..8847376ee 100644 --- a/src/modules/module_13751.c +++ b/src/modules/module_13751.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -348,6 +359,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13752.c b/src/modules/module_13752.c index 9f847766b..c443a5ecb 100644 --- a/src/modules/module_13752.c +++ b/src/modules/module_13752.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -348,6 +359,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13753.c b/src/modules/module_13753.c index 8113f044c..7301607a8 100644 --- a/src/modules/module_13753.c +++ b/src/modules/module_13753.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -348,6 +359,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13761.c b/src/modules/module_13761.c index 5fc1a1376..e219ad859 100644 --- a/src/modules/module_13761.c +++ b/src/modules/module_13761.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_200000 = 200000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -349,6 +360,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13762.c b/src/modules/module_13762.c index b0da01aa7..fd6c7e43f 100644 --- a/src/modules/module_13762.c +++ b/src/modules/module_13762.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_200000 = 200000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -349,6 +360,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13763.c b/src/modules/module_13763.c index 09fb93505..7821e6cf4 100644 --- a/src/modules/module_13763.c +++ b/src/modules/module_13763.c @@ -77,6 +77,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_200000 = 200000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -349,6 +360,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13771.c b/src/modules/module_13771.c index f788981ef..71b1c0b77 100644 --- a/src/modules/module_13771.c +++ b/src/modules/module_13771.c @@ -81,6 +81,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -352,6 +363,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13772.c b/src/modules/module_13772.c index e52ee2725..d2516a20c 100644 --- a/src/modules/module_13772.c +++ b/src/modules/module_13772.c @@ -81,6 +81,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -352,6 +363,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13773.c b/src/modules/module_13773.c index 20634ebe4..28b6eae55 100644 --- a/src/modules/module_13773.c +++ b/src/modules/module_13773.c @@ -81,6 +81,17 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // allocate SGPR spill should have worked.. UNREACHABLE executed at.. + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + return true; + } + + return false; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -352,6 +363,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } From 3561e7b8d730dd68dcd7e1507a73d5733ba905f1 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 25 Jan 2020 12:09:39 +0100 Subject: [PATCH 179/300] Add special ROCM detection in OpenCL/inc_vendor.h --- OpenCL/inc_vendor.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/OpenCL/inc_vendor.h b/OpenCL/inc_vendor.h index 6924fd37c..4f8a1f38a 100644 --- a/OpenCL/inc_vendor.h +++ b/OpenCL/inc_vendor.h @@ -88,6 +88,10 @@ #define IS_GENERIC #endif +#if defined IS_AMD && HAS_VPERM == 1 +#define IS_ROCM +#endif + #define LOCAL_MEM_TYPE_LOCAL 1 #define LOCAL_MEM_TYPE_GLOBAL 2 @@ -152,6 +156,11 @@ #define USE_ROTATE #endif +#ifdef IS_ROCM +#define USE_BITSELECT +#define USE_ROTATE +#endif + #ifdef IS_OPENCL //#define USE_BITSELECT //#define USE_ROTATE From 424a6ee8e98e20fe18ea856b1cea06a5ba27c53f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 26 Jan 2020 10:45:41 +0100 Subject: [PATCH 180/300] Fix endianess of MIC in -m 22000 and -m 22001 outfile format --- src/modules/module_22000.c | 8 ++++---- src/modules/module_22001.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c index 9f25c6dd3..b914157e4 100644 --- a/src/modules/module_22000.c +++ b/src/modules/module_22000.c @@ -1202,10 +1202,10 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE } else if (wpa->type == 2) { - u32_to_hex (wpa->keymic[0], (u8 *) line_buf + line_len); line_len += 8; - u32_to_hex (wpa->keymic[1], (u8 *) line_buf + line_len); line_len += 8; - u32_to_hex (wpa->keymic[2], (u8 *) line_buf + line_len); line_len += 8; - u32_to_hex (wpa->keymic[3], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (byte_swap_32 (wpa->keymic[0]), (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (byte_swap_32 (wpa->keymic[1]), (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (byte_swap_32 (wpa->keymic[2]), (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (byte_swap_32 (wpa->keymic[3]), (u8 *) line_buf + line_len); line_len += 8; } line_buf[line_len] = ':'; diff --git a/src/modules/module_22001.c b/src/modules/module_22001.c index 8a0ad8710..9a3465266 100644 --- a/src/modules/module_22001.c +++ b/src/modules/module_22001.c @@ -1203,10 +1203,10 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE } else if (wpa->type == 2) { - u32_to_hex (wpa->keymic[0], (u8 *) line_buf + line_len); line_len += 8; - u32_to_hex (wpa->keymic[1], (u8 *) line_buf + line_len); line_len += 8; - u32_to_hex (wpa->keymic[2], (u8 *) line_buf + line_len); line_len += 8; - u32_to_hex (wpa->keymic[3], (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (byte_swap_32 (wpa->keymic[0]), (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (byte_swap_32 (wpa->keymic[1]), (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (byte_swap_32 (wpa->keymic[2]), (u8 *) line_buf + line_len); line_len += 8; + u32_to_hex (byte_swap_32 (wpa->keymic[3]), (u8 *) line_buf + line_len); line_len += 8; } line_buf[line_len] = ':'; From 7d9461f8b9cbffbd77fc2f99bbca9d3ff50b80d7 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 26 Jan 2020 18:38:47 +0100 Subject: [PATCH 181/300] Add -m 11600 optimized kernel --- OpenCL/m11600-optimized.cl | 255 +++++++++++++++++++++++++++++++++++ OpenCL/m11600-pure.cl | 73 +++++----- src/interface.c | 40 +++--- src/modules/module_11600.c | 42 +++++- tools/test_modules/m11600.pm | 2 +- 5 files changed, 351 insertions(+), 61 deletions(-) create mode 100644 OpenCL/m11600-optimized.cl diff --git a/OpenCL/m11600-optimized.cl b/OpenCL/m11600-optimized.cl new file mode 100644 index 000000000..835522f44 --- /dev/null +++ b/OpenCL/m11600-optimized.cl @@ -0,0 +1,255 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_hash_sha256.cl" +#endif + +typedef struct seven_zip_tmp +{ + u32 h[8]; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + int len; + +} seven_zip_tmp_t; + +typedef struct +{ + u32 ukey[8]; + + u32 hook_success; + +} seven_zip_hook_t; + +#define PUTCHAR(a,p,c) ((u8 *)(a))[(p)] = (u8) (c) +#define GETCHAR(a,p) ((u8 *)(a))[(p)] + +#define PUTCHAR_BE(a,p,c) ((u8 *)(a))[(p) ^ 3] = (u8) (c) +#define GETCHAR_BE(a,p) ((u8 *)(a))[(p) ^ 3] + +#define MIN(a,b) (((a) < (b)) ? (a) : (b)) + +KERNEL_FQ void m11600_init (KERN_ATTR_TMPS_HOOKS (seven_zip_tmp_t, seven_zip_hook_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + tmps[gid].h[0] = SHA256M_A; + tmps[gid].h[1] = SHA256M_B; + tmps[gid].h[2] = SHA256M_C; + tmps[gid].h[3] = SHA256M_D; + tmps[gid].h[4] = SHA256M_E; + tmps[gid].h[5] = SHA256M_F; + tmps[gid].h[6] = SHA256M_G; + tmps[gid].h[7] = SHA256M_H; + + tmps[gid].len = 0; +} + +KERNEL_FQ void m11600_loop (KERN_ATTR_TMPS_HOOKS (seven_zip_tmp_t, seven_zip_hook_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 pw_buf[5]; + + pw_buf[0] = pws[gid].i[0]; + pw_buf[1] = pws[gid].i[1]; + pw_buf[2] = pws[gid].i[2]; + pw_buf[3] = pws[gid].i[3]; + pw_buf[4] = pws[gid].i[4]; + + const u32 pw_len = MIN (pws[gid].pw_len, 20); + + // this is large enough to hold all possible w[] arrays for 64 iterations + + #define LARGEBLOCK_ELEMS ((40 + 8) * 16) + + u32 largeblock[LARGEBLOCK_ELEMS]; + + u8 *ptr = (u8 *) largeblock; + + for (u32 i = 0; i < LARGEBLOCK_ELEMS; i++) largeblock[i] = 0; + + u32 loop_pos_pos = loop_pos; + + for (u32 i = 0, p = 0; i < 64; i++) + { + for (u32 j = 0; j < pw_len; j++, p += 2) + { + PUTCHAR_BE (largeblock, p, GETCHAR (pw_buf, j)); + } + + const u8 byte2 = unpack_v8c_from_v32_S (loop_pos_pos); + const u8 byte3 = unpack_v8d_from_v32_S (loop_pos_pos); + + PUTCHAR_BE (largeblock, p + 2, byte2); + PUTCHAR_BE (largeblock, p + 3, byte3); + + loop_pos_pos++; + + p += 8; + } + + u32 h[8]; + + h[0] = tmps[gid].h[0]; + h[1] = tmps[gid].h[1]; + h[2] = tmps[gid].h[2]; + h[3] = tmps[gid].h[3]; + h[4] = tmps[gid].h[4]; + h[5] = tmps[gid].h[5]; + h[6] = tmps[gid].h[6]; + h[7] = tmps[gid].h[7]; + + const int iter64 = (pw_len * 2) + 8; + + loop_pos_pos = loop_pos; + + for (u32 i = 0; i < loop_cnt; i += 64) + { + // iteration set + for (u32 i = 0, p = pw_len * 2; i < 64; i++, p += iter64) + { + const u8 byte0 = unpack_v8a_from_v32_S (loop_pos_pos); + const u8 byte1 = unpack_v8b_from_v32_S (loop_pos_pos); + + PUTCHAR_BE (largeblock, p + 0, byte0); + PUTCHAR_BE (largeblock, p + 1, byte1); + + loop_pos_pos++; + } + + // full 64 byte buffer + for (int j = 0, j16 = 0; j < iter64; j++, j16 += 16) + { + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = largeblock[j16 + 0]; + w0[1] = largeblock[j16 + 1]; + w0[2] = largeblock[j16 + 2]; + w0[3] = largeblock[j16 + 3]; + w1[0] = largeblock[j16 + 4]; + w1[1] = largeblock[j16 + 5]; + w1[2] = largeblock[j16 + 6]; + w1[3] = largeblock[j16 + 7]; + w2[0] = largeblock[j16 + 8]; + w2[1] = largeblock[j16 + 9]; + w2[2] = largeblock[j16 + 10]; + w2[3] = largeblock[j16 + 11]; + w3[0] = largeblock[j16 + 12]; + w3[1] = largeblock[j16 + 13]; + w3[2] = largeblock[j16 + 14]; + w3[3] = largeblock[j16 + 15]; + + sha256_transform (w0, w1, w2, w3, h); + } + } + + tmps[gid].len += loop_cnt * iter64; + + tmps[gid].h[0] = h[0]; + tmps[gid].h[1] = h[1]; + tmps[gid].h[2] = h[2]; + tmps[gid].h[3] = h[3]; + tmps[gid].h[4] = h[4]; + tmps[gid].h[5] = h[5]; + tmps[gid].h[6] = h[6]; + tmps[gid].h[7] = h[7]; +} + +KERNEL_FQ void m11600_hook23 (KERN_ATTR_TMPS_HOOKS (seven_zip_tmp_t, seven_zip_hook_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + /** + * context load + */ + + u32 h[8]; + + h[0] = tmps[gid].h[0]; + h[1] = tmps[gid].h[1]; + h[2] = tmps[gid].h[2]; + h[3] = tmps[gid].h[3]; + h[4] = tmps[gid].h[4]; + h[5] = tmps[gid].h[5]; + h[6] = tmps[gid].h[6]; + h[7] = tmps[gid].h[7]; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = 0x80000000; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = tmps[gid].len * 8; + + sha256_transform (w0, w1, w2, w3, h); + + hooks[gid].ukey[0] = hc_swap32_S (h[0]); + hooks[gid].ukey[1] = hc_swap32_S (h[1]); + hooks[gid].ukey[2] = hc_swap32_S (h[2]); + hooks[gid].ukey[3] = hc_swap32_S (h[3]); + hooks[gid].ukey[4] = hc_swap32_S (h[4]); + hooks[gid].ukey[5] = hc_swap32_S (h[5]); + hooks[gid].ukey[6] = hc_swap32_S (h[6]); + hooks[gid].ukey[7] = hc_swap32_S (h[7]); +} + +KERNEL_FQ void m11600_comp (KERN_ATTR_TMPS_HOOKS (seven_zip_tmp_t, seven_zip_hook_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + if (hooks[gid].hook_success == 1) + { + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, 0, 0, 0); + } + + return; + } +} diff --git a/OpenCL/m11600-pure.cl b/OpenCL/m11600-pure.cl index 545a0545c..481deb161 100644 --- a/OpenCL/m11600-pure.cl +++ b/OpenCL/m11600-pure.cl @@ -289,46 +289,49 @@ KERNEL_FQ void m11600_hook23 (KERN_ATTR_TMPS_HOOKS (seven_zip_tmp_t, seven_zip_h * context load */ - sha256_ctx_t ctx; + u32 h[8]; - ctx.h[0] = tmps[gid].h[0]; - ctx.h[1] = tmps[gid].h[1]; - ctx.h[2] = tmps[gid].h[2]; - ctx.h[3] = tmps[gid].h[3]; - ctx.h[4] = tmps[gid].h[4]; - ctx.h[5] = tmps[gid].h[5]; - ctx.h[6] = tmps[gid].h[6]; - ctx.h[7] = tmps[gid].h[7]; + h[0] = tmps[gid].h[0]; + h[1] = tmps[gid].h[1]; + h[2] = tmps[gid].h[2]; + h[3] = tmps[gid].h[3]; + h[4] = tmps[gid].h[4]; + h[5] = tmps[gid].h[5]; + h[6] = tmps[gid].h[6]; + h[7] = tmps[gid].h[7]; - ctx.w0[0] = tmps[gid].w0[0]; - ctx.w0[1] = tmps[gid].w0[1]; - ctx.w0[2] = tmps[gid].w0[2]; - ctx.w0[3] = tmps[gid].w0[3]; - ctx.w1[0] = tmps[gid].w1[0]; - ctx.w1[1] = tmps[gid].w1[1]; - ctx.w1[2] = tmps[gid].w1[2]; - ctx.w1[3] = tmps[gid].w1[3]; - ctx.w2[0] = tmps[gid].w2[0]; - ctx.w2[1] = tmps[gid].w2[1]; - ctx.w2[2] = tmps[gid].w2[2]; - ctx.w2[3] = tmps[gid].w2[3]; - ctx.w3[0] = tmps[gid].w3[0]; - ctx.w3[1] = tmps[gid].w3[1]; - ctx.w3[2] = tmps[gid].w3[2]; - ctx.w3[3] = tmps[gid].w3[3]; + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; - ctx.len = tmps[gid].len; + w0[0] = 0x80000000; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = tmps[gid].len * 8; - sha256_final (&ctx); + sha256_transform (w0, w1, w2, w3, h); - hooks[gid].ukey[0] = hc_swap32_S (ctx.h[0]); - hooks[gid].ukey[1] = hc_swap32_S (ctx.h[1]); - hooks[gid].ukey[2] = hc_swap32_S (ctx.h[2]); - hooks[gid].ukey[3] = hc_swap32_S (ctx.h[3]); - hooks[gid].ukey[4] = hc_swap32_S (ctx.h[4]); - hooks[gid].ukey[5] = hc_swap32_S (ctx.h[5]); - hooks[gid].ukey[6] = hc_swap32_S (ctx.h[6]); - hooks[gid].ukey[7] = hc_swap32_S (ctx.h[7]); + hooks[gid].ukey[0] = hc_swap32_S (h[0]); + hooks[gid].ukey[1] = hc_swap32_S (h[1]); + hooks[gid].ukey[2] = hc_swap32_S (h[2]); + hooks[gid].ukey[3] = hc_swap32_S (h[3]); + hooks[gid].ukey[4] = hc_swap32_S (h[4]); + hooks[gid].ukey[5] = hc_swap32_S (h[5]); + hooks[gid].ukey[6] = hc_swap32_S (h[6]); + hooks[gid].ukey[7] = hc_swap32_S (h[7]); } KERNEL_FQ void m11600_comp (KERN_ATTR_TMPS_HOOKS (seven_zip_tmp_t, seven_zip_hook_t)) diff --git a/src/interface.c b/src/interface.c index 68be9f796..e514a1ca8 100644 --- a/src/interface.c +++ b/src/interface.c @@ -92,12 +92,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->hlfmt_disable = default_hlfmt_disable (hashconfig, user_options, user_options_extra); hashconfig->hook_salt_size = default_hook_salt_size (hashconfig, user_options, user_options_extra); hashconfig->hook_size = default_hook_size (hashconfig, user_options, user_options_extra); - hashconfig->kernel_accel_min = default_kernel_accel_min (hashconfig, user_options, user_options_extra); - hashconfig->kernel_accel_max = default_kernel_accel_max (hashconfig, user_options, user_options_extra); - hashconfig->kernel_loops_min = default_kernel_loops_min (hashconfig, user_options, user_options_extra); - hashconfig->kernel_loops_max = default_kernel_loops_max (hashconfig, user_options, user_options_extra); - hashconfig->kernel_threads_min = default_kernel_threads_min (hashconfig, user_options, user_options_extra); - hashconfig->kernel_threads_max = default_kernel_threads_max (hashconfig, user_options, user_options_extra); hashconfig->outfile_check_disable = default_outfile_check_disable (hashconfig, user_options, user_options_extra); hashconfig->outfile_check_nocomp = default_outfile_check_nocomp (hashconfig, user_options, user_options_extra); hashconfig->potfile_disable = default_potfile_disable (hashconfig, user_options, user_options_extra); @@ -267,12 +261,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) if (module_ctx->module_hlfmt_disable != MODULE_DEFAULT) hashconfig->hlfmt_disable = module_ctx->module_hlfmt_disable (hashconfig, user_options, user_options_extra); if (module_ctx->module_hook_salt_size != MODULE_DEFAULT) hashconfig->hook_salt_size = module_ctx->module_hook_salt_size (hashconfig, user_options, user_options_extra); if (module_ctx->module_hook_size != MODULE_DEFAULT) hashconfig->hook_size = module_ctx->module_hook_size (hashconfig, user_options, user_options_extra); - if (module_ctx->module_kernel_accel_min != MODULE_DEFAULT) hashconfig->kernel_accel_min = module_ctx->module_kernel_accel_min (hashconfig, user_options, user_options_extra); - if (module_ctx->module_kernel_accel_max != MODULE_DEFAULT) hashconfig->kernel_accel_max = module_ctx->module_kernel_accel_max (hashconfig, user_options, user_options_extra); - if (module_ctx->module_kernel_loops_min != MODULE_DEFAULT) hashconfig->kernel_loops_min = module_ctx->module_kernel_loops_min (hashconfig, user_options, user_options_extra); - if (module_ctx->module_kernel_loops_max != MODULE_DEFAULT) hashconfig->kernel_loops_max = module_ctx->module_kernel_loops_max (hashconfig, user_options, user_options_extra); - if (module_ctx->module_kernel_threads_min != MODULE_DEFAULT) hashconfig->kernel_threads_min = module_ctx->module_kernel_threads_min (hashconfig, user_options, user_options_extra); - if (module_ctx->module_kernel_threads_max != MODULE_DEFAULT) hashconfig->kernel_threads_max = module_ctx->module_kernel_threads_max (hashconfig, user_options, user_options_extra); if (module_ctx->module_outfile_check_disable != MODULE_DEFAULT) hashconfig->outfile_check_disable = module_ctx->module_outfile_check_disable (hashconfig, user_options, user_options_extra); if (module_ctx->module_outfile_check_nocomp != MODULE_DEFAULT) hashconfig->outfile_check_nocomp = module_ctx->module_outfile_check_nocomp (hashconfig, user_options, user_options_extra); if (module_ctx->module_potfile_disable != MODULE_DEFAULT) hashconfig->potfile_disable = module_ctx->module_potfile_disable (hashconfig, user_options, user_options_extra); @@ -416,15 +404,27 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) // those depend on some previously defined values - hashconfig->pw_max = default_pw_max (hashconfig, user_options, user_options_extra); - hashconfig->pw_min = default_pw_min (hashconfig, user_options, user_options_extra); - hashconfig->salt_max = default_salt_max (hashconfig, user_options, user_options_extra); - hashconfig->salt_min = default_salt_min (hashconfig, user_options, user_options_extra); + hashconfig->pw_max = default_pw_max (hashconfig, user_options, user_options_extra); + hashconfig->pw_min = default_pw_min (hashconfig, user_options, user_options_extra); + hashconfig->salt_max = default_salt_max (hashconfig, user_options, user_options_extra); + hashconfig->salt_min = default_salt_min (hashconfig, user_options, user_options_extra); + hashconfig->kernel_accel_min = default_kernel_accel_min (hashconfig, user_options, user_options_extra); + hashconfig->kernel_accel_max = default_kernel_accel_max (hashconfig, user_options, user_options_extra); + hashconfig->kernel_loops_min = default_kernel_loops_min (hashconfig, user_options, user_options_extra); + hashconfig->kernel_loops_max = default_kernel_loops_max (hashconfig, user_options, user_options_extra); + hashconfig->kernel_threads_min = default_kernel_threads_min (hashconfig, user_options, user_options_extra); + hashconfig->kernel_threads_max = default_kernel_threads_max (hashconfig, user_options, user_options_extra); - if (module_ctx->module_pw_max != MODULE_DEFAULT) hashconfig->pw_max = module_ctx->module_pw_max (hashconfig, user_options, user_options_extra); - if (module_ctx->module_pw_min != MODULE_DEFAULT) hashconfig->pw_min = module_ctx->module_pw_min (hashconfig, user_options, user_options_extra); - if (module_ctx->module_salt_max != MODULE_DEFAULT) hashconfig->salt_max = module_ctx->module_salt_max (hashconfig, user_options, user_options_extra); - if (module_ctx->module_salt_min != MODULE_DEFAULT) hashconfig->salt_min = module_ctx->module_salt_min (hashconfig, user_options, user_options_extra); + if (module_ctx->module_pw_max != MODULE_DEFAULT) hashconfig->pw_max = module_ctx->module_pw_max (hashconfig, user_options, user_options_extra); + if (module_ctx->module_pw_min != MODULE_DEFAULT) hashconfig->pw_min = module_ctx->module_pw_min (hashconfig, user_options, user_options_extra); + if (module_ctx->module_salt_max != MODULE_DEFAULT) hashconfig->salt_max = module_ctx->module_salt_max (hashconfig, user_options, user_options_extra); + if (module_ctx->module_salt_min != MODULE_DEFAULT) hashconfig->salt_min = module_ctx->module_salt_min (hashconfig, user_options, user_options_extra); + if (module_ctx->module_kernel_accel_min != MODULE_DEFAULT) hashconfig->kernel_accel_min = module_ctx->module_kernel_accel_min (hashconfig, user_options, user_options_extra); + if (module_ctx->module_kernel_accel_max != MODULE_DEFAULT) hashconfig->kernel_accel_max = module_ctx->module_kernel_accel_max (hashconfig, user_options, user_options_extra); + if (module_ctx->module_kernel_loops_min != MODULE_DEFAULT) hashconfig->kernel_loops_min = module_ctx->module_kernel_loops_min (hashconfig, user_options, user_options_extra); + if (module_ctx->module_kernel_loops_max != MODULE_DEFAULT) hashconfig->kernel_loops_max = module_ctx->module_kernel_loops_max (hashconfig, user_options, user_options_extra); + if (module_ctx->module_kernel_threads_min != MODULE_DEFAULT) hashconfig->kernel_threads_min = module_ctx->module_kernel_threads_min (hashconfig, user_options, user_options_extra); + if (module_ctx->module_kernel_threads_max != MODULE_DEFAULT) hashconfig->kernel_threads_max = module_ctx->module_kernel_threads_max (hashconfig, user_options, user_options_extra); return 0; } diff --git a/src/modules/module_11600.c b/src/modules/module_11600.c index ae556b6c2..1a8a9b033 100644 --- a/src/modules/module_11600.c +++ b/src/modules/module_11600.c @@ -307,14 +307,46 @@ u32 module_kernel_accel_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - // this overrides the reductions of PW_MAX in case optimized kernel is selected - // IOW, even in optimized kernel mode it support length 256 + const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); - const u32 pw_max = PW_MAX; + u32 pw_max = PW_MAX; + + if (optimized_kernel == true) + { + pw_max = 20; + } return pw_max; } +u32 module_kernel_loops_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); + + u32 kernel_loops_min = KERNEL_LOOPS_MIN; + + if (optimized_kernel == true) + { + kernel_loops_min = 4096; + } + + return kernel_loops_min; +} + +u32 module_kernel_loops_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); + + u32 kernel_loops_max = KERNEL_LOOPS_MAX; + + if (optimized_kernel == true) + { + kernel_loops_max = 4096; + } + + return kernel_loops_max; +} + char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) { char *jit_build_options = NULL; @@ -740,8 +772,8 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = module_kernel_accel_max; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; - module_ctx->module_kernel_loops_max = MODULE_DEFAULT; - module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = module_kernel_loops_max; + module_ctx->module_kernel_loops_min = module_kernel_loops_min; module_ctx->module_kernel_threads_max = MODULE_DEFAULT; module_ctx->module_kernel_threads_min = MODULE_DEFAULT; module_ctx->module_kern_type = module_kern_type; diff --git a/tools/test_modules/m11600.pm b/tools/test_modules/m11600.pm index 1bdf02efe..195a04e88 100644 --- a/tools/test_modules/m11600.pm +++ b/tools/test_modules/m11600.pm @@ -13,7 +13,7 @@ use Digest::CRC qw (crc32); use Digest::SHA qw (sha256); use Encode; -sub module_constraints { [[0, 256], [0, 16], [-1, -1], [-1, -1], [-1, -1]] } +sub module_constraints { [[0, 256], [0, 16], [0, 20], [0, 16], [-1, -1]] } sub module_generate_hash { From 46bba107faec1b12f500c95781c888a28b65f3a9 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 26 Jan 2020 20:00:51 +0100 Subject: [PATCH 182/300] Reduce max accel in -m 11600 since thread count was unlocked --- src/modules/module_11600.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_11600.c b/src/modules/module_11600.c index 1a8a9b033..9a28d8eb9 100644 --- a/src/modules/module_11600.c +++ b/src/modules/module_11600.c @@ -300,7 +300,7 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c u32 module_kernel_accel_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 kernel_accel_max = 128; // password length affects total performance, this limits the wait times for threads with short password lengths if there's at least one thread with long password length + const u32 kernel_accel_max = 8; // password length affects total performance, this limits the wait times for threads with short password lengths if there's at least one thread with long password length return kernel_accel_max; } From cc4fd48aced7294251893d4b23313de0c0b4aa35 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 26 Jan 2020 20:31:38 +0100 Subject: [PATCH 183/300] Optimize hook buffer size to be copied --- src/backend.c | 20 ++++++++++---------- src/modules/module_11600.c | 9 +-------- tools/benchmark_deep.pl | 2 +- 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/src/backend.c b/src/backend.c index 0f43a29d1..5942de915 100644 --- a/src/backend.c +++ b/src/backend.c @@ -2875,12 +2875,12 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, if (device_param->is_cuda == true) { - if (hc_cuMemcpyDtoH (hashcat_ctx, device_param->hooks_buf, device_param->cuda_d_hooks, device_param->size_hooks) == -1) return -1; + if (hc_cuMemcpyDtoH (hashcat_ctx, device_param->hooks_buf, device_param->cuda_d_hooks, pws_cnt * hashconfig->hook_size) == -1) return -1; } if (device_param->is_opencl == true) { - if (hc_clEnqueueReadBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, device_param->size_hooks, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; + if (hc_clEnqueueReadBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, pws_cnt * hashconfig->hook_size, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; } const int hook_threads = (int) user_options->hook_threads; @@ -2923,12 +2923,12 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, if (device_param->is_cuda == true) { - if (hc_cuMemcpyHtoD (hashcat_ctx, device_param->cuda_d_hooks, device_param->hooks_buf, device_param->size_hooks) == -1) return -1; + if (hc_cuMemcpyHtoD (hashcat_ctx, device_param->cuda_d_hooks, device_param->hooks_buf, pws_cnt * hashconfig->hook_size) == -1) return -1; } if (device_param->is_opencl == true) { - if (hc_clEnqueueWriteBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, device_param->size_hooks, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; + if (hc_clEnqueueWriteBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, pws_cnt * hashconfig->hook_size, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; } } } @@ -2991,12 +2991,12 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, if (device_param->is_cuda == true) { - if (hc_cuMemcpyDtoH (hashcat_ctx, device_param->hooks_buf, device_param->cuda_d_hooks, device_param->size_hooks) == -1) return -1; + if (hc_cuMemcpyDtoH (hashcat_ctx, device_param->hooks_buf, device_param->cuda_d_hooks, pws_cnt * hashconfig->hook_size) == -1) return -1; } if (device_param->is_opencl == true) { - if (hc_clEnqueueReadBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, device_param->size_hooks, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; + if (hc_clEnqueueReadBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, pws_cnt * hashconfig->hook_size, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; } const int hook_threads = (int) user_options->hook_threads; @@ -3039,12 +3039,12 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, if (device_param->is_cuda == true) { - if (hc_cuMemcpyHtoD (hashcat_ctx, device_param->cuda_d_hooks, device_param->hooks_buf, device_param->size_hooks) == -1) return -1; + if (hc_cuMemcpyHtoD (hashcat_ctx, device_param->cuda_d_hooks, device_param->hooks_buf, pws_cnt * hashconfig->hook_size) == -1) return -1; } if (device_param->is_opencl == true) { - if (hc_clEnqueueWriteBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, device_param->size_hooks, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; + if (hc_clEnqueueWriteBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_hooks, CL_TRUE, 0, pws_cnt * hashconfig->hook_size, device_param->hooks_buf, 0, NULL, NULL) == -1) return -1; } } } @@ -3128,12 +3128,12 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, { if (device_param->is_cuda == true) { - if (run_cuda_kernel_bzero (hashcat_ctx, device_param, device_param->cuda_d_hooks, device_param->size_hooks) == -1) return -1; + if (run_cuda_kernel_bzero (hashcat_ctx, device_param, device_param->cuda_d_hooks, pws_cnt * hashconfig->hook_size) == -1) return -1; } if (device_param->is_opencl == true) { - if (run_opencl_kernel_bzero (hashcat_ctx, device_param, device_param->opencl_d_hooks, device_param->size_hooks) == -1) return -1; + if (run_opencl_kernel_bzero (hashcat_ctx, device_param, device_param->opencl_d_hooks, pws_cnt * hashconfig->hook_size) == -1) return -1; } } } diff --git a/src/modules/module_11600.c b/src/modules/module_11600.c index 9a28d8eb9..7e36daf43 100644 --- a/src/modules/module_11600.c +++ b/src/modules/module_11600.c @@ -298,13 +298,6 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return tmp_size; } -u32 module_kernel_accel_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - const u32 kernel_accel_max = 8; // password length affects total performance, this limits the wait times for threads with short password lengths if there's at least one thread with long password length - - return kernel_accel_max; -} - u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); @@ -770,7 +763,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook_size = module_hook_size; module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; - module_ctx->module_kernel_accel_max = module_kernel_accel_max; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; module_ctx->module_kernel_loops_max = module_kernel_loops_max; module_ctx->module_kernel_loops_min = module_kernel_loops_min; diff --git a/tools/benchmark_deep.pl b/tools/benchmark_deep.pl index a8ab578bf..ee562403b 100755 --- a/tools/benchmark_deep.pl +++ b/tools/benchmark_deep.pl @@ -8,7 +8,7 @@ my $amd_cache = "~/.AMD"; my $hashcat_path = "."; my $kernels_cache = "$hashcat_path/kernels"; my $hashcat_bin = "$hashcat_path/hashcat"; -my $device = 5; +my $device = 3; my $workload_profile = 3; my $runtime = 24; my $sleep_sec = 12; From 66ae5125cef8b15360273b587ef63acd85c67586 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 29 Jan 2020 15:56:36 +0100 Subject: [PATCH 184/300] Cache cubin instead of PTX to decrease startup time --- include/backend.h | 4 + include/ext_cuda.h | 44 ++++++++++ src/backend.c | 212 ++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 247 insertions(+), 13 deletions(-) diff --git a/include/backend.h b/include/backend.h index 8f9154d94..b895faed2 100644 --- a/include/backend.h +++ b/include/backend.h @@ -75,6 +75,10 @@ int hc_cuStreamDestroy (hashcat_ctx_t *hashcat_ctx, CUstream hStream); int hc_cuStreamSynchronize (hashcat_ctx_t *hashcat_ctx, CUstream hStream); int hc_cuCtxPushCurrent (hashcat_ctx_t *hashcat_ctx, CUcontext ctx); int hc_cuCtxPopCurrent (hashcat_ctx_t *hashcat_ctx, CUcontext *pctx); +int hc_cuLinkCreate (hashcat_ctx_t *hashcat_ctx, unsigned int numOptions, CUjit_option *options, void **optionValues, CUlinkState *stateOut); +int hc_cuLinkAddData (hashcat_ctx_t *hashcat_ctx, CUlinkState state, CUjitInputType type, void *data, size_t size, const char *name, unsigned int numOptions, CUjit_option *options, void **optionValues); +int hc_cuLinkDestroy (hashcat_ctx_t *hashcat_ctx, CUlinkState state); +int hc_cuLinkComplete (hashcat_ctx_t *hashcat_ctx, CUlinkState state, void **cubinOut, size_t *sizeOut); int hc_clBuildProgram (hashcat_ctx_t *hashcat_ctx, cl_program program, cl_uint num_devices, const cl_device_id *device_list, const char *options, void (CL_CALLBACK *pfn_notify) (cl_program program, void *user_data), void *user_data); int hc_clCreateBuffer (hashcat_ctx_t *hashcat_ctx, cl_context context, cl_mem_flags flags, size_t size, void *host_ptr, cl_mem *mem); diff --git a/include/ext_cuda.h b/include/ext_cuda.h index 49257acbb..0e3619fc4 100644 --- a/include/ext_cuda.h +++ b/include/ext_cuda.h @@ -32,6 +32,7 @@ typedef struct CUevent_st *CUevent; /**< CUDA event */ typedef struct CUfunc_st *CUfunction; /**< CUDA function */ typedef struct CUmod_st *CUmodule; /**< CUDA module */ typedef struct CUstream_st *CUstream; /**< CUDA stream */ +typedef struct CUlinkState_st *CUlinkState; typedef enum cudaError_enum { /** @@ -951,6 +952,41 @@ typedef enum CUevent_flags_enum { CU_EVENT_INTERPROCESS = 0x4 /**< Event is suitable for interprocess use. CU_EVENT_DISABLE_TIMING must be set */ } CUevent_flags; +typedef enum CUjitInputType_enum +{ + /** + * Compiled device-class-specific device code\n + * Applicable options: none + */ + CU_JIT_INPUT_CUBIN = 0, + + /** + * PTX source code\n + * Applicable options: PTX compiler options + */ + CU_JIT_INPUT_PTX, + + /** + * Bundle of multiple cubins and/or PTX of some device code\n + * Applicable options: PTX compiler options, ::CU_JIT_FALLBACK_STRATEGY + */ + CU_JIT_INPUT_FATBINARY, + + /** + * Host object with embedded device code\n + * Applicable options: PTX compiler options, ::CU_JIT_FALLBACK_STRATEGY + */ + CU_JIT_INPUT_OBJECT, + + /** + * Archive of host objects with embedded device code\n + * Applicable options: PTX compiler options, ::CU_JIT_FALLBACK_STRATEGY + */ + CU_JIT_INPUT_LIBRARY, + + CU_JIT_NUM_INPUT_TYPES +} CUjitInputType; + #ifdef _WIN32 #define CUDAAPI __stdcall #else @@ -1012,6 +1048,10 @@ typedef CUresult (CUDA_API_CALL *CUDA_CUSTREAMCREATE) (CUstream *, uns typedef CUresult (CUDA_API_CALL *CUDA_CUSTREAMDESTROY) (CUstream); typedef CUresult (CUDA_API_CALL *CUDA_CUSTREAMSYNCHRONIZE) (CUstream); typedef CUresult (CUDA_API_CALL *CUDA_CUSTREAMWAITEVENT) (CUstream, CUevent, unsigned int); +typedef CUresult (CUDA_API_CALL *CUDA_CULINKCREATE) (unsigned int, CUjit_option *, void **, CUlinkState *); +typedef CUresult (CUDA_API_CALL *CUDA_CULINKADDDATA) (CUlinkState, CUjitInputType, void *, size_t, const char *, unsigned int, CUjit_option *, void **); +typedef CUresult (CUDA_API_CALL *CUDA_CULINKDESTROY) (CUlinkState); +typedef CUresult (CUDA_API_CALL *CUDA_CULINKCOMPLETE) (CUlinkState, void **, size_t *); typedef struct hc_cuda_lib { @@ -1070,6 +1110,10 @@ typedef struct hc_cuda_lib CUDA_CUSTREAMDESTROY cuStreamDestroy; CUDA_CUSTREAMSYNCHRONIZE cuStreamSynchronize; CUDA_CUSTREAMWAITEVENT cuStreamWaitEvent; + CUDA_CULINKCREATE cuLinkCreate; + CUDA_CULINKADDDATA cuLinkAddData; + CUDA_CULINKDESTROY cuLinkDestroy; + CUDA_CULINKCOMPLETE cuLinkComplete; } hc_cuda_lib_t; diff --git a/src/backend.c b/src/backend.c index 5942de915..a5106903d 100644 --- a/src/backend.c +++ b/src/backend.c @@ -998,6 +998,10 @@ int cuda_init (hashcat_ctx_t *hashcat_ctx) HC_LOAD_FUNC_CUDA (cuda, cuStreamDestroy, cuStreamDestroy_v2, CUDA_CUSTREAMDESTROY, CUDA, 1); HC_LOAD_FUNC_CUDA (cuda, cuStreamSynchronize, cuStreamSynchronize, CUDA_CUSTREAMSYNCHRONIZE, CUDA, 1); HC_LOAD_FUNC_CUDA (cuda, cuStreamWaitEvent, cuStreamWaitEvent, CUDA_CUSTREAMWAITEVENT, CUDA, 1); + HC_LOAD_FUNC_CUDA (cuda, cuLinkCreate, cuLinkCreate_v2, CUDA_CULINKCREATE, CUDA, 1); + HC_LOAD_FUNC_CUDA (cuda, cuLinkAddData, cuLinkAddData_v2, CUDA_CULINKADDDATA, CUDA, 1); + HC_LOAD_FUNC_CUDA (cuda, cuLinkDestroy, cuLinkDestroy, CUDA_CULINKDESTROY, CUDA, 1); + HC_LOAD_FUNC_CUDA (cuda, cuLinkComplete, cuLinkComplete, CUDA_CULINKCOMPLETE, CUDA, 1); return 0; } @@ -2040,6 +2044,113 @@ int hc_cuCtxPopCurrent (hashcat_ctx_t *hashcat_ctx, CUcontext *pctx) return 0; } +int hc_cuLinkCreate (hashcat_ctx_t *hashcat_ctx, unsigned int numOptions, CUjit_option *options, void **optionValues, CUlinkState *stateOut) +{ + backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; + + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; + + const CUresult CU_err = cuda->cuLinkCreate (numOptions, options, optionValues, stateOut); + + if (CU_err != CUDA_SUCCESS) + { + const char *pStr = NULL; + + if (cuda->cuGetErrorString (CU_err, &pStr) == CUDA_SUCCESS) + { + event_log_error (hashcat_ctx, "cuLinkCreate(): %s", pStr); + } + else + { + event_log_error (hashcat_ctx, "cuLinkCreate(): %d", CU_err); + } + + return -1; + } + + return 0; +} + +int hc_cuLinkAddData (hashcat_ctx_t *hashcat_ctx, CUlinkState state, CUjitInputType type, void *data, size_t size, const char *name, unsigned int numOptions, CUjit_option *options, void **optionValues) +{ + backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; + + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; + + const CUresult CU_err = cuda->cuLinkAddData (state, type, data, size, name, numOptions, options, optionValues); + + if (CU_err != CUDA_SUCCESS) + { + const char *pStr = NULL; + + if (cuda->cuGetErrorString (CU_err, &pStr) == CUDA_SUCCESS) + { + event_log_error (hashcat_ctx, "cuLinkAddData(): %s", pStr); + } + else + { + event_log_error (hashcat_ctx, "cuLinkAddData(): %d", CU_err); + } + + return -1; + } + + return 0; +} + +int hc_cuLinkDestroy (hashcat_ctx_t *hashcat_ctx, CUlinkState state) +{ + backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; + + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; + + const CUresult CU_err = cuda->cuLinkDestroy (state); + + if (CU_err != CUDA_SUCCESS) + { + const char *pStr = NULL; + + if (cuda->cuGetErrorString (CU_err, &pStr) == CUDA_SUCCESS) + { + event_log_error (hashcat_ctx, "cuLinkDestroy(): %s", pStr); + } + else + { + event_log_error (hashcat_ctx, "cuLinkDestroy(): %d", CU_err); + } + + return -1; + } + + return 0; +} + +int hc_cuLinkComplete (hashcat_ctx_t *hashcat_ctx, CUlinkState state, void **cubinOut, size_t *sizeOut) +{ + backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; + + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; + + const CUresult CU_err = cuda->cuLinkComplete (state, cubinOut, sizeOut); + + if (CU_err != CUDA_SUCCESS) + { + const char *pStr = NULL; + + if (cuda->cuGetErrorString (CU_err, &pStr) == CUDA_SUCCESS) + { + event_log_error (hashcat_ctx, "cuLinkComplete(): %s", pStr); + } + else + { + event_log_error (hashcat_ctx, "cuLinkComplete(): %d", CU_err); + } + + return -1; + } + + return 0; +} // OpenCL @@ -7438,18 +7549,41 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (hc_nvrtcDestroyProgram (hashcat_ctx, &program) == -1) return -1; - const int rc_cuModuleLoadDataEx = hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module, binary); + CUlinkState state; - if (rc_cuModuleLoadDataEx == -1) return -1; + if (hc_cuLinkCreate (hashcat_ctx, 0, NULL, NULL, &state) == -1) return -1; + + if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "kernel", 0, NULL, NULL) == -1) return -1; + + void *cubin = NULL; + + size_t cubin_size = 0; + + if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) return -1; + + #ifdef DEBUG + + if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module, binary) == -1) return -1; if (cache_disable == false) { - const bool rc_write = write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size); - - if (rc_write == false) return -1; + if (write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size) == false) return -1; } + #else + + if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module, cubin) == -1) return -1; + + if (cache_disable == false) + { + if (write_kernel_binary (hashcat_ctx, cached_file, cubin, cubin_size) == false) return -1; + } + + #endif + hcfree (binary); + + if (hc_cuLinkDestroy (hashcat_ctx, state) == -1) return -1; } if (device_param->is_opencl == true) @@ -7662,20 +7796,41 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (hc_nvrtcDestroyProgram (hashcat_ctx, &program) == -1) return -1; - // tbd: check for some useful options + CUlinkState state; - const int rc_cuModuleLoadDataEx = hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_mp, binary); + if (hc_cuLinkCreate (hashcat_ctx, 0, NULL, NULL, &state) == -1) return -1; - if (rc_cuModuleLoadDataEx == -1) return -1; + if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "mp_kernel", 0, NULL, NULL) == -1) return -1; + + void *cubin = NULL; + + size_t cubin_size = 0; + + if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) return -1; + + #ifdef DEBUG + + if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_mp, binary) == -1) return -1; if (cache_disable == false) { - const bool rc_write = write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size); - - if (rc_write == false) return -1; + if (write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size) == false) return -1; } + #else + + if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_mp, cubin) == -1) return -1; + + if (cache_disable == false) + { + if (write_kernel_binary (hashcat_ctx, cached_file, cubin, cubin_size) == false) return -1; + } + + #endif + hcfree (binary); + + if (hc_cuLinkDestroy (hashcat_ctx, state) == -1) return -1; } if (device_param->is_opencl == true) @@ -7836,7 +7991,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) { nvrtcProgram program; - if (hc_nvrtcCreateProgram (hashcat_ctx, &program, kernel_sources[0], "mp_kernel", 0, NULL, NULL) == -1) return -1; + if (hc_nvrtcCreateProgram (hashcat_ctx, &program, kernel_sources[0], "amp_kernel", 0, NULL, NULL) == -1) return -1; char **nvrtc_options = (char **) hccalloc (4 + strlen (build_options_buf) + 1, sizeof (char *)); // ... @@ -7893,7 +8048,25 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (hc_nvrtcDestroyProgram (hashcat_ctx, &program) == -1) return -1; - // tbd: check for some useful options + CUlinkState state; + + const int rc_cuLinkCreate = hc_cuLinkCreate (hashcat_ctx, 0, NULL, NULL, &state); + + if (rc_cuLinkCreate == -1) return -1; + + const int rc_cuLinkAddData = hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "kernel_amp", 0, NULL, NULL); + + if (rc_cuLinkAddData == -1) return -1; + + void *cubin = NULL; + + size_t cubin_size = 0; + + const int rc_cuLinkComplete = hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size); + + if (rc_cuLinkComplete == -1) return -1; + + #ifdef DEBUG if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_amp, binary) == -1) return -1; @@ -7902,7 +8075,20 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size) == false) return -1; } + #else + + if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_amp, cubin) == -1) return -1; + + if (cache_disable == false) + { + if (write_kernel_binary (hashcat_ctx, cached_file, cubin, cubin_size) == false) return -1; + } + + #endif + hcfree (binary); + + if (hc_cuLinkDestroy (hashcat_ctx, state) == -1) return -1; } if (device_param->is_opencl == true) From 346637ec43855e324d4f8f8a0d9c64c2729ea172 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 30 Jan 2020 11:44:57 +0100 Subject: [PATCH 185/300] Improve cujit logging --- include/backend.h | 1 - src/backend.c | 231 ++++++++++++++++++++++++++++++++-------------- 2 files changed, 163 insertions(+), 69 deletions(-) diff --git a/include/backend.h b/include/backend.h index b895faed2..74fd179d9 100644 --- a/include/backend.h +++ b/include/backend.h @@ -68,7 +68,6 @@ int hc_cuMemcpyHtoD (hashcat_ctx_t *hashcat_ctx, CUdeviceptr dstDev int hc_cuMemFree (hashcat_ctx_t *hashcat_ctx, CUdeviceptr dptr); int hc_cuModuleGetFunction (hashcat_ctx_t *hashcat_ctx, CUfunction *hfunc, CUmodule hmod, const char *name); int hc_cuModuleLoadDataEx (hashcat_ctx_t *hashcat_ctx, CUmodule *module, const void *image, unsigned int numOptions, CUjit_option *options, void **optionValues); -int hc_cuModuleLoadDataExLog (hashcat_ctx_t *hashcat_ctx, CUmodule *module, const void *image); int hc_cuModuleUnload (hashcat_ctx_t *hashcat_ctx, CUmodule hmod); int hc_cuStreamCreate (hashcat_ctx_t *hashcat_ctx, CUstream *phStream, unsigned int Flags); int hc_cuStreamDestroy (hashcat_ctx_t *hashcat_ctx, CUstream hStream); diff --git a/src/backend.c b/src/backend.c index a5106903d..b1fd7d838 100644 --- a/src/backend.c +++ b/src/backend.c @@ -1295,53 +1295,6 @@ int hc_cuModuleLoadDataEx (hashcat_ctx_t *hashcat_ctx, CUmodule *module, const v return 0; } -int hc_cuModuleLoadDataExLog (hashcat_ctx_t *hashcat_ctx, CUmodule *module, const void *image) -{ - #define LOG_SIZE 8192 - - char *info_log = (char *) hcmalloc (LOG_SIZE); - char *error_log = (char *) hcmalloc (LOG_SIZE); - - CUjit_option opts[6]; - void *vals[6]; - - opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; - vals[0] = (void *) 0; - - opts[1] = CU_JIT_LOG_VERBOSE; - vals[1] = (void *) 1; - - opts[2] = CU_JIT_INFO_LOG_BUFFER; - vals[2] = (void *) info_log; - - opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; - vals[3] = (void *) LOG_SIZE; - - opts[4] = CU_JIT_ERROR_LOG_BUFFER; - vals[4] = (void *) error_log; - - opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; - vals[5] = (void *) LOG_SIZE; - - const int rc_cuModuleLoadDataEx = hc_cuModuleLoadDataEx (hashcat_ctx, module, image, 6, opts, vals); - - #if defined (DEBUG) - printf ("cuModuleLoadDataEx() Info Log (%d):\n%s\n\n", (int) strlen (info_log), info_log); - printf ("cuModuleLoadDataEx() Error Log (%d):\n%s\n\n", (int) strlen (error_log), error_log); - #else - if (rc_cuModuleLoadDataEx == -1) - { - printf ("cuModuleLoadDataEx() Info Log (%d):\n%s\n\n", (int) strlen (info_log), info_log); - printf ("cuModuleLoadDataEx() Error Log (%d):\n%s\n\n", (int) strlen (error_log), error_log); - } - #endif - - hcfree (info_log); - hcfree (error_log); - - return rc_cuModuleLoadDataEx; -} - int hc_cuModuleUnload (hashcat_ctx_t *hashcat_ctx, CUmodule hmod) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; @@ -7423,6 +7376,37 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) cache_disable = module_ctx->module_jit_cache_disable (hashconfig, user_options, user_options_extra, hashes, device_param); } + /** + * Prepare some logging buffer (CUDA only) but we need to do it on this level of the scope + * Other backends just dont use this + */ + + #define LOG_SIZE 8192 + + char cujit_info_log[LOG_SIZE]; + char cujit_error_log[LOG_SIZE]; + + CUjit_option cujit_opts[6]; + void *cujit_vals[6]; + + cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; + cujit_vals[0] = (void *) 0; + + cujit_opts[1] = CU_JIT_LOG_VERBOSE; + cujit_vals[1] = (void *) 1; + + cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; + cujit_vals[2] = (void *) cujit_info_log; + + cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; + cujit_vals[3] = (void *) LOG_SIZE; + + cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; + cujit_vals[4] = (void *) cujit_error_log; + + cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; + cujit_vals[5] = (void *) LOG_SIZE; + /** * main kernel */ @@ -7551,19 +7535,46 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) CUlinkState state; - if (hc_cuLinkCreate (hashcat_ctx, 0, NULL, NULL, &state) == -1) return -1; + if (hc_cuLinkCreate (hashcat_ctx, 6, cujit_opts, cujit_vals, &state) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "kernel", 0, NULL, NULL) == -1) return -1; + return -1; + } + + if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "kernel", 0, NULL, NULL) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } void *cubin = NULL; size_t cubin_size = 0; - if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) return -1; + if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } #ifdef DEBUG - if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module, binary) == -1) return -1; + event_log_info (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_info (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module, binary, 6, cujit_opts, cujit_vals) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } if (cache_disable == false) { @@ -7572,7 +7583,13 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) #else - if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module, cubin) == -1) return -1; + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module, cubin, 6, cujit_opts, cujit_vals) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } if (cache_disable == false) { @@ -7648,7 +7665,13 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (device_param->is_cuda == true) { - if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module, kernel_sources[0]) == -1) return -1; + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module, kernel_sources[0], 6, cujit_opts, cujit_vals) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } } if (device_param->is_opencl == true) @@ -7798,19 +7821,46 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) CUlinkState state; - if (hc_cuLinkCreate (hashcat_ctx, 0, NULL, NULL, &state) == -1) return -1; + if (hc_cuLinkCreate (hashcat_ctx, 6, cujit_opts, cujit_vals, &state) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "mp_kernel", 0, NULL, NULL) == -1) return -1; + return -1; + } + + if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "mp_kernel", 0, NULL, NULL) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } void *cubin = NULL; size_t cubin_size = 0; - if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) return -1; + if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } #ifdef DEBUG - if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_mp, binary) == -1) return -1; + event_log_info (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_info (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_mp, binary, 6, cujit_opts, cujit_vals) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } if (cache_disable == false) { @@ -7819,7 +7869,13 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) #else - if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_mp, cubin) == -1) return -1; + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_mp, cubin, 6, cujit_opts, cujit_vals) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } if (cache_disable == false) { @@ -7895,7 +7951,13 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (device_param->is_cuda == true) { - if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_mp, kernel_sources[0]) == -1) return -1; + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_mp, kernel_sources[0], 6, cujit_opts, cujit_vals) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } } if (device_param->is_opencl == true) @@ -8050,25 +8112,46 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) CUlinkState state; - const int rc_cuLinkCreate = hc_cuLinkCreate (hashcat_ctx, 0, NULL, NULL, &state); + if (hc_cuLinkCreate (hashcat_ctx, 6, cujit_opts, cujit_vals, &state) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - if (rc_cuLinkCreate == -1) return -1; + return -1; + } - const int rc_cuLinkAddData = hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "kernel_amp", 0, NULL, NULL); + if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "amp_kernel", 0, NULL, NULL) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - if (rc_cuLinkAddData == -1) return -1; + return -1; + } void *cubin = NULL; size_t cubin_size = 0; - const int rc_cuLinkComplete = hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size); + if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - if (rc_cuLinkComplete == -1) return -1; + return -1; + } #ifdef DEBUG - if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_amp, binary) == -1) return -1; + event_log_info (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_info (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_amp, binary, 6, cujit_opts, cujit_vals) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } if (cache_disable == false) { @@ -8077,7 +8160,13 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) #else - if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_amp, cubin) == -1) return -1; + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_amp, cubin, 6, cujit_opts, cujit_vals) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } if (cache_disable == false) { @@ -8153,7 +8242,13 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (device_param->is_cuda == true) { - if (hc_cuModuleLoadDataExLog (hashcat_ctx, &device_param->cuda_module_amp, kernel_sources[0]) == -1) return -1; + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_amp, kernel_sources[0], 6, cujit_opts, cujit_vals) == -1) + { + event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); + event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); + + return -1; + } } if (device_param->is_opencl == true) From 01085cdab24cf074eb64803cbaf4a6d35b06d5b2 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 31 Jan 2020 11:59:59 +0100 Subject: [PATCH 186/300] Move cujit_opts allocation closer to the calling functions because CUDA library needs it reinitialized after each use --- src/backend.c | 202 +++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 175 insertions(+), 27 deletions(-) diff --git a/src/backend.c b/src/backend.c index b1fd7d838..7addde3fa 100644 --- a/src/backend.c +++ b/src/backend.c @@ -7381,32 +7381,6 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) * Other backends just dont use this */ - #define LOG_SIZE 8192 - - char cujit_info_log[LOG_SIZE]; - char cujit_error_log[LOG_SIZE]; - - CUjit_option cujit_opts[6]; - void *cujit_vals[6]; - - cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; - cujit_vals[0] = (void *) 0; - - cujit_opts[1] = CU_JIT_LOG_VERBOSE; - cujit_vals[1] = (void *) 1; - - cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; - cujit_vals[2] = (void *) cujit_info_log; - - cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; - cujit_vals[3] = (void *) LOG_SIZE; - - cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; - cujit_vals[4] = (void *) cujit_error_log; - - cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; - cujit_vals[5] = (void *) LOG_SIZE; - /** * main kernel */ @@ -7523,7 +7497,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) hcfree (nvrtc_options); hcfree (nvrtc_options_string); - size_t binary_size; + size_t binary_size = 0; if (hc_nvrtcGetPTXSize (hashcat_ctx, program, &binary_size) == -1) return -1; @@ -7533,6 +7507,32 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (hc_nvrtcDestroyProgram (hashcat_ctx, &program) == -1) return -1; + #define LOG_SIZE 8192 + + char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); + char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); + + CUjit_option cujit_opts[6]; + void *cujit_vals[6]; + + cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; + cujit_vals[0] = (void *) 0; + + cujit_opts[1] = CU_JIT_LOG_VERBOSE; + cujit_vals[1] = (void *) 1; + + cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; + cujit_vals[2] = (void *) cujit_info_log; + + cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; + cujit_vals[3] = (void *) LOG_SIZE; + + cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; + cujit_vals[4] = (void *) cujit_error_log; + + cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; + cujit_vals[5] = (void *) LOG_SIZE; + CUlinkState state; if (hc_cuLinkCreate (hashcat_ctx, 6, cujit_opts, cujit_vals, &state) == -1) @@ -7598,6 +7598,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) #endif + hcfree (cujit_info_log); + hcfree (cujit_error_log); + hcfree (binary); if (hc_cuLinkDestroy (hashcat_ctx, state) == -1) return -1; @@ -7665,6 +7668,32 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (device_param->is_cuda == true) { + #define LOG_SIZE 8192 + + char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); + char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); + + CUjit_option cujit_opts[6]; + void *cujit_vals[6]; + + cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; + cujit_vals[0] = (void *) 0; + + cujit_opts[1] = CU_JIT_LOG_VERBOSE; + cujit_vals[1] = (void *) 1; + + cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; + cujit_vals[2] = (void *) cujit_info_log; + + cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; + cujit_vals[3] = (void *) LOG_SIZE; + + cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; + cujit_vals[4] = (void *) cujit_error_log; + + cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; + cujit_vals[5] = (void *) LOG_SIZE; + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module, kernel_sources[0], 6, cujit_opts, cujit_vals) == -1) { event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); @@ -7672,6 +7701,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) return -1; } + + hcfree (cujit_info_log); + hcfree (cujit_error_log); } if (device_param->is_opencl == true) @@ -7819,6 +7851,32 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (hc_nvrtcDestroyProgram (hashcat_ctx, &program) == -1) return -1; + #define LOG_SIZE 8192 + + char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); + char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); + + CUjit_option cujit_opts[6]; + void *cujit_vals[6]; + + cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; + cujit_vals[0] = (void *) 0; + + cujit_opts[1] = CU_JIT_LOG_VERBOSE; + cujit_vals[1] = (void *) 1; + + cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; + cujit_vals[2] = (void *) cujit_info_log; + + cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; + cujit_vals[3] = (void *) LOG_SIZE; + + cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; + cujit_vals[4] = (void *) cujit_error_log; + + cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; + cujit_vals[5] = (void *) LOG_SIZE; + CUlinkState state; if (hc_cuLinkCreate (hashcat_ctx, 6, cujit_opts, cujit_vals, &state) == -1) @@ -7886,6 +7944,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) hcfree (binary); + hcfree (cujit_info_log); + hcfree (cujit_error_log); + if (hc_cuLinkDestroy (hashcat_ctx, state) == -1) return -1; } @@ -7951,6 +8012,32 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (device_param->is_cuda == true) { + #define LOG_SIZE 8192 + + char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); + char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); + + CUjit_option cujit_opts[6]; + void *cujit_vals[6]; + + cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; + cujit_vals[0] = (void *) 0; + + cujit_opts[1] = CU_JIT_LOG_VERBOSE; + cujit_vals[1] = (void *) 1; + + cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; + cujit_vals[2] = (void *) cujit_info_log; + + cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; + cujit_vals[3] = (void *) LOG_SIZE; + + cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; + cujit_vals[4] = (void *) cujit_error_log; + + cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; + cujit_vals[5] = (void *) LOG_SIZE; + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_mp, kernel_sources[0], 6, cujit_opts, cujit_vals) == -1) { event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); @@ -7958,6 +8045,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) return -1; } + + hcfree (cujit_info_log); + hcfree (cujit_error_log); } if (device_param->is_opencl == true) @@ -8110,6 +8200,32 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (hc_nvrtcDestroyProgram (hashcat_ctx, &program) == -1) return -1; + #define LOG_SIZE 8192 + + char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); + char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); + + CUjit_option cujit_opts[6]; + void *cujit_vals[6]; + + cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; + cujit_vals[0] = (void *) 0; + + cujit_opts[1] = CU_JIT_LOG_VERBOSE; + cujit_vals[1] = (void *) 1; + + cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; + cujit_vals[2] = (void *) cujit_info_log; + + cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; + cujit_vals[3] = (void *) LOG_SIZE; + + cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; + cujit_vals[4] = (void *) cujit_error_log; + + cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; + cujit_vals[5] = (void *) LOG_SIZE; + CUlinkState state; if (hc_cuLinkCreate (hashcat_ctx, 6, cujit_opts, cujit_vals, &state) == -1) @@ -8175,6 +8291,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) #endif + hcfree (cujit_info_log); + hcfree (cujit_error_log); + hcfree (binary); if (hc_cuLinkDestroy (hashcat_ctx, state) == -1) return -1; @@ -8242,6 +8361,32 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (device_param->is_cuda == true) { + #define LOG_SIZE 8192 + + char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); + char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); + + CUjit_option cujit_opts[6]; + void *cujit_vals[6]; + + cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; + cujit_vals[0] = (void *) 0; + + cujit_opts[1] = CU_JIT_LOG_VERBOSE; + cujit_vals[1] = (void *) 1; + + cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; + cujit_vals[2] = (void *) cujit_info_log; + + cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; + cujit_vals[3] = (void *) LOG_SIZE; + + cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; + cujit_vals[4] = (void *) cujit_error_log; + + cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; + cujit_vals[5] = (void *) LOG_SIZE; + if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_amp, kernel_sources[0], 6, cujit_opts, cujit_vals) == -1) { event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); @@ -8249,6 +8394,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) return -1; } + + hcfree (cujit_info_log); + hcfree (cujit_error_log); } if (device_param->is_opencl == true) From 08163501cf0d752ef0e40a96476114946b4969bb Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 31 Jan 2020 17:50:53 +0100 Subject: [PATCH 187/300] Add option to disable cubin cache binaries and moved some redundant kernel load code into specific function --- src/Makefile | 6 + src/backend.c | 1285 +++++++++++++++---------------------------------- 2 files changed, 383 insertions(+), 908 deletions(-) diff --git a/src/Makefile b/src/Makefile index ea4eea152..f378c0fe1 100644 --- a/src/Makefile +++ b/src/Makefile @@ -7,6 +7,7 @@ SHARED := 0 DEBUG := 0 PRODUCTION := 0 PRODUCTION_VERSION := v5.1.0 +ENABLE_CUBIN := 1 ENABLE_BRAIN := 1 USE_SYSTEM_LZMA := 0 USE_SYSTEM_ZLIB := 0 @@ -234,6 +235,11 @@ LFLAGS += -lxxhash endif endif +# CUDA binary cache +ifeq ($(ENABLE_CUBIN),1) +CFLAGS += -DWITH_CUBIN +endif + ## ## Native compilation target ## diff --git a/src/backend.c b/src/backend.c index 7addde3fa..86fbd2e0e 100644 --- a/src/backend.c +++ b/src/backend.c @@ -491,7 +491,7 @@ static bool read_kernel_binary (hashcat_ctx_t *hashcat_ctx, const char *kernel_f return true; } -static bool write_kernel_binary (hashcat_ctx_t *hashcat_ctx, char *kernel_file, char *binary, size_t binary_size) +static bool write_kernel_binary (hashcat_ctx_t *hashcat_ctx, const char *kernel_file, char *binary, size_t binary_size) { if (binary_size > 0) { @@ -998,10 +998,12 @@ int cuda_init (hashcat_ctx_t *hashcat_ctx) HC_LOAD_FUNC_CUDA (cuda, cuStreamDestroy, cuStreamDestroy_v2, CUDA_CUSTREAMDESTROY, CUDA, 1); HC_LOAD_FUNC_CUDA (cuda, cuStreamSynchronize, cuStreamSynchronize, CUDA_CUSTREAMSYNCHRONIZE, CUDA, 1); HC_LOAD_FUNC_CUDA (cuda, cuStreamWaitEvent, cuStreamWaitEvent, CUDA_CUSTREAMWAITEVENT, CUDA, 1); + #if defined (WITH_CUBIN) HC_LOAD_FUNC_CUDA (cuda, cuLinkCreate, cuLinkCreate_v2, CUDA_CULINKCREATE, CUDA, 1); HC_LOAD_FUNC_CUDA (cuda, cuLinkAddData, cuLinkAddData_v2, CUDA_CULINKADDDATA, CUDA, 1); HC_LOAD_FUNC_CUDA (cuda, cuLinkDestroy, cuLinkDestroy, CUDA_CULINKDESTROY, CUDA, 1); HC_LOAD_FUNC_CUDA (cuda, cuLinkComplete, cuLinkComplete, CUDA_CULINKCOMPLETE, CUDA, 1); + #endif return 0; } @@ -6820,6 +6822,365 @@ static u32 get_kernel_threads (const hc_device_param_t *device_param) return kernel_threads; } +static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, const char *kernel_name, char *source_file, char *cached_file, const char *build_options_buf, const bool cache_disable, cl_program *opencl_program, CUmodule *cuda_module) +{ + bool cached = true; + + if (cache_disable == true) + { + cached = false; + } + + if (hc_path_read (cached_file) == false) + { + cached = false; + } + + if (hc_path_is_empty (cached_file) == true) + { + cached = false; + } + + /** + * kernel compile or load + */ + + size_t kernel_lengths_buf = 0; + + size_t *kernel_lengths = &kernel_lengths_buf; + + char *kernel_sources_buf = NULL; + + char **kernel_sources = &kernel_sources_buf; + + if (cached == false) + { + #if defined (DEBUG) + const user_options_t *user_options = hashcat_ctx->user_options; + + if (user_options->quiet == false) event_log_warning (hashcat_ctx, "* Device #%u: Kernel %s not found in cache! Building may take a while...", device_param->device_id + 1, filename_from_filepath (cached_file)); + #endif + + if (read_kernel_binary (hashcat_ctx, source_file, kernel_lengths, kernel_sources, true) == false) return false; + + if (device_param->is_cuda == true) + { + nvrtcProgram program; + + if (hc_nvrtcCreateProgram (hashcat_ctx, &program, kernel_sources[0], kernel_name, 0, NULL, NULL) == -1) return false; + + char **nvrtc_options = (char **) hccalloc (4 + strlen (build_options_buf) + 1, sizeof (char *)); // ... + + nvrtc_options[0] = "--restrict"; + nvrtc_options[1] = "--device-as-default-execution-space"; + nvrtc_options[2] = "--gpu-architecture"; + + hc_asprintf (&nvrtc_options[3], "compute_%d%d", device_param->sm_major, device_param->sm_minor); + + char *nvrtc_options_string = hcstrdup (build_options_buf); + + const int num_options = 4 + nvrtc_make_options_array_from_string (nvrtc_options_string, nvrtc_options + 4); + + const int rc_nvrtcCompileProgram = hc_nvrtcCompileProgram (hashcat_ctx, program, num_options, (const char * const *) nvrtc_options); + + size_t build_log_size = 0; + + hc_nvrtcGetProgramLogSize (hashcat_ctx, program, &build_log_size); + + #if defined (DEBUG) + if ((build_log_size > 1) || (rc_nvrtcCompileProgram == -1)) + #else + if (rc_nvrtcCompileProgram == -1) + #endif + { + char *build_log = (char *) hcmalloc (build_log_size + 1); + + if (hc_nvrtcGetProgramLog (hashcat_ctx, program, build_log) == -1) return false; + + puts (build_log); + + hcfree (build_log); + } + + if (rc_nvrtcCompileProgram == -1) + { + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed.", device_param->device_id + 1, source_file); + + return false; + } + + hcfree (nvrtc_options); + hcfree (nvrtc_options_string); + + size_t binary_size = 0; + + if (hc_nvrtcGetPTXSize (hashcat_ctx, program, &binary_size) == -1) return false; + + char *binary = (char *) hcmalloc (binary_size); + + if (hc_nvrtcGetPTX (hashcat_ctx, program, binary) == -1) return false; + + if (hc_nvrtcDestroyProgram (hashcat_ctx, &program) == -1) return false; + + #define LOG_SIZE 8192 + + char *mod_info_log = (char *) hcmalloc (LOG_SIZE + 1); + char *mod_error_log = (char *) hcmalloc (LOG_SIZE + 1); + + CUjit_option mod_opts[6]; + void *mod_vals[6]; + + mod_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; + mod_vals[0] = (void *) 0; + + mod_opts[1] = CU_JIT_LOG_VERBOSE; + mod_vals[1] = (void *) 1; + + mod_opts[2] = CU_JIT_INFO_LOG_BUFFER; + mod_vals[2] = (void *) mod_info_log; + + mod_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; + mod_vals[3] = (void *) LOG_SIZE; + + mod_opts[4] = CU_JIT_ERROR_LOG_BUFFER; + mod_vals[4] = (void *) mod_error_log; + + mod_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; + mod_vals[5] = (void *) LOG_SIZE; + + #if defined (WITH_CUBIN) + + char *jit_info_log = (char *) hcmalloc (LOG_SIZE + 1); + char *jit_error_log = (char *) hcmalloc (LOG_SIZE + 1); + + CUjit_option jit_opts[6]; + void *jit_vals[6]; + + jit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; + jit_vals[0] = (void *) 0; + + jit_opts[1] = CU_JIT_LOG_VERBOSE; + jit_vals[1] = (void *) 1; + + jit_opts[2] = CU_JIT_INFO_LOG_BUFFER; + jit_vals[2] = (void *) jit_info_log; + + jit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; + jit_vals[3] = (void *) LOG_SIZE; + + jit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; + jit_vals[4] = (void *) jit_error_log; + + jit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; + jit_vals[5] = (void *) LOG_SIZE; + + CUlinkState state; + + if (hc_cuLinkCreate (hashcat_ctx, 6, jit_opts, jit_vals, &state) == -1) + { + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s link failed. Error Log:", device_param->device_id + 1, source_file); + event_log_error (hashcat_ctx, "%s", jit_error_log); + event_log_error (hashcat_ctx, NULL); + + return false; + } + + if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, kernel_name, 0, NULL, NULL) == -1) + { + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s link failed. Error Log:", device_param->device_id + 1, source_file); + event_log_error (hashcat_ctx, "%s", jit_error_log); + event_log_error (hashcat_ctx, NULL); + + return false; + } + + void *cubin = NULL; + + size_t cubin_size = 0; + + if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) + { + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s link failed. Error Log:", device_param->device_id + 1, source_file); + event_log_error (hashcat_ctx, "%s", jit_error_log); + event_log_error (hashcat_ctx, NULL); + + return false; + } + + #if defined (DEBUG) + event_log_info (hashcat_ctx, "* Device #%u: Kernel %s link successful. Info Log:", device_param->device_id + 1, source_file); + event_log_info (hashcat_ctx, "%s", jit_info_log); + event_log_info (hashcat_ctx, NULL); + #endif + + if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, cubin, 6, mod_opts, mod_vals) == -1) + { + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s load failed. Error Log:", device_param->device_id + 1, source_file); + event_log_error (hashcat_ctx, "%s", mod_error_log); + event_log_error (hashcat_ctx, NULL); + + return false; + } + + #if defined (DEBUG) + event_log_info (hashcat_ctx, "* Device #%u: Kernel %s load successful. Info Log:", device_param->device_id + 1, source_file); + event_log_info (hashcat_ctx, "%s", mod_info_log); + event_log_info (hashcat_ctx, NULL); + #endif + + if (cache_disable == false) + { + if (write_kernel_binary (hashcat_ctx, cached_file, cubin, cubin_size) == false) return false; + } + + if (hc_cuLinkDestroy (hashcat_ctx, state) == -1) return false; + + hcfree (jit_info_log); + hcfree (jit_error_log); + + #else + + if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, binary, 6, mod_opts, mod_vals) == -1) + { + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s load failed. Error Log:", device_param->device_id + 1, source_file); + event_log_error (hashcat_ctx, "%s", mod_error_log); + event_log_error (hashcat_ctx, NULL); + + return false; + } + + #if defined (DEBUG) + event_log_info (hashcat_ctx, "* Device #%u: Kernel %s load successful. Info Log:", device_param->device_id + 1, source_file); + event_log_info (hashcat_ctx, "%s", mod_info_log); + event_log_info (hashcat_ctx, NULL); + #endif + + if (cache_disable == false) + { + if (write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size) == false) return false; + } + + #endif + + hcfree (mod_info_log); + hcfree (mod_error_log); + + hcfree (binary); + } + + if (device_param->is_opencl == true) + { + if (hc_clCreateProgramWithSource (hashcat_ctx, device_param->opencl_context, 1, (const char **) kernel_sources, NULL, opencl_program) == -1) return false; + + const int CL_rc = hc_clBuildProgram (hashcat_ctx, *opencl_program, 1, &device_param->opencl_device, build_options_buf, NULL, NULL); + + //if (CL_rc == -1) return -1; + + size_t build_log_size = 0; + + hc_clGetProgramBuildInfo (hashcat_ctx, *opencl_program, device_param->opencl_device, CL_PROGRAM_BUILD_LOG, 0, NULL, &build_log_size); + + //if (CL_rc == -1) return -1; + + #if defined (DEBUG) + if ((build_log_size > 1) || (CL_rc == -1)) + #else + if (CL_rc == -1) + #endif + { + char *build_log = (char *) hcmalloc (build_log_size + 1); + + const int rc_clGetProgramBuildInfo = hc_clGetProgramBuildInfo (hashcat_ctx, *opencl_program, device_param->opencl_device, CL_PROGRAM_BUILD_LOG, build_log_size, build_log, NULL); + + if (rc_clGetProgramBuildInfo == -1) return false; + + puts (build_log); + + hcfree (build_log); + } + + if (CL_rc == -1) return false; + + if (cache_disable == false) + { + size_t binary_size; + + if (hc_clGetProgramInfo (hashcat_ctx, *opencl_program, CL_PROGRAM_BINARY_SIZES, sizeof (size_t), &binary_size, NULL) == -1) return false; + + char *binary = (char *) hcmalloc (binary_size); + + if (hc_clGetProgramInfo (hashcat_ctx, *opencl_program, CL_PROGRAM_BINARIES, sizeof (char *), &binary, NULL) == -1) return false; + + if (write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size) == false) return false; + + hcfree (binary); + } + } + } + else + { + if (read_kernel_binary (hashcat_ctx, cached_file, kernel_lengths, kernel_sources, false) == false) return false; + + if (device_param->is_cuda == true) + { + #define LOG_SIZE 8192 + + char *mod_info_log = (char *) hcmalloc (LOG_SIZE + 1); + char *mod_error_log = (char *) hcmalloc (LOG_SIZE + 1); + + CUjit_option mod_opts[6]; + void *mod_vals[6]; + + mod_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; + mod_vals[0] = (void *) 0; + + mod_opts[1] = CU_JIT_LOG_VERBOSE; + mod_vals[1] = (void *) 1; + + mod_opts[2] = CU_JIT_INFO_LOG_BUFFER; + mod_vals[2] = (void *) mod_info_log; + + mod_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; + mod_vals[3] = (void *) LOG_SIZE; + + mod_opts[4] = CU_JIT_ERROR_LOG_BUFFER; + mod_vals[4] = (void *) mod_error_log; + + mod_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; + mod_vals[5] = (void *) LOG_SIZE; + + if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, kernel_sources[0], 6, mod_opts, mod_vals) == -1) + { + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s load failed. Error Log:", device_param->device_id + 1, source_file); + event_log_error (hashcat_ctx, "%s", mod_error_log); + event_log_error (hashcat_ctx, NULL); + + return false; + } + + #if defined (DEBUG) + event_log_info (hashcat_ctx, "* Device #%u: Kernel %s load successful. Info Log:", device_param->device_id + 1, source_file); + event_log_info (hashcat_ctx, "%s", mod_info_log); + event_log_info (hashcat_ctx, NULL); + #endif + + hcfree (mod_info_log); + hcfree (mod_error_log); + } + + if (device_param->is_opencl == true) + { + if (hc_clCreateProgramWithBinary (hashcat_ctx, device_param->opencl_context, 1, &device_param->opencl_device, kernel_lengths, (const unsigned char **) kernel_sources, NULL, opencl_program) == -1) return false; + + if (hc_clBuildProgram (hashcat_ctx, *opencl_program, 1, &device_param->opencl_device, build_options_buf, NULL, NULL) == -1) return false; + } + } + + hcfree (kernel_sources[0]); + + return true; +} + int backend_session_begin (hashcat_ctx_t *hashcat_ctx) { const bitmap_ctx_t *bitmap_ctx = hashcat_ctx->bitmap_ctx; @@ -7409,312 +7770,18 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) generate_cached_kernel_filename (user_options->slow_candidates, hashconfig->attack_exec, user_options_extra->attack_kern, kern_type, hashconfig->opti_type, folder_config->profile_dir, device_name_chksum, cached_file); - bool cached = true; - - if (cache_disable == true) - { - cached = false; - } - - if (hc_path_read (cached_file) == false) - { - cached = false; - } - - if (hc_path_is_empty (cached_file) == true) - { - cached = false; - } - /** - * kernel compile or load + * load kernel */ - size_t kernel_lengths_buf = 0; + const bool rc_load_kernel = load_kernel (hashcat_ctx, device_param, "main_kernel", source_file, cached_file, build_options_module_buf, cache_disable, &device_param->opencl_program, &device_param->cuda_module); - size_t *kernel_lengths = &kernel_lengths_buf; - - char *kernel_sources_buf = NULL; - - char **kernel_sources = &kernel_sources_buf; - - if (cached == false) + if (rc_load_kernel == false) { - #if defined (DEBUG) - if (user_options->quiet == false) event_log_warning (hashcat_ctx, "* Device #%u: Kernel %s not found in cache! Building may take a while...", device_id + 1, filename_from_filepath (cached_file)); - #endif + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed.", device_param->device_id + 1, source_file); - if (read_kernel_binary (hashcat_ctx, source_file, kernel_lengths, kernel_sources, true) == false) return -1; - - if (device_param->is_cuda == true) - { - nvrtcProgram program; - - if (hc_nvrtcCreateProgram (hashcat_ctx, &program, kernel_sources[0], "main_kernel", 0, NULL, NULL) == -1) return -1; - - char **nvrtc_options = (char **) hccalloc (4 + strlen (build_options_module_buf) + 1, sizeof (char *)); // ... - - nvrtc_options[0] = "--restrict"; - nvrtc_options[1] = "--device-as-default-execution-space"; - nvrtc_options[2] = "--gpu-architecture"; - - hc_asprintf (&nvrtc_options[3], "compute_%d%d", device_param->sm_major, device_param->sm_minor); - - char *nvrtc_options_string = hcstrdup (build_options_module_buf); - - const int num_options = 4 + nvrtc_make_options_array_from_string (nvrtc_options_string, nvrtc_options + 4); - - const int rc_nvrtcCompileProgram = hc_nvrtcCompileProgram (hashcat_ctx, program, num_options, (const char * const *) nvrtc_options); - - size_t build_log_size = 0; - - hc_nvrtcGetProgramLogSize (hashcat_ctx, program, &build_log_size); - - #if defined (DEBUG) - if ((build_log_size > 1) || (rc_nvrtcCompileProgram == -1)) - #else - if (rc_nvrtcCompileProgram == -1) - #endif - { - char *build_log = (char *) hcmalloc (build_log_size + 1); - - if (hc_nvrtcGetProgramLog (hashcat_ctx, program, build_log) == -1) return -1; - - puts (build_log); - - hcfree (build_log); - } - - if (rc_nvrtcCompileProgram == -1) - { - device_param->skipped_warning = true; - - event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed - proceeding without this device.", device_id + 1, source_file); - - continue; - } - - hcfree (nvrtc_options); - hcfree (nvrtc_options_string); - - size_t binary_size = 0; - - if (hc_nvrtcGetPTXSize (hashcat_ctx, program, &binary_size) == -1) return -1; - - char *binary = (char *) hcmalloc (binary_size); - - if (hc_nvrtcGetPTX (hashcat_ctx, program, binary) == -1) return -1; - - if (hc_nvrtcDestroyProgram (hashcat_ctx, &program) == -1) return -1; - - #define LOG_SIZE 8192 - - char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); - char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); - - CUjit_option cujit_opts[6]; - void *cujit_vals[6]; - - cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; - cujit_vals[0] = (void *) 0; - - cujit_opts[1] = CU_JIT_LOG_VERBOSE; - cujit_vals[1] = (void *) 1; - - cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; - cujit_vals[2] = (void *) cujit_info_log; - - cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; - cujit_vals[3] = (void *) LOG_SIZE; - - cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; - cujit_vals[4] = (void *) cujit_error_log; - - cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; - cujit_vals[5] = (void *) LOG_SIZE; - - CUlinkState state; - - if (hc_cuLinkCreate (hashcat_ctx, 6, cujit_opts, cujit_vals, &state) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "kernel", 0, NULL, NULL) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - void *cubin = NULL; - - size_t cubin_size = 0; - - if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - #ifdef DEBUG - - event_log_info (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_info (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module, binary, 6, cujit_opts, cujit_vals) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - if (cache_disable == false) - { - if (write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size) == false) return -1; - } - - #else - - if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module, cubin, 6, cujit_opts, cujit_vals) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - if (cache_disable == false) - { - if (write_kernel_binary (hashcat_ctx, cached_file, cubin, cubin_size) == false) return -1; - } - - #endif - - hcfree (cujit_info_log); - hcfree (cujit_error_log); - - hcfree (binary); - - if (hc_cuLinkDestroy (hashcat_ctx, state) == -1) return -1; - } - - if (device_param->is_opencl == true) - { - if (hc_clCreateProgramWithSource (hashcat_ctx, device_param->opencl_context, 1, (const char **) kernel_sources, NULL, &device_param->opencl_program) == -1) return -1; - - const int CL_rc = hc_clBuildProgram (hashcat_ctx, device_param->opencl_program, 1, &device_param->opencl_device, build_options_module_buf, NULL, NULL); - - //if (CL_rc == -1) return -1; - - size_t build_log_size = 0; - - hc_clGetProgramBuildInfo (hashcat_ctx, device_param->opencl_program, device_param->opencl_device, CL_PROGRAM_BUILD_LOG, 0, NULL, &build_log_size); - - //if (CL_rc == -1) return -1; - - #if defined (DEBUG) - if ((build_log_size > 1) || (CL_rc == -1)) - #else - if (CL_rc == -1) - #endif - { - char *build_log = (char *) hcmalloc (build_log_size + 1); - - const int rc_clGetProgramBuildInfo = hc_clGetProgramBuildInfo (hashcat_ctx, device_param->opencl_program, device_param->opencl_device, CL_PROGRAM_BUILD_LOG, build_log_size, build_log, NULL); - - if (rc_clGetProgramBuildInfo == -1) return -1; - - puts (build_log); - - hcfree (build_log); - } - - if (CL_rc == -1) - { - device_param->skipped_warning = true; - - event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed - proceeding without this device.", device_id + 1, source_file); - - continue; - } - - if (cache_disable == false) - { - size_t binary_size; - - if (hc_clGetProgramInfo (hashcat_ctx, device_param->opencl_program, CL_PROGRAM_BINARY_SIZES, sizeof (size_t), &binary_size, NULL) == -1) return -1; - - char *binary = (char *) hcmalloc (binary_size); - - if (hc_clGetProgramInfo (hashcat_ctx, device_param->opencl_program, CL_PROGRAM_BINARIES, sizeof (char *), &binary, NULL) == -1) return -1; - - if (write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size) == false) return -1; - - hcfree (binary); - } - } + return -1; } - else - { - if (read_kernel_binary (hashcat_ctx, cached_file, kernel_lengths, kernel_sources, false) == false) return -1; - - if (device_param->is_cuda == true) - { - #define LOG_SIZE 8192 - - char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); - char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); - - CUjit_option cujit_opts[6]; - void *cujit_vals[6]; - - cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; - cujit_vals[0] = (void *) 0; - - cujit_opts[1] = CU_JIT_LOG_VERBOSE; - cujit_vals[1] = (void *) 1; - - cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; - cujit_vals[2] = (void *) cujit_info_log; - - cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; - cujit_vals[3] = (void *) LOG_SIZE; - - cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; - cujit_vals[4] = (void *) cujit_error_log; - - cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; - cujit_vals[5] = (void *) LOG_SIZE; - - if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module, kernel_sources[0], 6, cujit_opts, cujit_vals) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - hcfree (cujit_info_log); - hcfree (cujit_error_log); - } - - if (device_param->is_opencl == true) - { - if (hc_clCreateProgramWithBinary (hashcat_ctx, device_param->opencl_context, 1, &device_param->opencl_device, kernel_lengths, (const unsigned char **) kernel_sources, NULL, &device_param->opencl_program) == -1) return -1; - - if (hc_clBuildProgram (hashcat_ctx, device_param->opencl_program, 1, &device_param->opencl_device, build_options_module_buf, NULL, NULL) == -1) return -1; - } - } - - hcfree (kernel_sources[0]); } hcfree (build_options_module_buf); @@ -7753,312 +7820,14 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) generate_cached_kernel_mp_filename (hashconfig->opti_type, hashconfig->opts_type, folder_config->profile_dir, device_name_chksum_amp_mp, cached_file); - bool cached = true; + const bool rc_load_kernel = load_kernel (hashcat_ctx, device_param, "mp_kernel", source_file, cached_file, build_options_buf, cache_disable, &device_param->opencl_program_mp, &device_param->cuda_module_mp); - if (cache_disable == true) + if (rc_load_kernel == false) { - cached = false; + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed.", device_param->device_id + 1, source_file); + + return -1; } - - if (hc_path_read (cached_file) == false) - { - cached = false; - } - - if (hc_path_is_empty (cached_file) == true) - { - cached = false; - } - - /** - * kernel compile or load - */ - - size_t kernel_lengths_buf = 0; - - size_t *kernel_lengths = &kernel_lengths_buf; - - char *kernel_sources_buf = NULL; - - char **kernel_sources = &kernel_sources_buf; - - if (cached == false) - { - #if defined (DEBUG) - if (user_options->quiet == false) event_log_warning (hashcat_ctx, "* Device #%u: Kernel %s not found in cache! Building may take a while...", device_id + 1, filename_from_filepath (cached_file)); - #endif - - if (read_kernel_binary (hashcat_ctx, source_file, kernel_lengths, kernel_sources, true) == false) return -1; - - if (device_param->is_cuda == true) - { - nvrtcProgram program; - - if (hc_nvrtcCreateProgram (hashcat_ctx, &program, kernel_sources[0], "mp_kernel", 0, NULL, NULL) == -1) return -1; - - char **nvrtc_options = (char **) hccalloc (4 + strlen (build_options_buf) + 1, sizeof (char *)); // ... - - nvrtc_options[0] = "--restrict"; - nvrtc_options[1] = "--device-as-default-execution-space"; - nvrtc_options[2] = "--gpu-architecture"; - - hc_asprintf (&nvrtc_options[3], "compute_%d%d", device_param->sm_major, device_param->sm_minor); - - char *nvrtc_options_string = hcstrdup (build_options_buf); - - const int num_options = 4 + nvrtc_make_options_array_from_string (nvrtc_options_string, nvrtc_options + 4); - - const int rc_nvrtcCompileProgram = hc_nvrtcCompileProgram (hashcat_ctx, program, num_options, (const char * const *) nvrtc_options); - - size_t build_log_size = 0; - - hc_nvrtcGetProgramLogSize (hashcat_ctx, program, &build_log_size); - - #if defined (DEBUG) - if ((build_log_size > 1) || (rc_nvrtcCompileProgram == -1)) - #else - if (rc_nvrtcCompileProgram == -1) - #endif - { - char *build_log = (char *) hcmalloc (build_log_size + 1); - - if (hc_nvrtcGetProgramLog (hashcat_ctx, program, build_log) == -1) return -1; - - puts (build_log); - - hcfree (build_log); - } - - if (rc_nvrtcCompileProgram == -1) - { - device_param->skipped_warning = true; - - event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed - proceeding without this device.", device_id + 1, source_file); - - continue; - } - - hcfree (nvrtc_options); - hcfree (nvrtc_options_string); - - size_t binary_size = 0; - - if (hc_nvrtcGetPTXSize (hashcat_ctx, program, &binary_size) == -1) return -1; - - char *binary = (char *) hcmalloc (binary_size); - - if (hc_nvrtcGetPTX (hashcat_ctx, program, binary) == -1) return -1; - - if (hc_nvrtcDestroyProgram (hashcat_ctx, &program) == -1) return -1; - - #define LOG_SIZE 8192 - - char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); - char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); - - CUjit_option cujit_opts[6]; - void *cujit_vals[6]; - - cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; - cujit_vals[0] = (void *) 0; - - cujit_opts[1] = CU_JIT_LOG_VERBOSE; - cujit_vals[1] = (void *) 1; - - cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; - cujit_vals[2] = (void *) cujit_info_log; - - cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; - cujit_vals[3] = (void *) LOG_SIZE; - - cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; - cujit_vals[4] = (void *) cujit_error_log; - - cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; - cujit_vals[5] = (void *) LOG_SIZE; - - CUlinkState state; - - if (hc_cuLinkCreate (hashcat_ctx, 6, cujit_opts, cujit_vals, &state) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "mp_kernel", 0, NULL, NULL) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - void *cubin = NULL; - - size_t cubin_size = 0; - - if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - #ifdef DEBUG - - event_log_info (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_info (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_mp, binary, 6, cujit_opts, cujit_vals) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - if (cache_disable == false) - { - if (write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size) == false) return -1; - } - - #else - - if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_mp, cubin, 6, cujit_opts, cujit_vals) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - if (cache_disable == false) - { - if (write_kernel_binary (hashcat_ctx, cached_file, cubin, cubin_size) == false) return -1; - } - - #endif - - hcfree (binary); - - hcfree (cujit_info_log); - hcfree (cujit_error_log); - - if (hc_cuLinkDestroy (hashcat_ctx, state) == -1) return -1; - } - - if (device_param->is_opencl == true) - { - if (hc_clCreateProgramWithSource (hashcat_ctx, device_param->opencl_context, 1, (const char **) kernel_sources, NULL, &device_param->opencl_program_mp) == -1) return -1; - - const int CL_rc = hc_clBuildProgram (hashcat_ctx, device_param->opencl_program_mp, 1, &device_param->opencl_device, build_options_buf, NULL, NULL); - - //if (CL_rc == -1) return -1; - - size_t build_log_size = 0; - - hc_clGetProgramBuildInfo (hashcat_ctx, device_param->opencl_program_mp, device_param->opencl_device, CL_PROGRAM_BUILD_LOG, 0, NULL, &build_log_size); - - //if (CL_rc == -1) return -1; - - #if defined (DEBUG) - if ((build_log_size > 1) || (CL_rc == -1)) - #else - if (CL_rc == -1) - #endif - { - char *build_log = (char *) hcmalloc (build_log_size + 1); - - const int rc_clGetProgramBuildInfo = hc_clGetProgramBuildInfo (hashcat_ctx, device_param->opencl_program_mp, device_param->opencl_device, CL_PROGRAM_BUILD_LOG, build_log_size, build_log, NULL); - - if (rc_clGetProgramBuildInfo == -1) return -1; - - puts (build_log); - - hcfree (build_log); - } - - if (CL_rc == -1) - { - device_param->skipped_warning = true; - - event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed - proceeding without this device.", device_id + 1, source_file); - - continue; - } - - if (cache_disable == false) - { - size_t binary_size = 0; - - if (hc_clGetProgramInfo (hashcat_ctx, device_param->opencl_program_mp, CL_PROGRAM_BINARY_SIZES, sizeof (size_t), &binary_size, NULL) == -1) return -1; - - char *binary = (char *) hcmalloc (binary_size); - - if (hc_clGetProgramInfo (hashcat_ctx, device_param->opencl_program_mp, CL_PROGRAM_BINARIES, sizeof (char *), &binary, NULL) == -1) return -1; - - write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size); - - hcfree (binary); - } - } - } - else - { - if (read_kernel_binary (hashcat_ctx, cached_file, kernel_lengths, kernel_sources, false) == false) return -1; - - if (device_param->is_cuda == true) - { - #define LOG_SIZE 8192 - - char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); - char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); - - CUjit_option cujit_opts[6]; - void *cujit_vals[6]; - - cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; - cujit_vals[0] = (void *) 0; - - cujit_opts[1] = CU_JIT_LOG_VERBOSE; - cujit_vals[1] = (void *) 1; - - cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; - cujit_vals[2] = (void *) cujit_info_log; - - cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; - cujit_vals[3] = (void *) LOG_SIZE; - - cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; - cujit_vals[4] = (void *) cujit_error_log; - - cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; - cujit_vals[5] = (void *) LOG_SIZE; - - if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_mp, kernel_sources[0], 6, cujit_opts, cujit_vals) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - hcfree (cujit_info_log); - hcfree (cujit_error_log); - } - - if (device_param->is_opencl == true) - { - if (hc_clCreateProgramWithBinary (hashcat_ctx, device_param->opencl_context, 1, &device_param->opencl_device, kernel_lengths, (const unsigned char **) kernel_sources, NULL, &device_param->opencl_program_mp) == -1) return -1; - - if (hc_clBuildProgram (hashcat_ctx, device_param->opencl_program_mp, 1, &device_param->opencl_device, build_options_buf, NULL, NULL) == -1) return -1; - } - } - - hcfree (kernel_sources[0]); } } @@ -8100,315 +7869,15 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) generate_cached_kernel_amp_filename (user_options_extra->attack_kern, folder_config->profile_dir, device_name_chksum_amp_mp, cached_file); - bool cached = true; + const bool rc_load_kernel = load_kernel (hashcat_ctx, device_param, "amp_kernel", source_file, cached_file, build_options_buf, cache_disable, &device_param->opencl_program_amp, &device_param->cuda_module_amp); - if (cache_disable == true) + if (rc_load_kernel == false) { - cached = false; + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed.", device_param->device_id + 1, source_file); + + return -1; } - if (hc_path_read (cached_file) == false) - { - cached = false; - } - - if (hc_path_is_empty (cached_file) == true) - { - cached = false; - } - - /** - * kernel compile or load - */ - - size_t kernel_lengths_buf = 0; - - size_t *kernel_lengths = &kernel_lengths_buf; - - char *kernel_sources_buf = NULL; - - char **kernel_sources = &kernel_sources_buf; - - if (cached == false) - { - #if defined (DEBUG) - if (user_options->quiet == false) event_log_warning (hashcat_ctx, "* Device #%u: Kernel %s not found in cache! Building may take a while...", device_id + 1, filename_from_filepath (cached_file)); - #endif - - const bool rc_read_kernel = read_kernel_binary (hashcat_ctx, source_file, kernel_lengths, kernel_sources, true); - - if (rc_read_kernel == false) return -1; - - if (device_param->is_cuda == true) - { - nvrtcProgram program; - - if (hc_nvrtcCreateProgram (hashcat_ctx, &program, kernel_sources[0], "amp_kernel", 0, NULL, NULL) == -1) return -1; - - char **nvrtc_options = (char **) hccalloc (4 + strlen (build_options_buf) + 1, sizeof (char *)); // ... - - nvrtc_options[0] = "--restrict"; - nvrtc_options[1] = "--device-as-default-execution-space"; - nvrtc_options[2] = "--gpu-architecture"; - - hc_asprintf (&nvrtc_options[3], "compute_%d%d", device_param->sm_major, device_param->sm_minor); - - char *nvrtc_options_string = hcstrdup (build_options_buf); - - const int num_options = 4 + nvrtc_make_options_array_from_string (nvrtc_options_string, nvrtc_options + 4); - - const int rc_nvrtcCompileProgram = hc_nvrtcCompileProgram (hashcat_ctx, program, num_options, (const char * const *) nvrtc_options); - - size_t build_log_size = 0; - - hc_nvrtcGetProgramLogSize (hashcat_ctx, program, &build_log_size); - - #if defined (DEBUG) - if ((build_log_size > 1) || (rc_nvrtcCompileProgram == -1)) - #else - if (rc_nvrtcCompileProgram == -1) - #endif - { - char *build_log = (char *) hcmalloc (build_log_size + 1); - - if (hc_nvrtcGetProgramLog (hashcat_ctx, program, build_log) == -1) return -1; - - puts (build_log); - - hcfree (build_log); - } - - if (rc_nvrtcCompileProgram == -1) - { - device_param->skipped_warning = true; - - event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed - proceeding without this device.", device_id + 1, source_file); - - continue; - } - - hcfree (nvrtc_options); - hcfree (nvrtc_options_string); - - size_t binary_size = 0; - - if (hc_nvrtcGetPTXSize (hashcat_ctx, program, &binary_size) == -1) return -1; - - char *binary = (char *) hcmalloc (binary_size); - - if (hc_nvrtcGetPTX (hashcat_ctx, program, binary) == -1) return -1; - - if (hc_nvrtcDestroyProgram (hashcat_ctx, &program) == -1) return -1; - - #define LOG_SIZE 8192 - - char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); - char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); - - CUjit_option cujit_opts[6]; - void *cujit_vals[6]; - - cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; - cujit_vals[0] = (void *) 0; - - cujit_opts[1] = CU_JIT_LOG_VERBOSE; - cujit_vals[1] = (void *) 1; - - cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; - cujit_vals[2] = (void *) cujit_info_log; - - cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; - cujit_vals[3] = (void *) LOG_SIZE; - - cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; - cujit_vals[4] = (void *) cujit_error_log; - - cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; - cujit_vals[5] = (void *) LOG_SIZE; - - CUlinkState state; - - if (hc_cuLinkCreate (hashcat_ctx, 6, cujit_opts, cujit_vals, &state) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - if (hc_cuLinkAddData (hashcat_ctx, state, CU_JIT_INPUT_PTX, binary, binary_size, "amp_kernel", 0, NULL, NULL) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - void *cubin = NULL; - - size_t cubin_size = 0; - - if (hc_cuLinkComplete (hashcat_ctx, state, &cubin, &cubin_size) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - #ifdef DEBUG - - event_log_info (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_info (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_amp, binary, 6, cujit_opts, cujit_vals) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - if (cache_disable == false) - { - if (write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size) == false) return -1; - } - - #else - - if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_amp, cubin, 6, cujit_opts, cujit_vals) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - if (cache_disable == false) - { - if (write_kernel_binary (hashcat_ctx, cached_file, cubin, cubin_size) == false) return -1; - } - - #endif - - hcfree (cujit_info_log); - hcfree (cujit_error_log); - - hcfree (binary); - - if (hc_cuLinkDestroy (hashcat_ctx, state) == -1) return -1; - } - - if (device_param->is_opencl == true) - { - if (hc_clCreateProgramWithSource (hashcat_ctx, device_param->opencl_context, 1, (const char **) kernel_sources, NULL, &device_param->opencl_program_amp) == -1) return -1; - - const int CL_rc = hc_clBuildProgram (hashcat_ctx, device_param->opencl_program_amp, 1, &device_param->opencl_device, build_options_buf, NULL, NULL); - - //if (CL_rc == -1) return -1; - - size_t build_log_size = 0; - - hc_clGetProgramBuildInfo (hashcat_ctx, device_param->opencl_program_amp, device_param->opencl_device, CL_PROGRAM_BUILD_LOG, 0, NULL, &build_log_size); - - //if (CL_rc == -1) return -1; - - #if defined (DEBUG) - if ((build_log_size > 1) || (CL_rc == -1)) - #else - if (CL_rc == -1) - #endif - { - char *build_log = (char *) hcmalloc (build_log_size + 1); - - const int rc_clGetProgramBuildInfo = hc_clGetProgramBuildInfo (hashcat_ctx, device_param->opencl_program_amp, device_param->opencl_device, CL_PROGRAM_BUILD_LOG, build_log_size, build_log, NULL); - - if (rc_clGetProgramBuildInfo == -1) return -1; - - puts (build_log); - - hcfree (build_log); - } - - if (CL_rc == -1) - { - device_param->skipped_warning = true; - - event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed - proceeding without this device.", device_id + 1, source_file); - - continue; - } - - if (cache_disable == false) - { - size_t binary_size; - - if (hc_clGetProgramInfo (hashcat_ctx, device_param->opencl_program_amp, CL_PROGRAM_BINARY_SIZES, sizeof (size_t), &binary_size, NULL) == -1) return -1; - - char *binary = (char *) hcmalloc (binary_size); - - if (hc_clGetProgramInfo (hashcat_ctx, device_param->opencl_program_amp, CL_PROGRAM_BINARIES, sizeof (char *), &binary, NULL) == -1) return -1; - - write_kernel_binary (hashcat_ctx, cached_file, binary, binary_size); - - hcfree (binary); - } - } - } - else - { - if (read_kernel_binary (hashcat_ctx, cached_file, kernel_lengths, kernel_sources, false) == false) return -1; - - if (device_param->is_cuda == true) - { - #define LOG_SIZE 8192 - - char *cujit_info_log = (char *) hcmalloc (LOG_SIZE + 1); - char *cujit_error_log = (char *) hcmalloc (LOG_SIZE + 1); - - CUjit_option cujit_opts[6]; - void *cujit_vals[6]; - - cujit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; - cujit_vals[0] = (void *) 0; - - cujit_opts[1] = CU_JIT_LOG_VERBOSE; - cujit_vals[1] = (void *) 1; - - cujit_opts[2] = CU_JIT_INFO_LOG_BUFFER; - cujit_vals[2] = (void *) cujit_info_log; - - cujit_opts[3] = CU_JIT_INFO_LOG_BUFFER_SIZE_BYTES; - cujit_vals[3] = (void *) LOG_SIZE; - - cujit_opts[4] = CU_JIT_ERROR_LOG_BUFFER; - cujit_vals[4] = (void *) cujit_error_log; - - cujit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; - cujit_vals[5] = (void *) LOG_SIZE; - - if (hc_cuModuleLoadDataEx (hashcat_ctx, &device_param->cuda_module_amp, kernel_sources[0], 6, cujit_opts, cujit_vals) == -1) - { - event_log_error (hashcat_ctx, "cujit() Info Log (%d):\n%s\n\n", (int) strlen (cujit_info_log), cujit_info_log); - event_log_error (hashcat_ctx, "cujit() Error Log (%d):\n%s\n\n", (int) strlen (cujit_error_log), cujit_error_log); - - return -1; - } - - hcfree (cujit_info_log); - hcfree (cujit_error_log); - } - - if (device_param->is_opencl == true) - { - if (hc_clCreateProgramWithBinary (hashcat_ctx, device_param->opencl_context, 1, &device_param->opencl_device, kernel_lengths, (const unsigned char **) kernel_sources, NULL, &device_param->opencl_program_amp) == -1) return -1; - - if (hc_clBuildProgram (hashcat_ctx, device_param->opencl_program_amp, 1, &device_param->opencl_device, build_options_buf, NULL, NULL) == -1) return -1; - } - } - - hcfree (kernel_sources[0]); - hcfree (build_options_buf); } } From 1fc37c25f93480d1914abf27f62a0e3ce6ef047f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 1 Feb 2020 09:00:48 +0100 Subject: [PATCH 188/300] OpenCL Kernels: Moved "gpu_decompress", "gpu_memset" and "gpu_atinit" into new OpenCL/shared.cl in order to reduce compile time --- OpenCL/inc_common.cl | 142 --------------------------------------- OpenCL/inc_common.h | 1 - OpenCL/shared.cl | 153 +++++++++++++++++++++++++++++++++++++++++++ docs/changes.txt | 1 + include/backend.h | 14 ++-- include/types.h | 2 + src/backend.c | 60 +++++++++++++++-- 7 files changed, 218 insertions(+), 155 deletions(-) create mode 100644 OpenCL/shared.cl diff --git a/OpenCL/inc_common.cl b/OpenCL/inc_common.cl index cb6f9a534..a6dfc71c4 100644 --- a/OpenCL/inc_common.cl +++ b/OpenCL/inc_common.cl @@ -60899,145 +60899,3 @@ DECLSPEC void append_0x80_4x4_VV (u32x *w0, u32x *w1, u32x *w2, u32x *w3, const #endif } - -DECLSPEC void gpu_decompress_entry (GLOBAL_AS pw_idx_t *pws_idx, GLOBAL_AS u32 *pws_comp, pw_t *pw, const u64 gid) -{ - const u32 off = pws_idx[gid].off; - const u32 cnt = pws_idx[gid].cnt; - const u32 len = pws_idx[gid].len; - - #ifdef _unroll - #pragma unroll - #endif - for (u32 i = 0; i < 64; i++) - { - pw->i[i] = 0; - } - - for (u32 i = 0, j = off; i < cnt; i++, j++) - { - pw->i[i] = pws_comp[j]; - } - - pw->pw_len = len; -} - -KERNEL_FQ void gpu_decompress (GLOBAL_AS pw_idx_t *pws_idx, GLOBAL_AS u32 *pws_comp, GLOBAL_AS pw_t *pws_buf, const u64 gid_max) -{ - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - - pw_t pw; - - gpu_decompress_entry (pws_idx, pws_comp, &pw, gid); - - pws_buf[gid] = pw; -} - -KERNEL_FQ void gpu_memset (GLOBAL_AS uint4 *buf, const u32 value, const u64 gid_max) -{ - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - - uint4 r; - - #if defined IS_NATIVE - r = value; - #elif defined IS_OPENCL - r.s0 = value; - r.s1 = value; - r.s2 = value; - r.s3 = value; - #elif defined IS_CUDA - r.x = value; - r.y = value; - r.z = value; - r.w = value; - #endif - - buf[gid] = r; -} - -KERNEL_FQ void gpu_atinit (GLOBAL_AS pw_t *buf, const u64 gid_max) -{ - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - - const u32 l32 = l32_from_64_S (gid); - const u32 h32 = h32_from_64_S (gid); - - pw_t pw; - - pw.i[ 0] = 0x5c5c5c5c ^ l32; - pw.i[ 1] = 0x36363636 ^ h32; - pw.i[ 2] = 0; - pw.i[ 3] = 0; - pw.i[ 4] = 0; - pw.i[ 5] = 0; - pw.i[ 6] = 0; - pw.i[ 7] = 0; - pw.i[ 8] = 0; - pw.i[ 9] = 0; - pw.i[10] = 0; - pw.i[11] = 0; - pw.i[12] = 0; - pw.i[13] = 0; - pw.i[14] = 0; - pw.i[15] = 0; - pw.i[16] = 0; - pw.i[17] = 0; - pw.i[18] = 0; - pw.i[19] = 0; - pw.i[20] = 0; - pw.i[21] = 0; - pw.i[22] = 0; - pw.i[23] = 0; - pw.i[24] = 0; - pw.i[25] = 0; - pw.i[26] = 0; - pw.i[27] = 0; - pw.i[28] = 0; - pw.i[29] = 0; - pw.i[30] = 0; - pw.i[31] = 0; - pw.i[32] = 0; - pw.i[33] = 0; - pw.i[34] = 0; - pw.i[35] = 0; - pw.i[36] = 0; - pw.i[37] = 0; - pw.i[38] = 0; - pw.i[39] = 0; - pw.i[40] = 0; - pw.i[41] = 0; - pw.i[42] = 0; - pw.i[43] = 0; - pw.i[44] = 0; - pw.i[45] = 0; - pw.i[46] = 0; - pw.i[47] = 0; - pw.i[48] = 0; - pw.i[49] = 0; - pw.i[50] = 0; - pw.i[51] = 0; - pw.i[52] = 0; - pw.i[53] = 0; - pw.i[54] = 0; - pw.i[55] = 0; - pw.i[56] = 0; - pw.i[57] = 0; - pw.i[58] = 0; - pw.i[59] = 0; - pw.i[60] = 0; - pw.i[61] = 0; - pw.i[62] = 0; - pw.i[63] = 0; // yep that's faster - - //pw.pw_len = 1 + (l32 & 15); - pw.pw_len = 7; // some algorithms are very sensible on this (example: 12500) - - buf[gid] = pw; -} diff --git a/OpenCL/inc_common.h b/OpenCL/inc_common.h index 2fc520fba..7119ccf5e 100644 --- a/OpenCL/inc_common.h +++ b/OpenCL/inc_common.h @@ -277,6 +277,5 @@ DECLSPEC void append_0x01_4x4_VV (u32x *w0, u32x *w1, u32x *w2, u32x *w3, const DECLSPEC void append_0x06_2x4_VV (u32x *w0, u32x *w1, const u32x offset); DECLSPEC void append_0x80_2x4_VV (u32x *w0, u32x *w1, const u32x offset); DECLSPEC void append_0x80_4x4_VV (u32x *w0, u32x *w1, u32x *w2, u32x *w3, const u32x offset); -DECLSPEC void gpu_decompress_entry (GLOBAL_AS pw_idx_t *pws_idx, GLOBAL_AS u32 *pws_comp, pw_t *pw, const u64 gid); #endif diff --git a/OpenCL/shared.cl b/OpenCL/shared.cl new file mode 100644 index 000000000..30df353ef --- /dev/null +++ b/OpenCL/shared.cl @@ -0,0 +1,153 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#endif + +DECLSPEC void gpu_decompress_entry (GLOBAL_AS pw_idx_t *pws_idx, GLOBAL_AS u32 *pws_comp, pw_t *pw, const u64 gid) +{ + const u32 off = pws_idx[gid].off; + const u32 cnt = pws_idx[gid].cnt; + const u32 len = pws_idx[gid].len; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 64; i++) + { + pw->i[i] = 0; + } + + for (u32 i = 0, j = off; i < cnt; i++, j++) + { + pw->i[i] = pws_comp[j]; + } + + pw->pw_len = len; +} + +KERNEL_FQ void gpu_decompress (GLOBAL_AS pw_idx_t *pws_idx, GLOBAL_AS u32 *pws_comp, GLOBAL_AS pw_t *pws_buf, const u64 gid_max) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + pw_t pw; + + gpu_decompress_entry (pws_idx, pws_comp, &pw, gid); + + pws_buf[gid] = pw; +} + +KERNEL_FQ void gpu_memset (GLOBAL_AS uint4 *buf, const u32 value, const u64 gid_max) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + uint4 r; + + #if defined IS_NATIVE + r = value; + #elif defined IS_OPENCL + r.s0 = value; + r.s1 = value; + r.s2 = value; + r.s3 = value; + #elif defined IS_CUDA + r.x = value; + r.y = value; + r.z = value; + r.w = value; + #endif + + buf[gid] = r; +} + +KERNEL_FQ void gpu_atinit (GLOBAL_AS pw_t *buf, const u64 gid_max) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + const u32 l32 = l32_from_64_S (gid); + const u32 h32 = h32_from_64_S (gid); + + pw_t pw; + + pw.i[ 0] = 0x5c5c5c5c ^ l32; + pw.i[ 1] = 0x36363636 ^ h32; + pw.i[ 2] = 0; + pw.i[ 3] = 0; + pw.i[ 4] = 0; + pw.i[ 5] = 0; + pw.i[ 6] = 0; + pw.i[ 7] = 0; + pw.i[ 8] = 0; + pw.i[ 9] = 0; + pw.i[10] = 0; + pw.i[11] = 0; + pw.i[12] = 0; + pw.i[13] = 0; + pw.i[14] = 0; + pw.i[15] = 0; + pw.i[16] = 0; + pw.i[17] = 0; + pw.i[18] = 0; + pw.i[19] = 0; + pw.i[20] = 0; + pw.i[21] = 0; + pw.i[22] = 0; + pw.i[23] = 0; + pw.i[24] = 0; + pw.i[25] = 0; + pw.i[26] = 0; + pw.i[27] = 0; + pw.i[28] = 0; + pw.i[29] = 0; + pw.i[30] = 0; + pw.i[31] = 0; + pw.i[32] = 0; + pw.i[33] = 0; + pw.i[34] = 0; + pw.i[35] = 0; + pw.i[36] = 0; + pw.i[37] = 0; + pw.i[38] = 0; + pw.i[39] = 0; + pw.i[40] = 0; + pw.i[41] = 0; + pw.i[42] = 0; + pw.i[43] = 0; + pw.i[44] = 0; + pw.i[45] = 0; + pw.i[46] = 0; + pw.i[47] = 0; + pw.i[48] = 0; + pw.i[49] = 0; + pw.i[50] = 0; + pw.i[51] = 0; + pw.i[52] = 0; + pw.i[53] = 0; + pw.i[54] = 0; + pw.i[55] = 0; + pw.i[56] = 0; + pw.i[57] = 0; + pw.i[58] = 0; + pw.i[59] = 0; + pw.i[60] = 0; + pw.i[61] = 0; + pw.i[62] = 0; + pw.i[63] = 0; // yep that's faster + + //pw.pw_len = 1 + (l32 & 15); + pw.pw_len = 7; // some algorithms are very sensible on this (example: 12500) + + buf[gid] = pw; +} diff --git a/docs/changes.txt b/docs/changes.txt index 7bb460341..6f48ef0ca 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -151,6 +151,7 @@ - Kernel Cache: Reactivate OpenCL runtime specific kernel caches - Kernel Compile: Removed -cl-std= from all kernel build options since we're compatible to all OpenCL versions - OpenCL Kernels: Fix OpenCL compiler warning on double precision constants +- OpenCL Kernels: Moved "gpu_decompress", "gpu_memset" and "gpu_atinit" into shared.cl in order to reduce compile time - OpenCL Options: Removed --opencl-platforms filter in order to force backend device numbers to stay constant - Parsers: switched from strtok() to strtok_r() for thread safety - Requirements: Add new requirement for NVIDIA GPU: CUDA Toolkit (10.1 or later) diff --git a/include/backend.h b/include/backend.h index 74fd179d9..920f015cf 100644 --- a/include/backend.h +++ b/include/backend.h @@ -134,12 +134,14 @@ int run_kernel_decompress (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *de int run_copy (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, const u64 pws_cnt); int run_cracker (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, const u64 pws_cnt); -void generate_source_kernel_filename (const bool slow_candidates, const u32 attack_exec, const u32 attack_kern, const u32 kern_type, const u32 opti_type, char *shared_dir, char *source_file); -void generate_cached_kernel_filename (const bool slow_candidates, const u32 attack_exec, const u32 attack_kern, const u32 kern_type, const u32 opti_type, char *profile_dir, const char *device_name_chksum, char *cached_file); -void generate_source_kernel_mp_filename (const u32 opti_type, const u64 opts_type, char *shared_dir, char *source_file); -void generate_cached_kernel_mp_filename (const u32 opti_type, const u64 opts_type, char *profile_dir, const char *device_name_chksum, char *cached_file); -void generate_source_kernel_amp_filename (const u32 attack_kern, char *shared_dir, char *source_file); -void generate_cached_kernel_amp_filename (const u32 attack_kern, char *profile_dir, const char *device_name_chksum, char *cached_file); +void generate_source_kernel_filename (const bool slow_candidates, const u32 attack_exec, const u32 attack_kern, const u32 kern_type, const u32 opti_type, char *shared_dir, char *source_file); +void generate_cached_kernel_filename (const bool slow_candidates, const u32 attack_exec, const u32 attack_kern, const u32 kern_type, const u32 opti_type, char *profile_dir, const char *device_name_chksum, char *cached_file); +void generate_source_kernel_shared_filename (char *shared_dir, char *source_file); +void generate_cached_kernel_shared_filename (char *profile_dir, const char *device_name_chksum, char *cached_file); +void generate_source_kernel_mp_filename (const u32 opti_type, const u64 opts_type, char *shared_dir, char *source_file); +void generate_cached_kernel_mp_filename (const u32 opti_type, const u64 opts_type, char *profile_dir, const char *device_name_chksum, char *cached_file); +void generate_source_kernel_amp_filename (const u32 attack_kern, char *shared_dir, char *source_file); +void generate_cached_kernel_amp_filename (const u32 attack_kern, char *profile_dir, const char *device_name_chksum, char *cached_file); int backend_ctx_init (hashcat_ctx_t *hashcat_ctx); void backend_ctx_destroy (hashcat_ctx_t *hashcat_ctx); diff --git a/include/types.h b/include/types.h index f2590cb15..3bd742549 100644 --- a/include/types.h +++ b/include/types.h @@ -1322,6 +1322,7 @@ typedef struct hc_device_param CUevent cuda_event2; CUmodule cuda_module; + CUmodule cuda_module_shared; CUmodule cuda_module_mp; CUmodule cuda_module_amp; @@ -1403,6 +1404,7 @@ typedef struct hc_device_param cl_command_queue opencl_command_queue; cl_program opencl_program; + cl_program opencl_program_shared; cl_program opencl_program_mp; cl_program opencl_program_amp; diff --git a/src/backend.c b/src/backend.c index 86fbd2e0e..4803f8688 100644 --- a/src/backend.c +++ b/src/backend.c @@ -631,6 +631,16 @@ void generate_cached_kernel_filename (const bool slow_candidates, const u32 atta } } +void generate_source_kernel_shared_filename (char *shared_dir, char *source_file) +{ + snprintf (source_file, 255, "%s/OpenCL/shared.cl", shared_dir); +} + +void generate_cached_kernel_shared_filename (char *profile_dir, const char *device_name_chksum_amp_mp, char *cached_file) +{ + snprintf (cached_file, 255, "%s/kernels/shared.%s.kernel", profile_dir, device_name_chksum_amp_mp); +} + void generate_source_kernel_mp_filename (const u32 opti_type, const u64 opts_type, char *shared_dir, char *source_file) { if ((opti_type & OPTI_TYPE_BRUTE_FORCE) && (opts_type & OPTS_TYPE_PT_GENERATE_BE)) @@ -7786,6 +7796,44 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) hcfree (build_options_module_buf); + /** + * shared kernel with no hashconfig dependencies + */ + + { + /** + * kernel shared source filename + */ + + char source_file[256] = { 0 }; + + generate_source_kernel_shared_filename (folder_config->shared_dir, source_file); + + if (hc_path_read (source_file) == false) + { + event_log_error (hashcat_ctx, "%s: %s", source_file, strerror (errno)); + + return -1; + } + + /** + * kernel shared cached filename + */ + + char cached_file[256] = { 0 }; + + generate_cached_kernel_shared_filename (folder_config->profile_dir, device_name_chksum_amp_mp, cached_file); + + const bool rc_load_kernel = load_kernel (hashcat_ctx, device_param, "shared_kernel", source_file, cached_file, build_options_buf, cache_disable, &device_param->opencl_program_shared, &device_param->cuda_module_shared); + + if (rc_load_kernel == false) + { + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed.", device_param->device_id + 1, source_file); + + return -1; + } + } + /** * word generator kernel */ @@ -8708,7 +8756,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) // GPU memset - if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_memset, device_param->cuda_module, "gpu_memset") == -1) return -1; + if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_memset, device_param->cuda_module_shared, "gpu_memset") == -1) return -1; if (get_cuda_kernel_wgs (hashcat_ctx, device_param->cuda_function_memset, &device_param->kernel_wgs_memset) == -1) return -1; @@ -8722,7 +8770,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) // GPU autotune init - if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_atinit, device_param->cuda_module, "gpu_atinit") == -1) return -1; + if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_atinit, device_param->cuda_module_shared, "gpu_atinit") == -1) return -1; if (get_cuda_kernel_wgs (hashcat_ctx, device_param->cuda_function_atinit, &device_param->kernel_wgs_atinit) == -1) return -1; @@ -8735,7 +8783,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) // GPU decompress - if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_decompress, device_param->cuda_module, "gpu_decompress") == -1) return -1; + if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_decompress, device_param->cuda_module_shared, "gpu_decompress") == -1) return -1; if (get_cuda_kernel_wgs (hashcat_ctx, device_param->cuda_function_decompress, &device_param->kernel_wgs_decompress) == -1) return -1; @@ -9243,7 +9291,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) // GPU memset - if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program, "gpu_memset", &device_param->opencl_kernel_memset) == -1) return -1; + if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program_shared, "gpu_memset", &device_param->opencl_kernel_memset) == -1) return -1; if (get_opencl_kernel_wgs (hashcat_ctx, device_param, device_param->opencl_kernel_memset, &device_param->kernel_wgs_memset) == -1) return -1; @@ -9257,7 +9305,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) // GPU autotune init - if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program, "gpu_atinit", &device_param->opencl_kernel_atinit) == -1) return -1; + if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program_shared, "gpu_atinit", &device_param->opencl_kernel_atinit) == -1) return -1; if (get_opencl_kernel_wgs (hashcat_ctx, device_param, device_param->opencl_kernel_atinit, &device_param->kernel_wgs_atinit) == -1) return -1; @@ -9270,7 +9318,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) // GPU decompress - if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program, "gpu_decompress", &device_param->opencl_kernel_decompress) == -1) return -1; + if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program_shared, "gpu_decompress", &device_param->opencl_kernel_decompress) == -1) return -1; if (get_opencl_kernel_wgs (hashcat_ctx, device_param, device_param->opencl_kernel_decompress, &device_param->kernel_wgs_decompress) == -1) return -1; From aef53f7e10c1f78a7316565b6c4a8e0686ae04af Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 1 Feb 2020 14:27:42 +0100 Subject: [PATCH 189/300] OpenCL Runtime: Allow the kernel to access post-48k shared memory region on CUDA. Requires both module and kernel preparation --- OpenCL/m03200-pure.cl | 25 ++ docs/changes.txt | 1 + include/types.h | 21 ++ src/backend.c | 598 +++++++++++++++++++++++++------------ src/modules/module_03200.c | 30 +- 5 files changed, 483 insertions(+), 192 deletions(-) diff --git a/OpenCL/m03200-pure.cl b/OpenCL/m03200-pure.cl index d4eaac064..af739345d 100644 --- a/OpenCL/m03200-pure.cl +++ b/OpenCL/m03200-pure.cl @@ -356,6 +356,10 @@ CONSTANT_VK u32a c_pbox[18] = L ^= P[17]; \ } +#ifdef DYNAMIC_LOCAL +extern __shared__ u32 lm[]; +#endif + DECLSPEC void expand_key (u32 *E, u32 *W, const int len) { u8 *E_ptr = (u8 *) E; @@ -456,6 +460,12 @@ KERNEL_FQ void FIXED_THREAD_COUNT(FIXED_LOCAL_SIZE) m03200_init (KERN_ATTR_TMPS P[i] = c_pbox[i]; } + #ifdef DYNAMIC_LOCAL + u32 *S0 = lm + (lid * 1024) + 0; + u32 *S1 = lm + (lid * 1024) + 256; + u32 *S2 = lm + (lid * 1024) + 512; + u32 *S3 = lm + (lid * 1024) + 768; + #else LOCAL_VK u32 S0_all[FIXED_LOCAL_SIZE][256]; LOCAL_VK u32 S1_all[FIXED_LOCAL_SIZE][256]; LOCAL_VK u32 S2_all[FIXED_LOCAL_SIZE][256]; @@ -465,6 +475,7 @@ KERNEL_FQ void FIXED_THREAD_COUNT(FIXED_LOCAL_SIZE) m03200_init (KERN_ATTR_TMPS LOCAL_AS u32 *S1 = S1_all[lid]; LOCAL_AS u32 *S2 = S2_all[lid]; LOCAL_AS u32 *S3 = S3_all[lid]; + #endif for (u32 i = 0; i < 256; i++) { @@ -614,6 +625,12 @@ KERNEL_FQ void FIXED_THREAD_COUNT(FIXED_LOCAL_SIZE) m03200_loop (KERN_ATTR_TMPS P[i] = tmps[gid].P[i]; } + #ifdef DYNAMIC_LOCAL + u32 *S0 = lm + (lid * 1024) + 0; + u32 *S1 = lm + (lid * 1024) + 256; + u32 *S2 = lm + (lid * 1024) + 512; + u32 *S3 = lm + (lid * 1024) + 768; + #else LOCAL_VK u32 S0_all[FIXED_LOCAL_SIZE][256]; LOCAL_VK u32 S1_all[FIXED_LOCAL_SIZE][256]; LOCAL_VK u32 S2_all[FIXED_LOCAL_SIZE][256]; @@ -623,6 +640,7 @@ KERNEL_FQ void FIXED_THREAD_COUNT(FIXED_LOCAL_SIZE) m03200_loop (KERN_ATTR_TMPS LOCAL_AS u32 *S1 = S1_all[lid]; LOCAL_AS u32 *S2 = S2_all[lid]; LOCAL_AS u32 *S3 = S3_all[lid]; + #endif for (u32 i = 0; i < 256; i++) { @@ -799,6 +817,12 @@ KERNEL_FQ void FIXED_THREAD_COUNT(FIXED_LOCAL_SIZE) m03200_comp (KERN_ATTR_TMPS P[i] = tmps[gid].P[i]; } + #ifdef DYNAMIC_LOCAL + u32 *S0 = lm + (lid * 1024) + 0; + u32 *S1 = lm + (lid * 1024) + 256; + u32 *S2 = lm + (lid * 1024) + 512; + u32 *S3 = lm + (lid * 1024) + 768; + #else LOCAL_VK u32 S0_all[FIXED_LOCAL_SIZE][256]; LOCAL_VK u32 S1_all[FIXED_LOCAL_SIZE][256]; LOCAL_VK u32 S2_all[FIXED_LOCAL_SIZE][256]; @@ -808,6 +832,7 @@ KERNEL_FQ void FIXED_THREAD_COUNT(FIXED_LOCAL_SIZE) m03200_comp (KERN_ATTR_TMPS LOCAL_AS u32 *S1 = S1_all[lid]; LOCAL_AS u32 *S2 = S2_all[lid]; LOCAL_AS u32 *S3 = S3_all[lid]; + #endif for (u32 i = 0; i < 256; i++) { diff --git a/docs/changes.txt b/docs/changes.txt index 6f48ef0ca..957117e86 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -115,6 +115,7 @@ - OpenCL Runtime: Workaround JiT compiler error on ROCm 2.3 driver if the 'inline' keyword is used in function declaration - OpenCL Runtime: Workaround memory allocation error on AMD driver on Windows leading to CL_MEM_OBJECT_ALLOCATION_FAILURE - OpenCL Runtime: Workaround ROCm OpenCL driver problem trying to write temporary file into readonly folder by setting TMPDIR +- OpenCL Runtime: Allow the kernel to access post-48k shared memory region on CUDA. Requires both module and kernel preparation - Startup Checks: Improved the pidfile check: Do not just check for existing PID but also check executable filename - Startup Checks: Prevent the user to modify options which are overwritten automatically in benchmark mode - Startup Screen: Add extra warning when using --force diff --git a/include/types.h b/include/types.h index 3bd742549..51d23b57f 100644 --- a/include/types.h +++ b/include/types.h @@ -1132,6 +1132,27 @@ typedef struct hc_device_param u64 kernel_local_mem_size_aux3; u64 kernel_local_mem_size_aux4; + u64 kernel_dynamic_local_mem_size1; + u64 kernel_dynamic_local_mem_size12; + u64 kernel_dynamic_local_mem_size2; + u64 kernel_dynamic_local_mem_size23; + u64 kernel_dynamic_local_mem_size3; + u64 kernel_dynamic_local_mem_size4; + u64 kernel_dynamic_local_mem_size_init2; + u64 kernel_dynamic_local_mem_size_loop2; + u64 kernel_dynamic_local_mem_size_mp; + u64 kernel_dynamic_local_mem_size_mp_l; + u64 kernel_dynamic_local_mem_size_mp_r; + u64 kernel_dynamic_local_mem_size_amp; + u64 kernel_dynamic_local_mem_size_tm; + u64 kernel_dynamic_local_mem_size_memset; + u64 kernel_dynamic_local_mem_size_atinit; + u64 kernel_dynamic_local_mem_size_decompress; + u64 kernel_dynamic_local_mem_size_aux1; + u64 kernel_dynamic_local_mem_size_aux2; + u64 kernel_dynamic_local_mem_size_aux3; + u64 kernel_dynamic_local_mem_size_aux4; + u32 kernel_accel; u32 kernel_accel_prev; u32 kernel_accel_min; diff --git a/src/backend.c b/src/backend.c index 4803f8688..91d8ddd5d 100644 --- a/src/backend.c +++ b/src/backend.c @@ -3275,13 +3275,14 @@ int run_cuda_kernel_atinit (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *devic device_param->kernel_params_atinit[0] = (void *) &buf; device_param->kernel_params_atinit_buf64[1] = num_elements; - const u64 kernel_threads = device_param->kernel_wgs_atinit; + const u64 kernel_threads = device_param->kernel_wgs_atinit; + const u64 dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_atinit; num_elements = CEILDIV (num_elements, kernel_threads); CUfunction function = device_param->cuda_function_atinit; - if (hc_cuLaunchKernel (hashcat_ctx, function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params_atinit, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params_atinit, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; @@ -3299,7 +3300,8 @@ int run_cuda_kernel_memset (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *devic device_param->kernel_params_memset_buf32[1] = value; device_param->kernel_params_memset_buf64[2] = num16d; - const u64 kernel_threads = device_param->kernel_wgs_memset; + const u64 kernel_threads = device_param->kernel_wgs_memset; + const u64 dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_memset; u64 num_elements = num16d; @@ -3314,7 +3316,7 @@ int run_cuda_kernel_memset (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *devic //const size_t global_work_size[3] = { num_elements, 1, 1 }; //const size_t local_work_size[3] = { kernel_threads, 1, 1 }; - if (hc_cuLaunchKernel (hashcat_ctx, function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params_memset, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params_memset, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; } @@ -3428,21 +3430,58 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con const user_options_t *user_options = hashcat_ctx->user_options; u64 kernel_threads = 0; + u64 dynamic_shared_mem = 0; switch (kern_run) { - case KERN_RUN_1: kernel_threads = device_param->kernel_wgs1; break; - case KERN_RUN_12: kernel_threads = device_param->kernel_wgs12; break; - case KERN_RUN_2: kernel_threads = device_param->kernel_wgs2; break; - case KERN_RUN_23: kernel_threads = device_param->kernel_wgs23; break; - case KERN_RUN_3: kernel_threads = device_param->kernel_wgs3; break; - case KERN_RUN_4: kernel_threads = device_param->kernel_wgs4; break; - case KERN_RUN_INIT2: kernel_threads = device_param->kernel_wgs_init2; break; - case KERN_RUN_LOOP2: kernel_threads = device_param->kernel_wgs_loop2; break; - case KERN_RUN_AUX1: kernel_threads = device_param->kernel_wgs_aux1; break; - case KERN_RUN_AUX2: kernel_threads = device_param->kernel_wgs_aux2; break; - case KERN_RUN_AUX3: kernel_threads = device_param->kernel_wgs_aux3; break; - case KERN_RUN_AUX4: kernel_threads = device_param->kernel_wgs_aux4; break; + case KERN_RUN_1: + kernel_threads = device_param->kernel_wgs1; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size1; + break; + case KERN_RUN_12: + kernel_threads = device_param->kernel_wgs12; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size12; + break; + case KERN_RUN_2: + kernel_threads = device_param->kernel_wgs2; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size2; + break; + case KERN_RUN_23: + kernel_threads = device_param->kernel_wgs23; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size23; + break; + case KERN_RUN_3: + kernel_threads = device_param->kernel_wgs3; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size3; + break; + case KERN_RUN_4: + kernel_threads = device_param->kernel_wgs4; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size4; + break; + case KERN_RUN_INIT2: + kernel_threads = device_param->kernel_wgs_init2; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_init2; + break; + case KERN_RUN_LOOP2: + kernel_threads = device_param->kernel_wgs_loop2; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_loop2; + break; + case KERN_RUN_AUX1: + kernel_threads = device_param->kernel_wgs_aux1; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_aux1; + break; + case KERN_RUN_AUX2: + kernel_threads = device_param->kernel_wgs_aux2; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_aux2; + break; + case KERN_RUN_AUX3: + kernel_threads = device_param->kernel_wgs_aux3; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_aux3; + break; + case KERN_RUN_AUX4: + kernel_threads = device_param->kernel_wgs_aux4; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_aux4; + break; } kernel_threads = MIN (kernel_threads, device_param->kernel_threads); @@ -3482,7 +3521,7 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con { if (hc_cuEventRecord (hashcat_ctx, device_param->cuda_event1, device_param->cuda_stream) == -1) return -1; - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 32, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 32, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params, NULL) == -1) return -1; if (hc_cuEventRecord (hashcat_ctx, device_param->cuda_event2, device_param->cuda_stream) == -1) return -1; } @@ -3512,7 +3551,7 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con if (hc_cuEventRecord (hashcat_ctx, device_param->cuda_event1, device_param->cuda_stream) == -1) return -1; - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params, NULL) == -1) return -1; if (hc_cuEventRecord (hashcat_ctx, device_param->cuda_event2, device_param->cuda_stream) == -1) return -1; } @@ -3728,13 +3767,23 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con int run_kernel_mp (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, const u32 kern_run, const u64 num) { - u64 kernel_threads = 0; + u64 kernel_threads = 0; + u64 dynamic_shared_mem = 0; switch (kern_run) { - case KERN_RUN_MP: kernel_threads = device_param->kernel_wgs_mp; break; - case KERN_RUN_MP_R: kernel_threads = device_param->kernel_wgs_mp_r; break; - case KERN_RUN_MP_L: kernel_threads = device_param->kernel_wgs_mp_l; break; + case KERN_RUN_MP: + kernel_threads = device_param->kernel_wgs_mp; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_mp; + break; + case KERN_RUN_MP_R: + kernel_threads = device_param->kernel_wgs_mp_r; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_mp_r; + break; + case KERN_RUN_MP_L: + kernel_threads = device_param->kernel_wgs_mp_l; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_mp_l; + break; } u64 num_elements = num; @@ -3767,7 +3816,7 @@ int run_kernel_mp (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, num_elements = CEILDIV (num_elements, kernel_threads); - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, cuda_args, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, cuda_args, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; } @@ -3826,7 +3875,8 @@ int run_kernel_mp (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, int run_kernel_tm (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param) { - const u64 num_elements = 1024; // fixed + const u64 num_elements = 1024; // fixed + const u64 dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_tm; const u64 kernel_threads = MIN (num_elements, device_param->kernel_wgs_tm); @@ -3834,7 +3884,7 @@ int run_kernel_tm (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param) { CUfunction cuda_function = device_param->cuda_function_tm; - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements / kernel_threads, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params_tm, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements / kernel_threads, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params_tm, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; } @@ -3862,7 +3912,8 @@ int run_kernel_amp (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, u64 num_elements = num; - const u64 kernel_threads = device_param->kernel_wgs_amp; + const u64 kernel_threads = device_param->kernel_wgs_amp; + const u64 dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_amp; if (device_param->is_cuda == true) { @@ -3870,7 +3921,7 @@ int run_kernel_amp (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, CUfunction cuda_function = device_param->cuda_function_amp; - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params_amp, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params_amp, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; } @@ -3902,7 +3953,8 @@ int run_kernel_decompress (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device u64 num_elements = num; - const u64 kernel_threads = device_param->kernel_wgs_decompress; + const u64 kernel_threads = device_param->kernel_wgs_decompress; + const u64 dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_decompress; if (device_param->is_cuda == true) { @@ -3910,7 +3962,7 @@ int run_kernel_decompress (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device CUfunction cuda_function = device_param->cuda_function_decompress; - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params_decompress, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params_decompress, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; } @@ -6739,6 +6791,35 @@ static int get_cuda_kernel_local_mem_size (hashcat_ctx_t *hashcat_ctx, CUfunctio return 0; } +static int get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx_t *hashcat_ctx, CUfunction function, u64 *result) +{ + // AFAIK there's no way to query the maximum value for dynamic shared memory available (because it depends on kernel code). + // let's brute force it, therefore workaround the hashcat wrapper of cuFuncSetAttribute() + + #define MAX_ASSUMED_SHARED (1024 * 1024) + + for (int i = 0; i < MAX_ASSUMED_SHARED; i++) + { + backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; + + CUDA_PTR *cuda = (CUDA_PTR *) backend_ctx->cuda; + + const CUresult CU_err = cuda->cuFuncSetAttribute (function, CU_FUNC_ATTRIBUTE_MAX_DYNAMIC_SHARED_SIZE_BYTES, i); + + if (CU_err == CUDA_SUCCESS) continue; + + break; + } + + int dynamic_shared_size_bytes = 0; + + if (hc_cuFuncGetAttribute (hashcat_ctx, &dynamic_shared_size_bytes, CU_FUNC_ATTRIBUTE_MAX_DYNAMIC_SHARED_SIZE_BYTES, function) == -1) return -1; + + *result = (u64) dynamic_shared_size_bytes; + + return 0; +} + static int get_opencl_kernel_wgs (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, cl_kernel kernel, u32 *result) { size_t work_group_size = 0; @@ -6785,6 +6866,23 @@ static int get_opencl_kernel_local_mem_size (hashcat_ctx_t *hashcat_ctx, hc_devi return 0; } +static int get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, cl_kernel kernel, u64 *result) +{ + cl_ulong dynamic_local_mem_size = 0; + + if (hc_clGetKernelWorkGroupInfo (hashcat_ctx, kernel, device_param->opencl_device, CL_KERNEL_LOCAL_MEM_SIZE, sizeof (dynamic_local_mem_size), &dynamic_local_mem_size, NULL) == -1) return -1; + + // unknown how to query this information in OpenCL + // we therefore reset to zero + // the above call to hc_clGetKernelWorkGroupInfo() is just to avoid compiler warnings + + dynamic_local_mem_size = 0; + + *result = dynamic_local_mem_size; + + return 0; +} + static u32 get_kernel_threads (const hc_device_param_t *device_param) { // this is an upper limit, a good start, since our strategy is to reduce thread counts only. @@ -7650,38 +7748,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) } */ - char *build_options_module_buf = (char *) hcmalloc (build_options_sz); - - int build_options_module_len = 0; - - build_options_module_len += snprintf (build_options_module_buf + build_options_module_len, build_options_sz - build_options_module_len, "%s ", build_options_buf); - - if (module_ctx->module_jit_build_options != MODULE_DEFAULT) - { - char *jit_build_options = module_ctx->module_jit_build_options (hashconfig, user_options, user_options_extra, hashes, device_param); - - if (jit_build_options != NULL) - { - build_options_module_len += snprintf (build_options_module_buf + build_options_module_len, build_options_sz - build_options_module_len, "%s", jit_build_options); - - // this is a bit ugly - // would be better to have the module return the value as value - - u32 fixed_local_size = 0; - - if (sscanf (jit_build_options, "-D FIXED_LOCAL_SIZE=%u", &fixed_local_size) == 1) - { - device_param->kernel_threads_min = fixed_local_size; - device_param->kernel_threads_max = fixed_local_size; - } - } - } - - build_options_module_buf[build_options_module_len] = 0; - #if defined (DEBUG) if (user_options->quiet == false) event_log_warning (hashcat_ctx, "* Device #%u: build_options '%s'", device_id + 1, build_options_buf); - if (user_options->quiet == false) event_log_warning (hashcat_ctx, "* Device #%u: build_options_module '%s'", device_id + 1, build_options_module_buf); #endif /** @@ -7747,55 +7815,6 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) cache_disable = module_ctx->module_jit_cache_disable (hashconfig, user_options, user_options_extra, hashes, device_param); } - /** - * Prepare some logging buffer (CUDA only) but we need to do it on this level of the scope - * Other backends just dont use this - */ - - /** - * main kernel - */ - - { - /** - * kernel source filename - */ - - char source_file[256] = { 0 }; - - generate_source_kernel_filename (user_options->slow_candidates, hashconfig->attack_exec, user_options_extra->attack_kern, kern_type, hashconfig->opti_type, folder_config->shared_dir, source_file); - - if (hc_path_read (source_file) == false) - { - event_log_error (hashcat_ctx, "%s: %s", source_file, strerror (errno)); - - return -1; - } - - /** - * kernel cached filename - */ - - char cached_file[256] = { 0 }; - - generate_cached_kernel_filename (user_options->slow_candidates, hashconfig->attack_exec, user_options_extra->attack_kern, kern_type, hashconfig->opti_type, folder_config->profile_dir, device_name_chksum, cached_file); - - /** - * load kernel - */ - - const bool rc_load_kernel = load_kernel (hashcat_ctx, device_param, "main_kernel", source_file, cached_file, build_options_module_buf, cache_disable, &device_param->opencl_program, &device_param->cuda_module); - - if (rc_load_kernel == false) - { - event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed.", device_param->device_id + 1, source_file); - - return -1; - } - } - - hcfree (build_options_module_buf); - /** * shared kernel with no hashconfig dependencies */ @@ -7832,6 +7851,168 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) return -1; } + + if (device_param->is_cuda == true) + { + // GPU memset + + if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_memset, device_param->cuda_module_shared, "gpu_memset") == -1) return -1; + + if (get_cuda_kernel_wgs (hashcat_ctx, device_param->cuda_function_memset, &device_param->kernel_wgs_memset) == -1) return -1; + + if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_memset, &device_param->kernel_local_mem_size_memset) == -1) return -1; + + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_memset, &device_param->kernel_dynamic_local_mem_size_memset) == -1) return -1; + + device_param->kernel_preferred_wgs_multiple_memset = device_param->cuda_warp_size; + + //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 0, sizeof (cl_mem), device_param->kernel_params_memset[0]); if (CL_rc == -1) return -1; + //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 1, sizeof (cl_uint), device_param->kernel_params_memset[1]); if (CL_rc == -1) return -1; + //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 2, sizeof (cl_ulong), device_param->kernel_params_memset[2]); if (CL_rc == -1) return -1; + + // GPU autotune init + + if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_atinit, device_param->cuda_module_shared, "gpu_atinit") == -1) return -1; + + if (get_cuda_kernel_wgs (hashcat_ctx, device_param->cuda_function_atinit, &device_param->kernel_wgs_atinit) == -1) return -1; + + if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_atinit, &device_param->kernel_local_mem_size_atinit) == -1) return -1; + + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_atinit, &device_param->kernel_dynamic_local_mem_size_atinit) == -1) return -1; + + device_param->kernel_preferred_wgs_multiple_atinit = device_param->cuda_warp_size; + + // CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_atinit, 0, sizeof (cl_mem), device_param->kernel_params_atinit[0]); if (CL_rc == -1) return -1; + // CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_atinit, 1, sizeof (cl_ulong), device_param->kernel_params_atinit[1]); if (CL_rc == -1) return -1; + + // GPU decompress + + if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_decompress, device_param->cuda_module_shared, "gpu_decompress") == -1) return -1; + + if (get_cuda_kernel_wgs (hashcat_ctx, device_param->cuda_function_decompress, &device_param->kernel_wgs_decompress) == -1) return -1; + + if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_decompress, &device_param->kernel_local_mem_size_decompress) == -1) return -1; + + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_decompress, &device_param->kernel_dynamic_local_mem_size_decompress) == -1) return -1; + + device_param->kernel_preferred_wgs_multiple_decompress = device_param->cuda_warp_size; + } + + if (device_param->is_opencl == true) + { + // GPU memset + + if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program_shared, "gpu_memset", &device_param->opencl_kernel_memset) == -1) return -1; + + if (get_opencl_kernel_wgs (hashcat_ctx, device_param, device_param->opencl_kernel_memset, &device_param->kernel_wgs_memset) == -1) return -1; + + if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_memset, &device_param->kernel_local_mem_size_memset) == -1) return -1; + + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_memset, &device_param->kernel_dynamic_local_mem_size_memset) == -1) return -1; + + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_memset, &device_param->kernel_preferred_wgs_multiple_memset) == -1) return -1; + + // GPU autotune init + + if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program_shared, "gpu_atinit", &device_param->opencl_kernel_atinit) == -1) return -1; + + if (get_opencl_kernel_wgs (hashcat_ctx, device_param, device_param->opencl_kernel_atinit, &device_param->kernel_wgs_atinit) == -1) return -1; + + if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_atinit, &device_param->kernel_local_mem_size_atinit) == -1) return -1; + + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_atinit, &device_param->kernel_dynamic_local_mem_size_atinit) == -1) return -1; + + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_atinit, &device_param->kernel_preferred_wgs_multiple_atinit) == -1) return -1; + + // GPU decompress + + if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program_shared, "gpu_decompress", &device_param->opencl_kernel_decompress) == -1) return -1; + + if (get_opencl_kernel_wgs (hashcat_ctx, device_param, device_param->opencl_kernel_decompress, &device_param->kernel_wgs_decompress) == -1) return -1; + + if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_decompress, &device_param->kernel_local_mem_size_decompress) == -1) return -1; + + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_decompress, &device_param->kernel_dynamic_local_mem_size_decompress) == -1) return -1; + + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_decompress, &device_param->kernel_preferred_wgs_multiple_decompress) == -1) return -1; + } + } + + /** + * main kernel + */ + + { + char *build_options_module_buf = (char *) hcmalloc (build_options_sz); + + int build_options_module_len = 0; + + build_options_module_len += snprintf (build_options_module_buf + build_options_module_len, build_options_sz - build_options_module_len, "%s ", build_options_buf); + + if (module_ctx->module_jit_build_options != MODULE_DEFAULT) + { + char *jit_build_options = module_ctx->module_jit_build_options (hashconfig, user_options, user_options_extra, hashes, device_param); + + if (jit_build_options != NULL) + { + build_options_module_len += snprintf (build_options_module_buf + build_options_module_len, build_options_sz - build_options_module_len, "%s", jit_build_options); + + // this is a bit ugly + // would be better to have the module return the value as value + + u32 fixed_local_size = 0; + + if (sscanf (jit_build_options, "-D FIXED_LOCAL_SIZE=%u", &fixed_local_size) == 1) + { + device_param->kernel_threads_min = fixed_local_size; + device_param->kernel_threads_max = fixed_local_size; + } + } + } + + build_options_module_buf[build_options_module_len] = 0; + + #if defined (DEBUG) + if (user_options->quiet == false) event_log_warning (hashcat_ctx, "* Device #%u: build_options_module '%s'", device_id + 1, build_options_module_buf); + #endif + + /** + * kernel source filename + */ + + char source_file[256] = { 0 }; + + generate_source_kernel_filename (user_options->slow_candidates, hashconfig->attack_exec, user_options_extra->attack_kern, kern_type, hashconfig->opti_type, folder_config->shared_dir, source_file); + + if (hc_path_read (source_file) == false) + { + event_log_error (hashcat_ctx, "%s: %s", source_file, strerror (errno)); + + return -1; + } + + /** + * kernel cached filename + */ + + char cached_file[256] = { 0 }; + + generate_cached_kernel_filename (user_options->slow_candidates, hashconfig->attack_exec, user_options_extra->attack_kern, kern_type, hashconfig->opti_type, folder_config->profile_dir, device_name_chksum, cached_file); + + /** + * load kernel + */ + + const bool rc_load_kernel = load_kernel (hashcat_ctx, device_param, "main_kernel", source_file, cached_file, build_options_module_buf, cache_disable, &device_param->opencl_program, &device_param->cuda_module); + + if (rc_load_kernel == false) + { + event_log_error (hashcat_ctx, "* Device #%u: Kernel %s build failed.", device_param->device_id + 1, source_file); + + return -1; + } + + hcfree (build_options_module_buf); } /** @@ -8480,6 +8661,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function1, &device_param->kernel_local_mem_size1) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function1, &device_param->kernel_dynamic_local_mem_size1) == -1) return -1; + device_param->kernel_preferred_wgs_multiple1 = device_param->cuda_warp_size; // kernel2 @@ -8492,6 +8675,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function2, &device_param->kernel_local_mem_size2) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function2, &device_param->kernel_dynamic_local_mem_size2) == -1) return -1; + device_param->kernel_preferred_wgs_multiple2 = device_param->cuda_warp_size; // kernel3 @@ -8504,6 +8689,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function3, &device_param->kernel_local_mem_size3) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function3, &device_param->kernel_dynamic_local_mem_size3) == -1) return -1; + device_param->kernel_preferred_wgs_multiple3 = device_param->cuda_warp_size; } else @@ -8516,6 +8703,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function4, &device_param->kernel_local_mem_size4) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function4, &device_param->kernel_dynamic_local_mem_size4) == -1) return -1; + device_param->kernel_preferred_wgs_multiple4 = device_param->cuda_warp_size; } } @@ -8533,6 +8722,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function1, &device_param->kernel_local_mem_size1) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function1, &device_param->kernel_dynamic_local_mem_size1) == -1) return -1; + device_param->kernel_preferred_wgs_multiple1 = device_param->cuda_warp_size; // kernel2 @@ -8545,6 +8736,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function2, &device_param->kernel_local_mem_size2) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function2, &device_param->kernel_dynamic_local_mem_size2) == -1) return -1; + device_param->kernel_preferred_wgs_multiple2 = device_param->cuda_warp_size; // kernel3 @@ -8557,6 +8750,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function3, &device_param->kernel_local_mem_size3) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function3, &device_param->kernel_dynamic_local_mem_size3) == -1) return -1; + device_param->kernel_preferred_wgs_multiple3 = device_param->cuda_warp_size; } else @@ -8569,6 +8764,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function4, &device_param->kernel_local_mem_size4) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function4, &device_param->kernel_dynamic_local_mem_size4) == -1) return -1; + device_param->kernel_preferred_wgs_multiple4 = device_param->cuda_warp_size; } } @@ -8590,6 +8787,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_tm, &device_param->kernel_local_mem_size_tm) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_tm, &device_param->kernel_dynamic_local_mem_size_tm) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_tm = device_param->cuda_warp_size; } } @@ -8607,6 +8806,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function1, &device_param->kernel_local_mem_size1) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function1, &device_param->kernel_dynamic_local_mem_size1) == -1) return -1; + device_param->kernel_preferred_wgs_multiple1 = device_param->cuda_warp_size; // kernel2 @@ -8619,6 +8820,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function2, &device_param->kernel_local_mem_size2) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function2, &device_param->kernel_dynamic_local_mem_size2) == -1) return -1; + device_param->kernel_preferred_wgs_multiple2 = device_param->cuda_warp_size; // kernel3 @@ -8631,6 +8834,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function3, &device_param->kernel_local_mem_size3) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function3, &device_param->kernel_dynamic_local_mem_size3) == -1) return -1; + device_param->kernel_preferred_wgs_multiple3 = device_param->cuda_warp_size; // kernel12 @@ -8645,6 +8850,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function12, &device_param->kernel_local_mem_size12) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function12, &device_param->kernel_dynamic_local_mem_size12) == -1) return -1; + device_param->kernel_preferred_wgs_multiple12 = device_param->cuda_warp_size; } @@ -8660,6 +8867,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function23, &device_param->kernel_local_mem_size23) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function23, &device_param->kernel_dynamic_local_mem_size23) == -1) return -1; + device_param->kernel_preferred_wgs_multiple23 = device_param->cuda_warp_size; } @@ -8675,6 +8884,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_init2, &device_param->kernel_local_mem_size_init2) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_init2, &device_param->kernel_dynamic_local_mem_size_init2) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_init2 = device_param->cuda_warp_size; } @@ -8690,6 +8901,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_loop2, &device_param->kernel_local_mem_size_loop2) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_loop2, &device_param->kernel_dynamic_local_mem_size_loop2) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_loop2 = device_param->cuda_warp_size; } @@ -8705,6 +8918,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_aux1, &device_param->kernel_local_mem_size_aux1) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_aux1, &device_param->kernel_dynamic_local_mem_size_aux1) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_aux1 = device_param->cuda_warp_size; } @@ -8720,6 +8935,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_aux2, &device_param->kernel_local_mem_size_aux2) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_aux2, &device_param->kernel_dynamic_local_mem_size_aux2) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_aux2 = device_param->cuda_warp_size; } @@ -8735,6 +8952,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_aux3, &device_param->kernel_local_mem_size_aux3) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_aux3, &device_param->kernel_dynamic_local_mem_size_aux3) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_aux3 = device_param->cuda_warp_size; } @@ -8750,47 +8969,12 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_aux4, &device_param->kernel_local_mem_size_aux4) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_aux4, &device_param->kernel_dynamic_local_mem_size_aux4) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_aux4 = device_param->cuda_warp_size; } } - // GPU memset - - if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_memset, device_param->cuda_module_shared, "gpu_memset") == -1) return -1; - - if (get_cuda_kernel_wgs (hashcat_ctx, device_param->cuda_function_memset, &device_param->kernel_wgs_memset) == -1) return -1; - - if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_memset, &device_param->kernel_local_mem_size_memset) == -1) return -1; - - device_param->kernel_preferred_wgs_multiple_memset = device_param->cuda_warp_size; - - //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 0, sizeof (cl_mem), device_param->kernel_params_memset[0]); if (CL_rc == -1) return -1; - //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 1, sizeof (cl_uint), device_param->kernel_params_memset[1]); if (CL_rc == -1) return -1; - //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 2, sizeof (cl_ulong), device_param->kernel_params_memset[2]); if (CL_rc == -1) return -1; - - // GPU autotune init - - if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_atinit, device_param->cuda_module_shared, "gpu_atinit") == -1) return -1; - - if (get_cuda_kernel_wgs (hashcat_ctx, device_param->cuda_function_atinit, &device_param->kernel_wgs_atinit) == -1) return -1; - - if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_atinit, &device_param->kernel_local_mem_size_atinit) == -1) return -1; - - device_param->kernel_preferred_wgs_multiple_atinit = device_param->cuda_warp_size; - - // CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_atinit, 0, sizeof (cl_mem), device_param->kernel_params_atinit[0]); if (CL_rc == -1) return -1; - // CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_atinit, 1, sizeof (cl_ulong), device_param->kernel_params_atinit[1]); if (CL_rc == -1) return -1; - - // GPU decompress - - if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function_decompress, device_param->cuda_module_shared, "gpu_decompress") == -1) return -1; - - if (get_cuda_kernel_wgs (hashcat_ctx, device_param->cuda_function_decompress, &device_param->kernel_wgs_decompress) == -1) return -1; - - if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_decompress, &device_param->kernel_local_mem_size_decompress) == -1) return -1; - - device_param->kernel_preferred_wgs_multiple_decompress = device_param->cuda_warp_size; - //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 0, sizeof (cl_mem), device_param->kernel_params_decompress[0]); if (CL_rc == -1) return -1; //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 1, sizeof (cl_mem), device_param->kernel_params_decompress[1]); if (CL_rc == -1) return -1; //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 2, sizeof (cl_mem), device_param->kernel_params_decompress[2]); if (CL_rc == -1) return -1; @@ -8813,6 +8997,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_mp_l, &device_param->kernel_local_mem_size_mp_l) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_mp_l, &device_param->kernel_dynamic_local_mem_size_mp_l) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_mp_l = device_param->cuda_warp_size; // mp_r @@ -8823,6 +9009,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_mp_r, &device_param->kernel_local_mem_size_mp_r) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_mp_r, &device_param->kernel_dynamic_local_mem_size_mp_r) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_mp_r = device_param->cuda_warp_size; if (hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) @@ -8839,6 +9027,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_mp, &device_param->kernel_local_mem_size_mp) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_mp, &device_param->kernel_dynamic_local_mem_size_mp) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_mp = device_param->cuda_warp_size; } else if (user_options->attack_mode == ATTACK_MODE_HYBRID2) @@ -8849,6 +9039,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_mp, &device_param->kernel_local_mem_size_mp) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_mp, &device_param->kernel_dynamic_local_mem_size_mp) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_mp = device_param->cuda_warp_size; } } @@ -8870,10 +9062,12 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function_amp, &device_param->kernel_local_mem_size_amp) == -1) return -1; + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function_amp, &device_param->kernel_dynamic_local_mem_size_amp) == -1) return -1; + device_param->kernel_preferred_wgs_multiple_amp = device_param->cuda_warp_size; } -/* + /* if (hashconfig->attack_exec == ATTACK_EXEC_INSIDE_KERNEL) { // nothing to do @@ -8901,7 +9095,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) //if (CL_rc == -1) return -1; } } -*/ + */ } // zero some data buffers @@ -8997,6 +9191,24 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (device_param->is_opencl == true) { + // GPU memset + + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 0, sizeof (cl_mem), device_param->kernel_params_memset[0]) == -1) return -1; + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 1, sizeof (cl_uint), device_param->kernel_params_memset[1]) == -1) return -1; + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 2, sizeof (cl_ulong), device_param->kernel_params_memset[2]) == -1) return -1; + + // GPU autotune init + + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_atinit, 0, sizeof (cl_mem), device_param->kernel_params_atinit[0]) == -1) return -1; + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_atinit, 1, sizeof (cl_ulong), device_param->kernel_params_atinit[1]) == -1) return -1; + + // GPU decompress + + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 0, sizeof (cl_mem), device_param->kernel_params_decompress[0]) == -1) return -1; + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 1, sizeof (cl_mem), device_param->kernel_params_decompress[1]) == -1) return -1; + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 2, sizeof (cl_mem), device_param->kernel_params_decompress[2]) == -1) return -1; + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 3, sizeof (cl_ulong), device_param->kernel_params_decompress[3]) == -1) return -1; + char kernel_name[64] = { 0 }; if (hashconfig->attack_exec == ATTACK_EXEC_INSIDE_KERNEL) @@ -9015,6 +9227,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel1, &device_param->kernel_local_mem_size1) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel1, &device_param->kernel_dynamic_local_mem_size1) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel1, &device_param->kernel_preferred_wgs_multiple1) == -1) return -1; // kernel2 @@ -9027,6 +9241,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel2, &device_param->kernel_local_mem_size2) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel2, &device_param->kernel_dynamic_local_mem_size2) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel2, &device_param->kernel_preferred_wgs_multiple2) == -1) return -1; // kernel3 @@ -9039,6 +9255,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel3, &device_param->kernel_local_mem_size3) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel3, &device_param->kernel_dynamic_local_mem_size3) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel3, &device_param->kernel_preferred_wgs_multiple3) == -1) return -1; } else @@ -9051,6 +9269,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel4, &device_param->kernel_local_mem_size4) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel4, &device_param->kernel_dynamic_local_mem_size4) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel4, &device_param->kernel_preferred_wgs_multiple4) == -1) return -1; } } @@ -9068,6 +9288,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel1, &device_param->kernel_local_mem_size1) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel1, &device_param->kernel_dynamic_local_mem_size1) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel1, &device_param->kernel_preferred_wgs_multiple1) == -1) return -1; // kernel2 @@ -9080,6 +9302,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel2, &device_param->kernel_local_mem_size2) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel2, &device_param->kernel_dynamic_local_mem_size2) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel2, &device_param->kernel_preferred_wgs_multiple2) == -1) return -1; // kernel3 @@ -9092,6 +9316,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel3, &device_param->kernel_local_mem_size3) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel3, &device_param->kernel_dynamic_local_mem_size3) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel3, &device_param->kernel_preferred_wgs_multiple3) == -1) return -1; } else @@ -9104,6 +9330,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel4, &device_param->kernel_local_mem_size4) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel4, &device_param->kernel_dynamic_local_mem_size4) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel4, &device_param->kernel_preferred_wgs_multiple4) == -1) return -1; } } @@ -9125,6 +9353,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_tm, &device_param->kernel_local_mem_size_tm) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_tm, &device_param->kernel_dynamic_local_mem_size_tm) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_tm, &device_param->kernel_preferred_wgs_multiple_tm) == -1) return -1; } } @@ -9142,6 +9372,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel1, &device_param->kernel_local_mem_size1) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel1, &device_param->kernel_dynamic_local_mem_size1) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel1, &device_param->kernel_preferred_wgs_multiple1) == -1) return -1; // kernel2 @@ -9154,6 +9386,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel2, &device_param->kernel_local_mem_size2) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel2, &device_param->kernel_dynamic_local_mem_size2) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel2, &device_param->kernel_preferred_wgs_multiple2) == -1) return -1; // kernel3 @@ -9166,6 +9400,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel3, &device_param->kernel_local_mem_size3) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel3, &device_param->kernel_dynamic_local_mem_size3) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel3, &device_param->kernel_preferred_wgs_multiple3) == -1) return -1; // kernel12 @@ -9180,6 +9416,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel12, &device_param->kernel_local_mem_size12) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel12, &device_param->kernel_dynamic_local_mem_size12) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel12, &device_param->kernel_preferred_wgs_multiple12) == -1) return -1; } @@ -9195,6 +9433,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel23, &device_param->kernel_local_mem_size23) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel23, &device_param->kernel_dynamic_local_mem_size23) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel23, &device_param->kernel_preferred_wgs_multiple23) == -1) return -1; } @@ -9210,6 +9450,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_init2, &device_param->kernel_local_mem_size_init2) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_init2, &device_param->kernel_dynamic_local_mem_size_init2) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_init2, &device_param->kernel_preferred_wgs_multiple_init2) == -1) return -1; } @@ -9225,6 +9467,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_loop2, &device_param->kernel_local_mem_size_loop2) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_loop2, &device_param->kernel_dynamic_local_mem_size_loop2) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_loop2, &device_param->kernel_preferred_wgs_multiple_loop2) == -1) return -1; } @@ -9240,6 +9484,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_aux1, &device_param->kernel_local_mem_size_aux1) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_aux1, &device_param->kernel_dynamic_local_mem_size_aux1) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_aux1, &device_param->kernel_preferred_wgs_multiple_aux1) == -1) return -1; } @@ -9255,6 +9501,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_aux2, &device_param->kernel_local_mem_size_aux2) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_aux2, &device_param->kernel_dynamic_local_mem_size_aux2) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_aux2, &device_param->kernel_preferred_wgs_multiple_aux2) == -1) return -1; } @@ -9270,6 +9518,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_aux3, &device_param->kernel_local_mem_size_aux3) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_aux3, &device_param->kernel_dynamic_local_mem_size_aux3) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_aux3, &device_param->kernel_preferred_wgs_multiple_aux3) == -1) return -1; } @@ -9285,52 +9535,12 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_aux4, &device_param->kernel_local_mem_size_aux4) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_aux4, &device_param->kernel_dynamic_local_mem_size_aux4) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_aux4, &device_param->kernel_preferred_wgs_multiple_aux4) == -1) return -1; } } - // GPU memset - - if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program_shared, "gpu_memset", &device_param->opencl_kernel_memset) == -1) return -1; - - if (get_opencl_kernel_wgs (hashcat_ctx, device_param, device_param->opencl_kernel_memset, &device_param->kernel_wgs_memset) == -1) return -1; - - if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_memset, &device_param->kernel_local_mem_size_memset) == -1) return -1; - - if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_memset, &device_param->kernel_preferred_wgs_multiple_memset) == -1) return -1; - - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 0, sizeof (cl_mem), device_param->kernel_params_memset[0]) == -1) return -1; - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 1, sizeof (cl_uint), device_param->kernel_params_memset[1]) == -1) return -1; - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_memset, 2, sizeof (cl_ulong), device_param->kernel_params_memset[2]) == -1) return -1; - - // GPU autotune init - - if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program_shared, "gpu_atinit", &device_param->opencl_kernel_atinit) == -1) return -1; - - if (get_opencl_kernel_wgs (hashcat_ctx, device_param, device_param->opencl_kernel_atinit, &device_param->kernel_wgs_atinit) == -1) return -1; - - if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_atinit, &device_param->kernel_local_mem_size_atinit) == -1) return -1; - - if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_atinit, &device_param->kernel_preferred_wgs_multiple_atinit) == -1) return -1; - - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_atinit, 0, sizeof (cl_mem), device_param->kernel_params_atinit[0]) == -1) return -1; - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_atinit, 1, sizeof (cl_ulong), device_param->kernel_params_atinit[1]) == -1) return -1; - - // GPU decompress - - if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program_shared, "gpu_decompress", &device_param->opencl_kernel_decompress) == -1) return -1; - - if (get_opencl_kernel_wgs (hashcat_ctx, device_param, device_param->opencl_kernel_decompress, &device_param->kernel_wgs_decompress) == -1) return -1; - - if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_decompress, &device_param->kernel_local_mem_size_decompress) == -1) return -1; - - if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_decompress, &device_param->kernel_preferred_wgs_multiple_decompress) == -1) return -1; - - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 0, sizeof (cl_mem), device_param->kernel_params_decompress[0]) == -1) return -1; - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 1, sizeof (cl_mem), device_param->kernel_params_decompress[1]) == -1) return -1; - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 2, sizeof (cl_mem), device_param->kernel_params_decompress[2]) == -1) return -1; - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_decompress, 3, sizeof (cl_ulong), device_param->kernel_params_decompress[3]) == -1) return -1; - // MP start if (user_options->slow_candidates == true) @@ -9348,6 +9558,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_mp_l, &device_param->kernel_local_mem_size_mp_l) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_mp_l, &device_param->kernel_dynamic_local_mem_size_mp_l) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_mp_l, &device_param->kernel_preferred_wgs_multiple_mp_l) == -1) return -1; // mp_r @@ -9358,6 +9570,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_mp_r, &device_param->kernel_local_mem_size_mp_r) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_mp_r, &device_param->kernel_dynamic_local_mem_size_mp_r) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_mp_r, &device_param->kernel_preferred_wgs_multiple_mp_r) == -1) return -1; if (hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) @@ -9374,6 +9588,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_mp, &device_param->kernel_local_mem_size_mp) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_mp, &device_param->kernel_dynamic_local_mem_size_mp) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_mp, &device_param->kernel_preferred_wgs_multiple_mp) == -1) return -1; } else if (user_options->attack_mode == ATTACK_MODE_HYBRID2) @@ -9384,6 +9600,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_mp, &device_param->kernel_local_mem_size_mp) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_mp, &device_param->kernel_dynamic_local_mem_size_mp) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_mp, &device_param->kernel_preferred_wgs_multiple_mp) == -1) return -1; } } @@ -9405,6 +9623,8 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_amp, &device_param->kernel_local_mem_size_amp) == -1) return -1; + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel_amp, &device_param->kernel_dynamic_local_mem_size_amp) == -1) return -1; + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_amp, &device_param->kernel_preferred_wgs_multiple_amp) == -1) return -1; } diff --git a/src/modules/module_03200.c b/src/modules/module_03200.c index 81c5203de..31c099730 100644 --- a/src/modules/module_03200.c +++ b/src/modules/module_03200.c @@ -91,6 +91,8 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY if (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU) { fixed_local_size = 1; + + hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u", fixed_local_size); } else { @@ -120,15 +122,37 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY { fixed_local_size = (device_param->device_local_mem_size - overhead) / 4096; } + + if (device_param->is_cuda == true) + { + hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u -D DYNAMIC_LOCAL", fixed_local_size); + } + else + { + hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u", fixed_local_size); + } } else { - fixed_local_size = (device_param->device_local_mem_size - overhead) / 4096; + if (device_param->is_cuda == true) + { + // using kernel_dynamic_local_mem_size_memset is a bit hackish. + // we had to brute-force this value out of an already loaded CUDA function. + // there's no official way to query for this value. + + fixed_local_size = device_param->kernel_dynamic_local_mem_size_memset / 4096; + + hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u -D DYNAMIC_LOCAL", fixed_local_size); + } + else + { + fixed_local_size = (device_param->device_local_mem_size - overhead) / 4096; + + hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u", fixed_local_size); + } } } - hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u", fixed_local_size); - return jit_build_options; } From 96a2c36f53a382d3fc8c43be83d3903327e4fca2 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 1 Feb 2020 19:32:03 +0100 Subject: [PATCH 190/300] Reduce CUDA Toolkit minimum version to 9.0 (even 8.0 should be sufficient) --- docs/changes.txt | 2 +- docs/readme.txt | 2 +- src/backend.c | 28 ++++++++++++++++++---------- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 957117e86..a4062b5f2 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -155,7 +155,7 @@ - OpenCL Kernels: Moved "gpu_decompress", "gpu_memset" and "gpu_atinit" into shared.cl in order to reduce compile time - OpenCL Options: Removed --opencl-platforms filter in order to force backend device numbers to stay constant - Parsers: switched from strtok() to strtok_r() for thread safety -- Requirements: Add new requirement for NVIDIA GPU: CUDA Toolkit (10.1 or later) +- Requirements: Add new requirement for NVIDIA GPU: CUDA Toolkit (9.0 or later) - Requirements: Update runtime check for minimum NVIDIA driver version from 367.x to 418.56 or later - Test Script: Switched from /bin/bash to generic /bin/sh and updated code accordingly diff --git a/docs/readme.txt b/docs/readme.txt index 49a32db75..a524e8421 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -15,7 +15,7 @@ AMD GPUs on Windows require "AMD Radeon Software Crimson Edition" (15.12 or late Intel CPUs require "OpenCL Runtime for Intel Core and Intel Xeon Processors" (16.1.1 or later) Intel GPUs on Linux require "OpenCL 2.0 GPU Driver Package for Linux" (2.0 or later) Intel GPUs on Windows require "OpenCL Driver for Intel Iris and Intel HD Graphics" -NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 or later) +NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (9.0 or later) ## ## Features diff --git a/src/backend.c b/src/backend.c index 91d8ddd5d..f7d73058a 100644 --- a/src/backend.c +++ b/src/backend.c @@ -697,10 +697,10 @@ int nvrtc_init (hashcat_ctx_t *hashcat_ctx) char dllname[100]; - for (int major = 20; major >= 10; major--) // older than 3.x do not ship _v2 functions anyway - // older than 7.x does not support sm 5.x - // older than 8.x does not have documentation archive online, no way to check if nvrtc support whatever we need - // older than 10.x is just a theoretical limit since we define 10.1 as the minimum required version + for (int major = 20; major >= 9; major--) // older than 3.x do not ship _v2 functions anyway + // older than 7.x does not support sm 5.x + // older than 8.x does not have documentation archive online, no way to check if nvrtc support whatever we need + // older than 9.x is just a theoretical limit since we define 9.0 as the minimum required version { for (int minor = 20; minor >= 0; minor--) { @@ -4920,6 +4920,16 @@ int backend_ctx_init (hashcat_ctx_t *hashcat_ctx) backend_ctx->nvrtc_driver_version = nvrtc_driver_version; + if (nvrtc_driver_version < 9000) + { + event_log_error (hashcat_ctx, "Outdated NVIDIA NVRTC driver version '%d' detected!", nvrtc_driver_version); + + event_log_warning (hashcat_ctx, "See hashcat.net for officially supported NVIDIA CUDA Toolkit versions."); + event_log_warning (hashcat_ctx, NULL); + + return -1; + } + // cuda version int cuda_driver_version = 0; @@ -4928,11 +4938,9 @@ int backend_ctx_init (hashcat_ctx_t *hashcat_ctx) backend_ctx->cuda_driver_version = cuda_driver_version; - // some pre-check - - if ((nvrtc_driver_version < 10000) || (cuda_driver_version < 10000)) + if (cuda_driver_version < 9000) { - event_log_error (hashcat_ctx, "Outdated NVIDIA CUDA Toolkit version '%d' detected!", cuda_driver_version); + event_log_error (hashcat_ctx, "Outdated NVIDIA CUDA driver version '%d' detected!", cuda_driver_version); event_log_warning (hashcat_ctx, "See hashcat.net for officially supported NVIDIA CUDA Toolkit versions."); event_log_warning (hashcat_ctx, NULL); @@ -5001,7 +5009,7 @@ int backend_ctx_init (hashcat_ctx_t *hashcat_ctx) event_log_warning (hashcat_ctx, "* NVIDIA GPUs require this runtime and/or driver (both):"); event_log_warning (hashcat_ctx, " \"NVIDIA Driver\" (418.56 or later)"); - event_log_warning (hashcat_ctx, " \"CUDA Toolkit\" (10.1 or later)"); + event_log_warning (hashcat_ctx, " \"CUDA Toolkit\" (9.0 or later)"); event_log_warning (hashcat_ctx, NULL); return -1; @@ -5283,7 +5291,7 @@ int backend_ctx_init (hashcat_ctx_t *hashcat_ctx) event_log_warning (hashcat_ctx, "* NVIDIA GPUs require this runtime and/or driver (both):"); event_log_warning (hashcat_ctx, " \"NVIDIA Driver\" (418.56 or later)"); - event_log_warning (hashcat_ctx, " \"CUDA Toolkit\" (10.1 or later)"); + event_log_warning (hashcat_ctx, " \"CUDA Toolkit\" (9.0 or later)"); event_log_warning (hashcat_ctx, NULL); return -1; From fb7bb045875470a4988b8fe985c87e6e4e6d004a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 2 Feb 2020 11:15:37 +0100 Subject: [PATCH 191/300] Do not use dynamic shared memory if dynamic_local_mem_size is a multiple of local_mem_size --- OpenCL/m03200-pure.cl | 24 ++++++------ src/backend.c | 76 ++++++++++++++++++++------------------ src/modules/module_03200.c | 55 ++++++++++++++++++--------- 3 files changed, 90 insertions(+), 65 deletions(-) diff --git a/OpenCL/m03200-pure.cl b/OpenCL/m03200-pure.cl index af739345d..282e2d20b 100644 --- a/OpenCL/m03200-pure.cl +++ b/OpenCL/m03200-pure.cl @@ -461,10 +461,10 @@ KERNEL_FQ void FIXED_THREAD_COUNT(FIXED_LOCAL_SIZE) m03200_init (KERN_ATTR_TMPS } #ifdef DYNAMIC_LOCAL - u32 *S0 = lm + (lid * 1024) + 0; - u32 *S1 = lm + (lid * 1024) + 256; - u32 *S2 = lm + (lid * 1024) + 512; - u32 *S3 = lm + (lid * 1024) + 768; + LOCAL_AS u32 *S0 = lm + (lid * 1024) + 0; + LOCAL_AS u32 *S1 = lm + (lid * 1024) + 256; + LOCAL_AS u32 *S2 = lm + (lid * 1024) + 512; + LOCAL_AS u32 *S3 = lm + (lid * 1024) + 768; #else LOCAL_VK u32 S0_all[FIXED_LOCAL_SIZE][256]; LOCAL_VK u32 S1_all[FIXED_LOCAL_SIZE][256]; @@ -626,10 +626,10 @@ KERNEL_FQ void FIXED_THREAD_COUNT(FIXED_LOCAL_SIZE) m03200_loop (KERN_ATTR_TMPS } #ifdef DYNAMIC_LOCAL - u32 *S0 = lm + (lid * 1024) + 0; - u32 *S1 = lm + (lid * 1024) + 256; - u32 *S2 = lm + (lid * 1024) + 512; - u32 *S3 = lm + (lid * 1024) + 768; + LOCAL_AS u32 *S0 = lm + (lid * 1024) + 0; + LOCAL_AS u32 *S1 = lm + (lid * 1024) + 256; + LOCAL_AS u32 *S2 = lm + (lid * 1024) + 512; + LOCAL_AS u32 *S3 = lm + (lid * 1024) + 768; #else LOCAL_VK u32 S0_all[FIXED_LOCAL_SIZE][256]; LOCAL_VK u32 S1_all[FIXED_LOCAL_SIZE][256]; @@ -818,10 +818,10 @@ KERNEL_FQ void FIXED_THREAD_COUNT(FIXED_LOCAL_SIZE) m03200_comp (KERN_ATTR_TMPS } #ifdef DYNAMIC_LOCAL - u32 *S0 = lm + (lid * 1024) + 0; - u32 *S1 = lm + (lid * 1024) + 256; - u32 *S2 = lm + (lid * 1024) + 512; - u32 *S3 = lm + (lid * 1024) + 768; + LOCAL_AS u32 *S0 = lm + (lid * 1024) + 0; + LOCAL_AS u32 *S1 = lm + (lid * 1024) + 256; + LOCAL_AS u32 *S2 = lm + (lid * 1024) + 512; + LOCAL_AS u32 *S3 = lm + (lid * 1024) + 768; #else LOCAL_VK u32 S0_all[FIXED_LOCAL_SIZE][256]; LOCAL_VK u32 S1_all[FIXED_LOCAL_SIZE][256]; diff --git a/src/backend.c b/src/backend.c index f7d73058a..25f18f0d3 100644 --- a/src/backend.c +++ b/src/backend.c @@ -3275,14 +3275,13 @@ int run_cuda_kernel_atinit (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *devic device_param->kernel_params_atinit[0] = (void *) &buf; device_param->kernel_params_atinit_buf64[1] = num_elements; - const u64 kernel_threads = device_param->kernel_wgs_atinit; - const u64 dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_atinit; + const u64 kernel_threads = device_param->kernel_wgs_atinit; num_elements = CEILDIV (num_elements, kernel_threads); CUfunction function = device_param->cuda_function_atinit; - if (hc_cuLaunchKernel (hashcat_ctx, function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params_atinit, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params_atinit, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; @@ -3300,8 +3299,7 @@ int run_cuda_kernel_memset (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *devic device_param->kernel_params_memset_buf32[1] = value; device_param->kernel_params_memset_buf64[2] = num16d; - const u64 kernel_threads = device_param->kernel_wgs_memset; - const u64 dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_memset; + const u64 kernel_threads = device_param->kernel_wgs_memset; u64 num_elements = num16d; @@ -3316,7 +3314,7 @@ int run_cuda_kernel_memset (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *devic //const size_t global_work_size[3] = { num_elements, 1, 1 }; //const size_t local_work_size[3] = { kernel_threads, 1, 1 }; - if (hc_cuLaunchKernel (hashcat_ctx, function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params_memset, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params_memset, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; } @@ -3484,6 +3482,18 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con break; } + if (device_param->is_cuda == true) + { + if ((device_param->kernel_dynamic_local_mem_size_memset % device_param->device_local_mem_size) == 0) + { + // this is the case Compute Capability 7.5 + // there is also Compute Capability 7.0 which offers a larger dynamic local size access + // however, if it's an exact multiple the driver can optimize this for us more efficient + + dynamic_shared_mem = 0; + } + } + kernel_threads = MIN (kernel_threads, device_param->kernel_threads); device_param->kernel_params_buf64[34] = num; @@ -3511,6 +3521,8 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con case KERN_RUN_AUX3: cuda_function = device_param->cuda_function_aux3; break; case KERN_RUN_AUX4: cuda_function = device_param->cuda_function_aux4; break; } + + if (hc_cuFuncSetAttribute (hashcat_ctx, cuda_function, CU_FUNC_ATTRIBUTE_MAX_DYNAMIC_SHARED_SIZE_BYTES, dynamic_shared_mem) == -1) return -1; } if (kernel_threads == 0) kernel_threads = 1; @@ -3767,23 +3779,13 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con int run_kernel_mp (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, const u32 kern_run, const u64 num) { - u64 kernel_threads = 0; - u64 dynamic_shared_mem = 0; + u64 kernel_threads = 0; switch (kern_run) { - case KERN_RUN_MP: - kernel_threads = device_param->kernel_wgs_mp; - dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_mp; - break; - case KERN_RUN_MP_R: - kernel_threads = device_param->kernel_wgs_mp_r; - dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_mp_r; - break; - case KERN_RUN_MP_L: - kernel_threads = device_param->kernel_wgs_mp_l; - dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_mp_l; - break; + case KERN_RUN_MP: kernel_threads = device_param->kernel_wgs_mp; break; + case KERN_RUN_MP_R: kernel_threads = device_param->kernel_wgs_mp_r; break; + case KERN_RUN_MP_L: kernel_threads = device_param->kernel_wgs_mp_l; break; } u64 num_elements = num; @@ -3816,7 +3818,7 @@ int run_kernel_mp (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, num_elements = CEILDIV (num_elements, kernel_threads); - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, cuda_args, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, cuda_args, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; } @@ -3875,8 +3877,7 @@ int run_kernel_mp (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, int run_kernel_tm (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param) { - const u64 num_elements = 1024; // fixed - const u64 dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_tm; + const u64 num_elements = 1024; // fixed const u64 kernel_threads = MIN (num_elements, device_param->kernel_wgs_tm); @@ -3884,7 +3885,7 @@ int run_kernel_tm (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param) { CUfunction cuda_function = device_param->cuda_function_tm; - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements / kernel_threads, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params_tm, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements / kernel_threads, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params_tm, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; } @@ -3912,8 +3913,7 @@ int run_kernel_amp (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, u64 num_elements = num; - const u64 kernel_threads = device_param->kernel_wgs_amp; - const u64 dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_amp; + const u64 kernel_threads = device_param->kernel_wgs_amp; if (device_param->is_cuda == true) { @@ -3921,7 +3921,7 @@ int run_kernel_amp (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, CUfunction cuda_function = device_param->cuda_function_amp; - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params_amp, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params_amp, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; } @@ -3953,8 +3953,7 @@ int run_kernel_decompress (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device u64 num_elements = num; - const u64 kernel_threads = device_param->kernel_wgs_decompress; - const u64 dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size_decompress; + const u64 kernel_threads = device_param->kernel_wgs_decompress; if (device_param->is_cuda == true) { @@ -3962,7 +3961,7 @@ int run_kernel_decompress (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device CUfunction cuda_function = device_param->cuda_function_decompress; - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params_decompress, NULL) == -1) return -1; + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, 0, device_param->cuda_stream, device_param->kernel_params_decompress, NULL) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; } @@ -6806,7 +6805,9 @@ static int get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx_t *hashcat_ctx, C #define MAX_ASSUMED_SHARED (1024 * 1024) - for (int i = 0; i < MAX_ASSUMED_SHARED; i++) + u64 dynamic_shared_size_bytes = 0; + + for (int i = 1; i <= MAX_ASSUMED_SHARED; i++) { backend_ctx_t *backend_ctx = hashcat_ctx->backend_ctx; @@ -6814,16 +6815,19 @@ static int get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx_t *hashcat_ctx, C const CUresult CU_err = cuda->cuFuncSetAttribute (function, CU_FUNC_ATTRIBUTE_MAX_DYNAMIC_SHARED_SIZE_BYTES, i); - if (CU_err == CUDA_SUCCESS) continue; + if (CU_err == CUDA_SUCCESS) + { + dynamic_shared_size_bytes = i; + + continue; + } break; } - int dynamic_shared_size_bytes = 0; + *result = dynamic_shared_size_bytes; - if (hc_cuFuncGetAttribute (hashcat_ctx, &dynamic_shared_size_bytes, CU_FUNC_ATTRIBUTE_MAX_DYNAMIC_SHARED_SIZE_BYTES, function) == -1) return -1; - - *result = (u64) dynamic_shared_size_bytes; + if (hc_cuFuncSetAttribute (hashcat_ctx, function, CU_FUNC_ATTRIBUTE_MAX_DYNAMIC_SHARED_SIZE_BYTES, 0) == -1) return -1; return 0; } diff --git a/src/modules/module_03200.c b/src/modules/module_03200.c index 31c099730..3c528fed0 100644 --- a/src/modules/module_03200.c +++ b/src/modules/module_03200.c @@ -81,18 +81,32 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY { char *jit_build_options = NULL; + // this mode heavily depends on the available shared memory size + // note the kernel need to have some special code changes in order to make use to use post-48k memory region + // we need to set some macros + + bool use_dynamic = false; + + if (device_param->is_cuda == true) + { + if (device_param->kernel_dynamic_local_mem_size_memset % device_param->device_local_mem_size) + { + // this is the case Compute Capability 7.5 + // there is also Compute Capability 7.0 which offers a larger dynamic local size access + // however, if it's an exact multiple the driver can optimize this for us more efficient + + use_dynamic = true; + } + } + // this uses some nice feedback effect. // based on the device_local_mem_size the reqd_work_group_size in the kernel is set to some value // which is then is read from the opencl host in the kernel_preferred_wgs_multiple1/2/3 result. // therefore we do not need to set module_kernel_threads_min/max except for CPU, where the threads are set to fixed 1. - u32 fixed_local_size = 0; - if (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU) { - fixed_local_size = 1; - - hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u", fixed_local_size); + hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u", 1); } else { @@ -108,45 +122,52 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY if (device_param->is_opencl == true) { - overhead = 4; + overhead = 1; } } if (user_options->kernel_threads_chgd == true) { - fixed_local_size = user_options->kernel_threads; + u32 fixed_local_size = user_options->kernel_threads; - // otherwise out-of-bound reads - - if ((fixed_local_size * 4096) > (device_param->device_local_mem_size - overhead)) + if (use_dynamic == true) { - fixed_local_size = (device_param->device_local_mem_size - overhead) / 4096; - } + if ((fixed_local_size * 4096) > device_param->kernel_dynamic_local_mem_size_memset) + { + // otherwise out-of-bound reads + + fixed_local_size = device_param->kernel_dynamic_local_mem_size_memset / 4096; + } - if (device_param->is_cuda == true) - { hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u -D DYNAMIC_LOCAL", fixed_local_size); } else { + if ((fixed_local_size * 4096) > (device_param->device_local_mem_size - overhead)) + { + // otherwise out-of-bound reads + + fixed_local_size = (device_param->device_local_mem_size - overhead) / 4096; + } + hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u", fixed_local_size); } } else { - if (device_param->is_cuda == true) + if (use_dynamic == true) { // using kernel_dynamic_local_mem_size_memset is a bit hackish. // we had to brute-force this value out of an already loaded CUDA function. // there's no official way to query for this value. - fixed_local_size = device_param->kernel_dynamic_local_mem_size_memset / 4096; + const u32 fixed_local_size = device_param->kernel_dynamic_local_mem_size_memset / 4096; hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u -D DYNAMIC_LOCAL", fixed_local_size); } else { - fixed_local_size = (device_param->device_local_mem_size - overhead) / 4096; + const u32 fixed_local_size = (device_param->device_local_mem_size - overhead) / 4096; hc_asprintf (&jit_build_options, "-D FIXED_LOCAL_SIZE=%u", fixed_local_size); } From c40f474c2ea94db9e0422aaf1350a0cd0cf67158 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 2 Feb 2020 11:24:38 +0100 Subject: [PATCH 192/300] Add special module option to indicate the kernel is using dynamic shared memory --- include/types.h | 1 + src/backend.c | 5 +++++ src/modules/module_03200.c | 3 ++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/types.h b/include/types.h index 51d23b57f..ccc5a8a74 100644 --- a/include/types.h +++ b/include/types.h @@ -425,6 +425,7 @@ typedef enum opts_type OPTS_TYPE_SUGGEST_KG = (1ULL << 44), // suggest keep guessing for modules the user maybe wants to use --keep-guessing OPTS_TYPE_COPY_TMPS = (1ULL << 45), // if we want to use data from tmps buffer (for example get the PMK in WPA) OPTS_TYPE_POTFILE_NOPASS = (1ULL << 46), // sometimes the password should not be printed to potfile + OPTS_TYPE_DYNAMIC_SHARED = (1ULL << 47), // use dynamic shared memory (note: needs special kernel changes) } opts_type_t; diff --git a/src/backend.c b/src/backend.c index 25f18f0d3..ba21858fc 100644 --- a/src/backend.c +++ b/src/backend.c @@ -3482,6 +3482,11 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con break; } + if ((hashconfig->opts_type & OPTS_TYPE_DYNAMIC_SHARED) == 0) + { + dynamic_shared_mem = 0; + } + if (device_param->is_cuda == true) { if ((device_param->kernel_dynamic_local_mem_size_memset % device_param->device_local_mem_size) == 0) diff --git a/src/modules/module_03200.c b/src/modules/module_03200.c index 3c528fed0..17521e5e9 100644 --- a/src/modules/module_03200.c +++ b/src/modules/module_03200.c @@ -20,7 +20,8 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_OS; static const char *HASH_NAME = "bcrypt $2*$, Blowfish (Unix)"; static const u64 KERN_TYPE = 3200; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; -static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_DYNAMIC_SHARED; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "$2a$05$MBCzKhG1KhezLh.0LRa0Kuw12nLJtpHy6DIaU.JAnqJUDYspHC.Ou"; From 1290b01b3ea09aaf2e273b851894faf1a454b6b6 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 2 Feb 2020 14:36:47 +0100 Subject: [PATCH 193/300] Fix KERN_TYPE in --stdout mode --- src/modules/module_02000.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_02000.c b/src/modules/module_02000.c index 0c8df2610..be40fcb4f 100644 --- a/src/modules/module_02000.c +++ b/src/modules/module_02000.c @@ -18,7 +18,7 @@ static const u32 DGST_POS3 = 0; static const u32 DGST_SIZE = DGST_SIZE_4_4; static const u32 HASH_CATEGORY = HASH_CATEGORY_PLAIN; static const char *HASH_NAME = "STDOUT"; -static const u64 KERN_TYPE = 0; +static const u64 KERN_TYPE = 2000; static const u32 OPTI_TYPE = 0; static const u64 OPTS_TYPE = 0; static const u32 SALT_TYPE = SALT_TYPE_NONE; From 146ca73ff95c27dfb500f3d286d8000f122c1b94 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 3 Feb 2020 12:49:05 +0100 Subject: [PATCH 194/300] Workaround NVIDIA cubin error 'misaligned address' in -m 6100 --- OpenCL/inc_hash_whirlpool.cl | 54 +++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/OpenCL/inc_hash_whirlpool.cl b/OpenCL/inc_hash_whirlpool.cl index e4e1f22eb..452b8d1d6 100644 --- a/OpenCL/inc_hash_whirlpool.cl +++ b/OpenCL/inc_hash_whirlpool.cl @@ -1073,34 +1073,40 @@ CONSTANT_VK u32a Cl[8][256] = }, }; -CONSTANT_VK u32a rch[R + 1] = +CONSTANT_VK u32a rchl[32] = { - 0x00000000, 0x1823c6e8, - 0x36a6d2f5, - 0x60bc9b8e, - 0x1de0d7c2, - 0x157737e5, - 0x58c9290a, - 0xbd5d10f4, - 0xe427418b, - 0xfbee7c66, - 0xca2dbf07, -}; - -CONSTANT_VK u32a rcl[R + 1] = -{ - 0x00000000, 0x87b8014f, + 0x36a6d2f5, 0x796f9152, + 0x60bc9b8e, 0xa30c7b35, + 0x1de0d7c2, 0x2e4bfe57, + 0x157737e5, 0x9ff04ada, + 0x58c9290a, 0xb1a06b85, + 0xbd5d10f4, 0xcb3e0567, + 0xe427418b, 0xa77d95d8, + 0xfbee7c66, 0xdd17479e, + 0xca2dbf07, 0xad5a8333, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, }; // important notes on this: @@ -1150,9 +1156,7 @@ DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, stateh[7] = w3[2] ^ Kh[7]; statel[7] = w3[3] ^ Kl[7]; - u32 r; - - for (r = 1; r <= R; r++) + for (u32 r = 0; r < (R * 2); r += 2) { u32 Lh[8]; u32 Ll[8]; @@ -1192,8 +1196,8 @@ DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, ^ BOX_S (s_Cl, 7, Lp7 & 0xff); } - Kh[0] = Lh[0] ^ rch[r]; - Kl[0] = Ll[0] ^ rcl[r]; + Kh[0] = Lh[0] ^ rchl[r + 0]; + Kl[0] = Ll[0] ^ rchl[r + 1]; Kh[1] = Lh[1]; Kl[1] = Ll[1]; Kh[2] = Lh[2]; @@ -2402,9 +2406,7 @@ DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const stateh[7] = w3[2] ^ Kh[7]; statel[7] = w3[3] ^ Kl[7]; - u32 r; - - for (r = 1; r <= R; r++) + for (u32 r = 0; r < (R * 2); r += 2) { u32x Lh[8]; u32x Ll[8]; @@ -2444,8 +2446,8 @@ DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const ^ BOX (s_Cl, 7, Lp7 & 0xff); } - Kh[0] = Lh[0] ^ rch[r]; - Kl[0] = Ll[0] ^ rcl[r]; + Kh[0] = Lh[0] ^ rchl[r + 0]; + Kl[0] = Ll[0] ^ rchl[r + 1]; Kh[1] = Lh[1]; Kl[1] = Ll[1]; Kh[2] = Lh[2]; From 633327d8b743506c52a7d444ce0bae198d6895e4 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 3 Feb 2020 15:24:38 +0100 Subject: [PATCH 195/300] Rewrite Whirlpool hash with 64 bit instructions --- OpenCL/inc_hash_whirlpool.cl | 2232 ++++++++++++--------------------- OpenCL/inc_hash_whirlpool.h | 48 +- OpenCL/m06100_a0-optimized.cl | 80 +- OpenCL/m06100_a0-pure.cl | 76 +- OpenCL/m06100_a1-optimized.cl | 80 +- OpenCL/m06100_a1-pure.cl | 76 +- OpenCL/m06100_a3-optimized.cl | 164 ++- OpenCL/m06100_a3-pure.cl | 76 +- OpenCL/m06231-pure.cl | 122 +- OpenCL/m06232-pure.cl | 122 +- OpenCL/m06233-pure.cl | 122 +- OpenCL/m13731-pure.cl | 122 +- OpenCL/m13732-pure.cl | 122 +- OpenCL/m13733-pure.cl | 122 +- src/modules/module_06100.c | 24 +- 15 files changed, 1442 insertions(+), 2146 deletions(-) diff --git a/OpenCL/inc_hash_whirlpool.cl b/OpenCL/inc_hash_whirlpool.cl index 452b8d1d6..e77734a4e 100644 --- a/OpenCL/inc_hash_whirlpool.cl +++ b/OpenCL/inc_hash_whirlpool.cl @@ -9,1104 +9,550 @@ #include "inc_common.h" #include "inc_hash_whirlpool.h" -CONSTANT_VK u32a Ch[8][256] = +CONSTANT_VK u64a MT[8][256] = { { - 0x18186018, 0x23238c23, 0xc6c63fc6, 0xe8e887e8, - 0x87872687, 0xb8b8dab8, 0x01010401, 0x4f4f214f, - 0x3636d836, 0xa6a6a2a6, 0xd2d26fd2, 0xf5f5f3f5, - 0x7979f979, 0x6f6fa16f, 0x91917e91, 0x52525552, - 0x60609d60, 0xbcbccabc, 0x9b9b569b, 0x8e8e028e, - 0xa3a3b6a3, 0x0c0c300c, 0x7b7bf17b, 0x3535d435, - 0x1d1d741d, 0xe0e0a7e0, 0xd7d77bd7, 0xc2c22fc2, - 0x2e2eb82e, 0x4b4b314b, 0xfefedffe, 0x57574157, - 0x15155415, 0x7777c177, 0x3737dc37, 0xe5e5b3e5, - 0x9f9f469f, 0xf0f0e7f0, 0x4a4a354a, 0xdada4fda, - 0x58587d58, 0xc9c903c9, 0x2929a429, 0x0a0a280a, - 0xb1b1feb1, 0xa0a0baa0, 0x6b6bb16b, 0x85852e85, - 0xbdbdcebd, 0x5d5d695d, 0x10104010, 0xf4f4f7f4, - 0xcbcb0bcb, 0x3e3ef83e, 0x05051405, 0x67678167, - 0xe4e4b7e4, 0x27279c27, 0x41411941, 0x8b8b168b, - 0xa7a7a6a7, 0x7d7de97d, 0x95956e95, 0xd8d847d8, - 0xfbfbcbfb, 0xeeee9fee, 0x7c7ced7c, 0x66668566, - 0xdddd53dd, 0x17175c17, 0x47470147, 0x9e9e429e, - 0xcaca0fca, 0x2d2db42d, 0xbfbfc6bf, 0x07071c07, - 0xadad8ead, 0x5a5a755a, 0x83833683, 0x3333cc33, - 0x63639163, 0x02020802, 0xaaaa92aa, 0x7171d971, - 0xc8c807c8, 0x19196419, 0x49493949, 0xd9d943d9, - 0xf2f2eff2, 0xe3e3abe3, 0x5b5b715b, 0x88881a88, - 0x9a9a529a, 0x26269826, 0x3232c832, 0xb0b0fab0, - 0xe9e983e9, 0x0f0f3c0f, 0xd5d573d5, 0x80803a80, - 0xbebec2be, 0xcdcd13cd, 0x3434d034, 0x48483d48, - 0xffffdbff, 0x7a7af57a, 0x90907a90, 0x5f5f615f, - 0x20208020, 0x6868bd68, 0x1a1a681a, 0xaeae82ae, - 0xb4b4eab4, 0x54544d54, 0x93937693, 0x22228822, - 0x64648d64, 0xf1f1e3f1, 0x7373d173, 0x12124812, - 0x40401d40, 0x08082008, 0xc3c32bc3, 0xecec97ec, - 0xdbdb4bdb, 0xa1a1bea1, 0x8d8d0e8d, 0x3d3df43d, - 0x97976697, 0x00000000, 0xcfcf1bcf, 0x2b2bac2b, - 0x7676c576, 0x82823282, 0xd6d67fd6, 0x1b1b6c1b, - 0xb5b5eeb5, 0xafaf86af, 0x6a6ab56a, 0x50505d50, - 0x45450945, 0xf3f3ebf3, 0x3030c030, 0xefef9bef, - 0x3f3ffc3f, 0x55554955, 0xa2a2b2a2, 0xeaea8fea, - 0x65658965, 0xbabad2ba, 0x2f2fbc2f, 0xc0c027c0, - 0xdede5fde, 0x1c1c701c, 0xfdfdd3fd, 0x4d4d294d, - 0x92927292, 0x7575c975, 0x06061806, 0x8a8a128a, - 0xb2b2f2b2, 0xe6e6bfe6, 0x0e0e380e, 0x1f1f7c1f, - 0x62629562, 0xd4d477d4, 0xa8a89aa8, 0x96966296, - 0xf9f9c3f9, 0xc5c533c5, 0x25259425, 0x59597959, - 0x84842a84, 0x7272d572, 0x3939e439, 0x4c4c2d4c, - 0x5e5e655e, 0x7878fd78, 0x3838e038, 0x8c8c0a8c, - 0xd1d163d1, 0xa5a5aea5, 0xe2e2afe2, 0x61619961, - 0xb3b3f6b3, 0x21218421, 0x9c9c4a9c, 0x1e1e781e, - 0x43431143, 0xc7c73bc7, 0xfcfcd7fc, 0x04041004, - 0x51515951, 0x99995e99, 0x6d6da96d, 0x0d0d340d, - 0xfafacffa, 0xdfdf5bdf, 0x7e7ee57e, 0x24249024, - 0x3b3bec3b, 0xabab96ab, 0xcece1fce, 0x11114411, - 0x8f8f068f, 0x4e4e254e, 0xb7b7e6b7, 0xebeb8beb, - 0x3c3cf03c, 0x81813e81, 0x94946a94, 0xf7f7fbf7, - 0xb9b9deb9, 0x13134c13, 0x2c2cb02c, 0xd3d36bd3, - 0xe7e7bbe7, 0x6e6ea56e, 0xc4c437c4, 0x03030c03, - 0x56564556, 0x44440d44, 0x7f7fe17f, 0xa9a99ea9, - 0x2a2aa82a, 0xbbbbd6bb, 0xc1c123c1, 0x53535153, - 0xdcdc57dc, 0x0b0b2c0b, 0x9d9d4e9d, 0x6c6cad6c, - 0x3131c431, 0x7474cd74, 0xf6f6fff6, 0x46460546, - 0xacac8aac, 0x89891e89, 0x14145014, 0xe1e1a3e1, - 0x16165816, 0x3a3ae83a, 0x6969b969, 0x09092409, - 0x7070dd70, 0xb6b6e2b6, 0xd0d067d0, 0xeded93ed, - 0xcccc17cc, 0x42421542, 0x98985a98, 0xa4a4aaa4, - 0x2828a028, 0x5c5c6d5c, 0xf8f8c7f8, 0x86862286, + 0x18186018c07830d8, 0x23238c2305af4626, 0xc6c63fc67ef991b8, 0xe8e887e8136fcdfb, + 0x878726874ca113cb, 0xb8b8dab8a9626d11, 0x0101040108050209, 0x4f4f214f426e9e0d, + 0x3636d836adee6c9b, 0xa6a6a2a6590451ff, 0xd2d26fd2debdb90c, 0xf5f5f3f5fb06f70e, + 0x7979f979ef80f296, 0x6f6fa16f5fcede30, 0x91917e91fcef3f6d, 0x52525552aa07a4f8, + 0x60609d6027fdc047, 0xbcbccabc89766535, 0x9b9b569baccd2b37, 0x8e8e028e048c018a, + 0xa3a3b6a371155bd2, 0x0c0c300c603c186c, 0x7b7bf17bff8af684, 0x3535d435b5e16a80, + 0x1d1d741de8693af5, 0xe0e0a7e05347ddb3, 0xd7d77bd7f6acb321, 0xc2c22fc25eed999c, + 0x2e2eb82e6d965c43, 0x4b4b314b627a9629, 0xfefedffea321e15d, 0x575741578216aed5, + 0x15155415a8412abd, 0x7777c1779fb6eee8, 0x3737dc37a5eb6e92, 0xe5e5b3e57b56d79e, + 0x9f9f469f8cd92313, 0xf0f0e7f0d317fd23, 0x4a4a354a6a7f9420, 0xdada4fda9e95a944, + 0x58587d58fa25b0a2, 0xc9c903c906ca8fcf, 0x2929a429558d527c, 0x0a0a280a5022145a, + 0xb1b1feb1e14f7f50, 0xa0a0baa0691a5dc9, 0x6b6bb16b7fdad614, 0x85852e855cab17d9, + 0xbdbdcebd8173673c, 0x5d5d695dd234ba8f, 0x1010401080502090, 0xf4f4f7f4f303f507, + 0xcbcb0bcb16c08bdd, 0x3e3ef83eedc67cd3, 0x0505140528110a2d, 0x676781671fe6ce78, + 0xe4e4b7e47353d597, 0x27279c2725bb4e02, 0x4141194132588273, 0x8b8b168b2c9d0ba7, + 0xa7a7a6a7510153f6, 0x7d7de97dcf94fab2, 0x95956e95dcfb3749, 0xd8d847d88e9fad56, + 0xfbfbcbfb8b30eb70, 0xeeee9fee2371c1cd, 0x7c7ced7cc791f8bb, 0x6666856617e3cc71, + 0xdddd53dda68ea77b, 0x17175c17b84b2eaf, 0x4747014702468e45, 0x9e9e429e84dc211a, + 0xcaca0fca1ec589d4, 0x2d2db42d75995a58, 0xbfbfc6bf9179632e, 0x07071c07381b0e3f, + 0xadad8ead012347ac, 0x5a5a755aea2fb4b0, 0x838336836cb51bef, 0x3333cc3385ff66b6, + 0x636391633ff2c65c, 0x02020802100a0412, 0xaaaa92aa39384993, 0x7171d971afa8e2de, + 0xc8c807c80ecf8dc6, 0x19196419c87d32d1, 0x494939497270923b, 0xd9d943d9869aaf5f, + 0xf2f2eff2c31df931, 0xe3e3abe34b48dba8, 0x5b5b715be22ab6b9, 0x88881a8834920dbc, + 0x9a9a529aa4c8293e, 0x262698262dbe4c0b, 0x3232c8328dfa64bf, 0xb0b0fab0e94a7d59, + 0xe9e983e91b6acff2, 0x0f0f3c0f78331e77, 0xd5d573d5e6a6b733, 0x80803a8074ba1df4, + 0xbebec2be997c6127, 0xcdcd13cd26de87eb, 0x3434d034bde46889, 0x48483d487a759032, + 0xffffdbffab24e354, 0x7a7af57af78ff48d, 0x90907a90f4ea3d64, 0x5f5f615fc23ebe9d, + 0x202080201da0403d, 0x6868bd6867d5d00f, 0x1a1a681ad07234ca, 0xaeae82ae192c41b7, + 0xb4b4eab4c95e757d, 0x54544d549a19a8ce, 0x93937693ece53b7f, 0x222288220daa442f, + 0x64648d6407e9c863, 0xf1f1e3f1db12ff2a, 0x7373d173bfa2e6cc, 0x12124812905a2482, + 0x40401d403a5d807a, 0x0808200840281048, 0xc3c32bc356e89b95, 0xecec97ec337bc5df, + 0xdbdb4bdb9690ab4d, 0xa1a1bea1611f5fc0, 0x8d8d0e8d1c830791, 0x3d3df43df5c97ac8, + 0x97976697ccf1335b, 0x0000000000000000, 0xcfcf1bcf36d483f9, 0x2b2bac2b4587566e, + 0x7676c57697b3ece1, 0x8282328264b019e6, 0xd6d67fd6fea9b128, 0x1b1b6c1bd87736c3, + 0xb5b5eeb5c15b7774, 0xafaf86af112943be, 0x6a6ab56a77dfd41d, 0x50505d50ba0da0ea, + 0x45450945124c8a57, 0xf3f3ebf3cb18fb38, 0x3030c0309df060ad, 0xefef9bef2b74c3c4, + 0x3f3ffc3fe5c37eda, 0x55554955921caac7, 0xa2a2b2a2791059db, 0xeaea8fea0365c9e9, + 0x656589650fecca6a, 0xbabad2bab9686903, 0x2f2fbc2f65935e4a, 0xc0c027c04ee79d8e, + 0xdede5fdebe81a160, 0x1c1c701ce06c38fc, 0xfdfdd3fdbb2ee746, 0x4d4d294d52649a1f, + 0x92927292e4e03976, 0x7575c9758fbceafa, 0x06061806301e0c36, 0x8a8a128a249809ae, + 0xb2b2f2b2f940794b, 0xe6e6bfe66359d185, 0x0e0e380e70361c7e, 0x1f1f7c1ff8633ee7, + 0x6262956237f7c455, 0xd4d477d4eea3b53a, 0xa8a89aa829324d81, 0x96966296c4f43152, + 0xf9f9c3f99b3aef62, 0xc5c533c566f697a3, 0x2525942535b14a10, 0x59597959f220b2ab, + 0x84842a8454ae15d0, 0x7272d572b7a7e4c5, 0x3939e439d5dd72ec, 0x4c4c2d4c5a619816, + 0x5e5e655eca3bbc94, 0x7878fd78e785f09f, 0x3838e038ddd870e5, 0x8c8c0a8c14860598, + 0xd1d163d1c6b2bf17, 0xa5a5aea5410b57e4, 0xe2e2afe2434dd9a1, 0x616199612ff8c24e, + 0xb3b3f6b3f1457b42, 0x2121842115a54234, 0x9c9c4a9c94d62508, 0x1e1e781ef0663cee, + 0x4343114322528661, 0xc7c73bc776fc93b1, 0xfcfcd7fcb32be54f, 0x0404100420140824, + 0x51515951b208a2e3, 0x99995e99bcc72f25, 0x6d6da96d4fc4da22, 0x0d0d340d68391a65, + 0xfafacffa8335e979, 0xdfdf5bdfb684a369, 0x7e7ee57ed79bfca9, 0x242490243db44819, + 0x3b3bec3bc5d776fe, 0xabab96ab313d4b9a, 0xcece1fce3ed181f0, 0x1111441188552299, + 0x8f8f068f0c890383, 0x4e4e254e4a6b9c04, 0xb7b7e6b7d1517366, 0xebeb8beb0b60cbe0, + 0x3c3cf03cfdcc78c1, 0x81813e817cbf1ffd, 0x94946a94d4fe3540, 0xf7f7fbf7eb0cf31c, + 0xb9b9deb9a1676f18, 0x13134c13985f268b, 0x2c2cb02c7d9c5851, 0xd3d36bd3d6b8bb05, + 0xe7e7bbe76b5cd38c, 0x6e6ea56e57cbdc39, 0xc4c437c46ef395aa, 0x03030c03180f061b, + 0x565645568a13acdc, 0x44440d441a49885e, 0x7f7fe17fdf9efea0, 0xa9a99ea921374f88, + 0x2a2aa82a4d825467, 0xbbbbd6bbb16d6b0a, 0xc1c123c146e29f87, 0x53535153a202a6f1, + 0xdcdc57dcae8ba572, 0x0b0b2c0b58271653, 0x9d9d4e9d9cd32701, 0x6c6cad6c47c1d82b, + 0x3131c43195f562a4, 0x7474cd7487b9e8f3, 0xf6f6fff6e309f115, 0x464605460a438c4c, + 0xacac8aac092645a5, 0x89891e893c970fb5, 0x14145014a04428b4, 0xe1e1a3e15b42dfba, + 0x16165816b04e2ca6, 0x3a3ae83acdd274f7, 0x6969b9696fd0d206, 0x09092409482d1241, + 0x7070dd70a7ade0d7, 0xb6b6e2b6d954716f, 0xd0d067d0ceb7bd1e, 0xeded93ed3b7ec7d6, + 0xcccc17cc2edb85e2, 0x424215422a578468, 0x98985a98b4c22d2c, 0xa4a4aaa4490e55ed, + 0x2828a0285d885075, 0x5c5c6d5cda31b886, 0xf8f8c7f8933fed6b, 0x8686228644a411c2, }, { - 0xd8181860, 0x2623238c, 0xb8c6c63f, 0xfbe8e887, - 0xcb878726, 0x11b8b8da, 0x09010104, 0x0d4f4f21, - 0x9b3636d8, 0xffa6a6a2, 0x0cd2d26f, 0x0ef5f5f3, - 0x967979f9, 0x306f6fa1, 0x6d91917e, 0xf8525255, - 0x4760609d, 0x35bcbcca, 0x379b9b56, 0x8a8e8e02, - 0xd2a3a3b6, 0x6c0c0c30, 0x847b7bf1, 0x803535d4, - 0xf51d1d74, 0xb3e0e0a7, 0x21d7d77b, 0x9cc2c22f, - 0x432e2eb8, 0x294b4b31, 0x5dfefedf, 0xd5575741, - 0xbd151554, 0xe87777c1, 0x923737dc, 0x9ee5e5b3, - 0x139f9f46, 0x23f0f0e7, 0x204a4a35, 0x44dada4f, - 0xa258587d, 0xcfc9c903, 0x7c2929a4, 0x5a0a0a28, - 0x50b1b1fe, 0xc9a0a0ba, 0x146b6bb1, 0xd985852e, - 0x3cbdbdce, 0x8f5d5d69, 0x90101040, 0x07f4f4f7, - 0xddcbcb0b, 0xd33e3ef8, 0x2d050514, 0x78676781, - 0x97e4e4b7, 0x0227279c, 0x73414119, 0xa78b8b16, - 0xf6a7a7a6, 0xb27d7de9, 0x4995956e, 0x56d8d847, - 0x70fbfbcb, 0xcdeeee9f, 0xbb7c7ced, 0x71666685, - 0x7bdddd53, 0xaf17175c, 0x45474701, 0x1a9e9e42, - 0xd4caca0f, 0x582d2db4, 0x2ebfbfc6, 0x3f07071c, - 0xacadad8e, 0xb05a5a75, 0xef838336, 0xb63333cc, - 0x5c636391, 0x12020208, 0x93aaaa92, 0xde7171d9, - 0xc6c8c807, 0xd1191964, 0x3b494939, 0x5fd9d943, - 0x31f2f2ef, 0xa8e3e3ab, 0xb95b5b71, 0xbc88881a, - 0x3e9a9a52, 0x0b262698, 0xbf3232c8, 0x59b0b0fa, - 0xf2e9e983, 0x770f0f3c, 0x33d5d573, 0xf480803a, - 0x27bebec2, 0xebcdcd13, 0x893434d0, 0x3248483d, - 0x54ffffdb, 0x8d7a7af5, 0x6490907a, 0x9d5f5f61, - 0x3d202080, 0x0f6868bd, 0xca1a1a68, 0xb7aeae82, - 0x7db4b4ea, 0xce54544d, 0x7f939376, 0x2f222288, - 0x6364648d, 0x2af1f1e3, 0xcc7373d1, 0x82121248, - 0x7a40401d, 0x48080820, 0x95c3c32b, 0xdfecec97, - 0x4ddbdb4b, 0xc0a1a1be, 0x918d8d0e, 0xc83d3df4, - 0x5b979766, 0x00000000, 0xf9cfcf1b, 0x6e2b2bac, - 0xe17676c5, 0xe6828232, 0x28d6d67f, 0xc31b1b6c, - 0x74b5b5ee, 0xbeafaf86, 0x1d6a6ab5, 0xea50505d, - 0x57454509, 0x38f3f3eb, 0xad3030c0, 0xc4efef9b, - 0xda3f3ffc, 0xc7555549, 0xdba2a2b2, 0xe9eaea8f, - 0x6a656589, 0x03babad2, 0x4a2f2fbc, 0x8ec0c027, - 0x60dede5f, 0xfc1c1c70, 0x46fdfdd3, 0x1f4d4d29, - 0x76929272, 0xfa7575c9, 0x36060618, 0xae8a8a12, - 0x4bb2b2f2, 0x85e6e6bf, 0x7e0e0e38, 0xe71f1f7c, - 0x55626295, 0x3ad4d477, 0x81a8a89a, 0x52969662, - 0x62f9f9c3, 0xa3c5c533, 0x10252594, 0xab595979, - 0xd084842a, 0xc57272d5, 0xec3939e4, 0x164c4c2d, - 0x945e5e65, 0x9f7878fd, 0xe53838e0, 0x988c8c0a, - 0x17d1d163, 0xe4a5a5ae, 0xa1e2e2af, 0x4e616199, - 0x42b3b3f6, 0x34212184, 0x089c9c4a, 0xee1e1e78, - 0x61434311, 0xb1c7c73b, 0x4ffcfcd7, 0x24040410, - 0xe3515159, 0x2599995e, 0x226d6da9, 0x650d0d34, - 0x79fafacf, 0x69dfdf5b, 0xa97e7ee5, 0x19242490, - 0xfe3b3bec, 0x9aabab96, 0xf0cece1f, 0x99111144, - 0x838f8f06, 0x044e4e25, 0x66b7b7e6, 0xe0ebeb8b, - 0xc13c3cf0, 0xfd81813e, 0x4094946a, 0x1cf7f7fb, - 0x18b9b9de, 0x8b13134c, 0x512c2cb0, 0x05d3d36b, - 0x8ce7e7bb, 0x396e6ea5, 0xaac4c437, 0x1b03030c, - 0xdc565645, 0x5e44440d, 0xa07f7fe1, 0x88a9a99e, - 0x672a2aa8, 0x0abbbbd6, 0x87c1c123, 0xf1535351, - 0x72dcdc57, 0x530b0b2c, 0x019d9d4e, 0x2b6c6cad, - 0xa43131c4, 0xf37474cd, 0x15f6f6ff, 0x4c464605, - 0xa5acac8a, 0xb589891e, 0xb4141450, 0xbae1e1a3, - 0xa6161658, 0xf73a3ae8, 0x066969b9, 0x41090924, - 0xd77070dd, 0x6fb6b6e2, 0x1ed0d067, 0xd6eded93, - 0xe2cccc17, 0x68424215, 0x2c98985a, 0xeda4a4aa, - 0x752828a0, 0x865c5c6d, 0x6bf8f8c7, 0xc2868622, + 0xd818186018c07830, 0x2623238c2305af46, 0xb8c6c63fc67ef991, 0xfbe8e887e8136fcd, + 0xcb878726874ca113, 0x11b8b8dab8a9626d, 0x0901010401080502, 0x0d4f4f214f426e9e, + 0x9b3636d836adee6c, 0xffa6a6a2a6590451, 0x0cd2d26fd2debdb9, 0x0ef5f5f3f5fb06f7, + 0x967979f979ef80f2, 0x306f6fa16f5fcede, 0x6d91917e91fcef3f, 0xf852525552aa07a4, + 0x4760609d6027fdc0, 0x35bcbccabc897665, 0x379b9b569baccd2b, 0x8a8e8e028e048c01, + 0xd2a3a3b6a371155b, 0x6c0c0c300c603c18, 0x847b7bf17bff8af6, 0x803535d435b5e16a, + 0xf51d1d741de8693a, 0xb3e0e0a7e05347dd, 0x21d7d77bd7f6acb3, 0x9cc2c22fc25eed99, + 0x432e2eb82e6d965c, 0x294b4b314b627a96, 0x5dfefedffea321e1, 0xd5575741578216ae, + 0xbd15155415a8412a, 0xe87777c1779fb6ee, 0x923737dc37a5eb6e, 0x9ee5e5b3e57b56d7, + 0x139f9f469f8cd923, 0x23f0f0e7f0d317fd, 0x204a4a354a6a7f94, 0x44dada4fda9e95a9, + 0xa258587d58fa25b0, 0xcfc9c903c906ca8f, 0x7c2929a429558d52, 0x5a0a0a280a502214, + 0x50b1b1feb1e14f7f, 0xc9a0a0baa0691a5d, 0x146b6bb16b7fdad6, 0xd985852e855cab17, + 0x3cbdbdcebd817367, 0x8f5d5d695dd234ba, 0x9010104010805020, 0x07f4f4f7f4f303f5, + 0xddcbcb0bcb16c08b, 0xd33e3ef83eedc67c, 0x2d0505140528110a, 0x78676781671fe6ce, + 0x97e4e4b7e47353d5, 0x0227279c2725bb4e, 0x7341411941325882, 0xa78b8b168b2c9d0b, + 0xf6a7a7a6a7510153, 0xb27d7de97dcf94fa, 0x4995956e95dcfb37, 0x56d8d847d88e9fad, + 0x70fbfbcbfb8b30eb, 0xcdeeee9fee2371c1, 0xbb7c7ced7cc791f8, 0x716666856617e3cc, + 0x7bdddd53dda68ea7, 0xaf17175c17b84b2e, 0x454747014702468e, 0x1a9e9e429e84dc21, + 0xd4caca0fca1ec589, 0x582d2db42d75995a, 0x2ebfbfc6bf917963, 0x3f07071c07381b0e, + 0xacadad8ead012347, 0xb05a5a755aea2fb4, 0xef838336836cb51b, 0xb63333cc3385ff66, + 0x5c636391633ff2c6, 0x1202020802100a04, 0x93aaaa92aa393849, 0xde7171d971afa8e2, + 0xc6c8c807c80ecf8d, 0xd119196419c87d32, 0x3b49493949727092, 0x5fd9d943d9869aaf, + 0x31f2f2eff2c31df9, 0xa8e3e3abe34b48db, 0xb95b5b715be22ab6, 0xbc88881a8834920d, + 0x3e9a9a529aa4c829, 0x0b262698262dbe4c, 0xbf3232c8328dfa64, 0x59b0b0fab0e94a7d, + 0xf2e9e983e91b6acf, 0x770f0f3c0f78331e, 0x33d5d573d5e6a6b7, 0xf480803a8074ba1d, + 0x27bebec2be997c61, 0xebcdcd13cd26de87, 0x893434d034bde468, 0x3248483d487a7590, + 0x54ffffdbffab24e3, 0x8d7a7af57af78ff4, 0x6490907a90f4ea3d, 0x9d5f5f615fc23ebe, + 0x3d202080201da040, 0x0f6868bd6867d5d0, 0xca1a1a681ad07234, 0xb7aeae82ae192c41, + 0x7db4b4eab4c95e75, 0xce54544d549a19a8, 0x7f93937693ece53b, 0x2f222288220daa44, + 0x6364648d6407e9c8, 0x2af1f1e3f1db12ff, 0xcc7373d173bfa2e6, 0x8212124812905a24, + 0x7a40401d403a5d80, 0x4808082008402810, 0x95c3c32bc356e89b, 0xdfecec97ec337bc5, + 0x4ddbdb4bdb9690ab, 0xc0a1a1bea1611f5f, 0x918d8d0e8d1c8307, 0xc83d3df43df5c97a, + 0x5b97976697ccf133, 0x0000000000000000, 0xf9cfcf1bcf36d483, 0x6e2b2bac2b458756, + 0xe17676c57697b3ec, 0xe68282328264b019, 0x28d6d67fd6fea9b1, 0xc31b1b6c1bd87736, + 0x74b5b5eeb5c15b77, 0xbeafaf86af112943, 0x1d6a6ab56a77dfd4, 0xea50505d50ba0da0, + 0x5745450945124c8a, 0x38f3f3ebf3cb18fb, 0xad3030c0309df060, 0xc4efef9bef2b74c3, + 0xda3f3ffc3fe5c37e, 0xc755554955921caa, 0xdba2a2b2a2791059, 0xe9eaea8fea0365c9, + 0x6a656589650fecca, 0x03babad2bab96869, 0x4a2f2fbc2f65935e, 0x8ec0c027c04ee79d, + 0x60dede5fdebe81a1, 0xfc1c1c701ce06c38, 0x46fdfdd3fdbb2ee7, 0x1f4d4d294d52649a, + 0x7692927292e4e039, 0xfa7575c9758fbcea, 0x3606061806301e0c, 0xae8a8a128a249809, + 0x4bb2b2f2b2f94079, 0x85e6e6bfe66359d1, 0x7e0e0e380e70361c, 0xe71f1f7c1ff8633e, + 0x556262956237f7c4, 0x3ad4d477d4eea3b5, 0x81a8a89aa829324d, 0x5296966296c4f431, + 0x62f9f9c3f99b3aef, 0xa3c5c533c566f697, 0x102525942535b14a, 0xab59597959f220b2, + 0xd084842a8454ae15, 0xc57272d572b7a7e4, 0xec3939e439d5dd72, 0x164c4c2d4c5a6198, + 0x945e5e655eca3bbc, 0x9f7878fd78e785f0, 0xe53838e038ddd870, 0x988c8c0a8c148605, + 0x17d1d163d1c6b2bf, 0xe4a5a5aea5410b57, 0xa1e2e2afe2434dd9, 0x4e616199612ff8c2, + 0x42b3b3f6b3f1457b, 0x342121842115a542, 0x089c9c4a9c94d625, 0xee1e1e781ef0663c, + 0x6143431143225286, 0xb1c7c73bc776fc93, 0x4ffcfcd7fcb32be5, 0x2404041004201408, + 0xe351515951b208a2, 0x2599995e99bcc72f, 0x226d6da96d4fc4da, 0x650d0d340d68391a, + 0x79fafacffa8335e9, 0x69dfdf5bdfb684a3, 0xa97e7ee57ed79bfc, 0x19242490243db448, + 0xfe3b3bec3bc5d776, 0x9aabab96ab313d4b, 0xf0cece1fce3ed181, 0x9911114411885522, + 0x838f8f068f0c8903, 0x044e4e254e4a6b9c, 0x66b7b7e6b7d15173, 0xe0ebeb8beb0b60cb, + 0xc13c3cf03cfdcc78, 0xfd81813e817cbf1f, 0x4094946a94d4fe35, 0x1cf7f7fbf7eb0cf3, + 0x18b9b9deb9a1676f, 0x8b13134c13985f26, 0x512c2cb02c7d9c58, 0x05d3d36bd3d6b8bb, + 0x8ce7e7bbe76b5cd3, 0x396e6ea56e57cbdc, 0xaac4c437c46ef395, 0x1b03030c03180f06, + 0xdc565645568a13ac, 0x5e44440d441a4988, 0xa07f7fe17fdf9efe, 0x88a9a99ea921374f, + 0x672a2aa82a4d8254, 0x0abbbbd6bbb16d6b, 0x87c1c123c146e29f, 0xf153535153a202a6, + 0x72dcdc57dcae8ba5, 0x530b0b2c0b582716, 0x019d9d4e9d9cd327, 0x2b6c6cad6c47c1d8, + 0xa43131c43195f562, 0xf37474cd7487b9e8, 0x15f6f6fff6e309f1, 0x4c464605460a438c, + 0xa5acac8aac092645, 0xb589891e893c970f, 0xb414145014a04428, 0xbae1e1a3e15b42df, + 0xa616165816b04e2c, 0xf73a3ae83acdd274, 0x066969b9696fd0d2, 0x4109092409482d12, + 0xd77070dd70a7ade0, 0x6fb6b6e2b6d95471, 0x1ed0d067d0ceb7bd, 0xd6eded93ed3b7ec7, + 0xe2cccc17cc2edb85, 0x68424215422a5784, 0x2c98985a98b4c22d, 0xeda4a4aaa4490e55, + 0x752828a0285d8850, 0x865c5c6d5cda31b8, 0x6bf8f8c7f8933fed, 0xc28686228644a411, }, { - 0x30d81818, 0x46262323, 0x91b8c6c6, 0xcdfbe8e8, - 0x13cb8787, 0x6d11b8b8, 0x02090101, 0x9e0d4f4f, - 0x6c9b3636, 0x51ffa6a6, 0xb90cd2d2, 0xf70ef5f5, - 0xf2967979, 0xde306f6f, 0x3f6d9191, 0xa4f85252, - 0xc0476060, 0x6535bcbc, 0x2b379b9b, 0x018a8e8e, - 0x5bd2a3a3, 0x186c0c0c, 0xf6847b7b, 0x6a803535, - 0x3af51d1d, 0xddb3e0e0, 0xb321d7d7, 0x999cc2c2, - 0x5c432e2e, 0x96294b4b, 0xe15dfefe, 0xaed55757, - 0x2abd1515, 0xeee87777, 0x6e923737, 0xd79ee5e5, - 0x23139f9f, 0xfd23f0f0, 0x94204a4a, 0xa944dada, - 0xb0a25858, 0x8fcfc9c9, 0x527c2929, 0x145a0a0a, - 0x7f50b1b1, 0x5dc9a0a0, 0xd6146b6b, 0x17d98585, - 0x673cbdbd, 0xba8f5d5d, 0x20901010, 0xf507f4f4, - 0x8bddcbcb, 0x7cd33e3e, 0x0a2d0505, 0xce786767, - 0xd597e4e4, 0x4e022727, 0x82734141, 0x0ba78b8b, - 0x53f6a7a7, 0xfab27d7d, 0x37499595, 0xad56d8d8, - 0xeb70fbfb, 0xc1cdeeee, 0xf8bb7c7c, 0xcc716666, - 0xa77bdddd, 0x2eaf1717, 0x8e454747, 0x211a9e9e, - 0x89d4caca, 0x5a582d2d, 0x632ebfbf, 0x0e3f0707, - 0x47acadad, 0xb4b05a5a, 0x1bef8383, 0x66b63333, - 0xc65c6363, 0x04120202, 0x4993aaaa, 0xe2de7171, - 0x8dc6c8c8, 0x32d11919, 0x923b4949, 0xaf5fd9d9, - 0xf931f2f2, 0xdba8e3e3, 0xb6b95b5b, 0x0dbc8888, - 0x293e9a9a, 0x4c0b2626, 0x64bf3232, 0x7d59b0b0, - 0xcff2e9e9, 0x1e770f0f, 0xb733d5d5, 0x1df48080, - 0x6127bebe, 0x87ebcdcd, 0x68893434, 0x90324848, - 0xe354ffff, 0xf48d7a7a, 0x3d649090, 0xbe9d5f5f, - 0x403d2020, 0xd00f6868, 0x34ca1a1a, 0x41b7aeae, - 0x757db4b4, 0xa8ce5454, 0x3b7f9393, 0x442f2222, - 0xc8636464, 0xff2af1f1, 0xe6cc7373, 0x24821212, - 0x807a4040, 0x10480808, 0x9b95c3c3, 0xc5dfecec, - 0xab4ddbdb, 0x5fc0a1a1, 0x07918d8d, 0x7ac83d3d, - 0x335b9797, 0x00000000, 0x83f9cfcf, 0x566e2b2b, - 0xece17676, 0x19e68282, 0xb128d6d6, 0x36c31b1b, - 0x7774b5b5, 0x43beafaf, 0xd41d6a6a, 0xa0ea5050, - 0x8a574545, 0xfb38f3f3, 0x60ad3030, 0xc3c4efef, - 0x7eda3f3f, 0xaac75555, 0x59dba2a2, 0xc9e9eaea, - 0xca6a6565, 0x6903baba, 0x5e4a2f2f, 0x9d8ec0c0, - 0xa160dede, 0x38fc1c1c, 0xe746fdfd, 0x9a1f4d4d, - 0x39769292, 0xeafa7575, 0x0c360606, 0x09ae8a8a, - 0x794bb2b2, 0xd185e6e6, 0x1c7e0e0e, 0x3ee71f1f, - 0xc4556262, 0xb53ad4d4, 0x4d81a8a8, 0x31529696, - 0xef62f9f9, 0x97a3c5c5, 0x4a102525, 0xb2ab5959, - 0x15d08484, 0xe4c57272, 0x72ec3939, 0x98164c4c, - 0xbc945e5e, 0xf09f7878, 0x70e53838, 0x05988c8c, - 0xbf17d1d1, 0x57e4a5a5, 0xd9a1e2e2, 0xc24e6161, - 0x7b42b3b3, 0x42342121, 0x25089c9c, 0x3cee1e1e, - 0x86614343, 0x93b1c7c7, 0xe54ffcfc, 0x08240404, - 0xa2e35151, 0x2f259999, 0xda226d6d, 0x1a650d0d, - 0xe979fafa, 0xa369dfdf, 0xfca97e7e, 0x48192424, - 0x76fe3b3b, 0x4b9aabab, 0x81f0cece, 0x22991111, - 0x03838f8f, 0x9c044e4e, 0x7366b7b7, 0xcbe0ebeb, - 0x78c13c3c, 0x1ffd8181, 0x35409494, 0xf31cf7f7, - 0x6f18b9b9, 0x268b1313, 0x58512c2c, 0xbb05d3d3, - 0xd38ce7e7, 0xdc396e6e, 0x95aac4c4, 0x061b0303, - 0xacdc5656, 0x885e4444, 0xfea07f7f, 0x4f88a9a9, - 0x54672a2a, 0x6b0abbbb, 0x9f87c1c1, 0xa6f15353, - 0xa572dcdc, 0x16530b0b, 0x27019d9d, 0xd82b6c6c, - 0x62a43131, 0xe8f37474, 0xf115f6f6, 0x8c4c4646, - 0x45a5acac, 0x0fb58989, 0x28b41414, 0xdfbae1e1, - 0x2ca61616, 0x74f73a3a, 0xd2066969, 0x12410909, - 0xe0d77070, 0x716fb6b6, 0xbd1ed0d0, 0xc7d6eded, - 0x85e2cccc, 0x84684242, 0x2d2c9898, 0x55eda4a4, - 0x50752828, 0xb8865c5c, 0xed6bf8f8, 0x11c28686, + 0x30d818186018c078, 0x462623238c2305af, 0x91b8c6c63fc67ef9, 0xcdfbe8e887e8136f, + 0x13cb878726874ca1, 0x6d11b8b8dab8a962, 0x0209010104010805, 0x9e0d4f4f214f426e, + 0x6c9b3636d836adee, 0x51ffa6a6a2a65904, 0xb90cd2d26fd2debd, 0xf70ef5f5f3f5fb06, + 0xf2967979f979ef80, 0xde306f6fa16f5fce, 0x3f6d91917e91fcef, 0xa4f852525552aa07, + 0xc04760609d6027fd, 0x6535bcbccabc8976, 0x2b379b9b569baccd, 0x018a8e8e028e048c, + 0x5bd2a3a3b6a37115, 0x186c0c0c300c603c, 0xf6847b7bf17bff8a, 0x6a803535d435b5e1, + 0x3af51d1d741de869, 0xddb3e0e0a7e05347, 0xb321d7d77bd7f6ac, 0x999cc2c22fc25eed, + 0x5c432e2eb82e6d96, 0x96294b4b314b627a, 0xe15dfefedffea321, 0xaed5575741578216, + 0x2abd15155415a841, 0xeee87777c1779fb6, 0x6e923737dc37a5eb, 0xd79ee5e5b3e57b56, + 0x23139f9f469f8cd9, 0xfd23f0f0e7f0d317, 0x94204a4a354a6a7f, 0xa944dada4fda9e95, + 0xb0a258587d58fa25, 0x8fcfc9c903c906ca, 0x527c2929a429558d, 0x145a0a0a280a5022, + 0x7f50b1b1feb1e14f, 0x5dc9a0a0baa0691a, 0xd6146b6bb16b7fda, 0x17d985852e855cab, + 0x673cbdbdcebd8173, 0xba8f5d5d695dd234, 0x2090101040108050, 0xf507f4f4f7f4f303, + 0x8bddcbcb0bcb16c0, 0x7cd33e3ef83eedc6, 0x0a2d050514052811, 0xce78676781671fe6, + 0xd597e4e4b7e47353, 0x4e0227279c2725bb, 0x8273414119413258, 0x0ba78b8b168b2c9d, + 0x53f6a7a7a6a75101, 0xfab27d7de97dcf94, 0x374995956e95dcfb, 0xad56d8d847d88e9f, + 0xeb70fbfbcbfb8b30, 0xc1cdeeee9fee2371, 0xf8bb7c7ced7cc791, 0xcc716666856617e3, + 0xa77bdddd53dda68e, 0x2eaf17175c17b84b, 0x8e45474701470246, 0x211a9e9e429e84dc, + 0x89d4caca0fca1ec5, 0x5a582d2db42d7599, 0x632ebfbfc6bf9179, 0x0e3f07071c07381b, + 0x47acadad8ead0123, 0xb4b05a5a755aea2f, 0x1bef838336836cb5, 0x66b63333cc3385ff, + 0xc65c636391633ff2, 0x041202020802100a, 0x4993aaaa92aa3938, 0xe2de7171d971afa8, + 0x8dc6c8c807c80ecf, 0x32d119196419c87d, 0x923b494939497270, 0xaf5fd9d943d9869a, + 0xf931f2f2eff2c31d, 0xdba8e3e3abe34b48, 0xb6b95b5b715be22a, 0x0dbc88881a883492, + 0x293e9a9a529aa4c8, 0x4c0b262698262dbe, 0x64bf3232c8328dfa, 0x7d59b0b0fab0e94a, + 0xcff2e9e983e91b6a, 0x1e770f0f3c0f7833, 0xb733d5d573d5e6a6, 0x1df480803a8074ba, + 0x6127bebec2be997c, 0x87ebcdcd13cd26de, 0x68893434d034bde4, 0x903248483d487a75, + 0xe354ffffdbffab24, 0xf48d7a7af57af78f, 0x3d6490907a90f4ea, 0xbe9d5f5f615fc23e, + 0x403d202080201da0, 0xd00f6868bd6867d5, 0x34ca1a1a681ad072, 0x41b7aeae82ae192c, + 0x757db4b4eab4c95e, 0xa8ce54544d549a19, 0x3b7f93937693ece5, 0x442f222288220daa, + 0xc86364648d6407e9, 0xff2af1f1e3f1db12, 0xe6cc7373d173bfa2, 0x248212124812905a, + 0x807a40401d403a5d, 0x1048080820084028, 0x9b95c3c32bc356e8, 0xc5dfecec97ec337b, + 0xab4ddbdb4bdb9690, 0x5fc0a1a1bea1611f, 0x07918d8d0e8d1c83, 0x7ac83d3df43df5c9, + 0x335b97976697ccf1, 0x0000000000000000, 0x83f9cfcf1bcf36d4, 0x566e2b2bac2b4587, + 0xece17676c57697b3, 0x19e68282328264b0, 0xb128d6d67fd6fea9, 0x36c31b1b6c1bd877, + 0x7774b5b5eeb5c15b, 0x43beafaf86af1129, 0xd41d6a6ab56a77df, 0xa0ea50505d50ba0d, + 0x8a5745450945124c, 0xfb38f3f3ebf3cb18, 0x60ad3030c0309df0, 0xc3c4efef9bef2b74, + 0x7eda3f3ffc3fe5c3, 0xaac755554955921c, 0x59dba2a2b2a27910, 0xc9e9eaea8fea0365, + 0xca6a656589650fec, 0x6903babad2bab968, 0x5e4a2f2fbc2f6593, 0x9d8ec0c027c04ee7, + 0xa160dede5fdebe81, 0x38fc1c1c701ce06c, 0xe746fdfdd3fdbb2e, 0x9a1f4d4d294d5264, + 0x397692927292e4e0, 0xeafa7575c9758fbc, 0x0c3606061806301e, 0x09ae8a8a128a2498, + 0x794bb2b2f2b2f940, 0xd185e6e6bfe66359, 0x1c7e0e0e380e7036, 0x3ee71f1f7c1ff863, + 0xc4556262956237f7, 0xb53ad4d477d4eea3, 0x4d81a8a89aa82932, 0x315296966296c4f4, + 0xef62f9f9c3f99b3a, 0x97a3c5c533c566f6, 0x4a102525942535b1, 0xb2ab59597959f220, + 0x15d084842a8454ae, 0xe4c57272d572b7a7, 0x72ec3939e439d5dd, 0x98164c4c2d4c5a61, + 0xbc945e5e655eca3b, 0xf09f7878fd78e785, 0x70e53838e038ddd8, 0x05988c8c0a8c1486, + 0xbf17d1d163d1c6b2, 0x57e4a5a5aea5410b, 0xd9a1e2e2afe2434d, 0xc24e616199612ff8, + 0x7b42b3b3f6b3f145, 0x42342121842115a5, 0x25089c9c4a9c94d6, 0x3cee1e1e781ef066, + 0x8661434311432252, 0x93b1c7c73bc776fc, 0xe54ffcfcd7fcb32b, 0x0824040410042014, + 0xa2e351515951b208, 0x2f2599995e99bcc7, 0xda226d6da96d4fc4, 0x1a650d0d340d6839, + 0xe979fafacffa8335, 0xa369dfdf5bdfb684, 0xfca97e7ee57ed79b, 0x4819242490243db4, + 0x76fe3b3bec3bc5d7, 0x4b9aabab96ab313d, 0x81f0cece1fce3ed1, 0x2299111144118855, + 0x03838f8f068f0c89, 0x9c044e4e254e4a6b, 0x7366b7b7e6b7d151, 0xcbe0ebeb8beb0b60, + 0x78c13c3cf03cfdcc, 0x1ffd81813e817cbf, 0x354094946a94d4fe, 0xf31cf7f7fbf7eb0c, + 0x6f18b9b9deb9a167, 0x268b13134c13985f, 0x58512c2cb02c7d9c, 0xbb05d3d36bd3d6b8, + 0xd38ce7e7bbe76b5c, 0xdc396e6ea56e57cb, 0x95aac4c437c46ef3, 0x061b03030c03180f, + 0xacdc565645568a13, 0x885e44440d441a49, 0xfea07f7fe17fdf9e, 0x4f88a9a99ea92137, + 0x54672a2aa82a4d82, 0x6b0abbbbd6bbb16d, 0x9f87c1c123c146e2, 0xa6f153535153a202, + 0xa572dcdc57dcae8b, 0x16530b0b2c0b5827, 0x27019d9d4e9d9cd3, 0xd82b6c6cad6c47c1, + 0x62a43131c43195f5, 0xe8f37474cd7487b9, 0xf115f6f6fff6e309, 0x8c4c464605460a43, + 0x45a5acac8aac0926, 0x0fb589891e893c97, 0x28b414145014a044, 0xdfbae1e1a3e15b42, + 0x2ca616165816b04e, 0x74f73a3ae83acdd2, 0xd2066969b9696fd0, 0x124109092409482d, + 0xe0d77070dd70a7ad, 0x716fb6b6e2b6d954, 0xbd1ed0d067d0ceb7, 0xc7d6eded93ed3b7e, + 0x85e2cccc17cc2edb, 0x8468424215422a57, 0x2d2c98985a98b4c2, 0x55eda4a4aaa4490e, + 0x50752828a0285d88, 0xb8865c5c6d5cda31, 0xed6bf8f8c7f8933f, 0x11c28686228644a4, }, { - 0x7830d818, 0xaf462623, 0xf991b8c6, 0x6fcdfbe8, - 0xa113cb87, 0x626d11b8, 0x05020901, 0x6e9e0d4f, - 0xee6c9b36, 0x0451ffa6, 0xbdb90cd2, 0x06f70ef5, - 0x80f29679, 0xcede306f, 0xef3f6d91, 0x07a4f852, - 0xfdc04760, 0x766535bc, 0xcd2b379b, 0x8c018a8e, - 0x155bd2a3, 0x3c186c0c, 0x8af6847b, 0xe16a8035, - 0x693af51d, 0x47ddb3e0, 0xacb321d7, 0xed999cc2, - 0x965c432e, 0x7a96294b, 0x21e15dfe, 0x16aed557, - 0x412abd15, 0xb6eee877, 0xeb6e9237, 0x56d79ee5, - 0xd923139f, 0x17fd23f0, 0x7f94204a, 0x95a944da, - 0x25b0a258, 0xca8fcfc9, 0x8d527c29, 0x22145a0a, - 0x4f7f50b1, 0x1a5dc9a0, 0xdad6146b, 0xab17d985, - 0x73673cbd, 0x34ba8f5d, 0x50209010, 0x03f507f4, - 0xc08bddcb, 0xc67cd33e, 0x110a2d05, 0xe6ce7867, - 0x53d597e4, 0xbb4e0227, 0x58827341, 0x9d0ba78b, - 0x0153f6a7, 0x94fab27d, 0xfb374995, 0x9fad56d8, - 0x30eb70fb, 0x71c1cdee, 0x91f8bb7c, 0xe3cc7166, - 0x8ea77bdd, 0x4b2eaf17, 0x468e4547, 0xdc211a9e, - 0xc589d4ca, 0x995a582d, 0x79632ebf, 0x1b0e3f07, - 0x2347acad, 0x2fb4b05a, 0xb51bef83, 0xff66b633, - 0xf2c65c63, 0x0a041202, 0x384993aa, 0xa8e2de71, - 0xcf8dc6c8, 0x7d32d119, 0x70923b49, 0x9aaf5fd9, - 0x1df931f2, 0x48dba8e3, 0x2ab6b95b, 0x920dbc88, - 0xc8293e9a, 0xbe4c0b26, 0xfa64bf32, 0x4a7d59b0, - 0x6acff2e9, 0x331e770f, 0xa6b733d5, 0xba1df480, - 0x7c6127be, 0xde87ebcd, 0xe4688934, 0x75903248, - 0x24e354ff, 0x8ff48d7a, 0xea3d6490, 0x3ebe9d5f, - 0xa0403d20, 0xd5d00f68, 0x7234ca1a, 0x2c41b7ae, - 0x5e757db4, 0x19a8ce54, 0xe53b7f93, 0xaa442f22, - 0xe9c86364, 0x12ff2af1, 0xa2e6cc73, 0x5a248212, - 0x5d807a40, 0x28104808, 0xe89b95c3, 0x7bc5dfec, - 0x90ab4ddb, 0x1f5fc0a1, 0x8307918d, 0xc97ac83d, - 0xf1335b97, 0x00000000, 0xd483f9cf, 0x87566e2b, - 0xb3ece176, 0xb019e682, 0xa9b128d6, 0x7736c31b, - 0x5b7774b5, 0x2943beaf, 0xdfd41d6a, 0x0da0ea50, - 0x4c8a5745, 0x18fb38f3, 0xf060ad30, 0x74c3c4ef, - 0xc37eda3f, 0x1caac755, 0x1059dba2, 0x65c9e9ea, - 0xecca6a65, 0x686903ba, 0x935e4a2f, 0xe79d8ec0, - 0x81a160de, 0x6c38fc1c, 0x2ee746fd, 0x649a1f4d, - 0xe0397692, 0xbceafa75, 0x1e0c3606, 0x9809ae8a, - 0x40794bb2, 0x59d185e6, 0x361c7e0e, 0x633ee71f, - 0xf7c45562, 0xa3b53ad4, 0x324d81a8, 0xf4315296, - 0x3aef62f9, 0xf697a3c5, 0xb14a1025, 0x20b2ab59, - 0xae15d084, 0xa7e4c572, 0xdd72ec39, 0x6198164c, - 0x3bbc945e, 0x85f09f78, 0xd870e538, 0x8605988c, - 0xb2bf17d1, 0x0b57e4a5, 0x4dd9a1e2, 0xf8c24e61, - 0x457b42b3, 0xa5423421, 0xd625089c, 0x663cee1e, - 0x52866143, 0xfc93b1c7, 0x2be54ffc, 0x14082404, - 0x08a2e351, 0xc72f2599, 0xc4da226d, 0x391a650d, - 0x35e979fa, 0x84a369df, 0x9bfca97e, 0xb4481924, - 0xd776fe3b, 0x3d4b9aab, 0xd181f0ce, 0x55229911, - 0x8903838f, 0x6b9c044e, 0x517366b7, 0x60cbe0eb, - 0xcc78c13c, 0xbf1ffd81, 0xfe354094, 0x0cf31cf7, - 0x676f18b9, 0x5f268b13, 0x9c58512c, 0xb8bb05d3, - 0x5cd38ce7, 0xcbdc396e, 0xf395aac4, 0x0f061b03, - 0x13acdc56, 0x49885e44, 0x9efea07f, 0x374f88a9, - 0x8254672a, 0x6d6b0abb, 0xe29f87c1, 0x02a6f153, - 0x8ba572dc, 0x2716530b, 0xd327019d, 0xc1d82b6c, - 0xf562a431, 0xb9e8f374, 0x09f115f6, 0x438c4c46, - 0x2645a5ac, 0x970fb589, 0x4428b414, 0x42dfbae1, - 0x4e2ca616, 0xd274f73a, 0xd0d20669, 0x2d124109, - 0xade0d770, 0x54716fb6, 0xb7bd1ed0, 0x7ec7d6ed, - 0xdb85e2cc, 0x57846842, 0xc22d2c98, 0x0e55eda4, - 0x88507528, 0x31b8865c, 0x3fed6bf8, 0xa411c286, + 0x7830d818186018c0, 0xaf462623238c2305, 0xf991b8c6c63fc67e, 0x6fcdfbe8e887e813, + 0xa113cb878726874c, 0x626d11b8b8dab8a9, 0x0502090101040108, 0x6e9e0d4f4f214f42, + 0xee6c9b3636d836ad, 0x0451ffa6a6a2a659, 0xbdb90cd2d26fd2de, 0x06f70ef5f5f3f5fb, + 0x80f2967979f979ef, 0xcede306f6fa16f5f, 0xef3f6d91917e91fc, 0x07a4f852525552aa, + 0xfdc04760609d6027, 0x766535bcbccabc89, 0xcd2b379b9b569bac, 0x8c018a8e8e028e04, + 0x155bd2a3a3b6a371, 0x3c186c0c0c300c60, 0x8af6847b7bf17bff, 0xe16a803535d435b5, + 0x693af51d1d741de8, 0x47ddb3e0e0a7e053, 0xacb321d7d77bd7f6, 0xed999cc2c22fc25e, + 0x965c432e2eb82e6d, 0x7a96294b4b314b62, 0x21e15dfefedffea3, 0x16aed55757415782, + 0x412abd15155415a8, 0xb6eee87777c1779f, 0xeb6e923737dc37a5, 0x56d79ee5e5b3e57b, + 0xd923139f9f469f8c, 0x17fd23f0f0e7f0d3, 0x7f94204a4a354a6a, 0x95a944dada4fda9e, + 0x25b0a258587d58fa, 0xca8fcfc9c903c906, 0x8d527c2929a42955, 0x22145a0a0a280a50, + 0x4f7f50b1b1feb1e1, 0x1a5dc9a0a0baa069, 0xdad6146b6bb16b7f, 0xab17d985852e855c, + 0x73673cbdbdcebd81, 0x34ba8f5d5d695dd2, 0x5020901010401080, 0x03f507f4f4f7f4f3, + 0xc08bddcbcb0bcb16, 0xc67cd33e3ef83eed, 0x110a2d0505140528, 0xe6ce78676781671f, + 0x53d597e4e4b7e473, 0xbb4e0227279c2725, 0x5882734141194132, 0x9d0ba78b8b168b2c, + 0x0153f6a7a7a6a751, 0x94fab27d7de97dcf, 0xfb374995956e95dc, 0x9fad56d8d847d88e, + 0x30eb70fbfbcbfb8b, 0x71c1cdeeee9fee23, 0x91f8bb7c7ced7cc7, 0xe3cc716666856617, + 0x8ea77bdddd53dda6, 0x4b2eaf17175c17b8, 0x468e454747014702, 0xdc211a9e9e429e84, + 0xc589d4caca0fca1e, 0x995a582d2db42d75, 0x79632ebfbfc6bf91, 0x1b0e3f07071c0738, + 0x2347acadad8ead01, 0x2fb4b05a5a755aea, 0xb51bef838336836c, 0xff66b63333cc3385, + 0xf2c65c636391633f, 0x0a04120202080210, 0x384993aaaa92aa39, 0xa8e2de7171d971af, + 0xcf8dc6c8c807c80e, 0x7d32d119196419c8, 0x70923b4949394972, 0x9aaf5fd9d943d986, + 0x1df931f2f2eff2c3, 0x48dba8e3e3abe34b, 0x2ab6b95b5b715be2, 0x920dbc88881a8834, + 0xc8293e9a9a529aa4, 0xbe4c0b262698262d, 0xfa64bf3232c8328d, 0x4a7d59b0b0fab0e9, + 0x6acff2e9e983e91b, 0x331e770f0f3c0f78, 0xa6b733d5d573d5e6, 0xba1df480803a8074, + 0x7c6127bebec2be99, 0xde87ebcdcd13cd26, 0xe468893434d034bd, 0x75903248483d487a, + 0x24e354ffffdbffab, 0x8ff48d7a7af57af7, 0xea3d6490907a90f4, 0x3ebe9d5f5f615fc2, + 0xa0403d202080201d, 0xd5d00f6868bd6867, 0x7234ca1a1a681ad0, 0x2c41b7aeae82ae19, + 0x5e757db4b4eab4c9, 0x19a8ce54544d549a, 0xe53b7f93937693ec, 0xaa442f222288220d, + 0xe9c86364648d6407, 0x12ff2af1f1e3f1db, 0xa2e6cc7373d173bf, 0x5a24821212481290, + 0x5d807a40401d403a, 0x2810480808200840, 0xe89b95c3c32bc356, 0x7bc5dfecec97ec33, + 0x90ab4ddbdb4bdb96, 0x1f5fc0a1a1bea161, 0x8307918d8d0e8d1c, 0xc97ac83d3df43df5, + 0xf1335b97976697cc, 0x0000000000000000, 0xd483f9cfcf1bcf36, 0x87566e2b2bac2b45, + 0xb3ece17676c57697, 0xb019e68282328264, 0xa9b128d6d67fd6fe, 0x7736c31b1b6c1bd8, + 0x5b7774b5b5eeb5c1, 0x2943beafaf86af11, 0xdfd41d6a6ab56a77, 0x0da0ea50505d50ba, + 0x4c8a574545094512, 0x18fb38f3f3ebf3cb, 0xf060ad3030c0309d, 0x74c3c4efef9bef2b, + 0xc37eda3f3ffc3fe5, 0x1caac75555495592, 0x1059dba2a2b2a279, 0x65c9e9eaea8fea03, + 0xecca6a656589650f, 0x686903babad2bab9, 0x935e4a2f2fbc2f65, 0xe79d8ec0c027c04e, + 0x81a160dede5fdebe, 0x6c38fc1c1c701ce0, 0x2ee746fdfdd3fdbb, 0x649a1f4d4d294d52, + 0xe0397692927292e4, 0xbceafa7575c9758f, 0x1e0c360606180630, 0x9809ae8a8a128a24, + 0x40794bb2b2f2b2f9, 0x59d185e6e6bfe663, 0x361c7e0e0e380e70, 0x633ee71f1f7c1ff8, + 0xf7c4556262956237, 0xa3b53ad4d477d4ee, 0x324d81a8a89aa829, 0xf4315296966296c4, + 0x3aef62f9f9c3f99b, 0xf697a3c5c533c566, 0xb14a102525942535, 0x20b2ab59597959f2, + 0xae15d084842a8454, 0xa7e4c57272d572b7, 0xdd72ec3939e439d5, 0x6198164c4c2d4c5a, + 0x3bbc945e5e655eca, 0x85f09f7878fd78e7, 0xd870e53838e038dd, 0x8605988c8c0a8c14, + 0xb2bf17d1d163d1c6, 0x0b57e4a5a5aea541, 0x4dd9a1e2e2afe243, 0xf8c24e616199612f, + 0x457b42b3b3f6b3f1, 0xa542342121842115, 0xd625089c9c4a9c94, 0x663cee1e1e781ef0, + 0x5286614343114322, 0xfc93b1c7c73bc776, 0x2be54ffcfcd7fcb3, 0x1408240404100420, + 0x08a2e351515951b2, 0xc72f2599995e99bc, 0xc4da226d6da96d4f, 0x391a650d0d340d68, + 0x35e979fafacffa83, 0x84a369dfdf5bdfb6, 0x9bfca97e7ee57ed7, 0xb44819242490243d, + 0xd776fe3b3bec3bc5, 0x3d4b9aabab96ab31, 0xd181f0cece1fce3e, 0x5522991111441188, + 0x8903838f8f068f0c, 0x6b9c044e4e254e4a, 0x517366b7b7e6b7d1, 0x60cbe0ebeb8beb0b, + 0xcc78c13c3cf03cfd, 0xbf1ffd81813e817c, 0xfe354094946a94d4, 0x0cf31cf7f7fbf7eb, + 0x676f18b9b9deb9a1, 0x5f268b13134c1398, 0x9c58512c2cb02c7d, 0xb8bb05d3d36bd3d6, + 0x5cd38ce7e7bbe76b, 0xcbdc396e6ea56e57, 0xf395aac4c437c46e, 0x0f061b03030c0318, + 0x13acdc565645568a, 0x49885e44440d441a, 0x9efea07f7fe17fdf, 0x374f88a9a99ea921, + 0x8254672a2aa82a4d, 0x6d6b0abbbbd6bbb1, 0xe29f87c1c123c146, 0x02a6f153535153a2, + 0x8ba572dcdc57dcae, 0x2716530b0b2c0b58, 0xd327019d9d4e9d9c, 0xc1d82b6c6cad6c47, + 0xf562a43131c43195, 0xb9e8f37474cd7487, 0x09f115f6f6fff6e3, 0x438c4c464605460a, + 0x2645a5acac8aac09, 0x970fb589891e893c, 0x4428b414145014a0, 0x42dfbae1e1a3e15b, + 0x4e2ca616165816b0, 0xd274f73a3ae83acd, 0xd0d2066969b9696f, 0x2d12410909240948, + 0xade0d77070dd70a7, 0x54716fb6b6e2b6d9, 0xb7bd1ed0d067d0ce, 0x7ec7d6eded93ed3b, + 0xdb85e2cccc17cc2e, 0x578468424215422a, 0xc22d2c98985a98b4, 0x0e55eda4a4aaa449, + 0x8850752828a0285d, 0x31b8865c5c6d5cda, 0x3fed6bf8f8c7f893, 0xa411c28686228644, }, { - 0xc07830d8, 0x05af4626, 0x7ef991b8, 0x136fcdfb, - 0x4ca113cb, 0xa9626d11, 0x08050209, 0x426e9e0d, - 0xadee6c9b, 0x590451ff, 0xdebdb90c, 0xfb06f70e, - 0xef80f296, 0x5fcede30, 0xfcef3f6d, 0xaa07a4f8, - 0x27fdc047, 0x89766535, 0xaccd2b37, 0x048c018a, - 0x71155bd2, 0x603c186c, 0xff8af684, 0xb5e16a80, - 0xe8693af5, 0x5347ddb3, 0xf6acb321, 0x5eed999c, - 0x6d965c43, 0x627a9629, 0xa321e15d, 0x8216aed5, - 0xa8412abd, 0x9fb6eee8, 0xa5eb6e92, 0x7b56d79e, - 0x8cd92313, 0xd317fd23, 0x6a7f9420, 0x9e95a944, - 0xfa25b0a2, 0x06ca8fcf, 0x558d527c, 0x5022145a, - 0xe14f7f50, 0x691a5dc9, 0x7fdad614, 0x5cab17d9, - 0x8173673c, 0xd234ba8f, 0x80502090, 0xf303f507, - 0x16c08bdd, 0xedc67cd3, 0x28110a2d, 0x1fe6ce78, - 0x7353d597, 0x25bb4e02, 0x32588273, 0x2c9d0ba7, - 0x510153f6, 0xcf94fab2, 0xdcfb3749, 0x8e9fad56, - 0x8b30eb70, 0x2371c1cd, 0xc791f8bb, 0x17e3cc71, - 0xa68ea77b, 0xb84b2eaf, 0x02468e45, 0x84dc211a, - 0x1ec589d4, 0x75995a58, 0x9179632e, 0x381b0e3f, - 0x012347ac, 0xea2fb4b0, 0x6cb51bef, 0x85ff66b6, - 0x3ff2c65c, 0x100a0412, 0x39384993, 0xafa8e2de, - 0x0ecf8dc6, 0xc87d32d1, 0x7270923b, 0x869aaf5f, - 0xc31df931, 0x4b48dba8, 0xe22ab6b9, 0x34920dbc, - 0xa4c8293e, 0x2dbe4c0b, 0x8dfa64bf, 0xe94a7d59, - 0x1b6acff2, 0x78331e77, 0xe6a6b733, 0x74ba1df4, - 0x997c6127, 0x26de87eb, 0xbde46889, 0x7a759032, - 0xab24e354, 0xf78ff48d, 0xf4ea3d64, 0xc23ebe9d, - 0x1da0403d, 0x67d5d00f, 0xd07234ca, 0x192c41b7, - 0xc95e757d, 0x9a19a8ce, 0xece53b7f, 0x0daa442f, - 0x07e9c863, 0xdb12ff2a, 0xbfa2e6cc, 0x905a2482, - 0x3a5d807a, 0x40281048, 0x56e89b95, 0x337bc5df, - 0x9690ab4d, 0x611f5fc0, 0x1c830791, 0xf5c97ac8, - 0xccf1335b, 0x00000000, 0x36d483f9, 0x4587566e, - 0x97b3ece1, 0x64b019e6, 0xfea9b128, 0xd87736c3, - 0xc15b7774, 0x112943be, 0x77dfd41d, 0xba0da0ea, - 0x124c8a57, 0xcb18fb38, 0x9df060ad, 0x2b74c3c4, - 0xe5c37eda, 0x921caac7, 0x791059db, 0x0365c9e9, - 0x0fecca6a, 0xb9686903, 0x65935e4a, 0x4ee79d8e, - 0xbe81a160, 0xe06c38fc, 0xbb2ee746, 0x52649a1f, - 0xe4e03976, 0x8fbceafa, 0x301e0c36, 0x249809ae, - 0xf940794b, 0x6359d185, 0x70361c7e, 0xf8633ee7, - 0x37f7c455, 0xeea3b53a, 0x29324d81, 0xc4f43152, - 0x9b3aef62, 0x66f697a3, 0x35b14a10, 0xf220b2ab, - 0x54ae15d0, 0xb7a7e4c5, 0xd5dd72ec, 0x5a619816, - 0xca3bbc94, 0xe785f09f, 0xddd870e5, 0x14860598, - 0xc6b2bf17, 0x410b57e4, 0x434dd9a1, 0x2ff8c24e, - 0xf1457b42, 0x15a54234, 0x94d62508, 0xf0663cee, - 0x22528661, 0x76fc93b1, 0xb32be54f, 0x20140824, - 0xb208a2e3, 0xbcc72f25, 0x4fc4da22, 0x68391a65, - 0x8335e979, 0xb684a369, 0xd79bfca9, 0x3db44819, - 0xc5d776fe, 0x313d4b9a, 0x3ed181f0, 0x88552299, - 0x0c890383, 0x4a6b9c04, 0xd1517366, 0x0b60cbe0, - 0xfdcc78c1, 0x7cbf1ffd, 0xd4fe3540, 0xeb0cf31c, - 0xa1676f18, 0x985f268b, 0x7d9c5851, 0xd6b8bb05, - 0x6b5cd38c, 0x57cbdc39, 0x6ef395aa, 0x180f061b, - 0x8a13acdc, 0x1a49885e, 0xdf9efea0, 0x21374f88, - 0x4d825467, 0xb16d6b0a, 0x46e29f87, 0xa202a6f1, - 0xae8ba572, 0x58271653, 0x9cd32701, 0x47c1d82b, - 0x95f562a4, 0x87b9e8f3, 0xe309f115, 0x0a438c4c, - 0x092645a5, 0x3c970fb5, 0xa04428b4, 0x5b42dfba, - 0xb04e2ca6, 0xcdd274f7, 0x6fd0d206, 0x482d1241, - 0xa7ade0d7, 0xd954716f, 0xceb7bd1e, 0x3b7ec7d6, - 0x2edb85e2, 0x2a578468, 0xb4c22d2c, 0x490e55ed, - 0x5d885075, 0xda31b886, 0x933fed6b, 0x44a411c2, + 0xc07830d818186018, 0x05af462623238c23, 0x7ef991b8c6c63fc6, 0x136fcdfbe8e887e8, + 0x4ca113cb87872687, 0xa9626d11b8b8dab8, 0x0805020901010401, 0x426e9e0d4f4f214f, + 0xadee6c9b3636d836, 0x590451ffa6a6a2a6, 0xdebdb90cd2d26fd2, 0xfb06f70ef5f5f3f5, + 0xef80f2967979f979, 0x5fcede306f6fa16f, 0xfcef3f6d91917e91, 0xaa07a4f852525552, + 0x27fdc04760609d60, 0x89766535bcbccabc, 0xaccd2b379b9b569b, 0x048c018a8e8e028e, + 0x71155bd2a3a3b6a3, 0x603c186c0c0c300c, 0xff8af6847b7bf17b, 0xb5e16a803535d435, + 0xe8693af51d1d741d, 0x5347ddb3e0e0a7e0, 0xf6acb321d7d77bd7, 0x5eed999cc2c22fc2, + 0x6d965c432e2eb82e, 0x627a96294b4b314b, 0xa321e15dfefedffe, 0x8216aed557574157, + 0xa8412abd15155415, 0x9fb6eee87777c177, 0xa5eb6e923737dc37, 0x7b56d79ee5e5b3e5, + 0x8cd923139f9f469f, 0xd317fd23f0f0e7f0, 0x6a7f94204a4a354a, 0x9e95a944dada4fda, + 0xfa25b0a258587d58, 0x06ca8fcfc9c903c9, 0x558d527c2929a429, 0x5022145a0a0a280a, + 0xe14f7f50b1b1feb1, 0x691a5dc9a0a0baa0, 0x7fdad6146b6bb16b, 0x5cab17d985852e85, + 0x8173673cbdbdcebd, 0xd234ba8f5d5d695d, 0x8050209010104010, 0xf303f507f4f4f7f4, + 0x16c08bddcbcb0bcb, 0xedc67cd33e3ef83e, 0x28110a2d05051405, 0x1fe6ce7867678167, + 0x7353d597e4e4b7e4, 0x25bb4e0227279c27, 0x3258827341411941, 0x2c9d0ba78b8b168b, + 0x510153f6a7a7a6a7, 0xcf94fab27d7de97d, 0xdcfb374995956e95, 0x8e9fad56d8d847d8, + 0x8b30eb70fbfbcbfb, 0x2371c1cdeeee9fee, 0xc791f8bb7c7ced7c, 0x17e3cc7166668566, + 0xa68ea77bdddd53dd, 0xb84b2eaf17175c17, 0x02468e4547470147, 0x84dc211a9e9e429e, + 0x1ec589d4caca0fca, 0x75995a582d2db42d, 0x9179632ebfbfc6bf, 0x381b0e3f07071c07, + 0x012347acadad8ead, 0xea2fb4b05a5a755a, 0x6cb51bef83833683, 0x85ff66b63333cc33, + 0x3ff2c65c63639163, 0x100a041202020802, 0x39384993aaaa92aa, 0xafa8e2de7171d971, + 0x0ecf8dc6c8c807c8, 0xc87d32d119196419, 0x7270923b49493949, 0x869aaf5fd9d943d9, + 0xc31df931f2f2eff2, 0x4b48dba8e3e3abe3, 0xe22ab6b95b5b715b, 0x34920dbc88881a88, + 0xa4c8293e9a9a529a, 0x2dbe4c0b26269826, 0x8dfa64bf3232c832, 0xe94a7d59b0b0fab0, + 0x1b6acff2e9e983e9, 0x78331e770f0f3c0f, 0xe6a6b733d5d573d5, 0x74ba1df480803a80, + 0x997c6127bebec2be, 0x26de87ebcdcd13cd, 0xbde468893434d034, 0x7a75903248483d48, + 0xab24e354ffffdbff, 0xf78ff48d7a7af57a, 0xf4ea3d6490907a90, 0xc23ebe9d5f5f615f, + 0x1da0403d20208020, 0x67d5d00f6868bd68, 0xd07234ca1a1a681a, 0x192c41b7aeae82ae, + 0xc95e757db4b4eab4, 0x9a19a8ce54544d54, 0xece53b7f93937693, 0x0daa442f22228822, + 0x07e9c86364648d64, 0xdb12ff2af1f1e3f1, 0xbfa2e6cc7373d173, 0x905a248212124812, + 0x3a5d807a40401d40, 0x4028104808082008, 0x56e89b95c3c32bc3, 0x337bc5dfecec97ec, + 0x9690ab4ddbdb4bdb, 0x611f5fc0a1a1bea1, 0x1c8307918d8d0e8d, 0xf5c97ac83d3df43d, + 0xccf1335b97976697, 0x0000000000000000, 0x36d483f9cfcf1bcf, 0x4587566e2b2bac2b, + 0x97b3ece17676c576, 0x64b019e682823282, 0xfea9b128d6d67fd6, 0xd87736c31b1b6c1b, + 0xc15b7774b5b5eeb5, 0x112943beafaf86af, 0x77dfd41d6a6ab56a, 0xba0da0ea50505d50, + 0x124c8a5745450945, 0xcb18fb38f3f3ebf3, 0x9df060ad3030c030, 0x2b74c3c4efef9bef, + 0xe5c37eda3f3ffc3f, 0x921caac755554955, 0x791059dba2a2b2a2, 0x0365c9e9eaea8fea, + 0x0fecca6a65658965, 0xb9686903babad2ba, 0x65935e4a2f2fbc2f, 0x4ee79d8ec0c027c0, + 0xbe81a160dede5fde, 0xe06c38fc1c1c701c, 0xbb2ee746fdfdd3fd, 0x52649a1f4d4d294d, + 0xe4e0397692927292, 0x8fbceafa7575c975, 0x301e0c3606061806, 0x249809ae8a8a128a, + 0xf940794bb2b2f2b2, 0x6359d185e6e6bfe6, 0x70361c7e0e0e380e, 0xf8633ee71f1f7c1f, + 0x37f7c45562629562, 0xeea3b53ad4d477d4, 0x29324d81a8a89aa8, 0xc4f4315296966296, + 0x9b3aef62f9f9c3f9, 0x66f697a3c5c533c5, 0x35b14a1025259425, 0xf220b2ab59597959, + 0x54ae15d084842a84, 0xb7a7e4c57272d572, 0xd5dd72ec3939e439, 0x5a6198164c4c2d4c, + 0xca3bbc945e5e655e, 0xe785f09f7878fd78, 0xddd870e53838e038, 0x148605988c8c0a8c, + 0xc6b2bf17d1d163d1, 0x410b57e4a5a5aea5, 0x434dd9a1e2e2afe2, 0x2ff8c24e61619961, + 0xf1457b42b3b3f6b3, 0x15a5423421218421, 0x94d625089c9c4a9c, 0xf0663cee1e1e781e, + 0x2252866143431143, 0x76fc93b1c7c73bc7, 0xb32be54ffcfcd7fc, 0x2014082404041004, + 0xb208a2e351515951, 0xbcc72f2599995e99, 0x4fc4da226d6da96d, 0x68391a650d0d340d, + 0x8335e979fafacffa, 0xb684a369dfdf5bdf, 0xd79bfca97e7ee57e, 0x3db4481924249024, + 0xc5d776fe3b3bec3b, 0x313d4b9aabab96ab, 0x3ed181f0cece1fce, 0x8855229911114411, + 0x0c8903838f8f068f, 0x4a6b9c044e4e254e, 0xd1517366b7b7e6b7, 0x0b60cbe0ebeb8beb, + 0xfdcc78c13c3cf03c, 0x7cbf1ffd81813e81, 0xd4fe354094946a94, 0xeb0cf31cf7f7fbf7, + 0xa1676f18b9b9deb9, 0x985f268b13134c13, 0x7d9c58512c2cb02c, 0xd6b8bb05d3d36bd3, + 0x6b5cd38ce7e7bbe7, 0x57cbdc396e6ea56e, 0x6ef395aac4c437c4, 0x180f061b03030c03, + 0x8a13acdc56564556, 0x1a49885e44440d44, 0xdf9efea07f7fe17f, 0x21374f88a9a99ea9, + 0x4d8254672a2aa82a, 0xb16d6b0abbbbd6bb, 0x46e29f87c1c123c1, 0xa202a6f153535153, + 0xae8ba572dcdc57dc, 0x582716530b0b2c0b, 0x9cd327019d9d4e9d, 0x47c1d82b6c6cad6c, + 0x95f562a43131c431, 0x87b9e8f37474cd74, 0xe309f115f6f6fff6, 0x0a438c4c46460546, + 0x092645a5acac8aac, 0x3c970fb589891e89, 0xa04428b414145014, 0x5b42dfbae1e1a3e1, + 0xb04e2ca616165816, 0xcdd274f73a3ae83a, 0x6fd0d2066969b969, 0x482d124109092409, + 0xa7ade0d77070dd70, 0xd954716fb6b6e2b6, 0xceb7bd1ed0d067d0, 0x3b7ec7d6eded93ed, + 0x2edb85e2cccc17cc, 0x2a57846842421542, 0xb4c22d2c98985a98, 0x490e55eda4a4aaa4, + 0x5d8850752828a028, 0xda31b8865c5c6d5c, 0x933fed6bf8f8c7f8, 0x44a411c286862286, }, { - 0x18c07830, 0x2305af46, 0xc67ef991, 0xe8136fcd, - 0x874ca113, 0xb8a9626d, 0x01080502, 0x4f426e9e, - 0x36adee6c, 0xa6590451, 0xd2debdb9, 0xf5fb06f7, - 0x79ef80f2, 0x6f5fcede, 0x91fcef3f, 0x52aa07a4, - 0x6027fdc0, 0xbc897665, 0x9baccd2b, 0x8e048c01, - 0xa371155b, 0x0c603c18, 0x7bff8af6, 0x35b5e16a, - 0x1de8693a, 0xe05347dd, 0xd7f6acb3, 0xc25eed99, - 0x2e6d965c, 0x4b627a96, 0xfea321e1, 0x578216ae, - 0x15a8412a, 0x779fb6ee, 0x37a5eb6e, 0xe57b56d7, - 0x9f8cd923, 0xf0d317fd, 0x4a6a7f94, 0xda9e95a9, - 0x58fa25b0, 0xc906ca8f, 0x29558d52, 0x0a502214, - 0xb1e14f7f, 0xa0691a5d, 0x6b7fdad6, 0x855cab17, - 0xbd817367, 0x5dd234ba, 0x10805020, 0xf4f303f5, - 0xcb16c08b, 0x3eedc67c, 0x0528110a, 0x671fe6ce, - 0xe47353d5, 0x2725bb4e, 0x41325882, 0x8b2c9d0b, - 0xa7510153, 0x7dcf94fa, 0x95dcfb37, 0xd88e9fad, - 0xfb8b30eb, 0xee2371c1, 0x7cc791f8, 0x6617e3cc, - 0xdda68ea7, 0x17b84b2e, 0x4702468e, 0x9e84dc21, - 0xca1ec589, 0x2d75995a, 0xbf917963, 0x07381b0e, - 0xad012347, 0x5aea2fb4, 0x836cb51b, 0x3385ff66, - 0x633ff2c6, 0x02100a04, 0xaa393849, 0x71afa8e2, - 0xc80ecf8d, 0x19c87d32, 0x49727092, 0xd9869aaf, - 0xf2c31df9, 0xe34b48db, 0x5be22ab6, 0x8834920d, - 0x9aa4c829, 0x262dbe4c, 0x328dfa64, 0xb0e94a7d, - 0xe91b6acf, 0x0f78331e, 0xd5e6a6b7, 0x8074ba1d, - 0xbe997c61, 0xcd26de87, 0x34bde468, 0x487a7590, - 0xffab24e3, 0x7af78ff4, 0x90f4ea3d, 0x5fc23ebe, - 0x201da040, 0x6867d5d0, 0x1ad07234, 0xae192c41, - 0xb4c95e75, 0x549a19a8, 0x93ece53b, 0x220daa44, - 0x6407e9c8, 0xf1db12ff, 0x73bfa2e6, 0x12905a24, - 0x403a5d80, 0x08402810, 0xc356e89b, 0xec337bc5, - 0xdb9690ab, 0xa1611f5f, 0x8d1c8307, 0x3df5c97a, - 0x97ccf133, 0x00000000, 0xcf36d483, 0x2b458756, - 0x7697b3ec, 0x8264b019, 0xd6fea9b1, 0x1bd87736, - 0xb5c15b77, 0xaf112943, 0x6a77dfd4, 0x50ba0da0, - 0x45124c8a, 0xf3cb18fb, 0x309df060, 0xef2b74c3, - 0x3fe5c37e, 0x55921caa, 0xa2791059, 0xea0365c9, - 0x650fecca, 0xbab96869, 0x2f65935e, 0xc04ee79d, - 0xdebe81a1, 0x1ce06c38, 0xfdbb2ee7, 0x4d52649a, - 0x92e4e039, 0x758fbcea, 0x06301e0c, 0x8a249809, - 0xb2f94079, 0xe66359d1, 0x0e70361c, 0x1ff8633e, - 0x6237f7c4, 0xd4eea3b5, 0xa829324d, 0x96c4f431, - 0xf99b3aef, 0xc566f697, 0x2535b14a, 0x59f220b2, - 0x8454ae15, 0x72b7a7e4, 0x39d5dd72, 0x4c5a6198, - 0x5eca3bbc, 0x78e785f0, 0x38ddd870, 0x8c148605, - 0xd1c6b2bf, 0xa5410b57, 0xe2434dd9, 0x612ff8c2, - 0xb3f1457b, 0x2115a542, 0x9c94d625, 0x1ef0663c, - 0x43225286, 0xc776fc93, 0xfcb32be5, 0x04201408, - 0x51b208a2, 0x99bcc72f, 0x6d4fc4da, 0x0d68391a, - 0xfa8335e9, 0xdfb684a3, 0x7ed79bfc, 0x243db448, - 0x3bc5d776, 0xab313d4b, 0xce3ed181, 0x11885522, - 0x8f0c8903, 0x4e4a6b9c, 0xb7d15173, 0xeb0b60cb, - 0x3cfdcc78, 0x817cbf1f, 0x94d4fe35, 0xf7eb0cf3, - 0xb9a1676f, 0x13985f26, 0x2c7d9c58, 0xd3d6b8bb, - 0xe76b5cd3, 0x6e57cbdc, 0xc46ef395, 0x03180f06, - 0x568a13ac, 0x441a4988, 0x7fdf9efe, 0xa921374f, - 0x2a4d8254, 0xbbb16d6b, 0xc146e29f, 0x53a202a6, - 0xdcae8ba5, 0x0b582716, 0x9d9cd327, 0x6c47c1d8, - 0x3195f562, 0x7487b9e8, 0xf6e309f1, 0x460a438c, - 0xac092645, 0x893c970f, 0x14a04428, 0xe15b42df, - 0x16b04e2c, 0x3acdd274, 0x696fd0d2, 0x09482d12, - 0x70a7ade0, 0xb6d95471, 0xd0ceb7bd, 0xed3b7ec7, - 0xcc2edb85, 0x422a5784, 0x98b4c22d, 0xa4490e55, - 0x285d8850, 0x5cda31b8, 0xf8933fed, 0x8644a411, + 0x18c07830d8181860, 0x2305af462623238c, 0xc67ef991b8c6c63f, 0xe8136fcdfbe8e887, + 0x874ca113cb878726, 0xb8a9626d11b8b8da, 0x0108050209010104, 0x4f426e9e0d4f4f21, + 0x36adee6c9b3636d8, 0xa6590451ffa6a6a2, 0xd2debdb90cd2d26f, 0xf5fb06f70ef5f5f3, + 0x79ef80f2967979f9, 0x6f5fcede306f6fa1, 0x91fcef3f6d91917e, 0x52aa07a4f8525255, + 0x6027fdc04760609d, 0xbc89766535bcbcca, 0x9baccd2b379b9b56, 0x8e048c018a8e8e02, + 0xa371155bd2a3a3b6, 0x0c603c186c0c0c30, 0x7bff8af6847b7bf1, 0x35b5e16a803535d4, + 0x1de8693af51d1d74, 0xe05347ddb3e0e0a7, 0xd7f6acb321d7d77b, 0xc25eed999cc2c22f, + 0x2e6d965c432e2eb8, 0x4b627a96294b4b31, 0xfea321e15dfefedf, 0x578216aed5575741, + 0x15a8412abd151554, 0x779fb6eee87777c1, 0x37a5eb6e923737dc, 0xe57b56d79ee5e5b3, + 0x9f8cd923139f9f46, 0xf0d317fd23f0f0e7, 0x4a6a7f94204a4a35, 0xda9e95a944dada4f, + 0x58fa25b0a258587d, 0xc906ca8fcfc9c903, 0x29558d527c2929a4, 0x0a5022145a0a0a28, + 0xb1e14f7f50b1b1fe, 0xa0691a5dc9a0a0ba, 0x6b7fdad6146b6bb1, 0x855cab17d985852e, + 0xbd8173673cbdbdce, 0x5dd234ba8f5d5d69, 0x1080502090101040, 0xf4f303f507f4f4f7, + 0xcb16c08bddcbcb0b, 0x3eedc67cd33e3ef8, 0x0528110a2d050514, 0x671fe6ce78676781, + 0xe47353d597e4e4b7, 0x2725bb4e0227279c, 0x4132588273414119, 0x8b2c9d0ba78b8b16, + 0xa7510153f6a7a7a6, 0x7dcf94fab27d7de9, 0x95dcfb374995956e, 0xd88e9fad56d8d847, + 0xfb8b30eb70fbfbcb, 0xee2371c1cdeeee9f, 0x7cc791f8bb7c7ced, 0x6617e3cc71666685, + 0xdda68ea77bdddd53, 0x17b84b2eaf17175c, 0x4702468e45474701, 0x9e84dc211a9e9e42, + 0xca1ec589d4caca0f, 0x2d75995a582d2db4, 0xbf9179632ebfbfc6, 0x07381b0e3f07071c, + 0xad012347acadad8e, 0x5aea2fb4b05a5a75, 0x836cb51bef838336, 0x3385ff66b63333cc, + 0x633ff2c65c636391, 0x02100a0412020208, 0xaa39384993aaaa92, 0x71afa8e2de7171d9, + 0xc80ecf8dc6c8c807, 0x19c87d32d1191964, 0x497270923b494939, 0xd9869aaf5fd9d943, + 0xf2c31df931f2f2ef, 0xe34b48dba8e3e3ab, 0x5be22ab6b95b5b71, 0x8834920dbc88881a, + 0x9aa4c8293e9a9a52, 0x262dbe4c0b262698, 0x328dfa64bf3232c8, 0xb0e94a7d59b0b0fa, + 0xe91b6acff2e9e983, 0x0f78331e770f0f3c, 0xd5e6a6b733d5d573, 0x8074ba1df480803a, + 0xbe997c6127bebec2, 0xcd26de87ebcdcd13, 0x34bde468893434d0, 0x487a75903248483d, + 0xffab24e354ffffdb, 0x7af78ff48d7a7af5, 0x90f4ea3d6490907a, 0x5fc23ebe9d5f5f61, + 0x201da0403d202080, 0x6867d5d00f6868bd, 0x1ad07234ca1a1a68, 0xae192c41b7aeae82, + 0xb4c95e757db4b4ea, 0x549a19a8ce54544d, 0x93ece53b7f939376, 0x220daa442f222288, + 0x6407e9c86364648d, 0xf1db12ff2af1f1e3, 0x73bfa2e6cc7373d1, 0x12905a2482121248, + 0x403a5d807a40401d, 0x0840281048080820, 0xc356e89b95c3c32b, 0xec337bc5dfecec97, + 0xdb9690ab4ddbdb4b, 0xa1611f5fc0a1a1be, 0x8d1c8307918d8d0e, 0x3df5c97ac83d3df4, + 0x97ccf1335b979766, 0x0000000000000000, 0xcf36d483f9cfcf1b, 0x2b4587566e2b2bac, + 0x7697b3ece17676c5, 0x8264b019e6828232, 0xd6fea9b128d6d67f, 0x1bd87736c31b1b6c, + 0xb5c15b7774b5b5ee, 0xaf112943beafaf86, 0x6a77dfd41d6a6ab5, 0x50ba0da0ea50505d, + 0x45124c8a57454509, 0xf3cb18fb38f3f3eb, 0x309df060ad3030c0, 0xef2b74c3c4efef9b, + 0x3fe5c37eda3f3ffc, 0x55921caac7555549, 0xa2791059dba2a2b2, 0xea0365c9e9eaea8f, + 0x650fecca6a656589, 0xbab9686903babad2, 0x2f65935e4a2f2fbc, 0xc04ee79d8ec0c027, + 0xdebe81a160dede5f, 0x1ce06c38fc1c1c70, 0xfdbb2ee746fdfdd3, 0x4d52649a1f4d4d29, + 0x92e4e03976929272, 0x758fbceafa7575c9, 0x06301e0c36060618, 0x8a249809ae8a8a12, + 0xb2f940794bb2b2f2, 0xe66359d185e6e6bf, 0x0e70361c7e0e0e38, 0x1ff8633ee71f1f7c, + 0x6237f7c455626295, 0xd4eea3b53ad4d477, 0xa829324d81a8a89a, 0x96c4f43152969662, + 0xf99b3aef62f9f9c3, 0xc566f697a3c5c533, 0x2535b14a10252594, 0x59f220b2ab595979, + 0x8454ae15d084842a, 0x72b7a7e4c57272d5, 0x39d5dd72ec3939e4, 0x4c5a6198164c4c2d, + 0x5eca3bbc945e5e65, 0x78e785f09f7878fd, 0x38ddd870e53838e0, 0x8c148605988c8c0a, + 0xd1c6b2bf17d1d163, 0xa5410b57e4a5a5ae, 0xe2434dd9a1e2e2af, 0x612ff8c24e616199, + 0xb3f1457b42b3b3f6, 0x2115a54234212184, 0x9c94d625089c9c4a, 0x1ef0663cee1e1e78, + 0x4322528661434311, 0xc776fc93b1c7c73b, 0xfcb32be54ffcfcd7, 0x0420140824040410, + 0x51b208a2e3515159, 0x99bcc72f2599995e, 0x6d4fc4da226d6da9, 0x0d68391a650d0d34, + 0xfa8335e979fafacf, 0xdfb684a369dfdf5b, 0x7ed79bfca97e7ee5, 0x243db44819242490, + 0x3bc5d776fe3b3bec, 0xab313d4b9aabab96, 0xce3ed181f0cece1f, 0x1188552299111144, + 0x8f0c8903838f8f06, 0x4e4a6b9c044e4e25, 0xb7d1517366b7b7e6, 0xeb0b60cbe0ebeb8b, + 0x3cfdcc78c13c3cf0, 0x817cbf1ffd81813e, 0x94d4fe354094946a, 0xf7eb0cf31cf7f7fb, + 0xb9a1676f18b9b9de, 0x13985f268b13134c, 0x2c7d9c58512c2cb0, 0xd3d6b8bb05d3d36b, + 0xe76b5cd38ce7e7bb, 0x6e57cbdc396e6ea5, 0xc46ef395aac4c437, 0x03180f061b03030c, + 0x568a13acdc565645, 0x441a49885e44440d, 0x7fdf9efea07f7fe1, 0xa921374f88a9a99e, + 0x2a4d8254672a2aa8, 0xbbb16d6b0abbbbd6, 0xc146e29f87c1c123, 0x53a202a6f1535351, + 0xdcae8ba572dcdc57, 0x0b582716530b0b2c, 0x9d9cd327019d9d4e, 0x6c47c1d82b6c6cad, + 0x3195f562a43131c4, 0x7487b9e8f37474cd, 0xf6e309f115f6f6ff, 0x460a438c4c464605, + 0xac092645a5acac8a, 0x893c970fb589891e, 0x14a04428b4141450, 0xe15b42dfbae1e1a3, + 0x16b04e2ca6161658, 0x3acdd274f73a3ae8, 0x696fd0d2066969b9, 0x09482d1241090924, + 0x70a7ade0d77070dd, 0xb6d954716fb6b6e2, 0xd0ceb7bd1ed0d067, 0xed3b7ec7d6eded93, + 0xcc2edb85e2cccc17, 0x422a578468424215, 0x98b4c22d2c98985a, 0xa4490e55eda4a4aa, + 0x285d8850752828a0, 0x5cda31b8865c5c6d, 0xf8933fed6bf8f8c7, 0x8644a411c2868622, }, { - 0x6018c078, 0x8c2305af, 0x3fc67ef9, 0x87e8136f, - 0x26874ca1, 0xdab8a962, 0x04010805, 0x214f426e, - 0xd836adee, 0xa2a65904, 0x6fd2debd, 0xf3f5fb06, - 0xf979ef80, 0xa16f5fce, 0x7e91fcef, 0x5552aa07, - 0x9d6027fd, 0xcabc8976, 0x569baccd, 0x028e048c, - 0xb6a37115, 0x300c603c, 0xf17bff8a, 0xd435b5e1, - 0x741de869, 0xa7e05347, 0x7bd7f6ac, 0x2fc25eed, - 0xb82e6d96, 0x314b627a, 0xdffea321, 0x41578216, - 0x5415a841, 0xc1779fb6, 0xdc37a5eb, 0xb3e57b56, - 0x469f8cd9, 0xe7f0d317, 0x354a6a7f, 0x4fda9e95, - 0x7d58fa25, 0x03c906ca, 0xa429558d, 0x280a5022, - 0xfeb1e14f, 0xbaa0691a, 0xb16b7fda, 0x2e855cab, - 0xcebd8173, 0x695dd234, 0x40108050, 0xf7f4f303, - 0x0bcb16c0, 0xf83eedc6, 0x14052811, 0x81671fe6, - 0xb7e47353, 0x9c2725bb, 0x19413258, 0x168b2c9d, - 0xa6a75101, 0xe97dcf94, 0x6e95dcfb, 0x47d88e9f, - 0xcbfb8b30, 0x9fee2371, 0xed7cc791, 0x856617e3, - 0x53dda68e, 0x5c17b84b, 0x01470246, 0x429e84dc, - 0x0fca1ec5, 0xb42d7599, 0xc6bf9179, 0x1c07381b, - 0x8ead0123, 0x755aea2f, 0x36836cb5, 0xcc3385ff, - 0x91633ff2, 0x0802100a, 0x92aa3938, 0xd971afa8, - 0x07c80ecf, 0x6419c87d, 0x39497270, 0x43d9869a, - 0xeff2c31d, 0xabe34b48, 0x715be22a, 0x1a883492, - 0x529aa4c8, 0x98262dbe, 0xc8328dfa, 0xfab0e94a, - 0x83e91b6a, 0x3c0f7833, 0x73d5e6a6, 0x3a8074ba, - 0xc2be997c, 0x13cd26de, 0xd034bde4, 0x3d487a75, - 0xdbffab24, 0xf57af78f, 0x7a90f4ea, 0x615fc23e, - 0x80201da0, 0xbd6867d5, 0x681ad072, 0x82ae192c, - 0xeab4c95e, 0x4d549a19, 0x7693ece5, 0x88220daa, - 0x8d6407e9, 0xe3f1db12, 0xd173bfa2, 0x4812905a, - 0x1d403a5d, 0x20084028, 0x2bc356e8, 0x97ec337b, - 0x4bdb9690, 0xbea1611f, 0x0e8d1c83, 0xf43df5c9, - 0x6697ccf1, 0x00000000, 0x1bcf36d4, 0xac2b4587, - 0xc57697b3, 0x328264b0, 0x7fd6fea9, 0x6c1bd877, - 0xeeb5c15b, 0x86af1129, 0xb56a77df, 0x5d50ba0d, - 0x0945124c, 0xebf3cb18, 0xc0309df0, 0x9bef2b74, - 0xfc3fe5c3, 0x4955921c, 0xb2a27910, 0x8fea0365, - 0x89650fec, 0xd2bab968, 0xbc2f6593, 0x27c04ee7, - 0x5fdebe81, 0x701ce06c, 0xd3fdbb2e, 0x294d5264, - 0x7292e4e0, 0xc9758fbc, 0x1806301e, 0x128a2498, - 0xf2b2f940, 0xbfe66359, 0x380e7036, 0x7c1ff863, - 0x956237f7, 0x77d4eea3, 0x9aa82932, 0x6296c4f4, - 0xc3f99b3a, 0x33c566f6, 0x942535b1, 0x7959f220, - 0x2a8454ae, 0xd572b7a7, 0xe439d5dd, 0x2d4c5a61, - 0x655eca3b, 0xfd78e785, 0xe038ddd8, 0x0a8c1486, - 0x63d1c6b2, 0xaea5410b, 0xafe2434d, 0x99612ff8, - 0xf6b3f145, 0x842115a5, 0x4a9c94d6, 0x781ef066, - 0x11432252, 0x3bc776fc, 0xd7fcb32b, 0x10042014, - 0x5951b208, 0x5e99bcc7, 0xa96d4fc4, 0x340d6839, - 0xcffa8335, 0x5bdfb684, 0xe57ed79b, 0x90243db4, - 0xec3bc5d7, 0x96ab313d, 0x1fce3ed1, 0x44118855, - 0x068f0c89, 0x254e4a6b, 0xe6b7d151, 0x8beb0b60, - 0xf03cfdcc, 0x3e817cbf, 0x6a94d4fe, 0xfbf7eb0c, - 0xdeb9a167, 0x4c13985f, 0xb02c7d9c, 0x6bd3d6b8, - 0xbbe76b5c, 0xa56e57cb, 0x37c46ef3, 0x0c03180f, - 0x45568a13, 0x0d441a49, 0xe17fdf9e, 0x9ea92137, - 0xa82a4d82, 0xd6bbb16d, 0x23c146e2, 0x5153a202, - 0x57dcae8b, 0x2c0b5827, 0x4e9d9cd3, 0xad6c47c1, - 0xc43195f5, 0xcd7487b9, 0xfff6e309, 0x05460a43, - 0x8aac0926, 0x1e893c97, 0x5014a044, 0xa3e15b42, - 0x5816b04e, 0xe83acdd2, 0xb9696fd0, 0x2409482d, - 0xdd70a7ad, 0xe2b6d954, 0x67d0ceb7, 0x93ed3b7e, - 0x17cc2edb, 0x15422a57, 0x5a98b4c2, 0xaaa4490e, - 0xa0285d88, 0x6d5cda31, 0xc7f8933f, 0x228644a4, + 0x6018c07830d81818, 0x8c2305af46262323, 0x3fc67ef991b8c6c6, 0x87e8136fcdfbe8e8, + 0x26874ca113cb8787, 0xdab8a9626d11b8b8, 0x0401080502090101, 0x214f426e9e0d4f4f, + 0xd836adee6c9b3636, 0xa2a6590451ffa6a6, 0x6fd2debdb90cd2d2, 0xf3f5fb06f70ef5f5, + 0xf979ef80f2967979, 0xa16f5fcede306f6f, 0x7e91fcef3f6d9191, 0x5552aa07a4f85252, + 0x9d6027fdc0476060, 0xcabc89766535bcbc, 0x569baccd2b379b9b, 0x028e048c018a8e8e, + 0xb6a371155bd2a3a3, 0x300c603c186c0c0c, 0xf17bff8af6847b7b, 0xd435b5e16a803535, + 0x741de8693af51d1d, 0xa7e05347ddb3e0e0, 0x7bd7f6acb321d7d7, 0x2fc25eed999cc2c2, + 0xb82e6d965c432e2e, 0x314b627a96294b4b, 0xdffea321e15dfefe, 0x41578216aed55757, + 0x5415a8412abd1515, 0xc1779fb6eee87777, 0xdc37a5eb6e923737, 0xb3e57b56d79ee5e5, + 0x469f8cd923139f9f, 0xe7f0d317fd23f0f0, 0x354a6a7f94204a4a, 0x4fda9e95a944dada, + 0x7d58fa25b0a25858, 0x03c906ca8fcfc9c9, 0xa429558d527c2929, 0x280a5022145a0a0a, + 0xfeb1e14f7f50b1b1, 0xbaa0691a5dc9a0a0, 0xb16b7fdad6146b6b, 0x2e855cab17d98585, + 0xcebd8173673cbdbd, 0x695dd234ba8f5d5d, 0x4010805020901010, 0xf7f4f303f507f4f4, + 0x0bcb16c08bddcbcb, 0xf83eedc67cd33e3e, 0x140528110a2d0505, 0x81671fe6ce786767, + 0xb7e47353d597e4e4, 0x9c2725bb4e022727, 0x1941325882734141, 0x168b2c9d0ba78b8b, + 0xa6a7510153f6a7a7, 0xe97dcf94fab27d7d, 0x6e95dcfb37499595, 0x47d88e9fad56d8d8, + 0xcbfb8b30eb70fbfb, 0x9fee2371c1cdeeee, 0xed7cc791f8bb7c7c, 0x856617e3cc716666, + 0x53dda68ea77bdddd, 0x5c17b84b2eaf1717, 0x014702468e454747, 0x429e84dc211a9e9e, + 0x0fca1ec589d4caca, 0xb42d75995a582d2d, 0xc6bf9179632ebfbf, 0x1c07381b0e3f0707, + 0x8ead012347acadad, 0x755aea2fb4b05a5a, 0x36836cb51bef8383, 0xcc3385ff66b63333, + 0x91633ff2c65c6363, 0x0802100a04120202, 0x92aa39384993aaaa, 0xd971afa8e2de7171, + 0x07c80ecf8dc6c8c8, 0x6419c87d32d11919, 0x39497270923b4949, 0x43d9869aaf5fd9d9, + 0xeff2c31df931f2f2, 0xabe34b48dba8e3e3, 0x715be22ab6b95b5b, 0x1a8834920dbc8888, + 0x529aa4c8293e9a9a, 0x98262dbe4c0b2626, 0xc8328dfa64bf3232, 0xfab0e94a7d59b0b0, + 0x83e91b6acff2e9e9, 0x3c0f78331e770f0f, 0x73d5e6a6b733d5d5, 0x3a8074ba1df48080, + 0xc2be997c6127bebe, 0x13cd26de87ebcdcd, 0xd034bde468893434, 0x3d487a7590324848, + 0xdbffab24e354ffff, 0xf57af78ff48d7a7a, 0x7a90f4ea3d649090, 0x615fc23ebe9d5f5f, + 0x80201da0403d2020, 0xbd6867d5d00f6868, 0x681ad07234ca1a1a, 0x82ae192c41b7aeae, + 0xeab4c95e757db4b4, 0x4d549a19a8ce5454, 0x7693ece53b7f9393, 0x88220daa442f2222, + 0x8d6407e9c8636464, 0xe3f1db12ff2af1f1, 0xd173bfa2e6cc7373, 0x4812905a24821212, + 0x1d403a5d807a4040, 0x2008402810480808, 0x2bc356e89b95c3c3, 0x97ec337bc5dfecec, + 0x4bdb9690ab4ddbdb, 0xbea1611f5fc0a1a1, 0x0e8d1c8307918d8d, 0xf43df5c97ac83d3d, + 0x6697ccf1335b9797, 0x0000000000000000, 0x1bcf36d483f9cfcf, 0xac2b4587566e2b2b, + 0xc57697b3ece17676, 0x328264b019e68282, 0x7fd6fea9b128d6d6, 0x6c1bd87736c31b1b, + 0xeeb5c15b7774b5b5, 0x86af112943beafaf, 0xb56a77dfd41d6a6a, 0x5d50ba0da0ea5050, + 0x0945124c8a574545, 0xebf3cb18fb38f3f3, 0xc0309df060ad3030, 0x9bef2b74c3c4efef, + 0xfc3fe5c37eda3f3f, 0x4955921caac75555, 0xb2a2791059dba2a2, 0x8fea0365c9e9eaea, + 0x89650fecca6a6565, 0xd2bab9686903baba, 0xbc2f65935e4a2f2f, 0x27c04ee79d8ec0c0, + 0x5fdebe81a160dede, 0x701ce06c38fc1c1c, 0xd3fdbb2ee746fdfd, 0x294d52649a1f4d4d, + 0x7292e4e039769292, 0xc9758fbceafa7575, 0x1806301e0c360606, 0x128a249809ae8a8a, + 0xf2b2f940794bb2b2, 0xbfe66359d185e6e6, 0x380e70361c7e0e0e, 0x7c1ff8633ee71f1f, + 0x956237f7c4556262, 0x77d4eea3b53ad4d4, 0x9aa829324d81a8a8, 0x6296c4f431529696, + 0xc3f99b3aef62f9f9, 0x33c566f697a3c5c5, 0x942535b14a102525, 0x7959f220b2ab5959, + 0x2a8454ae15d08484, 0xd572b7a7e4c57272, 0xe439d5dd72ec3939, 0x2d4c5a6198164c4c, + 0x655eca3bbc945e5e, 0xfd78e785f09f7878, 0xe038ddd870e53838, 0x0a8c148605988c8c, + 0x63d1c6b2bf17d1d1, 0xaea5410b57e4a5a5, 0xafe2434dd9a1e2e2, 0x99612ff8c24e6161, + 0xf6b3f1457b42b3b3, 0x842115a542342121, 0x4a9c94d625089c9c, 0x781ef0663cee1e1e, + 0x1143225286614343, 0x3bc776fc93b1c7c7, 0xd7fcb32be54ffcfc, 0x1004201408240404, + 0x5951b208a2e35151, 0x5e99bcc72f259999, 0xa96d4fc4da226d6d, 0x340d68391a650d0d, + 0xcffa8335e979fafa, 0x5bdfb684a369dfdf, 0xe57ed79bfca97e7e, 0x90243db448192424, + 0xec3bc5d776fe3b3b, 0x96ab313d4b9aabab, 0x1fce3ed181f0cece, 0x4411885522991111, + 0x068f0c8903838f8f, 0x254e4a6b9c044e4e, 0xe6b7d1517366b7b7, 0x8beb0b60cbe0ebeb, + 0xf03cfdcc78c13c3c, 0x3e817cbf1ffd8181, 0x6a94d4fe35409494, 0xfbf7eb0cf31cf7f7, + 0xdeb9a1676f18b9b9, 0x4c13985f268b1313, 0xb02c7d9c58512c2c, 0x6bd3d6b8bb05d3d3, + 0xbbe76b5cd38ce7e7, 0xa56e57cbdc396e6e, 0x37c46ef395aac4c4, 0x0c03180f061b0303, + 0x45568a13acdc5656, 0x0d441a49885e4444, 0xe17fdf9efea07f7f, 0x9ea921374f88a9a9, + 0xa82a4d8254672a2a, 0xd6bbb16d6b0abbbb, 0x23c146e29f87c1c1, 0x5153a202a6f15353, + 0x57dcae8ba572dcdc, 0x2c0b582716530b0b, 0x4e9d9cd327019d9d, 0xad6c47c1d82b6c6c, + 0xc43195f562a43131, 0xcd7487b9e8f37474, 0xfff6e309f115f6f6, 0x05460a438c4c4646, + 0x8aac092645a5acac, 0x1e893c970fb58989, 0x5014a04428b41414, 0xa3e15b42dfbae1e1, + 0x5816b04e2ca61616, 0xe83acdd274f73a3a, 0xb9696fd0d2066969, 0x2409482d12410909, + 0xdd70a7ade0d77070, 0xe2b6d954716fb6b6, 0x67d0ceb7bd1ed0d0, 0x93ed3b7ec7d6eded, + 0x17cc2edb85e2cccc, 0x15422a5784684242, 0x5a98b4c22d2c9898, 0xaaa4490e55eda4a4, + 0xa0285d8850752828, 0x6d5cda31b8865c5c, 0xc7f8933fed6bf8f8, 0x228644a411c28686, }, { - 0x186018c0, 0x238c2305, 0xc63fc67e, 0xe887e813, - 0x8726874c, 0xb8dab8a9, 0x01040108, 0x4f214f42, - 0x36d836ad, 0xa6a2a659, 0xd26fd2de, 0xf5f3f5fb, - 0x79f979ef, 0x6fa16f5f, 0x917e91fc, 0x525552aa, - 0x609d6027, 0xbccabc89, 0x9b569bac, 0x8e028e04, - 0xa3b6a371, 0x0c300c60, 0x7bf17bff, 0x35d435b5, - 0x1d741de8, 0xe0a7e053, 0xd77bd7f6, 0xc22fc25e, - 0x2eb82e6d, 0x4b314b62, 0xfedffea3, 0x57415782, - 0x155415a8, 0x77c1779f, 0x37dc37a5, 0xe5b3e57b, - 0x9f469f8c, 0xf0e7f0d3, 0x4a354a6a, 0xda4fda9e, - 0x587d58fa, 0xc903c906, 0x29a42955, 0x0a280a50, - 0xb1feb1e1, 0xa0baa069, 0x6bb16b7f, 0x852e855c, - 0xbdcebd81, 0x5d695dd2, 0x10401080, 0xf4f7f4f3, - 0xcb0bcb16, 0x3ef83eed, 0x05140528, 0x6781671f, - 0xe4b7e473, 0x279c2725, 0x41194132, 0x8b168b2c, - 0xa7a6a751, 0x7de97dcf, 0x956e95dc, 0xd847d88e, - 0xfbcbfb8b, 0xee9fee23, 0x7ced7cc7, 0x66856617, - 0xdd53dda6, 0x175c17b8, 0x47014702, 0x9e429e84, - 0xca0fca1e, 0x2db42d75, 0xbfc6bf91, 0x071c0738, - 0xad8ead01, 0x5a755aea, 0x8336836c, 0x33cc3385, - 0x6391633f, 0x02080210, 0xaa92aa39, 0x71d971af, - 0xc807c80e, 0x196419c8, 0x49394972, 0xd943d986, - 0xf2eff2c3, 0xe3abe34b, 0x5b715be2, 0x881a8834, - 0x9a529aa4, 0x2698262d, 0x32c8328d, 0xb0fab0e9, - 0xe983e91b, 0x0f3c0f78, 0xd573d5e6, 0x803a8074, - 0xbec2be99, 0xcd13cd26, 0x34d034bd, 0x483d487a, - 0xffdbffab, 0x7af57af7, 0x907a90f4, 0x5f615fc2, - 0x2080201d, 0x68bd6867, 0x1a681ad0, 0xae82ae19, - 0xb4eab4c9, 0x544d549a, 0x937693ec, 0x2288220d, - 0x648d6407, 0xf1e3f1db, 0x73d173bf, 0x12481290, - 0x401d403a, 0x08200840, 0xc32bc356, 0xec97ec33, - 0xdb4bdb96, 0xa1bea161, 0x8d0e8d1c, 0x3df43df5, - 0x976697cc, 0x00000000, 0xcf1bcf36, 0x2bac2b45, - 0x76c57697, 0x82328264, 0xd67fd6fe, 0x1b6c1bd8, - 0xb5eeb5c1, 0xaf86af11, 0x6ab56a77, 0x505d50ba, - 0x45094512, 0xf3ebf3cb, 0x30c0309d, 0xef9bef2b, - 0x3ffc3fe5, 0x55495592, 0xa2b2a279, 0xea8fea03, - 0x6589650f, 0xbad2bab9, 0x2fbc2f65, 0xc027c04e, - 0xde5fdebe, 0x1c701ce0, 0xfdd3fdbb, 0x4d294d52, - 0x927292e4, 0x75c9758f, 0x06180630, 0x8a128a24, - 0xb2f2b2f9, 0xe6bfe663, 0x0e380e70, 0x1f7c1ff8, - 0x62956237, 0xd477d4ee, 0xa89aa829, 0x966296c4, - 0xf9c3f99b, 0xc533c566, 0x25942535, 0x597959f2, - 0x842a8454, 0x72d572b7, 0x39e439d5, 0x4c2d4c5a, - 0x5e655eca, 0x78fd78e7, 0x38e038dd, 0x8c0a8c14, - 0xd163d1c6, 0xa5aea541, 0xe2afe243, 0x6199612f, - 0xb3f6b3f1, 0x21842115, 0x9c4a9c94, 0x1e781ef0, - 0x43114322, 0xc73bc776, 0xfcd7fcb3, 0x04100420, - 0x515951b2, 0x995e99bc, 0x6da96d4f, 0x0d340d68, - 0xfacffa83, 0xdf5bdfb6, 0x7ee57ed7, 0x2490243d, - 0x3bec3bc5, 0xab96ab31, 0xce1fce3e, 0x11441188, - 0x8f068f0c, 0x4e254e4a, 0xb7e6b7d1, 0xeb8beb0b, - 0x3cf03cfd, 0x813e817c, 0x946a94d4, 0xf7fbf7eb, - 0xb9deb9a1, 0x134c1398, 0x2cb02c7d, 0xd36bd3d6, - 0xe7bbe76b, 0x6ea56e57, 0xc437c46e, 0x030c0318, - 0x5645568a, 0x440d441a, 0x7fe17fdf, 0xa99ea921, - 0x2aa82a4d, 0xbbd6bbb1, 0xc123c146, 0x535153a2, - 0xdc57dcae, 0x0b2c0b58, 0x9d4e9d9c, 0x6cad6c47, - 0x31c43195, 0x74cd7487, 0xf6fff6e3, 0x4605460a, - 0xac8aac09, 0x891e893c, 0x145014a0, 0xe1a3e15b, - 0x165816b0, 0x3ae83acd, 0x69b9696f, 0x09240948, - 0x70dd70a7, 0xb6e2b6d9, 0xd067d0ce, 0xed93ed3b, - 0xcc17cc2e, 0x4215422a, 0x985a98b4, 0xa4aaa449, - 0x28a0285d, 0x5c6d5cda, 0xf8c7f893, 0x86228644, - } -}; - -CONSTANT_VK u32a Cl[8][256] = -{ - { - 0xc07830d8, 0x05af4626, 0x7ef991b8, 0x136fcdfb, - 0x4ca113cb, 0xa9626d11, 0x08050209, 0x426e9e0d, - 0xadee6c9b, 0x590451ff, 0xdebdb90c, 0xfb06f70e, - 0xef80f296, 0x5fcede30, 0xfcef3f6d, 0xaa07a4f8, - 0x27fdc047, 0x89766535, 0xaccd2b37, 0x048c018a, - 0x71155bd2, 0x603c186c, 0xff8af684, 0xb5e16a80, - 0xe8693af5, 0x5347ddb3, 0xf6acb321, 0x5eed999c, - 0x6d965c43, 0x627a9629, 0xa321e15d, 0x8216aed5, - 0xa8412abd, 0x9fb6eee8, 0xa5eb6e92, 0x7b56d79e, - 0x8cd92313, 0xd317fd23, 0x6a7f9420, 0x9e95a944, - 0xfa25b0a2, 0x06ca8fcf, 0x558d527c, 0x5022145a, - 0xe14f7f50, 0x691a5dc9, 0x7fdad614, 0x5cab17d9, - 0x8173673c, 0xd234ba8f, 0x80502090, 0xf303f507, - 0x16c08bdd, 0xedc67cd3, 0x28110a2d, 0x1fe6ce78, - 0x7353d597, 0x25bb4e02, 0x32588273, 0x2c9d0ba7, - 0x510153f6, 0xcf94fab2, 0xdcfb3749, 0x8e9fad56, - 0x8b30eb70, 0x2371c1cd, 0xc791f8bb, 0x17e3cc71, - 0xa68ea77b, 0xb84b2eaf, 0x02468e45, 0x84dc211a, - 0x1ec589d4, 0x75995a58, 0x9179632e, 0x381b0e3f, - 0x012347ac, 0xea2fb4b0, 0x6cb51bef, 0x85ff66b6, - 0x3ff2c65c, 0x100a0412, 0x39384993, 0xafa8e2de, - 0x0ecf8dc6, 0xc87d32d1, 0x7270923b, 0x869aaf5f, - 0xc31df931, 0x4b48dba8, 0xe22ab6b9, 0x34920dbc, - 0xa4c8293e, 0x2dbe4c0b, 0x8dfa64bf, 0xe94a7d59, - 0x1b6acff2, 0x78331e77, 0xe6a6b733, 0x74ba1df4, - 0x997c6127, 0x26de87eb, 0xbde46889, 0x7a759032, - 0xab24e354, 0xf78ff48d, 0xf4ea3d64, 0xc23ebe9d, - 0x1da0403d, 0x67d5d00f, 0xd07234ca, 0x192c41b7, - 0xc95e757d, 0x9a19a8ce, 0xece53b7f, 0x0daa442f, - 0x07e9c863, 0xdb12ff2a, 0xbfa2e6cc, 0x905a2482, - 0x3a5d807a, 0x40281048, 0x56e89b95, 0x337bc5df, - 0x9690ab4d, 0x611f5fc0, 0x1c830791, 0xf5c97ac8, - 0xccf1335b, 0x00000000, 0x36d483f9, 0x4587566e, - 0x97b3ece1, 0x64b019e6, 0xfea9b128, 0xd87736c3, - 0xc15b7774, 0x112943be, 0x77dfd41d, 0xba0da0ea, - 0x124c8a57, 0xcb18fb38, 0x9df060ad, 0x2b74c3c4, - 0xe5c37eda, 0x921caac7, 0x791059db, 0x0365c9e9, - 0x0fecca6a, 0xb9686903, 0x65935e4a, 0x4ee79d8e, - 0xbe81a160, 0xe06c38fc, 0xbb2ee746, 0x52649a1f, - 0xe4e03976, 0x8fbceafa, 0x301e0c36, 0x249809ae, - 0xf940794b, 0x6359d185, 0x70361c7e, 0xf8633ee7, - 0x37f7c455, 0xeea3b53a, 0x29324d81, 0xc4f43152, - 0x9b3aef62, 0x66f697a3, 0x35b14a10, 0xf220b2ab, - 0x54ae15d0, 0xb7a7e4c5, 0xd5dd72ec, 0x5a619816, - 0xca3bbc94, 0xe785f09f, 0xddd870e5, 0x14860598, - 0xc6b2bf17, 0x410b57e4, 0x434dd9a1, 0x2ff8c24e, - 0xf1457b42, 0x15a54234, 0x94d62508, 0xf0663cee, - 0x22528661, 0x76fc93b1, 0xb32be54f, 0x20140824, - 0xb208a2e3, 0xbcc72f25, 0x4fc4da22, 0x68391a65, - 0x8335e979, 0xb684a369, 0xd79bfca9, 0x3db44819, - 0xc5d776fe, 0x313d4b9a, 0x3ed181f0, 0x88552299, - 0x0c890383, 0x4a6b9c04, 0xd1517366, 0x0b60cbe0, - 0xfdcc78c1, 0x7cbf1ffd, 0xd4fe3540, 0xeb0cf31c, - 0xa1676f18, 0x985f268b, 0x7d9c5851, 0xd6b8bb05, - 0x6b5cd38c, 0x57cbdc39, 0x6ef395aa, 0x180f061b, - 0x8a13acdc, 0x1a49885e, 0xdf9efea0, 0x21374f88, - 0x4d825467, 0xb16d6b0a, 0x46e29f87, 0xa202a6f1, - 0xae8ba572, 0x58271653, 0x9cd32701, 0x47c1d82b, - 0x95f562a4, 0x87b9e8f3, 0xe309f115, 0x0a438c4c, - 0x092645a5, 0x3c970fb5, 0xa04428b4, 0x5b42dfba, - 0xb04e2ca6, 0xcdd274f7, 0x6fd0d206, 0x482d1241, - 0xa7ade0d7, 0xd954716f, 0xceb7bd1e, 0x3b7ec7d6, - 0x2edb85e2, 0x2a578468, 0xb4c22d2c, 0x490e55ed, - 0x5d885075, 0xda31b886, 0x933fed6b, 0x44a411c2, - }, - { - 0x18c07830, 0x2305af46, 0xc67ef991, 0xe8136fcd, - 0x874ca113, 0xb8a9626d, 0x01080502, 0x4f426e9e, - 0x36adee6c, 0xa6590451, 0xd2debdb9, 0xf5fb06f7, - 0x79ef80f2, 0x6f5fcede, 0x91fcef3f, 0x52aa07a4, - 0x6027fdc0, 0xbc897665, 0x9baccd2b, 0x8e048c01, - 0xa371155b, 0x0c603c18, 0x7bff8af6, 0x35b5e16a, - 0x1de8693a, 0xe05347dd, 0xd7f6acb3, 0xc25eed99, - 0x2e6d965c, 0x4b627a96, 0xfea321e1, 0x578216ae, - 0x15a8412a, 0x779fb6ee, 0x37a5eb6e, 0xe57b56d7, - 0x9f8cd923, 0xf0d317fd, 0x4a6a7f94, 0xda9e95a9, - 0x58fa25b0, 0xc906ca8f, 0x29558d52, 0x0a502214, - 0xb1e14f7f, 0xa0691a5d, 0x6b7fdad6, 0x855cab17, - 0xbd817367, 0x5dd234ba, 0x10805020, 0xf4f303f5, - 0xcb16c08b, 0x3eedc67c, 0x0528110a, 0x671fe6ce, - 0xe47353d5, 0x2725bb4e, 0x41325882, 0x8b2c9d0b, - 0xa7510153, 0x7dcf94fa, 0x95dcfb37, 0xd88e9fad, - 0xfb8b30eb, 0xee2371c1, 0x7cc791f8, 0x6617e3cc, - 0xdda68ea7, 0x17b84b2e, 0x4702468e, 0x9e84dc21, - 0xca1ec589, 0x2d75995a, 0xbf917963, 0x07381b0e, - 0xad012347, 0x5aea2fb4, 0x836cb51b, 0x3385ff66, - 0x633ff2c6, 0x02100a04, 0xaa393849, 0x71afa8e2, - 0xc80ecf8d, 0x19c87d32, 0x49727092, 0xd9869aaf, - 0xf2c31df9, 0xe34b48db, 0x5be22ab6, 0x8834920d, - 0x9aa4c829, 0x262dbe4c, 0x328dfa64, 0xb0e94a7d, - 0xe91b6acf, 0x0f78331e, 0xd5e6a6b7, 0x8074ba1d, - 0xbe997c61, 0xcd26de87, 0x34bde468, 0x487a7590, - 0xffab24e3, 0x7af78ff4, 0x90f4ea3d, 0x5fc23ebe, - 0x201da040, 0x6867d5d0, 0x1ad07234, 0xae192c41, - 0xb4c95e75, 0x549a19a8, 0x93ece53b, 0x220daa44, - 0x6407e9c8, 0xf1db12ff, 0x73bfa2e6, 0x12905a24, - 0x403a5d80, 0x08402810, 0xc356e89b, 0xec337bc5, - 0xdb9690ab, 0xa1611f5f, 0x8d1c8307, 0x3df5c97a, - 0x97ccf133, 0x00000000, 0xcf36d483, 0x2b458756, - 0x7697b3ec, 0x8264b019, 0xd6fea9b1, 0x1bd87736, - 0xb5c15b77, 0xaf112943, 0x6a77dfd4, 0x50ba0da0, - 0x45124c8a, 0xf3cb18fb, 0x309df060, 0xef2b74c3, - 0x3fe5c37e, 0x55921caa, 0xa2791059, 0xea0365c9, - 0x650fecca, 0xbab96869, 0x2f65935e, 0xc04ee79d, - 0xdebe81a1, 0x1ce06c38, 0xfdbb2ee7, 0x4d52649a, - 0x92e4e039, 0x758fbcea, 0x06301e0c, 0x8a249809, - 0xb2f94079, 0xe66359d1, 0x0e70361c, 0x1ff8633e, - 0x6237f7c4, 0xd4eea3b5, 0xa829324d, 0x96c4f431, - 0xf99b3aef, 0xc566f697, 0x2535b14a, 0x59f220b2, - 0x8454ae15, 0x72b7a7e4, 0x39d5dd72, 0x4c5a6198, - 0x5eca3bbc, 0x78e785f0, 0x38ddd870, 0x8c148605, - 0xd1c6b2bf, 0xa5410b57, 0xe2434dd9, 0x612ff8c2, - 0xb3f1457b, 0x2115a542, 0x9c94d625, 0x1ef0663c, - 0x43225286, 0xc776fc93, 0xfcb32be5, 0x04201408, - 0x51b208a2, 0x99bcc72f, 0x6d4fc4da, 0x0d68391a, - 0xfa8335e9, 0xdfb684a3, 0x7ed79bfc, 0x243db448, - 0x3bc5d776, 0xab313d4b, 0xce3ed181, 0x11885522, - 0x8f0c8903, 0x4e4a6b9c, 0xb7d15173, 0xeb0b60cb, - 0x3cfdcc78, 0x817cbf1f, 0x94d4fe35, 0xf7eb0cf3, - 0xb9a1676f, 0x13985f26, 0x2c7d9c58, 0xd3d6b8bb, - 0xe76b5cd3, 0x6e57cbdc, 0xc46ef395, 0x03180f06, - 0x568a13ac, 0x441a4988, 0x7fdf9efe, 0xa921374f, - 0x2a4d8254, 0xbbb16d6b, 0xc146e29f, 0x53a202a6, - 0xdcae8ba5, 0x0b582716, 0x9d9cd327, 0x6c47c1d8, - 0x3195f562, 0x7487b9e8, 0xf6e309f1, 0x460a438c, - 0xac092645, 0x893c970f, 0x14a04428, 0xe15b42df, - 0x16b04e2c, 0x3acdd274, 0x696fd0d2, 0x09482d12, - 0x70a7ade0, 0xb6d95471, 0xd0ceb7bd, 0xed3b7ec7, - 0xcc2edb85, 0x422a5784, 0x98b4c22d, 0xa4490e55, - 0x285d8850, 0x5cda31b8, 0xf8933fed, 0x8644a411, - }, - { - 0x6018c078, 0x8c2305af, 0x3fc67ef9, 0x87e8136f, - 0x26874ca1, 0xdab8a962, 0x04010805, 0x214f426e, - 0xd836adee, 0xa2a65904, 0x6fd2debd, 0xf3f5fb06, - 0xf979ef80, 0xa16f5fce, 0x7e91fcef, 0x5552aa07, - 0x9d6027fd, 0xcabc8976, 0x569baccd, 0x028e048c, - 0xb6a37115, 0x300c603c, 0xf17bff8a, 0xd435b5e1, - 0x741de869, 0xa7e05347, 0x7bd7f6ac, 0x2fc25eed, - 0xb82e6d96, 0x314b627a, 0xdffea321, 0x41578216, - 0x5415a841, 0xc1779fb6, 0xdc37a5eb, 0xb3e57b56, - 0x469f8cd9, 0xe7f0d317, 0x354a6a7f, 0x4fda9e95, - 0x7d58fa25, 0x03c906ca, 0xa429558d, 0x280a5022, - 0xfeb1e14f, 0xbaa0691a, 0xb16b7fda, 0x2e855cab, - 0xcebd8173, 0x695dd234, 0x40108050, 0xf7f4f303, - 0x0bcb16c0, 0xf83eedc6, 0x14052811, 0x81671fe6, - 0xb7e47353, 0x9c2725bb, 0x19413258, 0x168b2c9d, - 0xa6a75101, 0xe97dcf94, 0x6e95dcfb, 0x47d88e9f, - 0xcbfb8b30, 0x9fee2371, 0xed7cc791, 0x856617e3, - 0x53dda68e, 0x5c17b84b, 0x01470246, 0x429e84dc, - 0x0fca1ec5, 0xb42d7599, 0xc6bf9179, 0x1c07381b, - 0x8ead0123, 0x755aea2f, 0x36836cb5, 0xcc3385ff, - 0x91633ff2, 0x0802100a, 0x92aa3938, 0xd971afa8, - 0x07c80ecf, 0x6419c87d, 0x39497270, 0x43d9869a, - 0xeff2c31d, 0xabe34b48, 0x715be22a, 0x1a883492, - 0x529aa4c8, 0x98262dbe, 0xc8328dfa, 0xfab0e94a, - 0x83e91b6a, 0x3c0f7833, 0x73d5e6a6, 0x3a8074ba, - 0xc2be997c, 0x13cd26de, 0xd034bde4, 0x3d487a75, - 0xdbffab24, 0xf57af78f, 0x7a90f4ea, 0x615fc23e, - 0x80201da0, 0xbd6867d5, 0x681ad072, 0x82ae192c, - 0xeab4c95e, 0x4d549a19, 0x7693ece5, 0x88220daa, - 0x8d6407e9, 0xe3f1db12, 0xd173bfa2, 0x4812905a, - 0x1d403a5d, 0x20084028, 0x2bc356e8, 0x97ec337b, - 0x4bdb9690, 0xbea1611f, 0x0e8d1c83, 0xf43df5c9, - 0x6697ccf1, 0x00000000, 0x1bcf36d4, 0xac2b4587, - 0xc57697b3, 0x328264b0, 0x7fd6fea9, 0x6c1bd877, - 0xeeb5c15b, 0x86af1129, 0xb56a77df, 0x5d50ba0d, - 0x0945124c, 0xebf3cb18, 0xc0309df0, 0x9bef2b74, - 0xfc3fe5c3, 0x4955921c, 0xb2a27910, 0x8fea0365, - 0x89650fec, 0xd2bab968, 0xbc2f6593, 0x27c04ee7, - 0x5fdebe81, 0x701ce06c, 0xd3fdbb2e, 0x294d5264, - 0x7292e4e0, 0xc9758fbc, 0x1806301e, 0x128a2498, - 0xf2b2f940, 0xbfe66359, 0x380e7036, 0x7c1ff863, - 0x956237f7, 0x77d4eea3, 0x9aa82932, 0x6296c4f4, - 0xc3f99b3a, 0x33c566f6, 0x942535b1, 0x7959f220, - 0x2a8454ae, 0xd572b7a7, 0xe439d5dd, 0x2d4c5a61, - 0x655eca3b, 0xfd78e785, 0xe038ddd8, 0x0a8c1486, - 0x63d1c6b2, 0xaea5410b, 0xafe2434d, 0x99612ff8, - 0xf6b3f145, 0x842115a5, 0x4a9c94d6, 0x781ef066, - 0x11432252, 0x3bc776fc, 0xd7fcb32b, 0x10042014, - 0x5951b208, 0x5e99bcc7, 0xa96d4fc4, 0x340d6839, - 0xcffa8335, 0x5bdfb684, 0xe57ed79b, 0x90243db4, - 0xec3bc5d7, 0x96ab313d, 0x1fce3ed1, 0x44118855, - 0x068f0c89, 0x254e4a6b, 0xe6b7d151, 0x8beb0b60, - 0xf03cfdcc, 0x3e817cbf, 0x6a94d4fe, 0xfbf7eb0c, - 0xdeb9a167, 0x4c13985f, 0xb02c7d9c, 0x6bd3d6b8, - 0xbbe76b5c, 0xa56e57cb, 0x37c46ef3, 0x0c03180f, - 0x45568a13, 0x0d441a49, 0xe17fdf9e, 0x9ea92137, - 0xa82a4d82, 0xd6bbb16d, 0x23c146e2, 0x5153a202, - 0x57dcae8b, 0x2c0b5827, 0x4e9d9cd3, 0xad6c47c1, - 0xc43195f5, 0xcd7487b9, 0xfff6e309, 0x05460a43, - 0x8aac0926, 0x1e893c97, 0x5014a044, 0xa3e15b42, - 0x5816b04e, 0xe83acdd2, 0xb9696fd0, 0x2409482d, - 0xdd70a7ad, 0xe2b6d954, 0x67d0ceb7, 0x93ed3b7e, - 0x17cc2edb, 0x15422a57, 0x5a98b4c2, 0xaaa4490e, - 0xa0285d88, 0x6d5cda31, 0xc7f8933f, 0x228644a4, - }, - { - 0x186018c0, 0x238c2305, 0xc63fc67e, 0xe887e813, - 0x8726874c, 0xb8dab8a9, 0x01040108, 0x4f214f42, - 0x36d836ad, 0xa6a2a659, 0xd26fd2de, 0xf5f3f5fb, - 0x79f979ef, 0x6fa16f5f, 0x917e91fc, 0x525552aa, - 0x609d6027, 0xbccabc89, 0x9b569bac, 0x8e028e04, - 0xa3b6a371, 0x0c300c60, 0x7bf17bff, 0x35d435b5, - 0x1d741de8, 0xe0a7e053, 0xd77bd7f6, 0xc22fc25e, - 0x2eb82e6d, 0x4b314b62, 0xfedffea3, 0x57415782, - 0x155415a8, 0x77c1779f, 0x37dc37a5, 0xe5b3e57b, - 0x9f469f8c, 0xf0e7f0d3, 0x4a354a6a, 0xda4fda9e, - 0x587d58fa, 0xc903c906, 0x29a42955, 0x0a280a50, - 0xb1feb1e1, 0xa0baa069, 0x6bb16b7f, 0x852e855c, - 0xbdcebd81, 0x5d695dd2, 0x10401080, 0xf4f7f4f3, - 0xcb0bcb16, 0x3ef83eed, 0x05140528, 0x6781671f, - 0xe4b7e473, 0x279c2725, 0x41194132, 0x8b168b2c, - 0xa7a6a751, 0x7de97dcf, 0x956e95dc, 0xd847d88e, - 0xfbcbfb8b, 0xee9fee23, 0x7ced7cc7, 0x66856617, - 0xdd53dda6, 0x175c17b8, 0x47014702, 0x9e429e84, - 0xca0fca1e, 0x2db42d75, 0xbfc6bf91, 0x071c0738, - 0xad8ead01, 0x5a755aea, 0x8336836c, 0x33cc3385, - 0x6391633f, 0x02080210, 0xaa92aa39, 0x71d971af, - 0xc807c80e, 0x196419c8, 0x49394972, 0xd943d986, - 0xf2eff2c3, 0xe3abe34b, 0x5b715be2, 0x881a8834, - 0x9a529aa4, 0x2698262d, 0x32c8328d, 0xb0fab0e9, - 0xe983e91b, 0x0f3c0f78, 0xd573d5e6, 0x803a8074, - 0xbec2be99, 0xcd13cd26, 0x34d034bd, 0x483d487a, - 0xffdbffab, 0x7af57af7, 0x907a90f4, 0x5f615fc2, - 0x2080201d, 0x68bd6867, 0x1a681ad0, 0xae82ae19, - 0xb4eab4c9, 0x544d549a, 0x937693ec, 0x2288220d, - 0x648d6407, 0xf1e3f1db, 0x73d173bf, 0x12481290, - 0x401d403a, 0x08200840, 0xc32bc356, 0xec97ec33, - 0xdb4bdb96, 0xa1bea161, 0x8d0e8d1c, 0x3df43df5, - 0x976697cc, 0x00000000, 0xcf1bcf36, 0x2bac2b45, - 0x76c57697, 0x82328264, 0xd67fd6fe, 0x1b6c1bd8, - 0xb5eeb5c1, 0xaf86af11, 0x6ab56a77, 0x505d50ba, - 0x45094512, 0xf3ebf3cb, 0x30c0309d, 0xef9bef2b, - 0x3ffc3fe5, 0x55495592, 0xa2b2a279, 0xea8fea03, - 0x6589650f, 0xbad2bab9, 0x2fbc2f65, 0xc027c04e, - 0xde5fdebe, 0x1c701ce0, 0xfdd3fdbb, 0x4d294d52, - 0x927292e4, 0x75c9758f, 0x06180630, 0x8a128a24, - 0xb2f2b2f9, 0xe6bfe663, 0x0e380e70, 0x1f7c1ff8, - 0x62956237, 0xd477d4ee, 0xa89aa829, 0x966296c4, - 0xf9c3f99b, 0xc533c566, 0x25942535, 0x597959f2, - 0x842a8454, 0x72d572b7, 0x39e439d5, 0x4c2d4c5a, - 0x5e655eca, 0x78fd78e7, 0x38e038dd, 0x8c0a8c14, - 0xd163d1c6, 0xa5aea541, 0xe2afe243, 0x6199612f, - 0xb3f6b3f1, 0x21842115, 0x9c4a9c94, 0x1e781ef0, - 0x43114322, 0xc73bc776, 0xfcd7fcb3, 0x04100420, - 0x515951b2, 0x995e99bc, 0x6da96d4f, 0x0d340d68, - 0xfacffa83, 0xdf5bdfb6, 0x7ee57ed7, 0x2490243d, - 0x3bec3bc5, 0xab96ab31, 0xce1fce3e, 0x11441188, - 0x8f068f0c, 0x4e254e4a, 0xb7e6b7d1, 0xeb8beb0b, - 0x3cf03cfd, 0x813e817c, 0x946a94d4, 0xf7fbf7eb, - 0xb9deb9a1, 0x134c1398, 0x2cb02c7d, 0xd36bd3d6, - 0xe7bbe76b, 0x6ea56e57, 0xc437c46e, 0x030c0318, - 0x5645568a, 0x440d441a, 0x7fe17fdf, 0xa99ea921, - 0x2aa82a4d, 0xbbd6bbb1, 0xc123c146, 0x535153a2, - 0xdc57dcae, 0x0b2c0b58, 0x9d4e9d9c, 0x6cad6c47, - 0x31c43195, 0x74cd7487, 0xf6fff6e3, 0x4605460a, - 0xac8aac09, 0x891e893c, 0x145014a0, 0xe1a3e15b, - 0x165816b0, 0x3ae83acd, 0x69b9696f, 0x09240948, - 0x70dd70a7, 0xb6e2b6d9, 0xd067d0ce, 0xed93ed3b, - 0xcc17cc2e, 0x4215422a, 0x985a98b4, 0xa4aaa449, - 0x28a0285d, 0x5c6d5cda, 0xf8c7f893, 0x86228644, - }, - { - 0x18186018, 0x23238c23, 0xc6c63fc6, 0xe8e887e8, - 0x87872687, 0xb8b8dab8, 0x01010401, 0x4f4f214f, - 0x3636d836, 0xa6a6a2a6, 0xd2d26fd2, 0xf5f5f3f5, - 0x7979f979, 0x6f6fa16f, 0x91917e91, 0x52525552, - 0x60609d60, 0xbcbccabc, 0x9b9b569b, 0x8e8e028e, - 0xa3a3b6a3, 0x0c0c300c, 0x7b7bf17b, 0x3535d435, - 0x1d1d741d, 0xe0e0a7e0, 0xd7d77bd7, 0xc2c22fc2, - 0x2e2eb82e, 0x4b4b314b, 0xfefedffe, 0x57574157, - 0x15155415, 0x7777c177, 0x3737dc37, 0xe5e5b3e5, - 0x9f9f469f, 0xf0f0e7f0, 0x4a4a354a, 0xdada4fda, - 0x58587d58, 0xc9c903c9, 0x2929a429, 0x0a0a280a, - 0xb1b1feb1, 0xa0a0baa0, 0x6b6bb16b, 0x85852e85, - 0xbdbdcebd, 0x5d5d695d, 0x10104010, 0xf4f4f7f4, - 0xcbcb0bcb, 0x3e3ef83e, 0x05051405, 0x67678167, - 0xe4e4b7e4, 0x27279c27, 0x41411941, 0x8b8b168b, - 0xa7a7a6a7, 0x7d7de97d, 0x95956e95, 0xd8d847d8, - 0xfbfbcbfb, 0xeeee9fee, 0x7c7ced7c, 0x66668566, - 0xdddd53dd, 0x17175c17, 0x47470147, 0x9e9e429e, - 0xcaca0fca, 0x2d2db42d, 0xbfbfc6bf, 0x07071c07, - 0xadad8ead, 0x5a5a755a, 0x83833683, 0x3333cc33, - 0x63639163, 0x02020802, 0xaaaa92aa, 0x7171d971, - 0xc8c807c8, 0x19196419, 0x49493949, 0xd9d943d9, - 0xf2f2eff2, 0xe3e3abe3, 0x5b5b715b, 0x88881a88, - 0x9a9a529a, 0x26269826, 0x3232c832, 0xb0b0fab0, - 0xe9e983e9, 0x0f0f3c0f, 0xd5d573d5, 0x80803a80, - 0xbebec2be, 0xcdcd13cd, 0x3434d034, 0x48483d48, - 0xffffdbff, 0x7a7af57a, 0x90907a90, 0x5f5f615f, - 0x20208020, 0x6868bd68, 0x1a1a681a, 0xaeae82ae, - 0xb4b4eab4, 0x54544d54, 0x93937693, 0x22228822, - 0x64648d64, 0xf1f1e3f1, 0x7373d173, 0x12124812, - 0x40401d40, 0x08082008, 0xc3c32bc3, 0xecec97ec, - 0xdbdb4bdb, 0xa1a1bea1, 0x8d8d0e8d, 0x3d3df43d, - 0x97976697, 0x00000000, 0xcfcf1bcf, 0x2b2bac2b, - 0x7676c576, 0x82823282, 0xd6d67fd6, 0x1b1b6c1b, - 0xb5b5eeb5, 0xafaf86af, 0x6a6ab56a, 0x50505d50, - 0x45450945, 0xf3f3ebf3, 0x3030c030, 0xefef9bef, - 0x3f3ffc3f, 0x55554955, 0xa2a2b2a2, 0xeaea8fea, - 0x65658965, 0xbabad2ba, 0x2f2fbc2f, 0xc0c027c0, - 0xdede5fde, 0x1c1c701c, 0xfdfdd3fd, 0x4d4d294d, - 0x92927292, 0x7575c975, 0x06061806, 0x8a8a128a, - 0xb2b2f2b2, 0xe6e6bfe6, 0x0e0e380e, 0x1f1f7c1f, - 0x62629562, 0xd4d477d4, 0xa8a89aa8, 0x96966296, - 0xf9f9c3f9, 0xc5c533c5, 0x25259425, 0x59597959, - 0x84842a84, 0x7272d572, 0x3939e439, 0x4c4c2d4c, - 0x5e5e655e, 0x7878fd78, 0x3838e038, 0x8c8c0a8c, - 0xd1d163d1, 0xa5a5aea5, 0xe2e2afe2, 0x61619961, - 0xb3b3f6b3, 0x21218421, 0x9c9c4a9c, 0x1e1e781e, - 0x43431143, 0xc7c73bc7, 0xfcfcd7fc, 0x04041004, - 0x51515951, 0x99995e99, 0x6d6da96d, 0x0d0d340d, - 0xfafacffa, 0xdfdf5bdf, 0x7e7ee57e, 0x24249024, - 0x3b3bec3b, 0xabab96ab, 0xcece1fce, 0x11114411, - 0x8f8f068f, 0x4e4e254e, 0xb7b7e6b7, 0xebeb8beb, - 0x3c3cf03c, 0x81813e81, 0x94946a94, 0xf7f7fbf7, - 0xb9b9deb9, 0x13134c13, 0x2c2cb02c, 0xd3d36bd3, - 0xe7e7bbe7, 0x6e6ea56e, 0xc4c437c4, 0x03030c03, - 0x56564556, 0x44440d44, 0x7f7fe17f, 0xa9a99ea9, - 0x2a2aa82a, 0xbbbbd6bb, 0xc1c123c1, 0x53535153, - 0xdcdc57dc, 0x0b0b2c0b, 0x9d9d4e9d, 0x6c6cad6c, - 0x3131c431, 0x7474cd74, 0xf6f6fff6, 0x46460546, - 0xacac8aac, 0x89891e89, 0x14145014, 0xe1e1a3e1, - 0x16165816, 0x3a3ae83a, 0x6969b969, 0x09092409, - 0x7070dd70, 0xb6b6e2b6, 0xd0d067d0, 0xeded93ed, - 0xcccc17cc, 0x42421542, 0x98985a98, 0xa4a4aaa4, - 0x2828a028, 0x5c5c6d5c, 0xf8f8c7f8, 0x86862286, - }, - { - 0xd8181860, 0x2623238c, 0xb8c6c63f, 0xfbe8e887, - 0xcb878726, 0x11b8b8da, 0x09010104, 0x0d4f4f21, - 0x9b3636d8, 0xffa6a6a2, 0x0cd2d26f, 0x0ef5f5f3, - 0x967979f9, 0x306f6fa1, 0x6d91917e, 0xf8525255, - 0x4760609d, 0x35bcbcca, 0x379b9b56, 0x8a8e8e02, - 0xd2a3a3b6, 0x6c0c0c30, 0x847b7bf1, 0x803535d4, - 0xf51d1d74, 0xb3e0e0a7, 0x21d7d77b, 0x9cc2c22f, - 0x432e2eb8, 0x294b4b31, 0x5dfefedf, 0xd5575741, - 0xbd151554, 0xe87777c1, 0x923737dc, 0x9ee5e5b3, - 0x139f9f46, 0x23f0f0e7, 0x204a4a35, 0x44dada4f, - 0xa258587d, 0xcfc9c903, 0x7c2929a4, 0x5a0a0a28, - 0x50b1b1fe, 0xc9a0a0ba, 0x146b6bb1, 0xd985852e, - 0x3cbdbdce, 0x8f5d5d69, 0x90101040, 0x07f4f4f7, - 0xddcbcb0b, 0xd33e3ef8, 0x2d050514, 0x78676781, - 0x97e4e4b7, 0x0227279c, 0x73414119, 0xa78b8b16, - 0xf6a7a7a6, 0xb27d7de9, 0x4995956e, 0x56d8d847, - 0x70fbfbcb, 0xcdeeee9f, 0xbb7c7ced, 0x71666685, - 0x7bdddd53, 0xaf17175c, 0x45474701, 0x1a9e9e42, - 0xd4caca0f, 0x582d2db4, 0x2ebfbfc6, 0x3f07071c, - 0xacadad8e, 0xb05a5a75, 0xef838336, 0xb63333cc, - 0x5c636391, 0x12020208, 0x93aaaa92, 0xde7171d9, - 0xc6c8c807, 0xd1191964, 0x3b494939, 0x5fd9d943, - 0x31f2f2ef, 0xa8e3e3ab, 0xb95b5b71, 0xbc88881a, - 0x3e9a9a52, 0x0b262698, 0xbf3232c8, 0x59b0b0fa, - 0xf2e9e983, 0x770f0f3c, 0x33d5d573, 0xf480803a, - 0x27bebec2, 0xebcdcd13, 0x893434d0, 0x3248483d, - 0x54ffffdb, 0x8d7a7af5, 0x6490907a, 0x9d5f5f61, - 0x3d202080, 0x0f6868bd, 0xca1a1a68, 0xb7aeae82, - 0x7db4b4ea, 0xce54544d, 0x7f939376, 0x2f222288, - 0x6364648d, 0x2af1f1e3, 0xcc7373d1, 0x82121248, - 0x7a40401d, 0x48080820, 0x95c3c32b, 0xdfecec97, - 0x4ddbdb4b, 0xc0a1a1be, 0x918d8d0e, 0xc83d3df4, - 0x5b979766, 0x00000000, 0xf9cfcf1b, 0x6e2b2bac, - 0xe17676c5, 0xe6828232, 0x28d6d67f, 0xc31b1b6c, - 0x74b5b5ee, 0xbeafaf86, 0x1d6a6ab5, 0xea50505d, - 0x57454509, 0x38f3f3eb, 0xad3030c0, 0xc4efef9b, - 0xda3f3ffc, 0xc7555549, 0xdba2a2b2, 0xe9eaea8f, - 0x6a656589, 0x03babad2, 0x4a2f2fbc, 0x8ec0c027, - 0x60dede5f, 0xfc1c1c70, 0x46fdfdd3, 0x1f4d4d29, - 0x76929272, 0xfa7575c9, 0x36060618, 0xae8a8a12, - 0x4bb2b2f2, 0x85e6e6bf, 0x7e0e0e38, 0xe71f1f7c, - 0x55626295, 0x3ad4d477, 0x81a8a89a, 0x52969662, - 0x62f9f9c3, 0xa3c5c533, 0x10252594, 0xab595979, - 0xd084842a, 0xc57272d5, 0xec3939e4, 0x164c4c2d, - 0x945e5e65, 0x9f7878fd, 0xe53838e0, 0x988c8c0a, - 0x17d1d163, 0xe4a5a5ae, 0xa1e2e2af, 0x4e616199, - 0x42b3b3f6, 0x34212184, 0x089c9c4a, 0xee1e1e78, - 0x61434311, 0xb1c7c73b, 0x4ffcfcd7, 0x24040410, - 0xe3515159, 0x2599995e, 0x226d6da9, 0x650d0d34, - 0x79fafacf, 0x69dfdf5b, 0xa97e7ee5, 0x19242490, - 0xfe3b3bec, 0x9aabab96, 0xf0cece1f, 0x99111144, - 0x838f8f06, 0x044e4e25, 0x66b7b7e6, 0xe0ebeb8b, - 0xc13c3cf0, 0xfd81813e, 0x4094946a, 0x1cf7f7fb, - 0x18b9b9de, 0x8b13134c, 0x512c2cb0, 0x05d3d36b, - 0x8ce7e7bb, 0x396e6ea5, 0xaac4c437, 0x1b03030c, - 0xdc565645, 0x5e44440d, 0xa07f7fe1, 0x88a9a99e, - 0x672a2aa8, 0x0abbbbd6, 0x87c1c123, 0xf1535351, - 0x72dcdc57, 0x530b0b2c, 0x019d9d4e, 0x2b6c6cad, - 0xa43131c4, 0xf37474cd, 0x15f6f6ff, 0x4c464605, - 0xa5acac8a, 0xb589891e, 0xb4141450, 0xbae1e1a3, - 0xa6161658, 0xf73a3ae8, 0x066969b9, 0x41090924, - 0xd77070dd, 0x6fb6b6e2, 0x1ed0d067, 0xd6eded93, - 0xe2cccc17, 0x68424215, 0x2c98985a, 0xeda4a4aa, - 0x752828a0, 0x865c5c6d, 0x6bf8f8c7, 0xc2868622, - }, - { - 0x30d81818, 0x46262323, 0x91b8c6c6, 0xcdfbe8e8, - 0x13cb8787, 0x6d11b8b8, 0x02090101, 0x9e0d4f4f, - 0x6c9b3636, 0x51ffa6a6, 0xb90cd2d2, 0xf70ef5f5, - 0xf2967979, 0xde306f6f, 0x3f6d9191, 0xa4f85252, - 0xc0476060, 0x6535bcbc, 0x2b379b9b, 0x018a8e8e, - 0x5bd2a3a3, 0x186c0c0c, 0xf6847b7b, 0x6a803535, - 0x3af51d1d, 0xddb3e0e0, 0xb321d7d7, 0x999cc2c2, - 0x5c432e2e, 0x96294b4b, 0xe15dfefe, 0xaed55757, - 0x2abd1515, 0xeee87777, 0x6e923737, 0xd79ee5e5, - 0x23139f9f, 0xfd23f0f0, 0x94204a4a, 0xa944dada, - 0xb0a25858, 0x8fcfc9c9, 0x527c2929, 0x145a0a0a, - 0x7f50b1b1, 0x5dc9a0a0, 0xd6146b6b, 0x17d98585, - 0x673cbdbd, 0xba8f5d5d, 0x20901010, 0xf507f4f4, - 0x8bddcbcb, 0x7cd33e3e, 0x0a2d0505, 0xce786767, - 0xd597e4e4, 0x4e022727, 0x82734141, 0x0ba78b8b, - 0x53f6a7a7, 0xfab27d7d, 0x37499595, 0xad56d8d8, - 0xeb70fbfb, 0xc1cdeeee, 0xf8bb7c7c, 0xcc716666, - 0xa77bdddd, 0x2eaf1717, 0x8e454747, 0x211a9e9e, - 0x89d4caca, 0x5a582d2d, 0x632ebfbf, 0x0e3f0707, - 0x47acadad, 0xb4b05a5a, 0x1bef8383, 0x66b63333, - 0xc65c6363, 0x04120202, 0x4993aaaa, 0xe2de7171, - 0x8dc6c8c8, 0x32d11919, 0x923b4949, 0xaf5fd9d9, - 0xf931f2f2, 0xdba8e3e3, 0xb6b95b5b, 0x0dbc8888, - 0x293e9a9a, 0x4c0b2626, 0x64bf3232, 0x7d59b0b0, - 0xcff2e9e9, 0x1e770f0f, 0xb733d5d5, 0x1df48080, - 0x6127bebe, 0x87ebcdcd, 0x68893434, 0x90324848, - 0xe354ffff, 0xf48d7a7a, 0x3d649090, 0xbe9d5f5f, - 0x403d2020, 0xd00f6868, 0x34ca1a1a, 0x41b7aeae, - 0x757db4b4, 0xa8ce5454, 0x3b7f9393, 0x442f2222, - 0xc8636464, 0xff2af1f1, 0xe6cc7373, 0x24821212, - 0x807a4040, 0x10480808, 0x9b95c3c3, 0xc5dfecec, - 0xab4ddbdb, 0x5fc0a1a1, 0x07918d8d, 0x7ac83d3d, - 0x335b9797, 0x00000000, 0x83f9cfcf, 0x566e2b2b, - 0xece17676, 0x19e68282, 0xb128d6d6, 0x36c31b1b, - 0x7774b5b5, 0x43beafaf, 0xd41d6a6a, 0xa0ea5050, - 0x8a574545, 0xfb38f3f3, 0x60ad3030, 0xc3c4efef, - 0x7eda3f3f, 0xaac75555, 0x59dba2a2, 0xc9e9eaea, - 0xca6a6565, 0x6903baba, 0x5e4a2f2f, 0x9d8ec0c0, - 0xa160dede, 0x38fc1c1c, 0xe746fdfd, 0x9a1f4d4d, - 0x39769292, 0xeafa7575, 0x0c360606, 0x09ae8a8a, - 0x794bb2b2, 0xd185e6e6, 0x1c7e0e0e, 0x3ee71f1f, - 0xc4556262, 0xb53ad4d4, 0x4d81a8a8, 0x31529696, - 0xef62f9f9, 0x97a3c5c5, 0x4a102525, 0xb2ab5959, - 0x15d08484, 0xe4c57272, 0x72ec3939, 0x98164c4c, - 0xbc945e5e, 0xf09f7878, 0x70e53838, 0x05988c8c, - 0xbf17d1d1, 0x57e4a5a5, 0xd9a1e2e2, 0xc24e6161, - 0x7b42b3b3, 0x42342121, 0x25089c9c, 0x3cee1e1e, - 0x86614343, 0x93b1c7c7, 0xe54ffcfc, 0x08240404, - 0xa2e35151, 0x2f259999, 0xda226d6d, 0x1a650d0d, - 0xe979fafa, 0xa369dfdf, 0xfca97e7e, 0x48192424, - 0x76fe3b3b, 0x4b9aabab, 0x81f0cece, 0x22991111, - 0x03838f8f, 0x9c044e4e, 0x7366b7b7, 0xcbe0ebeb, - 0x78c13c3c, 0x1ffd8181, 0x35409494, 0xf31cf7f7, - 0x6f18b9b9, 0x268b1313, 0x58512c2c, 0xbb05d3d3, - 0xd38ce7e7, 0xdc396e6e, 0x95aac4c4, 0x061b0303, - 0xacdc5656, 0x885e4444, 0xfea07f7f, 0x4f88a9a9, - 0x54672a2a, 0x6b0abbbb, 0x9f87c1c1, 0xa6f15353, - 0xa572dcdc, 0x16530b0b, 0x27019d9d, 0xd82b6c6c, - 0x62a43131, 0xe8f37474, 0xf115f6f6, 0x8c4c4646, - 0x45a5acac, 0x0fb58989, 0x28b41414, 0xdfbae1e1, - 0x2ca61616, 0x74f73a3a, 0xd2066969, 0x12410909, - 0xe0d77070, 0x716fb6b6, 0xbd1ed0d0, 0xc7d6eded, - 0x85e2cccc, 0x84684242, 0x2d2c9898, 0x55eda4a4, - 0x50752828, 0xb8865c5c, 0xed6bf8f8, 0x11c28686, - }, - { - 0x7830d818, 0xaf462623, 0xf991b8c6, 0x6fcdfbe8, - 0xa113cb87, 0x626d11b8, 0x05020901, 0x6e9e0d4f, - 0xee6c9b36, 0x0451ffa6, 0xbdb90cd2, 0x06f70ef5, - 0x80f29679, 0xcede306f, 0xef3f6d91, 0x07a4f852, - 0xfdc04760, 0x766535bc, 0xcd2b379b, 0x8c018a8e, - 0x155bd2a3, 0x3c186c0c, 0x8af6847b, 0xe16a8035, - 0x693af51d, 0x47ddb3e0, 0xacb321d7, 0xed999cc2, - 0x965c432e, 0x7a96294b, 0x21e15dfe, 0x16aed557, - 0x412abd15, 0xb6eee877, 0xeb6e9237, 0x56d79ee5, - 0xd923139f, 0x17fd23f0, 0x7f94204a, 0x95a944da, - 0x25b0a258, 0xca8fcfc9, 0x8d527c29, 0x22145a0a, - 0x4f7f50b1, 0x1a5dc9a0, 0xdad6146b, 0xab17d985, - 0x73673cbd, 0x34ba8f5d, 0x50209010, 0x03f507f4, - 0xc08bddcb, 0xc67cd33e, 0x110a2d05, 0xe6ce7867, - 0x53d597e4, 0xbb4e0227, 0x58827341, 0x9d0ba78b, - 0x0153f6a7, 0x94fab27d, 0xfb374995, 0x9fad56d8, - 0x30eb70fb, 0x71c1cdee, 0x91f8bb7c, 0xe3cc7166, - 0x8ea77bdd, 0x4b2eaf17, 0x468e4547, 0xdc211a9e, - 0xc589d4ca, 0x995a582d, 0x79632ebf, 0x1b0e3f07, - 0x2347acad, 0x2fb4b05a, 0xb51bef83, 0xff66b633, - 0xf2c65c63, 0x0a041202, 0x384993aa, 0xa8e2de71, - 0xcf8dc6c8, 0x7d32d119, 0x70923b49, 0x9aaf5fd9, - 0x1df931f2, 0x48dba8e3, 0x2ab6b95b, 0x920dbc88, - 0xc8293e9a, 0xbe4c0b26, 0xfa64bf32, 0x4a7d59b0, - 0x6acff2e9, 0x331e770f, 0xa6b733d5, 0xba1df480, - 0x7c6127be, 0xde87ebcd, 0xe4688934, 0x75903248, - 0x24e354ff, 0x8ff48d7a, 0xea3d6490, 0x3ebe9d5f, - 0xa0403d20, 0xd5d00f68, 0x7234ca1a, 0x2c41b7ae, - 0x5e757db4, 0x19a8ce54, 0xe53b7f93, 0xaa442f22, - 0xe9c86364, 0x12ff2af1, 0xa2e6cc73, 0x5a248212, - 0x5d807a40, 0x28104808, 0xe89b95c3, 0x7bc5dfec, - 0x90ab4ddb, 0x1f5fc0a1, 0x8307918d, 0xc97ac83d, - 0xf1335b97, 0x00000000, 0xd483f9cf, 0x87566e2b, - 0xb3ece176, 0xb019e682, 0xa9b128d6, 0x7736c31b, - 0x5b7774b5, 0x2943beaf, 0xdfd41d6a, 0x0da0ea50, - 0x4c8a5745, 0x18fb38f3, 0xf060ad30, 0x74c3c4ef, - 0xc37eda3f, 0x1caac755, 0x1059dba2, 0x65c9e9ea, - 0xecca6a65, 0x686903ba, 0x935e4a2f, 0xe79d8ec0, - 0x81a160de, 0x6c38fc1c, 0x2ee746fd, 0x649a1f4d, - 0xe0397692, 0xbceafa75, 0x1e0c3606, 0x9809ae8a, - 0x40794bb2, 0x59d185e6, 0x361c7e0e, 0x633ee71f, - 0xf7c45562, 0xa3b53ad4, 0x324d81a8, 0xf4315296, - 0x3aef62f9, 0xf697a3c5, 0xb14a1025, 0x20b2ab59, - 0xae15d084, 0xa7e4c572, 0xdd72ec39, 0x6198164c, - 0x3bbc945e, 0x85f09f78, 0xd870e538, 0x8605988c, - 0xb2bf17d1, 0x0b57e4a5, 0x4dd9a1e2, 0xf8c24e61, - 0x457b42b3, 0xa5423421, 0xd625089c, 0x663cee1e, - 0x52866143, 0xfc93b1c7, 0x2be54ffc, 0x14082404, - 0x08a2e351, 0xc72f2599, 0xc4da226d, 0x391a650d, - 0x35e979fa, 0x84a369df, 0x9bfca97e, 0xb4481924, - 0xd776fe3b, 0x3d4b9aab, 0xd181f0ce, 0x55229911, - 0x8903838f, 0x6b9c044e, 0x517366b7, 0x60cbe0eb, - 0xcc78c13c, 0xbf1ffd81, 0xfe354094, 0x0cf31cf7, - 0x676f18b9, 0x5f268b13, 0x9c58512c, 0xb8bb05d3, - 0x5cd38ce7, 0xcbdc396e, 0xf395aac4, 0x0f061b03, - 0x13acdc56, 0x49885e44, 0x9efea07f, 0x374f88a9, - 0x8254672a, 0x6d6b0abb, 0xe29f87c1, 0x02a6f153, - 0x8ba572dc, 0x2716530b, 0xd327019d, 0xc1d82b6c, - 0xf562a431, 0xb9e8f374, 0x09f115f6, 0x438c4c46, - 0x2645a5ac, 0x970fb589, 0x4428b414, 0x42dfbae1, - 0x4e2ca616, 0xd274f73a, 0xd0d20669, 0x2d124109, - 0xade0d770, 0x54716fb6, 0xb7bd1ed0, 0x7ec7d6ed, - 0xdb85e2cc, 0x57846842, 0xc22d2c98, 0x0e55eda4, - 0x88507528, 0x31b8865c, 0x3fed6bf8, 0xa411c286, + 0x186018c07830d818, 0x238c2305af462623, 0xc63fc67ef991b8c6, 0xe887e8136fcdfbe8, + 0x8726874ca113cb87, 0xb8dab8a9626d11b8, 0x0104010805020901, 0x4f214f426e9e0d4f, + 0x36d836adee6c9b36, 0xa6a2a6590451ffa6, 0xd26fd2debdb90cd2, 0xf5f3f5fb06f70ef5, + 0x79f979ef80f29679, 0x6fa16f5fcede306f, 0x917e91fcef3f6d91, 0x525552aa07a4f852, + 0x609d6027fdc04760, 0xbccabc89766535bc, 0x9b569baccd2b379b, 0x8e028e048c018a8e, + 0xa3b6a371155bd2a3, 0x0c300c603c186c0c, 0x7bf17bff8af6847b, 0x35d435b5e16a8035, + 0x1d741de8693af51d, 0xe0a7e05347ddb3e0, 0xd77bd7f6acb321d7, 0xc22fc25eed999cc2, + 0x2eb82e6d965c432e, 0x4b314b627a96294b, 0xfedffea321e15dfe, 0x5741578216aed557, + 0x155415a8412abd15, 0x77c1779fb6eee877, 0x37dc37a5eb6e9237, 0xe5b3e57b56d79ee5, + 0x9f469f8cd923139f, 0xf0e7f0d317fd23f0, 0x4a354a6a7f94204a, 0xda4fda9e95a944da, + 0x587d58fa25b0a258, 0xc903c906ca8fcfc9, 0x29a429558d527c29, 0x0a280a5022145a0a, + 0xb1feb1e14f7f50b1, 0xa0baa0691a5dc9a0, 0x6bb16b7fdad6146b, 0x852e855cab17d985, + 0xbdcebd8173673cbd, 0x5d695dd234ba8f5d, 0x1040108050209010, 0xf4f7f4f303f507f4, + 0xcb0bcb16c08bddcb, 0x3ef83eedc67cd33e, 0x05140528110a2d05, 0x6781671fe6ce7867, + 0xe4b7e47353d597e4, 0x279c2725bb4e0227, 0x4119413258827341, 0x8b168b2c9d0ba78b, + 0xa7a6a7510153f6a7, 0x7de97dcf94fab27d, 0x956e95dcfb374995, 0xd847d88e9fad56d8, + 0xfbcbfb8b30eb70fb, 0xee9fee2371c1cdee, 0x7ced7cc791f8bb7c, 0x66856617e3cc7166, + 0xdd53dda68ea77bdd, 0x175c17b84b2eaf17, 0x47014702468e4547, 0x9e429e84dc211a9e, + 0xca0fca1ec589d4ca, 0x2db42d75995a582d, 0xbfc6bf9179632ebf, 0x071c07381b0e3f07, + 0xad8ead012347acad, 0x5a755aea2fb4b05a, 0x8336836cb51bef83, 0x33cc3385ff66b633, + 0x6391633ff2c65c63, 0x020802100a041202, 0xaa92aa39384993aa, 0x71d971afa8e2de71, + 0xc807c80ecf8dc6c8, 0x196419c87d32d119, 0x4939497270923b49, 0xd943d9869aaf5fd9, + 0xf2eff2c31df931f2, 0xe3abe34b48dba8e3, 0x5b715be22ab6b95b, 0x881a8834920dbc88, + 0x9a529aa4c8293e9a, 0x2698262dbe4c0b26, 0x32c8328dfa64bf32, 0xb0fab0e94a7d59b0, + 0xe983e91b6acff2e9, 0x0f3c0f78331e770f, 0xd573d5e6a6b733d5, 0x803a8074ba1df480, + 0xbec2be997c6127be, 0xcd13cd26de87ebcd, 0x34d034bde4688934, 0x483d487a75903248, + 0xffdbffab24e354ff, 0x7af57af78ff48d7a, 0x907a90f4ea3d6490, 0x5f615fc23ebe9d5f, + 0x2080201da0403d20, 0x68bd6867d5d00f68, 0x1a681ad07234ca1a, 0xae82ae192c41b7ae, + 0xb4eab4c95e757db4, 0x544d549a19a8ce54, 0x937693ece53b7f93, 0x2288220daa442f22, + 0x648d6407e9c86364, 0xf1e3f1db12ff2af1, 0x73d173bfa2e6cc73, 0x124812905a248212, + 0x401d403a5d807a40, 0x0820084028104808, 0xc32bc356e89b95c3, 0xec97ec337bc5dfec, + 0xdb4bdb9690ab4ddb, 0xa1bea1611f5fc0a1, 0x8d0e8d1c8307918d, 0x3df43df5c97ac83d, + 0x976697ccf1335b97, 0x0000000000000000, 0xcf1bcf36d483f9cf, 0x2bac2b4587566e2b, + 0x76c57697b3ece176, 0x82328264b019e682, 0xd67fd6fea9b128d6, 0x1b6c1bd87736c31b, + 0xb5eeb5c15b7774b5, 0xaf86af112943beaf, 0x6ab56a77dfd41d6a, 0x505d50ba0da0ea50, + 0x450945124c8a5745, 0xf3ebf3cb18fb38f3, 0x30c0309df060ad30, 0xef9bef2b74c3c4ef, + 0x3ffc3fe5c37eda3f, 0x554955921caac755, 0xa2b2a2791059dba2, 0xea8fea0365c9e9ea, + 0x6589650fecca6a65, 0xbad2bab9686903ba, 0x2fbc2f65935e4a2f, 0xc027c04ee79d8ec0, + 0xde5fdebe81a160de, 0x1c701ce06c38fc1c, 0xfdd3fdbb2ee746fd, 0x4d294d52649a1f4d, + 0x927292e4e0397692, 0x75c9758fbceafa75, 0x061806301e0c3606, 0x8a128a249809ae8a, + 0xb2f2b2f940794bb2, 0xe6bfe66359d185e6, 0x0e380e70361c7e0e, 0x1f7c1ff8633ee71f, + 0x62956237f7c45562, 0xd477d4eea3b53ad4, 0xa89aa829324d81a8, 0x966296c4f4315296, + 0xf9c3f99b3aef62f9, 0xc533c566f697a3c5, 0x25942535b14a1025, 0x597959f220b2ab59, + 0x842a8454ae15d084, 0x72d572b7a7e4c572, 0x39e439d5dd72ec39, 0x4c2d4c5a6198164c, + 0x5e655eca3bbc945e, 0x78fd78e785f09f78, 0x38e038ddd870e538, 0x8c0a8c148605988c, + 0xd163d1c6b2bf17d1, 0xa5aea5410b57e4a5, 0xe2afe2434dd9a1e2, 0x6199612ff8c24e61, + 0xb3f6b3f1457b42b3, 0x21842115a5423421, 0x9c4a9c94d625089c, 0x1e781ef0663cee1e, + 0x4311432252866143, 0xc73bc776fc93b1c7, 0xfcd7fcb32be54ffc, 0x0410042014082404, + 0x515951b208a2e351, 0x995e99bcc72f2599, 0x6da96d4fc4da226d, 0x0d340d68391a650d, + 0xfacffa8335e979fa, 0xdf5bdfb684a369df, 0x7ee57ed79bfca97e, 0x2490243db4481924, + 0x3bec3bc5d776fe3b, 0xab96ab313d4b9aab, 0xce1fce3ed181f0ce, 0x1144118855229911, + 0x8f068f0c8903838f, 0x4e254e4a6b9c044e, 0xb7e6b7d1517366b7, 0xeb8beb0b60cbe0eb, + 0x3cf03cfdcc78c13c, 0x813e817cbf1ffd81, 0x946a94d4fe354094, 0xf7fbf7eb0cf31cf7, + 0xb9deb9a1676f18b9, 0x134c13985f268b13, 0x2cb02c7d9c58512c, 0xd36bd3d6b8bb05d3, + 0xe7bbe76b5cd38ce7, 0x6ea56e57cbdc396e, 0xc437c46ef395aac4, 0x030c03180f061b03, + 0x5645568a13acdc56, 0x440d441a49885e44, 0x7fe17fdf9efea07f, 0xa99ea921374f88a9, + 0x2aa82a4d8254672a, 0xbbd6bbb16d6b0abb, 0xc123c146e29f87c1, 0x535153a202a6f153, + 0xdc57dcae8ba572dc, 0x0b2c0b582716530b, 0x9d4e9d9cd327019d, 0x6cad6c47c1d82b6c, + 0x31c43195f562a431, 0x74cd7487b9e8f374, 0xf6fff6e309f115f6, 0x4605460a438c4c46, + 0xac8aac092645a5ac, 0x891e893c970fb589, 0x145014a04428b414, 0xe1a3e15b42dfbae1, + 0x165816b04e2ca616, 0x3ae83acdd274f73a, 0x69b9696fd0d20669, 0x092409482d124109, + 0x70dd70a7ade0d770, 0xb6e2b6d954716fb6, 0xd067d0ceb7bd1ed0, 0xed93ed3b7ec7d6ed, + 0xcc17cc2edb85e2cc, 0x4215422a57846842, 0x985a98b4c22d2c98, 0xa4aaa4490e55eda4, + 0x28a0285d88507528, 0x5c6d5cda31b8865c, 0xf8c7f8933fed6bf8, 0x86228644a411c286, }, }; -CONSTANT_VK u32a rchl[32] = +CONSTANT_VK u64a RC[16] = { - 0x1823c6e8, - 0x87b8014f, - 0x36a6d2f5, - 0x796f9152, - 0x60bc9b8e, - 0xa30c7b35, - 0x1de0d7c2, - 0x2e4bfe57, - 0x157737e5, - 0x9ff04ada, - 0x58c9290a, - 0xb1a06b85, - 0xbd5d10f4, - 0xcb3e0567, - 0xe427418b, - 0xa77d95d8, - 0xfbee7c66, - 0xdd17479e, - 0xca2dbf07, - 0xad5a8333, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, + 0x1823c6e887b8014f, + 0x36a6d2f5796f9152, + 0x60bc9b8ea30c7b35, + 0x1de0d7c22e4bfe57, + 0x157737e59ff04ada, + 0x58c9290ab1a06b85, + 0xbd5d10f4cb3e0567, + 0xe427418ba77d95d8, + 0xfbee7c66dd17479e, + 0xca2dbf07ad5a8333, }; // important notes on this: @@ -1114,175 +560,171 @@ CONSTANT_VK u32a rchl[32] = // input buf needs to be in algorithm native byte order (md5 = LE, sha256 = BE, etc) // input buf needs to be 64 byte aligned when using whirlpool_update() -DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { - u32 Kh[8]; - u32 Kl[8]; + u64 D[8]; - Kh[0] = digest[ 0]; - Kl[0] = digest[ 1]; - Kh[1] = digest[ 2]; - Kl[1] = digest[ 3]; - Kh[2] = digest[ 4]; - Kl[2] = digest[ 5]; - Kh[3] = digest[ 6]; - Kl[3] = digest[ 7]; - Kh[4] = digest[ 8]; - Kl[4] = digest[ 9]; - Kh[5] = digest[10]; - Kl[5] = digest[11]; - Kh[6] = digest[12]; - Kl[6] = digest[13]; - Kh[7] = digest[14]; - Kl[7] = digest[15]; + D[0] = hl32_to_64_S (digest[ 0], digest[ 1]); + D[1] = hl32_to_64_S (digest[ 2], digest[ 3]); + D[2] = hl32_to_64_S (digest[ 4], digest[ 5]); + D[3] = hl32_to_64_S (digest[ 6], digest[ 7]); + D[4] = hl32_to_64_S (digest[ 8], digest[ 9]); + D[5] = hl32_to_64_S (digest[10], digest[11]); + D[6] = hl32_to_64_S (digest[12], digest[13]); + D[7] = hl32_to_64_S (digest[14], digest[15]); - u32 stateh[8]; - u32 statel[8]; + u64 K[8]; - stateh[0] = w0[0] ^ Kh[0]; - statel[0] = w0[1] ^ Kl[0]; - stateh[1] = w0[2] ^ Kh[1]; - statel[1] = w0[3] ^ Kl[1]; - stateh[2] = w1[0] ^ Kh[2]; - statel[2] = w1[1] ^ Kl[2]; - stateh[3] = w1[2] ^ Kh[3]; - statel[3] = w1[3] ^ Kl[3]; - stateh[4] = w2[0] ^ Kh[4]; - statel[4] = w2[1] ^ Kl[4]; - stateh[5] = w2[2] ^ Kh[5]; - statel[5] = w2[3] ^ Kl[5]; - stateh[6] = w3[0] ^ Kh[6]; - statel[6] = w3[1] ^ Kl[6]; - stateh[7] = w3[2] ^ Kh[7]; - statel[7] = w3[3] ^ Kl[7]; + K[0] = D[0]; + K[1] = D[1]; + K[2] = D[2]; + K[3] = D[3]; + K[4] = D[4]; + K[5] = D[5]; + K[6] = D[6]; + K[7] = D[7]; - for (u32 r = 0; r < (R * 2); r += 2) + u64 W[8]; + + W[0] = hl32_to_64_S (w0[0], w0[1]); + W[1] = hl32_to_64_S (w0[2], w0[3]); + W[2] = hl32_to_64_S (w1[0], w1[1]); + W[3] = hl32_to_64_S (w1[2], w1[3]); + W[4] = hl32_to_64_S (w2[0], w2[1]); + W[5] = hl32_to_64_S (w2[2], w2[3]); + W[6] = hl32_to_64_S (w3[0], w3[1]); + W[7] = hl32_to_64_S (w3[2], w3[3]); + + u64 state[8]; + + state[0] = K[0] ^ W[0]; + state[1] = K[1] ^ W[1]; + state[2] = K[2] ^ W[2]; + state[3] = K[3] ^ W[3]; + state[4] = K[4] ^ W[4]; + state[5] = K[5] ^ W[5]; + state[6] = K[6] ^ W[6]; + state[7] = K[7] ^ W[7]; + + for (u32 r = 0; r < R; r++) { - u32 Lh[8]; - u32 Ll[8]; - - u32 i; + u64 L[8]; #ifdef _unroll #pragma unroll #endif - for (i = 0; i < 8; i++) + for (int i = 0; i < 8; i++) { - const u32 Lp0 = Kh[(i + 8) & 7] >> 24; - const u32 Lp1 = Kh[(i + 7) & 7] >> 16; - const u32 Lp2 = Kh[(i + 6) & 7] >> 8; - const u32 Lp3 = Kh[(i + 5) & 7] >> 0; - const u32 Lp4 = Kl[(i + 4) & 7] >> 24; - const u32 Lp5 = Kl[(i + 3) & 7] >> 16; - const u32 Lp6 = Kl[(i + 2) & 7] >> 8; - const u32 Lp7 = Kl[(i + 1) & 7] >> 0; + const u8 Lp0 = K[(i + 8) & 7] >> 56; + const u8 Lp1 = K[(i + 7) & 7] >> 48; + const u8 Lp2 = K[(i + 6) & 7] >> 40; + const u8 Lp3 = K[(i + 5) & 7] >> 32; + const u8 Lp4 = K[(i + 4) & 7] >> 24; + const u8 Lp5 = K[(i + 3) & 7] >> 16; + const u8 Lp6 = K[(i + 2) & 7] >> 8; + const u8 Lp7 = K[(i + 1) & 7] >> 0; - Lh[i] = BOX_S (s_Ch, 0, Lp0 & 0xff) - ^ BOX_S (s_Ch, 1, Lp1 & 0xff) - ^ BOX_S (s_Ch, 2, Lp2 & 0xff) - ^ BOX_S (s_Ch, 3, Lp3 & 0xff) - ^ BOX_S (s_Ch, 4, Lp4 & 0xff) - ^ BOX_S (s_Ch, 5, Lp5 & 0xff) - ^ BOX_S (s_Ch, 6, Lp6 & 0xff) - ^ BOX_S (s_Ch, 7, Lp7 & 0xff); + const u64 X0 = BOX64_S (s_MT, 0, Lp0); + const u64 X1 = BOX64_S (s_MT, 1, Lp1); + const u64 X2 = BOX64_S (s_MT, 2, Lp2); + const u64 X3 = BOX64_S (s_MT, 3, Lp3); + const u64 X4 = BOX64_S (s_MT, 4, Lp4); + const u64 X5 = BOX64_S (s_MT, 5, Lp5); + const u64 X6 = BOX64_S (s_MT, 6, Lp6); + const u64 X7 = BOX64_S (s_MT, 7, Lp7); - Ll[i] = BOX_S (s_Cl, 0, Lp0 & 0xff) - ^ BOX_S (s_Cl, 1, Lp1 & 0xff) - ^ BOX_S (s_Cl, 2, Lp2 & 0xff) - ^ BOX_S (s_Cl, 3, Lp3 & 0xff) - ^ BOX_S (s_Cl, 4, Lp4 & 0xff) - ^ BOX_S (s_Cl, 5, Lp5 & 0xff) - ^ BOX_S (s_Cl, 6, Lp6 & 0xff) - ^ BOX_S (s_Cl, 7, Lp7 & 0xff); + L[i] = X0 + ^ X1 + ^ X2 + ^ X3 + ^ X4 + ^ X5 + ^ X6 + ^ X7; } - Kh[0] = Lh[0] ^ rchl[r + 0]; - Kl[0] = Ll[0] ^ rchl[r + 1]; - Kh[1] = Lh[1]; - Kl[1] = Ll[1]; - Kh[2] = Lh[2]; - Kl[2] = Ll[2]; - Kh[3] = Lh[3]; - Kl[3] = Ll[3]; - Kh[4] = Lh[4]; - Kl[4] = Ll[4]; - Kh[5] = Lh[5]; - Kl[5] = Ll[5]; - Kh[6] = Lh[6]; - Kl[6] = Ll[6]; - Kh[7] = Lh[7]; - Kl[7] = Ll[7]; + const u64 rc = s_RC[r]; + + K[0] = L[0] ^ rc; + K[1] = L[1]; + K[2] = L[2]; + K[3] = L[3]; + K[4] = L[4]; + K[5] = L[5]; + K[6] = L[6]; + K[7] = L[7]; #ifdef _unroll #pragma unroll #endif - for (i = 0; i < 8; i++) + for (int i = 0; i < 8; i++) { - const u32 Lp0 = stateh[(i + 8) & 7] >> 24; - const u32 Lp1 = stateh[(i + 7) & 7] >> 16; - const u32 Lp2 = stateh[(i + 6) & 7] >> 8; - const u32 Lp3 = stateh[(i + 5) & 7] >> 0; - const u32 Lp4 = statel[(i + 4) & 7] >> 24; - const u32 Lp5 = statel[(i + 3) & 7] >> 16; - const u32 Lp6 = statel[(i + 2) & 7] >> 8; - const u32 Lp7 = statel[(i + 1) & 7] >> 0; + const u8 Lp0 = state[(i + 8) & 7] >> 56; + const u8 Lp1 = state[(i + 7) & 7] >> 48; + const u8 Lp2 = state[(i + 6) & 7] >> 40; + const u8 Lp3 = state[(i + 5) & 7] >> 32; + const u8 Lp4 = state[(i + 4) & 7] >> 24; + const u8 Lp5 = state[(i + 3) & 7] >> 16; + const u8 Lp6 = state[(i + 2) & 7] >> 8; + const u8 Lp7 = state[(i + 1) & 7] >> 0; - Lh[i] = BOX_S (s_Ch, 0, Lp0 & 0xff) - ^ BOX_S (s_Ch, 1, Lp1 & 0xff) - ^ BOX_S (s_Ch, 2, Lp2 & 0xff) - ^ BOX_S (s_Ch, 3, Lp3 & 0xff) - ^ BOX_S (s_Ch, 4, Lp4 & 0xff) - ^ BOX_S (s_Ch, 5, Lp5 & 0xff) - ^ BOX_S (s_Ch, 6, Lp6 & 0xff) - ^ BOX_S (s_Ch, 7, Lp7 & 0xff); + const u64 X0 = BOX64_S (s_MT, 0, Lp0); + const u64 X1 = BOX64_S (s_MT, 1, Lp1); + const u64 X2 = BOX64_S (s_MT, 2, Lp2); + const u64 X3 = BOX64_S (s_MT, 3, Lp3); + const u64 X4 = BOX64_S (s_MT, 4, Lp4); + const u64 X5 = BOX64_S (s_MT, 5, Lp5); + const u64 X6 = BOX64_S (s_MT, 6, Lp6); + const u64 X7 = BOX64_S (s_MT, 7, Lp7); - Ll[i] = BOX_S (s_Cl, 0, Lp0 & 0xff) - ^ BOX_S (s_Cl, 1, Lp1 & 0xff) - ^ BOX_S (s_Cl, 2, Lp2 & 0xff) - ^ BOX_S (s_Cl, 3, Lp3 & 0xff) - ^ BOX_S (s_Cl, 4, Lp4 & 0xff) - ^ BOX_S (s_Cl, 5, Lp5 & 0xff) - ^ BOX_S (s_Cl, 6, Lp6 & 0xff) - ^ BOX_S (s_Cl, 7, Lp7 & 0xff); + L[i] = X0 + ^ X1 + ^ X2 + ^ X3 + ^ X4 + ^ X5 + ^ X6 + ^ X7; } - stateh[0] = Lh[0] ^ Kh[0]; - statel[0] = Ll[0] ^ Kl[0]; - stateh[1] = Lh[1] ^ Kh[1]; - statel[1] = Ll[1] ^ Kl[1]; - stateh[2] = Lh[2] ^ Kh[2]; - statel[2] = Ll[2] ^ Kl[2]; - stateh[3] = Lh[3] ^ Kh[3]; - statel[3] = Ll[3] ^ Kl[3]; - stateh[4] = Lh[4] ^ Kh[4]; - statel[4] = Ll[4] ^ Kl[4]; - stateh[5] = Lh[5] ^ Kh[5]; - statel[5] = Ll[5] ^ Kl[5]; - stateh[6] = Lh[6] ^ Kh[6]; - statel[6] = Ll[6] ^ Kl[6]; - stateh[7] = Lh[7] ^ Kh[7]; - statel[7] = Ll[7] ^ Kl[7]; + state[0] = L[0] ^ K[0]; + state[1] = L[1] ^ K[1]; + state[2] = L[2] ^ K[2]; + state[3] = L[3] ^ K[3]; + state[4] = L[4] ^ K[4]; + state[5] = L[5] ^ K[5]; + state[6] = L[6] ^ K[6]; + state[7] = L[7] ^ K[7]; } - digest[ 0] ^= stateh[0] ^ w0[0]; - digest[ 1] ^= statel[0] ^ w0[1]; - digest[ 2] ^= stateh[1] ^ w0[2]; - digest[ 3] ^= statel[1] ^ w0[3]; - digest[ 4] ^= stateh[2] ^ w1[0]; - digest[ 5] ^= statel[2] ^ w1[1]; - digest[ 6] ^= stateh[3] ^ w1[2]; - digest[ 7] ^= statel[3] ^ w1[3]; - digest[ 8] ^= stateh[4] ^ w2[0]; - digest[ 9] ^= statel[4] ^ w2[1]; - digest[10] ^= stateh[5] ^ w2[2]; - digest[11] ^= statel[5] ^ w2[3]; - digest[12] ^= stateh[6] ^ w3[0]; - digest[13] ^= statel[6] ^ w3[1]; - digest[14] ^= stateh[7] ^ w3[2]; - digest[15] ^= statel[7] ^ w3[3]; + W[0] ^= D[0] ^ state[0]; + W[1] ^= D[1] ^ state[1]; + W[2] ^= D[2] ^ state[2]; + W[3] ^= D[3] ^ state[3]; + W[4] ^= D[4] ^ state[4]; + W[5] ^= D[5] ^ state[5]; + W[6] ^= D[6] ^ state[6]; + W[7] ^= D[7] ^ state[7]; + + digest[ 0] = h32_from_64_S (W[0]); + digest[ 1] = l32_from_64_S (W[0]); + digest[ 2] = h32_from_64_S (W[1]); + digest[ 3] = l32_from_64_S (W[1]); + digest[ 4] = h32_from_64_S (W[2]); + digest[ 5] = l32_from_64_S (W[2]); + digest[ 6] = h32_from_64_S (W[3]); + digest[ 7] = l32_from_64_S (W[3]); + digest[ 8] = h32_from_64_S (W[4]); + digest[ 9] = l32_from_64_S (W[4]); + digest[10] = h32_from_64_S (W[5]); + digest[11] = l32_from_64_S (W[5]); + digest[12] = h32_from_64_S (W[6]); + digest[13] = l32_from_64_S (W[6]); + digest[14] = h32_from_64_S (W[7]); + digest[15] = l32_from_64_S (W[7]); } -DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { ctx->h[ 0] = 0; ctx->h[ 1] = 0; @@ -1320,8 +762,8 @@ DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u32 (*s_Ch)[256], S ctx->len = 0; - ctx->s_Ch = s_Ch; - ctx->s_Cl = s_Cl; + ctx->s_MT = s_MT; + ctx->s_RC = s_RC; } DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len) @@ -1351,7 +793,7 @@ DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 * if (len == 64) { - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_Ch, ctx->s_Cl); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -1420,7 +862,7 @@ DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 * ctx->w3[2] |= w3[2]; ctx->w3[3] |= w3[3]; - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_Ch, ctx->s_Cl); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); ctx->w0[0] = c0[0]; ctx->w0[1] = c0[1]; @@ -1962,7 +1404,7 @@ DECLSPEC void whirlpool_final (whirlpool_ctx_t *ctx) if (pos >= 32) { - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_Ch, ctx->s_Cl); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -1985,12 +1427,12 @@ DECLSPEC void whirlpool_final (whirlpool_ctx_t *ctx) ctx->w3[2] = 0; ctx->w3[3] = ctx->len * 8; - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_Ch, ctx->s_Cl); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); } // whirlpool_hmac -DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { u32 t0[4]; u32 t1[4]; @@ -2016,7 +1458,7 @@ DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, t3[2] = w3[2] ^ 0x36363636; t3[3] = w3[3] ^ 0x36363636; - whirlpool_init (&ctx->ipad, s_Ch, s_Cl); + whirlpool_init (&ctx->ipad, s_MT, s_RC); whirlpool_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); @@ -2039,12 +1481,12 @@ DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, t3[2] = w3[2] ^ 0x5c5c5c5c; t3[3] = w3[3] ^ 0x5c5c5c5c; - whirlpool_init (&ctx->opad, s_Ch, s_Cl); + whirlpool_init (&ctx->opad, s_MT, s_RC); whirlpool_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } -DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { u32 w0[4]; u32 w1[4]; @@ -2055,7 +1497,7 @@ DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, cons { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_Ch, s_Cl); + whirlpool_init (&tmp, s_MT, s_RC); whirlpool_update (&tmp, w, len); @@ -2098,10 +1540,10 @@ DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, cons w3[3] = w[15]; } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT, s_RC); } -DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { u32 w0[4]; u32 w1[4]; @@ -2112,7 +1554,7 @@ DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_Ch, s_Cl); + whirlpool_init (&tmp, s_MT, s_RC); whirlpool_update_swap (&tmp, w, len); @@ -2155,10 +1597,10 @@ DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, w3[3] = hc_swap32_S (w[15]); } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT, s_RC); } -DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { u32 w0[4]; u32 w1[4]; @@ -2169,7 +1611,7 @@ DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS c { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_Ch, s_Cl); + whirlpool_init (&tmp, s_MT, s_RC); whirlpool_update_global (&tmp, w, len); @@ -2212,10 +1654,10 @@ DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS c w3[3] = w[15]; } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT, s_RC); } -DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { u32 w0[4]; u32 w1[4]; @@ -2226,7 +1668,7 @@ DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_Ch, s_Cl); + whirlpool_init (&tmp, s_MT, s_RC); whirlpool_update_global_swap (&tmp, w, len); @@ -2269,7 +1711,7 @@ DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL w3[3] = hc_swap32_S (w[15]); } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT, s_RC); } DECLSPEC void whirlpool_hmac_update_64 (whirlpool_hmac_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len) @@ -2340,7 +1782,7 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) ctx->opad.len += 64; - whirlpool_transform (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_Ch, ctx->opad.s_Cl); + whirlpool_transform (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_MT, ctx->opad.s_RC); ctx->opad.w0[0] = 0; ctx->opad.w0[1] = 0; @@ -2364,175 +1806,171 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) // while input buf can be a vector datatype, the length of the different elements can not -DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { - u32x Kh[8]; - u32x Kl[8]; + u64x D[8]; - Kh[0] = digest[ 0]; - Kl[0] = digest[ 1]; - Kh[1] = digest[ 2]; - Kl[1] = digest[ 3]; - Kh[2] = digest[ 4]; - Kl[2] = digest[ 5]; - Kh[3] = digest[ 6]; - Kl[3] = digest[ 7]; - Kh[4] = digest[ 8]; - Kl[4] = digest[ 9]; - Kh[5] = digest[10]; - Kl[5] = digest[11]; - Kh[6] = digest[12]; - Kl[6] = digest[13]; - Kh[7] = digest[14]; - Kl[7] = digest[15]; + D[0] = hl32_to_64 (digest[ 0], digest[ 1]); + D[1] = hl32_to_64 (digest[ 2], digest[ 3]); + D[2] = hl32_to_64 (digest[ 4], digest[ 5]); + D[3] = hl32_to_64 (digest[ 6], digest[ 7]); + D[4] = hl32_to_64 (digest[ 8], digest[ 9]); + D[5] = hl32_to_64 (digest[10], digest[11]); + D[6] = hl32_to_64 (digest[12], digest[13]); + D[7] = hl32_to_64 (digest[14], digest[15]); - u32x stateh[8]; - u32x statel[8]; + u64x K[8]; - stateh[0] = w0[0] ^ Kh[0]; - statel[0] = w0[1] ^ Kl[0]; - stateh[1] = w0[2] ^ Kh[1]; - statel[1] = w0[3] ^ Kl[1]; - stateh[2] = w1[0] ^ Kh[2]; - statel[2] = w1[1] ^ Kl[2]; - stateh[3] = w1[2] ^ Kh[3]; - statel[3] = w1[3] ^ Kl[3]; - stateh[4] = w2[0] ^ Kh[4]; - statel[4] = w2[1] ^ Kl[4]; - stateh[5] = w2[2] ^ Kh[5]; - statel[5] = w2[3] ^ Kl[5]; - stateh[6] = w3[0] ^ Kh[6]; - statel[6] = w3[1] ^ Kl[6]; - stateh[7] = w3[2] ^ Kh[7]; - statel[7] = w3[3] ^ Kl[7]; + K[0] = D[0]; + K[1] = D[1]; + K[2] = D[2]; + K[3] = D[3]; + K[4] = D[4]; + K[5] = D[5]; + K[6] = D[6]; + K[7] = D[7]; - for (u32 r = 0; r < (R * 2); r += 2) + u64x W[8]; + + W[0] = hl32_to_64 (w0[0], w0[1]); + W[1] = hl32_to_64 (w0[2], w0[3]); + W[2] = hl32_to_64 (w1[0], w1[1]); + W[3] = hl32_to_64 (w1[2], w1[3]); + W[4] = hl32_to_64 (w2[0], w2[1]); + W[5] = hl32_to_64 (w2[2], w2[3]); + W[6] = hl32_to_64 (w3[0], w3[1]); + W[7] = hl32_to_64 (w3[2], w3[3]); + + u64x state[8]; + + state[0] = K[0] ^ W[0]; + state[1] = K[1] ^ W[1]; + state[2] = K[2] ^ W[2]; + state[3] = K[3] ^ W[3]; + state[4] = K[4] ^ W[4]; + state[5] = K[5] ^ W[5]; + state[6] = K[6] ^ W[6]; + state[7] = K[7] ^ W[7]; + + for (u32 r = 0; r < R; r++) { - u32x Lh[8]; - u32x Ll[8]; - - u32 i; + u64x L[8]; #ifdef _unroll #pragma unroll #endif - for (i = 0; i < 8; i++) + for (int i = 0; i < 8; i++) { - const u32x Lp0 = Kh[(i + 8) & 7] >> 24; - const u32x Lp1 = Kh[(i + 7) & 7] >> 16; - const u32x Lp2 = Kh[(i + 6) & 7] >> 8; - const u32x Lp3 = Kh[(i + 5) & 7] >> 0; - const u32x Lp4 = Kl[(i + 4) & 7] >> 24; - const u32x Lp5 = Kl[(i + 3) & 7] >> 16; - const u32x Lp6 = Kl[(i + 2) & 7] >> 8; - const u32x Lp7 = Kl[(i + 1) & 7] >> 0; + const u8x Lp0 = K[(i + 8) & 7] >> 56; + const u8x Lp1 = K[(i + 7) & 7] >> 48; + const u8x Lp2 = K[(i + 6) & 7] >> 40; + const u8x Lp3 = K[(i + 5) & 7] >> 32; + const u8x Lp4 = K[(i + 4) & 7] >> 24; + const u8x Lp5 = K[(i + 3) & 7] >> 16; + const u8x Lp6 = K[(i + 2) & 7] >> 8; + const u8x Lp7 = K[(i + 1) & 7] >> 0; - Lh[i] = BOX (s_Ch, 0, Lp0 & 0xff) - ^ BOX (s_Ch, 1, Lp1 & 0xff) - ^ BOX (s_Ch, 2, Lp2 & 0xff) - ^ BOX (s_Ch, 3, Lp3 & 0xff) - ^ BOX (s_Ch, 4, Lp4 & 0xff) - ^ BOX (s_Ch, 5, Lp5 & 0xff) - ^ BOX (s_Ch, 6, Lp6 & 0xff) - ^ BOX (s_Ch, 7, Lp7 & 0xff); + const u64x X0 = BOX64 (s_MT, 0, Lp0); + const u64x X1 = BOX64 (s_MT, 1, Lp1); + const u64x X2 = BOX64 (s_MT, 2, Lp2); + const u64x X3 = BOX64 (s_MT, 3, Lp3); + const u64x X4 = BOX64 (s_MT, 4, Lp4); + const u64x X5 = BOX64 (s_MT, 5, Lp5); + const u64x X6 = BOX64 (s_MT, 6, Lp6); + const u64x X7 = BOX64 (s_MT, 7, Lp7); - Ll[i] = BOX (s_Cl, 0, Lp0 & 0xff) - ^ BOX (s_Cl, 1, Lp1 & 0xff) - ^ BOX (s_Cl, 2, Lp2 & 0xff) - ^ BOX (s_Cl, 3, Lp3 & 0xff) - ^ BOX (s_Cl, 4, Lp4 & 0xff) - ^ BOX (s_Cl, 5, Lp5 & 0xff) - ^ BOX (s_Cl, 6, Lp6 & 0xff) - ^ BOX (s_Cl, 7, Lp7 & 0xff); + L[i] = X0 + ^ X1 + ^ X2 + ^ X3 + ^ X4 + ^ X5 + ^ X6 + ^ X7; } - Kh[0] = Lh[0] ^ rchl[r + 0]; - Kl[0] = Ll[0] ^ rchl[r + 1]; - Kh[1] = Lh[1]; - Kl[1] = Ll[1]; - Kh[2] = Lh[2]; - Kl[2] = Ll[2]; - Kh[3] = Lh[3]; - Kl[3] = Ll[3]; - Kh[4] = Lh[4]; - Kl[4] = Ll[4]; - Kh[5] = Lh[5]; - Kl[5] = Ll[5]; - Kh[6] = Lh[6]; - Kl[6] = Ll[6]; - Kh[7] = Lh[7]; - Kl[7] = Ll[7]; + const u64 rc = s_RC[r]; + + K[0] = L[0] ^ rc; + K[1] = L[1]; + K[2] = L[2]; + K[3] = L[3]; + K[4] = L[4]; + K[5] = L[5]; + K[6] = L[6]; + K[7] = L[7]; #ifdef _unroll #pragma unroll #endif - for (i = 0; i < 8; i++) + for (int i = 0; i < 8; i++) { - const u32x Lp0 = stateh[(i + 8) & 7] >> 24; - const u32x Lp1 = stateh[(i + 7) & 7] >> 16; - const u32x Lp2 = stateh[(i + 6) & 7] >> 8; - const u32x Lp3 = stateh[(i + 5) & 7] >> 0; - const u32x Lp4 = statel[(i + 4) & 7] >> 24; - const u32x Lp5 = statel[(i + 3) & 7] >> 16; - const u32x Lp6 = statel[(i + 2) & 7] >> 8; - const u32x Lp7 = statel[(i + 1) & 7] >> 0; + const u8x Lp0 = state[(i + 8) & 7] >> 56; + const u8x Lp1 = state[(i + 7) & 7] >> 48; + const u8x Lp2 = state[(i + 6) & 7] >> 40; + const u8x Lp3 = state[(i + 5) & 7] >> 32; + const u8x Lp4 = state[(i + 4) & 7] >> 24; + const u8x Lp5 = state[(i + 3) & 7] >> 16; + const u8x Lp6 = state[(i + 2) & 7] >> 8; + const u8x Lp7 = state[(i + 1) & 7] >> 0; - Lh[i] = BOX (s_Ch, 0, Lp0 & 0xff) - ^ BOX (s_Ch, 1, Lp1 & 0xff) - ^ BOX (s_Ch, 2, Lp2 & 0xff) - ^ BOX (s_Ch, 3, Lp3 & 0xff) - ^ BOX (s_Ch, 4, Lp4 & 0xff) - ^ BOX (s_Ch, 5, Lp5 & 0xff) - ^ BOX (s_Ch, 6, Lp6 & 0xff) - ^ BOX (s_Ch, 7, Lp7 & 0xff); + const u64x X0 = BOX64 (s_MT, 0, Lp0); + const u64x X1 = BOX64 (s_MT, 1, Lp1); + const u64x X2 = BOX64 (s_MT, 2, Lp2); + const u64x X3 = BOX64 (s_MT, 3, Lp3); + const u64x X4 = BOX64 (s_MT, 4, Lp4); + const u64x X5 = BOX64 (s_MT, 5, Lp5); + const u64x X6 = BOX64 (s_MT, 6, Lp6); + const u64x X7 = BOX64 (s_MT, 7, Lp7); - Ll[i] = BOX (s_Cl, 0, Lp0 & 0xff) - ^ BOX (s_Cl, 1, Lp1 & 0xff) - ^ BOX (s_Cl, 2, Lp2 & 0xff) - ^ BOX (s_Cl, 3, Lp3 & 0xff) - ^ BOX (s_Cl, 4, Lp4 & 0xff) - ^ BOX (s_Cl, 5, Lp5 & 0xff) - ^ BOX (s_Cl, 6, Lp6 & 0xff) - ^ BOX (s_Cl, 7, Lp7 & 0xff); + L[i] = X0 + ^ X1 + ^ X2 + ^ X3 + ^ X4 + ^ X5 + ^ X6 + ^ X7; } - stateh[0] = Lh[0] ^ Kh[0]; - statel[0] = Ll[0] ^ Kl[0]; - stateh[1] = Lh[1] ^ Kh[1]; - statel[1] = Ll[1] ^ Kl[1]; - stateh[2] = Lh[2] ^ Kh[2]; - statel[2] = Ll[2] ^ Kl[2]; - stateh[3] = Lh[3] ^ Kh[3]; - statel[3] = Ll[3] ^ Kl[3]; - stateh[4] = Lh[4] ^ Kh[4]; - statel[4] = Ll[4] ^ Kl[4]; - stateh[5] = Lh[5] ^ Kh[5]; - statel[5] = Ll[5] ^ Kl[5]; - stateh[6] = Lh[6] ^ Kh[6]; - statel[6] = Ll[6] ^ Kl[6]; - stateh[7] = Lh[7] ^ Kh[7]; - statel[7] = Ll[7] ^ Kl[7]; + state[0] = L[0] ^ K[0]; + state[1] = L[1] ^ K[1]; + state[2] = L[2] ^ K[2]; + state[3] = L[3] ^ K[3]; + state[4] = L[4] ^ K[4]; + state[5] = L[5] ^ K[5]; + state[6] = L[6] ^ K[6]; + state[7] = L[7] ^ K[7]; } - digest[ 0] ^= stateh[0] ^ w0[0]; - digest[ 1] ^= statel[0] ^ w0[1]; - digest[ 2] ^= stateh[1] ^ w0[2]; - digest[ 3] ^= statel[1] ^ w0[3]; - digest[ 4] ^= stateh[2] ^ w1[0]; - digest[ 5] ^= statel[2] ^ w1[1]; - digest[ 6] ^= stateh[3] ^ w1[2]; - digest[ 7] ^= statel[3] ^ w1[3]; - digest[ 8] ^= stateh[4] ^ w2[0]; - digest[ 9] ^= statel[4] ^ w2[1]; - digest[10] ^= stateh[5] ^ w2[2]; - digest[11] ^= statel[5] ^ w2[3]; - digest[12] ^= stateh[6] ^ w3[0]; - digest[13] ^= statel[6] ^ w3[1]; - digest[14] ^= stateh[7] ^ w3[2]; - digest[15] ^= statel[7] ^ w3[3]; + W[0] ^= D[0] ^ state[0]; + W[1] ^= D[1] ^ state[1]; + W[2] ^= D[2] ^ state[2]; + W[3] ^= D[3] ^ state[3]; + W[4] ^= D[4] ^ state[4]; + W[5] ^= D[5] ^ state[5]; + W[6] ^= D[6] ^ state[6]; + W[7] ^= D[7] ^ state[7]; + + digest[ 0] = h32_from_64 (W[0]); + digest[ 1] = l32_from_64 (W[0]); + digest[ 2] = h32_from_64 (W[1]); + digest[ 3] = l32_from_64 (W[1]); + digest[ 4] = h32_from_64 (W[2]); + digest[ 5] = l32_from_64 (W[2]); + digest[ 6] = h32_from_64 (W[3]); + digest[ 7] = l32_from_64 (W[3]); + digest[ 8] = h32_from_64 (W[4]); + digest[ 9] = l32_from_64 (W[4]); + digest[10] = h32_from_64 (W[5]); + digest[11] = l32_from_64 (W[5]); + digest[12] = h32_from_64 (W[6]); + digest[13] = l32_from_64 (W[6]); + digest[14] = h32_from_64 (W[7]); + digest[15] = l32_from_64 (W[7]); } -DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { ctx->h[ 0] = 0; ctx->h[ 1] = 0; @@ -2570,8 +2008,8 @@ DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u32 ( ctx->len = 0; - ctx->s_Ch = s_Ch; - ctx->s_Cl = s_Cl; + ctx->s_MT = s_MT; + ctx->s_RC = s_RC; } DECLSPEC void whirlpool_init_vector_from_scalar (whirlpool_ctx_vector_t *ctx, whirlpool_ctx_t *ctx0) @@ -2612,8 +2050,8 @@ DECLSPEC void whirlpool_init_vector_from_scalar (whirlpool_ctx_vector_t *ctx, wh ctx->len = ctx0->len; - ctx->s_Ch = ctx0->s_Ch; - ctx->s_Cl = ctx0->s_Cl; + ctx->s_MT = ctx0->s_MT; + ctx->s_RC = ctx0->s_RC; } DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len) @@ -2643,7 +2081,7 @@ DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, if (len == 64) { - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_Ch, ctx->s_Cl); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -2712,7 +2150,7 @@ DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, ctx->w3[2] |= w3[2]; ctx->w3[3] |= w3[3]; - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_Ch, ctx->s_Cl); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); ctx->w0[0] = c0[0]; ctx->w0[1] = c0[1]; @@ -2998,7 +2436,7 @@ DECLSPEC void whirlpool_final_vector (whirlpool_ctx_vector_t *ctx) if (pos >= 32) { - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_Ch, ctx->s_Cl); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -3021,12 +2459,12 @@ DECLSPEC void whirlpool_final_vector (whirlpool_ctx_vector_t *ctx) ctx->w3[2] = 0; ctx->w3[3] = ctx->len * 8; - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_Ch, ctx->s_Cl); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); } // HMAC + Vector -DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { u32x t0[4]; u32x t1[4]; @@ -3052,7 +2490,7 @@ DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, c t3[2] = w3[2] ^ 0x36363636; t3[3] = w3[3] ^ 0x36363636; - whirlpool_init_vector (&ctx->ipad, s_Ch, s_Cl); + whirlpool_init_vector (&ctx->ipad, s_MT, s_RC); whirlpool_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); @@ -3075,12 +2513,12 @@ DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, c t3[2] = w3[2] ^ 0x5c5c5c5c; t3[3] = w3[3] ^ 0x5c5c5c5c; - whirlpool_init_vector (&ctx->opad, s_Ch, s_Cl); + whirlpool_init_vector (&ctx->opad, s_MT, s_RC); whirlpool_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } -DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { u32x w0[4]; u32x w1[4]; @@ -3091,7 +2529,7 @@ DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, cons { whirlpool_ctx_vector_t tmp; - whirlpool_init_vector (&tmp, s_Ch, s_Cl); + whirlpool_init_vector (&tmp, s_MT, s_RC); whirlpool_update_vector (&tmp, w, len); @@ -3134,7 +2572,7 @@ DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, cons w3[3] = w[15]; } - whirlpool_hmac_init_vector_64 (ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_vector_64 (ctx, w0, w1, w2, w3, s_MT, s_RC); } DECLSPEC void whirlpool_hmac_update_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len) @@ -3170,7 +2608,7 @@ DECLSPEC void whirlpool_hmac_final_vector (whirlpool_hmac_ctx_vector_t *ctx) ctx->opad.len += 64; - whirlpool_transform_vector (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_Ch, ctx->opad.s_Cl); + whirlpool_transform_vector (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_MT, ctx->opad.s_RC); ctx->opad.w0[0] = 0; ctx->opad.w0[1] = 0; diff --git a/OpenCL/inc_hash_whirlpool.h b/OpenCL/inc_hash_whirlpool.h index 882bdd75b..f7c762da5 100644 --- a/OpenCL/inc_hash_whirlpool.h +++ b/OpenCL/inc_hash_whirlpool.h @@ -9,18 +9,24 @@ #define R 10 #if VECT_SIZE == 1 -#define BOX(S,n,i) (S)[(n)][(i)] +#define BOX(S,n,i) (S)[(n)][(i)] +#define BOX64(S,n,i) (S)[(n)][(i)] #elif VECT_SIZE == 2 -#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1]) +#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1]) +#define BOX64(S,n,i) make_u64x ((S)[(n)][(i).s0], (S)[(n)][(i).s1]) #elif VECT_SIZE == 4 -#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3]) +#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3]) +#define BOX64(S,n,i) make_u64x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3]) #elif VECT_SIZE == 8 -#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7]) +#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7]) +#define BOX64(S,n,i) make_u64x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7]) #elif VECT_SIZE == 16 -#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) +#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) +#define BOX64(S,n,i) make_u64x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) #endif -#define BOX_S(S,n,i) (S)[(n)][(i)] +#define BOX_S(S,n,i) (S)[(n)][(i)] +#define BOX64_S(S,n,i) (S)[(n)][(i)] typedef struct whirlpool_ctx { @@ -33,8 +39,8 @@ typedef struct whirlpool_ctx int len; - SHM_TYPE u32 (*s_Ch)[256]; - SHM_TYPE u32 (*s_Cl)[256]; + SHM_TYPE u64 (*s_MT)[256]; + SHM_TYPE u64 *s_RC; } whirlpool_ctx_t; @@ -56,8 +62,8 @@ typedef struct whirlpool_ctx_vector int len; - SHM_TYPE u32 (*s_Ch)[256]; - SHM_TYPE u32 (*s_Cl)[256]; + SHM_TYPE u64 (*s_MT)[256]; + SHM_TYPE u64 *s_RC; } whirlpool_ctx_vector_t; @@ -68,8 +74,8 @@ typedef struct whirlpool_hmac_ctx_vector } whirlpool_hmac_ctx_vector_t; -DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); -DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); +DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len); DECLSPEC void whirlpool_update (whirlpool_ctx_t *ctx, const u32 *w, const int len); DECLSPEC void whirlpool_update_swap (whirlpool_ctx_t *ctx, const u32 *w, const int len); @@ -80,11 +86,11 @@ DECLSPEC void whirlpool_update_global_swap (whirlpool_ctx_t *ctx, GLOBAL_AS cons DECLSPEC void whirlpool_update_global_utf16le (whirlpool_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_update_global_utf16le_swap (whirlpool_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_final (whirlpool_ctx_t *ctx); -DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); -DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); -DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); -DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); -DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); +DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); DECLSPEC void whirlpool_hmac_update_64 (whirlpool_hmac_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len); DECLSPEC void whirlpool_hmac_update (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len); DECLSPEC void whirlpool_hmac_update_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len); @@ -95,8 +101,8 @@ DECLSPEC void whirlpool_hmac_update_global_swap (whirlpool_hmac_ctx_t *ctx, GLOB DECLSPEC void whirlpool_hmac_update_global_utf16le (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_hmac_update_global_utf16le_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx); -DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); -DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); +DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); DECLSPEC void whirlpool_init_vector_from_scalar (whirlpool_ctx_vector_t *ctx, whirlpool_ctx_t *ctx0); DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len); DECLSPEC void whirlpool_update_vector (whirlpool_ctx_vector_t *ctx, const u32x *w, const int len); @@ -104,8 +110,8 @@ DECLSPEC void whirlpool_update_vector_swap (whirlpool_ctx_vector_t *ctx, const u DECLSPEC void whirlpool_update_vector_utf16le (whirlpool_ctx_vector_t *ctx, const u32x *w, const int len); DECLSPEC void whirlpool_update_vector_utf16le_swap (whirlpool_ctx_vector_t *ctx, const u32x *w, const int len); DECLSPEC void whirlpool_final_vector (whirlpool_ctx_vector_t *ctx); -DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); -DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]); +DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); DECLSPEC void whirlpool_hmac_update_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len); DECLSPEC void whirlpool_hmac_update_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len); DECLSPEC void whirlpool_hmac_final_vector (whirlpool_hmac_ctx_vector_t *ctx); diff --git a/OpenCL/m06100_a0-optimized.cl b/OpenCL/m06100_a0-optimized.cl index 7b1c6eee9..373875eed 100644 --- a/OpenCL/m06100_a0-optimized.cl +++ b/OpenCL/m06100_a0-optimized.cl @@ -16,9 +16,9 @@ #include "inc_hash_whirlpool.cl" #endif -DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { - whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT, s_RC); } KERNEL_FQ void m06100_m04 (KERN_ATTR_RULES ()) @@ -37,36 +37,32 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_RULES ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -147,7 +143,7 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_RULES ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_Ch, s_Cl); + whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); COMPARE_M_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } @@ -177,36 +173,32 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_RULES ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -299,7 +291,7 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_RULES ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_Ch, s_Cl); + whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); COMPARE_S_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } diff --git a/OpenCL/m06100_a0-pure.cl b/OpenCL/m06100_a0-pure.cl index 408512f66..7c7e89c65 100644 --- a/OpenCL/m06100_a0-pure.cl +++ b/OpenCL/m06100_a0-pure.cl @@ -32,36 +32,32 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_RULES ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -85,7 +81,7 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_RULES ()) whirlpool_ctx_t ctx; - whirlpool_init (&ctx, s_Ch, s_Cl); + whirlpool_init (&ctx, s_MT, s_RC); whirlpool_update_swap (&ctx, tmp.i, tmp.pw_len); @@ -116,36 +112,32 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_RULES ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -181,7 +173,7 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_RULES ()) whirlpool_ctx_t ctx; - whirlpool_init (&ctx, s_Ch, s_Cl); + whirlpool_init (&ctx, s_MT, s_RC); whirlpool_update_swap (&ctx, tmp.i, tmp.pw_len); diff --git a/OpenCL/m06100_a1-optimized.cl b/OpenCL/m06100_a1-optimized.cl index 54a9f492f..a91f4b0c8 100644 --- a/OpenCL/m06100_a1-optimized.cl +++ b/OpenCL/m06100_a1-optimized.cl @@ -14,9 +14,9 @@ #include "inc_hash_whirlpool.cl" #endif -DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { - whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT, s_RC); } KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) @@ -35,36 +35,32 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -203,7 +199,7 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_Ch, s_Cl); + whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); COMPARE_M_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } @@ -233,36 +229,32 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -413,7 +405,7 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_Ch, s_Cl); + whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); COMPARE_S_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } diff --git a/OpenCL/m06100_a1-pure.cl b/OpenCL/m06100_a1-pure.cl index 7d7693177..9ea4f2102 100644 --- a/OpenCL/m06100_a1-pure.cl +++ b/OpenCL/m06100_a1-pure.cl @@ -30,36 +30,32 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -71,7 +67,7 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_BASIC ()) whirlpool_ctx_t ctx0; - whirlpool_init (&ctx0, s_Ch, s_Cl); + whirlpool_init (&ctx0, s_MT, s_RC); whirlpool_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); @@ -112,36 +108,32 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -165,7 +157,7 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_BASIC ()) whirlpool_ctx_t ctx0; - whirlpool_init (&ctx0, s_Ch, s_Cl); + whirlpool_init (&ctx0, s_MT, s_RC); whirlpool_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); diff --git a/OpenCL/m06100_a3-optimized.cl b/OpenCL/m06100_a3-optimized.cl index e61112e07..944f3cbbd 100644 --- a/OpenCL/m06100_a3-optimized.cl +++ b/OpenCL/m06100_a3-optimized.cl @@ -14,12 +14,12 @@ #include "inc_hash_whirlpool.cl" #endif -DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { - whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT, s_RC); } -DECLSPEC void m06100m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u32 (*s_Cl)[256], SHM_TYPE u32 (*s_Ch)[256]) +DECLSPEC void m06100m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { /** * modifier @@ -82,13 +82,13 @@ DECLSPEC void m06100m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_Ch, s_Cl); + whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); COMPARE_M_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } } -DECLSPEC void m06100s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u32 (*s_Cl)[256], SHM_TYPE u32 (*s_Ch)[256]) +DECLSPEC void m06100s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { /** * modifier @@ -163,7 +163,7 @@ DECLSPEC void m06100s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_Ch, s_Cl); + whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); COMPARE_S_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } @@ -185,36 +185,32 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -258,7 +254,7 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) * main */ - m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_Cl, s_Ch); + m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT, s_RC); } KERNEL_FQ void m06100_m08 (KERN_ATTR_BASIC ()) @@ -277,36 +273,32 @@ KERNEL_FQ void m06100_m08 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -350,7 +342,7 @@ KERNEL_FQ void m06100_m08 (KERN_ATTR_BASIC ()) * main */ - m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_Cl, s_Ch); + m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT, s_RC); } KERNEL_FQ void m06100_m16 (KERN_ATTR_BASIC ()) @@ -373,36 +365,32 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -446,7 +434,7 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) * main */ - m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_Cl, s_Ch); + m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT, s_RC); } KERNEL_FQ void m06100_s08 (KERN_ATTR_BASIC ()) @@ -465,36 +453,32 @@ KERNEL_FQ void m06100_s08 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -538,7 +522,7 @@ KERNEL_FQ void m06100_s08 (KERN_ATTR_BASIC ()) * main */ - m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_Cl, s_Ch); + m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT, s_RC); } KERNEL_FQ void m06100_s16 (KERN_ATTR_BASIC ()) diff --git a/OpenCL/m06100_a3-pure.cl b/OpenCL/m06100_a3-pure.cl index 8e4038c99..65009e433 100644 --- a/OpenCL/m06100_a3-pure.cl +++ b/OpenCL/m06100_a3-pure.cl @@ -30,36 +30,32 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_VECTOR ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -94,7 +90,7 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_VECTOR ()) whirlpool_ctx_vector_t ctx; - whirlpool_init_vector (&ctx, s_Ch, s_Cl); + whirlpool_init_vector (&ctx, s_MT, s_RC); whirlpool_update_vector (&ctx, w, pw_len); @@ -125,36 +121,32 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_VECTOR ()) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -201,7 +193,7 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_VECTOR ()) whirlpool_ctx_vector_t ctx; - whirlpool_init_vector (&ctx, s_Ch, s_Cl); + whirlpool_init_vector (&ctx, s_MT, s_RC); whirlpool_update_vector (&ctx, w, pw_len); diff --git a/OpenCL/m06231-pure.cl b/OpenCL/m06231-pure.cl index a25207ee9..1310c92f4 100644 --- a/OpenCL/m06231-pure.cl +++ b/OpenCL/m06231-pure.cl @@ -45,7 +45,7 @@ typedef struct tc_tmp } tc_tmp_t; -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -64,7 +64,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -83,7 +83,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -119,7 +119,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -138,7 +138,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); } KERNEL_FQ void m06231_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) @@ -168,36 +168,32 @@ KERNEL_FQ void m06231_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -269,7 +265,7 @@ KERNEL_FQ void m06231_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -380,36 +376,32 @@ KERNEL_FQ void m06231_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -515,7 +507,7 @@ KERNEL_FQ void m06231_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_Ch, s_Cl); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -634,36 +626,32 @@ KERNEL_FQ void m06231_comp (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif diff --git a/OpenCL/m06232-pure.cl b/OpenCL/m06232-pure.cl index 8569df4c1..2af88c987 100644 --- a/OpenCL/m06232-pure.cl +++ b/OpenCL/m06232-pure.cl @@ -45,7 +45,7 @@ typedef struct tc_tmp } tc_tmp_t; -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -64,7 +64,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -83,7 +83,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -119,7 +119,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -138,7 +138,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); } KERNEL_FQ void m06232_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) @@ -168,36 +168,32 @@ KERNEL_FQ void m06232_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -269,7 +265,7 @@ KERNEL_FQ void m06232_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -380,36 +376,32 @@ KERNEL_FQ void m06232_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -515,7 +507,7 @@ KERNEL_FQ void m06232_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_Ch, s_Cl); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -634,36 +626,32 @@ KERNEL_FQ void m06232_comp (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif diff --git a/OpenCL/m06233-pure.cl b/OpenCL/m06233-pure.cl index f996cf6f0..c6d2b1c6d 100644 --- a/OpenCL/m06233-pure.cl +++ b/OpenCL/m06233-pure.cl @@ -45,7 +45,7 @@ typedef struct tc_tmp } tc_tmp_t; -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -64,7 +64,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -83,7 +83,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -119,7 +119,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -138,7 +138,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); } KERNEL_FQ void m06233_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) @@ -168,36 +168,32 @@ KERNEL_FQ void m06233_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -269,7 +265,7 @@ KERNEL_FQ void m06233_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -380,36 +376,32 @@ KERNEL_FQ void m06233_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -515,7 +507,7 @@ KERNEL_FQ void m06233_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_Ch, s_Cl); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -634,36 +626,32 @@ KERNEL_FQ void m06233_comp (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif diff --git a/OpenCL/m13731-pure.cl b/OpenCL/m13731-pure.cl index b729f07a5..2f685c700 100644 --- a/OpenCL/m13731-pure.cl +++ b/OpenCL/m13731-pure.cl @@ -86,7 +86,7 @@ DECLSPEC int check_header_0512 (GLOBAL_AS const vc_t *esalt_bufs, GLOBAL_AS u32 return -1; } -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -105,7 +105,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -124,7 +124,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -160,7 +160,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -179,7 +179,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); } KERNEL_FQ void m13731_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) @@ -209,36 +209,32 @@ KERNEL_FQ void m13731_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -310,7 +306,7 @@ KERNEL_FQ void m13731_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -472,36 +468,32 @@ KERNEL_FQ void m13731_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -638,7 +630,7 @@ KERNEL_FQ void m13731_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_Ch, s_Cl); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -783,36 +775,32 @@ KERNEL_FQ void m13731_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif diff --git a/OpenCL/m13732-pure.cl b/OpenCL/m13732-pure.cl index 057efa707..786b98594 100644 --- a/OpenCL/m13732-pure.cl +++ b/OpenCL/m13732-pure.cl @@ -137,7 +137,7 @@ DECLSPEC int check_header_1024 (GLOBAL_AS const vc_t *esalt_bufs, GLOBAL_AS u32 return -1; } -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -156,7 +156,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -175,7 +175,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -211,7 +211,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -230,7 +230,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); } KERNEL_FQ void m13732_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) @@ -260,36 +260,32 @@ KERNEL_FQ void m13732_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -361,7 +357,7 @@ KERNEL_FQ void m13732_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -523,36 +519,32 @@ KERNEL_FQ void m13732_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -689,7 +681,7 @@ KERNEL_FQ void m13732_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_Ch, s_Cl); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -835,36 +827,32 @@ KERNEL_FQ void m13732_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif diff --git a/OpenCL/m13733-pure.cl b/OpenCL/m13733-pure.cl index 79c8767cd..77c1b0131 100644 --- a/OpenCL/m13733-pure.cl +++ b/OpenCL/m13733-pure.cl @@ -202,7 +202,7 @@ DECLSPEC int check_header_1536 (GLOBAL_AS const vc_t *esalt_bufs, GLOBAL_AS u32 return -1; } -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u32 (*s_Ch)[256], SHM_TYPE u32 (*s_Cl)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -221,7 +221,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -240,7 +240,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -276,7 +276,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); w0[0] = 0x80000000; w0[1] = 0; @@ -295,7 +295,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_Ch, s_Cl); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); } KERNEL_FQ void m13733_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) @@ -325,36 +325,32 @@ KERNEL_FQ void m13733_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -426,7 +422,7 @@ KERNEL_FQ void m13733_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_Ch, s_Cl); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -588,36 +584,32 @@ KERNEL_FQ void m13733_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif @@ -754,7 +746,7 @@ KERNEL_FQ void m13733_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_Ch, s_Cl); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -901,36 +893,32 @@ KERNEL_FQ void m13733_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u32 s_Ch[8][256]; - LOCAL_VK u32 s_Cl[8][256]; + LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { - s_Ch[0][i] = Ch[0][i]; - s_Ch[1][i] = Ch[1][i]; - s_Ch[2][i] = Ch[2][i]; - s_Ch[3][i] = Ch[3][i]; - s_Ch[4][i] = Ch[4][i]; - s_Ch[5][i] = Ch[5][i]; - s_Ch[6][i] = Ch[6][i]; - s_Ch[7][i] = Ch[7][i]; + s_MT[0][i] = MT[0][i]; + s_MT[1][i] = MT[1][i]; + s_MT[2][i] = MT[2][i]; + s_MT[3][i] = MT[3][i]; + s_MT[4][i] = MT[4][i]; + s_MT[5][i] = MT[5][i]; + s_MT[6][i] = MT[6][i]; + s_MT[7][i] = MT[7][i]; + } - s_Cl[0][i] = Cl[0][i]; - s_Cl[1][i] = Cl[1][i]; - s_Cl[2][i] = Cl[2][i]; - s_Cl[3][i] = Cl[3][i]; - s_Cl[4][i] = Cl[4][i]; - s_Cl[5][i] = Cl[5][i]; - s_Cl[6][i] = Cl[6][i]; - s_Cl[7][i] = Cl[7][i]; + for (u32 i = lid; i < 16; i += lsz) + { + s_RC[i] = RC[i]; } SYNC_THREADS (); #else - CONSTANT_AS u32a (*s_Ch)[256] = Ch; - CONSTANT_AS u32a (*s_Cl)[256] = Cl; + CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_RC = RC; #endif diff --git a/src/modules/module_06100.c b/src/modules/module_06100.c index 2daba037c..d50c226fb 100644 --- a/src/modules/module_06100.c +++ b/src/modules/module_06100.c @@ -41,26 +41,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - return false; -} - -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -226,7 +206,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; @@ -253,6 +233,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } From 525f8af200e4334dfa1147e0103a80fcdd8df95c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 3 Feb 2020 15:51:08 +0100 Subject: [PATCH 196/300] Add v8x_from_v64_x to inc_common.cl --- OpenCL/inc_common.cl | 384 +++++++++++++++++++++++++++++++++++ OpenCL/inc_common.h | 18 ++ OpenCL/inc_hash_whirlpool.cl | 64 +++--- tools/benchmark_deep.pl | 2 +- 4 files changed, 435 insertions(+), 33 deletions(-) diff --git a/OpenCL/inc_common.cl b/OpenCL/inc_common.cl index a6dfc71c4..e407e02c2 100644 --- a/OpenCL/inc_common.cl +++ b/OpenCL/inc_common.cl @@ -48,6 +48,390 @@ DECLSPEC u8 v8d_from_v32_S (const u32 v32) return v.v8.d; } +DECLSPEC u8 v8a_from_v64_S (const u64 v64) +{ + vconv64_t v; + + v.v64 = v64; + + return v.v8.a; +} + +DECLSPEC u8 v8b_from_v64_S (const u64 v64) +{ + vconv64_t v; + + v.v64 = v64; + + return v.v8.b; +} + +DECLSPEC u8 v8c_from_v64_S (const u64 v64) +{ + vconv64_t v; + + v.v64 = v64; + + return v.v8.c; +} + +DECLSPEC u8 v8d_from_v64_S (const u64 v64) +{ + vconv64_t v; + + v.v64 = v64; + + return v.v8.d; +} + +DECLSPEC u8 v8e_from_v64_S (const u64 v64) +{ + vconv64_t v; + + v.v64 = v64; + + return v.v8.e; +} + +DECLSPEC u8 v8f_from_v64_S (const u64 v64) +{ + vconv64_t v; + + v.v64 = v64; + + return v.v8.f; +} + +DECLSPEC u8 v8g_from_v64_S (const u64 v64) +{ + vconv64_t v; + + v.v64 = v64; + + return v.v8.g; +} + +DECLSPEC u8 v8h_from_v64_S (const u64 v64) +{ + vconv64_t v; + + v.v64 = v64; + + return v.v8.h; +} + +DECLSPEC u8x v8a_from_v64 (u64x a) +{ + u8x r = 0; + + #if VECT_SIZE == 1 + r = v8a_from_v64_S (a); + #endif + + #if VECT_SIZE >= 2 + r.s0 = v8a_from_v64_S (a.s0); + r.s1 = v8a_from_v64_S (a.s1); + #endif + + #if VECT_SIZE >= 4 + r.s2 = v8a_from_v64_S (a.s2); + r.s3 = v8a_from_v64_S (a.s3); + #endif + + #if VECT_SIZE >= 8 + r.s4 = v8a_from_v64_S (a.s4); + r.s5 = v8a_from_v64_S (a.s5); + r.s6 = v8a_from_v64_S (a.s6); + r.s7 = v8a_from_v64_S (a.s7); + #endif + + #if VECT_SIZE >= 16 + r.s8 = v8a_from_v64_S (a.s8); + r.s9 = v8a_from_v64_S (a.s9); + r.sa = v8a_from_v64_S (a.sa); + r.sb = v8a_from_v64_S (a.sb); + r.sc = v8a_from_v64_S (a.sc); + r.sd = v8a_from_v64_S (a.sd); + r.se = v8a_from_v64_S (a.se); + r.sf = v8a_from_v64_S (a.sf); + #endif + + return r; +} + +DECLSPEC u8x v8b_from_v64 (u64x a) +{ + u8x r = 0; + + #if VECT_SIZE == 1 + r = v8b_from_v64_S (a); + #endif + + #if VECT_SIZE >= 2 + r.s0 = v8b_from_v64_S (a.s0); + r.s1 = v8b_from_v64_S (a.s1); + #endif + + #if VECT_SIZE >= 4 + r.s2 = v8b_from_v64_S (a.s2); + r.s3 = v8b_from_v64_S (a.s3); + #endif + + #if VECT_SIZE >= 8 + r.s4 = v8b_from_v64_S (a.s4); + r.s5 = v8b_from_v64_S (a.s5); + r.s6 = v8b_from_v64_S (a.s6); + r.s7 = v8b_from_v64_S (a.s7); + #endif + + #if VECT_SIZE >= 16 + r.s8 = v8b_from_v64_S (a.s8); + r.s9 = v8b_from_v64_S (a.s9); + r.sa = v8b_from_v64_S (a.sa); + r.sb = v8b_from_v64_S (a.sb); + r.sc = v8b_from_v64_S (a.sc); + r.sd = v8b_from_v64_S (a.sd); + r.se = v8b_from_v64_S (a.se); + r.sf = v8b_from_v64_S (a.sf); + #endif + + return r; +} + +DECLSPEC u8x v8c_from_v64 (u64x a) +{ + u8x r = 0; + + #if VECT_SIZE == 1 + r = v8c_from_v64_S (a); + #endif + + #if VECT_SIZE >= 2 + r.s0 = v8c_from_v64_S (a.s0); + r.s1 = v8c_from_v64_S (a.s1); + #endif + + #if VECT_SIZE >= 4 + r.s2 = v8c_from_v64_S (a.s2); + r.s3 = v8c_from_v64_S (a.s3); + #endif + + #if VECT_SIZE >= 8 + r.s4 = v8c_from_v64_S (a.s4); + r.s5 = v8c_from_v64_S (a.s5); + r.s6 = v8c_from_v64_S (a.s6); + r.s7 = v8c_from_v64_S (a.s7); + #endif + + #if VECT_SIZE >= 16 + r.s8 = v8c_from_v64_S (a.s8); + r.s9 = v8c_from_v64_S (a.s9); + r.sa = v8c_from_v64_S (a.sa); + r.sb = v8c_from_v64_S (a.sb); + r.sc = v8c_from_v64_S (a.sc); + r.sd = v8c_from_v64_S (a.sd); + r.se = v8c_from_v64_S (a.se); + r.sf = v8c_from_v64_S (a.sf); + #endif + + return r; +} + +DECLSPEC u8x v8d_from_v64 (u64x a) +{ + u8x r = 0; + + #if VECT_SIZE == 1 + r = v8d_from_v64_S (a); + #endif + + #if VECT_SIZE >= 2 + r.s0 = v8d_from_v64_S (a.s0); + r.s1 = v8d_from_v64_S (a.s1); + #endif + + #if VECT_SIZE >= 4 + r.s2 = v8d_from_v64_S (a.s2); + r.s3 = v8d_from_v64_S (a.s3); + #endif + + #if VECT_SIZE >= 8 + r.s4 = v8d_from_v64_S (a.s4); + r.s5 = v8d_from_v64_S (a.s5); + r.s6 = v8d_from_v64_S (a.s6); + r.s7 = v8d_from_v64_S (a.s7); + #endif + + #if VECT_SIZE >= 16 + r.s8 = v8d_from_v64_S (a.s8); + r.s9 = v8d_from_v64_S (a.s9); + r.sa = v8d_from_v64_S (a.sa); + r.sb = v8d_from_v64_S (a.sb); + r.sc = v8d_from_v64_S (a.sc); + r.sd = v8d_from_v64_S (a.sd); + r.se = v8d_from_v64_S (a.se); + r.sf = v8d_from_v64_S (a.sf); + #endif + + return r; +} + +DECLSPEC u8x v8e_from_v64 (u64x a) +{ + u8x r = 0; + + #if VECT_SIZE == 1 + r = v8e_from_v64_S (a); + #endif + + #if VECT_SIZE >= 2 + r.s0 = v8e_from_v64_S (a.s0); + r.s1 = v8e_from_v64_S (a.s1); + #endif + + #if VECT_SIZE >= 4 + r.s2 = v8e_from_v64_S (a.s2); + r.s3 = v8e_from_v64_S (a.s3); + #endif + + #if VECT_SIZE >= 8 + r.s4 = v8e_from_v64_S (a.s4); + r.s5 = v8e_from_v64_S (a.s5); + r.s6 = v8e_from_v64_S (a.s6); + r.s7 = v8e_from_v64_S (a.s7); + #endif + + #if VECT_SIZE >= 16 + r.s8 = v8e_from_v64_S (a.s8); + r.s9 = v8e_from_v64_S (a.s9); + r.sa = v8e_from_v64_S (a.sa); + r.sb = v8e_from_v64_S (a.sb); + r.sc = v8e_from_v64_S (a.sc); + r.sd = v8e_from_v64_S (a.sd); + r.se = v8e_from_v64_S (a.se); + r.sf = v8e_from_v64_S (a.sf); + #endif + + return r; +} + +DECLSPEC u8x v8f_from_v64 (u64x a) +{ + u8x r = 0; + + #if VECT_SIZE == 1 + r = v8f_from_v64_S (a); + #endif + + #if VECT_SIZE >= 2 + r.s0 = v8f_from_v64_S (a.s0); + r.s1 = v8f_from_v64_S (a.s1); + #endif + + #if VECT_SIZE >= 4 + r.s2 = v8f_from_v64_S (a.s2); + r.s3 = v8f_from_v64_S (a.s3); + #endif + + #if VECT_SIZE >= 8 + r.s4 = v8f_from_v64_S (a.s4); + r.s5 = v8f_from_v64_S (a.s5); + r.s6 = v8f_from_v64_S (a.s6); + r.s7 = v8f_from_v64_S (a.s7); + #endif + + #if VECT_SIZE >= 16 + r.s8 = v8f_from_v64_S (a.s8); + r.s9 = v8f_from_v64_S (a.s9); + r.sa = v8f_from_v64_S (a.sa); + r.sb = v8f_from_v64_S (a.sb); + r.sc = v8f_from_v64_S (a.sc); + r.sd = v8f_from_v64_S (a.sd); + r.se = v8f_from_v64_S (a.se); + r.sf = v8f_from_v64_S (a.sf); + #endif + + return r; +} + +DECLSPEC u8x v8g_from_v64 (u64x a) +{ + u8x r = 0; + + #if VECT_SIZE == 1 + r = v8g_from_v64_S (a); + #endif + + #if VECT_SIZE >= 2 + r.s0 = v8g_from_v64_S (a.s0); + r.s1 = v8g_from_v64_S (a.s1); + #endif + + #if VECT_SIZE >= 4 + r.s2 = v8g_from_v64_S (a.s2); + r.s3 = v8g_from_v64_S (a.s3); + #endif + + #if VECT_SIZE >= 8 + r.s4 = v8g_from_v64_S (a.s4); + r.s5 = v8g_from_v64_S (a.s5); + r.s6 = v8g_from_v64_S (a.s6); + r.s7 = v8g_from_v64_S (a.s7); + #endif + + #if VECT_SIZE >= 16 + r.s8 = v8g_from_v64_S (a.s8); + r.s9 = v8g_from_v64_S (a.s9); + r.sa = v8g_from_v64_S (a.sa); + r.sb = v8g_from_v64_S (a.sb); + r.sc = v8g_from_v64_S (a.sc); + r.sd = v8g_from_v64_S (a.sd); + r.se = v8g_from_v64_S (a.se); + r.sf = v8g_from_v64_S (a.sf); + #endif + + return r; +} + +DECLSPEC u8x v8h_from_v64 (u64x a) +{ + u8x r = 0; + + #if VECT_SIZE == 1 + r = v8h_from_v64_S (a); + #endif + + #if VECT_SIZE >= 2 + r.s0 = v8h_from_v64_S (a.s0); + r.s1 = v8h_from_v64_S (a.s1); + #endif + + #if VECT_SIZE >= 4 + r.s2 = v8h_from_v64_S (a.s2); + r.s3 = v8h_from_v64_S (a.s3); + #endif + + #if VECT_SIZE >= 8 + r.s4 = v8h_from_v64_S (a.s4); + r.s5 = v8h_from_v64_S (a.s5); + r.s6 = v8h_from_v64_S (a.s6); + r.s7 = v8h_from_v64_S (a.s7); + #endif + + #if VECT_SIZE >= 16 + r.s8 = v8h_from_v64_S (a.s8); + r.s9 = v8h_from_v64_S (a.s9); + r.sa = v8h_from_v64_S (a.sa); + r.sb = v8h_from_v64_S (a.sb); + r.sc = v8h_from_v64_S (a.sc); + r.sd = v8h_from_v64_S (a.sd); + r.se = v8h_from_v64_S (a.se); + r.sf = v8h_from_v64_S (a.sf); + #endif + + return r; +} + DECLSPEC u16 v16a_from_v32_S (const u32 v32) { vconv32_t v; diff --git a/OpenCL/inc_common.h b/OpenCL/inc_common.h index 7119ccf5e..8715ae75e 100644 --- a/OpenCL/inc_common.h +++ b/OpenCL/inc_common.h @@ -142,6 +142,24 @@ DECLSPEC u8 v8b_from_v32_S (const u32 v32); DECLSPEC u8 v8c_from_v32_S (const u32 v32); DECLSPEC u8 v8d_from_v32_S (const u32 v32); +DECLSPEC u8 v8a_from_v64_S (const u64 v64); +DECLSPEC u8 v8b_from_v64_S (const u64 v64); +DECLSPEC u8 v8c_from_v64_S (const u64 v64); +DECLSPEC u8 v8d_from_v64_S (const u64 v64); +DECLSPEC u8 v8e_from_v64_S (const u64 v64); +DECLSPEC u8 v8f_from_v64_S (const u64 v64); +DECLSPEC u8 v8g_from_v64_S (const u64 v64); +DECLSPEC u8 v8h_from_v64_S (const u64 v64); + +DECLSPEC u8x v8a_from_v64 (const u64x v64); +DECLSPEC u8x v8b_from_v64 (const u64x v64); +DECLSPEC u8x v8c_from_v64 (const u64x v64); +DECLSPEC u8x v8d_from_v64 (const u64x v64); +DECLSPEC u8x v8e_from_v64 (const u64x v64); +DECLSPEC u8x v8f_from_v64 (const u64x v64); +DECLSPEC u8x v8g_from_v64 (const u64x v64); +DECLSPEC u8x v8h_from_v64 (const u64x v64); + DECLSPEC u16 v16a_from_v32_S (const u32 v32); DECLSPEC u16 v16b_from_v32_S (const u32 v32); diff --git a/OpenCL/inc_hash_whirlpool.cl b/OpenCL/inc_hash_whirlpool.cl index e77734a4e..2cd08dd91 100644 --- a/OpenCL/inc_hash_whirlpool.cl +++ b/OpenCL/inc_hash_whirlpool.cl @@ -615,14 +615,14 @@ DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, #endif for (int i = 0; i < 8; i++) { - const u8 Lp0 = K[(i + 8) & 7] >> 56; - const u8 Lp1 = K[(i + 7) & 7] >> 48; - const u8 Lp2 = K[(i + 6) & 7] >> 40; - const u8 Lp3 = K[(i + 5) & 7] >> 32; - const u8 Lp4 = K[(i + 4) & 7] >> 24; - const u8 Lp5 = K[(i + 3) & 7] >> 16; - const u8 Lp6 = K[(i + 2) & 7] >> 8; - const u8 Lp7 = K[(i + 1) & 7] >> 0; + const u8 Lp0 = v8h_from_v64_S (K[(i + 8) & 7]); + const u8 Lp1 = v8g_from_v64_S (K[(i + 7) & 7]); + const u8 Lp2 = v8f_from_v64_S (K[(i + 6) & 7]); + const u8 Lp3 = v8e_from_v64_S (K[(i + 5) & 7]); + const u8 Lp4 = v8d_from_v64_S (K[(i + 4) & 7]); + const u8 Lp5 = v8c_from_v64_S (K[(i + 3) & 7]); + const u8 Lp6 = v8b_from_v64_S (K[(i + 2) & 7]); + const u8 Lp7 = v8a_from_v64_S (K[(i + 1) & 7]); const u64 X0 = BOX64_S (s_MT, 0, Lp0); const u64 X1 = BOX64_S (s_MT, 1, Lp1); @@ -659,14 +659,14 @@ DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, #endif for (int i = 0; i < 8; i++) { - const u8 Lp0 = state[(i + 8) & 7] >> 56; - const u8 Lp1 = state[(i + 7) & 7] >> 48; - const u8 Lp2 = state[(i + 6) & 7] >> 40; - const u8 Lp3 = state[(i + 5) & 7] >> 32; - const u8 Lp4 = state[(i + 4) & 7] >> 24; - const u8 Lp5 = state[(i + 3) & 7] >> 16; - const u8 Lp6 = state[(i + 2) & 7] >> 8; - const u8 Lp7 = state[(i + 1) & 7] >> 0; + const u8 Lp0 = v8h_from_v64_S (state[(i + 8) & 7]); + const u8 Lp1 = v8g_from_v64_S (state[(i + 7) & 7]); + const u8 Lp2 = v8f_from_v64_S (state[(i + 6) & 7]); + const u8 Lp3 = v8e_from_v64_S (state[(i + 5) & 7]); + const u8 Lp4 = v8d_from_v64_S (state[(i + 4) & 7]); + const u8 Lp5 = v8c_from_v64_S (state[(i + 3) & 7]); + const u8 Lp6 = v8b_from_v64_S (state[(i + 2) & 7]); + const u8 Lp7 = v8a_from_v64_S (state[(i + 1) & 7]); const u64 X0 = BOX64_S (s_MT, 0, Lp0); const u64 X1 = BOX64_S (s_MT, 1, Lp1); @@ -1861,14 +1861,14 @@ DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const #endif for (int i = 0; i < 8; i++) { - const u8x Lp0 = K[(i + 8) & 7] >> 56; - const u8x Lp1 = K[(i + 7) & 7] >> 48; - const u8x Lp2 = K[(i + 6) & 7] >> 40; - const u8x Lp3 = K[(i + 5) & 7] >> 32; - const u8x Lp4 = K[(i + 4) & 7] >> 24; - const u8x Lp5 = K[(i + 3) & 7] >> 16; - const u8x Lp6 = K[(i + 2) & 7] >> 8; - const u8x Lp7 = K[(i + 1) & 7] >> 0; + const u8x Lp0 = v8h_from_v64 (K[(i + 8) & 7]); + const u8x Lp1 = v8g_from_v64 (K[(i + 7) & 7]); + const u8x Lp2 = v8f_from_v64 (K[(i + 6) & 7]); + const u8x Lp3 = v8e_from_v64 (K[(i + 5) & 7]); + const u8x Lp4 = v8d_from_v64 (K[(i + 4) & 7]); + const u8x Lp5 = v8c_from_v64 (K[(i + 3) & 7]); + const u8x Lp6 = v8b_from_v64 (K[(i + 2) & 7]); + const u8x Lp7 = v8a_from_v64 (K[(i + 1) & 7]); const u64x X0 = BOX64 (s_MT, 0, Lp0); const u64x X1 = BOX64 (s_MT, 1, Lp1); @@ -1905,14 +1905,14 @@ DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const #endif for (int i = 0; i < 8; i++) { - const u8x Lp0 = state[(i + 8) & 7] >> 56; - const u8x Lp1 = state[(i + 7) & 7] >> 48; - const u8x Lp2 = state[(i + 6) & 7] >> 40; - const u8x Lp3 = state[(i + 5) & 7] >> 32; - const u8x Lp4 = state[(i + 4) & 7] >> 24; - const u8x Lp5 = state[(i + 3) & 7] >> 16; - const u8x Lp6 = state[(i + 2) & 7] >> 8; - const u8x Lp7 = state[(i + 1) & 7] >> 0; + const u8x Lp0 = v8h_from_v64 (state[(i + 8) & 7]); + const u8x Lp1 = v8g_from_v64 (state[(i + 7) & 7]); + const u8x Lp2 = v8f_from_v64 (state[(i + 6) & 7]); + const u8x Lp3 = v8e_from_v64 (state[(i + 5) & 7]); + const u8x Lp4 = v8d_from_v64 (state[(i + 4) & 7]); + const u8x Lp5 = v8c_from_v64 (state[(i + 3) & 7]); + const u8x Lp6 = v8b_from_v64 (state[(i + 2) & 7]); + const u8x Lp7 = v8a_from_v64 (state[(i + 1) & 7]); const u64x X0 = BOX64 (s_MT, 0, Lp0); const u64x X1 = BOX64 (s_MT, 1, Lp1); diff --git a/tools/benchmark_deep.pl b/tools/benchmark_deep.pl index ee562403b..01e898839 100755 --- a/tools/benchmark_deep.pl +++ b/tools/benchmark_deep.pl @@ -16,7 +16,7 @@ my $default_mask = "?b?b?b?b?b?b?b"; my $result = "result.txt"; my $old_hashcat = 0; # requires to have ran with new hashcat before to create the hashfiles my $repeats = 1; -my $cpu_benchmark = 0; +my $cpu_benchmark = 1; print "\nHardware preparations... You may need to adjust some settings and probably can ignore some of the error\n\n"; From 02466bf40436bb74eea13d65077574eb53e25aa8 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 4 Feb 2020 12:44:54 +0100 Subject: [PATCH 197/300] Add pure kernel for rar3-hp to support passwords with more than 20 characters --- OpenCL/m12500-optimized.cl | 500 +++++++++++++++++++++++++++++++++++++ OpenCL/m12500-pure.cl | 488 ++++++++++++++++-------------------- 2 files changed, 712 insertions(+), 276 deletions(-) create mode 100644 OpenCL/m12500-optimized.cl diff --git a/OpenCL/m12500-optimized.cl b/OpenCL/m12500-optimized.cl new file mode 100644 index 000000000..dbcd97121 --- /dev/null +++ b/OpenCL/m12500-optimized.cl @@ -0,0 +1,500 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_hash_sha1.cl" +#include "inc_cipher_aes.cl" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +#define ROUNDS 0x40000 + +#define PUTCHAR(a,p,c) ((u8 *)(a))[(p)] = (u8) (c) +#define GETCHAR(a,p) ((u8 *)(a))[(p)] + +#define PUTCHAR_BE(a,p,c) ((u8 *)(a))[(p) ^ 3] = (u8) (c) +#define GETCHAR_BE(a,p) ((u8 *)(a))[(p) ^ 3] + +#define MIN(a,b) (((a) < (b)) ? (a) : (b)) + +typedef struct pbkdf2_sha1 +{ + u32 salt_buf[64]; + +} pbkdf2_sha1_t; + +typedef struct rar3_tmp +{ + u32 dgst[17][5]; + +} rar3_tmp_t; + +DECLSPEC void sha1_transform_intern (const u32 *w, u32 *digest) +{ + u32 A = digest[0]; + u32 B = digest[1]; + u32 C = digest[2]; + u32 D = digest[3]; + u32 E = digest[4]; + + u32 w0_t = w[ 0]; + u32 w1_t = w[ 1]; + u32 w2_t = w[ 2]; + u32 w3_t = w[ 3]; + u32 w4_t = w[ 4]; + u32 w5_t = w[ 5]; + u32 w6_t = w[ 6]; + u32 w7_t = w[ 7]; + u32 w8_t = w[ 8]; + u32 w9_t = w[ 9]; + u32 wa_t = w[10]; + u32 wb_t = w[11]; + u32 wc_t = w[12]; + u32 wd_t = w[13]; + u32 we_t = w[14]; + u32 wf_t = w[15]; + + #undef K + #define K SHA1C00 + + SHA1_STEP (SHA1_F0o, A, B, C, D, E, w0_t); + SHA1_STEP (SHA1_F0o, E, A, B, C, D, w1_t); + SHA1_STEP (SHA1_F0o, D, E, A, B, C, w2_t); + SHA1_STEP (SHA1_F0o, C, D, E, A, B, w3_t); + SHA1_STEP (SHA1_F0o, B, C, D, E, A, w4_t); + SHA1_STEP (SHA1_F0o, A, B, C, D, E, w5_t); + SHA1_STEP (SHA1_F0o, E, A, B, C, D, w6_t); + SHA1_STEP (SHA1_F0o, D, E, A, B, C, w7_t); + SHA1_STEP (SHA1_F0o, C, D, E, A, B, w8_t); + SHA1_STEP (SHA1_F0o, B, C, D, E, A, w9_t); + SHA1_STEP (SHA1_F0o, A, B, C, D, E, wa_t); + SHA1_STEP (SHA1_F0o, E, A, B, C, D, wb_t); + SHA1_STEP (SHA1_F0o, D, E, A, B, C, wc_t); + SHA1_STEP (SHA1_F0o, C, D, E, A, B, wd_t); + SHA1_STEP (SHA1_F0o, B, C, D, E, A, we_t); + SHA1_STEP (SHA1_F0o, A, B, C, D, E, wf_t); + w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F0o, E, A, B, C, D, w0_t); + w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F0o, D, E, A, B, C, w1_t); + w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F0o, C, D, E, A, B, w2_t); + w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F0o, B, C, D, E, A, w3_t); + + #undef K + #define K SHA1C01 + + w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w4_t); + w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w5_t); + w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w6_t); + w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w7_t); + w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w8_t); + w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w9_t); + wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wa_t); + wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wb_t); + wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wc_t); + wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wd_t); + we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, we_t); + wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wf_t); + w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w0_t); + w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w1_t); + w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w2_t); + w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w3_t); + w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w4_t); + w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w5_t); + w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w6_t); + w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w7_t); + + #undef K + #define K SHA1C02 + + w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w8_t); + w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w9_t); + wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wa_t); + wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wb_t); + wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wc_t); + wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, wd_t); + we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, we_t); + wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wf_t); + w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w0_t); + w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w1_t); + w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w2_t); + w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w3_t); + w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w4_t); + w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w5_t); + w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w6_t); + w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w7_t); + w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w8_t); + w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w9_t); + wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wa_t); + wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wb_t); + + #undef K + #define K SHA1C03 + + wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wc_t); + wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wd_t); + we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, we_t); + wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wf_t); + w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w0_t); + w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w1_t); + w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w2_t); + w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w3_t); + w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w4_t); + w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w5_t); + w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w6_t); + w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w7_t); + w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w8_t); + w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w9_t); + wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wa_t); + wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wb_t); + wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wc_t); + wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wd_t); + we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, we_t); + wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wf_t); + + digest[0] += A; + digest[1] += B; + digest[2] += C; + digest[3] += D; + digest[4] += E; +} + +KERNEL_FQ void m12500_init (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + tmps[gid].dgst[0][0] = SHA1M_A; + tmps[gid].dgst[0][1] = SHA1M_B; + tmps[gid].dgst[0][2] = SHA1M_C; + tmps[gid].dgst[0][3] = SHA1M_D; + tmps[gid].dgst[0][4] = SHA1M_E; +} + +KERNEL_FQ void m12500_loop (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 pw_buf[5]; + + pw_buf[0] = pws[gid].i[0]; + pw_buf[1] = pws[gid].i[1]; + pw_buf[2] = pws[gid].i[2]; + pw_buf[3] = pws[gid].i[3]; + pw_buf[4] = pws[gid].i[4]; + + const u32 pw_len = MIN (pws[gid].pw_len, 20); + + u32 salt_buf[2]; + + salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; + + const u32 salt_len = 8; + + // this is large enough to hold all possible w[] arrays for 64 iterations + + #define LARGEBLOCK_ELEMS ((40 + 8 + 3) * 16) + + u32 largeblock[LARGEBLOCK_ELEMS]; + + for (u32 i = 0; i < LARGEBLOCK_ELEMS; i++) largeblock[i] = 0; + + for (u32 i = 0, p = 0; i < 64; i++) + { + for (u32 j = 0; j < pw_len; j++, p += 2) + { + PUTCHAR_BE (largeblock, p, GETCHAR (pw_buf, j)); + } + + for (u32 j = 0; j < salt_len; j++, p += 1) + { + PUTCHAR_BE (largeblock, p, GETCHAR (salt_buf, j)); + } + + PUTCHAR_BE (largeblock, p + 2, (loop_pos >> 16) & 0xff); + + p += 3; + } + + const u32 p3 = (pw_len * 2) + salt_len + 3; + + const u32 init_pos = loop_pos / (ROUNDS / 16); + + u32 dgst[5]; + + dgst[0] = tmps[gid].dgst[init_pos][0]; + dgst[1] = tmps[gid].dgst[init_pos][1]; + dgst[2] = tmps[gid].dgst[init_pos][2]; + dgst[3] = tmps[gid].dgst[init_pos][3]; + dgst[4] = tmps[gid].dgst[init_pos][4]; + + u32 iter = loop_pos; + + for (u32 i = 0; i < 256; i += 4) + { + for (u32 j = 0; j < 64; j++) + { + const u32 p = ((j + 1) * p3) - 2; + + PUTCHAR_BE (largeblock, p, iter >> 8); + } + + for (u32 k = 0; k < 4; k++) + { + for (u32 j = 0; j < 64; j++) + { + const u32 p = ((j + 1) * p3) - 3; + + PUTCHAR_BE (largeblock, p, iter >> 0); + + iter++; + } + + for (u32 j = 0; j < p3; j++) + { + const u32 j16 = j * 16; + + sha1_transform_intern (&largeblock[j16], dgst); + } + } + } + + tmps[gid].dgst[init_pos + 1][0] = dgst[0]; + tmps[gid].dgst[init_pos + 1][1] = dgst[1]; + tmps[gid].dgst[init_pos + 1][2] = dgst[2]; + tmps[gid].dgst[init_pos + 1][3] = dgst[3]; + tmps[gid].dgst[init_pos + 1][4] = dgst[4]; +} + +KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * base + */ + + const u32 pw_len = MIN (pws[gid].pw_len, 20); + + const u32 salt_len = 8; + + const u32 p3 = (pw_len * 2) + salt_len + 3; + + u32 w_buf[16]; + + w_buf[ 0] = 0x80000000; + w_buf[ 1] = 0; + w_buf[ 2] = 0; + w_buf[ 3] = 0; + w_buf[ 4] = 0; + w_buf[ 5] = 0; + w_buf[ 6] = 0; + w_buf[ 7] = 0; + w_buf[ 8] = 0; + w_buf[ 9] = 0; + w_buf[10] = 0; + w_buf[11] = 0; + w_buf[12] = 0; + w_buf[13] = 0; + w_buf[14] = 0; + w_buf[15] = (p3 * ROUNDS) * 8; + + u32 dgst[5]; + + dgst[0] = tmps[gid].dgst[16][0]; + dgst[1] = tmps[gid].dgst[16][1]; + dgst[2] = tmps[gid].dgst[16][2]; + dgst[3] = tmps[gid].dgst[16][3]; + dgst[4] = tmps[gid].dgst[16][4]; + + sha1_transform_intern (w_buf, dgst); + + u32 ukey[4]; + + ukey[0] = hc_swap32_S (dgst[0]); + ukey[1] = hc_swap32_S (dgst[1]); + ukey[2] = hc_swap32_S (dgst[2]); + ukey[3] = hc_swap32_S (dgst[3]); + + u32 ks[44]; + + AES128_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 data[4]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + + u32 out[4]; + + AES128_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + u32 iv[4]; + + iv[0] = 0; + iv[1] = 0; + iv[2] = 0; + iv[3] = 0; + + for (int i = 0; i < 16; i++) + { + u32 pw_buf[5]; + + pw_buf[0] = pws[gid].i[0]; + pw_buf[1] = pws[gid].i[1]; + pw_buf[2] = pws[gid].i[2]; + pw_buf[3] = pws[gid].i[3]; + pw_buf[4] = pws[gid].i[4]; + + //const u32 pw_len = pws[gid].pw_len; + + u32 salt_buf[2]; + + salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; + + //const u32 salt_len = 8; + + //const u32 p3 = (pw_len * 2) + salt_len + 3; + + u32 w[16]; + + w[ 0] = 0; + w[ 1] = 0; + w[ 2] = 0; + w[ 3] = 0; + w[ 4] = 0; + w[ 5] = 0; + w[ 6] = 0; + w[ 7] = 0; + w[ 8] = 0; + w[ 9] = 0; + w[10] = 0; + w[11] = 0; + w[12] = 0; + w[13] = 0; + w[14] = 0; + w[15] = 0; + + u32 p = 0; + + for (u32 j = 0; j < pw_len; j++, p += 2) + { + PUTCHAR_BE (w, p, GETCHAR (pw_buf, j)); + } + + for (u32 j = 0; j < salt_len; j++, p += 1) + { + PUTCHAR_BE (w, p, GETCHAR (salt_buf, j)); + } + + const u32 iter_pos = i * (ROUNDS / 16); + + PUTCHAR_BE (w, p + 0, (iter_pos >> 0) & 0xff); + PUTCHAR_BE (w, p + 1, (iter_pos >> 8) & 0xff); + PUTCHAR_BE (w, p + 2, (iter_pos >> 16) & 0xff); + + PUTCHAR_BE (w, p3, 0x80); + + w[15] = ((iter_pos + 1) * p3) * 8; + + u32 dgst[5]; + + dgst[0] = tmps[gid].dgst[i][0]; + dgst[1] = tmps[gid].dgst[i][1]; + dgst[2] = tmps[gid].dgst[i][2]; + dgst[3] = tmps[gid].dgst[i][3]; + dgst[4] = tmps[gid].dgst[i][4]; + + sha1_transform_intern (w, dgst); + + PUTCHAR (iv, i, dgst[4] & 0xff); + } + + out[0] ^= hc_swap32_S (iv[0]); + out[1] ^= hc_swap32_S (iv[1]); + out[2] ^= hc_swap32_S (iv[2]); + out[3] ^= hc_swap32_S (iv[3]); + + const u32 r0 = out[0]; + const u32 r1 = out[1]; + const u32 r2 = 0; + const u32 r3 = 0; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} diff --git a/OpenCL/m12500-pure.cl b/OpenCL/m12500-pure.cl index dbcd97121..93a48186d 100644 --- a/OpenCL/m12500-pure.cl +++ b/OpenCL/m12500-pure.cl @@ -37,132 +37,105 @@ typedef struct rar3_tmp } rar3_tmp_t; -DECLSPEC void sha1_transform_intern (const u32 *w, u32 *digest) +DECLSPEC void memcat8c_be (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 len, const u32 append, u32 *digest) { - u32 A = digest[0]; - u32 B = digest[1]; - u32 C = digest[2]; - u32 D = digest[3]; - u32 E = digest[4]; + const u32 func_len = len & 63; - u32 w0_t = w[ 0]; - u32 w1_t = w[ 1]; - u32 w2_t = w[ 2]; - u32 w3_t = w[ 3]; - u32 w4_t = w[ 4]; - u32 w5_t = w[ 5]; - u32 w6_t = w[ 6]; - u32 w7_t = w[ 7]; - u32 w8_t = w[ 8]; - u32 w9_t = w[ 9]; - u32 wa_t = w[10]; - u32 wb_t = w[11]; - u32 wc_t = w[12]; - u32 wd_t = w[13]; - u32 we_t = w[14]; - u32 wf_t = w[15]; + //const u32 mod = func_len & 3; + const u32 div = func_len / 4; - #undef K - #define K SHA1C00 + u32 tmp0; + u32 tmp1; - SHA1_STEP (SHA1_F0o, A, B, C, D, E, w0_t); - SHA1_STEP (SHA1_F0o, E, A, B, C, D, w1_t); - SHA1_STEP (SHA1_F0o, D, E, A, B, C, w2_t); - SHA1_STEP (SHA1_F0o, C, D, E, A, B, w3_t); - SHA1_STEP (SHA1_F0o, B, C, D, E, A, w4_t); - SHA1_STEP (SHA1_F0o, A, B, C, D, E, w5_t); - SHA1_STEP (SHA1_F0o, E, A, B, C, D, w6_t); - SHA1_STEP (SHA1_F0o, D, E, A, B, C, w7_t); - SHA1_STEP (SHA1_F0o, C, D, E, A, B, w8_t); - SHA1_STEP (SHA1_F0o, B, C, D, E, A, w9_t); - SHA1_STEP (SHA1_F0o, A, B, C, D, E, wa_t); - SHA1_STEP (SHA1_F0o, E, A, B, C, D, wb_t); - SHA1_STEP (SHA1_F0o, D, E, A, B, C, wc_t); - SHA1_STEP (SHA1_F0o, C, D, E, A, B, wd_t); - SHA1_STEP (SHA1_F0o, B, C, D, E, A, we_t); - SHA1_STEP (SHA1_F0o, A, B, C, D, E, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F0o, E, A, B, C, D, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F0o, D, E, A, B, C, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F0o, C, D, E, A, B, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F0o, B, C, D, E, A, w3_t); + #if defined IS_AMD || defined IS_GENERIC + tmp0 = hc_bytealign_be (0, append, func_len); + tmp1 = hc_bytealign_be (append, 0, func_len); + #endif - #undef K - #define K SHA1C01 + #ifdef IS_NV + const int selector = (0x76543210 >> ((func_len & 3) * 4)) & 0xffff; - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w7_t); - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wb_t); - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w3_t); - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w7_t); + tmp0 = hc_byte_perm (append, 0, selector); + tmp1 = hc_byte_perm (0, append, selector); + #endif - #undef K - #define K SHA1C02 + u32 carry = 0; - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wb_t); - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w3_t); - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w7_t); - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wb_t); + switch (div) + { + case 0: w0[0] |= tmp0; + w0[1] = tmp1; + break; + case 1: w0[1] |= tmp0; + w0[2] = tmp1; + break; + case 2: w0[2] |= tmp0; + w0[3] = tmp1; + break; + case 3: w0[3] |= tmp0; + w1[0] = tmp1; + break; + case 4: w1[0] |= tmp0; + w1[1] = tmp1; + break; + case 5: w1[1] |= tmp0; + w1[2] = tmp1; + break; + case 6: w1[2] |= tmp0; + w1[3] = tmp1; + break; + case 7: w1[3] |= tmp0; + w2[0] = tmp1; + break; + case 8: w2[0] |= tmp0; + w2[1] = tmp1; + break; + case 9: w2[1] |= tmp0; + w2[2] = tmp1; + break; + case 10: w2[2] |= tmp0; + w2[3] = tmp1; + break; + case 11: w2[3] |= tmp0; + w3[0] = tmp1; + break; + case 12: w3[0] |= tmp0; + w3[1] = tmp1; + break; + case 13: w3[1] |= tmp0; + w3[2] = tmp1; + break; + case 14: w3[2] |= tmp0; + w3[3] = tmp1; + break; + case 15: w3[3] |= tmp0; + carry = tmp1; + break; + } - #undef K - #define K SHA1C03 + const u32 new_len = func_len + 3; - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w3_t); - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w7_t); - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wb_t); - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wf_t); + if (new_len >= 64) + { + sha1_transform (w0, w1, w2, w3, digest); - digest[0] += A; - digest[1] += B; - digest[2] += C; - digest[3] += D; - digest[4] += E; + w0[0] = carry; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + } } KERNEL_FQ void m12500_init (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) @@ -180,6 +153,14 @@ KERNEL_FQ void m12500_init (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) tmps[gid].dgst[0][2] = SHA1M_C; tmps[gid].dgst[0][3] = SHA1M_D; tmps[gid].dgst[0][4] = SHA1M_E; + + /** + * context save + */ + + sha1_ctx_t ctx; + + sha1_init (&ctx); } KERNEL_FQ void m12500_loop (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) @@ -188,96 +169,68 @@ KERNEL_FQ void m12500_loop (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) if (gid >= gid_max) return; - u32 pw_buf[5]; + /** + * base + */ - pw_buf[0] = pws[gid].i[0]; - pw_buf[1] = pws[gid].i[1]; - pw_buf[2] = pws[gid].i[2]; - pw_buf[3] = pws[gid].i[3]; - pw_buf[4] = pws[gid].i[4]; + const u32 pw_len = pws[gid].pw_len; - const u32 pw_len = MIN (pws[gid].pw_len, 20); + u32 w[64] = { 0 }; - u32 salt_buf[2]; + for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + { + w[idx] = pws[gid].i[idx]; + } - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; + u32 salt_buf[16]; + + salt_buf[ 0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf[ 1] = salt_bufs[salt_pos].salt_buf[1]; + salt_buf[ 2] = 0; + salt_buf[ 3] = 0; + salt_buf[ 4] = 0; + salt_buf[ 5] = 0; + salt_buf[ 6] = 0; + salt_buf[ 7] = 0; + salt_buf[ 8] = 0; + salt_buf[ 9] = 0; + salt_buf[10] = 0; + salt_buf[11] = 0; + salt_buf[12] = 0; + salt_buf[13] = 0; + salt_buf[14] = 0; + salt_buf[15] = 0; const u32 salt_len = 8; - // this is large enough to hold all possible w[] arrays for 64 iterations - - #define LARGEBLOCK_ELEMS ((40 + 8 + 3) * 16) - - u32 largeblock[LARGEBLOCK_ELEMS]; - - for (u32 i = 0; i < LARGEBLOCK_ELEMS; i++) largeblock[i] = 0; - - for (u32 i = 0, p = 0; i < 64; i++) - { - for (u32 j = 0; j < pw_len; j++, p += 2) - { - PUTCHAR_BE (largeblock, p, GETCHAR (pw_buf, j)); - } - - for (u32 j = 0; j < salt_len; j++, p += 1) - { - PUTCHAR_BE (largeblock, p, GETCHAR (salt_buf, j)); - } - - PUTCHAR_BE (largeblock, p + 2, (loop_pos >> 16) & 0xff); - - p += 3; - } - - const u32 p3 = (pw_len * 2) + salt_len + 3; - const u32 init_pos = loop_pos / (ROUNDS / 16); - u32 dgst[5]; + sha1_ctx_t ctx; - dgst[0] = tmps[gid].dgst[init_pos][0]; - dgst[1] = tmps[gid].dgst[init_pos][1]; - dgst[2] = tmps[gid].dgst[init_pos][2]; - dgst[3] = tmps[gid].dgst[init_pos][3]; - dgst[4] = tmps[gid].dgst[init_pos][4]; + sha1_init (&ctx); - u32 iter = loop_pos; + ctx.h[0] = tmps[gid].dgst[init_pos][0]; + ctx.h[1] = tmps[gid].dgst[init_pos][1]; + ctx.h[2] = tmps[gid].dgst[init_pos][2]; + ctx.h[3] = tmps[gid].dgst[init_pos][3]; + ctx.h[4] = tmps[gid].dgst[init_pos][4]; - for (u32 i = 0; i < 256; i += 4) + for (u32 i = 0, j = loop_pos; i < 16384; i++, j++) { - for (u32 j = 0; j < 64; j++) - { - const u32 p = ((j + 1) * p3) - 2; + sha1_update_global_utf16le_swap (&ctx, w, pw_len); - PUTCHAR_BE (largeblock, p, iter >> 8); - } + sha1_update_global_swap (&ctx, salt_buf, salt_len); - for (u32 k = 0; k < 4; k++) - { - for (u32 j = 0; j < 64; j++) - { - const u32 p = ((j + 1) * p3) - 3; + memcat8c_be (ctx.w0, ctx.w1, ctx.w2, ctx.w3, ctx.len, hc_swap32_S (j), ctx.h); - PUTCHAR_BE (largeblock, p, iter >> 0); - - iter++; - } - - for (u32 j = 0; j < p3; j++) - { - const u32 j16 = j * 16; - - sha1_transform_intern (&largeblock[j16], dgst); - } - } + ctx.len += 3; } - tmps[gid].dgst[init_pos + 1][0] = dgst[0]; - tmps[gid].dgst[init_pos + 1][1] = dgst[1]; - tmps[gid].dgst[init_pos + 1][2] = dgst[2]; - tmps[gid].dgst[init_pos + 1][3] = dgst[3]; - tmps[gid].dgst[init_pos + 1][4] = dgst[4]; + tmps[gid].dgst[init_pos + 1][0] = ctx.h[0]; + tmps[gid].dgst[init_pos + 1][1] = ctx.h[1]; + tmps[gid].dgst[init_pos + 1][2] = ctx.h[2]; + tmps[gid].dgst[init_pos + 1][3] = ctx.h[3]; + tmps[gid].dgst[init_pos + 1][4] = ctx.h[4]; } KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) @@ -343,47 +296,76 @@ KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) * base */ - const u32 pw_len = MIN (pws[gid].pw_len, 20); + const u32 pw_len = pws[gid].pw_len; + + u32 w[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + { + w[idx] = pws[gid].i[idx]; + } + + u32 salt_buf[16]; + + salt_buf[ 0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf[ 1] = salt_bufs[salt_pos].salt_buf[1]; + salt_buf[ 2] = 0; + salt_buf[ 3] = 0; + salt_buf[ 4] = 0; + salt_buf[ 5] = 0; + salt_buf[ 6] = 0; + salt_buf[ 7] = 0; + salt_buf[ 8] = 0; + salt_buf[ 9] = 0; + salt_buf[10] = 0; + salt_buf[11] = 0; + salt_buf[12] = 0; + salt_buf[13] = 0; + salt_buf[14] = 0; + salt_buf[15] = 0; const u32 salt_len = 8; const u32 p3 = (pw_len * 2) + salt_len + 3; - u32 w_buf[16]; + u32 h[5]; - w_buf[ 0] = 0x80000000; - w_buf[ 1] = 0; - w_buf[ 2] = 0; - w_buf[ 3] = 0; - w_buf[ 4] = 0; - w_buf[ 5] = 0; - w_buf[ 6] = 0; - w_buf[ 7] = 0; - w_buf[ 8] = 0; - w_buf[ 9] = 0; - w_buf[10] = 0; - w_buf[11] = 0; - w_buf[12] = 0; - w_buf[13] = 0; - w_buf[14] = 0; - w_buf[15] = (p3 * ROUNDS) * 8; + h[0] = tmps[gid].dgst[16][0]; + h[1] = tmps[gid].dgst[16][1]; + h[2] = tmps[gid].dgst[16][2]; + h[3] = tmps[gid].dgst[16][3]; + h[4] = tmps[gid].dgst[16][4]; - u32 dgst[5]; + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; - dgst[0] = tmps[gid].dgst[16][0]; - dgst[1] = tmps[gid].dgst[16][1]; - dgst[2] = tmps[gid].dgst[16][2]; - dgst[3] = tmps[gid].dgst[16][3]; - dgst[4] = tmps[gid].dgst[16][4]; + w0[0] = 0x80000000; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (ROUNDS * p3) * 8; - sha1_transform_intern (w_buf, dgst); + sha1_transform (w0, w1, w2, w3, h); u32 ukey[4]; - ukey[0] = hc_swap32_S (dgst[0]); - ukey[1] = hc_swap32_S (dgst[1]); - ukey[2] = hc_swap32_S (dgst[2]); - ukey[3] = hc_swap32_S (dgst[3]); + ukey[0] = hc_swap32_S (h[0]); + ukey[1] = hc_swap32_S (h[1]); + ukey[2] = hc_swap32_S (h[2]); + ukey[3] = hc_swap32_S (h[3]); u32 ks[44]; @@ -409,77 +391,31 @@ KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) for (int i = 0; i < 16; i++) { - u32 pw_buf[5]; + sha1_ctx_t ctx; - pw_buf[0] = pws[gid].i[0]; - pw_buf[1] = pws[gid].i[1]; - pw_buf[2] = pws[gid].i[2]; - pw_buf[3] = pws[gid].i[3]; - pw_buf[4] = pws[gid].i[4]; + sha1_init (&ctx); - //const u32 pw_len = pws[gid].pw_len; - - u32 salt_buf[2]; - - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; - - //const u32 salt_len = 8; - - //const u32 p3 = (pw_len * 2) + salt_len + 3; - - u32 w[16]; - - w[ 0] = 0; - w[ 1] = 0; - w[ 2] = 0; - w[ 3] = 0; - w[ 4] = 0; - w[ 5] = 0; - w[ 6] = 0; - w[ 7] = 0; - w[ 8] = 0; - w[ 9] = 0; - w[10] = 0; - w[11] = 0; - w[12] = 0; - w[13] = 0; - w[14] = 0; - w[15] = 0; - - u32 p = 0; - - for (u32 j = 0; j < pw_len; j++, p += 2) - { - PUTCHAR_BE (w, p, GETCHAR (pw_buf, j)); - } - - for (u32 j = 0; j < salt_len; j++, p += 1) - { - PUTCHAR_BE (w, p, GETCHAR (salt_buf, j)); - } + ctx.h[0] = tmps[gid].dgst[i][0]; + ctx.h[1] = tmps[gid].dgst[i][1]; + ctx.h[2] = tmps[gid].dgst[i][2]; + ctx.h[3] = tmps[gid].dgst[i][3]; + ctx.h[4] = tmps[gid].dgst[i][4]; const u32 iter_pos = i * (ROUNDS / 16); - PUTCHAR_BE (w, p + 0, (iter_pos >> 0) & 0xff); - PUTCHAR_BE (w, p + 1, (iter_pos >> 8) & 0xff); - PUTCHAR_BE (w, p + 2, (iter_pos >> 16) & 0xff); + ctx.len = iter_pos * p3; - PUTCHAR_BE (w, p3, 0x80); + sha1_update_global_utf16le_swap (&ctx, w, pw_len); - w[15] = ((iter_pos + 1) * p3) * 8; + sha1_update_global_swap (&ctx, salt_buf, salt_len); - u32 dgst[5]; + memcat8c_be (ctx.w0, ctx.w1, ctx.w2, ctx.w3, ctx.len, hc_swap32_S (iter_pos), ctx.h); - dgst[0] = tmps[gid].dgst[i][0]; - dgst[1] = tmps[gid].dgst[i][1]; - dgst[2] = tmps[gid].dgst[i][2]; - dgst[3] = tmps[gid].dgst[i][3]; - dgst[4] = tmps[gid].dgst[i][4]; + ctx.len += 3; - sha1_transform_intern (w, dgst); + sha1_final (&ctx); - PUTCHAR (iv, i, dgst[4] & 0xff); + PUTCHAR (iv, i, ctx.h[4] & 0xff); } out[0] ^= hc_swap32_S (iv[0]); From 621ca525fb2fcedf72ca29e3c5337047de04fe70 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 4 Feb 2020 12:47:35 +0100 Subject: [PATCH 198/300] Add note to changes.txt for RAR3-hp change --- docs/changes.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changes.txt b/docs/changes.txt index a4062b5f2..1b8790a54 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -147,6 +147,7 @@ - Hash-mode 1460 (HMAC-SHA256 (key = $salt)): Allow up to 64 byte of salt - Hash-Mode 1680x (WPA-PMKID) specific: Changed separator character from '*' to ':' - Hash-Mode 8300 (DNSSEC (NSEC3)) specific: Allow empty salt +- Hash-Mode 12500 (RAR3-hp): Allow cracking of passwords up to length 64 - Keep Guessing: No longer automatically activate --keep-guessing for modes 9720, 9820, 14900 and 18100 - Keep Guessing: No longer mark hashes as cracked/removed when in potfile - Kernel Cache: Reactivate OpenCL runtime specific kernel caches From d325158e6573f37451010584c103a9e019f20555 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 4 Feb 2020 12:55:02 +0100 Subject: [PATCH 199/300] Fix functions used in m12500-pure.cl --- OpenCL/m12500-pure.cl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/OpenCL/m12500-pure.cl b/OpenCL/m12500-pure.cl index 93a48186d..24b0a8f05 100644 --- a/OpenCL/m12500-pure.cl +++ b/OpenCL/m12500-pure.cl @@ -217,9 +217,9 @@ KERNEL_FQ void m12500_loop (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) for (u32 i = 0, j = loop_pos; i < 16384; i++, j++) { - sha1_update_global_utf16le_swap (&ctx, w, pw_len); + sha1_update_utf16le_swap (&ctx, w, pw_len); - sha1_update_global_swap (&ctx, salt_buf, salt_len); + sha1_update_swap (&ctx, salt_buf, salt_len); memcat8c_be (ctx.w0, ctx.w1, ctx.w2, ctx.w3, ctx.len, hc_swap32_S (j), ctx.h); @@ -405,9 +405,9 @@ KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) ctx.len = iter_pos * p3; - sha1_update_global_utf16le_swap (&ctx, w, pw_len); + sha1_update_utf16le_swap (&ctx, w, pw_len); - sha1_update_global_swap (&ctx, salt_buf, salt_len); + sha1_update_swap (&ctx, salt_buf, salt_len); memcat8c_be (ctx.w0, ctx.w1, ctx.w2, ctx.w3, ctx.len, hc_swap32_S (iter_pos), ctx.h); From 6c96a5d9f76fce41fae2b6e6a41f8a31e782727e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 4 Feb 2020 14:35:59 +0100 Subject: [PATCH 200/300] Small speedup for -m 7900 (Drupal) --- OpenCL/m07900-pure.cl | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/OpenCL/m07900-pure.cl b/OpenCL/m07900-pure.cl index 32b381d33..0d33a1644 100644 --- a/OpenCL/m07900-pure.cl +++ b/OpenCL/m07900-pure.cl @@ -66,18 +66,6 @@ KERNEL_FQ void m07900_loop (KERN_ATTR_TMPS (drupal7_tmp_t)) const u32 pw_len = pws[gid].pw_len; - u32 w[64] = { 0 }; - - for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) - { - w[idx] = pws[gid].i[idx]; - } - - for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) - { - w[idx] = hc_swap32_S (w[idx]); - } - /** * load */ @@ -120,7 +108,7 @@ KERNEL_FQ void m07900_loop (KERN_ATTR_TMPS (drupal7_tmp_t)) sha512_ctx.len = 64; - sha512_update (&sha512_ctx, w, pw_len); + sha512_update_global_swap (&sha512_ctx, pws[gid].i, pw_len); sha512_final (&sha512_ctx); @@ -158,7 +146,7 @@ KERNEL_FQ void m07900_loop (KERN_ATTR_TMPS (drupal7_tmp_t)) sha512_ctx.len = 64; - sha512_update (&sha512_ctx, w, pw_len); + sha512_update_global_swap (&sha512_ctx, pws[gid].i, pw_len); sha512_final (&sha512_ctx); From 95f3230bcfbb4e68e2ba313648d288c0b9c0d42b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 4 Feb 2020 15:19:53 +0100 Subject: [PATCH 201/300] Small speedup for -m 12500 (RAR3-hp) in optimized mode --- OpenCL/m12500-optimized.cl | 193 +++++++++---------------------------- tools/benchmark_deep.pl | 4 +- 2 files changed, 47 insertions(+), 150 deletions(-) diff --git a/OpenCL/m12500-optimized.cl b/OpenCL/m12500-optimized.cl index dbcd97121..d3e91121e 100644 --- a/OpenCL/m12500-optimized.cl +++ b/OpenCL/m12500-optimized.cl @@ -37,134 +37,6 @@ typedef struct rar3_tmp } rar3_tmp_t; -DECLSPEC void sha1_transform_intern (const u32 *w, u32 *digest) -{ - u32 A = digest[0]; - u32 B = digest[1]; - u32 C = digest[2]; - u32 D = digest[3]; - u32 E = digest[4]; - - u32 w0_t = w[ 0]; - u32 w1_t = w[ 1]; - u32 w2_t = w[ 2]; - u32 w3_t = w[ 3]; - u32 w4_t = w[ 4]; - u32 w5_t = w[ 5]; - u32 w6_t = w[ 6]; - u32 w7_t = w[ 7]; - u32 w8_t = w[ 8]; - u32 w9_t = w[ 9]; - u32 wa_t = w[10]; - u32 wb_t = w[11]; - u32 wc_t = w[12]; - u32 wd_t = w[13]; - u32 we_t = w[14]; - u32 wf_t = w[15]; - - #undef K - #define K SHA1C00 - - SHA1_STEP (SHA1_F0o, A, B, C, D, E, w0_t); - SHA1_STEP (SHA1_F0o, E, A, B, C, D, w1_t); - SHA1_STEP (SHA1_F0o, D, E, A, B, C, w2_t); - SHA1_STEP (SHA1_F0o, C, D, E, A, B, w3_t); - SHA1_STEP (SHA1_F0o, B, C, D, E, A, w4_t); - SHA1_STEP (SHA1_F0o, A, B, C, D, E, w5_t); - SHA1_STEP (SHA1_F0o, E, A, B, C, D, w6_t); - SHA1_STEP (SHA1_F0o, D, E, A, B, C, w7_t); - SHA1_STEP (SHA1_F0o, C, D, E, A, B, w8_t); - SHA1_STEP (SHA1_F0o, B, C, D, E, A, w9_t); - SHA1_STEP (SHA1_F0o, A, B, C, D, E, wa_t); - SHA1_STEP (SHA1_F0o, E, A, B, C, D, wb_t); - SHA1_STEP (SHA1_F0o, D, E, A, B, C, wc_t); - SHA1_STEP (SHA1_F0o, C, D, E, A, B, wd_t); - SHA1_STEP (SHA1_F0o, B, C, D, E, A, we_t); - SHA1_STEP (SHA1_F0o, A, B, C, D, E, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F0o, E, A, B, C, D, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F0o, D, E, A, B, C, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F0o, C, D, E, A, B, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F0o, B, C, D, E, A, w3_t); - - #undef K - #define K SHA1C01 - - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w7_t); - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wb_t); - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w3_t); - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w7_t); - - #undef K - #define K SHA1C02 - - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wb_t); - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w3_t); - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w7_t); - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wb_t); - - #undef K - #define K SHA1C03 - - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wf_t); - w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w0_t); - w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w1_t); - w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w2_t); - w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w3_t); - w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w4_t); - w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w5_t); - w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w6_t); - w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w7_t); - w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w8_t); - w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w9_t); - wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wa_t); - wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wb_t); - wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wc_t); - wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wd_t); - we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, we_t); - wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wf_t); - - digest[0] += A; - digest[1] += B; - digest[2] += C; - digest[3] += D; - digest[4] += E; -} - KERNEL_FQ void m12500_init (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) { /** @@ -268,7 +140,29 @@ KERNEL_FQ void m12500_loop (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) { const u32 j16 = j * 16; - sha1_transform_intern (&largeblock[j16], dgst); + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = largeblock[j16 + 0]; + w0[1] = largeblock[j16 + 1]; + w0[2] = largeblock[j16 + 2]; + w0[3] = largeblock[j16 + 3]; + w1[0] = largeblock[j16 + 4]; + w1[1] = largeblock[j16 + 5]; + w1[2] = largeblock[j16 + 6]; + w1[3] = largeblock[j16 + 7]; + w2[0] = largeblock[j16 + 8]; + w2[1] = largeblock[j16 + 9]; + w2[2] = largeblock[j16 + 10]; + w2[3] = largeblock[j16 + 11]; + w3[0] = largeblock[j16 + 12]; + w3[1] = largeblock[j16 + 13]; + w3[2] = largeblock[j16 + 14]; + w3[3] = largeblock[j16 + 15]; + + sha1_transform (w0, w1, w2, w3, dgst); } } } @@ -349,24 +243,27 @@ KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) const u32 p3 = (pw_len * 2) + salt_len + 3; - u32 w_buf[16]; + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; - w_buf[ 0] = 0x80000000; - w_buf[ 1] = 0; - w_buf[ 2] = 0; - w_buf[ 3] = 0; - w_buf[ 4] = 0; - w_buf[ 5] = 0; - w_buf[ 6] = 0; - w_buf[ 7] = 0; - w_buf[ 8] = 0; - w_buf[ 9] = 0; - w_buf[10] = 0; - w_buf[11] = 0; - w_buf[12] = 0; - w_buf[13] = 0; - w_buf[14] = 0; - w_buf[15] = (p3 * ROUNDS) * 8; + w0[0] = 0x80000000; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (p3 * ROUNDS) * 8; u32 dgst[5]; @@ -376,7 +273,7 @@ KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) dgst[3] = tmps[gid].dgst[16][3]; dgst[4] = tmps[gid].dgst[16][4]; - sha1_transform_intern (w_buf, dgst); + sha1_transform (w0, w1, w2, w3, dgst); u32 ukey[4]; @@ -477,7 +374,7 @@ KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t)) dgst[3] = tmps[gid].dgst[i][3]; dgst[4] = tmps[gid].dgst[i][4]; - sha1_transform_intern (w, dgst); + sha1_transform (w + 0, w + 4, w + 8, w + 12, dgst); PUTCHAR (iv, i, dgst[4] & 0xff); } diff --git a/tools/benchmark_deep.pl b/tools/benchmark_deep.pl index 01e898839..e75332dba 100755 --- a/tools/benchmark_deep.pl +++ b/tools/benchmark_deep.pl @@ -8,7 +8,7 @@ my $amd_cache = "~/.AMD"; my $hashcat_path = "."; my $kernels_cache = "$hashcat_path/kernels"; my $hashcat_bin = "$hashcat_path/hashcat"; -my $device = 3; +my $device = 1; my $workload_profile = 3; my $runtime = 24; my $sleep_sec = 12; @@ -16,7 +16,7 @@ my $default_mask = "?b?b?b?b?b?b?b"; my $result = "result.txt"; my $old_hashcat = 0; # requires to have ran with new hashcat before to create the hashfiles my $repeats = 1; -my $cpu_benchmark = 1; +my $cpu_benchmark = 0; print "\nHardware preparations... You may need to adjust some settings and probably can ignore some of the error\n\n"; From 050f6b0e30d6798a7c90c46a7c86ea046ca263ec Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 4 Feb 2020 15:38:01 +0100 Subject: [PATCH 202/300] Remove some useless code in -m 12400 --- OpenCL/m12400-pure.cl | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/OpenCL/m12400-pure.cl b/OpenCL/m12400-pure.cl index 7e913a518..41b0adf6f 100644 --- a/OpenCL/m12400-pure.cl +++ b/OpenCL/m12400-pure.cl @@ -726,40 +726,6 @@ KERNEL_FQ void m12400_loop (KERN_ATTR_TMPS (bsdicrypt_tmp_t)) _des_crypt_encrypt (iv, mask, loop_cnt, Kc, Kd, s_SPtrans); - tmps[gid].Kc[ 0] = Kc[ 0]; - tmps[gid].Kc[ 1] = Kc[ 1]; - tmps[gid].Kc[ 2] = Kc[ 2]; - tmps[gid].Kc[ 3] = Kc[ 3]; - tmps[gid].Kc[ 4] = Kc[ 4]; - tmps[gid].Kc[ 5] = Kc[ 5]; - tmps[gid].Kc[ 6] = Kc[ 6]; - tmps[gid].Kc[ 7] = Kc[ 7]; - tmps[gid].Kc[ 8] = Kc[ 8]; - tmps[gid].Kc[ 9] = Kc[ 9]; - tmps[gid].Kc[10] = Kc[10]; - tmps[gid].Kc[11] = Kc[11]; - tmps[gid].Kc[12] = Kc[12]; - tmps[gid].Kc[13] = Kc[13]; - tmps[gid].Kc[14] = Kc[14]; - tmps[gid].Kc[15] = Kc[15]; - - tmps[gid].Kd[ 0] = Kd[ 0]; - tmps[gid].Kd[ 1] = Kd[ 1]; - tmps[gid].Kd[ 2] = Kd[ 2]; - tmps[gid].Kd[ 3] = Kd[ 3]; - tmps[gid].Kd[ 4] = Kd[ 4]; - tmps[gid].Kd[ 5] = Kd[ 5]; - tmps[gid].Kd[ 6] = Kd[ 6]; - tmps[gid].Kd[ 7] = Kd[ 7]; - tmps[gid].Kd[ 8] = Kd[ 8]; - tmps[gid].Kd[ 9] = Kd[ 9]; - tmps[gid].Kd[10] = Kd[10]; - tmps[gid].Kd[11] = Kd[11]; - tmps[gid].Kd[12] = Kd[12]; - tmps[gid].Kd[13] = Kd[13]; - tmps[gid].Kd[14] = Kd[14]; - tmps[gid].Kd[15] = Kd[15]; - tmps[gid].iv[0] = iv[0]; tmps[gid].iv[1] = iv[1]; } From 17a64f50191d14a498ab18a8a4ac617afc9af23f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 4 Feb 2020 18:31:23 +0100 Subject: [PATCH 203/300] Set a fixed register count maximumfor CUDA kernel. This prevents kernels going out of control and to have negative effects on other kernels from the same source code (For instance 16600) --- src/backend.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/src/backend.c b/src/backend.c index ba21858fc..d7e410e2c 100644 --- a/src/backend.c +++ b/src/backend.c @@ -7052,8 +7052,8 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p char *mod_info_log = (char *) hcmalloc (LOG_SIZE + 1); char *mod_error_log = (char *) hcmalloc (LOG_SIZE + 1); - CUjit_option mod_opts[6]; - void *mod_vals[6]; + CUjit_option mod_opts[7]; + void *mod_vals[7]; mod_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; mod_vals[0] = (void *) 0; @@ -7073,13 +7073,16 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p mod_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; mod_vals[5] = (void *) LOG_SIZE; + mod_opts[6] = CU_JIT_MAX_REGISTERS; + mod_vals[6] = (void *) 128; + #if defined (WITH_CUBIN) char *jit_info_log = (char *) hcmalloc (LOG_SIZE + 1); char *jit_error_log = (char *) hcmalloc (LOG_SIZE + 1); - CUjit_option jit_opts[6]; - void *jit_vals[6]; + CUjit_option jit_opts[7]; + void *jit_vals[7]; jit_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; jit_vals[0] = (void *) 0; @@ -7099,9 +7102,12 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p jit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; jit_vals[5] = (void *) LOG_SIZE; + jit_opts[6] = CU_JIT_MAX_REGISTERS; + jit_vals[6] = (void *) 128; + CUlinkState state; - if (hc_cuLinkCreate (hashcat_ctx, 6, jit_opts, jit_vals, &state) == -1) + if (hc_cuLinkCreate (hashcat_ctx, 7, jit_opts, jit_vals, &state) == -1) { event_log_error (hashcat_ctx, "* Device #%u: Kernel %s link failed. Error Log:", device_param->device_id + 1, source_file); event_log_error (hashcat_ctx, "%s", jit_error_log); @@ -7138,7 +7144,7 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p event_log_info (hashcat_ctx, NULL); #endif - if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, cubin, 6, mod_opts, mod_vals) == -1) + if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, cubin, 7, mod_opts, mod_vals) == -1) { event_log_error (hashcat_ctx, "* Device #%u: Kernel %s load failed. Error Log:", device_param->device_id + 1, source_file); event_log_error (hashcat_ctx, "%s", mod_error_log); @@ -7165,7 +7171,7 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p #else - if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, binary, 6, mod_opts, mod_vals) == -1) + if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, binary, 7, mod_opts, mod_vals) == -1) { event_log_error (hashcat_ctx, "* Device #%u: Kernel %s load failed. Error Log:", device_param->device_id + 1, source_file); event_log_error (hashcat_ctx, "%s", mod_error_log); @@ -7253,8 +7259,8 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p char *mod_info_log = (char *) hcmalloc (LOG_SIZE + 1); char *mod_error_log = (char *) hcmalloc (LOG_SIZE + 1); - CUjit_option mod_opts[6]; - void *mod_vals[6]; + CUjit_option mod_opts[7]; + void *mod_vals[7]; mod_opts[0] = CU_JIT_TARGET_FROM_CUCONTEXT; mod_vals[0] = (void *) 0; @@ -7274,7 +7280,10 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p mod_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; mod_vals[5] = (void *) LOG_SIZE; - if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, kernel_sources[0], 6, mod_opts, mod_vals) == -1) + mod_opts[6] = CU_JIT_MAX_REGISTERS; + mod_vals[6] = (void *) 128; + + if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, kernel_sources[0], 7, mod_opts, mod_vals) == -1) { event_log_error (hashcat_ctx, "* Device #%u: Kernel %s load failed. Error Log:", device_param->device_id + 1, source_file); event_log_error (hashcat_ctx, "%s", mod_error_log); From 4788c61dd25677e43f02e0fa1ed1a13b7db7b1cc Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 4 Feb 2020 21:53:27 +0100 Subject: [PATCH 204/300] Add OPTI_TYPE_REGISTER_LIMIT flag to enable register limiting in CUDA --- include/types.h | 3 ++- src/backend.c | 43 +++++++++++++++++++++++++++++--------- src/modules/module_07900.c | 1 + src/modules/module_10700.c | 3 ++- src/modules/module_12400.c | 3 ++- src/modules/module_16600.c | 1 + tools/benchmark_deep.pl | 2 +- 7 files changed, 42 insertions(+), 14 deletions(-) diff --git a/include/types.h b/include/types.h index ccc5a8a74..3ff3f5c6b 100644 --- a/include/types.h +++ b/include/types.h @@ -372,7 +372,8 @@ typedef enum opti_type OPTI_TYPE_USES_BITS_8 = (1 << 16), OPTI_TYPE_USES_BITS_16 = (1 << 17), OPTI_TYPE_USES_BITS_32 = (1 << 18), - OPTI_TYPE_USES_BITS_64 = (1 << 19) + OPTI_TYPE_USES_BITS_64 = (1 << 19), + OPTI_TYPE_REGISTER_LIMIT = (1 << 20), // We'll limit the register count to 128 } opti_type_t; diff --git a/src/backend.c b/src/backend.c index d7e410e2c..72041c6c0 100644 --- a/src/backend.c +++ b/src/backend.c @@ -6949,6 +6949,8 @@ static u32 get_kernel_threads (const hc_device_param_t *device_param) static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, const char *kernel_name, char *source_file, char *cached_file, const char *build_options_buf, const bool cache_disable, cl_program *opencl_program, CUmodule *cuda_module) { + const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; + bool cached = true; if (cache_disable == true) @@ -7052,6 +7054,8 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p char *mod_info_log = (char *) hcmalloc (LOG_SIZE + 1); char *mod_error_log = (char *) hcmalloc (LOG_SIZE + 1); + int mod_cnt = 6; + CUjit_option mod_opts[7]; void *mod_vals[7]; @@ -7073,14 +7077,21 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p mod_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; mod_vals[5] = (void *) LOG_SIZE; - mod_opts[6] = CU_JIT_MAX_REGISTERS; - mod_vals[6] = (void *) 128; + if (hashconfig->opti_type & OPTI_TYPE_REGISTER_LIMIT) + { + mod_opts[6] = CU_JIT_MAX_REGISTERS; + mod_vals[6] = (void *) 128; + + mod_cnt++; + } #if defined (WITH_CUBIN) char *jit_info_log = (char *) hcmalloc (LOG_SIZE + 1); char *jit_error_log = (char *) hcmalloc (LOG_SIZE + 1); + int jit_cnt = 6; + CUjit_option jit_opts[7]; void *jit_vals[7]; @@ -7102,12 +7113,17 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p jit_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; jit_vals[5] = (void *) LOG_SIZE; - jit_opts[6] = CU_JIT_MAX_REGISTERS; - jit_vals[6] = (void *) 128; + if (hashconfig->opti_type & OPTI_TYPE_REGISTER_LIMIT) + { + jit_opts[6] = CU_JIT_MAX_REGISTERS; + jit_vals[6] = (void *) 128; + + jit_cnt++; + } CUlinkState state; - if (hc_cuLinkCreate (hashcat_ctx, 7, jit_opts, jit_vals, &state) == -1) + if (hc_cuLinkCreate (hashcat_ctx, jit_cnt, jit_opts, jit_vals, &state) == -1) { event_log_error (hashcat_ctx, "* Device #%u: Kernel %s link failed. Error Log:", device_param->device_id + 1, source_file); event_log_error (hashcat_ctx, "%s", jit_error_log); @@ -7144,7 +7160,7 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p event_log_info (hashcat_ctx, NULL); #endif - if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, cubin, 7, mod_opts, mod_vals) == -1) + if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, cubin, mod_cnt, mod_opts, mod_vals) == -1) { event_log_error (hashcat_ctx, "* Device #%u: Kernel %s load failed. Error Log:", device_param->device_id + 1, source_file); event_log_error (hashcat_ctx, "%s", mod_error_log); @@ -7171,7 +7187,7 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p #else - if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, binary, 7, mod_opts, mod_vals) == -1) + if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, binary, mod_cnt, mod_opts, mod_vals) == -1) { event_log_error (hashcat_ctx, "* Device #%u: Kernel %s load failed. Error Log:", device_param->device_id + 1, source_file); event_log_error (hashcat_ctx, "%s", mod_error_log); @@ -7259,6 +7275,8 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p char *mod_info_log = (char *) hcmalloc (LOG_SIZE + 1); char *mod_error_log = (char *) hcmalloc (LOG_SIZE + 1); + int mod_cnt = 6; + CUjit_option mod_opts[7]; void *mod_vals[7]; @@ -7280,10 +7298,15 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p mod_opts[5] = CU_JIT_ERROR_LOG_BUFFER_SIZE_BYTES; mod_vals[5] = (void *) LOG_SIZE; - mod_opts[6] = CU_JIT_MAX_REGISTERS; - mod_vals[6] = (void *) 128; + if (hashconfig->opti_type & OPTI_TYPE_REGISTER_LIMIT) + { + mod_opts[6] = CU_JIT_MAX_REGISTERS; + mod_vals[6] = (void *) 128; - if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, kernel_sources[0], 7, mod_opts, mod_vals) == -1) + mod_cnt++; + } + + if (hc_cuModuleLoadDataEx (hashcat_ctx, cuda_module, kernel_sources[0], mod_cnt, mod_opts, mod_vals) == -1) { event_log_error (hashcat_ctx, "* Device #%u: Kernel %s load failed. Error Log:", device_param->device_id + 1, source_file); event_log_error (hashcat_ctx, "%s", mod_error_log); diff --git a/src/modules/module_07900.c b/src/modules/module_07900.c index 781ffd524..6c6d23c8d 100644 --- a/src/modules/module_07900.c +++ b/src/modules/module_07900.c @@ -20,6 +20,7 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_FORUM_SOFTWARE; static const char *HASH_NAME = "Drupal7"; static const u64 KERN_TYPE = 7900; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_REGISTER_LIMIT | OPTI_TYPE_USES_BITS_64; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; diff --git a/src/modules/module_10700.c b/src/modules/module_10700.c index 5dfa6f6a5..fe006580c 100644 --- a/src/modules/module_10700.c +++ b/src/modules/module_10700.c @@ -19,7 +19,8 @@ static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; static const char *HASH_NAME = "PDF 1.7 Level 8 (Acrobat 10 - 11)"; static const u64 KERN_TYPE = 10700; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_REGISTER_LIMIT; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_HASH_COPY; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; diff --git a/src/modules/module_12400.c b/src/modules/module_12400.c index 91ba35598..0152d36d9 100644 --- a/src/modules/module_12400.c +++ b/src/modules/module_12400.c @@ -20,7 +20,8 @@ static const u32 DGST_SIZE = DGST_SIZE_4_4; static const u32 HASH_CATEGORY = HASH_CATEGORY_OS; static const char *HASH_NAME = "BSDi Crypt, Extended DES"; static const u64 KERN_TYPE = 12400; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_REGISTER_LIMIT; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; diff --git a/src/modules/module_16600.c b/src/modules/module_16600.c index 633901cca..2ad9fe201 100644 --- a/src/modules/module_16600.c +++ b/src/modules/module_16600.c @@ -20,6 +20,7 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER; static const char *HASH_NAME = "Electrum Wallet (Salt-Type 1-3)"; static const u64 KERN_TYPE = 16600; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_REGISTER_LIMIT | OPTI_TYPE_PRECOMPUTE_INIT; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_BE | OPTS_TYPE_PT_ADD80 diff --git a/tools/benchmark_deep.pl b/tools/benchmark_deep.pl index e75332dba..ee562403b 100755 --- a/tools/benchmark_deep.pl +++ b/tools/benchmark_deep.pl @@ -8,7 +8,7 @@ my $amd_cache = "~/.AMD"; my $hashcat_path = "."; my $kernels_cache = "$hashcat_path/kernels"; my $hashcat_bin = "$hashcat_path/hashcat"; -my $device = 1; +my $device = 3; my $workload_profile = 3; my $runtime = 24; my $sleep_sec = 12; From 59677cd4b84a2d6e33d4f6f506db9621c2d2a1ed Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 4 Feb 2020 21:54:09 +0100 Subject: [PATCH 205/300] Small optimization in -m 16600 --- OpenCL/m16600_a0-optimized.cl | 80 +++++---- OpenCL/m16600_a0-pure.cl | 80 +++++---- OpenCL/m16600_a1-optimized.cl | 80 +++++---- OpenCL/m16600_a1-pure.cl | 80 +++++---- OpenCL/m16600_a3-optimized.cl | 313 ++++++++++------------------------ OpenCL/m16600_a3-pure.cl | 80 +++++---- 6 files changed, 319 insertions(+), 394 deletions(-) diff --git a/OpenCL/m16600_a0-optimized.cl b/OpenCL/m16600_a0-optimized.cl index d5baafd3f..952a06c83 100644 --- a/OpenCL/m16600_a0-optimized.cl +++ b/OpenCL/m16600_a0-optimized.cl @@ -106,6 +106,26 @@ KERNEL_FQ void m16600_m04 (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) const u32 pw_len = pws[gid].pw_len & 63; + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -348,30 +368,16 @@ KERNEL_FQ void m16600_m04 (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; - u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -384,7 +390,7 @@ KERNEL_FQ void m16600_m04 (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -400,7 +406,7 @@ KERNEL_FQ void m16600_m04 (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): @@ -512,6 +518,26 @@ KERNEL_FQ void m16600_s04 (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) const u32 pw_len = pws[gid].pw_len & 63; + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -754,30 +780,16 @@ KERNEL_FQ void m16600_s04 (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; - u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -790,7 +802,7 @@ KERNEL_FQ void m16600_s04 (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -806,7 +818,7 @@ KERNEL_FQ void m16600_s04 (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): diff --git a/OpenCL/m16600_a0-pure.cl b/OpenCL/m16600_a0-pure.cl index f5e29d805..551e751d2 100644 --- a/OpenCL/m16600_a0-pure.cl +++ b/OpenCL/m16600_a0-pure.cl @@ -94,6 +94,26 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) COPY_PW (pws[gid]); + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -162,30 +182,16 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; - u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -198,7 +204,7 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -214,7 +220,7 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): @@ -306,6 +312,26 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) COPY_PW (pws[gid]); + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -374,30 +400,16 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; - u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -410,7 +422,7 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -426,7 +438,7 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_RULES_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): diff --git a/OpenCL/m16600_a1-optimized.cl b/OpenCL/m16600_a1-optimized.cl index 7896a77e5..72aba70f5 100644 --- a/OpenCL/m16600_a1-optimized.cl +++ b/OpenCL/m16600_a1-optimized.cl @@ -104,6 +104,26 @@ KERNEL_FQ void m16600_m04 (KERN_ATTR_ESALT (electrum_wallet_t)) const u32 pw_l_len = pws[gid].pw_len & 63; + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -404,30 +424,16 @@ KERNEL_FQ void m16600_m04 (KERN_ATTR_ESALT (electrum_wallet_t)) aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; - u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -440,7 +446,7 @@ KERNEL_FQ void m16600_m04 (KERN_ATTR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -456,7 +462,7 @@ KERNEL_FQ void m16600_m04 (KERN_ATTR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): @@ -568,6 +574,26 @@ KERNEL_FQ void m16600_s04 (KERN_ATTR_ESALT (electrum_wallet_t)) const u32 pw_l_len = pws[gid].pw_len & 63; + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -868,30 +894,16 @@ KERNEL_FQ void m16600_s04 (KERN_ATTR_ESALT (electrum_wallet_t)) aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; - u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -904,7 +916,7 @@ KERNEL_FQ void m16600_s04 (KERN_ATTR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -920,7 +932,7 @@ KERNEL_FQ void m16600_s04 (KERN_ATTR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): diff --git a/OpenCL/m16600_a1-pure.cl b/OpenCL/m16600_a1-pure.cl index dde2ad588..976c72176 100644 --- a/OpenCL/m16600_a1-pure.cl +++ b/OpenCL/m16600_a1-pure.cl @@ -96,6 +96,26 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_ESALT (electrum_wallet_t)) sha256_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -158,30 +178,16 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_ESALT (electrum_wallet_t)) aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; - u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -194,7 +200,7 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -210,7 +216,7 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): @@ -306,6 +312,26 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_ESALT (electrum_wallet_t)) sha256_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -368,30 +394,16 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_ESALT (electrum_wallet_t)) aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; - u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -404,7 +416,7 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -420,7 +432,7 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): diff --git a/OpenCL/m16600_a3-optimized.cl b/OpenCL/m16600_a3-optimized.cl index cfe2a1d9d..bf0ed87fd 100644 --- a/OpenCL/m16600_a3-optimized.cl +++ b/OpenCL/m16600_a3-optimized.cl @@ -31,6 +31,26 @@ DECLSPEC void m16600 (SHM_TYPE u32a *s_te0, SHM_TYPE u32a *s_te1, SHM_TYPE u32a const u64 gid = get_global_id (0); + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -41,255 +61,100 @@ DECLSPEC void m16600 (SHM_TYPE u32a *s_te0, SHM_TYPE u32a *s_te1, SHM_TYPE u32a { const u32x w0r = ix_create_bft (bfs_buf, il_pos); - const u32x w0 = w0l | w0r; + const u32x w0lr = w0l | w0r; - u32x w0_t = w0; - u32x w1_t = w[ 1]; - u32x w2_t = w[ 2]; - u32x w3_t = w[ 3]; - u32x w4_t = w[ 4]; - u32x w5_t = w[ 5]; - u32x w6_t = w[ 6]; - u32x w7_t = w[ 7]; - u32x w8_t = w[ 8]; - u32x w9_t = w[ 9]; - u32x wa_t = w[10]; - u32x wb_t = w[11]; - u32x wc_t = w[12]; - u32x wd_t = w[13]; - u32x we_t = w[14]; - u32x wf_t = w[15]; + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; - u32x a = SHA256M_A; - u32x b = SHA256M_B; - u32x c = SHA256M_C; - u32x d = SHA256M_D; - u32x e = SHA256M_E; - u32x f = SHA256M_F; - u32x g = SHA256M_G; - u32x h = SHA256M_H; + w0[0] = w0lr; + w0[1] = w[ 1]; + w0[2] = w[ 2]; + w0[3] = w[ 3]; + w1[0] = w[ 4]; + w1[1] = w[ 5]; + w1[2] = w[ 6]; + w1[3] = w[ 7]; + w2[0] = w[ 8]; + w2[1] = w[ 9]; + w2[2] = w[10]; + w2[3] = w[11]; + w3[0] = w[12]; + w3[1] = w[13]; + w3[2] = w[14]; + w3[3] = w[15]; - SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C00); - SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C01); - SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C02); - SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C03); - SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C04); - SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C05); - SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C06); - SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C07); - SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C08); - SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C09); - SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C0a); - SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C0b); - SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C0c); - SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C0d); - SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C0e); - SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C0f); + u32 digest[8]; - w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C10); - w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C11); - w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C12); - w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C13); - w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C14); - w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C15); - w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C16); - w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C17); - w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C18); - w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C19); - wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C1a); - wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C1b); - wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C1c); - wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C1d); - we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C1e); - wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C1f); + digest[0] = SHA256M_A; + digest[1] = SHA256M_B; + digest[2] = SHA256M_C; + digest[3] = SHA256M_D; + digest[4] = SHA256M_E; + digest[5] = SHA256M_F; + digest[6] = SHA256M_G; + digest[7] = SHA256M_H; - w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C20); - w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C21); - w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C22); - w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C23); - w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C24); - w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C25); - w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C26); - w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C27); - w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C28); - w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C29); - wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C2a); - wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C2b); - wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C2c); - wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C2d); - we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C2e); - wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C2f); + sha256_transform (w0, w1, w2, w3, digest); - w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C30); - w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C31); - w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C32); - w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C33); - w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C34); - w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C35); - w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C36); - w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C37); - w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C38); - w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C39); - wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C3a); - wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C3b); - wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C3c); - wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C3d); - we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C3e); - wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C3f); + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = digest[5]; + w1[2] = digest[6]; + w1[3] = digest[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 32 * 8; - a += SHA256M_A; - b += SHA256M_B; - c += SHA256M_C; - d += SHA256M_D; - e += SHA256M_E; - f += SHA256M_F; - g += SHA256M_G; - h += SHA256M_H; + digest[0] = SHA256M_A; + digest[1] = SHA256M_B; + digest[2] = SHA256M_C; + digest[3] = SHA256M_D; + digest[4] = SHA256M_E; + digest[5] = SHA256M_F; + digest[6] = SHA256M_G; + digest[7] = SHA256M_H; - w0_t = a; - w1_t = b; - w2_t = c; - w3_t = d; - w4_t = e; - w5_t = f; - w6_t = g; - w7_t = h; - w8_t = 0x80000000; - w9_t = 0; - wa_t = 0; - wb_t = 0; - wc_t = 0; - wd_t = 0; - we_t = 0; - wf_t = 32 * 8; - - a = SHA256M_A; - b = SHA256M_B; - c = SHA256M_C; - d = SHA256M_D; - e = SHA256M_E; - f = SHA256M_F; - g = SHA256M_G; - h = SHA256M_H; - - SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C00); - SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C01); - SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C02); - SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C03); - SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C04); - SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C05); - SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C06); - SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C07); - SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C08); - SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C09); - SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C0a); - SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C0b); - SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C0c); - SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C0d); - SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C0e); - SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C0f); - - w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C10); - w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C11); - w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C12); - w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C13); - w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C14); - w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C15); - w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C16); - w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C17); - w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C18); - w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C19); - wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C1a); - wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C1b); - wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C1c); - wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C1d); - we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C1e); - wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C1f); - - w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C20); - w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C21); - w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C22); - w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C23); - w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C24); - w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C25); - w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C26); - w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C27); - w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C28); - w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C29); - wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C2a); - wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C2b); - wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C2c); - wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C2d); - we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C2e); - wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C2f); - - w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, SHA256C30); - w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, SHA256C31); - w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, SHA256C32); - w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, SHA256C33); - w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, SHA256C34); - w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, SHA256C35); - w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, SHA256C36); - w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, SHA256C37); - w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, SHA256C38); - w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, SHA256C39); - wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, SHA256C3a); - wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, SHA256C3b); - wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, SHA256C3c); - wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, SHA256C3d); - we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, SHA256C3e); - wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, SHA256C3f); - - a += SHA256M_A; - b += SHA256M_B; - c += SHA256M_C; - d += SHA256M_D; - e += SHA256M_E; - f += SHA256M_F; - g += SHA256M_G; - h += SHA256M_H; + sha256_transform (w0, w1, w2, w3, digest); u32 ukey[8]; - ukey[0] = hc_swap32_S (a); - ukey[1] = hc_swap32_S (b); - ukey[2] = hc_swap32_S (c); - ukey[3] = hc_swap32_S (d); - ukey[4] = hc_swap32_S (e); - ukey[5] = hc_swap32_S (f); - ukey[6] = hc_swap32_S (g); - ukey[7] = hc_swap32_S (h); + ukey[0] = digest[0]; + ukey[1] = digest[1]; + ukey[2] = digest[2]; + ukey[3] = digest[3]; + ukey[4] = digest[4]; + ukey[5] = digest[5]; + ukey[6] = digest[6]; + ukey[7] = digest[7]; #define KEYLEN 60 u32 ks[KEYLEN]; - aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + aes256_ExpandKey (ks, ukey, s_te0, s_te1, s_te2, s_te3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + aes256_InvertKey (ks, s_te1, s_td0, s_td1, s_td2, s_td3); u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -302,7 +167,7 @@ DECLSPEC void m16600 (SHM_TYPE u32a *s_te0, SHM_TYPE u32a *s_te1, SHM_TYPE u32a } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -318,7 +183,7 @@ DECLSPEC void m16600 (SHM_TYPE u32a *s_te0, SHM_TYPE u32a *s_te1, SHM_TYPE u32a } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): diff --git a/OpenCL/m16600_a3-pure.cl b/OpenCL/m16600_a3-pure.cl index 49667e50a..b7ead62fd 100644 --- a/OpenCL/m16600_a3-pure.cl +++ b/OpenCL/m16600_a3-pure.cl @@ -99,6 +99,26 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_VECTOR_ESALT (electrum_wallet_t)) w[idx] = pws[gid].i[idx]; } + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -171,30 +191,16 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_VECTOR_ESALT (electrum_wallet_t)) aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; - u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -207,7 +213,7 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_VECTOR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -223,7 +229,7 @@ KERNEL_FQ void m16600_mxx (KERN_ATTR_VECTOR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): @@ -322,6 +328,26 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_VECTOR_ESALT (electrum_wallet_t)) w[idx] = pws[gid].i[idx]; } + /** + * data + */ + + const u32 salt_type = esalt_bufs[digests_offset].salt_type; + + u32 encrypted[4]; + + encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; + encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; + encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; + encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; + + u32 iv[4]; + + iv[0] = esalt_bufs[digests_offset].iv[0]; + iv[1] = esalt_bufs[digests_offset].iv[1]; + iv[2] = esalt_bufs[digests_offset].iv[2]; + iv[3] = esalt_bufs[digests_offset].iv[3]; + /** * loop */ @@ -394,30 +420,16 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_VECTOR_ESALT (electrum_wallet_t)) aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 encrypted[4]; - - encrypted[0] = esalt_bufs[digests_offset].encrypted[0]; - encrypted[1] = esalt_bufs[digests_offset].encrypted[1]; - encrypted[2] = esalt_bufs[digests_offset].encrypted[2]; - encrypted[3] = esalt_bufs[digests_offset].encrypted[3]; - u32 out[4]; aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); - u32 iv[4]; - - iv[0] = esalt_bufs[digests_offset].iv[0]; - iv[1] = esalt_bufs[digests_offset].iv[1]; - iv[2] = esalt_bufs[digests_offset].iv[2]; - iv[3] = esalt_bufs[digests_offset].iv[3]; - out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - if (esalt_bufs[digests_offset].salt_type == 1) + if (salt_type == 1) { if (is_valid_hex_32 (out[0]) == 0) continue; if (is_valid_hex_32 (out[1]) == 0) continue; @@ -430,7 +442,7 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_VECTOR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 2) + if (salt_type == 2) { if ((u8) (out[0] >> 0) != 'x') continue; if ((u8) (out[0] >> 8) != 'p') continue; @@ -446,7 +458,7 @@ KERNEL_FQ void m16600_sxx (KERN_ATTR_VECTOR_ESALT (electrum_wallet_t)) } } - if (esalt_bufs[digests_offset].salt_type == 3) + if (salt_type == 3) { // check PKCS7 padding (either 13 times 0x0d or 12 times 0x0c at the end, we only check 12 bytes, it's enough): From dbfd8d949e8afb5b5d4879636b7fac90bc598140 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 5 Feb 2020 09:54:05 +0100 Subject: [PATCH 206/300] Small code optimization -m 6500 --- OpenCL/m06500-pure.cl | 302 ++++++++++++++++++++---------------------- 1 file changed, 147 insertions(+), 155 deletions(-) diff --git a/OpenCL/m06500-pure.cl b/OpenCL/m06500-pure.cl index 73a154a64..7da04c694 100644 --- a/OpenCL/m06500-pure.cl +++ b/OpenCL/m06500-pure.cl @@ -119,74 +119,69 @@ KERNEL_FQ void m06500_init (KERN_ATTR_TMPS (sha512aix_tmp_t)) sha512_hmac_update_global_swap (&sha512_hmac_ctx, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); - for (u32 i = 0, j = 1; i < 8; i += 8, j += 1) - { - sha512_hmac_ctx_t sha512_hmac_ctx2 = sha512_hmac_ctx; + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + u32 w4[4]; + u32 w5[4]; + u32 w6[4]; + u32 w7[4]; - u32 w0[4]; - u32 w1[4]; - u32 w2[4]; - u32 w3[4]; - u32 w4[4]; - u32 w5[4]; - u32 w6[4]; - u32 w7[4]; + w0[0] = 1; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + w4[0] = 0; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = 0; - w0[0] = j; - w0[1] = 0; - w0[2] = 0; - w0[3] = 0; - w1[0] = 0; - w1[1] = 0; - w1[2] = 0; - w1[3] = 0; - w2[0] = 0; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = 0; - w4[0] = 0; - w4[1] = 0; - w4[2] = 0; - w4[3] = 0; - w5[0] = 0; - w5[1] = 0; - w5[2] = 0; - w5[3] = 0; - w6[0] = 0; - w6[1] = 0; - w6[2] = 0; - w6[3] = 0; - w7[0] = 0; - w7[1] = 0; - w7[2] = 0; - w7[3] = 0; + sha512_hmac_update_128 (&sha512_hmac_ctx, w0, w1, w2, w3, w4, w5, w6, w7, 4); - sha512_hmac_update_128 (&sha512_hmac_ctx2, w0, w1, w2, w3, w4, w5, w6, w7, 4); + sha512_hmac_final (&sha512_hmac_ctx); - sha512_hmac_final (&sha512_hmac_ctx2); + tmps[gid].dgst[0] = sha512_hmac_ctx.opad.h[0]; + tmps[gid].dgst[1] = sha512_hmac_ctx.opad.h[1]; + tmps[gid].dgst[2] = sha512_hmac_ctx.opad.h[2]; + tmps[gid].dgst[3] = sha512_hmac_ctx.opad.h[3]; + tmps[gid].dgst[4] = sha512_hmac_ctx.opad.h[4]; + tmps[gid].dgst[5] = sha512_hmac_ctx.opad.h[5]; + tmps[gid].dgst[6] = sha512_hmac_ctx.opad.h[6]; + tmps[gid].dgst[7] = sha512_hmac_ctx.opad.h[7]; - tmps[gid].dgst[i + 0] = sha512_hmac_ctx2.opad.h[0]; - tmps[gid].dgst[i + 1] = sha512_hmac_ctx2.opad.h[1]; - tmps[gid].dgst[i + 2] = sha512_hmac_ctx2.opad.h[2]; - tmps[gid].dgst[i + 3] = sha512_hmac_ctx2.opad.h[3]; - tmps[gid].dgst[i + 4] = sha512_hmac_ctx2.opad.h[4]; - tmps[gid].dgst[i + 5] = sha512_hmac_ctx2.opad.h[5]; - tmps[gid].dgst[i + 6] = sha512_hmac_ctx2.opad.h[6]; - tmps[gid].dgst[i + 7] = sha512_hmac_ctx2.opad.h[7]; - - tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; - tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; - tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; - tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; - tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; - tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5]; - tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6]; - tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7]; - } + tmps[gid].out[0] = sha512_hmac_ctx.opad.h[0]; + tmps[gid].out[1] = sha512_hmac_ctx.opad.h[1]; + tmps[gid].out[2] = sha512_hmac_ctx.opad.h[2]; + tmps[gid].out[3] = sha512_hmac_ctx.opad.h[3]; + tmps[gid].out[4] = sha512_hmac_ctx.opad.h[4]; + tmps[gid].out[5] = sha512_hmac_ctx.opad.h[5]; + tmps[gid].out[6] = sha512_hmac_ctx.opad.h[6]; + tmps[gid].out[7] = sha512_hmac_ctx.opad.h[7]; } KERNEL_FQ void m06500_loop (KERN_ATTR_TMPS (sha512aix_tmp_t)) @@ -216,103 +211,100 @@ KERNEL_FQ void m06500_loop (KERN_ATTR_TMPS (sha512aix_tmp_t)) opad[6] = pack64v (tmps, opad, gid, 6); opad[7] = pack64v (tmps, opad, gid, 7); - for (u32 i = 0; i < 8; i += 8) + u64x dgst[8]; + u64x out[8]; + + dgst[0] = pack64v (tmps, dgst, gid, 0); + dgst[1] = pack64v (tmps, dgst, gid, 1); + dgst[2] = pack64v (tmps, dgst, gid, 2); + dgst[3] = pack64v (tmps, dgst, gid, 3); + dgst[4] = pack64v (tmps, dgst, gid, 4); + dgst[5] = pack64v (tmps, dgst, gid, 5); + dgst[6] = pack64v (tmps, dgst, gid, 6); + dgst[7] = pack64v (tmps, dgst, gid, 7); + + out[0] = pack64v (tmps, out, gid, 0); + out[1] = pack64v (tmps, out, gid, 1); + out[2] = pack64v (tmps, out, gid, 2); + out[3] = pack64v (tmps, out, gid, 3); + out[4] = pack64v (tmps, out, gid, 4); + out[5] = pack64v (tmps, out, gid, 5); + out[6] = pack64v (tmps, out, gid, 6); + out[7] = pack64v (tmps, out, gid, 7); + + for (u32 j = 0; j < loop_cnt; j++) { - u64x dgst[8]; - u64x out[8]; + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + u32x w4[4]; + u32x w5[4]; + u32x w6[4]; + u32x w7[4]; - dgst[0] = pack64v (tmps, dgst, gid, i + 0); - dgst[1] = pack64v (tmps, dgst, gid, i + 1); - dgst[2] = pack64v (tmps, dgst, gid, i + 2); - dgst[3] = pack64v (tmps, dgst, gid, i + 3); - dgst[4] = pack64v (tmps, dgst, gid, i + 4); - dgst[5] = pack64v (tmps, dgst, gid, i + 5); - dgst[6] = pack64v (tmps, dgst, gid, i + 6); - dgst[7] = pack64v (tmps, dgst, gid, i + 7); + w0[0] = h32_from_64 (dgst[0]); + w0[1] = l32_from_64 (dgst[0]); + w0[2] = h32_from_64 (dgst[1]); + w0[3] = l32_from_64 (dgst[1]); + w1[0] = h32_from_64 (dgst[2]); + w1[1] = l32_from_64 (dgst[2]); + w1[2] = h32_from_64 (dgst[3]); + w1[3] = l32_from_64 (dgst[3]); + w2[0] = h32_from_64 (dgst[4]); + w2[1] = l32_from_64 (dgst[4]); + w2[2] = h32_from_64 (dgst[5]); + w2[3] = l32_from_64 (dgst[5]); + w3[0] = h32_from_64 (dgst[6]); + w3[1] = l32_from_64 (dgst[6]); + w3[2] = h32_from_64 (dgst[7]); + w3[3] = l32_from_64 (dgst[7]); + w4[0] = 0x80000000; + w4[1] = 0; + w4[2] = 0; + w4[3] = 0; + w5[0] = 0; + w5[1] = 0; + w5[2] = 0; + w5[3] = 0; + w6[0] = 0; + w6[1] = 0; + w6[2] = 0; + w6[3] = 0; + w7[0] = 0; + w7[1] = 0; + w7[2] = 0; + w7[3] = (128 + 64) * 8; - out[0] = pack64v (tmps, out, gid, i + 0); - out[1] = pack64v (tmps, out, gid, i + 1); - out[2] = pack64v (tmps, out, gid, i + 2); - out[3] = pack64v (tmps, out, gid, i + 3); - out[4] = pack64v (tmps, out, gid, i + 4); - out[5] = pack64v (tmps, out, gid, i + 5); - out[6] = pack64v (tmps, out, gid, i + 6); - out[7] = pack64v (tmps, out, gid, i + 7); + hmac_sha512_run_V (w0, w1, w2, w3, w4, w5, w6, w7, ipad, opad, dgst); - for (u32 j = 0; j < loop_cnt; j++) - { - u32x w0[4]; - u32x w1[4]; - u32x w2[4]; - u32x w3[4]; - u32x w4[4]; - u32x w5[4]; - u32x w6[4]; - u32x w7[4]; - - w0[0] = h32_from_64 (dgst[0]); - w0[1] = l32_from_64 (dgst[0]); - w0[2] = h32_from_64 (dgst[1]); - w0[3] = l32_from_64 (dgst[1]); - w1[0] = h32_from_64 (dgst[2]); - w1[1] = l32_from_64 (dgst[2]); - w1[2] = h32_from_64 (dgst[3]); - w1[3] = l32_from_64 (dgst[3]); - w2[0] = h32_from_64 (dgst[4]); - w2[1] = l32_from_64 (dgst[4]); - w2[2] = h32_from_64 (dgst[5]); - w2[3] = l32_from_64 (dgst[5]); - w3[0] = h32_from_64 (dgst[6]); - w3[1] = l32_from_64 (dgst[6]); - w3[2] = h32_from_64 (dgst[7]); - w3[3] = l32_from_64 (dgst[7]); - w4[0] = 0x80000000; - w4[1] = 0; - w4[2] = 0; - w4[3] = 0; - w5[0] = 0; - w5[1] = 0; - w5[2] = 0; - w5[3] = 0; - w6[0] = 0; - w6[1] = 0; - w6[2] = 0; - w6[3] = 0; - w7[0] = 0; - w7[1] = 0; - w7[2] = 0; - w7[3] = (128 + 64) * 8; - - hmac_sha512_run_V (w0, w1, w2, w3, w4, w5, w6, w7, ipad, opad, dgst); - - out[0] ^= dgst[0]; - out[1] ^= dgst[1]; - out[2] ^= dgst[2]; - out[3] ^= dgst[3]; - out[4] ^= dgst[4]; - out[5] ^= dgst[5]; - out[6] ^= dgst[6]; - out[7] ^= dgst[7]; - } - - unpack64v (tmps, dgst, gid, i + 0, dgst[0]); - unpack64v (tmps, dgst, gid, i + 1, dgst[1]); - unpack64v (tmps, dgst, gid, i + 2, dgst[2]); - unpack64v (tmps, dgst, gid, i + 3, dgst[3]); - unpack64v (tmps, dgst, gid, i + 4, dgst[4]); - unpack64v (tmps, dgst, gid, i + 5, dgst[5]); - unpack64v (tmps, dgst, gid, i + 6, dgst[6]); - unpack64v (tmps, dgst, gid, i + 7, dgst[7]); - - unpack64v (tmps, out, gid, i + 0, out[0]); - unpack64v (tmps, out, gid, i + 1, out[1]); - unpack64v (tmps, out, gid, i + 2, out[2]); - unpack64v (tmps, out, gid, i + 3, out[3]); - unpack64v (tmps, out, gid, i + 4, out[4]); - unpack64v (tmps, out, gid, i + 5, out[5]); - unpack64v (tmps, out, gid, i + 6, out[6]); - unpack64v (tmps, out, gid, i + 7, out[7]); + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + out[5] ^= dgst[5]; + out[6] ^= dgst[6]; + out[7] ^= dgst[7]; } + + unpack64v (tmps, dgst, gid, 0, dgst[0]); + unpack64v (tmps, dgst, gid, 1, dgst[1]); + unpack64v (tmps, dgst, gid, 2, dgst[2]); + unpack64v (tmps, dgst, gid, 3, dgst[3]); + unpack64v (tmps, dgst, gid, 4, dgst[4]); + unpack64v (tmps, dgst, gid, 5, dgst[5]); + unpack64v (tmps, dgst, gid, 6, dgst[6]); + unpack64v (tmps, dgst, gid, 7, dgst[7]); + + unpack64v (tmps, out, gid, 0, out[0]); + unpack64v (tmps, out, gid, 1, out[1]); + unpack64v (tmps, out, gid, 2, out[2]); + unpack64v (tmps, out, gid, 3, out[3]); + unpack64v (tmps, out, gid, 4, out[4]); + unpack64v (tmps, out, gid, 5, out[5]); + unpack64v (tmps, out, gid, 6, out[6]); + unpack64v (tmps, out, gid, 7, out[7]); } KERNEL_FQ void m06500_comp (KERN_ATTR_TMPS (sha512aix_tmp_t)) From b51273fb0bad190803fc33d1b13da12c4b92567a Mon Sep 17 00:00:00 2001 From: philsmd Date: Thu, 6 Feb 2020 20:25:14 +0100 Subject: [PATCH 207/300] Fixes #1538: Added -m 22500 = MultiBit Classic .key (MD5) --- OpenCL/m22500_a0-optimized.cl | 1220 ++++++++++++++++++++++++++++++ OpenCL/m22500_a0-pure.cl | 622 +++++++++++++++ OpenCL/m22500_a1-optimized.cl | 1339 +++++++++++++++++++++++++++++++++ OpenCL/m22500_a1-pure.cl | 632 ++++++++++++++++ OpenCL/m22500_a3-optimized.cl | 1175 +++++++++++++++++++++++++++++ OpenCL/m22500_a3-pure.cl | 650 ++++++++++++++++ docs/changes.txt | 1 + docs/readme.txt | 1 + src/modules/module_22500.c | 236 ++++++ tools/test_modules/m22500.pm | 192 +++++ 10 files changed, 6068 insertions(+) create mode 100644 OpenCL/m22500_a0-optimized.cl create mode 100644 OpenCL/m22500_a0-pure.cl create mode 100644 OpenCL/m22500_a1-optimized.cl create mode 100644 OpenCL/m22500_a1-pure.cl create mode 100644 OpenCL/m22500_a3-optimized.cl create mode 100644 OpenCL/m22500_a3-pure.cl create mode 100644 src/modules/module_22500.c create mode 100644 tools/test_modules/m22500.pm diff --git a/OpenCL/m22500_a0-optimized.cl b/OpenCL/m22500_a0-optimized.cl new file mode 100644 index 000000000..6c91fbe65 --- /dev/null +++ b/OpenCL/m22500_a0-optimized.cl @@ -0,0 +1,1220 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_rp_optimized.h" +#include "inc_rp_optimized.cl" +#include "inc_simd.cl" +#include "inc_hash_md5.cl" +#include "inc_cipher_aes.cl" +#endif + +DECLSPEC int is_valid_bitcoinj_8 (const u8 v) +{ + // .abcdefghijklmnopqrstuvwxyz + + if (v > (u8) 'z') return 0; + if (v < (u8) '.') return 0; + + if ((v > (u8) '.') && (v < (u8) 'a')) return 0; + + return 1; +} + +KERNEL_FQ void m22500_m04 (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf[2]; + + salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + u32x w0[4] = { 0 }; + u32x w1[4] = { 0 }; + u32x w2[4] = { 0 }; + u32x w3[4] = { 0 }; + + const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + + /** + * append salt + */ + + u32x s0[4]; + u32x s1[4]; + u32x s2[4]; + u32x s3[4]; + + s0[0] = salt_buf[0]; + s0[1] = salt_buf[1]; + s0[2] = 0x80; + s0[3] = 0; + s1[0] = 0; + s1[1] = 0; + s1[2] = 0; + s1[3] = 0; + s2[0] = 0; + s2[1] = 0; + s2[2] = 0; + s2[3] = 0; + s3[0] = 0; + s3[1] = 0; + s3[2] = 0; + s3[3] = 0; + + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len); + + const u32x pw_salt_len = out_len + 8; + + w0[0] |= s0[0]; + w0[1] |= s0[1]; + w0[2] |= s0[2]; + w0[3] |= s0[3]; + w1[0] |= s1[0]; + w1[1] |= s1[1]; + w1[2] |= s1[2]; + w1[3] |= s1[3]; + w2[0] |= s2[0]; + w2[1] |= s2[1]; + w2[2] |= s2[2]; + w2[3] |= s2[3]; + w3[0] |= s3[0]; + w3[1] |= s3[1]; + w3[2] = pw_salt_len * 8; + w3[3] = 0; + + /** + * key1 = md5 ($pass . $salt): + */ + + u32x a = MD5M_A; + u32x b = MD5M_B; + u32x c = MD5M_C; + u32x d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + u32x t; + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + u32 ukey[8]; + + ukey[0] = a; + ukey[1] = b; + ukey[2] = c; + ukey[3] = d; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + const u32x dgst_pw_salt_len = 16 + pw_salt_len; + + w3[3] = 0; + w3[2] = dgst_pw_salt_len * 8; + w3[1] = w2[1]; + w3[0] = w2[0]; + w2[3] = w1[3]; + w2[2] = w1[2]; + w2[1] = w1[1]; + w2[0] = w1[0]; + w1[3] = w0[3]; + w1[2] = w0[2]; + w1[1] = w0[1]; + w1[0] = w0[0]; + w0[3] = d; + w0[2] = c; + w0[1] = b; + w0[0] = a; + + a = MD5M_A; + b = MD5M_B; + c = MD5M_C; + d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + ukey[4] = a; + ukey[5] = b; + ukey[6] = c; + ukey[7] = d; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + w0[0] = a; + w0[1] = b; + w0[2] = c; + w0[3] = d; + + a = MD5M_A; + b = MD5M_B; + c = MD5M_C; + d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + u32 iv[4]; + + iv[0] = a; + iv[1] = b; + iv[2] = c; + iv[3] = d; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} + +KERNEL_FQ void m22500_m08 (KERN_ATTR_RULES ()) +{ +} + +KERNEL_FQ void m22500_m16 (KERN_ATTR_RULES ()) +{ +} + +KERNEL_FQ void m22500_s04 (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf[2]; + + salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + u32x w0[4] = { 0 }; + u32x w1[4] = { 0 }; + u32x w2[4] = { 0 }; + u32x w3[4] = { 0 }; + + const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + + /** + * append salt + */ + + u32x s0[4]; + u32x s1[4]; + u32x s2[4]; + u32x s3[4]; + + s0[0] = salt_buf[0]; + s0[1] = salt_buf[1]; + s0[2] = 0x80; + s0[3] = 0; + s1[0] = 0; + s1[1] = 0; + s1[2] = 0; + s1[3] = 0; + s2[0] = 0; + s2[1] = 0; + s2[2] = 0; + s2[3] = 0; + s3[0] = 0; + s3[1] = 0; + s3[2] = 0; + s3[3] = 0; + + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len); + + const u32x pw_salt_len = out_len + 8; + + w0[0] |= s0[0]; + w0[1] |= s0[1]; + w0[2] |= s0[2]; + w0[3] |= s0[3]; + w1[0] |= s1[0]; + w1[1] |= s1[1]; + w1[2] |= s1[2]; + w1[3] |= s1[3]; + w2[0] |= s2[0]; + w2[1] |= s2[1]; + w2[2] |= s2[2]; + w2[3] |= s2[3]; + w3[0] |= s3[0]; + w3[1] |= s3[1]; + w3[2] = pw_salt_len * 8; + w3[3] = 0; + + /** + * key1 = md5 ($pass . $salt): + */ + + u32x a = MD5M_A; + u32x b = MD5M_B; + u32x c = MD5M_C; + u32x d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + u32x t; + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + u32 ukey[8]; + + ukey[0] = a; + ukey[1] = b; + ukey[2] = c; + ukey[3] = d; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + const u32x dgst_pw_salt_len = 16 + pw_salt_len; + + w3[3] = 0; + w3[2] = dgst_pw_salt_len * 8; + w3[1] = w2[1]; + w3[0] = w2[0]; + w2[3] = w1[3]; + w2[2] = w1[2]; + w2[1] = w1[1]; + w2[0] = w1[0]; + w1[3] = w0[3]; + w1[2] = w0[2]; + w1[1] = w0[1]; + w1[0] = w0[0]; + w0[3] = d; + w0[2] = c; + w0[1] = b; + w0[0] = a; + + a = MD5M_A; + b = MD5M_B; + c = MD5M_C; + d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + ukey[4] = a; + ukey[5] = b; + ukey[6] = c; + ukey[7] = d; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + w0[0] = a; + w0[1] = b; + w0[2] = c; + w0[3] = d; + + a = MD5M_A; + b = MD5M_B; + c = MD5M_C; + d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + u32 iv[4]; + + iv[0] = a; + iv[1] = b; + iv[2] = c; + iv[3] = d; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} + +KERNEL_FQ void m22500_s08 (KERN_ATTR_RULES ()) +{ +} + +KERNEL_FQ void m22500_s16 (KERN_ATTR_RULES ()) +{ +} diff --git a/OpenCL/m22500_a0-pure.cl b/OpenCL/m22500_a0-pure.cl new file mode 100644 index 000000000..f52f646d8 --- /dev/null +++ b/OpenCL/m22500_a0-pure.cl @@ -0,0 +1,622 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_rp.h" +#include "inc_rp.cl" +#include "inc_scalar.cl" +#include "inc_hash_md5.cl" +#include "inc_cipher_aes.cl" +#endif + +DECLSPEC int is_valid_bitcoinj_8 (const u8 v) +{ + // .abcdefghijklmnopqrstuvwxyz + + if (v > (u8) 'z') return 0; + if (v < (u8) '.') return 0; + + if ((v > (u8) '.') && (v < (u8) 'a')) return 0; + + return 1; +} + +KERNEL_FQ void m22500_mxx (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + COPY_PW (pws[gid]); + + /** + * salt + */ + + u32 s[64] = { 0 }; + + s[0] = salt_bufs[salt_pos].salt_buf[0]; + s[1] = salt_bufs[salt_pos].salt_buf[1]; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + pw_t tmp = PASTE_PW; + + tmp.pw_len = apply_rules (rules_buf[il_pos].cmds, tmp.i, tmp.pw_len); + + /** + * key1 = md5 ($pass . $salt): + */ + + md5_ctx_t ctx; + + md5_init (&ctx); + md5_update (&ctx, tmp.i, tmp.pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 ukey[8]; + + ukey[0] = ctx.h[0]; + ukey[1] = ctx.h[1]; + ukey[2] = ctx.h[2]; + ukey[3] = ctx.h[3]; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + u32 w[16] = { 0 }; // we need 64-bit alignment for md5_update () + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, w, 16); + md5_update (&ctx, tmp.i, tmp.pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + ukey[4] = ctx.h[0]; + ukey[5] = ctx.h[1]; + ukey[6] = ctx.h[2]; + ukey[7] = ctx.h[3]; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, w, 16); + md5_update (&ctx, tmp.i, tmp.pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 iv[4]; + + iv[0] = ctx.h[0]; + iv[1] = ctx.h[1]; + iv[2] = ctx.h[2]; + iv[3] = ctx.h[3]; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} + +KERNEL_FQ void m22500_sxx (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + COPY_PW (pws[gid]); + + /** + * salt + */ + + u32 s[64] = { 0 }; + + s[0] = salt_bufs[salt_pos].salt_buf[0]; + s[1] = salt_bufs[salt_pos].salt_buf[1]; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + pw_t tmp = PASTE_PW; + + tmp.pw_len = apply_rules (rules_buf[il_pos].cmds, tmp.i, tmp.pw_len); + + /** + * key1 = md5 ($pass . $salt): + */ + + md5_ctx_t ctx; + + md5_init (&ctx); + md5_update (&ctx, tmp.i, tmp.pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 ukey[8]; + + ukey[0] = ctx.h[0]; + ukey[1] = ctx.h[1]; + ukey[2] = ctx.h[2]; + ukey[3] = ctx.h[3]; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + u32 w[16] = { 0 }; // we need 64-bit alignment for md5_update () + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, w, 16); + md5_update (&ctx, tmp.i, tmp.pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + ukey[4] = ctx.h[0]; + ukey[5] = ctx.h[1]; + ukey[6] = ctx.h[2]; + ukey[7] = ctx.h[3]; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, w, 16); + md5_update (&ctx, tmp.i, tmp.pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 iv[4]; + + iv[0] = ctx.h[0]; + iv[1] = ctx.h[1]; + iv[2] = ctx.h[2]; + iv[3] = ctx.h[3]; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} diff --git a/OpenCL/m22500_a1-optimized.cl b/OpenCL/m22500_a1-optimized.cl new file mode 100644 index 000000000..9637b7b86 --- /dev/null +++ b/OpenCL/m22500_a1-optimized.cl @@ -0,0 +1,1339 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_scalar.cl" +#include "inc_simd.cl" +#include "inc_hash_md5.cl" +#include "inc_cipher_aes.cl" +#endif + +DECLSPEC int is_valid_bitcoinj_8 (const u8 v) +{ + // .abcdefghijklmnopqrstuvwxyz + + if (v > (u8) 'z') return 0; + if (v < (u8) '.') return 0; + + if ((v > (u8) '.') && (v < (u8) 'a')) return 0; + + return 1; +} + +KERNEL_FQ void m22500_m04 (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_l_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf[2]; + + salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos) & 63; + + const u32x pw_len = (pw_l_len + pw_r_len) & 63; + + /** + * concat password candidate + */ + + u32x wordl0[4] = { 0 }; + u32x wordl1[4] = { 0 }; + u32x wordl2[4] = { 0 }; + u32x wordl3[4] = { 0 }; + + wordl0[0] = pw_buf0[0]; + wordl0[1] = pw_buf0[1]; + wordl0[2] = pw_buf0[2]; + wordl0[3] = pw_buf0[3]; + wordl1[0] = pw_buf1[0]; + wordl1[1] = pw_buf1[1]; + wordl1[2] = pw_buf1[2]; + wordl1[3] = pw_buf1[3]; + + u32x wordr0[4] = { 0 }; + u32x wordr1[4] = { 0 }; + u32x wordr2[4] = { 0 }; + u32x wordr3[4] = { 0 }; + + wordr0[0] = ix_create_combt (combs_buf, il_pos, 0); + wordr0[1] = ix_create_combt (combs_buf, il_pos, 1); + wordr0[2] = ix_create_combt (combs_buf, il_pos, 2); + wordr0[3] = ix_create_combt (combs_buf, il_pos, 3); + wordr1[0] = ix_create_combt (combs_buf, il_pos, 4); + wordr1[1] = ix_create_combt (combs_buf, il_pos, 5); + wordr1[2] = ix_create_combt (combs_buf, il_pos, 6); + wordr1[3] = ix_create_combt (combs_buf, il_pos, 7); + + if (combs_mode == COMBINATOR_MODE_BASE_LEFT) + { + switch_buffer_by_offset_le_VV (wordr0, wordr1, wordr2, wordr3, pw_l_len); + } + else + { + switch_buffer_by_offset_le_VV (wordl0, wordl1, wordl2, wordl3, pw_r_len); + } + + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = wordl0[0] | wordr0[0]; + w0[1] = wordl0[1] | wordr0[1]; + w0[2] = wordl0[2] | wordr0[2]; + w0[3] = wordl0[3] | wordr0[3]; + w1[0] = wordl1[0] | wordr1[0]; + w1[1] = wordl1[1] | wordr1[1]; + w1[2] = wordl1[2] | wordr1[2]; + w1[3] = wordl1[3] | wordr1[3]; + w2[0] = wordl2[0] | wordr2[0]; + w2[1] = wordl2[1] | wordr2[1]; + w2[2] = wordl2[2] | wordr2[2]; + w2[3] = wordl2[3] | wordr2[3]; + w3[0] = wordl3[0] | wordr3[0]; + w3[1] = wordl3[1] | wordr3[1]; + w3[2] = wordl3[2] | wordr3[2]; + w3[3] = wordl3[3] | wordr3[3]; + + /** + * append salt + */ + + u32x s0[4]; + u32x s1[4]; + u32x s2[4]; + u32x s3[4]; + + s0[0] = salt_buf[0]; + s0[1] = salt_buf[1]; + s0[2] = 0x80; + s0[3] = 0; + s1[0] = 0; + s1[1] = 0; + s1[2] = 0; + s1[3] = 0; + s2[0] = 0; + s2[1] = 0; + s2[2] = 0; + s2[3] = 0; + s3[0] = 0; + s3[1] = 0; + s3[2] = 0; + s3[3] = 0; + + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len); + + const u32x pw_salt_len = pw_len + 8; + + w0[0] |= s0[0]; + w0[1] |= s0[1]; + w0[2] |= s0[2]; + w0[3] |= s0[3]; + w1[0] |= s1[0]; + w1[1] |= s1[1]; + w1[2] |= s1[2]; + w1[3] |= s1[3]; + w2[0] |= s2[0]; + w2[1] |= s2[1]; + w2[2] |= s2[2]; + w2[3] |= s2[3]; + w3[0] |= s3[0]; + w3[1] |= s3[1]; + w3[2] = pw_salt_len * 8; + w3[3] = 0; + + /** + * key1 = md5 ($pass . $salt): + */ + + u32x a = MD5M_A; + u32x b = MD5M_B; + u32x c = MD5M_C; + u32x d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + u32x t; + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + u32 ukey[8]; + + ukey[0] = a; + ukey[1] = b; + ukey[2] = c; + ukey[3] = d; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + const u32x dgst_pw_salt_len = 16 + pw_salt_len; + + w3[3] = 0; + w3[2] = dgst_pw_salt_len * 8; + w3[1] = w2[1]; + w3[0] = w2[0]; + w2[3] = w1[3]; + w2[2] = w1[2]; + w2[1] = w1[1]; + w2[0] = w1[0]; + w1[3] = w0[3]; + w1[2] = w0[2]; + w1[1] = w0[1]; + w1[0] = w0[0]; + w0[3] = d; + w0[2] = c; + w0[1] = b; + w0[0] = a; + + a = MD5M_A; + b = MD5M_B; + c = MD5M_C; + d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + ukey[4] = a; + ukey[5] = b; + ukey[6] = c; + ukey[7] = d; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + w0[0] = a; + w0[1] = b; + w0[2] = c; + w0[3] = d; + + a = MD5M_A; + b = MD5M_B; + c = MD5M_C; + d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + u32 iv[4]; + + iv[0] = a; + iv[1] = b; + iv[2] = c; + iv[3] = d; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} + +KERNEL_FQ void m22500_m08 (KERN_ATTR_BASIC ()) +{ +} + +KERNEL_FQ void m22500_m16 (KERN_ATTR_BASIC ()) +{ +} + +KERNEL_FQ void m22500_s04 (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + u32 pw_buf0[4]; + u32 pw_buf1[4]; + + pw_buf0[0] = pws[gid].i[0]; + pw_buf0[1] = pws[gid].i[1]; + pw_buf0[2] = pws[gid].i[2]; + pw_buf0[3] = pws[gid].i[3]; + pw_buf1[0] = pws[gid].i[4]; + pw_buf1[1] = pws[gid].i[5]; + pw_buf1[2] = pws[gid].i[6]; + pw_buf1[3] = pws[gid].i[7]; + + const u32 pw_l_len = pws[gid].pw_len & 63; + + /** + * salt + */ + + u32 salt_buf[2]; + + salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos) & 63; + + const u32x pw_len = (pw_l_len + pw_r_len) & 63; + + /** + * concat password candidate + */ + + u32x wordl0[4] = { 0 }; + u32x wordl1[4] = { 0 }; + u32x wordl2[4] = { 0 }; + u32x wordl3[4] = { 0 }; + + wordl0[0] = pw_buf0[0]; + wordl0[1] = pw_buf0[1]; + wordl0[2] = pw_buf0[2]; + wordl0[3] = pw_buf0[3]; + wordl1[0] = pw_buf1[0]; + wordl1[1] = pw_buf1[1]; + wordl1[2] = pw_buf1[2]; + wordl1[3] = pw_buf1[3]; + + u32x wordr0[4] = { 0 }; + u32x wordr1[4] = { 0 }; + u32x wordr2[4] = { 0 }; + u32x wordr3[4] = { 0 }; + + wordr0[0] = ix_create_combt (combs_buf, il_pos, 0); + wordr0[1] = ix_create_combt (combs_buf, il_pos, 1); + wordr0[2] = ix_create_combt (combs_buf, il_pos, 2); + wordr0[3] = ix_create_combt (combs_buf, il_pos, 3); + wordr1[0] = ix_create_combt (combs_buf, il_pos, 4); + wordr1[1] = ix_create_combt (combs_buf, il_pos, 5); + wordr1[2] = ix_create_combt (combs_buf, il_pos, 6); + wordr1[3] = ix_create_combt (combs_buf, il_pos, 7); + + if (combs_mode == COMBINATOR_MODE_BASE_LEFT) + { + switch_buffer_by_offset_le_VV (wordr0, wordr1, wordr2, wordr3, pw_l_len); + } + else + { + switch_buffer_by_offset_le_VV (wordl0, wordl1, wordl2, wordl3, pw_r_len); + } + + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = wordl0[0] | wordr0[0]; + w0[1] = wordl0[1] | wordr0[1]; + w0[2] = wordl0[2] | wordr0[2]; + w0[3] = wordl0[3] | wordr0[3]; + w1[0] = wordl1[0] | wordr1[0]; + w1[1] = wordl1[1] | wordr1[1]; + w1[2] = wordl1[2] | wordr1[2]; + w1[3] = wordl1[3] | wordr1[3]; + w2[0] = wordl2[0] | wordr2[0]; + w2[1] = wordl2[1] | wordr2[1]; + w2[2] = wordl2[2] | wordr2[2]; + w2[3] = wordl2[3] | wordr2[3]; + w3[0] = wordl3[0] | wordr3[0]; + w3[1] = wordl3[1] | wordr3[1]; + w3[2] = wordl3[2] | wordr3[2]; + w3[3] = wordl3[3] | wordr3[3]; + + /** + * append salt + */ + + u32x s0[4]; + u32x s1[4]; + u32x s2[4]; + u32x s3[4]; + + s0[0] = salt_buf[0]; + s0[1] = salt_buf[1]; + s0[2] = 0x80; + s0[3] = 0; + s1[0] = 0; + s1[1] = 0; + s1[2] = 0; + s1[3] = 0; + s2[0] = 0; + s2[1] = 0; + s2[2] = 0; + s2[3] = 0; + s3[0] = 0; + s3[1] = 0; + s3[2] = 0; + s3[3] = 0; + + switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len); + + const u32x pw_salt_len = pw_len + 8; + + w0[0] |= s0[0]; + w0[1] |= s0[1]; + w0[2] |= s0[2]; + w0[3] |= s0[3]; + w1[0] |= s1[0]; + w1[1] |= s1[1]; + w1[2] |= s1[2]; + w1[3] |= s1[3]; + w2[0] |= s2[0]; + w2[1] |= s2[1]; + w2[2] |= s2[2]; + w2[3] |= s2[3]; + w3[0] |= s3[0]; + w3[1] |= s3[1]; + w3[2] = pw_salt_len * 8; + w3[3] = 0; + + /** + * key1 = md5 ($pass . $salt): + */ + + u32x a = MD5M_A; + u32x b = MD5M_B; + u32x c = MD5M_C; + u32x d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + u32x t; + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + u32 ukey[8]; + + ukey[0] = a; + ukey[1] = b; + ukey[2] = c; + ukey[3] = d; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + const u32x dgst_pw_salt_len = 16 + pw_salt_len; + + w3[3] = 0; + w3[2] = dgst_pw_salt_len * 8; + w3[1] = w2[1]; + w3[0] = w2[0]; + w2[3] = w1[3]; + w2[2] = w1[2]; + w2[1] = w1[1]; + w2[0] = w1[0]; + w1[3] = w0[3]; + w1[2] = w0[2]; + w1[1] = w0[1]; + w1[0] = w0[0]; + w0[3] = d; + w0[2] = c; + w0[1] = b; + w0[0] = a; + + a = MD5M_A; + b = MD5M_B; + c = MD5M_C; + d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + ukey[4] = a; + ukey[5] = b; + ukey[6] = c; + ukey[7] = d; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + w0[0] = a; + w0[1] = b; + w0[2] = c; + w0[3] = d; + + a = MD5M_A; + b = MD5M_B; + c = MD5M_C; + d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + u32 iv[4]; + + iv[0] = a; + iv[1] = b; + iv[2] = c; + iv[3] = d; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} + +KERNEL_FQ void m22500_s08 (KERN_ATTR_BASIC ()) +{ +} + +KERNEL_FQ void m22500_s16 (KERN_ATTR_BASIC ()) +{ +} diff --git a/OpenCL/m22500_a1-pure.cl b/OpenCL/m22500_a1-pure.cl new file mode 100644 index 000000000..4f9bc963f --- /dev/null +++ b/OpenCL/m22500_a1-pure.cl @@ -0,0 +1,632 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_scalar.cl" +#include "inc_hash_md5.cl" +#include "inc_cipher_aes.cl" +#endif + +DECLSPEC int is_valid_bitcoinj_8 (const u8 v) +{ + // .abcdefghijklmnopqrstuvwxyz + + if (v > (u8) 'z') return 0; + if (v < (u8) '.') return 0; + + if ((v > (u8) '.') && (v < (u8) 'a')) return 0; + + return 1; +} + +KERNEL_FQ void m22500_mxx (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * salt + */ + + u32 s[64] = { 0 }; + + s[0] = salt_bufs[salt_pos].salt_buf[0]; + s[1] = salt_bufs[salt_pos].salt_buf[1]; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + md5_ctx_t ctx0; + + md5_init (&ctx0); + + md5_update_global (&ctx0, pws[gid].i, pws[gid].pw_len); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + /** + * key1 = md5 ($pass . $salt): + */ + + md5_ctx_t ctx = ctx0; + + md5_update_global (&ctx, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 ukey[8]; + + ukey[0] = ctx.h[0]; + ukey[1] = ctx.h[1]; + ukey[2] = ctx.h[2]; + ukey[3] = ctx.h[3]; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + u32 w[16] = { 0 }; // we need 64-bit alignment for md5_update () + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, w, 16); + + md5_update_global (&ctx, pws[gid].i, pws[gid].pw_len); + md5_update_global (&ctx, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + + md5_update (&ctx, s, 8); + md5_final (&ctx); + + ukey[4] = ctx.h[0]; + ukey[5] = ctx.h[1]; + ukey[6] = ctx.h[2]; + ukey[7] = ctx.h[3]; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, w, 16); + + md5_update_global (&ctx, pws[gid].i, pws[gid].pw_len); + md5_update_global (&ctx, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 iv[4]; + + iv[0] = ctx.h[0]; + iv[1] = ctx.h[1]; + iv[2] = ctx.h[2]; + iv[3] = ctx.h[3]; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} + +KERNEL_FQ void m22500_sxx (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * salt + */ + + u32 s[64] = { 0 }; + + s[0] = salt_bufs[salt_pos].salt_buf[0]; + s[1] = salt_bufs[salt_pos].salt_buf[1]; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + md5_ctx_t ctx0; + + md5_init (&ctx0); + + md5_update_global (&ctx0, pws[gid].i, pws[gid].pw_len); + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos++) + { + /** + * key1 = md5 ($pass . $salt): + */ + + md5_ctx_t ctx = ctx0; + + md5_update_global (&ctx, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 ukey[8]; + + ukey[0] = ctx.h[0]; + ukey[1] = ctx.h[1]; + ukey[2] = ctx.h[2]; + ukey[3] = ctx.h[3]; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + u32 w[16] = { 0 }; // we need 64-bit alignment for md5_update () + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, w, 16); + + md5_update_global (&ctx, pws[gid].i, pws[gid].pw_len); + md5_update_global (&ctx, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + + md5_update (&ctx, s, 8); + md5_final (&ctx); + + ukey[4] = ctx.h[0]; + ukey[5] = ctx.h[1]; + ukey[6] = ctx.h[2]; + ukey[7] = ctx.h[3]; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + w[0] = ctx.h[0]; + w[1] = ctx.h[1]; + w[2] = ctx.h[2]; + w[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, w, 16); + + md5_update_global (&ctx, pws[gid].i, pws[gid].pw_len); + md5_update_global (&ctx, combs_buf[il_pos].i, combs_buf[il_pos].pw_len); + + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 iv[4]; + + iv[0] = ctx.h[0]; + iv[1] = ctx.h[1]; + iv[2] = ctx.h[2]; + iv[3] = ctx.h[3]; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} diff --git a/OpenCL/m22500_a3-optimized.cl b/OpenCL/m22500_a3-optimized.cl new file mode 100644 index 000000000..cf37c4288 --- /dev/null +++ b/OpenCL/m22500_a3-optimized.cl @@ -0,0 +1,1175 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_md5.cl" +#include "inc_cipher_aes.cl" +#endif + +DECLSPEC int is_valid_bitcoinj_8 (const u8 v) +{ + // .abcdefghijklmnopqrstuvwxyz + + if (v > (u8) 'z') return 0; + if (v < (u8) '.') return 0; + + if ((v > (u8) '.') && (v < (u8) 'a')) return 0; + + return 1; +} + +DECLSPEC void m22500 (SHM_TYPE u32a *s_te0, SHM_TYPE u32a *s_te1, SHM_TYPE u32a *s_te2, SHM_TYPE u32a *s_te3, SHM_TYPE u32a *s_te4, SHM_TYPE u32a *s_td0, SHM_TYPE u32a *s_td1, SHM_TYPE u32a *s_td2, SHM_TYPE u32a *s_td3, SHM_TYPE u32a *s_td4, u32 *w, const u32 pw_len, KERN_ATTR_VECTOR ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + /** + * salt + */ + + u32 salt_buf0[4]; + + salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; + salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; + salt_buf0[2] = 0x80; + salt_buf0[3] = 0; + + u32 salt_buf1[4] = { 0 }; + u32 salt_buf2[4] = { 0 }; + u32 salt_buf3[4] = { 0 }; + + const u32 pw_salt_len = pw_len + 8; + + switch_buffer_by_offset_le_S (salt_buf0, salt_buf1, salt_buf2, salt_buf3, pw_len); + + w[ 0] |= salt_buf0[0]; + w[ 1] |= salt_buf0[1]; + w[ 2] |= salt_buf0[2]; + w[ 3] |= salt_buf0[3]; + w[ 4] |= salt_buf1[0]; + w[ 5] |= salt_buf1[1]; + w[ 6] |= salt_buf1[2]; + w[ 7] |= salt_buf1[3]; + w[ 8] |= salt_buf2[0]; + w[ 9] |= salt_buf2[1]; + w[10] |= salt_buf2[2]; + w[11] |= salt_buf2[3]; + w[12] |= salt_buf3[0]; + w[13] |= salt_buf3[1]; + w[14] = pw_salt_len * 8; + w[15] = 0; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + /** + * base + */ + + const u32 F_w0c00 = 0u + MD5C00; + const u32 F_w1c01 = w[ 1] + MD5C01; + const u32 F_w2c02 = w[ 2] + MD5C02; + const u32 F_w3c03 = w[ 3] + MD5C03; + const u32 F_w4c04 = w[ 4] + MD5C04; + const u32 F_w5c05 = w[ 5] + MD5C05; + const u32 F_w6c06 = w[ 6] + MD5C06; + const u32 F_w7c07 = w[ 7] + MD5C07; + const u32 F_w8c08 = w[ 8] + MD5C08; + const u32 F_w9c09 = w[ 9] + MD5C09; + const u32 F_wac0a = w[10] + MD5C0a; + const u32 F_wbc0b = w[11] + MD5C0b; + const u32 F_wcc0c = w[12] + MD5C0c; + const u32 F_wdc0d = w[13] + MD5C0d; + const u32 F_wec0e = w[14] + MD5C0e; + const u32 F_wfc0f = w[15] + MD5C0f; + + const u32 G_w1c10 = w[ 1] + MD5C10; + const u32 G_w6c11 = w[ 6] + MD5C11; + const u32 G_wbc12 = w[11] + MD5C12; + const u32 G_w0c13 = 0u + MD5C13; + const u32 G_w5c14 = w[ 5] + MD5C14; + const u32 G_wac15 = w[10] + MD5C15; + const u32 G_wfc16 = w[15] + MD5C16; + const u32 G_w4c17 = w[ 4] + MD5C17; + const u32 G_w9c18 = w[ 9] + MD5C18; + const u32 G_wec19 = w[14] + MD5C19; + const u32 G_w3c1a = w[ 3] + MD5C1a; + const u32 G_w8c1b = w[ 8] + MD5C1b; + const u32 G_wdc1c = w[13] + MD5C1c; + const u32 G_w2c1d = w[ 2] + MD5C1d; + const u32 G_w7c1e = w[ 7] + MD5C1e; + const u32 G_wcc1f = w[12] + MD5C1f; + + const u32 H_w5c20 = w[ 5] + MD5C20; + const u32 H_w8c21 = w[ 8] + MD5C21; + const u32 H_wbc22 = w[11] + MD5C22; + const u32 H_wec23 = w[14] + MD5C23; + const u32 H_w1c24 = w[ 1] + MD5C24; + const u32 H_w4c25 = w[ 4] + MD5C25; + const u32 H_w7c26 = w[ 7] + MD5C26; + const u32 H_wac27 = w[10] + MD5C27; + const u32 H_wdc28 = w[13] + MD5C28; + const u32 H_w0c29 = 0u + MD5C29; + const u32 H_w3c2a = w[ 3] + MD5C2a; + const u32 H_w6c2b = w[ 6] + MD5C2b; + const u32 H_w9c2c = w[ 9] + MD5C2c; + const u32 H_wcc2d = w[12] + MD5C2d; + const u32 H_wfc2e = w[15] + MD5C2e; + const u32 H_w2c2f = w[ 2] + MD5C2f; + + const u32 I_w0c30 = 0u + MD5C30; + const u32 I_w7c31 = w[ 7] + MD5C31; + const u32 I_wec32 = w[14] + MD5C32; + const u32 I_w5c33 = w[ 5] + MD5C33; + const u32 I_wcc34 = w[12] + MD5C34; + const u32 I_w3c35 = w[ 3] + MD5C35; + const u32 I_wac36 = w[10] + MD5C36; + const u32 I_w1c37 = w[ 1] + MD5C37; + const u32 I_w8c38 = w[ 8] + MD5C38; + const u32 I_wfc39 = w[15] + MD5C39; + const u32 I_w6c3a = w[ 6] + MD5C3a; + const u32 I_wdc3b = w[13] + MD5C3b; + const u32 I_w4c3c = w[ 4] + MD5C3c; + const u32 I_wbc3d = w[11] + MD5C3d; + const u32 I_w2c3e = w[ 2] + MD5C3e; + const u32 I_w9c3f = w[ 9] + MD5C3f; + + /** + * loop + */ + + u32 w0l = w[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32x w0 = w0l | w0r; + + /** + * key1 = md5 ($pass . $salt): + */ + + u32x a = MD5M_A; + u32x b = MD5M_B; + u32x c = MD5M_C; + u32x d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0, F_w0c00, MD5S00); + MD5_STEP0(MD5_Fo, d, a, b, c, F_w1c01, MD5S01); + MD5_STEP0(MD5_Fo, c, d, a, b, F_w2c02, MD5S02); + MD5_STEP0(MD5_Fo, b, c, d, a, F_w3c03, MD5S03); + MD5_STEP0(MD5_Fo, a, b, c, d, F_w4c04, MD5S00); + MD5_STEP0(MD5_Fo, d, a, b, c, F_w5c05, MD5S01); + MD5_STEP0(MD5_Fo, c, d, a, b, F_w6c06, MD5S02); + MD5_STEP0(MD5_Fo, b, c, d, a, F_w7c07, MD5S03); + MD5_STEP0(MD5_Fo, a, b, c, d, F_w8c08, MD5S00); + MD5_STEP0(MD5_Fo, d, a, b, c, F_w9c09, MD5S01); + MD5_STEP0(MD5_Fo, c, d, a, b, F_wac0a, MD5S02); + MD5_STEP0(MD5_Fo, b, c, d, a, F_wbc0b, MD5S03); + MD5_STEP0(MD5_Fo, a, b, c, d, F_wcc0c, MD5S00); + MD5_STEP0(MD5_Fo, d, a, b, c, F_wdc0d, MD5S01); + MD5_STEP0(MD5_Fo, c, d, a, b, F_wec0e, MD5S02); + MD5_STEP0(MD5_Fo, b, c, d, a, F_wfc0f, MD5S03); + + MD5_STEP0(MD5_Go, a, b, c, d, G_w1c10, MD5S10); + MD5_STEP0(MD5_Go, d, a, b, c, G_w6c11, MD5S11); + MD5_STEP0(MD5_Go, c, d, a, b, G_wbc12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0, G_w0c13, MD5S13); + MD5_STEP0(MD5_Go, a, b, c, d, G_w5c14, MD5S10); + MD5_STEP0(MD5_Go, d, a, b, c, G_wac15, MD5S11); + MD5_STEP0(MD5_Go, c, d, a, b, G_wfc16, MD5S12); + MD5_STEP0(MD5_Go, b, c, d, a, G_w4c17, MD5S13); + MD5_STEP0(MD5_Go, a, b, c, d, G_w9c18, MD5S10); + MD5_STEP0(MD5_Go, d, a, b, c, G_wec19, MD5S11); + MD5_STEP0(MD5_Go, c, d, a, b, G_w3c1a, MD5S12); + MD5_STEP0(MD5_Go, b, c, d, a, G_w8c1b, MD5S13); + MD5_STEP0(MD5_Go, a, b, c, d, G_wdc1c, MD5S10); + MD5_STEP0(MD5_Go, d, a, b, c, G_w2c1d, MD5S11); + MD5_STEP0(MD5_Go, c, d, a, b, G_w7c1e, MD5S12); + MD5_STEP0(MD5_Go, b, c, d, a, G_wcc1f, MD5S13); + + u32x t; + + MD5_STEP0(MD5_H1, a, b, c, d, H_w5c20, MD5S20); + MD5_STEP0(MD5_H2, d, a, b, c, H_w8c21, MD5S21); + MD5_STEP0(MD5_H1, c, d, a, b, H_wbc22, MD5S22); + MD5_STEP0(MD5_H2, b, c, d, a, H_wec23, MD5S23); + MD5_STEP0(MD5_H1, a, b, c, d, H_w1c24, MD5S20); + MD5_STEP0(MD5_H2, d, a, b, c, H_w4c25, MD5S21); + MD5_STEP0(MD5_H1, c, d, a, b, H_w7c26, MD5S22); + MD5_STEP0(MD5_H2, b, c, d, a, H_wac27, MD5S23); + MD5_STEP0(MD5_H1, a, b, c, d, H_wdc28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0, H_w0c29, MD5S21); + MD5_STEP0(MD5_H1, c, d, a, b, H_w3c2a, MD5S22); + MD5_STEP0(MD5_H2, b, c, d, a, H_w6c2b, MD5S23); + MD5_STEP0(MD5_H1, a, b, c, d, H_w9c2c, MD5S20); + MD5_STEP0(MD5_H2, d, a, b, c, H_wcc2d, MD5S21); + MD5_STEP0(MD5_H1, c, d, a, b, H_wfc2e, MD5S22); + MD5_STEP0(MD5_H2, b, c, d, a, H_w2c2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0, I_w0c30, MD5S30); + MD5_STEP0(MD5_I , d, a, b, c, I_w7c31, MD5S31); + MD5_STEP0(MD5_I , c, d, a, b, I_wec32, MD5S32); + MD5_STEP0(MD5_I , b, c, d, a, I_w5c33, MD5S33); + MD5_STEP0(MD5_I , a, b, c, d, I_wcc34, MD5S30); + MD5_STEP0(MD5_I , d, a, b, c, I_w3c35, MD5S31); + MD5_STEP0(MD5_I , c, d, a, b, I_wac36, MD5S32); + MD5_STEP0(MD5_I , b, c, d, a, I_w1c37, MD5S33); + MD5_STEP0(MD5_I , a, b, c, d, I_w8c38, MD5S30); + MD5_STEP0(MD5_I , d, a, b, c, I_wfc39, MD5S31); + MD5_STEP0(MD5_I , c, d, a, b, I_w6c3a, MD5S32); + MD5_STEP0(MD5_I , b, c, d, a, I_wdc3b, MD5S33); + MD5_STEP0(MD5_I , a, b, c, d, I_w4c3c, MD5S30); + MD5_STEP0(MD5_I , d, a, b, c, I_wbc3d, MD5S31); + MD5_STEP0(MD5_I , c, d, a, b, I_w2c3e, MD5S32); + MD5_STEP0(MD5_I , b, c, d, a, I_w9c3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + u32 ukey[8]; + + ukey[0] = a; + ukey[1] = b; + ukey[2] = c; + ukey[3] = d; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + const u32x dgst_pw_salt_len = 16 + pw_salt_len; + + u32x w0_t[4]; + u32x w1_t[4]; + u32x w2_t[4]; + u32x w3_t[4]; + + w0_t[0] = a; + w0_t[1] = b; + w0_t[2] = c; + w0_t[3] = d; + + w1_t[0] = w0; + w1_t[1] = w[1]; + w1_t[2] = w[2]; + w1_t[3] = w[3]; + + w2_t[0] = w[4]; + w2_t[1] = w[5]; + w2_t[2] = w[6]; + w2_t[3] = w[7]; + + w3_t[0] = w[8]; + w3_t[1] = w[9]; + w3_t[2] = dgst_pw_salt_len * 8; + w3_t[3] = 0; + + a = MD5M_A; + b = MD5M_B; + c = MD5M_C; + d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0_t[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0_t[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0_t[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0_t[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1_t[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1_t[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1_t[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1_t[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2_t[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2_t[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2_t[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2_t[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3_t[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3_t[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3_t[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3_t[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0_t[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1_t[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2_t[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0_t[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1_t[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2_t[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3_t[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1_t[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2_t[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3_t[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0_t[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2_t[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3_t[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0_t[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1_t[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3_t[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H1, a, b, c, d, w1_t[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2_t[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2_t[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3_t[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0_t[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1_t[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1_t[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2_t[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3_t[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0_t[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0_t[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1_t[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2_t[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3_t[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3_t[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0_t[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0_t[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1_t[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3_t[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1_t[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3_t[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0_t[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2_t[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0_t[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2_t[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3_t[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1_t[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3_t[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1_t[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2_t[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0_t[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2_t[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + ukey[4] = a; + ukey[5] = b; + ukey[6] = c; + ukey[7] = d; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + w0_t[0] = a; + w0_t[1] = b; + w0_t[2] = c; + w0_t[3] = d; + + a = MD5M_A; + b = MD5M_B; + c = MD5M_C; + d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0_t[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0_t[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0_t[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0_t[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1_t[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1_t[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1_t[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1_t[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2_t[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2_t[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2_t[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2_t[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3_t[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3_t[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3_t[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3_t[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0_t[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1_t[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2_t[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0_t[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1_t[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2_t[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3_t[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1_t[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2_t[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3_t[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0_t[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2_t[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3_t[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0_t[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1_t[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3_t[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H1, a, b, c, d, w1_t[1], MD5C20, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w2_t[0], MD5C21, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w2_t[3], MD5C22, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w3_t[2], MD5C23, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w0_t[1], MD5C24, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w1_t[0], MD5C25, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w1_t[3], MD5C26, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w2_t[2], MD5C27, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w3_t[1], MD5C28, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w0_t[0], MD5C29, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w0_t[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w1_t[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H1, a, b, c, d, w2_t[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H2, d, a, b, c, w3_t[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H1, c, d, a, b, w3_t[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H2, b, c, d, a, w0_t[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0_t[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1_t[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3_t[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1_t[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3_t[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0_t[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2_t[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0_t[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2_t[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3_t[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1_t[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3_t[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1_t[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2_t[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0_t[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2_t[1], MD5C3f, MD5S33); + + a += MD5M_A; + b += MD5M_B; + c += MD5M_C; + d += MD5M_D; + + u32 iv[4]; + + iv[0] = a; + iv[1] = b; + iv[2] = c; + iv[3] = d; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} + +KERNEL_FQ void m22500_m04 (KERN_ATTR_VECTOR ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * base + */ + + u32 w[16]; + + w[ 0] = pws[gid].i[ 0]; + w[ 1] = pws[gid].i[ 1]; + w[ 2] = pws[gid].i[ 2]; + w[ 3] = pws[gid].i[ 3]; + w[ 4] = 0; + w[ 5] = 0; + w[ 6] = 0; + w[ 7] = 0; + w[ 8] = 0; + w[ 9] = 0; + w[10] = 0; + w[11] = 0; + w[12] = 0; + w[13] = 0; + w[14] = 0; + w[15] = pws[gid].i[15]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22500 (s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4, w, pw_len, pws, rules_buf, combs_buf, words_buf_r, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22500_m08 (KERN_ATTR_VECTOR ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * base + */ + + u32 w[16]; + + w[ 0] = pws[gid].i[ 0]; + w[ 1] = pws[gid].i[ 1]; + w[ 2] = pws[gid].i[ 2]; + w[ 3] = pws[gid].i[ 3]; + w[ 4] = pws[gid].i[ 4]; + w[ 5] = pws[gid].i[ 5]; + w[ 6] = pws[gid].i[ 6]; + w[ 7] = pws[gid].i[ 7]; + w[ 8] = 0; + w[ 9] = 0; + w[10] = 0; + w[11] = 0; + w[12] = 0; + w[13] = 0; + w[14] = 0; + w[15] = pws[gid].i[15]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22500 (s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4, w, pw_len, pws, rules_buf, combs_buf, words_buf_r, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22500_m16 (KERN_ATTR_VECTOR ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * base + */ + + u32 w[16]; + + w[ 0] = pws[gid].i[ 0]; + w[ 1] = pws[gid].i[ 1]; + w[ 2] = pws[gid].i[ 2]; + w[ 3] = pws[gid].i[ 3]; + w[ 4] = pws[gid].i[ 4]; + w[ 5] = pws[gid].i[ 5]; + w[ 6] = pws[gid].i[ 6]; + w[ 7] = pws[gid].i[ 7]; + w[ 8] = pws[gid].i[ 8]; + w[ 9] = pws[gid].i[ 9]; + w[10] = pws[gid].i[10]; + w[11] = pws[gid].i[11]; + w[12] = pws[gid].i[12]; + w[13] = pws[gid].i[13]; + w[14] = pws[gid].i[14]; + w[15] = pws[gid].i[15]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22500 (s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4, w, pw_len, pws, rules_buf, combs_buf, words_buf_r, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22500_s04 (KERN_ATTR_VECTOR ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * base + */ + + u32 w[16]; + + w[ 0] = pws[gid].i[ 0]; + w[ 1] = pws[gid].i[ 1]; + w[ 2] = pws[gid].i[ 2]; + w[ 3] = pws[gid].i[ 3]; + w[ 4] = 0; + w[ 5] = 0; + w[ 6] = 0; + w[ 7] = 0; + w[ 8] = 0; + w[ 9] = 0; + w[10] = 0; + w[11] = 0; + w[12] = 0; + w[13] = 0; + w[14] = 0; + w[15] = pws[gid].i[15]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22500 (s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4, w, pw_len, pws, rules_buf, combs_buf, words_buf_r, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22500_s08 (KERN_ATTR_VECTOR ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * base + */ + + u32 w[16]; + + w[ 0] = pws[gid].i[ 0]; + w[ 1] = pws[gid].i[ 1]; + w[ 2] = pws[gid].i[ 2]; + w[ 3] = pws[gid].i[ 3]; + w[ 4] = pws[gid].i[ 4]; + w[ 5] = pws[gid].i[ 5]; + w[ 6] = pws[gid].i[ 6]; + w[ 7] = pws[gid].i[ 7]; + w[ 8] = 0; + w[ 9] = 0; + w[10] = 0; + w[11] = 0; + w[12] = 0; + w[13] = 0; + w[14] = 0; + w[15] = pws[gid].i[15]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22500 (s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4, w, pw_len, pws, rules_buf, combs_buf, words_buf_r, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} + +KERNEL_FQ void m22500_s16 (KERN_ATTR_VECTOR ()) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * base + */ + + u32 w[16]; + + w[ 0] = pws[gid].i[ 0]; + w[ 1] = pws[gid].i[ 1]; + w[ 2] = pws[gid].i[ 2]; + w[ 3] = pws[gid].i[ 3]; + w[ 4] = pws[gid].i[ 4]; + w[ 5] = pws[gid].i[ 5]; + w[ 6] = pws[gid].i[ 6]; + w[ 7] = pws[gid].i[ 7]; + w[ 8] = pws[gid].i[ 8]; + w[ 9] = pws[gid].i[ 9]; + w[10] = pws[gid].i[10]; + w[11] = pws[gid].i[11]; + w[12] = pws[gid].i[12]; + w[13] = pws[gid].i[13]; + w[14] = pws[gid].i[14]; + w[15] = pws[gid].i[15]; + + const u32 pw_len = pws[gid].pw_len & 63; + + /** + * main + */ + + m22500 (s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4, w, pw_len, pws, rules_buf, combs_buf, words_buf_r, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); +} diff --git a/OpenCL/m22500_a3-pure.cl b/OpenCL/m22500_a3-pure.cl new file mode 100644 index 000000000..d7db084a7 --- /dev/null +++ b/OpenCL/m22500_a3-pure.cl @@ -0,0 +1,650 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_md5.cl" +#include "inc_cipher_aes.cl" +#endif + +DECLSPEC int is_valid_bitcoinj_8 (const u8 v) +{ + // .abcdefghijklmnopqrstuvwxyz + + if (v > (u8) 'z') return 0; + if (v < (u8) '.') return 0; + + if ((v > (u8) '.') && (v < (u8) 'a')) return 0; + + return 1; +} + +KERNEL_FQ void m22500_mxx (KERN_ATTR_VECTOR ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + u32x w[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + { + w[idx] = pws[gid].i[idx]; + } + + /** + * salt + */ + + u32 s[64] = { 0 }; + + s[0] = salt_bufs[salt_pos].salt_buf[0]; + s[1] = salt_bufs[salt_pos].salt_buf[1]; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + /** + * loop + */ + + u32x w0l = w[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32x w0 = w0l | w0r; + + w[0] = w0; + + /** + * key1 = md5 ($pass . $salt): + */ + + md5_ctx_t ctx; + + md5_init (&ctx); + md5_update (&ctx, w, pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 ukey[8]; + + ukey[0] = ctx.h[0]; + ukey[1] = ctx.h[1]; + ukey[2] = ctx.h[2]; + ukey[3] = ctx.h[3]; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + u32 h[16] = { 0 }; // we need 64-bit alignment for md5_update () + + h[0] = ctx.h[0]; + h[1] = ctx.h[1]; + h[2] = ctx.h[2]; + h[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, h, 16); + md5_update (&ctx, w, pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + ukey[4] = ctx.h[0]; + ukey[5] = ctx.h[1]; + ukey[6] = ctx.h[2]; + ukey[7] = ctx.h[3]; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + h[0] = ctx.h[0]; + h[1] = ctx.h[1]; + h[2] = ctx.h[2]; + h[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, h, 16); + md5_update (&ctx, w, pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 iv[4]; + + iv[0] = ctx.h[0]; + iv[1] = ctx.h[1]; + iv[2] = ctx.h[2]; + iv[3] = ctx.h[3]; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} + +KERNEL_FQ void m22500_sxx (KERN_ATTR_VECTOR ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + u32x w[64] = { 0 }; + + for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + { + w[idx] = pws[gid].i[idx]; + } + + /** + * salt + */ + + u32 s[64] = { 0 }; + + s[0] = salt_bufs[salt_pos].salt_buf[0]; + s[1] = salt_bufs[salt_pos].salt_buf[1]; + + u32 data[8]; + + data[0] = salt_bufs[salt_pos].salt_buf[2]; + data[1] = salt_bufs[salt_pos].salt_buf[3]; + data[2] = salt_bufs[salt_pos].salt_buf[4]; + data[3] = salt_bufs[salt_pos].salt_buf[5]; + data[4] = salt_bufs[salt_pos].salt_buf[6]; + data[5] = salt_bufs[salt_pos].salt_buf[7]; + data[6] = salt_bufs[salt_pos].salt_buf[8]; + data[7] = salt_bufs[salt_pos].salt_buf[9]; + + /** + * loop + */ + + u32x w0l = w[0]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32x w0 = w0l | w0r; + + w[0] = w0; + + /** + * key1 = md5 ($pass . $salt): + */ + + md5_ctx_t ctx; + + md5_init (&ctx); + md5_update (&ctx, w, pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 ukey[8]; + + ukey[0] = ctx.h[0]; + ukey[1] = ctx.h[1]; + ukey[2] = ctx.h[2]; + ukey[3] = ctx.h[3]; + + /** + * key2 = md5 ($key1 . $pass . $salt): + */ + + u32 h[16] = { 0 }; // we need 64-bit alignment for md5_update () + + h[0] = ctx.h[0]; + h[1] = ctx.h[1]; + h[2] = ctx.h[2]; + h[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, h, 16); + md5_update (&ctx, w, pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + ukey[4] = ctx.h[0]; + ukey[5] = ctx.h[1]; + ukey[6] = ctx.h[2]; + ukey[7] = ctx.h[3]; + + /** + * iv = md5 ($key2 . $pass . $salt): + */ + + h[0] = ctx.h[0]; + h[1] = ctx.h[1]; + h[2] = ctx.h[2]; + h[3] = ctx.h[3]; + + md5_init (&ctx); + md5_update (&ctx, h, 16); + md5_update (&ctx, w, pw_len); + md5_update (&ctx, s, 8); + md5_final (&ctx); + + u32 iv[4]; + + iv[0] = ctx.h[0]; + iv[1] = ctx.h[1]; + iv[2] = ctx.h[2]; + iv[3] = ctx.h[3]; + + /** + * AES-256-CBC: + */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + aes256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 encrypted[4]; + + encrypted[0] = data[0]; + encrypted[1] = data[1]; + encrypted[2] = data[2]; + encrypted[3] = data[3]; + + u32 out[4]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + + // first char of decrypted wallet data must be K, L, Q, 5, # or \n + + const u32 first_byte = out[0] & 0xff; + + if ((first_byte != 0x4b) && // K + (first_byte != 0x4c) && // L + (first_byte != 0x51) && // Q + (first_byte != 0x35) && // 5 + (first_byte != 0x23) && // # + (first_byte != 0x0a)) // \n + { + continue; + } + + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if ((first_byte == 0x4b) || // K => MultiBit Classic Wallet + (first_byte == 0x4c) || // L + (first_byte == 0x51) || // Q + (first_byte == 0x35)) // 5 + { + // base58 check: + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + if (is_valid_base58_32 (out[0]) == 0) continue; + if (is_valid_base58_32 (out[1]) == 0) continue; + if (is_valid_base58_32 (out[2]) == 0) continue; + if (is_valid_base58_32 (out[3]) == 0) continue; + } + else if (first_byte == 0x0a) // \n => bitcoinj + { + if ((out[0] & 0x0000ff00) > 0x00007e00) continue; // second_byte + + // check for "org." substring: + + if ((out[0] & 0xffff0000) != 0x726f0000) continue; // "ro" (byte swapped) + if ((out[1] & 0x0000ffff) != 0x00002e67) continue; // ".g" + + if (is_valid_bitcoinj_8 (out[1] >> 16) == 0) continue; // byte 6 (counting from 0) + if (is_valid_bitcoinj_8 (out[1] >> 24) == 0) continue; // byte 7 + + if (is_valid_bitcoinj_8 (out[2] >> 0) == 0) continue; // byte 8 + if (is_valid_bitcoinj_8 (out[2] >> 8) == 0) continue; // byte 9 + if (is_valid_bitcoinj_8 (out[2] >> 16) == 0) continue; // byte 10 + if (is_valid_bitcoinj_8 (out[2] >> 24) == 0) continue; // byte 11 + + if (is_valid_bitcoinj_8 (out[3] >> 0) == 0) continue; // byte 12 + if (is_valid_bitcoinj_8 (out[3] >> 8) == 0) continue; // byte 13 + } + else // if (first_byte == 0x23) // # => KnCGroup Bitcoin Wallet + { + // Full string would be: + // "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + // check for "# KEEP YOUR PRIV" substring: + + if (out[0] != 0x454b2023) continue; // "EK #" (byte swapped) + if (out[1] != 0x59205045) continue; // "Y PE" + if (out[2] != 0x2052554f) continue; // " RUO" + if (out[3] != 0x56495250) continue; // "VIRP" + + iv[0] = encrypted[0]; + iv[1] = encrypted[1]; + iv[2] = encrypted[2]; + iv[3] = encrypted[3]; + + encrypted[0] = data[4]; + encrypted[1] = data[5]; + encrypted[2] = data[6]; + encrypted[3] = data[7]; + + aes256_decrypt (ks, encrypted, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // check for "ATE KEYS SAFE! A" substring: + + if (out[0] != 0x20455441) continue; // " ETA" (byte swapped) + if (out[1] != 0x5359454b) continue; // "SYEK" + if (out[2] != 0x46415320) continue; // "FAS " + if (out[3] != 0x41202145) continue; // "A !E" + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } + } +} diff --git a/docs/changes.txt b/docs/changes.txt index 1b8790a54..75c5a0524 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -40,6 +40,7 @@ - Added hash-mode: md5($salt.sha1($salt.$pass)) - Added hash-mode: md5(sha1($pass).md5($pass).sha1($pass)) - Added hash-mode: md5(sha1($salt).md5($pass)) +- Added hash-mode: MultiBit Classic .key (MD5) - Added hash-mode: Open Document Format (ODF) 1.1 (SHA-1, Blowfish) - Added hash-mode: Open Document Format (ODF) 1.2 (SHA-256, AES) - Added hash-mode: Oracle Transportation Management (SHA256) diff --git a/docs/readme.txt b/docs/readme.txt index a524e8421..0733ad859 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -284,6 +284,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (9.0 or - Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256 - Ethereum Wallet, PBKDF2-HMAC-SHA256 - Ethereum Wallet, SCRYPT +- MultiBit Classic .key (MD5) - 7-Zip - RAR3-hp - RAR5 diff --git a/src/modules/module_22500.c b/src/modules/module_22500.c new file mode 100644 index 000000000..0cabd5324 --- /dev/null +++ b/src/modules/module_22500.c @@ -0,0 +1,236 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER; +static const char *HASH_NAME = "MultiBit Classic .key (MD5)"; +static const u64 KERN_TYPE = 22500; +static const u32 OPTI_TYPE = OPTI_TYPE_EARLY_SKIP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$multibit$1*e5912fe5c84af3d5*5f0391c219e8ef62c06505b1f6232858f5bcaa739c2b471d45dd0bd8345334de"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +static const char *SIGNATURE_MULTIBIT = "$multibit$"; + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); + + u32 pw_max = PW_MAX; + + if (optimized_kernel == true) + { + pw_max = 31; // 55 - 8 (salt) - 16 (key1/key2) + } + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 4; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_MULTIBIT; + + token.len[0] = 10; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '*'; + token.len_min[1] = 1; + token.len_max[1] = 1; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '*'; + token.len_min[2] = 16; + token.len_max[2] = 16; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = '*'; + token.len_min[3] = 64; + token.len_max[3] = 64; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // version + + const u8 *version_pos = token.buf[1]; + + const u32 version = hc_strtoul ((const char *) version_pos, NULL, 10); + + if (version != 1) return PARSER_SALT_VALUE; + + // salt + + const u8 *salt_pos = token.buf[2]; + + salt->salt_buf[0] = hex_to_u32 (salt_pos + 0); + salt->salt_buf[1] = hex_to_u32 (salt_pos + 8); + + // data + + const u8 *data_pos = token.buf[3]; + + salt->salt_buf[2] = hex_to_u32 (data_pos + 0); + salt->salt_buf[3] = hex_to_u32 (data_pos + 8); + salt->salt_buf[4] = hex_to_u32 (data_pos + 16); + salt->salt_buf[5] = hex_to_u32 (data_pos + 24); + salt->salt_buf[6] = hex_to_u32 (data_pos + 32); + salt->salt_buf[7] = hex_to_u32 (data_pos + 40); + salt->salt_buf[8] = hex_to_u32 (data_pos + 48); + salt->salt_buf[9] = hex_to_u32 (data_pos + 56); + + // TODO remove ? + // salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); + // salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); + // salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]); + // salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]); + // salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]); + // salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]); + // salt->salt_buf[8] = byte_swap_32 (salt->salt_buf[8]); + // salt->salt_buf[9] = byte_swap_32 (salt->salt_buf[9]); + + salt->salt_len = 40; // 8 + 32; + + // fake hash + + digest[0] = salt->salt_buf[2]; + digest[1] = salt->salt_buf[3]; + digest[2] = salt->salt_buf[4]; + digest[3] = salt->salt_buf[5]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + int line_len = snprintf (line_buf, line_size, "%s%i*%08x%08x*%08x%08x%08x%08x%08x%08x%08x%08x", + SIGNATURE_MULTIBIT, + 1, + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1]), + byte_swap_32 (salt->salt_buf[2]), + byte_swap_32 (salt->salt_buf[3]), + byte_swap_32 (salt->salt_buf[4]), + byte_swap_32 (salt->salt_buf[5]), + byte_swap_32 (salt->salt_buf[6]), + byte_swap_32 (salt->salt_buf[7]), + byte_swap_32 (salt->salt_buf[8]), + byte_swap_32 (salt->salt_buf[9])); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m22500.pm b/tools/test_modules/m22500.pm new file mode 100644 index 000000000..5a7b956a7 --- /dev/null +++ b/tools/test_modules/m22500.pm @@ -0,0 +1,192 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::MD5 qw (md5); +use Crypt::CBC; + +sub module_constraints { [[0, 256], [8, 8], [0, 31], [8, 8], [-1, -1]] } + +my $BASE58_CHARS = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; +my $BITCOINJ_CHARS = ".abcdefghijklmnopqrstuvwxyz"; + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $data = shift; + + my $word_salt = $word . $salt; + + my $key1 = md5 ( $word_salt); + my $key2 = md5 ($key1 . $word_salt); + my $iv = md5 ($key2 . $word_salt); + + my $aes_cbc = Crypt::CBC->new ({ + cipher => "Crypt::Rijndael", + iv => $iv, + key => $key1 . $key2, + keysize => 32, + literal_key => 1, + header => "none", + padding => "none" + }); + + my $type = 0; # 0: MultiBit Classic MD5, 1: KnCGroup Bitcoin Wallet, 2: bitcoinj + my $key = ""; + + if (! defined ($data)) + { + $type = random_number (0, 2); + + if ($type == 0) + { + my @chars_at_start = ('K', 'L', 'Q', '5'); + + $data = $chars_at_start[random_number (0, scalar (@chars_at_start) - 1)]; + + for (my $i = 1; $i < 32; $i++) + { + $data .= substr ($BASE58_CHARS, random_number (0, length ($BASE58_CHARS) - 1), 1); + } + } + elsif ($type == 1) + { + $data = "\n"; + $data .= chr (random_number (0, 127)); + $data .= "org."; + + for (my $i = 6; $i < 32; $i++) + { + $data .= substr ($BITCOINJ_CHARS, random_number (0, length ($BITCOINJ_CHARS) - 1), 1); + } + } + elsif ($type == 2) + { + # Full string would be: + # "# KEEP YOUR PRIVATE KEYS SAFE! Anyone who can read this can spend your Bitcoins." + + $data = '# KEEP YOUR PRIVATE KEYS SAFE! A'; + } + + $key = $aes_cbc->encrypt ($data); + } + else + { + $key = $aes_cbc->decrypt ($data); + + # verification step: + + # first char of $key must be K, L, Q, 5, # or \n + + my $char_at_start = substr ($key, 0, 1); + + if (($char_at_start eq 'K') || + ($char_at_start eq 'L') || + ($char_at_start eq 'Q') || + ($char_at_start eq '5')) + { + my $error = 0; + + for (my $i = 1; $i < 32; $i++) # start with 1 (we already checked first char) + { + my $c = substr ($key, $i, 1); + + my $idx = index ($BASE58_CHARS, $c); + + next if ($idx >= 0); + + $error = 1; + + last; + } + + if ($error == 0) + { + $key = $data; + } + } + elsif ($char_at_start eq "\n") # bitcoinj + { + my $second_char = substr ($key, 1, 1); + + if (ord ($second_char) < 128) + { + if (substr ($key, 2, 4) eq "org.") + { + my $error = 0; + + for (my $i = 6; $i < 14; $i++) # start with 6 (we already checked first chars) + { + my $c = substr ($key, $i, 1); + + my $idx = index ($BITCOINJ_CHARS, $c); + + next if ($idx >= 0); + + $error = 1; + + last; + } + + if ($error == 0) + { + $key = $data; + } + } + } + } + elsif ($char_at_start eq '#') # KnCGroup Bitcoin Wallet + { + if (substr ($key, 0, 16) eq '# KEEP YOUR PRIV') + { + $key = $data; + } + } + } + + my $hash = sprintf ("\$multibit\$1*%s*%s", unpack ("H*", $salt), unpack ("H*", $key)); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $idx = index ($line, ':'); + + return unless $idx >= 0; + + my $hash = substr ($line, 0, $idx); + my $word = substr ($line, $idx + 1); + + return unless substr ($hash, 0, 12) eq '$multibit$1*'; + + $idx = index ($hash, '*', 12); + + return unless $idx == 28; + + my $salt_hex = substr ($hash, 12, 16); # 28 - 12 = 16 + my $data_hex = substr ($hash, 29); + + return unless length ($salt_hex) == 16; + return unless length ($data_hex) == 64; + + my $salt = pack ("H*", $salt_hex); + my $data = pack ("H*", $data_hex); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt, $data); + + return ($new_hash, $word); +} + +1; From 0c0912d4dacbacffa9a382f8ad7e6550a8cde1f3 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Thu, 6 Feb 2020 21:29:50 +0100 Subject: [PATCH 208/300] -m 22500: remove unnecessary comment --- src/modules/module_22500.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/src/modules/module_22500.c b/src/modules/module_22500.c index 0cabd5324..2a8405de0 100644 --- a/src/modules/module_22500.c +++ b/src/modules/module_22500.c @@ -121,16 +121,6 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE salt->salt_buf[8] = hex_to_u32 (data_pos + 48); salt->salt_buf[9] = hex_to_u32 (data_pos + 56); - // TODO remove ? - // salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); - // salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]); - // salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]); - // salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]); - // salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]); - // salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]); - // salt->salt_buf[8] = byte_swap_32 (salt->salt_buf[8]); - // salt->salt_buf[9] = byte_swap_32 (salt->salt_buf[9]); - salt->salt_len = 40; // 8 + 32; // fake hash From 4ed18af14c37c229ee51693a492a7147d775c316 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 8 Feb 2020 12:24:47 +0100 Subject: [PATCH 209/300] Make VeraCrypt PIM configuration mechanism easier to read --- include/types.h | 4 ++++ src/modules/module_13711.c | 2 +- src/modules/module_13712.c | 2 +- src/modules/module_13713.c | 2 +- src/modules/module_13721.c | 2 +- src/modules/module_13722.c | 2 +- src/modules/module_13723.c | 2 +- src/modules/module_13731.c | 2 +- src/modules/module_13732.c | 2 +- src/modules/module_13733.c | 2 +- src/modules/module_13741.c | 2 +- src/modules/module_13742.c | 2 +- src/modules/module_13743.c | 2 +- src/modules/module_13751.c | 2 +- src/modules/module_13752.c | 2 +- src/modules/module_13753.c | 2 +- src/modules/module_13761.c | 2 +- src/modules/module_13762.c | 2 +- src/modules/module_13763.c | 2 +- src/modules/module_13771.c | 2 +- src/modules/module_13772.c | 2 +- src/modules/module_13773.c | 2 +- src/user_options.c | 14 ++++++++------ 23 files changed, 33 insertions(+), 27 deletions(-) diff --git a/include/types.h b/include/types.h index 3ff3f5c6b..dfccc083a 100644 --- a/include/types.h +++ b/include/types.h @@ -646,6 +646,8 @@ typedef enum user_options_defaults USAGE = false, USERNAME = false, VERSION = false, + VERACRYPT_PIM_START = 485, + VERACRYPT_PIM_STOP = 485, WORDLIST_AUTOHEX_DISABLE = false, WORKLOAD_PROFILE = 2, @@ -1938,6 +1940,8 @@ typedef struct user_options bool stdin_timeout_abort_chgd; bool usage; bool username; + bool veracrypt_pim_start_chgd; + bool veracrypt_pim_stop_chgd; bool version; bool wordlist_autohex_disable; #ifdef WITH_BRAIN diff --git a/src/modules/module_13711.c b/src/modules/module_13711.c index 3f9b114d5..b04f6e935 100644 --- a/src/modules/module_13711.c +++ b/src/modules/module_13711.c @@ -246,7 +246,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13712.c b/src/modules/module_13712.c index ff2cb7825..5bd1c8368 100644 --- a/src/modules/module_13712.c +++ b/src/modules/module_13712.c @@ -246,7 +246,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13713.c b/src/modules/module_13713.c index 2477326d2..3b7a1a90a 100644 --- a/src/modules/module_13713.c +++ b/src/modules/module_13713.c @@ -246,7 +246,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13721.c b/src/modules/module_13721.c index e1ffa152d..272fbe3fe 100644 --- a/src/modules/module_13721.c +++ b/src/modules/module_13721.c @@ -244,7 +244,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13722.c b/src/modules/module_13722.c index efde93aa3..64324fa03 100644 --- a/src/modules/module_13722.c +++ b/src/modules/module_13722.c @@ -244,7 +244,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13723.c b/src/modules/module_13723.c index 852a31fde..ba5d7a644 100644 --- a/src/modules/module_13723.c +++ b/src/modules/module_13723.c @@ -244,7 +244,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13731.c b/src/modules/module_13731.c index 06e5fde42..a1fca2f9a 100644 --- a/src/modules/module_13731.c +++ b/src/modules/module_13731.c @@ -255,7 +255,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13732.c b/src/modules/module_13732.c index a916d6b0d..3b3508ab9 100644 --- a/src/modules/module_13732.c +++ b/src/modules/module_13732.c @@ -255,7 +255,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13733.c b/src/modules/module_13733.c index e0ee9d78c..f62d75dd9 100644 --- a/src/modules/module_13733.c +++ b/src/modules/module_13733.c @@ -255,7 +255,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13741.c b/src/modules/module_13741.c index 2c66fbd02..a55c085d2 100644 --- a/src/modules/module_13741.c +++ b/src/modules/module_13741.c @@ -247,7 +247,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = user_options->veracrypt_pim_start; vc->pim_stop = user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13742.c b/src/modules/module_13742.c index 90ae74e1c..cd9c63191 100644 --- a/src/modules/module_13742.c +++ b/src/modules/module_13742.c @@ -247,7 +247,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = user_options->veracrypt_pim_start; vc->pim_stop = user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13743.c b/src/modules/module_13743.c index e9fba371d..ff834d82f 100644 --- a/src/modules/module_13743.c +++ b/src/modules/module_13743.c @@ -247,7 +247,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = user_options->veracrypt_pim_start; vc->pim_stop = user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13751.c b/src/modules/module_13751.c index 8847376ee..110c0e6a1 100644 --- a/src/modules/module_13751.c +++ b/src/modules/module_13751.c @@ -246,7 +246,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13752.c b/src/modules/module_13752.c index c443a5ecb..88f12bfc1 100644 --- a/src/modules/module_13752.c +++ b/src/modules/module_13752.c @@ -246,7 +246,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13753.c b/src/modules/module_13753.c index 7301607a8..73c165b31 100644 --- a/src/modules/module_13753.c +++ b/src/modules/module_13753.c @@ -246,7 +246,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13761.c b/src/modules/module_13761.c index e219ad859..47b1fb25a 100644 --- a/src/modules/module_13761.c +++ b/src/modules/module_13761.c @@ -247,7 +247,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = user_options->veracrypt_pim_start; vc->pim_stop = user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13762.c b/src/modules/module_13762.c index fd6c7e43f..c738664d6 100644 --- a/src/modules/module_13762.c +++ b/src/modules/module_13762.c @@ -247,7 +247,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = user_options->veracrypt_pim_start; vc->pim_stop = user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13763.c b/src/modules/module_13763.c index 7821e6cf4..b4459d849 100644 --- a/src/modules/module_13763.c +++ b/src/modules/module_13763.c @@ -247,7 +247,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = user_options->veracrypt_pim_start; vc->pim_stop = user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13771.c b/src/modules/module_13771.c index 71b1c0b77..6fbcd8ccc 100644 --- a/src/modules/module_13771.c +++ b/src/modules/module_13771.c @@ -250,7 +250,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13772.c b/src/modules/module_13772.c index d2516a20c..76421b2c5 100644 --- a/src/modules/module_13772.c +++ b/src/modules/module_13772.c @@ -250,7 +250,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/modules/module_13773.c b/src/modules/module_13773.c index 28b6eae55..823683f66 100644 --- a/src/modules/module_13773.c +++ b/src/modules/module_13773.c @@ -250,7 +250,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE salt_t *salt = hash->salt; - if ((user_options->veracrypt_pim_start) && (user_options->veracrypt_pim_stop)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == true)) { vc->pim_start = 15 + user_options->veracrypt_pim_start; vc->pim_stop = 15 + user_options->veracrypt_pim_stop; diff --git a/src/user_options.c b/src/user_options.c index 57e09a7ce..ec19a0354 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -257,8 +257,8 @@ int user_options_init (hashcat_ctx_t *hashcat_ctx) user_options->usage = USAGE; user_options->username = USERNAME; user_options->veracrypt_keyfiles = NULL; - user_options->veracrypt_pim_start = 0; - user_options->veracrypt_pim_stop = 0; + user_options->veracrypt_pim_start = VERACRYPT_PIM_START; + user_options->veracrypt_pim_stop = VERACRYPT_PIM_STOP; user_options->version = VERSION; user_options->wordlist_autohex_disable = WORDLIST_AUTOHEX_DISABLE; user_options->workload_profile = WORKLOAD_PROFILE; @@ -460,8 +460,10 @@ int user_options_getopt (hashcat_ctx_t *hashcat_ctx, int argc, char **argv) case IDX_KEYBOARD_LAYOUT_MAPPING: user_options->keyboard_layout_mapping = optarg; break; case IDX_TRUECRYPT_KEYFILES: user_options->truecrypt_keyfiles = optarg; break; case IDX_VERACRYPT_KEYFILES: user_options->veracrypt_keyfiles = optarg; break; - case IDX_VERACRYPT_PIM_START: user_options->veracrypt_pim_start = hc_strtoul (optarg, NULL, 10); break; - case IDX_VERACRYPT_PIM_STOP: user_options->veracrypt_pim_stop = hc_strtoul (optarg, NULL, 10); break; + case IDX_VERACRYPT_PIM_START: user_options->veracrypt_pim_start = hc_strtoul (optarg, NULL, 10); + user_options->veracrypt_pim_start_chgd = true; break; + case IDX_VERACRYPT_PIM_STOP: user_options->veracrypt_pim_stop = hc_strtoul (optarg, NULL, 10); + user_options->veracrypt_pim_stop_chgd = true; break; case IDX_SEGMENT_SIZE: user_options->segment_size = hc_strtoul (optarg, NULL, 10); user_options->segment_size_chgd = true; break; case IDX_SCRYPT_TMTO: user_options->scrypt_tmto = hc_strtoul (optarg, NULL, 10); break; @@ -720,14 +722,14 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) return -1; } - if ((user_options->veracrypt_pim_start != 0) && (user_options->veracrypt_pim_stop == 0)) + if ((user_options->veracrypt_pim_start_chgd == true) && (user_options->veracrypt_pim_stop_chgd == false)) { event_log_error (hashcat_ctx, "If --veracrypt-pim-start is specified then --veracrypt-pim-stop needs to be specified, too."); return -1; } - if ((user_options->veracrypt_pim_start == 0) && (user_options->veracrypt_pim_stop != 0)) + if ((user_options->veracrypt_pim_start_chgd == false) && (user_options->veracrypt_pim_stop_chgd == true)) { event_log_error (hashcat_ctx, "If --veracrypt-pim-stop is specified then --veracrypt-pim-start needs to be specified, too."); From d76965348da0112bdb559486cefe301bf48e5084 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 10 Feb 2020 11:10:57 +0100 Subject: [PATCH 210/300] Small optimization for sha256crypt and add support for salt length up to 20 --- OpenCL/m07400-optimized.cl | 1081 +++++++++++++++++++++++++++--------- 1 file changed, 814 insertions(+), 267 deletions(-) diff --git a/OpenCL/m07400-optimized.cl b/OpenCL/m07400-optimized.cl index 5d8cf6af0..92b140bd2 100644 --- a/OpenCL/m07400-optimized.cl +++ b/OpenCL/m07400-optimized.cl @@ -24,33 +24,6 @@ typedef struct sha256crypt_tmp } sha256crypt_tmp_t; -DECLSPEC void sha256_transform_transport (const u32 *w, u32 *digest) -{ - u32 w0[4]; - u32 w1[4]; - u32 w2[4]; - u32 w3[4]; - - w0[0] = hc_swap32_S (w[ 0]); - w0[1] = hc_swap32_S (w[ 1]); - w0[2] = hc_swap32_S (w[ 2]); - w0[3] = hc_swap32_S (w[ 3]); - w1[0] = hc_swap32_S (w[ 4]); - w1[1] = hc_swap32_S (w[ 5]); - w1[2] = hc_swap32_S (w[ 6]); - w1[3] = hc_swap32_S (w[ 7]); - w2[0] = hc_swap32_S (w[ 8]); - w2[1] = hc_swap32_S (w[ 9]); - w2[2] = hc_swap32_S (w[10]); - w2[3] = hc_swap32_S (w[11]); - w3[0] = hc_swap32_S (w[12]); - w3[1] = hc_swap32_S (w[13]); - w3[2] = hc_swap32_S (w[14]); - w3[3] = hc_swap32_S (w[15]); - - sha256_transform (w0, w1, w2, w3, digest); -} - DECLSPEC void init_ctx (u32 *digest) { digest[0] = SHA256M_A; @@ -63,76 +36,29 @@ DECLSPEC void init_ctx (u32 *digest) digest[7] = SHA256M_H; } -DECLSPEC void bzero16 (u32 *block) -{ - block[ 0] = 0; - block[ 1] = 0; - block[ 2] = 0; - block[ 3] = 0; - block[ 4] = 0; - block[ 5] = 0; - block[ 6] = 0; - block[ 7] = 0; - block[ 8] = 0; - block[ 9] = 0; - block[10] = 0; - block[11] = 0; - block[12] = 0; - block[13] = 0; - block[14] = 0; - block[15] = 0; -} - -DECLSPEC void bswap8 (u32 *block) -{ - block[ 0] = hc_swap32_S (block[ 0]); - block[ 1] = hc_swap32_S (block[ 1]); - block[ 2] = hc_swap32_S (block[ 2]); - block[ 3] = hc_swap32_S (block[ 3]); - block[ 4] = hc_swap32_S (block[ 4]); - block[ 5] = hc_swap32_S (block[ 5]); - block[ 6] = hc_swap32_S (block[ 6]); - block[ 7] = hc_swap32_S (block[ 7]); -} - DECLSPEC u32 memcat16 (u32 *block, const u32 offset, const u32 *append, const u32 append_len) { - u32 tmp0; - u32 tmp1; - u32 tmp2; - u32 tmp3; - u32 tmp4; - - #if defined IS_AMD || defined IS_GENERIC u32 in0 = append[0]; u32 in1 = append[1]; u32 in2 = append[2]; u32 in3 = append[3]; - tmp0 = hc_bytealign ( 0, in0, offset); - tmp1 = hc_bytealign (in0, in1, offset); - tmp2 = hc_bytealign (in1, in2, offset); - tmp3 = hc_bytealign (in2, in3, offset); - tmp4 = hc_bytealign (in3, 0, offset); + #if defined IS_AMD || defined IS_GENERIC + const u32 tmp0 = hc_bytealign_be ( 0, in0, offset); + const u32 tmp1 = hc_bytealign_be (in0, in1, offset); + const u32 tmp2 = hc_bytealign_be (in1, in2, offset); + const u32 tmp3 = hc_bytealign_be (in2, in3, offset); + const u32 tmp4 = hc_bytealign_be (in3, 0, offset); #endif #ifdef IS_NV - const int offset_mod_4 = offset & 3; + const int selector = (0x76543210 >> ((offset & 3) * 4)) & 0xffff; - const int offset_minus_4 = 4 - offset_mod_4; - - const int selector = (0x76543210 >> (offset_minus_4 * 4)) & 0xffff; - - u32 in0 = append[0]; - u32 in1 = append[1]; - u32 in2 = append[2]; - u32 in3 = append[3]; - - tmp0 = hc_byte_perm ( 0, in0, selector); - tmp1 = hc_byte_perm (in0, in1, selector); - tmp2 = hc_byte_perm (in1, in2, selector); - tmp3 = hc_byte_perm (in2, in3, selector); - tmp4 = hc_byte_perm (in3, 0, selector); + const u32 tmp0 = hc_byte_perm_S (in0, 0, selector); + const u32 tmp1 = hc_byte_perm_S (in1, in0, selector); + const u32 tmp2 = hc_byte_perm_S (in2, in1, selector); + const u32 tmp3 = hc_byte_perm_S (in3, in2, selector); + const u32 tmp4 = hc_byte_perm_S (0, in3, selector); #endif switch (offset / 4) @@ -232,45 +158,30 @@ DECLSPEC u32 memcat16 (u32 *block, const u32 offset, const u32 *append, const u3 DECLSPEC u32 memcat16c (u32 *block, const u32 offset, const u32 *append, const u32 append_len, u32 *digest) { - u32 tmp0; - u32 tmp1; - u32 tmp2; - u32 tmp3; - u32 tmp4; - - #if defined IS_AMD || defined IS_GENERIC u32 in0 = append[0]; u32 in1 = append[1]; u32 in2 = append[2]; u32 in3 = append[3]; - tmp0 = hc_bytealign ( 0, in0, offset); - tmp1 = hc_bytealign (in0, in1, offset); - tmp2 = hc_bytealign (in1, in2, offset); - tmp3 = hc_bytealign (in2, in3, offset); - tmp4 = hc_bytealign (in3, 0, offset); + #if defined IS_AMD || defined IS_GENERIC + const u32 tmp0 = hc_bytealign_be ( 0, in0, offset); + const u32 tmp1 = hc_bytealign_be (in0, in1, offset); + const u32 tmp2 = hc_bytealign_be (in1, in2, offset); + const u32 tmp3 = hc_bytealign_be (in2, in3, offset); + const u32 tmp4 = hc_bytealign_be (in3, 0, offset); #endif #ifdef IS_NV - const int offset_mod_4 = offset & 3; + const int selector = (0x76543210 >> ((offset & 3) * 4)) & 0xffff; - const int offset_minus_4 = 4 - offset_mod_4; - - const int selector = (0x76543210 >> (offset_minus_4 * 4)) & 0xffff; - - u32 in0 = append[0]; - u32 in1 = append[1]; - u32 in2 = append[2]; - u32 in3 = append[3]; - - tmp0 = hc_byte_perm ( 0, in0, selector); - tmp1 = hc_byte_perm (in0, in1, selector); - tmp2 = hc_byte_perm (in1, in2, selector); - tmp3 = hc_byte_perm (in2, in3, selector); - tmp4 = hc_byte_perm (in3, 0, selector); + const u32 tmp0 = hc_byte_perm_S (in0, 0, selector); + const u32 tmp1 = hc_byte_perm_S (in1, in0, selector); + const u32 tmp2 = hc_byte_perm_S (in2, in1, selector); + const u32 tmp3 = hc_byte_perm_S (in3, in2, selector); + const u32 tmp4 = hc_byte_perm_S (0, in3, selector); #endif - u32 carry[4] = { 0, 0, 0, 0 }; + u32 carry[4] = { 0 }; switch (offset / 4) { @@ -378,57 +289,487 @@ DECLSPEC u32 memcat16c (u32 *block, const u32 offset, const u32 *append, const u { new_len -= 64; - sha256_transform_transport (block, digest); + sha256_transform (block + 0, block + 4, block + 8, block + 12, digest); - bzero16 (block); - - block[0] = carry[0]; - block[1] = carry[1]; - block[2] = carry[2]; - block[3] = carry[3]; + block[ 0] = carry[0]; + block[ 1] = carry[1]; + block[ 2] = carry[2]; + block[ 3] = carry[3]; + block[ 4] = 0; + block[ 5] = 0; + block[ 6] = 0; + block[ 7] = 0; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; } return new_len; } -DECLSPEC u32 memcat20 (u32 *block, const u32 offset, const u32 *append, const u32 append_len) +DECLSPEC u32 memcat16s (u32 *block, const u32 offset, const u32 *append, const u32 append_len) { - u32 tmp0; - u32 tmp1; - u32 tmp2; - u32 tmp3; - u32 tmp4; - - #if defined IS_AMD || defined IS_GENERIC u32 in0 = append[0]; u32 in1 = append[1]; u32 in2 = append[2]; u32 in3 = append[3]; + u32 in4 = append[4]; - tmp0 = hc_bytealign ( 0, in0, offset); - tmp1 = hc_bytealign (in0, in1, offset); - tmp2 = hc_bytealign (in1, in2, offset); - tmp3 = hc_bytealign (in2, in3, offset); - tmp4 = hc_bytealign (in3, 0, offset); + #if defined IS_AMD || defined IS_GENERIC + const u32 tmp0 = hc_bytealign_be ( 0, in0, offset); + const u32 tmp1 = hc_bytealign_be (in0, in1, offset); + const u32 tmp2 = hc_bytealign_be (in1, in2, offset); + const u32 tmp3 = hc_bytealign_be (in2, in3, offset); + const u32 tmp4 = hc_bytealign_be (in3, in4, offset); + const u32 tmp5 = hc_bytealign_be (in4, 0, offset); #endif #ifdef IS_NV - const int offset_mod_4 = offset & 3; + const int selector = (0x76543210 >> ((offset & 3) * 4)) & 0xffff; - const int offset_minus_4 = 4 - offset_mod_4; + const u32 tmp0 = hc_byte_perm_S (in0, 0, selector); + const u32 tmp1 = hc_byte_perm_S (in1, in0, selector); + const u32 tmp2 = hc_byte_perm_S (in2, in1, selector); + const u32 tmp3 = hc_byte_perm_S (in3, in2, selector); + const u32 tmp4 = hc_byte_perm_S (in4, in3, selector); + const u32 tmp5 = hc_byte_perm_S (0, in4, selector); + #endif - const int selector = (0x76543210 >> (offset_minus_4 * 4)) & 0xffff; + switch (offset / 4) + { + case 0: block[ 0] |= tmp0; + block[ 1] = tmp1; + block[ 2] = tmp2; + block[ 3] = tmp3; + block[ 4] = tmp4; + block[ 5] = tmp5; + break; + case 1: block[ 1] |= tmp0; + block[ 2] = tmp1; + block[ 3] = tmp2; + block[ 4] = tmp3; + block[ 5] = tmp4; + block[ 6] = tmp5; + break; + case 2: block[ 2] |= tmp0; + block[ 3] = tmp1; + block[ 4] = tmp2; + block[ 5] = tmp3; + block[ 6] = tmp4; + block[ 7] = tmp5; + break; + case 3: block[ 3] |= tmp0; + block[ 4] = tmp1; + block[ 5] = tmp2; + block[ 6] = tmp3; + block[ 7] = tmp4; + block[ 8] = tmp5; + break; + case 4: block[ 4] |= tmp0; + block[ 5] = tmp1; + block[ 6] = tmp2; + block[ 7] = tmp3; + block[ 8] = tmp4; + block[ 9] = tmp5; + break; + case 5: block[ 5] |= tmp0; + block[ 6] = tmp1; + block[ 7] = tmp2; + block[ 8] = tmp3; + block[ 9] = tmp4; + block[10] = tmp5; + break; + case 6: block[ 6] |= tmp0; + block[ 7] = tmp1; + block[ 8] = tmp2; + block[ 9] = tmp3; + block[10] = tmp4; + block[11] = tmp5; + break; + case 7: block[ 7] |= tmp0; + block[ 8] = tmp1; + block[ 9] = tmp2; + block[10] = tmp3; + block[11] = tmp4; + block[12] = tmp5; + break; + case 8: block[ 8] |= tmp0; + block[ 9] = tmp1; + block[10] = tmp2; + block[11] = tmp3; + block[12] = tmp4; + block[13] = tmp5; + break; + case 9: block[ 9] |= tmp0; + block[10] = tmp1; + block[11] = tmp2; + block[12] = tmp3; + block[13] = tmp4; + block[14] = tmp5; + break; + case 10: block[10] |= tmp0; + block[11] = tmp1; + block[12] = tmp2; + block[13] = tmp3; + block[14] = tmp4; + block[15] = tmp5; + break; + case 11: block[11] |= tmp0; + block[12] = tmp1; + block[13] = tmp2; + block[14] = tmp3; + block[15] = tmp4; + break; + case 12: block[12] |= tmp0; + block[13] = tmp1; + block[14] = tmp2; + block[15] = tmp3; + break; + case 13: block[13] |= tmp0; + block[14] = tmp1; + block[15] = tmp2; + break; + case 14: block[14] |= tmp0; + block[15] = tmp1; + break; + case 15: block[15] |= tmp0; + break; + } + u32 new_len = offset + append_len; + + return new_len; +} + +DECLSPEC u32 memcat16sc (u32 *block, const u32 offset, const u32 *append, const u32 append_len, u32 *digest) +{ + u32 in0 = append[0]; + u32 in1 = append[1]; + u32 in2 = append[2]; + u32 in3 = append[3]; + u32 in4 = append[4]; + + #if defined IS_AMD || defined IS_GENERIC + const u32 tmp0 = hc_bytealign_be ( 0, in0, offset); + const u32 tmp1 = hc_bytealign_be (in0, in1, offset); + const u32 tmp2 = hc_bytealign_be (in1, in2, offset); + const u32 tmp3 = hc_bytealign_be (in2, in3, offset); + const u32 tmp4 = hc_bytealign_be (in3, in4, offset); + const u32 tmp5 = hc_bytealign_be (in4, 0, offset); + #endif + + #ifdef IS_NV + const int selector = (0x76543210 >> ((offset & 3) * 4)) & 0xffff; + + const u32 tmp0 = hc_byte_perm_S (in0, 0, selector); + const u32 tmp1 = hc_byte_perm_S (in1, in0, selector); + const u32 tmp2 = hc_byte_perm_S (in2, in1, selector); + const u32 tmp3 = hc_byte_perm_S (in3, in2, selector); + const u32 tmp4 = hc_byte_perm_S (in4, in3, selector); + const u32 tmp5 = hc_byte_perm_S (0, in4, selector); + #endif + + u32 carry[5] = { 0 }; + + switch (offset / 4) + { + case 0: block[ 0] |= tmp0; + block[ 1] = tmp1; + block[ 2] = tmp2; + block[ 3] = tmp3; + block[ 4] = tmp4; + block[ 5] = tmp5; + break; + case 1: block[ 1] |= tmp0; + block[ 2] = tmp1; + block[ 3] = tmp2; + block[ 4] = tmp3; + block[ 5] = tmp4; + block[ 6] = tmp5; + break; + case 2: block[ 2] |= tmp0; + block[ 3] = tmp1; + block[ 4] = tmp2; + block[ 5] = tmp3; + block[ 6] = tmp4; + block[ 7] = tmp5; + break; + case 3: block[ 3] |= tmp0; + block[ 4] = tmp1; + block[ 5] = tmp2; + block[ 6] = tmp3; + block[ 7] = tmp4; + block[ 8] = tmp5; + break; + case 4: block[ 4] |= tmp0; + block[ 5] = tmp1; + block[ 6] = tmp2; + block[ 7] = tmp3; + block[ 8] = tmp4; + block[ 9] = tmp5; + break; + case 5: block[ 5] |= tmp0; + block[ 6] = tmp1; + block[ 7] = tmp2; + block[ 8] = tmp3; + block[ 9] = tmp4; + block[10] = tmp5; + break; + case 6: block[ 6] |= tmp0; + block[ 7] = tmp1; + block[ 8] = tmp2; + block[ 9] = tmp3; + block[10] = tmp4; + block[11] = tmp5; + break; + case 7: block[ 7] |= tmp0; + block[ 8] = tmp1; + block[ 9] = tmp2; + block[10] = tmp3; + block[11] = tmp4; + block[12] = tmp5; + break; + case 8: block[ 8] |= tmp0; + block[ 9] = tmp1; + block[10] = tmp2; + block[11] = tmp3; + block[12] = tmp4; + block[13] = tmp5; + break; + case 9: block[ 9] |= tmp0; + block[10] = tmp1; + block[11] = tmp2; + block[12] = tmp3; + block[13] = tmp4; + block[14] = tmp5; + break; + case 10: block[10] |= tmp0; + block[11] = tmp1; + block[12] = tmp2; + block[13] = tmp3; + block[14] = tmp4; + block[15] = tmp5; + break; + case 11: block[11] |= tmp0; + block[12] = tmp1; + block[13] = tmp2; + block[14] = tmp3; + block[15] = tmp4; + carry[ 0] = tmp5; + break; + case 12: block[12] |= tmp0; + block[13] = tmp1; + block[14] = tmp2; + block[15] = tmp3; + carry[ 0] = tmp4; + carry[ 1] = tmp5; + break; + case 13: block[13] |= tmp0; + block[14] = tmp1; + block[15] = tmp2; + carry[ 0] = tmp3; + carry[ 1] = tmp4; + carry[ 2] = tmp5; + break; + case 14: block[14] |= tmp0; + block[15] = tmp1; + carry[ 0] = tmp2; + carry[ 1] = tmp3; + carry[ 2] = tmp4; + carry[ 3] = tmp5; + break; + case 15: block[15] |= tmp0; + carry[ 0] = tmp1; + carry[ 1] = tmp2; + carry[ 2] = tmp3; + carry[ 3] = tmp4; + carry[ 4] = tmp5; + break; + } + + u32 new_len = offset + append_len; + + if (new_len >= 64) + { + new_len -= 64; + + sha256_transform (block + 0, block + 4, block + 8, block + 12, digest); + + block[ 0] = carry[0]; + block[ 1] = carry[1]; + block[ 2] = carry[2]; + block[ 3] = carry[3]; + block[ 4] = carry[4]; + block[ 5] = 0; + block[ 6] = 0; + block[ 7] = 0; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; + } + + return new_len; +} + +DECLSPEC void truncate_block_5x4_be_S (u32 *w0, const u32 len) +{ + switch (len) + { + case 0: + w0[0] = 0; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w0[4] = 0; + break; + + case 1: + w0[0] &= 0xff000000; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w0[4] = 0; + break; + + case 2: + w0[0] &= 0xffff0000; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w0[4] = 0; + break; + + case 3: + w0[0] &= 0xffffff00; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w0[4] = 0; + break; + + case 4: + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w0[4] = 0; + break; + + case 5: + w0[1] &= 0xff000000; + w0[2] = 0; + w0[3] = 0; + w0[4] = 0; + break; + + case 6: + w0[1] &= 0xffff0000; + w0[2] = 0; + w0[3] = 0; + w0[4] = 0; + break; + + case 7: + w0[1] &= 0xffffff00; + w0[2] = 0; + w0[3] = 0; + w0[4] = 0; + break; + + case 8: + w0[2] = 0; + w0[3] = 0; + w0[4] = 0; + break; + + case 9: + w0[2] &= 0xff000000; + w0[3] = 0; + w0[4] = 0; + break; + + case 10: + w0[2] &= 0xffff0000; + w0[3] = 0; + w0[4] = 0; + break; + + case 11: + w0[2] &= 0xffffff00; + w0[3] = 0; + w0[4] = 0; + break; + + case 12: + w0[3] = 0; + w0[4] = 0; + break; + + case 13: + w0[3] &= 0xff000000; + w0[4] = 0; + break; + + case 14: + w0[3] &= 0xffff0000; + w0[4] = 0; + break; + + case 15: + w0[3] &= 0xffffff00; + w0[4] = 0; + break; + + case 16: + w0[4] = 0; + break; + + case 17: + w0[4] &= 0xff000000; + break; + + case 18: + w0[4] &= 0xffff0000; + break; + + case 19: + w0[4] &= 0xffffff00; + break; + } +} + +DECLSPEC u32 memcat20 (u32 *block, const u32 offset, const u32 *append, const u32 append_len) +{ u32 in0 = append[0]; u32 in1 = append[1]; u32 in2 = append[2]; u32 in3 = append[3]; - tmp0 = hc_byte_perm ( 0, in0, selector); - tmp1 = hc_byte_perm (in0, in1, selector); - tmp2 = hc_byte_perm (in1, in2, selector); - tmp3 = hc_byte_perm (in2, in3, selector); - tmp4 = hc_byte_perm (in3, 0, selector); + #if defined IS_AMD || defined IS_GENERIC + const u32 tmp0 = hc_bytealign_be_S ( 0, in0, offset); + const u32 tmp1 = hc_bytealign_be_S (in0, in1, offset); + const u32 tmp2 = hc_bytealign_be_S (in1, in2, offset); + const u32 tmp3 = hc_bytealign_be_S (in2, in3, offset); + const u32 tmp4 = hc_bytealign_be_S (in3, 0, offset); + #endif + + #ifdef IS_NV + const int selector = (0x76543210 >> ((offset & 3) * 4)) & 0xffff; + + const u32 tmp0 = hc_byte_perm_S (in0, 0, selector); + const u32 tmp1 = hc_byte_perm_S (in1, in0, selector); + const u32 tmp2 = hc_byte_perm_S (in2, in1, selector); + const u32 tmp3 = hc_byte_perm_S (in3, in2, selector); + const u32 tmp4 = hc_byte_perm_S (0, in3, selector); #endif switch (offset / 4) @@ -536,44 +877,28 @@ DECLSPEC u32 memcat20 (u32 *block, const u32 offset, const u32 *append, const u3 DECLSPEC u32 memcat20_x80 (u32 *block, const u32 offset, const u32 *append, const u32 append_len) { - u32 tmp0; - u32 tmp1; - u32 tmp2; - u32 tmp3; - u32 tmp4; - - #if defined IS_AMD || defined IS_GENERIC u32 in0 = append[0]; u32 in1 = append[1]; u32 in2 = append[2]; u32 in3 = append[3]; - u32 in4 = 0x80; + u32 in4 = 0x80000000; - tmp0 = hc_bytealign ( 0, in0, offset); - tmp1 = hc_bytealign (in0, in1, offset); - tmp2 = hc_bytealign (in1, in2, offset); - tmp3 = hc_bytealign (in2, in3, offset); - tmp4 = hc_bytealign (in3, in4, offset); + #if defined IS_AMD || defined IS_GENERIC + const u32 tmp0 = hc_bytealign_be_S ( 0, in0, offset); + const u32 tmp1 = hc_bytealign_be_S (in0, in1, offset); + const u32 tmp2 = hc_bytealign_be_S (in1, in2, offset); + const u32 tmp3 = hc_bytealign_be_S (in2, in3, offset); + const u32 tmp4 = hc_bytealign_be_S (in3, in4, offset); #endif #ifdef IS_NV - const int offset_mod_4 = offset & 3; + const int selector = (0x76543210 >> ((offset & 3) * 4)) & 0xffff; - const int offset_minus_4 = 4 - offset_mod_4; - - const int selector = (0x76543210 >> (offset_minus_4 * 4)) & 0xffff; - - u32 in0 = append[0]; - u32 in1 = append[1]; - u32 in2 = append[2]; - u32 in3 = append[3]; - u32 in4 = 0x80; - - tmp0 = hc_byte_perm ( 0, in0, selector); - tmp1 = hc_byte_perm (in0, in1, selector); - tmp2 = hc_byte_perm (in1, in2, selector); - tmp3 = hc_byte_perm (in2, in3, selector); - tmp4 = hc_byte_perm (in3, in4, selector); + const u32 tmp0 = hc_byte_perm_S (in0, 0, selector); + const u32 tmp1 = hc_byte_perm_S (in1, in0, selector); + const u32 tmp2 = hc_byte_perm_S (in2, in1, selector); + const u32 tmp3 = hc_byte_perm_S (in3, in2, selector); + const u32 tmp4 = hc_byte_perm_S (in4, in3, selector); #endif switch (offset / 4) @@ -679,6 +1004,69 @@ DECLSPEC u32 memcat20_x80 (u32 *block, const u32 offset, const u32 *append, cons return offset + append_len; } +DECLSPEC u32 memcat24 (u32 *block, const u32 offset, const u32 *append, const u32 append_len) +{ + u32 in0 = append[0]; + u32 in1 = append[1]; + u32 in2 = append[2]; + u32 in3 = append[3]; + u32 in4 = append[4]; + + #if defined IS_AMD || defined IS_GENERIC + const u32 tmp0 = hc_bytealign_be_S ( 0, in0, offset); + const u32 tmp1 = hc_bytealign_be_S (in0, in1, offset); + const u32 tmp2 = hc_bytealign_be_S (in1, in2, offset); + const u32 tmp3 = hc_bytealign_be_S (in2, in3, offset); + const u32 tmp4 = hc_bytealign_be_S (in3, in4, offset); + const u32 tmp5 = hc_bytealign_be_S (in4, 0, offset); + #endif + + #ifdef IS_NV + const int selector = (0x76543210 >> ((offset & 3) * 4)) & 0xffff; + + const u32 tmp0 = hc_byte_perm_S (in0, 0, selector); + const u32 tmp1 = hc_byte_perm_S (in1, in0, selector); + const u32 tmp2 = hc_byte_perm_S (in2, in1, selector); + const u32 tmp3 = hc_byte_perm_S (in3, in2, selector); + const u32 tmp4 = hc_byte_perm_S (in4, in3, selector); + const u32 tmp5 = hc_byte_perm_S (0, in4, selector); + #endif + + switch (offset / 4) + { + case 0: block[ 0] |= tmp0; + block[ 1] = tmp1; + block[ 2] = tmp2; + block[ 3] = tmp3; + block[ 4] = tmp4; + block[ 5] = tmp5; + break; + case 1: block[ 1] |= tmp0; + block[ 2] = tmp1; + block[ 3] = tmp2; + block[ 4] = tmp3; + block[ 5] = tmp4; + block[ 6] = tmp5; + break; + case 2: block[ 2] |= tmp0; + block[ 3] = tmp1; + block[ 4] = tmp2; + block[ 5] = tmp3; + block[ 6] = tmp4; + block[ 7] = tmp5; + break; + case 3: block[ 3] |= tmp0; + block[ 4] = tmp1; + block[ 5] = tmp2; + block[ 6] = tmp3; + block[ 7] = tmp4; + block[ 8] = tmp5; + break; + } + + return offset + append_len; +} + KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) { /** @@ -691,10 +1079,10 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) u32 w0[4]; - w0[0] = pws[gid].i[0]; - w0[1] = pws[gid].i[1]; - w0[2] = pws[gid].i[2]; - w0[3] = pws[gid].i[3]; + w0[0] = hc_swap32_S (pws[gid].i[0]); + w0[1] = hc_swap32_S (pws[gid].i[1]); + w0[2] = hc_swap32_S (pws[gid].i[2]); + w0[3] = hc_swap32_S (pws[gid].i[3]); const u32 pw_len = pws[gid].pw_len & 63; @@ -702,12 +1090,13 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) * salt */ - u32 salt_buf[4]; + u32 salt_buf[5]; - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[2] = salt_bufs[salt_pos].salt_buf[2]; - salt_buf[3] = salt_bufs[salt_pos].salt_buf[3]; + salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); + salt_buf[3] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[3]); + salt_buf[4] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[4]); u32 salt_len = salt_bufs[salt_pos].salt_len; @@ -720,6 +1109,23 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) u32 block[16]; + block[ 0] = 0; + block[ 1] = 0; + block[ 2] = 0; + block[ 3] = 0; + block[ 4] = 0; + block[ 5] = 0; + block[ 6] = 0; + block[ 7] = 0; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; + u32 alt_result[8]; u32 p_bytes[8]; u32 s_bytes[8]; @@ -728,33 +1134,25 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) block_len = 0; - bzero16 (block); - /* Add key. */ block_len = memcat16 (block, block_len, w0, pw_len); /* Add salt. */ - block_len = memcat16 (block, block_len, salt_buf, salt_len); + block_len = memcat16s (block, block_len, salt_buf, salt_len); /* Add key again. */ block_len = memcat16 (block, block_len, w0, pw_len); - append_0x80_1x16 (block, block_len); + append_0x80_1x16 (block, block_len ^ 3); - block[15] = hc_swap32_S (block_len * 8); + block[15] = block_len * 8; init_ctx (alt_result); - sha256_transform_transport (block, alt_result); - - bswap8 (alt_result); - - block_len = 0; - - bzero16 (block); + sha256_transform (block + 0, block + 4, block + 8, block + 12, alt_result); u32 alt_result_tmp[8]; @@ -767,7 +1165,26 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) alt_result_tmp[6] = 0; alt_result_tmp[7] = 0; - truncate_block_4x4_le_S (alt_result_tmp, pw_len); + truncate_block_4x4_be_S (alt_result_tmp, pw_len); + + block[ 0] = 0; + block[ 1] = 0; + block[ 2] = 0; + block[ 3] = 0; + block[ 4] = 0; + block[ 5] = 0; + block[ 6] = 0; + block[ 7] = 0; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; + + block_len = 0; /* Add the key string. */ @@ -777,7 +1194,7 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) characters and it ends at the first `$' character (for compatibility with existing implementations). */ - block_len = memcat16 (block, block_len, salt_buf, salt_len); + block_len = memcat16s (block, block_len, salt_buf, salt_len); /* Now get result of this (32 bytes) and add it to the other context. */ @@ -817,20 +1234,33 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) } } - append_0x80_1x16 (block, block_len); + append_0x80_1x16 (block, block_len ^ 3); if (block_len >= 56) { - sha256_transform_transport (block, alt_result); + sha256_transform (block + 0, block + 4, block + 8, block + 12, alt_result); - bzero16 (block); + block[ 0] = 0; + block[ 1] = 0; + block[ 2] = 0; + block[ 3] = 0; + block[ 4] = 0; + block[ 5] = 0; + block[ 6] = 0; + block[ 7] = 0; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; } - block[15] = hc_swap32_S (transform_len * 8); + block[15] = transform_len * 8; - sha256_transform_transport (block, alt_result); - - bswap8 (alt_result); + sha256_transform (block + 0, block + 4, block + 8, block + 12, alt_result); tmps[gid].alt_result[0] = alt_result[0]; tmps[gid].alt_result[1] = alt_result[1]; @@ -843,11 +1273,26 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) /* Start computation of P byte sequence. */ - block_len = 0; - transform_len = 0; - bzero16 (block); + block[ 0] = 0; + block[ 1] = 0; + block[ 2] = 0; + block[ 3] = 0; + block[ 4] = 0; + block[ 5] = 0; + block[ 6] = 0; + block[ 7] = 0; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; + + block_len = 0; /* For every character in the password add the entire password. */ @@ -862,22 +1307,35 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) /* Finish the digest. */ - append_0x80_1x16 (block, block_len); + append_0x80_1x16 (block, block_len ^ 3); if (block_len >= 56) { - sha256_transform_transport (block, p_bytes); + sha256_transform (block + 0, block + 4, block + 8, block + 12, p_bytes); - bzero16 (block); + block[ 0] = 0; + block[ 1] = 0; + block[ 2] = 0; + block[ 3] = 0; + block[ 4] = 0; + block[ 5] = 0; + block[ 6] = 0; + block[ 7] = 0; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; } - block[15] = hc_swap32_S (transform_len * 8); + block[15] = transform_len * 8; - sha256_transform_transport (block, p_bytes); + sha256_transform (block + 0, block + 4, block + 8, block + 12, p_bytes); - bswap8 (p_bytes); - - truncate_block_4x4_le_S (p_bytes, pw_len); + truncate_block_4x4_be_S (p_bytes, pw_len); tmps[gid].p_bytes[0] = p_bytes[0]; tmps[gid].p_bytes[1] = p_bytes[1]; @@ -886,46 +1344,75 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) /* Start computation of S byte sequence. */ - block_len = 0; - transform_len = 0; - bzero16 (block); + block[ 0] = 0; + block[ 1] = 0; + block[ 2] = 0; + block[ 3] = 0; + block[ 4] = 0; + block[ 5] = 0; + block[ 6] = 0; + block[ 7] = 0; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; + + block_len = 0; /* For every character in the password add the entire password. */ init_ctx (s_bytes); - for (u32 j = 0; j < 16 + (alt_result[0] & 0xff); j++) + for (u32 j = 0; j < 16 + (alt_result[0] >> 24); j++) { - block_len = memcat16c (block, block_len, salt_buf, salt_len, s_bytes); + block_len = memcat16sc (block, block_len, salt_buf, salt_len, s_bytes); transform_len += salt_len; } /* Finish the digest. */ - append_0x80_1x16 (block, block_len); + append_0x80_1x16 (block, block_len ^ 3); if (block_len >= 56) { - sha256_transform_transport (block, s_bytes); + sha256_transform (block + 0, block + 4, block + 8, block + 12, s_bytes); - bzero16 (block); + block[ 0] = 0; + block[ 1] = 0; + block[ 2] = 0; + block[ 3] = 0; + block[ 4] = 0; + block[ 5] = 0; + block[ 6] = 0; + block[ 7] = 0; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; } - block[15] = hc_swap32_S (transform_len * 8); + block[15] = transform_len * 8; - sha256_transform_transport (block, s_bytes); + sha256_transform (block + 0, block + 4, block + 8, block + 12, s_bytes); - bswap8 (s_bytes); - - truncate_block_4x4_le_S (s_bytes, salt_len); + truncate_block_5x4_be_S (s_bytes, salt_len); tmps[gid].s_bytes[0] = s_bytes[0]; tmps[gid].s_bytes[1] = s_bytes[1]; tmps[gid].s_bytes[2] = s_bytes[2]; tmps[gid].s_bytes[3] = s_bytes[3]; + tmps[gid].s_bytes[4] = s_bytes[4]; } KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) @@ -958,14 +1445,15 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) p_bytes_x80[2] = tmps[gid].p_bytes[2]; p_bytes_x80[3] = tmps[gid].p_bytes[3]; - append_0x80_1x4 (p_bytes_x80, pw_len); + append_0x80_1x4_S (p_bytes_x80, pw_len ^ 3); - u32 s_bytes[4]; + u32 s_bytes[5]; s_bytes[0] = tmps[gid].s_bytes[0]; s_bytes[1] = tmps[gid].s_bytes[1]; s_bytes[2] = tmps[gid].s_bytes[2]; s_bytes[3] = tmps[gid].s_bytes[3]; + s_bytes[4] = tmps[gid].s_bytes[4]; // 4 extra bytes for MySQL 7.5+ hashes u32 alt_result[8]; @@ -991,9 +1479,6 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) u32 block[32]; - bzero16 (&block[ 0]); - bzero16 (&block[16]); - u32 block_len = 0; const u32 j1 = (j & 1) ? 1 : 0; @@ -1002,30 +1487,93 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) if (j1) { - block[0] = p_bytes[0]; - block[1] = p_bytes[1]; - block[2] = p_bytes[2]; - block[3] = p_bytes[3]; + block[ 0] = p_bytes[0]; + block[ 1] = p_bytes[1]; + block[ 2] = p_bytes[2]; + block[ 3] = p_bytes[3]; + block[ 4] = 0; + block[ 5] = 0; + block[ 6] = 0; + block[ 7] = 0; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; + block[16] = 0; + block[17] = 0; + block[18] = 0; + block[19] = 0; + block[20] = 0; + block[21] = 0; + block[22] = 0; + block[23] = 0; + block[24] = 0; + block[25] = 0; + block[26] = 0; + block[27] = 0; + block[28] = 0; + block[29] = 0; + block[30] = 0; + block[31] = 0; block_len = pw_len; + + if (j3) + { + block_len = memcat24 (block, block_len, s_bytes, salt_len); + } } else { - block[0] = alt_result[0]; - block[1] = alt_result[1]; - block[2] = alt_result[2]; - block[3] = alt_result[3]; - block[4] = alt_result[4]; - block[5] = alt_result[5]; - block[6] = alt_result[6]; - block[7] = alt_result[7]; + block[ 0] = alt_result[0]; + block[ 1] = alt_result[1]; + block[ 2] = alt_result[2]; + block[ 3] = alt_result[3]; + block[ 4] = alt_result[4]; + block[ 5] = alt_result[5]; + block[ 6] = alt_result[6]; + block[ 7] = alt_result[7]; + block[ 8] = 0; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; + block[16] = 0; + block[17] = 0; + block[18] = 0; + block[19] = 0; + block[20] = 0; + block[21] = 0; + block[22] = 0; + block[23] = 0; + block[24] = 0; + block[25] = 0; + block[26] = 0; + block[27] = 0; + block[28] = 0; + block[29] = 0; + block[30] = 0; + block[31] = 0; block_len = 32; - } - if (j3) - { - block_len = memcat20 (block, block_len, s_bytes, salt_len); + if (j3) + { + block[ 8] = s_bytes[0]; + block[ 9] = s_bytes[1]; + block[10] = s_bytes[2]; + block[11] = s_bytes[3]; + block[12] = s_bytes[4]; + + block_len += salt_len; + } } if (j7) @@ -1045,31 +1593,30 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) if (block_len >= 56) { - sha256_transform_transport (block, tmp); + sha256_transform (block + 0, block + 4, block + 8, block + 12, tmp); block[ 0] = block[16]; block[ 1] = block[17]; block[ 2] = block[18]; block[ 3] = block[19]; - block[ 4] = 0; - block[ 5] = 0; - block[ 6] = 0; - block[ 7] = 0; - block[ 8] = 0; - block[ 9] = 0; - block[10] = 0; - block[11] = 0; - block[12] = 0; - block[13] = 0; - block[14] = 0; - block[15] = 0; + block[ 4] = block[20]; + block[ 5] = block[21]; + block[ 6] = block[22]; + block[ 7] = block[23]; + block[ 8] = block[24]; + block[ 9] = block[25]; + block[10] = block[26]; + block[11] = block[27]; + block[12] = block[28]; + block[13] = block[29]; + block[14] = block[30]; + block[15] = block[31]; } - block[15] = hc_swap32_S (block_len * 8); + block[14] = 0; + block[15] = block_len * 8; - sha256_transform_transport (block, tmp); - - bswap8 (tmp); + sha256_transform (block + 0, block + 4, block + 8, block + 12, tmp); alt_result[0] = tmp[0]; alt_result[1] = tmp[1]; @@ -1103,10 +1650,10 @@ KERNEL_FQ void m07400_comp (KERN_ATTR_TMPS (sha256crypt_tmp_t)) const u64 lid = get_local_id (0); - const u32 r0 = tmps[gid].alt_result[0]; - const u32 r1 = tmps[gid].alt_result[1]; - const u32 r2 = tmps[gid].alt_result[2]; - const u32 r3 = tmps[gid].alt_result[3]; + const u32 r0 = hc_swap32_S (tmps[gid].alt_result[0]); + const u32 r1 = hc_swap32_S (tmps[gid].alt_result[1]); + const u32 r2 = hc_swap32_S (tmps[gid].alt_result[2]); + const u32 r3 = hc_swap32_S (tmps[gid].alt_result[3]); #define il_pos 0 From 3b1bdc6fa89c9bf2540827458d4252f9beb16544 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 10 Feb 2020 13:00:44 +0100 Subject: [PATCH 211/300] Add support for length 20 in unit test for -m 7400 --- tools/test_modules/m07400.pm | 195 ++++++++++++++++++++++++++++++++++- 1 file changed, 191 insertions(+), 4 deletions(-) diff --git a/tools/test_modules/m07400.pm b/tools/test_modules/m07400.pm index a3eb9a241..b0feeb21f 100644 --- a/tools/test_modules/m07400.pm +++ b/tools/test_modules/m07400.pm @@ -7,8 +7,9 @@ use strict; use warnings; +use Digest::SHA qw (sha256); -sub module_constraints { [[0, 256], [0, 16], [0, 15], [0, 16], [-1, -1]] } +sub module_constraints { [[0, 256], [0, 20], [0, 15], [0, 20], [-1, -1]] } sub module_generate_hash { @@ -20,11 +21,11 @@ sub module_generate_hash if (defined $iter) { - $hash_buf = crypt ($word, "\$5\$rounds=$iter\$$salt\$"); + $hash_buf = sha256crypt ($word, $salt, $iter, 1); } else { - $hash_buf = crypt ($word, "\$5\$$salt\$"); + $hash_buf = sha256crypt ($word, $salt, 5000, 0); } my $hash = sprintf ("%s", $hash_buf); @@ -93,5 +94,191 @@ sub module_verify_hash return ($new_hash, $word); } -1; +# +# This is modified pass_gen.pl from https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/pass_gen.pl +# Copyright: https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/pass_gen.Manifest +# public domain +# written by Jim Fougeron + +# +# updated for new MySQL hashes by philsmd +# modified date: February 2020 +# license: public domain +# + +my @i64 = ('.', '/', '0'..'9', 'A'..'Z', 'a'..'z'); + +sub to64 +{ + my $v = shift; + my $n = shift; + + my $str; + + while (--$n >= 0) + { + $str .= $i64[$v & 0x3F]; + + $v >>= 6; + } + + return $str; +} + +sub sha_crypts +{ + my ($func, $bits, $key, $salt, $loops) = @_; + + my $bytes = $bits / 8; + + my $b = $func->($key . $salt . $key); + + # Add for any character in the key one byte of the alternate sum. + + my $tmp = $key . $salt; + + for (my $i = length ($key); $i > 0; $i -= $bytes) + { + if ($i > $bytes) + { + $tmp .= $b; + } + else + { + $tmp .= substr ($b, 0, $i); + } + } + + # Take the binary representation of the length of the key and for every 1 add the alternate sum, for every 0 the key. + + for (my $i = length ($key); $i > 0; $i >>= 1) + { + if (($i & 1) != 0) + { + $tmp .= $b; + } + else + { + $tmp .= $key; + } + } + + my $a = $func->($tmp); + + # NOTE, this will be the 'initial' $c value in the inner loop. + + # For every character in the password add the entire password. produces DP + + $tmp = ""; + + for (my $i = 0; $i < length ($key); $i++) + { + $tmp .= $key; + } + + my $dp = $func->($tmp); + + # Create byte sequence P + + my $p = ""; + + for (my $i = length ($key); $i > 0; $i -= $bytes) + { + if ($i > $bytes) + { + $p .= $dp; + } + else + { + $p .= substr ($dp, 0, $i); + } + } + + # produce ds + + $tmp = ""; + + my $til = 16 + ord (substr ($a, 0, 1)); + + for (my $i = 0; $i < $til; $i++) + { + $tmp .= $salt; + } + + my $ds = $func->($tmp); + + # Create byte sequence S + + my $s = ""; + + for (my $i = length ($salt); $i > 0; $i -= $bytes) + { + if ($i > $bytes) + { + $s .= $ds; + } + else + { + $s .= substr ($ds, 0, $i); + } + } + + my $c = $a; # Ok, we saved this, which will 'seed' our crypt value here in the loop. + + # now we do 5000 iterations of SHA2 (256 or 512) + + for (my $i = 0; $i < $loops; $i++) + { + if ($i & 1) { $tmp = $p; } + else { $tmp = $c; } + + if ($i % 3) { $tmp .= $s; } + if ($i % 7) { $tmp .= $p; } + + if ($i & 1) { $tmp .= $c; } + else { $tmp .= $p; } + + $c = $func->($tmp); + } + + my $inc1; my $inc2; my $mod; my $end; + + if ($bits == 256) { $inc1 = 10; $inc2 = 21; $mod = 30; $end = 0; } + else { $inc1 = 21; $inc2 = 22; $mod = 63; $end = 21; } + + my $i = 0; + $tmp = ""; + + do + { + $tmp .= to64 ((ord (substr ($c, $i, 1)) << 16) | (ord (substr ($c, ($i + $inc1) % $mod, 1)) << 8) | ord (substr ($c, ($i + $inc1 * 2) % $mod, 1)), 4); + $i = ($i + $inc2) % $mod; + } while ($i != $end); + + if ($bits == 256) { $tmp .= to64 ((ord (substr ($c, 31, 1)) << 8) | ord (substr ($c, 30, 1)), 3); } + else { $tmp .= to64 (ord (substr ($c, 63, 1)), 2); } + + return $tmp; +} + +sub sha256crypt +{ + my $pass = shift; + my $salt = shift; + my $iter = shift; + my $rounds = shift; + + my $bin = sha_crypts (\&sha256, 256, $pass, $salt, $iter); + + if ($rounds == 1) + { + return "\$5\$rounds=$iter\$" . $salt . "\$$bin"; + } + else + { + return "\$5\$" . $salt . "\$$bin"; + } +} + +1; From a06f5f6644525cd49bd67dea628ddfcf70704612 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 10 Feb 2020 13:01:32 +0100 Subject: [PATCH 212/300] Add support for length 20 in module for -m 7400 --- src/modules/module_07400.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_07400.c b/src/modules/module_07400.c index b9bde6fc2..70bea0efc 100644 --- a/src/modules/module_07400.c +++ b/src/modules/module_07400.c @@ -280,7 +280,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE | TOKEN_ATTR_VERIFY_SIGNATURE; token.len_min[1] = 0; - token.len_max[1] = 16; + token.len_max[1] = 20; token.sep[1] = '$'; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_OPTIONAL_ROUNDS; From 9607b8c734539cb672707d00b2a59d971a673ba7 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 10 Feb 2020 14:40:51 +0100 Subject: [PATCH 213/300] Fix -m 7400 optimized kernel for passwords length > 12 if salt length > 16 --- OpenCL/m07400-optimized.cl | 80 +++++++++++++++++++++++++++++++++----- 1 file changed, 71 insertions(+), 9 deletions(-) diff --git a/OpenCL/m07400-optimized.cl b/OpenCL/m07400-optimized.cl index 92b140bd2..229b9c653 100644 --- a/OpenCL/m07400-optimized.cl +++ b/OpenCL/m07400-optimized.cl @@ -870,6 +870,36 @@ DECLSPEC u32 memcat20 (u32 *block, const u32 offset, const u32 *append, const u3 block[18] = tmp3; block[19] = tmp4; break; + case 16: block[16] |= tmp0; + block[17] = tmp1; + block[18] = tmp2; + block[19] = tmp3; + block[20] = tmp4; + break; + case 17: block[17] |= tmp0; + block[18] = tmp1; + block[19] = tmp2; + block[20] = tmp3; + block[21] = tmp4; + break; + case 18: block[18] |= tmp0; + block[19] = tmp1; + block[20] = tmp2; + block[21] = tmp3; + block[22] = tmp4; + break; + case 19: block[19] |= tmp0; + block[20] = tmp1; + block[21] = tmp2; + block[22] = tmp3; + block[23] = tmp4; + break; + case 20: block[20] |= tmp0; + block[21] = tmp1; + block[22] = tmp2; + block[23] = tmp3; + block[24] = tmp4; + break; } return offset + append_len; @@ -999,6 +1029,36 @@ DECLSPEC u32 memcat20_x80 (u32 *block, const u32 offset, const u32 *append, cons block[18] = tmp3; block[19] = tmp4; break; + case 16: block[16] |= tmp0; + block[17] = tmp1; + block[18] = tmp2; + block[19] = tmp3; + block[20] = tmp4; + break; + case 17: block[17] |= tmp0; + block[18] = tmp1; + block[19] = tmp2; + block[20] = tmp3; + block[21] = tmp4; + break; + case 18: block[18] |= tmp0; + block[19] = tmp1; + block[20] = tmp2; + block[21] = tmp3; + block[22] = tmp4; + break; + case 19: block[19] |= tmp0; + block[20] = tmp1; + block[21] = tmp2; + block[22] = tmp3; + block[23] = tmp4; + break; + case 20: block[20] |= tmp0; + block[21] = tmp1; + block[22] = tmp2; + block[23] = tmp3; + block[24] = tmp4; + break; } return offset + append_len; @@ -1438,15 +1498,6 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) p_bytes[2] = tmps[gid].p_bytes[2]; p_bytes[3] = tmps[gid].p_bytes[3]; - u32 p_bytes_x80[4]; - - p_bytes_x80[0] = tmps[gid].p_bytes[0]; - p_bytes_x80[1] = tmps[gid].p_bytes[1]; - p_bytes_x80[2] = tmps[gid].p_bytes[2]; - p_bytes_x80[3] = tmps[gid].p_bytes[3]; - - append_0x80_1x4_S (p_bytes_x80, pw_len ^ 3); - u32 s_bytes[5]; s_bytes[0] = tmps[gid].s_bytes[0]; @@ -1468,6 +1519,17 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) u32 salt_len = salt_bufs[salt_pos].salt_len; + // just an optimization + + u32 p_bytes_x80[4]; + + p_bytes_x80[0] = p_bytes[0]; + p_bytes_x80[1] = p_bytes[1]; + p_bytes_x80[2] = p_bytes[2]; + p_bytes_x80[3] = p_bytes[3]; + + append_0x80_1x4_S (p_bytes_x80, pw_len ^ 3); + /* Repeatedly run the collected hash value through SHA256 to burn CPU cycles. */ From a74cbe3461fea425f73a0fa4de8726ebb39fb920 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 10 Feb 2020 16:32:34 +0100 Subject: [PATCH 214/300] Fixed out-of-boundary read in pure kernel rule engine rule 'p' if parameter is set to 2 or higher --- OpenCL/inc_rp.cl | 12 +++++++++++- docs/changes.txt | 1 + 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/OpenCL/inc_rp.cl b/OpenCL/inc_rp.cl index 80abaf1ee..5790c1a33 100644 --- a/OpenCL/inc_rp.cl +++ b/OpenCL/inc_rp.cl @@ -300,7 +300,17 @@ DECLSPEC int mangle_dupeword_times (MAYBE_UNUSED const u8 p0, MAYBE_UNUSED const u8 *out = buf + len; - for (int t = 0; t < p0; t++) for (int i = 0; i < len; i++) *out++ = *buf++; + int out_pos = len; + + for (int t = 0; t < p0; t++) + { + for (int i = 0; i < len; i++) + { + out[out_pos] = buf[i]; + + out_pos++; + } + } return (out_len); } diff --git a/docs/changes.txt b/docs/changes.txt index 75c5a0524..183b48bb8 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -85,6 +85,7 @@ - Fixed invalid password truncation in attack-mode 1 if final password is longer than 32 character - Fixed invalid use of --hex-wordlist if encoded wordlist string is larger than length 256 - Fixed maximum password length limit which was announced as 256 but actually was 255 +- Fixed out-of-boundary read in pure kernel rule engine rule 'p' if parameter is set to 2 or higher - Fixed output of IKE PSK (mode 5300 and 5400) hashes to have separators at right position - Fixed output password of "e" rule in pure and cpu rule engine if separator character is also the first letter - Fixed problem with the usage of the hexadecimal notations (\x00-\xff) within rules From b6f40c05d60c942642a4d2f5c8b8b23559d82a4e Mon Sep 17 00:00:00 2001 From: philsmd Date: Tue, 11 Feb 2020 11:36:16 +0100 Subject: [PATCH 215/300] Added -m 7401 = MySQL $A$ (sha256crypt), closes #2305 --- docs/changes.txt | 1 + docs/readme.txt | 1 + src/modules/module_07401.c | 459 +++++++++++++++++++++++++++++++++++ tools/test_modules/m07400.pm | 6 +- tools/test_modules/m07401.pm | 266 ++++++++++++++++++++ 5 files changed, 729 insertions(+), 4 deletions(-) create mode 100644 src/modules/module_07401.c create mode 100644 tools/test_modules/m07401.pm diff --git a/docs/changes.txt b/docs/changes.txt index 183b48bb8..96f832fdc 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -41,6 +41,7 @@ - Added hash-mode: md5(sha1($pass).md5($pass).sha1($pass)) - Added hash-mode: md5(sha1($salt).md5($pass)) - Added hash-mode: MultiBit Classic .key (MD5) +- Added hash-mode: MySQL $A$ (sha256crypt) - Added hash-mode: Open Document Format (ODF) 1.1 (SHA-1, Blowfish) - Added hash-mode: Open Document Format (ODF) 1.2 (SHA-256, AES) - Added hash-mode: Oracle Transportation Management (SHA256) diff --git a/docs/readme.txt b/docs/readme.txt index 0733ad859..5c0a11e1a 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -213,6 +213,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (9.0 or - Oracle T: Type (Oracle 12+) - MySQL323 - MySQL4.1/MySQL5 +- MySQL $A$ (sha256crypt) - Sybase ASE - hMailServer - DNSSEC (NSEC3) diff --git a/src/modules/module_07401.c b/src/modules/module_07401.c new file mode 100644 index 000000000..8452ba567 --- /dev/null +++ b/src/modules/module_07401.c @@ -0,0 +1,459 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DATABASE_SERVER; +static const char *HASH_NAME = "MySQL $A$ (sha256crypt)"; +static const u64 KERN_TYPE = 7400; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_ST_HEX; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$mysql$A$005*F9CC98CE08892924F50A213B6BC571A2C11778C5*625479393559393965414D45316477456B484F41316E64484742577A2E3162785353526B7554584647562F"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct sha256crypt_tmp +{ + u32 alt_result[8]; + u32 p_bytes[64]; + u32 s_bytes[64]; + +} sha256crypt_tmp_t; + +static const u32 MULTIPLIER_MYSQL = 1000; +static const char *SIGNATURE_MYSQL = "$mysql$"; + +static void sha256crypt_decode (u8 digest[32], const u8 buf[43]) +{ + int l; + + l = itoa64_to_int (buf[ 0]) << 0; + l |= itoa64_to_int (buf[ 1]) << 6; + l |= itoa64_to_int (buf[ 2]) << 12; + l |= itoa64_to_int (buf[ 3]) << 18; + + digest[ 0] = (l >> 16) & 0xff; + digest[10] = (l >> 8) & 0xff; + digest[20] = (l >> 0) & 0xff; + + l = itoa64_to_int (buf[ 4]) << 0; + l |= itoa64_to_int (buf[ 5]) << 6; + l |= itoa64_to_int (buf[ 6]) << 12; + l |= itoa64_to_int (buf[ 7]) << 18; + + digest[21] = (l >> 16) & 0xff; + digest[ 1] = (l >> 8) & 0xff; + digest[11] = (l >> 0) & 0xff; + + l = itoa64_to_int (buf[ 8]) << 0; + l |= itoa64_to_int (buf[ 9]) << 6; + l |= itoa64_to_int (buf[10]) << 12; + l |= itoa64_to_int (buf[11]) << 18; + + digest[12] = (l >> 16) & 0xff; + digest[22] = (l >> 8) & 0xff; + digest[ 2] = (l >> 0) & 0xff; + + l = itoa64_to_int (buf[12]) << 0; + l |= itoa64_to_int (buf[13]) << 6; + l |= itoa64_to_int (buf[14]) << 12; + l |= itoa64_to_int (buf[15]) << 18; + + digest[ 3] = (l >> 16) & 0xff; + digest[13] = (l >> 8) & 0xff; + digest[23] = (l >> 0) & 0xff; + + l = itoa64_to_int (buf[16]) << 0; + l |= itoa64_to_int (buf[17]) << 6; + l |= itoa64_to_int (buf[18]) << 12; + l |= itoa64_to_int (buf[19]) << 18; + + digest[24] = (l >> 16) & 0xff; + digest[ 4] = (l >> 8) & 0xff; + digest[14] = (l >> 0) & 0xff; + + l = itoa64_to_int (buf[20]) << 0; + l |= itoa64_to_int (buf[21]) << 6; + l |= itoa64_to_int (buf[22]) << 12; + l |= itoa64_to_int (buf[23]) << 18; + + digest[15] = (l >> 16) & 0xff; + digest[25] = (l >> 8) & 0xff; + digest[ 5] = (l >> 0) & 0xff; + + l = itoa64_to_int (buf[24]) << 0; + l |= itoa64_to_int (buf[25]) << 6; + l |= itoa64_to_int (buf[26]) << 12; + l |= itoa64_to_int (buf[27]) << 18; + + digest[ 6] = (l >> 16) & 0xff; + digest[16] = (l >> 8) & 0xff; + digest[26] = (l >> 0) & 0xff; + + l = itoa64_to_int (buf[28]) << 0; + l |= itoa64_to_int (buf[29]) << 6; + l |= itoa64_to_int (buf[30]) << 12; + l |= itoa64_to_int (buf[31]) << 18; + + digest[27] = (l >> 16) & 0xff; + digest[ 7] = (l >> 8) & 0xff; + digest[17] = (l >> 0) & 0xff; + + l = itoa64_to_int (buf[32]) << 0; + l |= itoa64_to_int (buf[33]) << 6; + l |= itoa64_to_int (buf[34]) << 12; + l |= itoa64_to_int (buf[35]) << 18; + + digest[18] = (l >> 16) & 0xff; + digest[28] = (l >> 8) & 0xff; + digest[ 8] = (l >> 0) & 0xff; + + l = itoa64_to_int (buf[36]) << 0; + l |= itoa64_to_int (buf[37]) << 6; + l |= itoa64_to_int (buf[38]) << 12; + l |= itoa64_to_int (buf[39]) << 18; + + digest[ 9] = (l >> 16) & 0xff; + digest[19] = (l >> 8) & 0xff; + digest[29] = (l >> 0) & 0xff; + + l = itoa64_to_int (buf[40]) << 0; + l |= itoa64_to_int (buf[41]) << 6; + l |= itoa64_to_int (buf[42]) << 12; + + digest[31] = (l >> 8) & 0xff; + digest[30] = (l >> 0) & 0xff; +} + +static void sha256crypt_encode (const u8 digest[32], u8 buf[43]) +{ + int l; + + l = (digest[ 0] << 16) | (digest[10] << 8) | (digest[20] << 0); + + buf[ 0] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[ 1] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[ 2] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[ 3] = int_to_itoa64 (l & 0x3f); //l >>= 6; + + l = (digest[21] << 16) | (digest[ 1] << 8) | (digest[11] << 0); + + buf[ 4] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[ 5] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[ 6] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[ 7] = int_to_itoa64 (l & 0x3f); //l >>= 6; + + l = (digest[12] << 16) | (digest[22] << 8) | (digest[ 2] << 0); + + buf[ 8] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[ 9] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[10] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[11] = int_to_itoa64 (l & 0x3f); //l >>= 6; + + l = (digest[ 3] << 16) | (digest[13] << 8) | (digest[23] << 0); + + buf[12] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[13] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[14] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[15] = int_to_itoa64 (l & 0x3f); //l >>= 6; + + l = (digest[24] << 16) | (digest[ 4] << 8) | (digest[14] << 0); + + buf[16] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[17] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[18] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[19] = int_to_itoa64 (l & 0x3f); //l >>= 6; + + l = (digest[15] << 16) | (digest[25] << 8) | (digest[ 5] << 0); + + buf[20] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[21] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[22] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[23] = int_to_itoa64 (l & 0x3f); //l >>= 6; + + l = (digest[ 6] << 16) | (digest[16] << 8) | (digest[26] << 0); + + buf[24] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[25] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[26] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[27] = int_to_itoa64 (l & 0x3f); //l >>= 6; + + l = (digest[27] << 16) | (digest[ 7] << 8) | (digest[17] << 0); + + buf[28] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[29] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[30] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[31] = int_to_itoa64 (l & 0x3f); //l >>= 6; + + l = (digest[18] << 16) | (digest[28] << 8) | (digest[ 8] << 0); + + buf[32] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[33] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[34] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[35] = int_to_itoa64 (l & 0x3f); //l >>= 6; + + l = (digest[ 9] << 16) | (digest[19] << 8) | (digest[29] << 0); + + buf[36] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[37] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[38] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[39] = int_to_itoa64 (l & 0x3f); //l >>= 6; + + l = 0 | (digest[31] << 8) | (digest[30] << 0); + + buf[40] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[41] = int_to_itoa64 (l & 0x3f); l >>= 6; + buf[42] = int_to_itoa64 (l & 0x3f); //l >>= 6; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (sha256crypt_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + u32 pw_max = PW_MAX; + + const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); + + if (optimized_kernel == true) + { + pw_max = 15; + } + + return pw_max; +} + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + + return jit_build_options; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 5; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_MYSQL; + + token.len[0] = 7; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '$'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[2] = 3; + token.len_max[2] = 3; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[3] = 40; + token.len_max[3] = 40; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[4] = 86; + token.len_max[4] = 86; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // version: + + const u8 *version_pos = token.buf[1]; + + if (version_pos[0] != 'A') return (PARSER_SIGNATURE_UNMATCHED); // $A$ + + // cost factor: + + const u8 *cost_pos = token.buf[2]; + + u32 cost_factor = hc_strtoul ((const char *) cost_pos, NULL, 10); + + u32 salt_iter = cost_factor * MULTIPLIER_MYSQL; + + // from: https://github.com/mysql/mysql-server/blob/4869291f7ee258e136ef03f5a50135fe7329ffb9/include/crypt_genhash_impl.h#L30-L31 + + if (salt_iter < 1000) return (PARSER_SALT_ITERATION); + + // this check would probably be unsafe because it might change in the future: + // if (salt_iter > 5000) return (PARSER_SALT_ITERATION); + + salt->salt_iter = salt_iter; + + const u8 *salt_pos = token.buf[3]; + const int salt_len = token.len[3]; + + const bool parse_rc = generic_salt_decode (hashconfig, salt_pos, salt_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + const u8 *hash_pos = token.buf[4]; + const int hash_len = token.len[4]; + + u8 tmp_dgst[100] = { 0 }; + + const int dgst_len = hex_decode ((const u8 *) hash_pos, hash_len, (u8 *) tmp_dgst); + + if (dgst_len != 43) return (PARSER_HASH_ENCODING); + + sha256crypt_decode ((u8 *) digest, tmp_dgst); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + // digest: + + u8 dgst[100] = { 0 }; + + sha256crypt_encode ((u8 *) digest_buf, dgst); + + // yeah, this is weird: we use hex-encoding for base64-encoded salt + // this has to do with missing MySQL function to decode/encode this variant of base64 + + u8 hex_dgst[100] = { 0 }; + + hex_encode (dgst, 43, hex_dgst); + + uppercase (hex_dgst, 86); // cosmetic + + // salt: + + u8 hex_salt[SALT_MAX * 2] = { 0 }; + + const int salt_len = generic_salt_encode (hashconfig, (const u8 *) salt->salt_buf, (const int) salt->salt_len, hex_salt); + + hex_salt[salt_len] = 0; + + uppercase (hex_salt, 40); // cosmetic + + const int cost = salt->salt_iter / MULTIPLIER_MYSQL; + + int line_len = snprintf (line_buf, line_size, "$mysql$A$%03i*%s*%s", cost, hex_salt, hex_dgst); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m07400.pm b/tools/test_modules/m07400.pm index b0feeb21f..0a21cb527 100644 --- a/tools/test_modules/m07400.pm +++ b/tools/test_modules/m07400.pm @@ -94,18 +94,16 @@ sub module_verify_hash return ($new_hash, $word); } -# -# This is modified pass_gen.pl from https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/pass_gen.pl +# This is a modified sha_crypts () function of pass_gen.pl from +# https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/pass_gen.pl # Copyright: https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/pass_gen.Manifest # public domain # written by Jim Fougeron -# # updated for new MySQL hashes by philsmd # modified date: February 2020 # license: public domain -# my @i64 = ('.', '/', '0'..'9', 'A'..'Z', 'a'..'z'); diff --git a/tools/test_modules/m07401.pm b/tools/test_modules/m07401.pm new file mode 100644 index 000000000..2c3f5e87c --- /dev/null +++ b/tools/test_modules/m07401.pm @@ -0,0 +1,266 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::SHA qw (sha256); + +sub module_constraints { [[0, 256], [20, 20], [0, 15], [20, 20], [-1, -1]] } + +my $ITERATION_MULTIPLIER = 1000; + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $cost = shift // 5; # => cost * $ITERATION_MULTIPLIER + my $lower = shift // 0; + + my $dgst = sha_crypts (\&sha256, 256, $word, $salt, $cost * $ITERATION_MULTIPLIER); + + my $salt_hex = unpack ("H*", $salt); + my $dgst_hex = unpack ("H*", $dgst); + + # default for MySQL is upper-case hexadecimals: + + if ($lower == 0) + { + $salt_hex = uc ($salt_hex); + $dgst_hex = uc ($dgst_hex); + } + + my $hash = sprintf ("\$mysql\$A\$%03i*%s*%s", + $cost, + $salt_hex, + $dgst_hex); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $idx = index ($line, ':'); + + return unless ($idx >= 0); + + my $hash = substr ($line, 0, $idx); + my $word = substr ($line, $idx + 1); + + return unless defined $hash; + return unless defined $word; + + return unless (substr ($hash, 0, 9) eq '$mysql$A$'); + + $idx = index ($hash, '*'); + + return unless ($idx == 12); + + # iter: + + my $cost_factor = substr ($hash, 9, 3); + + $cost_factor = int ($cost_factor); + + return unless ($cost_factor > 0); + + # salt: + + $idx = index ($hash, '*', 13); + + return unless ($idx == 53); + + my $salt = substr ($hash, 13, 40); + + $salt = pack ("H*", $salt); + + # check for lower/upper case: + + my $digest = substr ($hash, 54); + + my $is_lower = 0; + + $is_lower = 1 if (uc ($digest) ne $digest); + + # verify: + + $word = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word, $salt, $cost_factor, $is_lower); + + return ($new_hash, $word); +} + +# This is a modified sha_crypts () function of pass_gen.pl from +# https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/pass_gen.pl + +# Copyright: https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/pass_gen.Manifest +# public domain +# written by Jim Fougeron + +# updated for new MySQL hashes by philsmd +# modified date: February 2020 +# license: public domain + +my @i64 = ('.', '/', '0'..'9', 'A'..'Z', 'a'..'z'); + +sub to64 +{ + my $v = shift; + my $n = shift; + + my $str; + + while (--$n >= 0) + { + $str .= $i64[$v & 0x3F]; + + $v >>= 6; + } + + return $str; +} + +sub sha_crypts +{ + my ($func, $bits, $key, $salt, $loops) = @_; + + my $bytes = $bits / 8; + + my $b = $func->($key . $salt . $key); + + # Add for any character in the key one byte of the alternate sum. + + my $tmp = $key . $salt; + + for (my $i = length ($key); $i > 0; $i -= $bytes) + { + if ($i > $bytes) + { + $tmp .= $b; + } + else + { + $tmp .= substr ($b, 0, $i); + } + } + + # Take the binary representation of the length of the key and for every 1 add the alternate sum, for every 0 the key. + + for (my $i = length ($key); $i > 0; $i >>= 1) + { + if (($i & 1) != 0) + { + $tmp .= $b; + } + else + { + $tmp .= $key; + } + } + + my $a = $func->($tmp); + + # NOTE, this will be the 'initial' $c value in the inner loop. + + # For every character in the password add the entire password. produces DP + + $tmp = ""; + + for (my $i = 0; $i < length ($key); $i++) + { + $tmp .= $key; + } + + my $dp = $func->($tmp); + + # Create byte sequence P + + my $p = ""; + + for (my $i = length ($key); $i > 0; $i -= $bytes) + { + if ($i > $bytes) + { + $p .= $dp; + } + else + { + $p .= substr ($dp, 0, $i); + } + } + + # produce ds + + $tmp = ""; + + my $til = 16 + ord (substr ($a, 0, 1)); + + for (my $i = 0; $i < $til; $i++) + { + $tmp .= $salt; + } + + my $ds = $func->($tmp); + + # Create byte sequence S + + my $s = ""; + + for (my $i = length ($salt); $i > 0; $i -= $bytes) + { + if ($i > $bytes) + { + $s .= $ds; + } + else + { + $s .= substr ($ds, 0, $i); + } + } + + my $c = $a; # Ok, we saved this, which will 'seed' our crypt value here in the loop. + + # now we do 5000 iterations of SHA2 (256 or 512) + + for (my $i = 0; $i < $loops; $i++) + { + if ($i & 1) { $tmp = $p; } + else { $tmp = $c; } + + if ($i % 3) { $tmp .= $s; } + if ($i % 7) { $tmp .= $p; } + + if ($i & 1) { $tmp .= $c; } + else { $tmp .= $p; } + + $c = $func->($tmp); + } + + my $inc1; my $inc2; my $mod; my $end; + + if ($bits == 256) { $inc1 = 10; $inc2 = 21; $mod = 30; $end = 0; } + else { $inc1 = 21; $inc2 = 22; $mod = 63; $end = 21; } + + my $i = 0; + $tmp = ""; + + do + { + $tmp .= to64 ((ord (substr ($c, $i, 1)) << 16) | (ord (substr ($c, ($i + $inc1) % $mod, 1)) << 8) | ord (substr ($c, ($i + $inc1 * 2) % $mod, 1)), 4); + $i = ($i + $inc2) % $mod; + } while ($i != $end); + + if ($bits == 256) { $tmp .= to64 ((ord (substr ($c, 31, 1)) << 8) | ord (substr ($c, 30, 1)), 3); } + else { $tmp .= to64 (ord (substr ($c, 63, 1)), 2); } + + return $tmp; +} + +1; From 6f9e5262af0b7c9517b5e4bd92f8568ecec76d31 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Tue, 11 Feb 2020 11:42:49 +0100 Subject: [PATCH 216/300] update the number of supported hash types in docs/readme.txt --- docs/readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/readme.txt b/docs/readme.txt index 0733ad859..807c95080 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -41,7 +41,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (9.0 or - Supports automatic keyspace ordering markov-chains - Built-in benchmarking system - Integrated thermal watchdog -- 200+ Hash-types implemented with performance in mind +- 300+ Hash-types implemented with performance in mind ## ## Hash-Types From f5527bb937e04c95cf46029fb0a9f46dc0356d1d Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 11 Feb 2020 12:23:51 +0100 Subject: [PATCH 217/300] Fix mangle_dupeword_times() in OpenCL/inc_rp.cl --- OpenCL/inc_rp.cl | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/OpenCL/inc_rp.cl b/OpenCL/inc_rp.cl index 5790c1a33..1d17b365e 100644 --- a/OpenCL/inc_rp.cl +++ b/OpenCL/inc_rp.cl @@ -298,15 +298,13 @@ DECLSPEC int mangle_dupeword_times (MAYBE_UNUSED const u8 p0, MAYBE_UNUSED const if (out_len >= RP_PASSWORD_SIZE) return (len); - u8 *out = buf + len; - int out_pos = len; for (int t = 0; t < p0; t++) { for (int i = 0; i < len; i++) { - out[out_pos] = buf[i]; + buf[out_pos] = buf[i]; out_pos++; } From 7aed6fdb54ee68a4f9bef5996f379c7e7c011d21 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 11 Feb 2020 14:22:38 +0100 Subject: [PATCH 218/300] mini optimization for -m 740x optimized kernel --- OpenCL/m07400-optimized.cl | 40 +++++++++++++------------------------- 1 file changed, 14 insertions(+), 26 deletions(-) diff --git a/OpenCL/m07400-optimized.cl b/OpenCL/m07400-optimized.cl index 229b9c653..d8d0393ed 100644 --- a/OpenCL/m07400-optimized.cl +++ b/OpenCL/m07400-optimized.cl @@ -14,6 +14,8 @@ #define COMPARE_S "inc_comp_single.cl" #define COMPARE_M "inc_comp_multi.cl" +#define MIN(a,b) (((a) < (b)) ? (a) : (b)) + typedef struct sha256crypt_tmp { // pure version @@ -1144,7 +1146,7 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) w0[2] = hc_swap32_S (pws[gid].i[2]); w0[3] = hc_swap32_S (pws[gid].i[3]); - const u32 pw_len = pws[gid].pw_len & 63; + const u32 pw_len = MIN (pws[gid].pw_len, 15); /** * salt @@ -1158,7 +1160,7 @@ KERNEL_FQ void m07400_init (KERN_ATTR_TMPS (sha256crypt_tmp_t)) salt_buf[3] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[3]); salt_buf[4] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[4]); - u32 salt_len = salt_bufs[salt_pos].salt_len; + const u32 salt_len = MIN (salt_bufs[salt_pos].salt_len, 20); /** * buffers @@ -1485,7 +1487,7 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) if (gid >= gid_max) return; - const u32 pw_len = pws[gid].pw_len & 63; + const u32 pw_len = MIN (pws[gid].pw_len, 15); /** * base @@ -1517,7 +1519,7 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) alt_result[6] = tmps[gid].alt_result[6]; alt_result[7] = tmps[gid].alt_result[7]; - u32 salt_len = salt_bufs[salt_pos].salt_len; + const u32 salt_len = MIN (salt_bufs[salt_pos].salt_len, 20); // just an optimization @@ -1539,7 +1541,7 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) init_ctx (tmp); - u32 block[32]; + u32 block[25]; u32 block_len = 0; @@ -1574,13 +1576,6 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) block[22] = 0; block[23] = 0; block[24] = 0; - block[25] = 0; - block[26] = 0; - block[27] = 0; - block[28] = 0; - block[29] = 0; - block[30] = 0; - block[31] = 0; block_len = pw_len; @@ -1616,13 +1611,6 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) block[22] = 0; block[23] = 0; block[24] = 0; - block[25] = 0; - block[26] = 0; - block[27] = 0; - block[28] = 0; - block[29] = 0; - block[30] = 0; - block[31] = 0; block_len = 32; @@ -1666,13 +1654,13 @@ KERNEL_FQ void m07400_loop (KERN_ATTR_TMPS (sha256crypt_tmp_t)) block[ 6] = block[22]; block[ 7] = block[23]; block[ 8] = block[24]; - block[ 9] = block[25]; - block[10] = block[26]; - block[11] = block[27]; - block[12] = block[28]; - block[13] = block[29]; - block[14] = block[30]; - block[15] = block[31]; + block[ 9] = 0; + block[10] = 0; + block[11] = 0; + block[12] = 0; + block[13] = 0; + block[14] = 0; + block[15] = 0; } block[14] = 0; From 1de08570b3e08ad6c56fc4e19d5d16def05a156c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 11 Feb 2020 16:32:51 +0100 Subject: [PATCH 219/300] Unroll whirlpool transform and get rid of shared memory access to s_RC[] --- OpenCL/inc_hash_whirlpool.cl | 419 ++++++++++++++++------------------ OpenCL/inc_hash_whirlpool.h | 24 +- OpenCL/m06100_a0-optimized.cl | 22 +- OpenCL/m06100_a0-pure.cl | 18 +- OpenCL/m06100_a1-optimized.cl | 22 +- OpenCL/m06100_a1-pure.cl | 18 +- OpenCL/m06100_a3-optimized.cl | 48 +--- OpenCL/m06100_a3-pure.cl | 18 +- OpenCL/m06231-pure.cl | 63 +---- OpenCL/m06232-pure.cl | 63 +---- OpenCL/m06233-pure.cl | 63 +---- OpenCL/m13731-pure.cl | 35 +-- OpenCL/m13732-pure.cl | 35 +-- OpenCL/m13733-pure.cl | 35 +-- 14 files changed, 278 insertions(+), 605 deletions(-) diff --git a/OpenCL/inc_hash_whirlpool.cl b/OpenCL/inc_hash_whirlpool.cl index 2cd08dd91..e4735e917 100644 --- a/OpenCL/inc_hash_whirlpool.cl +++ b/OpenCL/inc_hash_whirlpool.cl @@ -560,7 +560,78 @@ CONSTANT_VK u64a RC[16] = // input buf needs to be in algorithm native byte order (md5 = LE, sha256 = BE, etc) // input buf needs to be 64 byte aligned when using whirlpool_update() -DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +#define F1(i,v,m) \ +{ \ + const u8 Lp0 = v8h_from_v64_S ((v)[((i) + 8) & 7]); \ + const u8 Lp1 = v8g_from_v64_S ((v)[((i) + 7) & 7]); \ + const u8 Lp2 = v8f_from_v64_S ((v)[((i) + 6) & 7]); \ + const u8 Lp3 = v8e_from_v64_S ((v)[((i) + 5) & 7]); \ + const u8 Lp4 = v8d_from_v64_S ((v)[((i) + 4) & 7]); \ + const u8 Lp5 = v8c_from_v64_S ((v)[((i) + 3) & 7]); \ + const u8 Lp6 = v8b_from_v64_S ((v)[((i) + 2) & 7]); \ + const u8 Lp7 = v8a_from_v64_S ((v)[((i) + 1) & 7]); \ + \ + const u64 X0 = BOX64_S ((m), 0, Lp0); \ + const u64 X1 = BOX64_S ((m), 1, Lp1); \ + const u64 X2 = BOX64_S ((m), 2, Lp2); \ + const u64 X3 = BOX64_S ((m), 3, Lp3); \ + const u64 X4 = BOX64_S ((m), 4, Lp4); \ + const u64 X5 = BOX64_S ((m), 5, Lp5); \ + const u64 X6 = BOX64_S ((m), 6, Lp6); \ + const u64 X7 = BOX64_S ((m), 7, Lp7); \ + \ + L[(i)] = X0 \ + ^ X1 \ + ^ X2 \ + ^ X3 \ + ^ X4 \ + ^ X5 \ + ^ X6 \ + ^ X7; \ +} + +#define F0(rc) \ +{ \ + u64 L[8]; \ + \ + F1 (0, K, s_MT); \ + F1 (1, K, s_MT); \ + F1 (2, K, s_MT); \ + F1 (3, K, s_MT); \ + F1 (4, K, s_MT); \ + F1 (5, K, s_MT); \ + F1 (6, K, s_MT); \ + F1 (7, K, s_MT); \ + \ + K[0] = L[0] ^ (rc); \ + K[1] = L[1]; \ + K[2] = L[2]; \ + K[3] = L[3]; \ + K[4] = L[4]; \ + K[5] = L[5]; \ + K[6] = L[6]; \ + K[7] = L[7]; \ + \ + F1 (0, state, s_MT); \ + F1 (1, state, s_MT); \ + F1 (2, state, s_MT); \ + F1 (3, state, s_MT); \ + F1 (4, state, s_MT); \ + F1 (5, state, s_MT); \ + F1 (6, state, s_MT); \ + F1 (7, state, s_MT); \ + \ + state[0] = L[0] ^ K[0]; \ + state[1] = L[1] ^ K[1]; \ + state[2] = L[2] ^ K[2]; \ + state[3] = L[3] ^ K[3]; \ + state[4] = L[4] ^ K[4]; \ + state[5] = L[5] ^ K[5]; \ + state[6] = L[6] ^ K[6]; \ + state[7] = L[7] ^ K[7]; \ +} + +DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 (*s_MT)[256]) { u64 D[8]; @@ -606,96 +677,16 @@ DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, state[6] = K[6] ^ W[6]; state[7] = K[7] ^ W[7]; - for (u32 r = 0; r < R; r++) - { - u64 L[8]; - - #ifdef _unroll - #pragma unroll - #endif - for (int i = 0; i < 8; i++) - { - const u8 Lp0 = v8h_from_v64_S (K[(i + 8) & 7]); - const u8 Lp1 = v8g_from_v64_S (K[(i + 7) & 7]); - const u8 Lp2 = v8f_from_v64_S (K[(i + 6) & 7]); - const u8 Lp3 = v8e_from_v64_S (K[(i + 5) & 7]); - const u8 Lp4 = v8d_from_v64_S (K[(i + 4) & 7]); - const u8 Lp5 = v8c_from_v64_S (K[(i + 3) & 7]); - const u8 Lp6 = v8b_from_v64_S (K[(i + 2) & 7]); - const u8 Lp7 = v8a_from_v64_S (K[(i + 1) & 7]); - - const u64 X0 = BOX64_S (s_MT, 0, Lp0); - const u64 X1 = BOX64_S (s_MT, 1, Lp1); - const u64 X2 = BOX64_S (s_MT, 2, Lp2); - const u64 X3 = BOX64_S (s_MT, 3, Lp3); - const u64 X4 = BOX64_S (s_MT, 4, Lp4); - const u64 X5 = BOX64_S (s_MT, 5, Lp5); - const u64 X6 = BOX64_S (s_MT, 6, Lp6); - const u64 X7 = BOX64_S (s_MT, 7, Lp7); - - L[i] = X0 - ^ X1 - ^ X2 - ^ X3 - ^ X4 - ^ X5 - ^ X6 - ^ X7; - } - - const u64 rc = s_RC[r]; - - K[0] = L[0] ^ rc; - K[1] = L[1]; - K[2] = L[2]; - K[3] = L[3]; - K[4] = L[4]; - K[5] = L[5]; - K[6] = L[6]; - K[7] = L[7]; - - #ifdef _unroll - #pragma unroll - #endif - for (int i = 0; i < 8; i++) - { - const u8 Lp0 = v8h_from_v64_S (state[(i + 8) & 7]); - const u8 Lp1 = v8g_from_v64_S (state[(i + 7) & 7]); - const u8 Lp2 = v8f_from_v64_S (state[(i + 6) & 7]); - const u8 Lp3 = v8e_from_v64_S (state[(i + 5) & 7]); - const u8 Lp4 = v8d_from_v64_S (state[(i + 4) & 7]); - const u8 Lp5 = v8c_from_v64_S (state[(i + 3) & 7]); - const u8 Lp6 = v8b_from_v64_S (state[(i + 2) & 7]); - const u8 Lp7 = v8a_from_v64_S (state[(i + 1) & 7]); - - const u64 X0 = BOX64_S (s_MT, 0, Lp0); - const u64 X1 = BOX64_S (s_MT, 1, Lp1); - const u64 X2 = BOX64_S (s_MT, 2, Lp2); - const u64 X3 = BOX64_S (s_MT, 3, Lp3); - const u64 X4 = BOX64_S (s_MT, 4, Lp4); - const u64 X5 = BOX64_S (s_MT, 5, Lp5); - const u64 X6 = BOX64_S (s_MT, 6, Lp6); - const u64 X7 = BOX64_S (s_MT, 7, Lp7); - - L[i] = X0 - ^ X1 - ^ X2 - ^ X3 - ^ X4 - ^ X5 - ^ X6 - ^ X7; - } - - state[0] = L[0] ^ K[0]; - state[1] = L[1] ^ K[1]; - state[2] = L[2] ^ K[2]; - state[3] = L[3] ^ K[3]; - state[4] = L[4] ^ K[4]; - state[5] = L[5] ^ K[5]; - state[6] = L[6] ^ K[6]; - state[7] = L[7] ^ K[7]; - } + F0 (RC[0]); + F0 (RC[1]); + F0 (RC[2]); + F0 (RC[3]); + F0 (RC[4]); + F0 (RC[5]); + F0 (RC[6]); + F0 (RC[7]); + F0 (RC[8]); + F0 (RC[9]); W[0] ^= D[0] ^ state[0]; W[1] ^= D[1] ^ state[1]; @@ -724,7 +715,7 @@ DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, digest[15] = l32_from_64_S (W[7]); } -DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256]) { ctx->h[ 0] = 0; ctx->h[ 1] = 0; @@ -763,7 +754,6 @@ DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256], S ctx->len = 0; ctx->s_MT = s_MT; - ctx->s_RC = s_RC; } DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len) @@ -793,7 +783,7 @@ DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 * if (len == 64) { - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -862,7 +852,7 @@ DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 * ctx->w3[2] |= w3[2]; ctx->w3[3] |= w3[3]; - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); ctx->w0[0] = c0[0]; ctx->w0[1] = c0[1]; @@ -1404,7 +1394,7 @@ DECLSPEC void whirlpool_final (whirlpool_ctx_t *ctx) if (pos >= 32) { - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -1427,12 +1417,12 @@ DECLSPEC void whirlpool_final (whirlpool_ctx_t *ctx) ctx->w3[2] = 0; ctx->w3[3] = ctx->len * 8; - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); } // whirlpool_hmac -DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64 (*s_MT)[256]) { u32 t0[4]; u32 t1[4]; @@ -1458,7 +1448,7 @@ DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, t3[2] = w3[2] ^ 0x36363636; t3[3] = w3[3] ^ 0x36363636; - whirlpool_init (&ctx->ipad, s_MT, s_RC); + whirlpool_init (&ctx->ipad, s_MT); whirlpool_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); @@ -1481,12 +1471,12 @@ DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, t3[2] = w3[2] ^ 0x5c5c5c5c; t3[3] = w3[3] ^ 0x5c5c5c5c; - whirlpool_init (&ctx->opad, s_MT, s_RC); + whirlpool_init (&ctx->opad, s_MT); whirlpool_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } -DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]) { u32 w0[4]; u32 w1[4]; @@ -1497,7 +1487,7 @@ DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, cons { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_MT, s_RC); + whirlpool_init (&tmp, s_MT); whirlpool_update (&tmp, w, len); @@ -1540,10 +1530,10 @@ DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, cons w3[3] = w[15]; } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT); } -DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]) { u32 w0[4]; u32 w1[4]; @@ -1554,7 +1544,7 @@ DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_MT, s_RC); + whirlpool_init (&tmp, s_MT); whirlpool_update_swap (&tmp, w, len); @@ -1597,10 +1587,10 @@ DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, w3[3] = hc_swap32_S (w[15]); } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT); } -DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]) { u32 w0[4]; u32 w1[4]; @@ -1611,7 +1601,7 @@ DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS c { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_MT, s_RC); + whirlpool_init (&tmp, s_MT); whirlpool_update_global (&tmp, w, len); @@ -1654,10 +1644,10 @@ DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS c w3[3] = w[15]; } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT); } -DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]) { u32 w0[4]; u32 w1[4]; @@ -1668,7 +1658,7 @@ DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_MT, s_RC); + whirlpool_init (&tmp, s_MT); whirlpool_update_global_swap (&tmp, w, len); @@ -1711,7 +1701,7 @@ DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL w3[3] = hc_swap32_S (w[15]); } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT); } DECLSPEC void whirlpool_hmac_update_64 (whirlpool_hmac_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len) @@ -1782,7 +1772,7 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) ctx->opad.len += 64; - whirlpool_transform (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_MT, ctx->opad.s_RC); + whirlpool_transform (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_MT); ctx->opad.w0[0] = 0; ctx->opad.w0[1] = 0; @@ -1806,7 +1796,78 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) // while input buf can be a vector datatype, the length of the different elements can not -DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +#define F1x(i,v,m) \ +{ \ + const u8x Lp0 = v8h_from_v64 ((v)[((i) + 8) & 7]); \ + const u8x Lp1 = v8g_from_v64 ((v)[((i) + 7) & 7]); \ + const u8x Lp2 = v8f_from_v64 ((v)[((i) + 6) & 7]); \ + const u8x Lp3 = v8e_from_v64 ((v)[((i) + 5) & 7]); \ + const u8x Lp4 = v8d_from_v64 ((v)[((i) + 4) & 7]); \ + const u8x Lp5 = v8c_from_v64 ((v)[((i) + 3) & 7]); \ + const u8x Lp6 = v8b_from_v64 ((v)[((i) + 2) & 7]); \ + const u8x Lp7 = v8a_from_v64 ((v)[((i) + 1) & 7]); \ + \ + const u64x X0 = BOX64 ((m), 0, Lp0); \ + const u64x X1 = BOX64 ((m), 1, Lp1); \ + const u64x X2 = BOX64 ((m), 2, Lp2); \ + const u64x X3 = BOX64 ((m), 3, Lp3); \ + const u64x X4 = BOX64 ((m), 4, Lp4); \ + const u64x X5 = BOX64 ((m), 5, Lp5); \ + const u64x X6 = BOX64 ((m), 6, Lp6); \ + const u64x X7 = BOX64 ((m), 7, Lp7); \ + \ + L[(i)] = X0 \ + ^ X1 \ + ^ X2 \ + ^ X3 \ + ^ X4 \ + ^ X5 \ + ^ X6 \ + ^ X7; \ +} + +#define F0x(rc) \ +{ \ + u64x L[8]; \ + \ + F1x (0, K, s_MT); \ + F1x (1, K, s_MT); \ + F1x (2, K, s_MT); \ + F1x (3, K, s_MT); \ + F1x (4, K, s_MT); \ + F1x (5, K, s_MT); \ + F1x (6, K, s_MT); \ + F1x (7, K, s_MT); \ + \ + K[0] = L[0] ^ (rc); \ + K[1] = L[1]; \ + K[2] = L[2]; \ + K[3] = L[3]; \ + K[4] = L[4]; \ + K[5] = L[5]; \ + K[6] = L[6]; \ + K[7] = L[7]; \ + \ + F1x (0, state, s_MT); \ + F1x (1, state, s_MT); \ + F1x (2, state, s_MT); \ + F1x (3, state, s_MT); \ + F1x (4, state, s_MT); \ + F1x (5, state, s_MT); \ + F1x (6, state, s_MT); \ + F1x (7, state, s_MT); \ + \ + state[0] = L[0] ^ K[0]; \ + state[1] = L[1] ^ K[1]; \ + state[2] = L[2] ^ K[2]; \ + state[3] = L[3] ^ K[3]; \ + state[4] = L[4] ^ K[4]; \ + state[5] = L[5] ^ K[5]; \ + state[6] = L[6] ^ K[6]; \ + state[7] = L[7] ^ K[7]; \ +} + +DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { u64x D[8]; @@ -1852,96 +1913,16 @@ DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const state[6] = K[6] ^ W[6]; state[7] = K[7] ^ W[7]; - for (u32 r = 0; r < R; r++) - { - u64x L[8]; - - #ifdef _unroll - #pragma unroll - #endif - for (int i = 0; i < 8; i++) - { - const u8x Lp0 = v8h_from_v64 (K[(i + 8) & 7]); - const u8x Lp1 = v8g_from_v64 (K[(i + 7) & 7]); - const u8x Lp2 = v8f_from_v64 (K[(i + 6) & 7]); - const u8x Lp3 = v8e_from_v64 (K[(i + 5) & 7]); - const u8x Lp4 = v8d_from_v64 (K[(i + 4) & 7]); - const u8x Lp5 = v8c_from_v64 (K[(i + 3) & 7]); - const u8x Lp6 = v8b_from_v64 (K[(i + 2) & 7]); - const u8x Lp7 = v8a_from_v64 (K[(i + 1) & 7]); - - const u64x X0 = BOX64 (s_MT, 0, Lp0); - const u64x X1 = BOX64 (s_MT, 1, Lp1); - const u64x X2 = BOX64 (s_MT, 2, Lp2); - const u64x X3 = BOX64 (s_MT, 3, Lp3); - const u64x X4 = BOX64 (s_MT, 4, Lp4); - const u64x X5 = BOX64 (s_MT, 5, Lp5); - const u64x X6 = BOX64 (s_MT, 6, Lp6); - const u64x X7 = BOX64 (s_MT, 7, Lp7); - - L[i] = X0 - ^ X1 - ^ X2 - ^ X3 - ^ X4 - ^ X5 - ^ X6 - ^ X7; - } - - const u64 rc = s_RC[r]; - - K[0] = L[0] ^ rc; - K[1] = L[1]; - K[2] = L[2]; - K[3] = L[3]; - K[4] = L[4]; - K[5] = L[5]; - K[6] = L[6]; - K[7] = L[7]; - - #ifdef _unroll - #pragma unroll - #endif - for (int i = 0; i < 8; i++) - { - const u8x Lp0 = v8h_from_v64 (state[(i + 8) & 7]); - const u8x Lp1 = v8g_from_v64 (state[(i + 7) & 7]); - const u8x Lp2 = v8f_from_v64 (state[(i + 6) & 7]); - const u8x Lp3 = v8e_from_v64 (state[(i + 5) & 7]); - const u8x Lp4 = v8d_from_v64 (state[(i + 4) & 7]); - const u8x Lp5 = v8c_from_v64 (state[(i + 3) & 7]); - const u8x Lp6 = v8b_from_v64 (state[(i + 2) & 7]); - const u8x Lp7 = v8a_from_v64 (state[(i + 1) & 7]); - - const u64x X0 = BOX64 (s_MT, 0, Lp0); - const u64x X1 = BOX64 (s_MT, 1, Lp1); - const u64x X2 = BOX64 (s_MT, 2, Lp2); - const u64x X3 = BOX64 (s_MT, 3, Lp3); - const u64x X4 = BOX64 (s_MT, 4, Lp4); - const u64x X5 = BOX64 (s_MT, 5, Lp5); - const u64x X6 = BOX64 (s_MT, 6, Lp6); - const u64x X7 = BOX64 (s_MT, 7, Lp7); - - L[i] = X0 - ^ X1 - ^ X2 - ^ X3 - ^ X4 - ^ X5 - ^ X6 - ^ X7; - } - - state[0] = L[0] ^ K[0]; - state[1] = L[1] ^ K[1]; - state[2] = L[2] ^ K[2]; - state[3] = L[3] ^ K[3]; - state[4] = L[4] ^ K[4]; - state[5] = L[5] ^ K[5]; - state[6] = L[6] ^ K[6]; - state[7] = L[7] ^ K[7]; - } + F0x (RC[0]); + F0x (RC[1]); + F0x (RC[2]); + F0x (RC[3]); + F0x (RC[4]); + F0x (RC[5]); + F0x (RC[6]); + F0x (RC[7]); + F0x (RC[8]); + F0x (RC[9]); W[0] ^= D[0] ^ state[0]; W[1] ^= D[1] ^ state[1]; @@ -1970,7 +1951,7 @@ DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const digest[15] = l32_from_64 (W[7]); } -DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 (*s_MT)[256]) { ctx->h[ 0] = 0; ctx->h[ 1] = 0; @@ -2009,7 +1990,6 @@ DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 ( ctx->len = 0; ctx->s_MT = s_MT; - ctx->s_RC = s_RC; } DECLSPEC void whirlpool_init_vector_from_scalar (whirlpool_ctx_vector_t *ctx, whirlpool_ctx_t *ctx0) @@ -2051,7 +2031,6 @@ DECLSPEC void whirlpool_init_vector_from_scalar (whirlpool_ctx_vector_t *ctx, wh ctx->len = ctx0->len; ctx->s_MT = ctx0->s_MT; - ctx->s_RC = ctx0->s_RC; } DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len) @@ -2081,7 +2060,7 @@ DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, if (len == 64) { - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -2150,7 +2129,7 @@ DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, ctx->w3[2] |= w3[2]; ctx->w3[3] |= w3[3]; - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); ctx->w0[0] = c0[0]; ctx->w0[1] = c0[1]; @@ -2436,7 +2415,7 @@ DECLSPEC void whirlpool_final_vector (whirlpool_ctx_vector_t *ctx) if (pos >= 32) { - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -2459,12 +2438,12 @@ DECLSPEC void whirlpool_final_vector (whirlpool_ctx_vector_t *ctx) ctx->w3[2] = 0; ctx->w3[3] = ctx->len * 8; - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT, ctx->s_RC); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); } // HMAC + Vector -DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64 (*s_MT)[256]) { u32x t0[4]; u32x t1[4]; @@ -2490,7 +2469,7 @@ DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, c t3[2] = w3[2] ^ 0x36363636; t3[3] = w3[3] ^ 0x36363636; - whirlpool_init_vector (&ctx->ipad, s_MT, s_RC); + whirlpool_init_vector (&ctx->ipad, s_MT); whirlpool_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); @@ -2513,12 +2492,12 @@ DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, c t3[2] = w3[2] ^ 0x5c5c5c5c; t3[3] = w3[3] ^ 0x5c5c5c5c; - whirlpool_init_vector (&ctx->opad, s_MT, s_RC); + whirlpool_init_vector (&ctx->opad, s_MT); whirlpool_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } -DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64 (*s_MT)[256]) { u32x w0[4]; u32x w1[4]; @@ -2529,7 +2508,7 @@ DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, cons { whirlpool_ctx_vector_t tmp; - whirlpool_init_vector (&tmp, s_MT, s_RC); + whirlpool_init_vector (&tmp, s_MT); whirlpool_update_vector (&tmp, w, len); @@ -2572,7 +2551,7 @@ DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, cons w3[3] = w[15]; } - whirlpool_hmac_init_vector_64 (ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_vector_64 (ctx, w0, w1, w2, w3, s_MT); } DECLSPEC void whirlpool_hmac_update_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len) @@ -2608,7 +2587,7 @@ DECLSPEC void whirlpool_hmac_final_vector (whirlpool_hmac_ctx_vector_t *ctx) ctx->opad.len += 64; - whirlpool_transform_vector (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_MT, ctx->opad.s_RC); + whirlpool_transform_vector (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_MT); ctx->opad.w0[0] = 0; ctx->opad.w0[1] = 0; @@ -2633,3 +2612,7 @@ DECLSPEC void whirlpool_hmac_final_vector (whirlpool_hmac_ctx_vector_t *ctx) #undef R #undef BOX #undef BOX_S +#undef F0 +#undef F0x +#undef F1 +#undef F1x diff --git a/OpenCL/inc_hash_whirlpool.h b/OpenCL/inc_hash_whirlpool.h index f7c762da5..2375725a9 100644 --- a/OpenCL/inc_hash_whirlpool.h +++ b/OpenCL/inc_hash_whirlpool.h @@ -40,7 +40,6 @@ typedef struct whirlpool_ctx int len; SHM_TYPE u64 (*s_MT)[256]; - SHM_TYPE u64 *s_RC; } whirlpool_ctx_t; @@ -63,7 +62,6 @@ typedef struct whirlpool_ctx_vector int len; SHM_TYPE u64 (*s_MT)[256]; - SHM_TYPE u64 *s_RC; } whirlpool_ctx_vector_t; @@ -74,8 +72,8 @@ typedef struct whirlpool_hmac_ctx_vector } whirlpool_hmac_ctx_vector_t; -DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); -DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256]); DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len); DECLSPEC void whirlpool_update (whirlpool_ctx_t *ctx, const u32 *w, const int len); DECLSPEC void whirlpool_update_swap (whirlpool_ctx_t *ctx, const u32 *w, const int len); @@ -86,11 +84,11 @@ DECLSPEC void whirlpool_update_global_swap (whirlpool_ctx_t *ctx, GLOBAL_AS cons DECLSPEC void whirlpool_update_global_utf16le (whirlpool_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_update_global_utf16le_swap (whirlpool_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_final (whirlpool_ctx_t *ctx); -DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); -DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); -DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); -DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); -DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]); DECLSPEC void whirlpool_hmac_update_64 (whirlpool_hmac_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len); DECLSPEC void whirlpool_hmac_update (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len); DECLSPEC void whirlpool_hmac_update_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len); @@ -101,8 +99,8 @@ DECLSPEC void whirlpool_hmac_update_global_swap (whirlpool_hmac_ctx_t *ctx, GLOB DECLSPEC void whirlpool_hmac_update_global_utf16le (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_hmac_update_global_utf16le_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx); -DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); -DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 (*s_MT)[256]); DECLSPEC void whirlpool_init_vector_from_scalar (whirlpool_ctx_vector_t *ctx, whirlpool_ctx_t *ctx0); DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len); DECLSPEC void whirlpool_update_vector (whirlpool_ctx_vector_t *ctx, const u32x *w, const int len); @@ -110,8 +108,8 @@ DECLSPEC void whirlpool_update_vector_swap (whirlpool_ctx_vector_t *ctx, const u DECLSPEC void whirlpool_update_vector_utf16le (whirlpool_ctx_vector_t *ctx, const u32x *w, const int len); DECLSPEC void whirlpool_update_vector_utf16le_swap (whirlpool_ctx_vector_t *ctx, const u32x *w, const int len); DECLSPEC void whirlpool_final_vector (whirlpool_ctx_vector_t *ctx); -DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); -DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC); +DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64 (*s_MT)[256]); DECLSPEC void whirlpool_hmac_update_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len); DECLSPEC void whirlpool_hmac_update_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len); DECLSPEC void whirlpool_hmac_final_vector (whirlpool_hmac_ctx_vector_t *ctx); diff --git a/OpenCL/m06100_a0-optimized.cl b/OpenCL/m06100_a0-optimized.cl index 373875eed..88cfd2a7d 100644 --- a/OpenCL/m06100_a0-optimized.cl +++ b/OpenCL/m06100_a0-optimized.cl @@ -16,9 +16,9 @@ #include "inc_hash_whirlpool.cl" #endif -DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { - whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT, s_RC); + whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT); } KERNEL_FQ void m06100_m04 (KERN_ATTR_RULES ()) @@ -38,7 +38,6 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_RULES ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -52,17 +51,11 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_RULES ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -143,7 +136,7 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_RULES ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); + whirlpool_transform_transport_vector (w, dgst, s_MT); COMPARE_M_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } @@ -174,7 +167,6 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_RULES ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -188,17 +180,11 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_RULES ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -291,7 +277,7 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_RULES ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); + whirlpool_transform_transport_vector (w, dgst, s_MT); COMPARE_S_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } diff --git a/OpenCL/m06100_a0-pure.cl b/OpenCL/m06100_a0-pure.cl index 7c7e89c65..769ba26e7 100644 --- a/OpenCL/m06100_a0-pure.cl +++ b/OpenCL/m06100_a0-pure.cl @@ -33,7 +33,6 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_RULES ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -47,17 +46,11 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_RULES ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -81,7 +74,7 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_RULES ()) whirlpool_ctx_t ctx; - whirlpool_init (&ctx, s_MT, s_RC); + whirlpool_init (&ctx, s_MT); whirlpool_update_swap (&ctx, tmp.i, tmp.pw_len); @@ -113,7 +106,6 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_RULES ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -127,17 +119,11 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_RULES ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -173,7 +159,7 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_RULES ()) whirlpool_ctx_t ctx; - whirlpool_init (&ctx, s_MT, s_RC); + whirlpool_init (&ctx, s_MT); whirlpool_update_swap (&ctx, tmp.i, tmp.pw_len); diff --git a/OpenCL/m06100_a1-optimized.cl b/OpenCL/m06100_a1-optimized.cl index a91f4b0c8..87d62f4ff 100644 --- a/OpenCL/m06100_a1-optimized.cl +++ b/OpenCL/m06100_a1-optimized.cl @@ -14,9 +14,9 @@ #include "inc_hash_whirlpool.cl" #endif -DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { - whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT, s_RC); + whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT); } KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) @@ -36,7 +36,6 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -50,17 +49,11 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -199,7 +192,7 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); + whirlpool_transform_transport_vector (w, dgst, s_MT); COMPARE_M_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } @@ -230,7 +223,6 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -244,17 +236,11 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -405,7 +391,7 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); + whirlpool_transform_transport_vector (w, dgst, s_MT); COMPARE_S_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } diff --git a/OpenCL/m06100_a1-pure.cl b/OpenCL/m06100_a1-pure.cl index 9ea4f2102..7d89131a6 100644 --- a/OpenCL/m06100_a1-pure.cl +++ b/OpenCL/m06100_a1-pure.cl @@ -31,7 +31,6 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_BASIC ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -45,17 +44,11 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_BASIC ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -67,7 +60,7 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_BASIC ()) whirlpool_ctx_t ctx0; - whirlpool_init (&ctx0, s_MT, s_RC); + whirlpool_init (&ctx0, s_MT); whirlpool_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); @@ -109,7 +102,6 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_BASIC ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -123,17 +115,11 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_BASIC ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -157,7 +143,7 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_BASIC ()) whirlpool_ctx_t ctx0; - whirlpool_init (&ctx0, s_MT, s_RC); + whirlpool_init (&ctx0, s_MT); whirlpool_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); diff --git a/OpenCL/m06100_a3-optimized.cl b/OpenCL/m06100_a3-optimized.cl index 944f3cbbd..02f700eab 100644 --- a/OpenCL/m06100_a3-optimized.cl +++ b/OpenCL/m06100_a3-optimized.cl @@ -14,12 +14,12 @@ #include "inc_hash_whirlpool.cl" #endif -DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { - whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT, s_RC); + whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT); } -DECLSPEC void m06100m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void m06100m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u64 (*s_MT)[256]) { /** * modifier @@ -82,13 +82,13 @@ DECLSPEC void m06100m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); + whirlpool_transform_transport_vector (w, dgst, s_MT); COMPARE_M_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } } -DECLSPEC void m06100s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void m06100s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u64 (*s_MT)[256]) { /** * modifier @@ -163,7 +163,7 @@ DECLSPEC void m06100s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT, s_RC); + whirlpool_transform_transport_vector (w, dgst, s_MT); COMPARE_S_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } @@ -186,7 +186,6 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -200,17 +199,11 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -254,7 +247,7 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) * main */ - m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT, s_RC); + m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT); } KERNEL_FQ void m06100_m08 (KERN_ATTR_BASIC ()) @@ -274,7 +267,6 @@ KERNEL_FQ void m06100_m08 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -288,17 +280,11 @@ KERNEL_FQ void m06100_m08 (KERN_ATTR_BASIC ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -342,7 +328,7 @@ KERNEL_FQ void m06100_m08 (KERN_ATTR_BASIC ()) * main */ - m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT, s_RC); + m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT); } KERNEL_FQ void m06100_m16 (KERN_ATTR_BASIC ()) @@ -366,7 +352,6 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -380,17 +365,11 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -434,7 +413,7 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) * main */ - m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT, s_RC); + m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT); } KERNEL_FQ void m06100_s08 (KERN_ATTR_BASIC ()) @@ -454,7 +433,6 @@ KERNEL_FQ void m06100_s08 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -468,17 +446,11 @@ KERNEL_FQ void m06100_s08 (KERN_ATTR_BASIC ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -522,7 +494,7 @@ KERNEL_FQ void m06100_s08 (KERN_ATTR_BASIC ()) * main */ - m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT, s_RC); + m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT); } KERNEL_FQ void m06100_s16 (KERN_ATTR_BASIC ()) diff --git a/OpenCL/m06100_a3-pure.cl b/OpenCL/m06100_a3-pure.cl index 65009e433..83ee08949 100644 --- a/OpenCL/m06100_a3-pure.cl +++ b/OpenCL/m06100_a3-pure.cl @@ -31,7 +31,6 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_VECTOR ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -45,17 +44,11 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_VECTOR ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -90,7 +83,7 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_VECTOR ()) whirlpool_ctx_vector_t ctx; - whirlpool_init_vector (&ctx, s_MT, s_RC); + whirlpool_init_vector (&ctx, s_MT); whirlpool_update_vector (&ctx, w, pw_len); @@ -122,7 +115,6 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_VECTOR ()) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -136,17 +128,11 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_VECTOR ()) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -193,7 +179,7 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_VECTOR ()) whirlpool_ctx_vector_t ctx; - whirlpool_init_vector (&ctx, s_MT, s_RC); + whirlpool_init_vector (&ctx, s_MT); whirlpool_update_vector (&ctx, w, pw_len); diff --git a/OpenCL/m06231-pure.cl b/OpenCL/m06231-pure.cl index 1310c92f4..ab0c0b99c 100644 --- a/OpenCL/m06231-pure.cl +++ b/OpenCL/m06231-pure.cl @@ -45,7 +45,7 @@ typedef struct tc_tmp } tc_tmp_t; -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -64,7 +64,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -83,7 +83,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -119,7 +119,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -138,7 +138,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); } KERNEL_FQ void m06231_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) @@ -169,7 +169,6 @@ KERNEL_FQ void m06231_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -183,17 +182,11 @@ KERNEL_FQ void m06231_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -265,7 +258,7 @@ KERNEL_FQ void m06231_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -377,7 +370,6 @@ KERNEL_FQ void m06231_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -391,17 +383,11 @@ KERNEL_FQ void m06231_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -507,7 +493,7 @@ KERNEL_FQ void m06231_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -620,41 +606,6 @@ KERNEL_FQ void m06231_comp (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #endif - /** - * Whirlpool shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; - } - - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; - - #endif - if (gid >= gid_max) return; u32 ukey1[8]; diff --git a/OpenCL/m06232-pure.cl b/OpenCL/m06232-pure.cl index 2af88c987..883fa5cf0 100644 --- a/OpenCL/m06232-pure.cl +++ b/OpenCL/m06232-pure.cl @@ -45,7 +45,7 @@ typedef struct tc_tmp } tc_tmp_t; -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -64,7 +64,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -83,7 +83,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -119,7 +119,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -138,7 +138,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); } KERNEL_FQ void m06232_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) @@ -169,7 +169,6 @@ KERNEL_FQ void m06232_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -183,17 +182,11 @@ KERNEL_FQ void m06232_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -265,7 +258,7 @@ KERNEL_FQ void m06232_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -377,7 +370,6 @@ KERNEL_FQ void m06232_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -391,17 +383,11 @@ KERNEL_FQ void m06232_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -507,7 +493,7 @@ KERNEL_FQ void m06232_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -620,41 +606,6 @@ KERNEL_FQ void m06232_comp (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #endif - /** - * Whirlpool shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; - } - - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; - - #endif - if (gid >= gid_max) return; u32 ukey1[8]; diff --git a/OpenCL/m06233-pure.cl b/OpenCL/m06233-pure.cl index c6d2b1c6d..c95944450 100644 --- a/OpenCL/m06233-pure.cl +++ b/OpenCL/m06233-pure.cl @@ -45,7 +45,7 @@ typedef struct tc_tmp } tc_tmp_t; -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -64,7 +64,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -83,7 +83,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -119,7 +119,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -138,7 +138,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); } KERNEL_FQ void m06233_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) @@ -169,7 +169,6 @@ KERNEL_FQ void m06233_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -183,17 +182,11 @@ KERNEL_FQ void m06233_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -265,7 +258,7 @@ KERNEL_FQ void m06233_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -377,7 +370,6 @@ KERNEL_FQ void m06233_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -391,17 +383,11 @@ KERNEL_FQ void m06233_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -507,7 +493,7 @@ KERNEL_FQ void m06233_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -620,41 +606,6 @@ KERNEL_FQ void m06233_comp (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #endif - /** - * Whirlpool shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; - } - - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; - - #endif - if (gid >= gid_max) return; u32 ukey1[8]; diff --git a/OpenCL/m13731-pure.cl b/OpenCL/m13731-pure.cl index 2f685c700..971e72cb3 100644 --- a/OpenCL/m13731-pure.cl +++ b/OpenCL/m13731-pure.cl @@ -86,7 +86,7 @@ DECLSPEC int check_header_0512 (GLOBAL_AS const vc_t *esalt_bufs, GLOBAL_AS u32 return -1; } -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -105,7 +105,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -124,7 +124,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -160,7 +160,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -179,7 +179,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); } KERNEL_FQ void m13731_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) @@ -210,7 +210,6 @@ KERNEL_FQ void m13731_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -224,17 +223,11 @@ KERNEL_FQ void m13731_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -306,7 +299,7 @@ KERNEL_FQ void m13731_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -469,7 +462,6 @@ KERNEL_FQ void m13731_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -483,17 +475,11 @@ KERNEL_FQ void m13731_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -630,7 +616,7 @@ KERNEL_FQ void m13731_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -776,7 +762,6 @@ KERNEL_FQ void m13731_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -790,17 +775,11 @@ KERNEL_FQ void m13731_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif diff --git a/OpenCL/m13732-pure.cl b/OpenCL/m13732-pure.cl index 786b98594..68b4f5283 100644 --- a/OpenCL/m13732-pure.cl +++ b/OpenCL/m13732-pure.cl @@ -137,7 +137,7 @@ DECLSPEC int check_header_1024 (GLOBAL_AS const vc_t *esalt_bufs, GLOBAL_AS u32 return -1; } -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -156,7 +156,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -175,7 +175,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -211,7 +211,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -230,7 +230,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); } KERNEL_FQ void m13732_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) @@ -261,7 +261,6 @@ KERNEL_FQ void m13732_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -275,17 +274,11 @@ KERNEL_FQ void m13732_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -357,7 +350,7 @@ KERNEL_FQ void m13732_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -520,7 +513,6 @@ KERNEL_FQ void m13732_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -534,17 +526,11 @@ KERNEL_FQ void m13732_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -681,7 +667,7 @@ KERNEL_FQ void m13732_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -828,7 +814,6 @@ KERNEL_FQ void m13732_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -842,17 +827,11 @@ KERNEL_FQ void m13732_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif diff --git a/OpenCL/m13733-pure.cl b/OpenCL/m13733-pure.cl index 77c1b0131..1136733bc 100644 --- a/OpenCL/m13733-pure.cl +++ b/OpenCL/m13733-pure.cl @@ -202,7 +202,7 @@ DECLSPEC int check_header_1536 (GLOBAL_AS const vc_t *esalt_bufs, GLOBAL_AS u32 return -1; } -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256], SHM_TYPE u64 *s_RC) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -221,7 +221,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -240,7 +240,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -276,7 +276,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); w0[0] = 0x80000000; w0[1] = 0; @@ -295,7 +295,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT, s_RC); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); } KERNEL_FQ void m13733_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) @@ -326,7 +326,6 @@ KERNEL_FQ void m13733_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -340,17 +339,11 @@ KERNEL_FQ void m13733_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -422,7 +415,7 @@ KERNEL_FQ void m13733_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT, s_RC); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -585,7 +578,6 @@ KERNEL_FQ void m13733_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -599,17 +591,11 @@ KERNEL_FQ void m13733_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif @@ -746,7 +732,7 @@ KERNEL_FQ void m13733_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT, s_RC); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -894,7 +880,6 @@ KERNEL_FQ void m13733_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM LOCAL_VK u64 s_MT[8][256]; - LOCAL_VK u64 s_RC[16]; for (u32 i = lid; i < 256; i += lsz) { @@ -908,17 +893,11 @@ KERNEL_FQ void m13733_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) s_MT[7][i] = MT[7][i]; } - for (u32 i = lid; i < 16; i += lsz) - { - s_RC[i] = RC[i]; - } - SYNC_THREADS (); #else CONSTANT_AS u64a (*s_MT)[256] = MT; - CONSTANT_AS u64a *s_RC = RC; #endif From 193b4a38c7bbb58da5e1223fab2311a0eddb1e17 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 12 Feb 2020 15:58:57 +0100 Subject: [PATCH 220/300] Replace arrays in inc_hash_whirlpool.cl with scalar variables --- OpenCL/inc_hash_whirlpool.cl | 576 +++++++++++++++++------------------ 1 file changed, 280 insertions(+), 296 deletions(-) diff --git a/OpenCL/inc_hash_whirlpool.cl b/OpenCL/inc_hash_whirlpool.cl index e4735e917..19c409f09 100644 --- a/OpenCL/inc_hash_whirlpool.cl +++ b/OpenCL/inc_hash_whirlpool.cl @@ -541,178 +541,163 @@ CONSTANT_VK u64a MT[8][256] = }, }; -CONSTANT_VK u64a RC[16] = -{ - 0x1823c6e887b8014f, - 0x36a6d2f5796f9152, - 0x60bc9b8ea30c7b35, - 0x1de0d7c22e4bfe57, - 0x157737e59ff04ada, - 0x58c9290ab1a06b85, - 0xbd5d10f4cb3e0567, - 0xe427418ba77d95d8, - 0xfbee7c66dd17479e, - 0xca2dbf07ad5a8333, -}; - // important notes on this: // input buf unused bytes needs to be set to zero // input buf needs to be in algorithm native byte order (md5 = LE, sha256 = BE, etc) // input buf needs to be 64 byte aligned when using whirlpool_update() -#define F1(i,v,m) \ -{ \ - const u8 Lp0 = v8h_from_v64_S ((v)[((i) + 8) & 7]); \ - const u8 Lp1 = v8g_from_v64_S ((v)[((i) + 7) & 7]); \ - const u8 Lp2 = v8f_from_v64_S ((v)[((i) + 6) & 7]); \ - const u8 Lp3 = v8e_from_v64_S ((v)[((i) + 5) & 7]); \ - const u8 Lp4 = v8d_from_v64_S ((v)[((i) + 4) & 7]); \ - const u8 Lp5 = v8c_from_v64_S ((v)[((i) + 3) & 7]); \ - const u8 Lp6 = v8b_from_v64_S ((v)[((i) + 2) & 7]); \ - const u8 Lp7 = v8a_from_v64_S ((v)[((i) + 1) & 7]); \ - \ - const u64 X0 = BOX64_S ((m), 0, Lp0); \ - const u64 X1 = BOX64_S ((m), 1, Lp1); \ - const u64 X2 = BOX64_S ((m), 2, Lp2); \ - const u64 X3 = BOX64_S ((m), 3, Lp3); \ - const u64 X4 = BOX64_S ((m), 4, Lp4); \ - const u64 X5 = BOX64_S ((m), 5, Lp5); \ - const u64 X6 = BOX64_S ((m), 6, Lp6); \ - const u64 X7 = BOX64_S ((m), 7, Lp7); \ - \ - L[(i)] = X0 \ - ^ X1 \ - ^ X2 \ - ^ X3 \ - ^ X4 \ - ^ X5 \ - ^ X6 \ - ^ X7; \ +#define F1(l,m,v0,v1,v2,v3,v4,v5,v6,v7) \ +{ \ + const u8 Lp0 = v8h_from_v64_S ((v0)); \ + const u8 Lp1 = v8g_from_v64_S ((v1)); \ + const u8 Lp2 = v8f_from_v64_S ((v2)); \ + const u8 Lp3 = v8e_from_v64_S ((v3)); \ + const u8 Lp4 = v8d_from_v64_S ((v4)); \ + const u8 Lp5 = v8c_from_v64_S ((v5)); \ + const u8 Lp6 = v8b_from_v64_S ((v6)); \ + const u8 Lp7 = v8a_from_v64_S ((v7)); \ + \ + const u64 X0 = BOX64_S ((m), 0, Lp0); \ + const u64 X1 = BOX64_S ((m), 1, Lp1); \ + const u64 X2 = BOX64_S ((m), 2, Lp2); \ + const u64 X3 = BOX64_S ((m), 3, Lp3); \ + const u64 X4 = BOX64_S ((m), 4, Lp4); \ + const u64 X5 = BOX64_S ((m), 5, Lp5); \ + const u64 X6 = BOX64_S ((m), 6, Lp6); \ + const u64 X7 = BOX64_S ((m), 7, Lp7); \ + \ + (l) = X0 \ + ^ X1 \ + ^ X2 \ + ^ X3 \ + ^ X4 \ + ^ X5 \ + ^ X6 \ + ^ X7; \ } -#define F0(rc) \ -{ \ - u64 L[8]; \ - \ - F1 (0, K, s_MT); \ - F1 (1, K, s_MT); \ - F1 (2, K, s_MT); \ - F1 (3, K, s_MT); \ - F1 (4, K, s_MT); \ - F1 (5, K, s_MT); \ - F1 (6, K, s_MT); \ - F1 (7, K, s_MT); \ - \ - K[0] = L[0] ^ (rc); \ - K[1] = L[1]; \ - K[2] = L[2]; \ - K[3] = L[3]; \ - K[4] = L[4]; \ - K[5] = L[5]; \ - K[6] = L[6]; \ - K[7] = L[7]; \ - \ - F1 (0, state, s_MT); \ - F1 (1, state, s_MT); \ - F1 (2, state, s_MT); \ - F1 (3, state, s_MT); \ - F1 (4, state, s_MT); \ - F1 (5, state, s_MT); \ - F1 (6, state, s_MT); \ - F1 (7, state, s_MT); \ - \ - state[0] = L[0] ^ K[0]; \ - state[1] = L[1] ^ K[1]; \ - state[2] = L[2] ^ K[2]; \ - state[3] = L[3] ^ K[3]; \ - state[4] = L[4] ^ K[4]; \ - state[5] = L[5] ^ K[5]; \ - state[6] = L[6] ^ K[6]; \ - state[7] = L[7] ^ K[7]; \ +#define F0(rc) \ +{ \ + u64 L0; \ + u64 L1; \ + u64 L2; \ + u64 L3; \ + u64 L4; \ + u64 L5; \ + u64 L6; \ + u64 L7; \ + \ + F1 (L0, s_MT, K0, K7, K6, K5, K4, K3, K2, K1); \ + F1 (L1, s_MT, K1, K0, K7, K6, K5, K4, K3, K2); \ + F1 (L2, s_MT, K2, K1, K0, K7, K6, K5, K4, K3); \ + F1 (L3, s_MT, K3, K2, K1, K0, K7, K6, K5, K4); \ + F1 (L4, s_MT, K4, K3, K2, K1, K0, K7, K6, K5); \ + F1 (L5, s_MT, K5, K4, K3, K2, K1, K0, K7, K6); \ + F1 (L6, s_MT, K6, K5, K4, K3, K2, K1, K0, K7); \ + F1 (L7, s_MT, K7, K6, K5, K4, K3, K2, K1, K0); \ + \ + K0 = L0 ^ (rc); \ + K1 = L1; \ + K2 = L2; \ + K3 = L3; \ + K4 = L4; \ + K5 = L5; \ + K6 = L6; \ + K7 = L7; \ + \ + F1 (L0, s_MT, S0, S7, S6, S5, S4, S3, S2, S1); \ + F1 (L1, s_MT, S1, S0, S7, S6, S5, S4, S3, S2); \ + F1 (L2, s_MT, S2, S1, S0, S7, S6, S5, S4, S3); \ + F1 (L3, s_MT, S3, S2, S1, S0, S7, S6, S5, S4); \ + F1 (L4, s_MT, S4, S3, S2, S1, S0, S7, S6, S5); \ + F1 (L5, s_MT, S5, S4, S3, S2, S1, S0, S7, S6); \ + F1 (L6, s_MT, S6, S5, S4, S3, S2, S1, S0, S7); \ + F1 (L7, s_MT, S7, S6, S5, S4, S3, S2, S1, S0); \ + \ + S0 = L0 ^ K0; \ + S1 = L1 ^ K1; \ + S2 = L2 ^ K2; \ + S3 = L3 ^ K3; \ + S4 = L4 ^ K4; \ + S5 = L5 ^ K5; \ + S6 = L6 ^ K6; \ + S7 = L7 ^ K7; \ } DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 (*s_MT)[256]) { - u64 D[8]; + u64 W0 = hl32_to_64_S (w0[0], w0[1]); + u64 W1 = hl32_to_64_S (w0[2], w0[3]); + u64 W2 = hl32_to_64_S (w1[0], w1[1]); + u64 W3 = hl32_to_64_S (w1[2], w1[3]); + u64 W4 = hl32_to_64_S (w2[0], w2[1]); + u64 W5 = hl32_to_64_S (w2[2], w2[3]); + u64 W6 = hl32_to_64_S (w3[0], w3[1]); + u64 W7 = hl32_to_64_S (w3[2], w3[3]); - D[0] = hl32_to_64_S (digest[ 0], digest[ 1]); - D[1] = hl32_to_64_S (digest[ 2], digest[ 3]); - D[2] = hl32_to_64_S (digest[ 4], digest[ 5]); - D[3] = hl32_to_64_S (digest[ 6], digest[ 7]); - D[4] = hl32_to_64_S (digest[ 8], digest[ 9]); - D[5] = hl32_to_64_S (digest[10], digest[11]); - D[6] = hl32_to_64_S (digest[12], digest[13]); - D[7] = hl32_to_64_S (digest[14], digest[15]); + u64 D0 = hl32_to_64_S (digest[ 0], digest[ 1]); + u64 D1 = hl32_to_64_S (digest[ 2], digest[ 3]); + u64 D2 = hl32_to_64_S (digest[ 4], digest[ 5]); + u64 D3 = hl32_to_64_S (digest[ 6], digest[ 7]); + u64 D4 = hl32_to_64_S (digest[ 8], digest[ 9]); + u64 D5 = hl32_to_64_S (digest[10], digest[11]); + u64 D6 = hl32_to_64_S (digest[12], digest[13]); + u64 D7 = hl32_to_64_S (digest[14], digest[15]); - u64 K[8]; + u64 K0 = D0; + u64 K1 = D1; + u64 K2 = D2; + u64 K3 = D3; + u64 K4 = D4; + u64 K5 = D5; + u64 K6 = D6; + u64 K7 = D7; - K[0] = D[0]; - K[1] = D[1]; - K[2] = D[2]; - K[3] = D[3]; - K[4] = D[4]; - K[5] = D[5]; - K[6] = D[6]; - K[7] = D[7]; + u64 S0 = K0 ^ W0; + u64 S1 = K1 ^ W1; + u64 S2 = K2 ^ W2; + u64 S3 = K3 ^ W3; + u64 S4 = K4 ^ W4; + u64 S5 = K5 ^ W5; + u64 S6 = K6 ^ W6; + u64 S7 = K7 ^ W7; - u64 W[8]; + F0 (0x1823c6e887b8014f); + F0 (0x36a6d2f5796f9152); + F0 (0x60bc9b8ea30c7b35); + F0 (0x1de0d7c22e4bfe57); + F0 (0x157737e59ff04ada); + F0 (0x58c9290ab1a06b85); + F0 (0xbd5d10f4cb3e0567); + F0 (0xe427418ba77d95d8); + F0 (0xfbee7c66dd17479e); + F0 (0xca2dbf07ad5a8333); - W[0] = hl32_to_64_S (w0[0], w0[1]); - W[1] = hl32_to_64_S (w0[2], w0[3]); - W[2] = hl32_to_64_S (w1[0], w1[1]); - W[3] = hl32_to_64_S (w1[2], w1[3]); - W[4] = hl32_to_64_S (w2[0], w2[1]); - W[5] = hl32_to_64_S (w2[2], w2[3]); - W[6] = hl32_to_64_S (w3[0], w3[1]); - W[7] = hl32_to_64_S (w3[2], w3[3]); + D0 ^= S0 ^ W0; + D1 ^= S1 ^ W1; + D2 ^= S2 ^ W2; + D3 ^= S3 ^ W3; + D4 ^= S4 ^ W4; + D5 ^= S5 ^ W5; + D6 ^= S6 ^ W6; + D7 ^= S7 ^ W7; - u64 state[8]; - - state[0] = K[0] ^ W[0]; - state[1] = K[1] ^ W[1]; - state[2] = K[2] ^ W[2]; - state[3] = K[3] ^ W[3]; - state[4] = K[4] ^ W[4]; - state[5] = K[5] ^ W[5]; - state[6] = K[6] ^ W[6]; - state[7] = K[7] ^ W[7]; - - F0 (RC[0]); - F0 (RC[1]); - F0 (RC[2]); - F0 (RC[3]); - F0 (RC[4]); - F0 (RC[5]); - F0 (RC[6]); - F0 (RC[7]); - F0 (RC[8]); - F0 (RC[9]); - - W[0] ^= D[0] ^ state[0]; - W[1] ^= D[1] ^ state[1]; - W[2] ^= D[2] ^ state[2]; - W[3] ^= D[3] ^ state[3]; - W[4] ^= D[4] ^ state[4]; - W[5] ^= D[5] ^ state[5]; - W[6] ^= D[6] ^ state[6]; - W[7] ^= D[7] ^ state[7]; - - digest[ 0] = h32_from_64_S (W[0]); - digest[ 1] = l32_from_64_S (W[0]); - digest[ 2] = h32_from_64_S (W[1]); - digest[ 3] = l32_from_64_S (W[1]); - digest[ 4] = h32_from_64_S (W[2]); - digest[ 5] = l32_from_64_S (W[2]); - digest[ 6] = h32_from_64_S (W[3]); - digest[ 7] = l32_from_64_S (W[3]); - digest[ 8] = h32_from_64_S (W[4]); - digest[ 9] = l32_from_64_S (W[4]); - digest[10] = h32_from_64_S (W[5]); - digest[11] = l32_from_64_S (W[5]); - digest[12] = h32_from_64_S (W[6]); - digest[13] = l32_from_64_S (W[6]); - digest[14] = h32_from_64_S (W[7]); - digest[15] = l32_from_64_S (W[7]); + digest[ 0] = h32_from_64_S (D0); + digest[ 1] = l32_from_64_S (D0); + digest[ 2] = h32_from_64_S (D1); + digest[ 3] = l32_from_64_S (D1); + digest[ 4] = h32_from_64_S (D2); + digest[ 5] = l32_from_64_S (D2); + digest[ 6] = h32_from_64_S (D3); + digest[ 7] = l32_from_64_S (D3); + digest[ 8] = h32_from_64_S (D4); + digest[ 9] = l32_from_64_S (D4); + digest[10] = h32_from_64_S (D5); + digest[11] = l32_from_64_S (D5); + digest[12] = h32_from_64_S (D6); + digest[13] = l32_from_64_S (D6); + digest[14] = h32_from_64_S (D7); + digest[15] = l32_from_64_S (D7); } DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256]) @@ -1796,159 +1781,158 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) // while input buf can be a vector datatype, the length of the different elements can not -#define F1x(i,v,m) \ -{ \ - const u8x Lp0 = v8h_from_v64 ((v)[((i) + 8) & 7]); \ - const u8x Lp1 = v8g_from_v64 ((v)[((i) + 7) & 7]); \ - const u8x Lp2 = v8f_from_v64 ((v)[((i) + 6) & 7]); \ - const u8x Lp3 = v8e_from_v64 ((v)[((i) + 5) & 7]); \ - const u8x Lp4 = v8d_from_v64 ((v)[((i) + 4) & 7]); \ - const u8x Lp5 = v8c_from_v64 ((v)[((i) + 3) & 7]); \ - const u8x Lp6 = v8b_from_v64 ((v)[((i) + 2) & 7]); \ - const u8x Lp7 = v8a_from_v64 ((v)[((i) + 1) & 7]); \ - \ - const u64x X0 = BOX64 ((m), 0, Lp0); \ - const u64x X1 = BOX64 ((m), 1, Lp1); \ - const u64x X2 = BOX64 ((m), 2, Lp2); \ - const u64x X3 = BOX64 ((m), 3, Lp3); \ - const u64x X4 = BOX64 ((m), 4, Lp4); \ - const u64x X5 = BOX64 ((m), 5, Lp5); \ - const u64x X6 = BOX64 ((m), 6, Lp6); \ - const u64x X7 = BOX64 ((m), 7, Lp7); \ - \ - L[(i)] = X0 \ - ^ X1 \ - ^ X2 \ - ^ X3 \ - ^ X4 \ - ^ X5 \ - ^ X6 \ - ^ X7; \ +#define F1x(l,m,v0,v1,v2,v3,v4,v5,v6,v7) \ +{ \ + const u8x Lp0 = v8h_from_v64 ((v0)); \ + const u8x Lp1 = v8g_from_v64 ((v1)); \ + const u8x Lp2 = v8f_from_v64 ((v2)); \ + const u8x Lp3 = v8e_from_v64 ((v3)); \ + const u8x Lp4 = v8d_from_v64 ((v4)); \ + const u8x Lp5 = v8c_from_v64 ((v5)); \ + const u8x Lp6 = v8b_from_v64 ((v6)); \ + const u8x Lp7 = v8a_from_v64 ((v7)); \ + \ + const u64x X0 = BOX64 ((m), 0, Lp0); \ + const u64x X1 = BOX64 ((m), 1, Lp1); \ + const u64x X2 = BOX64 ((m), 2, Lp2); \ + const u64x X3 = BOX64 ((m), 3, Lp3); \ + const u64x X4 = BOX64 ((m), 4, Lp4); \ + const u64x X5 = BOX64 ((m), 5, Lp5); \ + const u64x X6 = BOX64 ((m), 6, Lp6); \ + const u64x X7 = BOX64 ((m), 7, Lp7); \ + \ + (l) = X0 \ + ^ X1 \ + ^ X2 \ + ^ X3 \ + ^ X4 \ + ^ X5 \ + ^ X6 \ + ^ X7; \ } -#define F0x(rc) \ -{ \ - u64x L[8]; \ - \ - F1x (0, K, s_MT); \ - F1x (1, K, s_MT); \ - F1x (2, K, s_MT); \ - F1x (3, K, s_MT); \ - F1x (4, K, s_MT); \ - F1x (5, K, s_MT); \ - F1x (6, K, s_MT); \ - F1x (7, K, s_MT); \ - \ - K[0] = L[0] ^ (rc); \ - K[1] = L[1]; \ - K[2] = L[2]; \ - K[3] = L[3]; \ - K[4] = L[4]; \ - K[5] = L[5]; \ - K[6] = L[6]; \ - K[7] = L[7]; \ - \ - F1x (0, state, s_MT); \ - F1x (1, state, s_MT); \ - F1x (2, state, s_MT); \ - F1x (3, state, s_MT); \ - F1x (4, state, s_MT); \ - F1x (5, state, s_MT); \ - F1x (6, state, s_MT); \ - F1x (7, state, s_MT); \ - \ - state[0] = L[0] ^ K[0]; \ - state[1] = L[1] ^ K[1]; \ - state[2] = L[2] ^ K[2]; \ - state[3] = L[3] ^ K[3]; \ - state[4] = L[4] ^ K[4]; \ - state[5] = L[5] ^ K[5]; \ - state[6] = L[6] ^ K[6]; \ - state[7] = L[7] ^ K[7]; \ +#define F0x(rc) \ +{ \ + u64x L0; \ + u64x L1; \ + u64x L2; \ + u64x L3; \ + u64x L4; \ + u64x L5; \ + u64x L6; \ + u64x L7; \ + \ + F1x (L0, s_MT, K0, K7, K6, K5, K4, K3, K2, K1); \ + F1x (L1, s_MT, K1, K0, K7, K6, K5, K4, K3, K2); \ + F1x (L2, s_MT, K2, K1, K0, K7, K6, K5, K4, K3); \ + F1x (L3, s_MT, K3, K2, K1, K0, K7, K6, K5, K4); \ + F1x (L4, s_MT, K4, K3, K2, K1, K0, K7, K6, K5); \ + F1x (L5, s_MT, K5, K4, K3, K2, K1, K0, K7, K6); \ + F1x (L6, s_MT, K6, K5, K4, K3, K2, K1, K0, K7); \ + F1x (L7, s_MT, K7, K6, K5, K4, K3, K2, K1, K0); \ + \ + K0 = L0 ^ (rc); \ + K1 = L1; \ + K2 = L2; \ + K3 = L3; \ + K4 = L4; \ + K5 = L5; \ + K6 = L6; \ + K7 = L7; \ + \ + F1x (L0, s_MT, S0, S7, S6, S5, S4, S3, S2, S1); \ + F1x (L1, s_MT, S1, S0, S7, S6, S5, S4, S3, S2); \ + F1x (L2, s_MT, S2, S1, S0, S7, S6, S5, S4, S3); \ + F1x (L3, s_MT, S3, S2, S1, S0, S7, S6, S5, S4); \ + F1x (L4, s_MT, S4, S3, S2, S1, S0, S7, S6, S5); \ + F1x (L5, s_MT, S5, S4, S3, S2, S1, S0, S7, S6); \ + F1x (L6, s_MT, S6, S5, S4, S3, S2, S1, S0, S7); \ + F1x (L7, s_MT, S7, S6, S5, S4, S3, S2, S1, S0); \ + \ + S0 = L0 ^ K0; \ + S1 = L1 ^ K1; \ + S2 = L2 ^ K2; \ + S3 = L3 ^ K3; \ + S4 = L4 ^ K4; \ + S5 = L5 ^ K5; \ + S6 = L6 ^ K6; \ + S7 = L7 ^ K7; \ } DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) { - u64x D[8]; + u64x W0 = hl32_to_64 (w0[0], w0[1]); + u64x W1 = hl32_to_64 (w0[2], w0[3]); + u64x W2 = hl32_to_64 (w1[0], w1[1]); + u64x W3 = hl32_to_64 (w1[2], w1[3]); + u64x W4 = hl32_to_64 (w2[0], w2[1]); + u64x W5 = hl32_to_64 (w2[2], w2[3]); + u64x W6 = hl32_to_64 (w3[0], w3[1]); + u64x W7 = hl32_to_64 (w3[2], w3[3]); - D[0] = hl32_to_64 (digest[ 0], digest[ 1]); - D[1] = hl32_to_64 (digest[ 2], digest[ 3]); - D[2] = hl32_to_64 (digest[ 4], digest[ 5]); - D[3] = hl32_to_64 (digest[ 6], digest[ 7]); - D[4] = hl32_to_64 (digest[ 8], digest[ 9]); - D[5] = hl32_to_64 (digest[10], digest[11]); - D[6] = hl32_to_64 (digest[12], digest[13]); - D[7] = hl32_to_64 (digest[14], digest[15]); + u64x D0 = hl32_to_64 (digest[ 0], digest[ 1]); + u64x D1 = hl32_to_64 (digest[ 2], digest[ 3]); + u64x D2 = hl32_to_64 (digest[ 4], digest[ 5]); + u64x D3 = hl32_to_64 (digest[ 6], digest[ 7]); + u64x D4 = hl32_to_64 (digest[ 8], digest[ 9]); + u64x D5 = hl32_to_64 (digest[10], digest[11]); + u64x D6 = hl32_to_64 (digest[12], digest[13]); + u64x D7 = hl32_to_64 (digest[14], digest[15]); - u64x K[8]; + u64x K0 = D0; + u64x K1 = D1; + u64x K2 = D2; + u64x K3 = D3; + u64x K4 = D4; + u64x K5 = D5; + u64x K6 = D6; + u64x K7 = D7; - K[0] = D[0]; - K[1] = D[1]; - K[2] = D[2]; - K[3] = D[3]; - K[4] = D[4]; - K[5] = D[5]; - K[6] = D[6]; - K[7] = D[7]; + u64x S0 = K0 ^ W0; + u64x S1 = K1 ^ W1; + u64x S2 = K2 ^ W2; + u64x S3 = K3 ^ W3; + u64x S4 = K4 ^ W4; + u64x S5 = K5 ^ W5; + u64x S6 = K6 ^ W6; + u64x S7 = K7 ^ W7; - u64x W[8]; + F0x (0x1823c6e887b8014f); + F0x (0x36a6d2f5796f9152); + F0x (0x60bc9b8ea30c7b35); + F0x (0x1de0d7c22e4bfe57); + F0x (0x157737e59ff04ada); + F0x (0x58c9290ab1a06b85); + F0x (0xbd5d10f4cb3e0567); + F0x (0xe427418ba77d95d8); + F0x (0xfbee7c66dd17479e); + F0x (0xca2dbf07ad5a8333); - W[0] = hl32_to_64 (w0[0], w0[1]); - W[1] = hl32_to_64 (w0[2], w0[3]); - W[2] = hl32_to_64 (w1[0], w1[1]); - W[3] = hl32_to_64 (w1[2], w1[3]); - W[4] = hl32_to_64 (w2[0], w2[1]); - W[5] = hl32_to_64 (w2[2], w2[3]); - W[6] = hl32_to_64 (w3[0], w3[1]); - W[7] = hl32_to_64 (w3[2], w3[3]); + D0 ^= S0 ^ W0; + D1 ^= S1 ^ W1; + D2 ^= S2 ^ W2; + D3 ^= S3 ^ W3; + D4 ^= S4 ^ W4; + D5 ^= S5 ^ W5; + D6 ^= S6 ^ W6; + D7 ^= S7 ^ W7; - u64x state[8]; - - state[0] = K[0] ^ W[0]; - state[1] = K[1] ^ W[1]; - state[2] = K[2] ^ W[2]; - state[3] = K[3] ^ W[3]; - state[4] = K[4] ^ W[4]; - state[5] = K[5] ^ W[5]; - state[6] = K[6] ^ W[6]; - state[7] = K[7] ^ W[7]; - - F0x (RC[0]); - F0x (RC[1]); - F0x (RC[2]); - F0x (RC[3]); - F0x (RC[4]); - F0x (RC[5]); - F0x (RC[6]); - F0x (RC[7]); - F0x (RC[8]); - F0x (RC[9]); - - W[0] ^= D[0] ^ state[0]; - W[1] ^= D[1] ^ state[1]; - W[2] ^= D[2] ^ state[2]; - W[3] ^= D[3] ^ state[3]; - W[4] ^= D[4] ^ state[4]; - W[5] ^= D[5] ^ state[5]; - W[6] ^= D[6] ^ state[6]; - W[7] ^= D[7] ^ state[7]; - - digest[ 0] = h32_from_64 (W[0]); - digest[ 1] = l32_from_64 (W[0]); - digest[ 2] = h32_from_64 (W[1]); - digest[ 3] = l32_from_64 (W[1]); - digest[ 4] = h32_from_64 (W[2]); - digest[ 5] = l32_from_64 (W[2]); - digest[ 6] = h32_from_64 (W[3]); - digest[ 7] = l32_from_64 (W[3]); - digest[ 8] = h32_from_64 (W[4]); - digest[ 9] = l32_from_64 (W[4]); - digest[10] = h32_from_64 (W[5]); - digest[11] = l32_from_64 (W[5]); - digest[12] = h32_from_64 (W[6]); - digest[13] = l32_from_64 (W[6]); - digest[14] = h32_from_64 (W[7]); - digest[15] = l32_from_64 (W[7]); + digest[ 0] = h32_from_64 (D0); + digest[ 1] = l32_from_64 (D0); + digest[ 2] = h32_from_64 (D1); + digest[ 3] = l32_from_64 (D1); + digest[ 4] = h32_from_64 (D2); + digest[ 5] = l32_from_64 (D2); + digest[ 6] = h32_from_64 (D3); + digest[ 7] = l32_from_64 (D3); + digest[ 8] = h32_from_64 (D4); + digest[ 9] = l32_from_64 (D4); + digest[10] = h32_from_64 (D5); + digest[11] = l32_from_64 (D5); + digest[12] = h32_from_64 (D6); + digest[13] = l32_from_64 (D6); + digest[14] = h32_from_64 (D7); + digest[15] = l32_from_64 (D7); } DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 (*s_MT)[256]) From 5f57ab35b6f24a7890252cbf128dae2802ea6ece Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 12 Feb 2020 16:51:19 +0100 Subject: [PATCH 221/300] Rewrite MT[X][256] constants to MTX[256] constants in whirlpool hash --- OpenCL/inc_hash_whirlpool.cl | 1267 +++++++++++++++++---------------- OpenCL/inc_hash_whirlpool.h | 66 +- OpenCL/m06100_a0-optimized.cl | 76 +- OpenCL/m06100_a0-pure.cl | 72 +- OpenCL/m06100_a1-optimized.cl | 76 +- OpenCL/m06100_a1-pure.cl | 72 +- OpenCL/m06100_a3-optimized.cl | 156 ++-- OpenCL/m06100_a3-pure.cl | 72 +- OpenCL/m06231-pure.cl | 82 ++- OpenCL/m06232-pure.cl | 82 ++- OpenCL/m06233-pure.cl | 82 ++- OpenCL/m13731-pure.cl | 110 +-- OpenCL/m13732-pure.cl | 110 +-- OpenCL/m13733-pure.cl | 110 +-- 14 files changed, 1379 insertions(+), 1054 deletions(-) diff --git a/OpenCL/inc_hash_whirlpool.cl b/OpenCL/inc_hash_whirlpool.cl index 19c409f09..f1d3c2323 100644 --- a/OpenCL/inc_hash_whirlpool.cl +++ b/OpenCL/inc_hash_whirlpool.cl @@ -9,536 +9,548 @@ #include "inc_common.h" #include "inc_hash_whirlpool.h" -CONSTANT_VK u64a MT[8][256] = +CONSTANT_VK u64a MT0[256] = { - { - 0x18186018c07830d8, 0x23238c2305af4626, 0xc6c63fc67ef991b8, 0xe8e887e8136fcdfb, - 0x878726874ca113cb, 0xb8b8dab8a9626d11, 0x0101040108050209, 0x4f4f214f426e9e0d, - 0x3636d836adee6c9b, 0xa6a6a2a6590451ff, 0xd2d26fd2debdb90c, 0xf5f5f3f5fb06f70e, - 0x7979f979ef80f296, 0x6f6fa16f5fcede30, 0x91917e91fcef3f6d, 0x52525552aa07a4f8, - 0x60609d6027fdc047, 0xbcbccabc89766535, 0x9b9b569baccd2b37, 0x8e8e028e048c018a, - 0xa3a3b6a371155bd2, 0x0c0c300c603c186c, 0x7b7bf17bff8af684, 0x3535d435b5e16a80, - 0x1d1d741de8693af5, 0xe0e0a7e05347ddb3, 0xd7d77bd7f6acb321, 0xc2c22fc25eed999c, - 0x2e2eb82e6d965c43, 0x4b4b314b627a9629, 0xfefedffea321e15d, 0x575741578216aed5, - 0x15155415a8412abd, 0x7777c1779fb6eee8, 0x3737dc37a5eb6e92, 0xe5e5b3e57b56d79e, - 0x9f9f469f8cd92313, 0xf0f0e7f0d317fd23, 0x4a4a354a6a7f9420, 0xdada4fda9e95a944, - 0x58587d58fa25b0a2, 0xc9c903c906ca8fcf, 0x2929a429558d527c, 0x0a0a280a5022145a, - 0xb1b1feb1e14f7f50, 0xa0a0baa0691a5dc9, 0x6b6bb16b7fdad614, 0x85852e855cab17d9, - 0xbdbdcebd8173673c, 0x5d5d695dd234ba8f, 0x1010401080502090, 0xf4f4f7f4f303f507, - 0xcbcb0bcb16c08bdd, 0x3e3ef83eedc67cd3, 0x0505140528110a2d, 0x676781671fe6ce78, - 0xe4e4b7e47353d597, 0x27279c2725bb4e02, 0x4141194132588273, 0x8b8b168b2c9d0ba7, - 0xa7a7a6a7510153f6, 0x7d7de97dcf94fab2, 0x95956e95dcfb3749, 0xd8d847d88e9fad56, - 0xfbfbcbfb8b30eb70, 0xeeee9fee2371c1cd, 0x7c7ced7cc791f8bb, 0x6666856617e3cc71, - 0xdddd53dda68ea77b, 0x17175c17b84b2eaf, 0x4747014702468e45, 0x9e9e429e84dc211a, - 0xcaca0fca1ec589d4, 0x2d2db42d75995a58, 0xbfbfc6bf9179632e, 0x07071c07381b0e3f, - 0xadad8ead012347ac, 0x5a5a755aea2fb4b0, 0x838336836cb51bef, 0x3333cc3385ff66b6, - 0x636391633ff2c65c, 0x02020802100a0412, 0xaaaa92aa39384993, 0x7171d971afa8e2de, - 0xc8c807c80ecf8dc6, 0x19196419c87d32d1, 0x494939497270923b, 0xd9d943d9869aaf5f, - 0xf2f2eff2c31df931, 0xe3e3abe34b48dba8, 0x5b5b715be22ab6b9, 0x88881a8834920dbc, - 0x9a9a529aa4c8293e, 0x262698262dbe4c0b, 0x3232c8328dfa64bf, 0xb0b0fab0e94a7d59, - 0xe9e983e91b6acff2, 0x0f0f3c0f78331e77, 0xd5d573d5e6a6b733, 0x80803a8074ba1df4, - 0xbebec2be997c6127, 0xcdcd13cd26de87eb, 0x3434d034bde46889, 0x48483d487a759032, - 0xffffdbffab24e354, 0x7a7af57af78ff48d, 0x90907a90f4ea3d64, 0x5f5f615fc23ebe9d, - 0x202080201da0403d, 0x6868bd6867d5d00f, 0x1a1a681ad07234ca, 0xaeae82ae192c41b7, - 0xb4b4eab4c95e757d, 0x54544d549a19a8ce, 0x93937693ece53b7f, 0x222288220daa442f, - 0x64648d6407e9c863, 0xf1f1e3f1db12ff2a, 0x7373d173bfa2e6cc, 0x12124812905a2482, - 0x40401d403a5d807a, 0x0808200840281048, 0xc3c32bc356e89b95, 0xecec97ec337bc5df, - 0xdbdb4bdb9690ab4d, 0xa1a1bea1611f5fc0, 0x8d8d0e8d1c830791, 0x3d3df43df5c97ac8, - 0x97976697ccf1335b, 0x0000000000000000, 0xcfcf1bcf36d483f9, 0x2b2bac2b4587566e, - 0x7676c57697b3ece1, 0x8282328264b019e6, 0xd6d67fd6fea9b128, 0x1b1b6c1bd87736c3, - 0xb5b5eeb5c15b7774, 0xafaf86af112943be, 0x6a6ab56a77dfd41d, 0x50505d50ba0da0ea, - 0x45450945124c8a57, 0xf3f3ebf3cb18fb38, 0x3030c0309df060ad, 0xefef9bef2b74c3c4, - 0x3f3ffc3fe5c37eda, 0x55554955921caac7, 0xa2a2b2a2791059db, 0xeaea8fea0365c9e9, - 0x656589650fecca6a, 0xbabad2bab9686903, 0x2f2fbc2f65935e4a, 0xc0c027c04ee79d8e, - 0xdede5fdebe81a160, 0x1c1c701ce06c38fc, 0xfdfdd3fdbb2ee746, 0x4d4d294d52649a1f, - 0x92927292e4e03976, 0x7575c9758fbceafa, 0x06061806301e0c36, 0x8a8a128a249809ae, - 0xb2b2f2b2f940794b, 0xe6e6bfe66359d185, 0x0e0e380e70361c7e, 0x1f1f7c1ff8633ee7, - 0x6262956237f7c455, 0xd4d477d4eea3b53a, 0xa8a89aa829324d81, 0x96966296c4f43152, - 0xf9f9c3f99b3aef62, 0xc5c533c566f697a3, 0x2525942535b14a10, 0x59597959f220b2ab, - 0x84842a8454ae15d0, 0x7272d572b7a7e4c5, 0x3939e439d5dd72ec, 0x4c4c2d4c5a619816, - 0x5e5e655eca3bbc94, 0x7878fd78e785f09f, 0x3838e038ddd870e5, 0x8c8c0a8c14860598, - 0xd1d163d1c6b2bf17, 0xa5a5aea5410b57e4, 0xe2e2afe2434dd9a1, 0x616199612ff8c24e, - 0xb3b3f6b3f1457b42, 0x2121842115a54234, 0x9c9c4a9c94d62508, 0x1e1e781ef0663cee, - 0x4343114322528661, 0xc7c73bc776fc93b1, 0xfcfcd7fcb32be54f, 0x0404100420140824, - 0x51515951b208a2e3, 0x99995e99bcc72f25, 0x6d6da96d4fc4da22, 0x0d0d340d68391a65, - 0xfafacffa8335e979, 0xdfdf5bdfb684a369, 0x7e7ee57ed79bfca9, 0x242490243db44819, - 0x3b3bec3bc5d776fe, 0xabab96ab313d4b9a, 0xcece1fce3ed181f0, 0x1111441188552299, - 0x8f8f068f0c890383, 0x4e4e254e4a6b9c04, 0xb7b7e6b7d1517366, 0xebeb8beb0b60cbe0, - 0x3c3cf03cfdcc78c1, 0x81813e817cbf1ffd, 0x94946a94d4fe3540, 0xf7f7fbf7eb0cf31c, - 0xb9b9deb9a1676f18, 0x13134c13985f268b, 0x2c2cb02c7d9c5851, 0xd3d36bd3d6b8bb05, - 0xe7e7bbe76b5cd38c, 0x6e6ea56e57cbdc39, 0xc4c437c46ef395aa, 0x03030c03180f061b, - 0x565645568a13acdc, 0x44440d441a49885e, 0x7f7fe17fdf9efea0, 0xa9a99ea921374f88, - 0x2a2aa82a4d825467, 0xbbbbd6bbb16d6b0a, 0xc1c123c146e29f87, 0x53535153a202a6f1, - 0xdcdc57dcae8ba572, 0x0b0b2c0b58271653, 0x9d9d4e9d9cd32701, 0x6c6cad6c47c1d82b, - 0x3131c43195f562a4, 0x7474cd7487b9e8f3, 0xf6f6fff6e309f115, 0x464605460a438c4c, - 0xacac8aac092645a5, 0x89891e893c970fb5, 0x14145014a04428b4, 0xe1e1a3e15b42dfba, - 0x16165816b04e2ca6, 0x3a3ae83acdd274f7, 0x6969b9696fd0d206, 0x09092409482d1241, - 0x7070dd70a7ade0d7, 0xb6b6e2b6d954716f, 0xd0d067d0ceb7bd1e, 0xeded93ed3b7ec7d6, - 0xcccc17cc2edb85e2, 0x424215422a578468, 0x98985a98b4c22d2c, 0xa4a4aaa4490e55ed, - 0x2828a0285d885075, 0x5c5c6d5cda31b886, 0xf8f8c7f8933fed6b, 0x8686228644a411c2, - }, - { - 0xd818186018c07830, 0x2623238c2305af46, 0xb8c6c63fc67ef991, 0xfbe8e887e8136fcd, - 0xcb878726874ca113, 0x11b8b8dab8a9626d, 0x0901010401080502, 0x0d4f4f214f426e9e, - 0x9b3636d836adee6c, 0xffa6a6a2a6590451, 0x0cd2d26fd2debdb9, 0x0ef5f5f3f5fb06f7, - 0x967979f979ef80f2, 0x306f6fa16f5fcede, 0x6d91917e91fcef3f, 0xf852525552aa07a4, - 0x4760609d6027fdc0, 0x35bcbccabc897665, 0x379b9b569baccd2b, 0x8a8e8e028e048c01, - 0xd2a3a3b6a371155b, 0x6c0c0c300c603c18, 0x847b7bf17bff8af6, 0x803535d435b5e16a, - 0xf51d1d741de8693a, 0xb3e0e0a7e05347dd, 0x21d7d77bd7f6acb3, 0x9cc2c22fc25eed99, - 0x432e2eb82e6d965c, 0x294b4b314b627a96, 0x5dfefedffea321e1, 0xd5575741578216ae, - 0xbd15155415a8412a, 0xe87777c1779fb6ee, 0x923737dc37a5eb6e, 0x9ee5e5b3e57b56d7, - 0x139f9f469f8cd923, 0x23f0f0e7f0d317fd, 0x204a4a354a6a7f94, 0x44dada4fda9e95a9, - 0xa258587d58fa25b0, 0xcfc9c903c906ca8f, 0x7c2929a429558d52, 0x5a0a0a280a502214, - 0x50b1b1feb1e14f7f, 0xc9a0a0baa0691a5d, 0x146b6bb16b7fdad6, 0xd985852e855cab17, - 0x3cbdbdcebd817367, 0x8f5d5d695dd234ba, 0x9010104010805020, 0x07f4f4f7f4f303f5, - 0xddcbcb0bcb16c08b, 0xd33e3ef83eedc67c, 0x2d0505140528110a, 0x78676781671fe6ce, - 0x97e4e4b7e47353d5, 0x0227279c2725bb4e, 0x7341411941325882, 0xa78b8b168b2c9d0b, - 0xf6a7a7a6a7510153, 0xb27d7de97dcf94fa, 0x4995956e95dcfb37, 0x56d8d847d88e9fad, - 0x70fbfbcbfb8b30eb, 0xcdeeee9fee2371c1, 0xbb7c7ced7cc791f8, 0x716666856617e3cc, - 0x7bdddd53dda68ea7, 0xaf17175c17b84b2e, 0x454747014702468e, 0x1a9e9e429e84dc21, - 0xd4caca0fca1ec589, 0x582d2db42d75995a, 0x2ebfbfc6bf917963, 0x3f07071c07381b0e, - 0xacadad8ead012347, 0xb05a5a755aea2fb4, 0xef838336836cb51b, 0xb63333cc3385ff66, - 0x5c636391633ff2c6, 0x1202020802100a04, 0x93aaaa92aa393849, 0xde7171d971afa8e2, - 0xc6c8c807c80ecf8d, 0xd119196419c87d32, 0x3b49493949727092, 0x5fd9d943d9869aaf, - 0x31f2f2eff2c31df9, 0xa8e3e3abe34b48db, 0xb95b5b715be22ab6, 0xbc88881a8834920d, - 0x3e9a9a529aa4c829, 0x0b262698262dbe4c, 0xbf3232c8328dfa64, 0x59b0b0fab0e94a7d, - 0xf2e9e983e91b6acf, 0x770f0f3c0f78331e, 0x33d5d573d5e6a6b7, 0xf480803a8074ba1d, - 0x27bebec2be997c61, 0xebcdcd13cd26de87, 0x893434d034bde468, 0x3248483d487a7590, - 0x54ffffdbffab24e3, 0x8d7a7af57af78ff4, 0x6490907a90f4ea3d, 0x9d5f5f615fc23ebe, - 0x3d202080201da040, 0x0f6868bd6867d5d0, 0xca1a1a681ad07234, 0xb7aeae82ae192c41, - 0x7db4b4eab4c95e75, 0xce54544d549a19a8, 0x7f93937693ece53b, 0x2f222288220daa44, - 0x6364648d6407e9c8, 0x2af1f1e3f1db12ff, 0xcc7373d173bfa2e6, 0x8212124812905a24, - 0x7a40401d403a5d80, 0x4808082008402810, 0x95c3c32bc356e89b, 0xdfecec97ec337bc5, - 0x4ddbdb4bdb9690ab, 0xc0a1a1bea1611f5f, 0x918d8d0e8d1c8307, 0xc83d3df43df5c97a, - 0x5b97976697ccf133, 0x0000000000000000, 0xf9cfcf1bcf36d483, 0x6e2b2bac2b458756, - 0xe17676c57697b3ec, 0xe68282328264b019, 0x28d6d67fd6fea9b1, 0xc31b1b6c1bd87736, - 0x74b5b5eeb5c15b77, 0xbeafaf86af112943, 0x1d6a6ab56a77dfd4, 0xea50505d50ba0da0, - 0x5745450945124c8a, 0x38f3f3ebf3cb18fb, 0xad3030c0309df060, 0xc4efef9bef2b74c3, - 0xda3f3ffc3fe5c37e, 0xc755554955921caa, 0xdba2a2b2a2791059, 0xe9eaea8fea0365c9, - 0x6a656589650fecca, 0x03babad2bab96869, 0x4a2f2fbc2f65935e, 0x8ec0c027c04ee79d, - 0x60dede5fdebe81a1, 0xfc1c1c701ce06c38, 0x46fdfdd3fdbb2ee7, 0x1f4d4d294d52649a, - 0x7692927292e4e039, 0xfa7575c9758fbcea, 0x3606061806301e0c, 0xae8a8a128a249809, - 0x4bb2b2f2b2f94079, 0x85e6e6bfe66359d1, 0x7e0e0e380e70361c, 0xe71f1f7c1ff8633e, - 0x556262956237f7c4, 0x3ad4d477d4eea3b5, 0x81a8a89aa829324d, 0x5296966296c4f431, - 0x62f9f9c3f99b3aef, 0xa3c5c533c566f697, 0x102525942535b14a, 0xab59597959f220b2, - 0xd084842a8454ae15, 0xc57272d572b7a7e4, 0xec3939e439d5dd72, 0x164c4c2d4c5a6198, - 0x945e5e655eca3bbc, 0x9f7878fd78e785f0, 0xe53838e038ddd870, 0x988c8c0a8c148605, - 0x17d1d163d1c6b2bf, 0xe4a5a5aea5410b57, 0xa1e2e2afe2434dd9, 0x4e616199612ff8c2, - 0x42b3b3f6b3f1457b, 0x342121842115a542, 0x089c9c4a9c94d625, 0xee1e1e781ef0663c, - 0x6143431143225286, 0xb1c7c73bc776fc93, 0x4ffcfcd7fcb32be5, 0x2404041004201408, - 0xe351515951b208a2, 0x2599995e99bcc72f, 0x226d6da96d4fc4da, 0x650d0d340d68391a, - 0x79fafacffa8335e9, 0x69dfdf5bdfb684a3, 0xa97e7ee57ed79bfc, 0x19242490243db448, - 0xfe3b3bec3bc5d776, 0x9aabab96ab313d4b, 0xf0cece1fce3ed181, 0x9911114411885522, - 0x838f8f068f0c8903, 0x044e4e254e4a6b9c, 0x66b7b7e6b7d15173, 0xe0ebeb8beb0b60cb, - 0xc13c3cf03cfdcc78, 0xfd81813e817cbf1f, 0x4094946a94d4fe35, 0x1cf7f7fbf7eb0cf3, - 0x18b9b9deb9a1676f, 0x8b13134c13985f26, 0x512c2cb02c7d9c58, 0x05d3d36bd3d6b8bb, - 0x8ce7e7bbe76b5cd3, 0x396e6ea56e57cbdc, 0xaac4c437c46ef395, 0x1b03030c03180f06, - 0xdc565645568a13ac, 0x5e44440d441a4988, 0xa07f7fe17fdf9efe, 0x88a9a99ea921374f, - 0x672a2aa82a4d8254, 0x0abbbbd6bbb16d6b, 0x87c1c123c146e29f, 0xf153535153a202a6, - 0x72dcdc57dcae8ba5, 0x530b0b2c0b582716, 0x019d9d4e9d9cd327, 0x2b6c6cad6c47c1d8, - 0xa43131c43195f562, 0xf37474cd7487b9e8, 0x15f6f6fff6e309f1, 0x4c464605460a438c, - 0xa5acac8aac092645, 0xb589891e893c970f, 0xb414145014a04428, 0xbae1e1a3e15b42df, - 0xa616165816b04e2c, 0xf73a3ae83acdd274, 0x066969b9696fd0d2, 0x4109092409482d12, - 0xd77070dd70a7ade0, 0x6fb6b6e2b6d95471, 0x1ed0d067d0ceb7bd, 0xd6eded93ed3b7ec7, - 0xe2cccc17cc2edb85, 0x68424215422a5784, 0x2c98985a98b4c22d, 0xeda4a4aaa4490e55, - 0x752828a0285d8850, 0x865c5c6d5cda31b8, 0x6bf8f8c7f8933fed, 0xc28686228644a411, - }, - { - 0x30d818186018c078, 0x462623238c2305af, 0x91b8c6c63fc67ef9, 0xcdfbe8e887e8136f, - 0x13cb878726874ca1, 0x6d11b8b8dab8a962, 0x0209010104010805, 0x9e0d4f4f214f426e, - 0x6c9b3636d836adee, 0x51ffa6a6a2a65904, 0xb90cd2d26fd2debd, 0xf70ef5f5f3f5fb06, - 0xf2967979f979ef80, 0xde306f6fa16f5fce, 0x3f6d91917e91fcef, 0xa4f852525552aa07, - 0xc04760609d6027fd, 0x6535bcbccabc8976, 0x2b379b9b569baccd, 0x018a8e8e028e048c, - 0x5bd2a3a3b6a37115, 0x186c0c0c300c603c, 0xf6847b7bf17bff8a, 0x6a803535d435b5e1, - 0x3af51d1d741de869, 0xddb3e0e0a7e05347, 0xb321d7d77bd7f6ac, 0x999cc2c22fc25eed, - 0x5c432e2eb82e6d96, 0x96294b4b314b627a, 0xe15dfefedffea321, 0xaed5575741578216, - 0x2abd15155415a841, 0xeee87777c1779fb6, 0x6e923737dc37a5eb, 0xd79ee5e5b3e57b56, - 0x23139f9f469f8cd9, 0xfd23f0f0e7f0d317, 0x94204a4a354a6a7f, 0xa944dada4fda9e95, - 0xb0a258587d58fa25, 0x8fcfc9c903c906ca, 0x527c2929a429558d, 0x145a0a0a280a5022, - 0x7f50b1b1feb1e14f, 0x5dc9a0a0baa0691a, 0xd6146b6bb16b7fda, 0x17d985852e855cab, - 0x673cbdbdcebd8173, 0xba8f5d5d695dd234, 0x2090101040108050, 0xf507f4f4f7f4f303, - 0x8bddcbcb0bcb16c0, 0x7cd33e3ef83eedc6, 0x0a2d050514052811, 0xce78676781671fe6, - 0xd597e4e4b7e47353, 0x4e0227279c2725bb, 0x8273414119413258, 0x0ba78b8b168b2c9d, - 0x53f6a7a7a6a75101, 0xfab27d7de97dcf94, 0x374995956e95dcfb, 0xad56d8d847d88e9f, - 0xeb70fbfbcbfb8b30, 0xc1cdeeee9fee2371, 0xf8bb7c7ced7cc791, 0xcc716666856617e3, - 0xa77bdddd53dda68e, 0x2eaf17175c17b84b, 0x8e45474701470246, 0x211a9e9e429e84dc, - 0x89d4caca0fca1ec5, 0x5a582d2db42d7599, 0x632ebfbfc6bf9179, 0x0e3f07071c07381b, - 0x47acadad8ead0123, 0xb4b05a5a755aea2f, 0x1bef838336836cb5, 0x66b63333cc3385ff, - 0xc65c636391633ff2, 0x041202020802100a, 0x4993aaaa92aa3938, 0xe2de7171d971afa8, - 0x8dc6c8c807c80ecf, 0x32d119196419c87d, 0x923b494939497270, 0xaf5fd9d943d9869a, - 0xf931f2f2eff2c31d, 0xdba8e3e3abe34b48, 0xb6b95b5b715be22a, 0x0dbc88881a883492, - 0x293e9a9a529aa4c8, 0x4c0b262698262dbe, 0x64bf3232c8328dfa, 0x7d59b0b0fab0e94a, - 0xcff2e9e983e91b6a, 0x1e770f0f3c0f7833, 0xb733d5d573d5e6a6, 0x1df480803a8074ba, - 0x6127bebec2be997c, 0x87ebcdcd13cd26de, 0x68893434d034bde4, 0x903248483d487a75, - 0xe354ffffdbffab24, 0xf48d7a7af57af78f, 0x3d6490907a90f4ea, 0xbe9d5f5f615fc23e, - 0x403d202080201da0, 0xd00f6868bd6867d5, 0x34ca1a1a681ad072, 0x41b7aeae82ae192c, - 0x757db4b4eab4c95e, 0xa8ce54544d549a19, 0x3b7f93937693ece5, 0x442f222288220daa, - 0xc86364648d6407e9, 0xff2af1f1e3f1db12, 0xe6cc7373d173bfa2, 0x248212124812905a, - 0x807a40401d403a5d, 0x1048080820084028, 0x9b95c3c32bc356e8, 0xc5dfecec97ec337b, - 0xab4ddbdb4bdb9690, 0x5fc0a1a1bea1611f, 0x07918d8d0e8d1c83, 0x7ac83d3df43df5c9, - 0x335b97976697ccf1, 0x0000000000000000, 0x83f9cfcf1bcf36d4, 0x566e2b2bac2b4587, - 0xece17676c57697b3, 0x19e68282328264b0, 0xb128d6d67fd6fea9, 0x36c31b1b6c1bd877, - 0x7774b5b5eeb5c15b, 0x43beafaf86af1129, 0xd41d6a6ab56a77df, 0xa0ea50505d50ba0d, - 0x8a5745450945124c, 0xfb38f3f3ebf3cb18, 0x60ad3030c0309df0, 0xc3c4efef9bef2b74, - 0x7eda3f3ffc3fe5c3, 0xaac755554955921c, 0x59dba2a2b2a27910, 0xc9e9eaea8fea0365, - 0xca6a656589650fec, 0x6903babad2bab968, 0x5e4a2f2fbc2f6593, 0x9d8ec0c027c04ee7, - 0xa160dede5fdebe81, 0x38fc1c1c701ce06c, 0xe746fdfdd3fdbb2e, 0x9a1f4d4d294d5264, - 0x397692927292e4e0, 0xeafa7575c9758fbc, 0x0c3606061806301e, 0x09ae8a8a128a2498, - 0x794bb2b2f2b2f940, 0xd185e6e6bfe66359, 0x1c7e0e0e380e7036, 0x3ee71f1f7c1ff863, - 0xc4556262956237f7, 0xb53ad4d477d4eea3, 0x4d81a8a89aa82932, 0x315296966296c4f4, - 0xef62f9f9c3f99b3a, 0x97a3c5c533c566f6, 0x4a102525942535b1, 0xb2ab59597959f220, - 0x15d084842a8454ae, 0xe4c57272d572b7a7, 0x72ec3939e439d5dd, 0x98164c4c2d4c5a61, - 0xbc945e5e655eca3b, 0xf09f7878fd78e785, 0x70e53838e038ddd8, 0x05988c8c0a8c1486, - 0xbf17d1d163d1c6b2, 0x57e4a5a5aea5410b, 0xd9a1e2e2afe2434d, 0xc24e616199612ff8, - 0x7b42b3b3f6b3f145, 0x42342121842115a5, 0x25089c9c4a9c94d6, 0x3cee1e1e781ef066, - 0x8661434311432252, 0x93b1c7c73bc776fc, 0xe54ffcfcd7fcb32b, 0x0824040410042014, - 0xa2e351515951b208, 0x2f2599995e99bcc7, 0xda226d6da96d4fc4, 0x1a650d0d340d6839, - 0xe979fafacffa8335, 0xa369dfdf5bdfb684, 0xfca97e7ee57ed79b, 0x4819242490243db4, - 0x76fe3b3bec3bc5d7, 0x4b9aabab96ab313d, 0x81f0cece1fce3ed1, 0x2299111144118855, - 0x03838f8f068f0c89, 0x9c044e4e254e4a6b, 0x7366b7b7e6b7d151, 0xcbe0ebeb8beb0b60, - 0x78c13c3cf03cfdcc, 0x1ffd81813e817cbf, 0x354094946a94d4fe, 0xf31cf7f7fbf7eb0c, - 0x6f18b9b9deb9a167, 0x268b13134c13985f, 0x58512c2cb02c7d9c, 0xbb05d3d36bd3d6b8, - 0xd38ce7e7bbe76b5c, 0xdc396e6ea56e57cb, 0x95aac4c437c46ef3, 0x061b03030c03180f, - 0xacdc565645568a13, 0x885e44440d441a49, 0xfea07f7fe17fdf9e, 0x4f88a9a99ea92137, - 0x54672a2aa82a4d82, 0x6b0abbbbd6bbb16d, 0x9f87c1c123c146e2, 0xa6f153535153a202, - 0xa572dcdc57dcae8b, 0x16530b0b2c0b5827, 0x27019d9d4e9d9cd3, 0xd82b6c6cad6c47c1, - 0x62a43131c43195f5, 0xe8f37474cd7487b9, 0xf115f6f6fff6e309, 0x8c4c464605460a43, - 0x45a5acac8aac0926, 0x0fb589891e893c97, 0x28b414145014a044, 0xdfbae1e1a3e15b42, - 0x2ca616165816b04e, 0x74f73a3ae83acdd2, 0xd2066969b9696fd0, 0x124109092409482d, - 0xe0d77070dd70a7ad, 0x716fb6b6e2b6d954, 0xbd1ed0d067d0ceb7, 0xc7d6eded93ed3b7e, - 0x85e2cccc17cc2edb, 0x8468424215422a57, 0x2d2c98985a98b4c2, 0x55eda4a4aaa4490e, - 0x50752828a0285d88, 0xb8865c5c6d5cda31, 0xed6bf8f8c7f8933f, 0x11c28686228644a4, - }, - { - 0x7830d818186018c0, 0xaf462623238c2305, 0xf991b8c6c63fc67e, 0x6fcdfbe8e887e813, - 0xa113cb878726874c, 0x626d11b8b8dab8a9, 0x0502090101040108, 0x6e9e0d4f4f214f42, - 0xee6c9b3636d836ad, 0x0451ffa6a6a2a659, 0xbdb90cd2d26fd2de, 0x06f70ef5f5f3f5fb, - 0x80f2967979f979ef, 0xcede306f6fa16f5f, 0xef3f6d91917e91fc, 0x07a4f852525552aa, - 0xfdc04760609d6027, 0x766535bcbccabc89, 0xcd2b379b9b569bac, 0x8c018a8e8e028e04, - 0x155bd2a3a3b6a371, 0x3c186c0c0c300c60, 0x8af6847b7bf17bff, 0xe16a803535d435b5, - 0x693af51d1d741de8, 0x47ddb3e0e0a7e053, 0xacb321d7d77bd7f6, 0xed999cc2c22fc25e, - 0x965c432e2eb82e6d, 0x7a96294b4b314b62, 0x21e15dfefedffea3, 0x16aed55757415782, - 0x412abd15155415a8, 0xb6eee87777c1779f, 0xeb6e923737dc37a5, 0x56d79ee5e5b3e57b, - 0xd923139f9f469f8c, 0x17fd23f0f0e7f0d3, 0x7f94204a4a354a6a, 0x95a944dada4fda9e, - 0x25b0a258587d58fa, 0xca8fcfc9c903c906, 0x8d527c2929a42955, 0x22145a0a0a280a50, - 0x4f7f50b1b1feb1e1, 0x1a5dc9a0a0baa069, 0xdad6146b6bb16b7f, 0xab17d985852e855c, - 0x73673cbdbdcebd81, 0x34ba8f5d5d695dd2, 0x5020901010401080, 0x03f507f4f4f7f4f3, - 0xc08bddcbcb0bcb16, 0xc67cd33e3ef83eed, 0x110a2d0505140528, 0xe6ce78676781671f, - 0x53d597e4e4b7e473, 0xbb4e0227279c2725, 0x5882734141194132, 0x9d0ba78b8b168b2c, - 0x0153f6a7a7a6a751, 0x94fab27d7de97dcf, 0xfb374995956e95dc, 0x9fad56d8d847d88e, - 0x30eb70fbfbcbfb8b, 0x71c1cdeeee9fee23, 0x91f8bb7c7ced7cc7, 0xe3cc716666856617, - 0x8ea77bdddd53dda6, 0x4b2eaf17175c17b8, 0x468e454747014702, 0xdc211a9e9e429e84, - 0xc589d4caca0fca1e, 0x995a582d2db42d75, 0x79632ebfbfc6bf91, 0x1b0e3f07071c0738, - 0x2347acadad8ead01, 0x2fb4b05a5a755aea, 0xb51bef838336836c, 0xff66b63333cc3385, - 0xf2c65c636391633f, 0x0a04120202080210, 0x384993aaaa92aa39, 0xa8e2de7171d971af, - 0xcf8dc6c8c807c80e, 0x7d32d119196419c8, 0x70923b4949394972, 0x9aaf5fd9d943d986, - 0x1df931f2f2eff2c3, 0x48dba8e3e3abe34b, 0x2ab6b95b5b715be2, 0x920dbc88881a8834, - 0xc8293e9a9a529aa4, 0xbe4c0b262698262d, 0xfa64bf3232c8328d, 0x4a7d59b0b0fab0e9, - 0x6acff2e9e983e91b, 0x331e770f0f3c0f78, 0xa6b733d5d573d5e6, 0xba1df480803a8074, - 0x7c6127bebec2be99, 0xde87ebcdcd13cd26, 0xe468893434d034bd, 0x75903248483d487a, - 0x24e354ffffdbffab, 0x8ff48d7a7af57af7, 0xea3d6490907a90f4, 0x3ebe9d5f5f615fc2, - 0xa0403d202080201d, 0xd5d00f6868bd6867, 0x7234ca1a1a681ad0, 0x2c41b7aeae82ae19, - 0x5e757db4b4eab4c9, 0x19a8ce54544d549a, 0xe53b7f93937693ec, 0xaa442f222288220d, - 0xe9c86364648d6407, 0x12ff2af1f1e3f1db, 0xa2e6cc7373d173bf, 0x5a24821212481290, - 0x5d807a40401d403a, 0x2810480808200840, 0xe89b95c3c32bc356, 0x7bc5dfecec97ec33, - 0x90ab4ddbdb4bdb96, 0x1f5fc0a1a1bea161, 0x8307918d8d0e8d1c, 0xc97ac83d3df43df5, - 0xf1335b97976697cc, 0x0000000000000000, 0xd483f9cfcf1bcf36, 0x87566e2b2bac2b45, - 0xb3ece17676c57697, 0xb019e68282328264, 0xa9b128d6d67fd6fe, 0x7736c31b1b6c1bd8, - 0x5b7774b5b5eeb5c1, 0x2943beafaf86af11, 0xdfd41d6a6ab56a77, 0x0da0ea50505d50ba, - 0x4c8a574545094512, 0x18fb38f3f3ebf3cb, 0xf060ad3030c0309d, 0x74c3c4efef9bef2b, - 0xc37eda3f3ffc3fe5, 0x1caac75555495592, 0x1059dba2a2b2a279, 0x65c9e9eaea8fea03, - 0xecca6a656589650f, 0x686903babad2bab9, 0x935e4a2f2fbc2f65, 0xe79d8ec0c027c04e, - 0x81a160dede5fdebe, 0x6c38fc1c1c701ce0, 0x2ee746fdfdd3fdbb, 0x649a1f4d4d294d52, - 0xe0397692927292e4, 0xbceafa7575c9758f, 0x1e0c360606180630, 0x9809ae8a8a128a24, - 0x40794bb2b2f2b2f9, 0x59d185e6e6bfe663, 0x361c7e0e0e380e70, 0x633ee71f1f7c1ff8, - 0xf7c4556262956237, 0xa3b53ad4d477d4ee, 0x324d81a8a89aa829, 0xf4315296966296c4, - 0x3aef62f9f9c3f99b, 0xf697a3c5c533c566, 0xb14a102525942535, 0x20b2ab59597959f2, - 0xae15d084842a8454, 0xa7e4c57272d572b7, 0xdd72ec3939e439d5, 0x6198164c4c2d4c5a, - 0x3bbc945e5e655eca, 0x85f09f7878fd78e7, 0xd870e53838e038dd, 0x8605988c8c0a8c14, - 0xb2bf17d1d163d1c6, 0x0b57e4a5a5aea541, 0x4dd9a1e2e2afe243, 0xf8c24e616199612f, - 0x457b42b3b3f6b3f1, 0xa542342121842115, 0xd625089c9c4a9c94, 0x663cee1e1e781ef0, - 0x5286614343114322, 0xfc93b1c7c73bc776, 0x2be54ffcfcd7fcb3, 0x1408240404100420, - 0x08a2e351515951b2, 0xc72f2599995e99bc, 0xc4da226d6da96d4f, 0x391a650d0d340d68, - 0x35e979fafacffa83, 0x84a369dfdf5bdfb6, 0x9bfca97e7ee57ed7, 0xb44819242490243d, - 0xd776fe3b3bec3bc5, 0x3d4b9aabab96ab31, 0xd181f0cece1fce3e, 0x5522991111441188, - 0x8903838f8f068f0c, 0x6b9c044e4e254e4a, 0x517366b7b7e6b7d1, 0x60cbe0ebeb8beb0b, - 0xcc78c13c3cf03cfd, 0xbf1ffd81813e817c, 0xfe354094946a94d4, 0x0cf31cf7f7fbf7eb, - 0x676f18b9b9deb9a1, 0x5f268b13134c1398, 0x9c58512c2cb02c7d, 0xb8bb05d3d36bd3d6, - 0x5cd38ce7e7bbe76b, 0xcbdc396e6ea56e57, 0xf395aac4c437c46e, 0x0f061b03030c0318, - 0x13acdc565645568a, 0x49885e44440d441a, 0x9efea07f7fe17fdf, 0x374f88a9a99ea921, - 0x8254672a2aa82a4d, 0x6d6b0abbbbd6bbb1, 0xe29f87c1c123c146, 0x02a6f153535153a2, - 0x8ba572dcdc57dcae, 0x2716530b0b2c0b58, 0xd327019d9d4e9d9c, 0xc1d82b6c6cad6c47, - 0xf562a43131c43195, 0xb9e8f37474cd7487, 0x09f115f6f6fff6e3, 0x438c4c464605460a, - 0x2645a5acac8aac09, 0x970fb589891e893c, 0x4428b414145014a0, 0x42dfbae1e1a3e15b, - 0x4e2ca616165816b0, 0xd274f73a3ae83acd, 0xd0d2066969b9696f, 0x2d12410909240948, - 0xade0d77070dd70a7, 0x54716fb6b6e2b6d9, 0xb7bd1ed0d067d0ce, 0x7ec7d6eded93ed3b, - 0xdb85e2cccc17cc2e, 0x578468424215422a, 0xc22d2c98985a98b4, 0x0e55eda4a4aaa449, - 0x8850752828a0285d, 0x31b8865c5c6d5cda, 0x3fed6bf8f8c7f893, 0xa411c28686228644, - }, - { - 0xc07830d818186018, 0x05af462623238c23, 0x7ef991b8c6c63fc6, 0x136fcdfbe8e887e8, - 0x4ca113cb87872687, 0xa9626d11b8b8dab8, 0x0805020901010401, 0x426e9e0d4f4f214f, - 0xadee6c9b3636d836, 0x590451ffa6a6a2a6, 0xdebdb90cd2d26fd2, 0xfb06f70ef5f5f3f5, - 0xef80f2967979f979, 0x5fcede306f6fa16f, 0xfcef3f6d91917e91, 0xaa07a4f852525552, - 0x27fdc04760609d60, 0x89766535bcbccabc, 0xaccd2b379b9b569b, 0x048c018a8e8e028e, - 0x71155bd2a3a3b6a3, 0x603c186c0c0c300c, 0xff8af6847b7bf17b, 0xb5e16a803535d435, - 0xe8693af51d1d741d, 0x5347ddb3e0e0a7e0, 0xf6acb321d7d77bd7, 0x5eed999cc2c22fc2, - 0x6d965c432e2eb82e, 0x627a96294b4b314b, 0xa321e15dfefedffe, 0x8216aed557574157, - 0xa8412abd15155415, 0x9fb6eee87777c177, 0xa5eb6e923737dc37, 0x7b56d79ee5e5b3e5, - 0x8cd923139f9f469f, 0xd317fd23f0f0e7f0, 0x6a7f94204a4a354a, 0x9e95a944dada4fda, - 0xfa25b0a258587d58, 0x06ca8fcfc9c903c9, 0x558d527c2929a429, 0x5022145a0a0a280a, - 0xe14f7f50b1b1feb1, 0x691a5dc9a0a0baa0, 0x7fdad6146b6bb16b, 0x5cab17d985852e85, - 0x8173673cbdbdcebd, 0xd234ba8f5d5d695d, 0x8050209010104010, 0xf303f507f4f4f7f4, - 0x16c08bddcbcb0bcb, 0xedc67cd33e3ef83e, 0x28110a2d05051405, 0x1fe6ce7867678167, - 0x7353d597e4e4b7e4, 0x25bb4e0227279c27, 0x3258827341411941, 0x2c9d0ba78b8b168b, - 0x510153f6a7a7a6a7, 0xcf94fab27d7de97d, 0xdcfb374995956e95, 0x8e9fad56d8d847d8, - 0x8b30eb70fbfbcbfb, 0x2371c1cdeeee9fee, 0xc791f8bb7c7ced7c, 0x17e3cc7166668566, - 0xa68ea77bdddd53dd, 0xb84b2eaf17175c17, 0x02468e4547470147, 0x84dc211a9e9e429e, - 0x1ec589d4caca0fca, 0x75995a582d2db42d, 0x9179632ebfbfc6bf, 0x381b0e3f07071c07, - 0x012347acadad8ead, 0xea2fb4b05a5a755a, 0x6cb51bef83833683, 0x85ff66b63333cc33, - 0x3ff2c65c63639163, 0x100a041202020802, 0x39384993aaaa92aa, 0xafa8e2de7171d971, - 0x0ecf8dc6c8c807c8, 0xc87d32d119196419, 0x7270923b49493949, 0x869aaf5fd9d943d9, - 0xc31df931f2f2eff2, 0x4b48dba8e3e3abe3, 0xe22ab6b95b5b715b, 0x34920dbc88881a88, - 0xa4c8293e9a9a529a, 0x2dbe4c0b26269826, 0x8dfa64bf3232c832, 0xe94a7d59b0b0fab0, - 0x1b6acff2e9e983e9, 0x78331e770f0f3c0f, 0xe6a6b733d5d573d5, 0x74ba1df480803a80, - 0x997c6127bebec2be, 0x26de87ebcdcd13cd, 0xbde468893434d034, 0x7a75903248483d48, - 0xab24e354ffffdbff, 0xf78ff48d7a7af57a, 0xf4ea3d6490907a90, 0xc23ebe9d5f5f615f, - 0x1da0403d20208020, 0x67d5d00f6868bd68, 0xd07234ca1a1a681a, 0x192c41b7aeae82ae, - 0xc95e757db4b4eab4, 0x9a19a8ce54544d54, 0xece53b7f93937693, 0x0daa442f22228822, - 0x07e9c86364648d64, 0xdb12ff2af1f1e3f1, 0xbfa2e6cc7373d173, 0x905a248212124812, - 0x3a5d807a40401d40, 0x4028104808082008, 0x56e89b95c3c32bc3, 0x337bc5dfecec97ec, - 0x9690ab4ddbdb4bdb, 0x611f5fc0a1a1bea1, 0x1c8307918d8d0e8d, 0xf5c97ac83d3df43d, - 0xccf1335b97976697, 0x0000000000000000, 0x36d483f9cfcf1bcf, 0x4587566e2b2bac2b, - 0x97b3ece17676c576, 0x64b019e682823282, 0xfea9b128d6d67fd6, 0xd87736c31b1b6c1b, - 0xc15b7774b5b5eeb5, 0x112943beafaf86af, 0x77dfd41d6a6ab56a, 0xba0da0ea50505d50, - 0x124c8a5745450945, 0xcb18fb38f3f3ebf3, 0x9df060ad3030c030, 0x2b74c3c4efef9bef, - 0xe5c37eda3f3ffc3f, 0x921caac755554955, 0x791059dba2a2b2a2, 0x0365c9e9eaea8fea, - 0x0fecca6a65658965, 0xb9686903babad2ba, 0x65935e4a2f2fbc2f, 0x4ee79d8ec0c027c0, - 0xbe81a160dede5fde, 0xe06c38fc1c1c701c, 0xbb2ee746fdfdd3fd, 0x52649a1f4d4d294d, - 0xe4e0397692927292, 0x8fbceafa7575c975, 0x301e0c3606061806, 0x249809ae8a8a128a, - 0xf940794bb2b2f2b2, 0x6359d185e6e6bfe6, 0x70361c7e0e0e380e, 0xf8633ee71f1f7c1f, - 0x37f7c45562629562, 0xeea3b53ad4d477d4, 0x29324d81a8a89aa8, 0xc4f4315296966296, - 0x9b3aef62f9f9c3f9, 0x66f697a3c5c533c5, 0x35b14a1025259425, 0xf220b2ab59597959, - 0x54ae15d084842a84, 0xb7a7e4c57272d572, 0xd5dd72ec3939e439, 0x5a6198164c4c2d4c, - 0xca3bbc945e5e655e, 0xe785f09f7878fd78, 0xddd870e53838e038, 0x148605988c8c0a8c, - 0xc6b2bf17d1d163d1, 0x410b57e4a5a5aea5, 0x434dd9a1e2e2afe2, 0x2ff8c24e61619961, - 0xf1457b42b3b3f6b3, 0x15a5423421218421, 0x94d625089c9c4a9c, 0xf0663cee1e1e781e, - 0x2252866143431143, 0x76fc93b1c7c73bc7, 0xb32be54ffcfcd7fc, 0x2014082404041004, - 0xb208a2e351515951, 0xbcc72f2599995e99, 0x4fc4da226d6da96d, 0x68391a650d0d340d, - 0x8335e979fafacffa, 0xb684a369dfdf5bdf, 0xd79bfca97e7ee57e, 0x3db4481924249024, - 0xc5d776fe3b3bec3b, 0x313d4b9aabab96ab, 0x3ed181f0cece1fce, 0x8855229911114411, - 0x0c8903838f8f068f, 0x4a6b9c044e4e254e, 0xd1517366b7b7e6b7, 0x0b60cbe0ebeb8beb, - 0xfdcc78c13c3cf03c, 0x7cbf1ffd81813e81, 0xd4fe354094946a94, 0xeb0cf31cf7f7fbf7, - 0xa1676f18b9b9deb9, 0x985f268b13134c13, 0x7d9c58512c2cb02c, 0xd6b8bb05d3d36bd3, - 0x6b5cd38ce7e7bbe7, 0x57cbdc396e6ea56e, 0x6ef395aac4c437c4, 0x180f061b03030c03, - 0x8a13acdc56564556, 0x1a49885e44440d44, 0xdf9efea07f7fe17f, 0x21374f88a9a99ea9, - 0x4d8254672a2aa82a, 0xb16d6b0abbbbd6bb, 0x46e29f87c1c123c1, 0xa202a6f153535153, - 0xae8ba572dcdc57dc, 0x582716530b0b2c0b, 0x9cd327019d9d4e9d, 0x47c1d82b6c6cad6c, - 0x95f562a43131c431, 0x87b9e8f37474cd74, 0xe309f115f6f6fff6, 0x0a438c4c46460546, - 0x092645a5acac8aac, 0x3c970fb589891e89, 0xa04428b414145014, 0x5b42dfbae1e1a3e1, - 0xb04e2ca616165816, 0xcdd274f73a3ae83a, 0x6fd0d2066969b969, 0x482d124109092409, - 0xa7ade0d77070dd70, 0xd954716fb6b6e2b6, 0xceb7bd1ed0d067d0, 0x3b7ec7d6eded93ed, - 0x2edb85e2cccc17cc, 0x2a57846842421542, 0xb4c22d2c98985a98, 0x490e55eda4a4aaa4, - 0x5d8850752828a028, 0xda31b8865c5c6d5c, 0x933fed6bf8f8c7f8, 0x44a411c286862286, - }, - { - 0x18c07830d8181860, 0x2305af462623238c, 0xc67ef991b8c6c63f, 0xe8136fcdfbe8e887, - 0x874ca113cb878726, 0xb8a9626d11b8b8da, 0x0108050209010104, 0x4f426e9e0d4f4f21, - 0x36adee6c9b3636d8, 0xa6590451ffa6a6a2, 0xd2debdb90cd2d26f, 0xf5fb06f70ef5f5f3, - 0x79ef80f2967979f9, 0x6f5fcede306f6fa1, 0x91fcef3f6d91917e, 0x52aa07a4f8525255, - 0x6027fdc04760609d, 0xbc89766535bcbcca, 0x9baccd2b379b9b56, 0x8e048c018a8e8e02, - 0xa371155bd2a3a3b6, 0x0c603c186c0c0c30, 0x7bff8af6847b7bf1, 0x35b5e16a803535d4, - 0x1de8693af51d1d74, 0xe05347ddb3e0e0a7, 0xd7f6acb321d7d77b, 0xc25eed999cc2c22f, - 0x2e6d965c432e2eb8, 0x4b627a96294b4b31, 0xfea321e15dfefedf, 0x578216aed5575741, - 0x15a8412abd151554, 0x779fb6eee87777c1, 0x37a5eb6e923737dc, 0xe57b56d79ee5e5b3, - 0x9f8cd923139f9f46, 0xf0d317fd23f0f0e7, 0x4a6a7f94204a4a35, 0xda9e95a944dada4f, - 0x58fa25b0a258587d, 0xc906ca8fcfc9c903, 0x29558d527c2929a4, 0x0a5022145a0a0a28, - 0xb1e14f7f50b1b1fe, 0xa0691a5dc9a0a0ba, 0x6b7fdad6146b6bb1, 0x855cab17d985852e, - 0xbd8173673cbdbdce, 0x5dd234ba8f5d5d69, 0x1080502090101040, 0xf4f303f507f4f4f7, - 0xcb16c08bddcbcb0b, 0x3eedc67cd33e3ef8, 0x0528110a2d050514, 0x671fe6ce78676781, - 0xe47353d597e4e4b7, 0x2725bb4e0227279c, 0x4132588273414119, 0x8b2c9d0ba78b8b16, - 0xa7510153f6a7a7a6, 0x7dcf94fab27d7de9, 0x95dcfb374995956e, 0xd88e9fad56d8d847, - 0xfb8b30eb70fbfbcb, 0xee2371c1cdeeee9f, 0x7cc791f8bb7c7ced, 0x6617e3cc71666685, - 0xdda68ea77bdddd53, 0x17b84b2eaf17175c, 0x4702468e45474701, 0x9e84dc211a9e9e42, - 0xca1ec589d4caca0f, 0x2d75995a582d2db4, 0xbf9179632ebfbfc6, 0x07381b0e3f07071c, - 0xad012347acadad8e, 0x5aea2fb4b05a5a75, 0x836cb51bef838336, 0x3385ff66b63333cc, - 0x633ff2c65c636391, 0x02100a0412020208, 0xaa39384993aaaa92, 0x71afa8e2de7171d9, - 0xc80ecf8dc6c8c807, 0x19c87d32d1191964, 0x497270923b494939, 0xd9869aaf5fd9d943, - 0xf2c31df931f2f2ef, 0xe34b48dba8e3e3ab, 0x5be22ab6b95b5b71, 0x8834920dbc88881a, - 0x9aa4c8293e9a9a52, 0x262dbe4c0b262698, 0x328dfa64bf3232c8, 0xb0e94a7d59b0b0fa, - 0xe91b6acff2e9e983, 0x0f78331e770f0f3c, 0xd5e6a6b733d5d573, 0x8074ba1df480803a, - 0xbe997c6127bebec2, 0xcd26de87ebcdcd13, 0x34bde468893434d0, 0x487a75903248483d, - 0xffab24e354ffffdb, 0x7af78ff48d7a7af5, 0x90f4ea3d6490907a, 0x5fc23ebe9d5f5f61, - 0x201da0403d202080, 0x6867d5d00f6868bd, 0x1ad07234ca1a1a68, 0xae192c41b7aeae82, - 0xb4c95e757db4b4ea, 0x549a19a8ce54544d, 0x93ece53b7f939376, 0x220daa442f222288, - 0x6407e9c86364648d, 0xf1db12ff2af1f1e3, 0x73bfa2e6cc7373d1, 0x12905a2482121248, - 0x403a5d807a40401d, 0x0840281048080820, 0xc356e89b95c3c32b, 0xec337bc5dfecec97, - 0xdb9690ab4ddbdb4b, 0xa1611f5fc0a1a1be, 0x8d1c8307918d8d0e, 0x3df5c97ac83d3df4, - 0x97ccf1335b979766, 0x0000000000000000, 0xcf36d483f9cfcf1b, 0x2b4587566e2b2bac, - 0x7697b3ece17676c5, 0x8264b019e6828232, 0xd6fea9b128d6d67f, 0x1bd87736c31b1b6c, - 0xb5c15b7774b5b5ee, 0xaf112943beafaf86, 0x6a77dfd41d6a6ab5, 0x50ba0da0ea50505d, - 0x45124c8a57454509, 0xf3cb18fb38f3f3eb, 0x309df060ad3030c0, 0xef2b74c3c4efef9b, - 0x3fe5c37eda3f3ffc, 0x55921caac7555549, 0xa2791059dba2a2b2, 0xea0365c9e9eaea8f, - 0x650fecca6a656589, 0xbab9686903babad2, 0x2f65935e4a2f2fbc, 0xc04ee79d8ec0c027, - 0xdebe81a160dede5f, 0x1ce06c38fc1c1c70, 0xfdbb2ee746fdfdd3, 0x4d52649a1f4d4d29, - 0x92e4e03976929272, 0x758fbceafa7575c9, 0x06301e0c36060618, 0x8a249809ae8a8a12, - 0xb2f940794bb2b2f2, 0xe66359d185e6e6bf, 0x0e70361c7e0e0e38, 0x1ff8633ee71f1f7c, - 0x6237f7c455626295, 0xd4eea3b53ad4d477, 0xa829324d81a8a89a, 0x96c4f43152969662, - 0xf99b3aef62f9f9c3, 0xc566f697a3c5c533, 0x2535b14a10252594, 0x59f220b2ab595979, - 0x8454ae15d084842a, 0x72b7a7e4c57272d5, 0x39d5dd72ec3939e4, 0x4c5a6198164c4c2d, - 0x5eca3bbc945e5e65, 0x78e785f09f7878fd, 0x38ddd870e53838e0, 0x8c148605988c8c0a, - 0xd1c6b2bf17d1d163, 0xa5410b57e4a5a5ae, 0xe2434dd9a1e2e2af, 0x612ff8c24e616199, - 0xb3f1457b42b3b3f6, 0x2115a54234212184, 0x9c94d625089c9c4a, 0x1ef0663cee1e1e78, - 0x4322528661434311, 0xc776fc93b1c7c73b, 0xfcb32be54ffcfcd7, 0x0420140824040410, - 0x51b208a2e3515159, 0x99bcc72f2599995e, 0x6d4fc4da226d6da9, 0x0d68391a650d0d34, - 0xfa8335e979fafacf, 0xdfb684a369dfdf5b, 0x7ed79bfca97e7ee5, 0x243db44819242490, - 0x3bc5d776fe3b3bec, 0xab313d4b9aabab96, 0xce3ed181f0cece1f, 0x1188552299111144, - 0x8f0c8903838f8f06, 0x4e4a6b9c044e4e25, 0xb7d1517366b7b7e6, 0xeb0b60cbe0ebeb8b, - 0x3cfdcc78c13c3cf0, 0x817cbf1ffd81813e, 0x94d4fe354094946a, 0xf7eb0cf31cf7f7fb, - 0xb9a1676f18b9b9de, 0x13985f268b13134c, 0x2c7d9c58512c2cb0, 0xd3d6b8bb05d3d36b, - 0xe76b5cd38ce7e7bb, 0x6e57cbdc396e6ea5, 0xc46ef395aac4c437, 0x03180f061b03030c, - 0x568a13acdc565645, 0x441a49885e44440d, 0x7fdf9efea07f7fe1, 0xa921374f88a9a99e, - 0x2a4d8254672a2aa8, 0xbbb16d6b0abbbbd6, 0xc146e29f87c1c123, 0x53a202a6f1535351, - 0xdcae8ba572dcdc57, 0x0b582716530b0b2c, 0x9d9cd327019d9d4e, 0x6c47c1d82b6c6cad, - 0x3195f562a43131c4, 0x7487b9e8f37474cd, 0xf6e309f115f6f6ff, 0x460a438c4c464605, - 0xac092645a5acac8a, 0x893c970fb589891e, 0x14a04428b4141450, 0xe15b42dfbae1e1a3, - 0x16b04e2ca6161658, 0x3acdd274f73a3ae8, 0x696fd0d2066969b9, 0x09482d1241090924, - 0x70a7ade0d77070dd, 0xb6d954716fb6b6e2, 0xd0ceb7bd1ed0d067, 0xed3b7ec7d6eded93, - 0xcc2edb85e2cccc17, 0x422a578468424215, 0x98b4c22d2c98985a, 0xa4490e55eda4a4aa, - 0x285d8850752828a0, 0x5cda31b8865c5c6d, 0xf8933fed6bf8f8c7, 0x8644a411c2868622, - }, - { - 0x6018c07830d81818, 0x8c2305af46262323, 0x3fc67ef991b8c6c6, 0x87e8136fcdfbe8e8, - 0x26874ca113cb8787, 0xdab8a9626d11b8b8, 0x0401080502090101, 0x214f426e9e0d4f4f, - 0xd836adee6c9b3636, 0xa2a6590451ffa6a6, 0x6fd2debdb90cd2d2, 0xf3f5fb06f70ef5f5, - 0xf979ef80f2967979, 0xa16f5fcede306f6f, 0x7e91fcef3f6d9191, 0x5552aa07a4f85252, - 0x9d6027fdc0476060, 0xcabc89766535bcbc, 0x569baccd2b379b9b, 0x028e048c018a8e8e, - 0xb6a371155bd2a3a3, 0x300c603c186c0c0c, 0xf17bff8af6847b7b, 0xd435b5e16a803535, - 0x741de8693af51d1d, 0xa7e05347ddb3e0e0, 0x7bd7f6acb321d7d7, 0x2fc25eed999cc2c2, - 0xb82e6d965c432e2e, 0x314b627a96294b4b, 0xdffea321e15dfefe, 0x41578216aed55757, - 0x5415a8412abd1515, 0xc1779fb6eee87777, 0xdc37a5eb6e923737, 0xb3e57b56d79ee5e5, - 0x469f8cd923139f9f, 0xe7f0d317fd23f0f0, 0x354a6a7f94204a4a, 0x4fda9e95a944dada, - 0x7d58fa25b0a25858, 0x03c906ca8fcfc9c9, 0xa429558d527c2929, 0x280a5022145a0a0a, - 0xfeb1e14f7f50b1b1, 0xbaa0691a5dc9a0a0, 0xb16b7fdad6146b6b, 0x2e855cab17d98585, - 0xcebd8173673cbdbd, 0x695dd234ba8f5d5d, 0x4010805020901010, 0xf7f4f303f507f4f4, - 0x0bcb16c08bddcbcb, 0xf83eedc67cd33e3e, 0x140528110a2d0505, 0x81671fe6ce786767, - 0xb7e47353d597e4e4, 0x9c2725bb4e022727, 0x1941325882734141, 0x168b2c9d0ba78b8b, - 0xa6a7510153f6a7a7, 0xe97dcf94fab27d7d, 0x6e95dcfb37499595, 0x47d88e9fad56d8d8, - 0xcbfb8b30eb70fbfb, 0x9fee2371c1cdeeee, 0xed7cc791f8bb7c7c, 0x856617e3cc716666, - 0x53dda68ea77bdddd, 0x5c17b84b2eaf1717, 0x014702468e454747, 0x429e84dc211a9e9e, - 0x0fca1ec589d4caca, 0xb42d75995a582d2d, 0xc6bf9179632ebfbf, 0x1c07381b0e3f0707, - 0x8ead012347acadad, 0x755aea2fb4b05a5a, 0x36836cb51bef8383, 0xcc3385ff66b63333, - 0x91633ff2c65c6363, 0x0802100a04120202, 0x92aa39384993aaaa, 0xd971afa8e2de7171, - 0x07c80ecf8dc6c8c8, 0x6419c87d32d11919, 0x39497270923b4949, 0x43d9869aaf5fd9d9, - 0xeff2c31df931f2f2, 0xabe34b48dba8e3e3, 0x715be22ab6b95b5b, 0x1a8834920dbc8888, - 0x529aa4c8293e9a9a, 0x98262dbe4c0b2626, 0xc8328dfa64bf3232, 0xfab0e94a7d59b0b0, - 0x83e91b6acff2e9e9, 0x3c0f78331e770f0f, 0x73d5e6a6b733d5d5, 0x3a8074ba1df48080, - 0xc2be997c6127bebe, 0x13cd26de87ebcdcd, 0xd034bde468893434, 0x3d487a7590324848, - 0xdbffab24e354ffff, 0xf57af78ff48d7a7a, 0x7a90f4ea3d649090, 0x615fc23ebe9d5f5f, - 0x80201da0403d2020, 0xbd6867d5d00f6868, 0x681ad07234ca1a1a, 0x82ae192c41b7aeae, - 0xeab4c95e757db4b4, 0x4d549a19a8ce5454, 0x7693ece53b7f9393, 0x88220daa442f2222, - 0x8d6407e9c8636464, 0xe3f1db12ff2af1f1, 0xd173bfa2e6cc7373, 0x4812905a24821212, - 0x1d403a5d807a4040, 0x2008402810480808, 0x2bc356e89b95c3c3, 0x97ec337bc5dfecec, - 0x4bdb9690ab4ddbdb, 0xbea1611f5fc0a1a1, 0x0e8d1c8307918d8d, 0xf43df5c97ac83d3d, - 0x6697ccf1335b9797, 0x0000000000000000, 0x1bcf36d483f9cfcf, 0xac2b4587566e2b2b, - 0xc57697b3ece17676, 0x328264b019e68282, 0x7fd6fea9b128d6d6, 0x6c1bd87736c31b1b, - 0xeeb5c15b7774b5b5, 0x86af112943beafaf, 0xb56a77dfd41d6a6a, 0x5d50ba0da0ea5050, - 0x0945124c8a574545, 0xebf3cb18fb38f3f3, 0xc0309df060ad3030, 0x9bef2b74c3c4efef, - 0xfc3fe5c37eda3f3f, 0x4955921caac75555, 0xb2a2791059dba2a2, 0x8fea0365c9e9eaea, - 0x89650fecca6a6565, 0xd2bab9686903baba, 0xbc2f65935e4a2f2f, 0x27c04ee79d8ec0c0, - 0x5fdebe81a160dede, 0x701ce06c38fc1c1c, 0xd3fdbb2ee746fdfd, 0x294d52649a1f4d4d, - 0x7292e4e039769292, 0xc9758fbceafa7575, 0x1806301e0c360606, 0x128a249809ae8a8a, - 0xf2b2f940794bb2b2, 0xbfe66359d185e6e6, 0x380e70361c7e0e0e, 0x7c1ff8633ee71f1f, - 0x956237f7c4556262, 0x77d4eea3b53ad4d4, 0x9aa829324d81a8a8, 0x6296c4f431529696, - 0xc3f99b3aef62f9f9, 0x33c566f697a3c5c5, 0x942535b14a102525, 0x7959f220b2ab5959, - 0x2a8454ae15d08484, 0xd572b7a7e4c57272, 0xe439d5dd72ec3939, 0x2d4c5a6198164c4c, - 0x655eca3bbc945e5e, 0xfd78e785f09f7878, 0xe038ddd870e53838, 0x0a8c148605988c8c, - 0x63d1c6b2bf17d1d1, 0xaea5410b57e4a5a5, 0xafe2434dd9a1e2e2, 0x99612ff8c24e6161, - 0xf6b3f1457b42b3b3, 0x842115a542342121, 0x4a9c94d625089c9c, 0x781ef0663cee1e1e, - 0x1143225286614343, 0x3bc776fc93b1c7c7, 0xd7fcb32be54ffcfc, 0x1004201408240404, - 0x5951b208a2e35151, 0x5e99bcc72f259999, 0xa96d4fc4da226d6d, 0x340d68391a650d0d, - 0xcffa8335e979fafa, 0x5bdfb684a369dfdf, 0xe57ed79bfca97e7e, 0x90243db448192424, - 0xec3bc5d776fe3b3b, 0x96ab313d4b9aabab, 0x1fce3ed181f0cece, 0x4411885522991111, - 0x068f0c8903838f8f, 0x254e4a6b9c044e4e, 0xe6b7d1517366b7b7, 0x8beb0b60cbe0ebeb, - 0xf03cfdcc78c13c3c, 0x3e817cbf1ffd8181, 0x6a94d4fe35409494, 0xfbf7eb0cf31cf7f7, - 0xdeb9a1676f18b9b9, 0x4c13985f268b1313, 0xb02c7d9c58512c2c, 0x6bd3d6b8bb05d3d3, - 0xbbe76b5cd38ce7e7, 0xa56e57cbdc396e6e, 0x37c46ef395aac4c4, 0x0c03180f061b0303, - 0x45568a13acdc5656, 0x0d441a49885e4444, 0xe17fdf9efea07f7f, 0x9ea921374f88a9a9, - 0xa82a4d8254672a2a, 0xd6bbb16d6b0abbbb, 0x23c146e29f87c1c1, 0x5153a202a6f15353, - 0x57dcae8ba572dcdc, 0x2c0b582716530b0b, 0x4e9d9cd327019d9d, 0xad6c47c1d82b6c6c, - 0xc43195f562a43131, 0xcd7487b9e8f37474, 0xfff6e309f115f6f6, 0x05460a438c4c4646, - 0x8aac092645a5acac, 0x1e893c970fb58989, 0x5014a04428b41414, 0xa3e15b42dfbae1e1, - 0x5816b04e2ca61616, 0xe83acdd274f73a3a, 0xb9696fd0d2066969, 0x2409482d12410909, - 0xdd70a7ade0d77070, 0xe2b6d954716fb6b6, 0x67d0ceb7bd1ed0d0, 0x93ed3b7ec7d6eded, - 0x17cc2edb85e2cccc, 0x15422a5784684242, 0x5a98b4c22d2c9898, 0xaaa4490e55eda4a4, - 0xa0285d8850752828, 0x6d5cda31b8865c5c, 0xc7f8933fed6bf8f8, 0x228644a411c28686, - }, - { - 0x186018c07830d818, 0x238c2305af462623, 0xc63fc67ef991b8c6, 0xe887e8136fcdfbe8, - 0x8726874ca113cb87, 0xb8dab8a9626d11b8, 0x0104010805020901, 0x4f214f426e9e0d4f, - 0x36d836adee6c9b36, 0xa6a2a6590451ffa6, 0xd26fd2debdb90cd2, 0xf5f3f5fb06f70ef5, - 0x79f979ef80f29679, 0x6fa16f5fcede306f, 0x917e91fcef3f6d91, 0x525552aa07a4f852, - 0x609d6027fdc04760, 0xbccabc89766535bc, 0x9b569baccd2b379b, 0x8e028e048c018a8e, - 0xa3b6a371155bd2a3, 0x0c300c603c186c0c, 0x7bf17bff8af6847b, 0x35d435b5e16a8035, - 0x1d741de8693af51d, 0xe0a7e05347ddb3e0, 0xd77bd7f6acb321d7, 0xc22fc25eed999cc2, - 0x2eb82e6d965c432e, 0x4b314b627a96294b, 0xfedffea321e15dfe, 0x5741578216aed557, - 0x155415a8412abd15, 0x77c1779fb6eee877, 0x37dc37a5eb6e9237, 0xe5b3e57b56d79ee5, - 0x9f469f8cd923139f, 0xf0e7f0d317fd23f0, 0x4a354a6a7f94204a, 0xda4fda9e95a944da, - 0x587d58fa25b0a258, 0xc903c906ca8fcfc9, 0x29a429558d527c29, 0x0a280a5022145a0a, - 0xb1feb1e14f7f50b1, 0xa0baa0691a5dc9a0, 0x6bb16b7fdad6146b, 0x852e855cab17d985, - 0xbdcebd8173673cbd, 0x5d695dd234ba8f5d, 0x1040108050209010, 0xf4f7f4f303f507f4, - 0xcb0bcb16c08bddcb, 0x3ef83eedc67cd33e, 0x05140528110a2d05, 0x6781671fe6ce7867, - 0xe4b7e47353d597e4, 0x279c2725bb4e0227, 0x4119413258827341, 0x8b168b2c9d0ba78b, - 0xa7a6a7510153f6a7, 0x7de97dcf94fab27d, 0x956e95dcfb374995, 0xd847d88e9fad56d8, - 0xfbcbfb8b30eb70fb, 0xee9fee2371c1cdee, 0x7ced7cc791f8bb7c, 0x66856617e3cc7166, - 0xdd53dda68ea77bdd, 0x175c17b84b2eaf17, 0x47014702468e4547, 0x9e429e84dc211a9e, - 0xca0fca1ec589d4ca, 0x2db42d75995a582d, 0xbfc6bf9179632ebf, 0x071c07381b0e3f07, - 0xad8ead012347acad, 0x5a755aea2fb4b05a, 0x8336836cb51bef83, 0x33cc3385ff66b633, - 0x6391633ff2c65c63, 0x020802100a041202, 0xaa92aa39384993aa, 0x71d971afa8e2de71, - 0xc807c80ecf8dc6c8, 0x196419c87d32d119, 0x4939497270923b49, 0xd943d9869aaf5fd9, - 0xf2eff2c31df931f2, 0xe3abe34b48dba8e3, 0x5b715be22ab6b95b, 0x881a8834920dbc88, - 0x9a529aa4c8293e9a, 0x2698262dbe4c0b26, 0x32c8328dfa64bf32, 0xb0fab0e94a7d59b0, - 0xe983e91b6acff2e9, 0x0f3c0f78331e770f, 0xd573d5e6a6b733d5, 0x803a8074ba1df480, - 0xbec2be997c6127be, 0xcd13cd26de87ebcd, 0x34d034bde4688934, 0x483d487a75903248, - 0xffdbffab24e354ff, 0x7af57af78ff48d7a, 0x907a90f4ea3d6490, 0x5f615fc23ebe9d5f, - 0x2080201da0403d20, 0x68bd6867d5d00f68, 0x1a681ad07234ca1a, 0xae82ae192c41b7ae, - 0xb4eab4c95e757db4, 0x544d549a19a8ce54, 0x937693ece53b7f93, 0x2288220daa442f22, - 0x648d6407e9c86364, 0xf1e3f1db12ff2af1, 0x73d173bfa2e6cc73, 0x124812905a248212, - 0x401d403a5d807a40, 0x0820084028104808, 0xc32bc356e89b95c3, 0xec97ec337bc5dfec, - 0xdb4bdb9690ab4ddb, 0xa1bea1611f5fc0a1, 0x8d0e8d1c8307918d, 0x3df43df5c97ac83d, - 0x976697ccf1335b97, 0x0000000000000000, 0xcf1bcf36d483f9cf, 0x2bac2b4587566e2b, - 0x76c57697b3ece176, 0x82328264b019e682, 0xd67fd6fea9b128d6, 0x1b6c1bd87736c31b, - 0xb5eeb5c15b7774b5, 0xaf86af112943beaf, 0x6ab56a77dfd41d6a, 0x505d50ba0da0ea50, - 0x450945124c8a5745, 0xf3ebf3cb18fb38f3, 0x30c0309df060ad30, 0xef9bef2b74c3c4ef, - 0x3ffc3fe5c37eda3f, 0x554955921caac755, 0xa2b2a2791059dba2, 0xea8fea0365c9e9ea, - 0x6589650fecca6a65, 0xbad2bab9686903ba, 0x2fbc2f65935e4a2f, 0xc027c04ee79d8ec0, - 0xde5fdebe81a160de, 0x1c701ce06c38fc1c, 0xfdd3fdbb2ee746fd, 0x4d294d52649a1f4d, - 0x927292e4e0397692, 0x75c9758fbceafa75, 0x061806301e0c3606, 0x8a128a249809ae8a, - 0xb2f2b2f940794bb2, 0xe6bfe66359d185e6, 0x0e380e70361c7e0e, 0x1f7c1ff8633ee71f, - 0x62956237f7c45562, 0xd477d4eea3b53ad4, 0xa89aa829324d81a8, 0x966296c4f4315296, - 0xf9c3f99b3aef62f9, 0xc533c566f697a3c5, 0x25942535b14a1025, 0x597959f220b2ab59, - 0x842a8454ae15d084, 0x72d572b7a7e4c572, 0x39e439d5dd72ec39, 0x4c2d4c5a6198164c, - 0x5e655eca3bbc945e, 0x78fd78e785f09f78, 0x38e038ddd870e538, 0x8c0a8c148605988c, - 0xd163d1c6b2bf17d1, 0xa5aea5410b57e4a5, 0xe2afe2434dd9a1e2, 0x6199612ff8c24e61, - 0xb3f6b3f1457b42b3, 0x21842115a5423421, 0x9c4a9c94d625089c, 0x1e781ef0663cee1e, - 0x4311432252866143, 0xc73bc776fc93b1c7, 0xfcd7fcb32be54ffc, 0x0410042014082404, - 0x515951b208a2e351, 0x995e99bcc72f2599, 0x6da96d4fc4da226d, 0x0d340d68391a650d, - 0xfacffa8335e979fa, 0xdf5bdfb684a369df, 0x7ee57ed79bfca97e, 0x2490243db4481924, - 0x3bec3bc5d776fe3b, 0xab96ab313d4b9aab, 0xce1fce3ed181f0ce, 0x1144118855229911, - 0x8f068f0c8903838f, 0x4e254e4a6b9c044e, 0xb7e6b7d1517366b7, 0xeb8beb0b60cbe0eb, - 0x3cf03cfdcc78c13c, 0x813e817cbf1ffd81, 0x946a94d4fe354094, 0xf7fbf7eb0cf31cf7, - 0xb9deb9a1676f18b9, 0x134c13985f268b13, 0x2cb02c7d9c58512c, 0xd36bd3d6b8bb05d3, - 0xe7bbe76b5cd38ce7, 0x6ea56e57cbdc396e, 0xc437c46ef395aac4, 0x030c03180f061b03, - 0x5645568a13acdc56, 0x440d441a49885e44, 0x7fe17fdf9efea07f, 0xa99ea921374f88a9, - 0x2aa82a4d8254672a, 0xbbd6bbb16d6b0abb, 0xc123c146e29f87c1, 0x535153a202a6f153, - 0xdc57dcae8ba572dc, 0x0b2c0b582716530b, 0x9d4e9d9cd327019d, 0x6cad6c47c1d82b6c, - 0x31c43195f562a431, 0x74cd7487b9e8f374, 0xf6fff6e309f115f6, 0x4605460a438c4c46, - 0xac8aac092645a5ac, 0x891e893c970fb589, 0x145014a04428b414, 0xe1a3e15b42dfbae1, - 0x165816b04e2ca616, 0x3ae83acdd274f73a, 0x69b9696fd0d20669, 0x092409482d124109, - 0x70dd70a7ade0d770, 0xb6e2b6d954716fb6, 0xd067d0ceb7bd1ed0, 0xed93ed3b7ec7d6ed, - 0xcc17cc2edb85e2cc, 0x4215422a57846842, 0x985a98b4c22d2c98, 0xa4aaa4490e55eda4, - 0x28a0285d88507528, 0x5c6d5cda31b8865c, 0xf8c7f8933fed6bf8, 0x86228644a411c286, - }, + 0x18186018c07830d8, 0x23238c2305af4626, 0xc6c63fc67ef991b8, 0xe8e887e8136fcdfb, + 0x878726874ca113cb, 0xb8b8dab8a9626d11, 0x0101040108050209, 0x4f4f214f426e9e0d, + 0x3636d836adee6c9b, 0xa6a6a2a6590451ff, 0xd2d26fd2debdb90c, 0xf5f5f3f5fb06f70e, + 0x7979f979ef80f296, 0x6f6fa16f5fcede30, 0x91917e91fcef3f6d, 0x52525552aa07a4f8, + 0x60609d6027fdc047, 0xbcbccabc89766535, 0x9b9b569baccd2b37, 0x8e8e028e048c018a, + 0xa3a3b6a371155bd2, 0x0c0c300c603c186c, 0x7b7bf17bff8af684, 0x3535d435b5e16a80, + 0x1d1d741de8693af5, 0xe0e0a7e05347ddb3, 0xd7d77bd7f6acb321, 0xc2c22fc25eed999c, + 0x2e2eb82e6d965c43, 0x4b4b314b627a9629, 0xfefedffea321e15d, 0x575741578216aed5, + 0x15155415a8412abd, 0x7777c1779fb6eee8, 0x3737dc37a5eb6e92, 0xe5e5b3e57b56d79e, + 0x9f9f469f8cd92313, 0xf0f0e7f0d317fd23, 0x4a4a354a6a7f9420, 0xdada4fda9e95a944, + 0x58587d58fa25b0a2, 0xc9c903c906ca8fcf, 0x2929a429558d527c, 0x0a0a280a5022145a, + 0xb1b1feb1e14f7f50, 0xa0a0baa0691a5dc9, 0x6b6bb16b7fdad614, 0x85852e855cab17d9, + 0xbdbdcebd8173673c, 0x5d5d695dd234ba8f, 0x1010401080502090, 0xf4f4f7f4f303f507, + 0xcbcb0bcb16c08bdd, 0x3e3ef83eedc67cd3, 0x0505140528110a2d, 0x676781671fe6ce78, + 0xe4e4b7e47353d597, 0x27279c2725bb4e02, 0x4141194132588273, 0x8b8b168b2c9d0ba7, + 0xa7a7a6a7510153f6, 0x7d7de97dcf94fab2, 0x95956e95dcfb3749, 0xd8d847d88e9fad56, + 0xfbfbcbfb8b30eb70, 0xeeee9fee2371c1cd, 0x7c7ced7cc791f8bb, 0x6666856617e3cc71, + 0xdddd53dda68ea77b, 0x17175c17b84b2eaf, 0x4747014702468e45, 0x9e9e429e84dc211a, + 0xcaca0fca1ec589d4, 0x2d2db42d75995a58, 0xbfbfc6bf9179632e, 0x07071c07381b0e3f, + 0xadad8ead012347ac, 0x5a5a755aea2fb4b0, 0x838336836cb51bef, 0x3333cc3385ff66b6, + 0x636391633ff2c65c, 0x02020802100a0412, 0xaaaa92aa39384993, 0x7171d971afa8e2de, + 0xc8c807c80ecf8dc6, 0x19196419c87d32d1, 0x494939497270923b, 0xd9d943d9869aaf5f, + 0xf2f2eff2c31df931, 0xe3e3abe34b48dba8, 0x5b5b715be22ab6b9, 0x88881a8834920dbc, + 0x9a9a529aa4c8293e, 0x262698262dbe4c0b, 0x3232c8328dfa64bf, 0xb0b0fab0e94a7d59, + 0xe9e983e91b6acff2, 0x0f0f3c0f78331e77, 0xd5d573d5e6a6b733, 0x80803a8074ba1df4, + 0xbebec2be997c6127, 0xcdcd13cd26de87eb, 0x3434d034bde46889, 0x48483d487a759032, + 0xffffdbffab24e354, 0x7a7af57af78ff48d, 0x90907a90f4ea3d64, 0x5f5f615fc23ebe9d, + 0x202080201da0403d, 0x6868bd6867d5d00f, 0x1a1a681ad07234ca, 0xaeae82ae192c41b7, + 0xb4b4eab4c95e757d, 0x54544d549a19a8ce, 0x93937693ece53b7f, 0x222288220daa442f, + 0x64648d6407e9c863, 0xf1f1e3f1db12ff2a, 0x7373d173bfa2e6cc, 0x12124812905a2482, + 0x40401d403a5d807a, 0x0808200840281048, 0xc3c32bc356e89b95, 0xecec97ec337bc5df, + 0xdbdb4bdb9690ab4d, 0xa1a1bea1611f5fc0, 0x8d8d0e8d1c830791, 0x3d3df43df5c97ac8, + 0x97976697ccf1335b, 0x0000000000000000, 0xcfcf1bcf36d483f9, 0x2b2bac2b4587566e, + 0x7676c57697b3ece1, 0x8282328264b019e6, 0xd6d67fd6fea9b128, 0x1b1b6c1bd87736c3, + 0xb5b5eeb5c15b7774, 0xafaf86af112943be, 0x6a6ab56a77dfd41d, 0x50505d50ba0da0ea, + 0x45450945124c8a57, 0xf3f3ebf3cb18fb38, 0x3030c0309df060ad, 0xefef9bef2b74c3c4, + 0x3f3ffc3fe5c37eda, 0x55554955921caac7, 0xa2a2b2a2791059db, 0xeaea8fea0365c9e9, + 0x656589650fecca6a, 0xbabad2bab9686903, 0x2f2fbc2f65935e4a, 0xc0c027c04ee79d8e, + 0xdede5fdebe81a160, 0x1c1c701ce06c38fc, 0xfdfdd3fdbb2ee746, 0x4d4d294d52649a1f, + 0x92927292e4e03976, 0x7575c9758fbceafa, 0x06061806301e0c36, 0x8a8a128a249809ae, + 0xb2b2f2b2f940794b, 0xe6e6bfe66359d185, 0x0e0e380e70361c7e, 0x1f1f7c1ff8633ee7, + 0x6262956237f7c455, 0xd4d477d4eea3b53a, 0xa8a89aa829324d81, 0x96966296c4f43152, + 0xf9f9c3f99b3aef62, 0xc5c533c566f697a3, 0x2525942535b14a10, 0x59597959f220b2ab, + 0x84842a8454ae15d0, 0x7272d572b7a7e4c5, 0x3939e439d5dd72ec, 0x4c4c2d4c5a619816, + 0x5e5e655eca3bbc94, 0x7878fd78e785f09f, 0x3838e038ddd870e5, 0x8c8c0a8c14860598, + 0xd1d163d1c6b2bf17, 0xa5a5aea5410b57e4, 0xe2e2afe2434dd9a1, 0x616199612ff8c24e, + 0xb3b3f6b3f1457b42, 0x2121842115a54234, 0x9c9c4a9c94d62508, 0x1e1e781ef0663cee, + 0x4343114322528661, 0xc7c73bc776fc93b1, 0xfcfcd7fcb32be54f, 0x0404100420140824, + 0x51515951b208a2e3, 0x99995e99bcc72f25, 0x6d6da96d4fc4da22, 0x0d0d340d68391a65, + 0xfafacffa8335e979, 0xdfdf5bdfb684a369, 0x7e7ee57ed79bfca9, 0x242490243db44819, + 0x3b3bec3bc5d776fe, 0xabab96ab313d4b9a, 0xcece1fce3ed181f0, 0x1111441188552299, + 0x8f8f068f0c890383, 0x4e4e254e4a6b9c04, 0xb7b7e6b7d1517366, 0xebeb8beb0b60cbe0, + 0x3c3cf03cfdcc78c1, 0x81813e817cbf1ffd, 0x94946a94d4fe3540, 0xf7f7fbf7eb0cf31c, + 0xb9b9deb9a1676f18, 0x13134c13985f268b, 0x2c2cb02c7d9c5851, 0xd3d36bd3d6b8bb05, + 0xe7e7bbe76b5cd38c, 0x6e6ea56e57cbdc39, 0xc4c437c46ef395aa, 0x03030c03180f061b, + 0x565645568a13acdc, 0x44440d441a49885e, 0x7f7fe17fdf9efea0, 0xa9a99ea921374f88, + 0x2a2aa82a4d825467, 0xbbbbd6bbb16d6b0a, 0xc1c123c146e29f87, 0x53535153a202a6f1, + 0xdcdc57dcae8ba572, 0x0b0b2c0b58271653, 0x9d9d4e9d9cd32701, 0x6c6cad6c47c1d82b, + 0x3131c43195f562a4, 0x7474cd7487b9e8f3, 0xf6f6fff6e309f115, 0x464605460a438c4c, + 0xacac8aac092645a5, 0x89891e893c970fb5, 0x14145014a04428b4, 0xe1e1a3e15b42dfba, + 0x16165816b04e2ca6, 0x3a3ae83acdd274f7, 0x6969b9696fd0d206, 0x09092409482d1241, + 0x7070dd70a7ade0d7, 0xb6b6e2b6d954716f, 0xd0d067d0ceb7bd1e, 0xeded93ed3b7ec7d6, + 0xcccc17cc2edb85e2, 0x424215422a578468, 0x98985a98b4c22d2c, 0xa4a4aaa4490e55ed, + 0x2828a0285d885075, 0x5c5c6d5cda31b886, 0xf8f8c7f8933fed6b, 0x8686228644a411c2, +}; + +CONSTANT_VK u64a MT1[256] = +{ + 0xd818186018c07830, 0x2623238c2305af46, 0xb8c6c63fc67ef991, 0xfbe8e887e8136fcd, + 0xcb878726874ca113, 0x11b8b8dab8a9626d, 0x0901010401080502, 0x0d4f4f214f426e9e, + 0x9b3636d836adee6c, 0xffa6a6a2a6590451, 0x0cd2d26fd2debdb9, 0x0ef5f5f3f5fb06f7, + 0x967979f979ef80f2, 0x306f6fa16f5fcede, 0x6d91917e91fcef3f, 0xf852525552aa07a4, + 0x4760609d6027fdc0, 0x35bcbccabc897665, 0x379b9b569baccd2b, 0x8a8e8e028e048c01, + 0xd2a3a3b6a371155b, 0x6c0c0c300c603c18, 0x847b7bf17bff8af6, 0x803535d435b5e16a, + 0xf51d1d741de8693a, 0xb3e0e0a7e05347dd, 0x21d7d77bd7f6acb3, 0x9cc2c22fc25eed99, + 0x432e2eb82e6d965c, 0x294b4b314b627a96, 0x5dfefedffea321e1, 0xd5575741578216ae, + 0xbd15155415a8412a, 0xe87777c1779fb6ee, 0x923737dc37a5eb6e, 0x9ee5e5b3e57b56d7, + 0x139f9f469f8cd923, 0x23f0f0e7f0d317fd, 0x204a4a354a6a7f94, 0x44dada4fda9e95a9, + 0xa258587d58fa25b0, 0xcfc9c903c906ca8f, 0x7c2929a429558d52, 0x5a0a0a280a502214, + 0x50b1b1feb1e14f7f, 0xc9a0a0baa0691a5d, 0x146b6bb16b7fdad6, 0xd985852e855cab17, + 0x3cbdbdcebd817367, 0x8f5d5d695dd234ba, 0x9010104010805020, 0x07f4f4f7f4f303f5, + 0xddcbcb0bcb16c08b, 0xd33e3ef83eedc67c, 0x2d0505140528110a, 0x78676781671fe6ce, + 0x97e4e4b7e47353d5, 0x0227279c2725bb4e, 0x7341411941325882, 0xa78b8b168b2c9d0b, + 0xf6a7a7a6a7510153, 0xb27d7de97dcf94fa, 0x4995956e95dcfb37, 0x56d8d847d88e9fad, + 0x70fbfbcbfb8b30eb, 0xcdeeee9fee2371c1, 0xbb7c7ced7cc791f8, 0x716666856617e3cc, + 0x7bdddd53dda68ea7, 0xaf17175c17b84b2e, 0x454747014702468e, 0x1a9e9e429e84dc21, + 0xd4caca0fca1ec589, 0x582d2db42d75995a, 0x2ebfbfc6bf917963, 0x3f07071c07381b0e, + 0xacadad8ead012347, 0xb05a5a755aea2fb4, 0xef838336836cb51b, 0xb63333cc3385ff66, + 0x5c636391633ff2c6, 0x1202020802100a04, 0x93aaaa92aa393849, 0xde7171d971afa8e2, + 0xc6c8c807c80ecf8d, 0xd119196419c87d32, 0x3b49493949727092, 0x5fd9d943d9869aaf, + 0x31f2f2eff2c31df9, 0xa8e3e3abe34b48db, 0xb95b5b715be22ab6, 0xbc88881a8834920d, + 0x3e9a9a529aa4c829, 0x0b262698262dbe4c, 0xbf3232c8328dfa64, 0x59b0b0fab0e94a7d, + 0xf2e9e983e91b6acf, 0x770f0f3c0f78331e, 0x33d5d573d5e6a6b7, 0xf480803a8074ba1d, + 0x27bebec2be997c61, 0xebcdcd13cd26de87, 0x893434d034bde468, 0x3248483d487a7590, + 0x54ffffdbffab24e3, 0x8d7a7af57af78ff4, 0x6490907a90f4ea3d, 0x9d5f5f615fc23ebe, + 0x3d202080201da040, 0x0f6868bd6867d5d0, 0xca1a1a681ad07234, 0xb7aeae82ae192c41, + 0x7db4b4eab4c95e75, 0xce54544d549a19a8, 0x7f93937693ece53b, 0x2f222288220daa44, + 0x6364648d6407e9c8, 0x2af1f1e3f1db12ff, 0xcc7373d173bfa2e6, 0x8212124812905a24, + 0x7a40401d403a5d80, 0x4808082008402810, 0x95c3c32bc356e89b, 0xdfecec97ec337bc5, + 0x4ddbdb4bdb9690ab, 0xc0a1a1bea1611f5f, 0x918d8d0e8d1c8307, 0xc83d3df43df5c97a, + 0x5b97976697ccf133, 0x0000000000000000, 0xf9cfcf1bcf36d483, 0x6e2b2bac2b458756, + 0xe17676c57697b3ec, 0xe68282328264b019, 0x28d6d67fd6fea9b1, 0xc31b1b6c1bd87736, + 0x74b5b5eeb5c15b77, 0xbeafaf86af112943, 0x1d6a6ab56a77dfd4, 0xea50505d50ba0da0, + 0x5745450945124c8a, 0x38f3f3ebf3cb18fb, 0xad3030c0309df060, 0xc4efef9bef2b74c3, + 0xda3f3ffc3fe5c37e, 0xc755554955921caa, 0xdba2a2b2a2791059, 0xe9eaea8fea0365c9, + 0x6a656589650fecca, 0x03babad2bab96869, 0x4a2f2fbc2f65935e, 0x8ec0c027c04ee79d, + 0x60dede5fdebe81a1, 0xfc1c1c701ce06c38, 0x46fdfdd3fdbb2ee7, 0x1f4d4d294d52649a, + 0x7692927292e4e039, 0xfa7575c9758fbcea, 0x3606061806301e0c, 0xae8a8a128a249809, + 0x4bb2b2f2b2f94079, 0x85e6e6bfe66359d1, 0x7e0e0e380e70361c, 0xe71f1f7c1ff8633e, + 0x556262956237f7c4, 0x3ad4d477d4eea3b5, 0x81a8a89aa829324d, 0x5296966296c4f431, + 0x62f9f9c3f99b3aef, 0xa3c5c533c566f697, 0x102525942535b14a, 0xab59597959f220b2, + 0xd084842a8454ae15, 0xc57272d572b7a7e4, 0xec3939e439d5dd72, 0x164c4c2d4c5a6198, + 0x945e5e655eca3bbc, 0x9f7878fd78e785f0, 0xe53838e038ddd870, 0x988c8c0a8c148605, + 0x17d1d163d1c6b2bf, 0xe4a5a5aea5410b57, 0xa1e2e2afe2434dd9, 0x4e616199612ff8c2, + 0x42b3b3f6b3f1457b, 0x342121842115a542, 0x089c9c4a9c94d625, 0xee1e1e781ef0663c, + 0x6143431143225286, 0xb1c7c73bc776fc93, 0x4ffcfcd7fcb32be5, 0x2404041004201408, + 0xe351515951b208a2, 0x2599995e99bcc72f, 0x226d6da96d4fc4da, 0x650d0d340d68391a, + 0x79fafacffa8335e9, 0x69dfdf5bdfb684a3, 0xa97e7ee57ed79bfc, 0x19242490243db448, + 0xfe3b3bec3bc5d776, 0x9aabab96ab313d4b, 0xf0cece1fce3ed181, 0x9911114411885522, + 0x838f8f068f0c8903, 0x044e4e254e4a6b9c, 0x66b7b7e6b7d15173, 0xe0ebeb8beb0b60cb, + 0xc13c3cf03cfdcc78, 0xfd81813e817cbf1f, 0x4094946a94d4fe35, 0x1cf7f7fbf7eb0cf3, + 0x18b9b9deb9a1676f, 0x8b13134c13985f26, 0x512c2cb02c7d9c58, 0x05d3d36bd3d6b8bb, + 0x8ce7e7bbe76b5cd3, 0x396e6ea56e57cbdc, 0xaac4c437c46ef395, 0x1b03030c03180f06, + 0xdc565645568a13ac, 0x5e44440d441a4988, 0xa07f7fe17fdf9efe, 0x88a9a99ea921374f, + 0x672a2aa82a4d8254, 0x0abbbbd6bbb16d6b, 0x87c1c123c146e29f, 0xf153535153a202a6, + 0x72dcdc57dcae8ba5, 0x530b0b2c0b582716, 0x019d9d4e9d9cd327, 0x2b6c6cad6c47c1d8, + 0xa43131c43195f562, 0xf37474cd7487b9e8, 0x15f6f6fff6e309f1, 0x4c464605460a438c, + 0xa5acac8aac092645, 0xb589891e893c970f, 0xb414145014a04428, 0xbae1e1a3e15b42df, + 0xa616165816b04e2c, 0xf73a3ae83acdd274, 0x066969b9696fd0d2, 0x4109092409482d12, + 0xd77070dd70a7ade0, 0x6fb6b6e2b6d95471, 0x1ed0d067d0ceb7bd, 0xd6eded93ed3b7ec7, + 0xe2cccc17cc2edb85, 0x68424215422a5784, 0x2c98985a98b4c22d, 0xeda4a4aaa4490e55, + 0x752828a0285d8850, 0x865c5c6d5cda31b8, 0x6bf8f8c7f8933fed, 0xc28686228644a411, +}; + +CONSTANT_VK u64a MT2[256] = +{ + 0x30d818186018c078, 0x462623238c2305af, 0x91b8c6c63fc67ef9, 0xcdfbe8e887e8136f, + 0x13cb878726874ca1, 0x6d11b8b8dab8a962, 0x0209010104010805, 0x9e0d4f4f214f426e, + 0x6c9b3636d836adee, 0x51ffa6a6a2a65904, 0xb90cd2d26fd2debd, 0xf70ef5f5f3f5fb06, + 0xf2967979f979ef80, 0xde306f6fa16f5fce, 0x3f6d91917e91fcef, 0xa4f852525552aa07, + 0xc04760609d6027fd, 0x6535bcbccabc8976, 0x2b379b9b569baccd, 0x018a8e8e028e048c, + 0x5bd2a3a3b6a37115, 0x186c0c0c300c603c, 0xf6847b7bf17bff8a, 0x6a803535d435b5e1, + 0x3af51d1d741de869, 0xddb3e0e0a7e05347, 0xb321d7d77bd7f6ac, 0x999cc2c22fc25eed, + 0x5c432e2eb82e6d96, 0x96294b4b314b627a, 0xe15dfefedffea321, 0xaed5575741578216, + 0x2abd15155415a841, 0xeee87777c1779fb6, 0x6e923737dc37a5eb, 0xd79ee5e5b3e57b56, + 0x23139f9f469f8cd9, 0xfd23f0f0e7f0d317, 0x94204a4a354a6a7f, 0xa944dada4fda9e95, + 0xb0a258587d58fa25, 0x8fcfc9c903c906ca, 0x527c2929a429558d, 0x145a0a0a280a5022, + 0x7f50b1b1feb1e14f, 0x5dc9a0a0baa0691a, 0xd6146b6bb16b7fda, 0x17d985852e855cab, + 0x673cbdbdcebd8173, 0xba8f5d5d695dd234, 0x2090101040108050, 0xf507f4f4f7f4f303, + 0x8bddcbcb0bcb16c0, 0x7cd33e3ef83eedc6, 0x0a2d050514052811, 0xce78676781671fe6, + 0xd597e4e4b7e47353, 0x4e0227279c2725bb, 0x8273414119413258, 0x0ba78b8b168b2c9d, + 0x53f6a7a7a6a75101, 0xfab27d7de97dcf94, 0x374995956e95dcfb, 0xad56d8d847d88e9f, + 0xeb70fbfbcbfb8b30, 0xc1cdeeee9fee2371, 0xf8bb7c7ced7cc791, 0xcc716666856617e3, + 0xa77bdddd53dda68e, 0x2eaf17175c17b84b, 0x8e45474701470246, 0x211a9e9e429e84dc, + 0x89d4caca0fca1ec5, 0x5a582d2db42d7599, 0x632ebfbfc6bf9179, 0x0e3f07071c07381b, + 0x47acadad8ead0123, 0xb4b05a5a755aea2f, 0x1bef838336836cb5, 0x66b63333cc3385ff, + 0xc65c636391633ff2, 0x041202020802100a, 0x4993aaaa92aa3938, 0xe2de7171d971afa8, + 0x8dc6c8c807c80ecf, 0x32d119196419c87d, 0x923b494939497270, 0xaf5fd9d943d9869a, + 0xf931f2f2eff2c31d, 0xdba8e3e3abe34b48, 0xb6b95b5b715be22a, 0x0dbc88881a883492, + 0x293e9a9a529aa4c8, 0x4c0b262698262dbe, 0x64bf3232c8328dfa, 0x7d59b0b0fab0e94a, + 0xcff2e9e983e91b6a, 0x1e770f0f3c0f7833, 0xb733d5d573d5e6a6, 0x1df480803a8074ba, + 0x6127bebec2be997c, 0x87ebcdcd13cd26de, 0x68893434d034bde4, 0x903248483d487a75, + 0xe354ffffdbffab24, 0xf48d7a7af57af78f, 0x3d6490907a90f4ea, 0xbe9d5f5f615fc23e, + 0x403d202080201da0, 0xd00f6868bd6867d5, 0x34ca1a1a681ad072, 0x41b7aeae82ae192c, + 0x757db4b4eab4c95e, 0xa8ce54544d549a19, 0x3b7f93937693ece5, 0x442f222288220daa, + 0xc86364648d6407e9, 0xff2af1f1e3f1db12, 0xe6cc7373d173bfa2, 0x248212124812905a, + 0x807a40401d403a5d, 0x1048080820084028, 0x9b95c3c32bc356e8, 0xc5dfecec97ec337b, + 0xab4ddbdb4bdb9690, 0x5fc0a1a1bea1611f, 0x07918d8d0e8d1c83, 0x7ac83d3df43df5c9, + 0x335b97976697ccf1, 0x0000000000000000, 0x83f9cfcf1bcf36d4, 0x566e2b2bac2b4587, + 0xece17676c57697b3, 0x19e68282328264b0, 0xb128d6d67fd6fea9, 0x36c31b1b6c1bd877, + 0x7774b5b5eeb5c15b, 0x43beafaf86af1129, 0xd41d6a6ab56a77df, 0xa0ea50505d50ba0d, + 0x8a5745450945124c, 0xfb38f3f3ebf3cb18, 0x60ad3030c0309df0, 0xc3c4efef9bef2b74, + 0x7eda3f3ffc3fe5c3, 0xaac755554955921c, 0x59dba2a2b2a27910, 0xc9e9eaea8fea0365, + 0xca6a656589650fec, 0x6903babad2bab968, 0x5e4a2f2fbc2f6593, 0x9d8ec0c027c04ee7, + 0xa160dede5fdebe81, 0x38fc1c1c701ce06c, 0xe746fdfdd3fdbb2e, 0x9a1f4d4d294d5264, + 0x397692927292e4e0, 0xeafa7575c9758fbc, 0x0c3606061806301e, 0x09ae8a8a128a2498, + 0x794bb2b2f2b2f940, 0xd185e6e6bfe66359, 0x1c7e0e0e380e7036, 0x3ee71f1f7c1ff863, + 0xc4556262956237f7, 0xb53ad4d477d4eea3, 0x4d81a8a89aa82932, 0x315296966296c4f4, + 0xef62f9f9c3f99b3a, 0x97a3c5c533c566f6, 0x4a102525942535b1, 0xb2ab59597959f220, + 0x15d084842a8454ae, 0xe4c57272d572b7a7, 0x72ec3939e439d5dd, 0x98164c4c2d4c5a61, + 0xbc945e5e655eca3b, 0xf09f7878fd78e785, 0x70e53838e038ddd8, 0x05988c8c0a8c1486, + 0xbf17d1d163d1c6b2, 0x57e4a5a5aea5410b, 0xd9a1e2e2afe2434d, 0xc24e616199612ff8, + 0x7b42b3b3f6b3f145, 0x42342121842115a5, 0x25089c9c4a9c94d6, 0x3cee1e1e781ef066, + 0x8661434311432252, 0x93b1c7c73bc776fc, 0xe54ffcfcd7fcb32b, 0x0824040410042014, + 0xa2e351515951b208, 0x2f2599995e99bcc7, 0xda226d6da96d4fc4, 0x1a650d0d340d6839, + 0xe979fafacffa8335, 0xa369dfdf5bdfb684, 0xfca97e7ee57ed79b, 0x4819242490243db4, + 0x76fe3b3bec3bc5d7, 0x4b9aabab96ab313d, 0x81f0cece1fce3ed1, 0x2299111144118855, + 0x03838f8f068f0c89, 0x9c044e4e254e4a6b, 0x7366b7b7e6b7d151, 0xcbe0ebeb8beb0b60, + 0x78c13c3cf03cfdcc, 0x1ffd81813e817cbf, 0x354094946a94d4fe, 0xf31cf7f7fbf7eb0c, + 0x6f18b9b9deb9a167, 0x268b13134c13985f, 0x58512c2cb02c7d9c, 0xbb05d3d36bd3d6b8, + 0xd38ce7e7bbe76b5c, 0xdc396e6ea56e57cb, 0x95aac4c437c46ef3, 0x061b03030c03180f, + 0xacdc565645568a13, 0x885e44440d441a49, 0xfea07f7fe17fdf9e, 0x4f88a9a99ea92137, + 0x54672a2aa82a4d82, 0x6b0abbbbd6bbb16d, 0x9f87c1c123c146e2, 0xa6f153535153a202, + 0xa572dcdc57dcae8b, 0x16530b0b2c0b5827, 0x27019d9d4e9d9cd3, 0xd82b6c6cad6c47c1, + 0x62a43131c43195f5, 0xe8f37474cd7487b9, 0xf115f6f6fff6e309, 0x8c4c464605460a43, + 0x45a5acac8aac0926, 0x0fb589891e893c97, 0x28b414145014a044, 0xdfbae1e1a3e15b42, + 0x2ca616165816b04e, 0x74f73a3ae83acdd2, 0xd2066969b9696fd0, 0x124109092409482d, + 0xe0d77070dd70a7ad, 0x716fb6b6e2b6d954, 0xbd1ed0d067d0ceb7, 0xc7d6eded93ed3b7e, + 0x85e2cccc17cc2edb, 0x8468424215422a57, 0x2d2c98985a98b4c2, 0x55eda4a4aaa4490e, + 0x50752828a0285d88, 0xb8865c5c6d5cda31, 0xed6bf8f8c7f8933f, 0x11c28686228644a4, +}; + +CONSTANT_VK u64a MT3[256] = +{ + 0x7830d818186018c0, 0xaf462623238c2305, 0xf991b8c6c63fc67e, 0x6fcdfbe8e887e813, + 0xa113cb878726874c, 0x626d11b8b8dab8a9, 0x0502090101040108, 0x6e9e0d4f4f214f42, + 0xee6c9b3636d836ad, 0x0451ffa6a6a2a659, 0xbdb90cd2d26fd2de, 0x06f70ef5f5f3f5fb, + 0x80f2967979f979ef, 0xcede306f6fa16f5f, 0xef3f6d91917e91fc, 0x07a4f852525552aa, + 0xfdc04760609d6027, 0x766535bcbccabc89, 0xcd2b379b9b569bac, 0x8c018a8e8e028e04, + 0x155bd2a3a3b6a371, 0x3c186c0c0c300c60, 0x8af6847b7bf17bff, 0xe16a803535d435b5, + 0x693af51d1d741de8, 0x47ddb3e0e0a7e053, 0xacb321d7d77bd7f6, 0xed999cc2c22fc25e, + 0x965c432e2eb82e6d, 0x7a96294b4b314b62, 0x21e15dfefedffea3, 0x16aed55757415782, + 0x412abd15155415a8, 0xb6eee87777c1779f, 0xeb6e923737dc37a5, 0x56d79ee5e5b3e57b, + 0xd923139f9f469f8c, 0x17fd23f0f0e7f0d3, 0x7f94204a4a354a6a, 0x95a944dada4fda9e, + 0x25b0a258587d58fa, 0xca8fcfc9c903c906, 0x8d527c2929a42955, 0x22145a0a0a280a50, + 0x4f7f50b1b1feb1e1, 0x1a5dc9a0a0baa069, 0xdad6146b6bb16b7f, 0xab17d985852e855c, + 0x73673cbdbdcebd81, 0x34ba8f5d5d695dd2, 0x5020901010401080, 0x03f507f4f4f7f4f3, + 0xc08bddcbcb0bcb16, 0xc67cd33e3ef83eed, 0x110a2d0505140528, 0xe6ce78676781671f, + 0x53d597e4e4b7e473, 0xbb4e0227279c2725, 0x5882734141194132, 0x9d0ba78b8b168b2c, + 0x0153f6a7a7a6a751, 0x94fab27d7de97dcf, 0xfb374995956e95dc, 0x9fad56d8d847d88e, + 0x30eb70fbfbcbfb8b, 0x71c1cdeeee9fee23, 0x91f8bb7c7ced7cc7, 0xe3cc716666856617, + 0x8ea77bdddd53dda6, 0x4b2eaf17175c17b8, 0x468e454747014702, 0xdc211a9e9e429e84, + 0xc589d4caca0fca1e, 0x995a582d2db42d75, 0x79632ebfbfc6bf91, 0x1b0e3f07071c0738, + 0x2347acadad8ead01, 0x2fb4b05a5a755aea, 0xb51bef838336836c, 0xff66b63333cc3385, + 0xf2c65c636391633f, 0x0a04120202080210, 0x384993aaaa92aa39, 0xa8e2de7171d971af, + 0xcf8dc6c8c807c80e, 0x7d32d119196419c8, 0x70923b4949394972, 0x9aaf5fd9d943d986, + 0x1df931f2f2eff2c3, 0x48dba8e3e3abe34b, 0x2ab6b95b5b715be2, 0x920dbc88881a8834, + 0xc8293e9a9a529aa4, 0xbe4c0b262698262d, 0xfa64bf3232c8328d, 0x4a7d59b0b0fab0e9, + 0x6acff2e9e983e91b, 0x331e770f0f3c0f78, 0xa6b733d5d573d5e6, 0xba1df480803a8074, + 0x7c6127bebec2be99, 0xde87ebcdcd13cd26, 0xe468893434d034bd, 0x75903248483d487a, + 0x24e354ffffdbffab, 0x8ff48d7a7af57af7, 0xea3d6490907a90f4, 0x3ebe9d5f5f615fc2, + 0xa0403d202080201d, 0xd5d00f6868bd6867, 0x7234ca1a1a681ad0, 0x2c41b7aeae82ae19, + 0x5e757db4b4eab4c9, 0x19a8ce54544d549a, 0xe53b7f93937693ec, 0xaa442f222288220d, + 0xe9c86364648d6407, 0x12ff2af1f1e3f1db, 0xa2e6cc7373d173bf, 0x5a24821212481290, + 0x5d807a40401d403a, 0x2810480808200840, 0xe89b95c3c32bc356, 0x7bc5dfecec97ec33, + 0x90ab4ddbdb4bdb96, 0x1f5fc0a1a1bea161, 0x8307918d8d0e8d1c, 0xc97ac83d3df43df5, + 0xf1335b97976697cc, 0x0000000000000000, 0xd483f9cfcf1bcf36, 0x87566e2b2bac2b45, + 0xb3ece17676c57697, 0xb019e68282328264, 0xa9b128d6d67fd6fe, 0x7736c31b1b6c1bd8, + 0x5b7774b5b5eeb5c1, 0x2943beafaf86af11, 0xdfd41d6a6ab56a77, 0x0da0ea50505d50ba, + 0x4c8a574545094512, 0x18fb38f3f3ebf3cb, 0xf060ad3030c0309d, 0x74c3c4efef9bef2b, + 0xc37eda3f3ffc3fe5, 0x1caac75555495592, 0x1059dba2a2b2a279, 0x65c9e9eaea8fea03, + 0xecca6a656589650f, 0x686903babad2bab9, 0x935e4a2f2fbc2f65, 0xe79d8ec0c027c04e, + 0x81a160dede5fdebe, 0x6c38fc1c1c701ce0, 0x2ee746fdfdd3fdbb, 0x649a1f4d4d294d52, + 0xe0397692927292e4, 0xbceafa7575c9758f, 0x1e0c360606180630, 0x9809ae8a8a128a24, + 0x40794bb2b2f2b2f9, 0x59d185e6e6bfe663, 0x361c7e0e0e380e70, 0x633ee71f1f7c1ff8, + 0xf7c4556262956237, 0xa3b53ad4d477d4ee, 0x324d81a8a89aa829, 0xf4315296966296c4, + 0x3aef62f9f9c3f99b, 0xf697a3c5c533c566, 0xb14a102525942535, 0x20b2ab59597959f2, + 0xae15d084842a8454, 0xa7e4c57272d572b7, 0xdd72ec3939e439d5, 0x6198164c4c2d4c5a, + 0x3bbc945e5e655eca, 0x85f09f7878fd78e7, 0xd870e53838e038dd, 0x8605988c8c0a8c14, + 0xb2bf17d1d163d1c6, 0x0b57e4a5a5aea541, 0x4dd9a1e2e2afe243, 0xf8c24e616199612f, + 0x457b42b3b3f6b3f1, 0xa542342121842115, 0xd625089c9c4a9c94, 0x663cee1e1e781ef0, + 0x5286614343114322, 0xfc93b1c7c73bc776, 0x2be54ffcfcd7fcb3, 0x1408240404100420, + 0x08a2e351515951b2, 0xc72f2599995e99bc, 0xc4da226d6da96d4f, 0x391a650d0d340d68, + 0x35e979fafacffa83, 0x84a369dfdf5bdfb6, 0x9bfca97e7ee57ed7, 0xb44819242490243d, + 0xd776fe3b3bec3bc5, 0x3d4b9aabab96ab31, 0xd181f0cece1fce3e, 0x5522991111441188, + 0x8903838f8f068f0c, 0x6b9c044e4e254e4a, 0x517366b7b7e6b7d1, 0x60cbe0ebeb8beb0b, + 0xcc78c13c3cf03cfd, 0xbf1ffd81813e817c, 0xfe354094946a94d4, 0x0cf31cf7f7fbf7eb, + 0x676f18b9b9deb9a1, 0x5f268b13134c1398, 0x9c58512c2cb02c7d, 0xb8bb05d3d36bd3d6, + 0x5cd38ce7e7bbe76b, 0xcbdc396e6ea56e57, 0xf395aac4c437c46e, 0x0f061b03030c0318, + 0x13acdc565645568a, 0x49885e44440d441a, 0x9efea07f7fe17fdf, 0x374f88a9a99ea921, + 0x8254672a2aa82a4d, 0x6d6b0abbbbd6bbb1, 0xe29f87c1c123c146, 0x02a6f153535153a2, + 0x8ba572dcdc57dcae, 0x2716530b0b2c0b58, 0xd327019d9d4e9d9c, 0xc1d82b6c6cad6c47, + 0xf562a43131c43195, 0xb9e8f37474cd7487, 0x09f115f6f6fff6e3, 0x438c4c464605460a, + 0x2645a5acac8aac09, 0x970fb589891e893c, 0x4428b414145014a0, 0x42dfbae1e1a3e15b, + 0x4e2ca616165816b0, 0xd274f73a3ae83acd, 0xd0d2066969b9696f, 0x2d12410909240948, + 0xade0d77070dd70a7, 0x54716fb6b6e2b6d9, 0xb7bd1ed0d067d0ce, 0x7ec7d6eded93ed3b, + 0xdb85e2cccc17cc2e, 0x578468424215422a, 0xc22d2c98985a98b4, 0x0e55eda4a4aaa449, + 0x8850752828a0285d, 0x31b8865c5c6d5cda, 0x3fed6bf8f8c7f893, 0xa411c28686228644, +}; + +CONSTANT_VK u64a MT4[256] = +{ + 0xc07830d818186018, 0x05af462623238c23, 0x7ef991b8c6c63fc6, 0x136fcdfbe8e887e8, + 0x4ca113cb87872687, 0xa9626d11b8b8dab8, 0x0805020901010401, 0x426e9e0d4f4f214f, + 0xadee6c9b3636d836, 0x590451ffa6a6a2a6, 0xdebdb90cd2d26fd2, 0xfb06f70ef5f5f3f5, + 0xef80f2967979f979, 0x5fcede306f6fa16f, 0xfcef3f6d91917e91, 0xaa07a4f852525552, + 0x27fdc04760609d60, 0x89766535bcbccabc, 0xaccd2b379b9b569b, 0x048c018a8e8e028e, + 0x71155bd2a3a3b6a3, 0x603c186c0c0c300c, 0xff8af6847b7bf17b, 0xb5e16a803535d435, + 0xe8693af51d1d741d, 0x5347ddb3e0e0a7e0, 0xf6acb321d7d77bd7, 0x5eed999cc2c22fc2, + 0x6d965c432e2eb82e, 0x627a96294b4b314b, 0xa321e15dfefedffe, 0x8216aed557574157, + 0xa8412abd15155415, 0x9fb6eee87777c177, 0xa5eb6e923737dc37, 0x7b56d79ee5e5b3e5, + 0x8cd923139f9f469f, 0xd317fd23f0f0e7f0, 0x6a7f94204a4a354a, 0x9e95a944dada4fda, + 0xfa25b0a258587d58, 0x06ca8fcfc9c903c9, 0x558d527c2929a429, 0x5022145a0a0a280a, + 0xe14f7f50b1b1feb1, 0x691a5dc9a0a0baa0, 0x7fdad6146b6bb16b, 0x5cab17d985852e85, + 0x8173673cbdbdcebd, 0xd234ba8f5d5d695d, 0x8050209010104010, 0xf303f507f4f4f7f4, + 0x16c08bddcbcb0bcb, 0xedc67cd33e3ef83e, 0x28110a2d05051405, 0x1fe6ce7867678167, + 0x7353d597e4e4b7e4, 0x25bb4e0227279c27, 0x3258827341411941, 0x2c9d0ba78b8b168b, + 0x510153f6a7a7a6a7, 0xcf94fab27d7de97d, 0xdcfb374995956e95, 0x8e9fad56d8d847d8, + 0x8b30eb70fbfbcbfb, 0x2371c1cdeeee9fee, 0xc791f8bb7c7ced7c, 0x17e3cc7166668566, + 0xa68ea77bdddd53dd, 0xb84b2eaf17175c17, 0x02468e4547470147, 0x84dc211a9e9e429e, + 0x1ec589d4caca0fca, 0x75995a582d2db42d, 0x9179632ebfbfc6bf, 0x381b0e3f07071c07, + 0x012347acadad8ead, 0xea2fb4b05a5a755a, 0x6cb51bef83833683, 0x85ff66b63333cc33, + 0x3ff2c65c63639163, 0x100a041202020802, 0x39384993aaaa92aa, 0xafa8e2de7171d971, + 0x0ecf8dc6c8c807c8, 0xc87d32d119196419, 0x7270923b49493949, 0x869aaf5fd9d943d9, + 0xc31df931f2f2eff2, 0x4b48dba8e3e3abe3, 0xe22ab6b95b5b715b, 0x34920dbc88881a88, + 0xa4c8293e9a9a529a, 0x2dbe4c0b26269826, 0x8dfa64bf3232c832, 0xe94a7d59b0b0fab0, + 0x1b6acff2e9e983e9, 0x78331e770f0f3c0f, 0xe6a6b733d5d573d5, 0x74ba1df480803a80, + 0x997c6127bebec2be, 0x26de87ebcdcd13cd, 0xbde468893434d034, 0x7a75903248483d48, + 0xab24e354ffffdbff, 0xf78ff48d7a7af57a, 0xf4ea3d6490907a90, 0xc23ebe9d5f5f615f, + 0x1da0403d20208020, 0x67d5d00f6868bd68, 0xd07234ca1a1a681a, 0x192c41b7aeae82ae, + 0xc95e757db4b4eab4, 0x9a19a8ce54544d54, 0xece53b7f93937693, 0x0daa442f22228822, + 0x07e9c86364648d64, 0xdb12ff2af1f1e3f1, 0xbfa2e6cc7373d173, 0x905a248212124812, + 0x3a5d807a40401d40, 0x4028104808082008, 0x56e89b95c3c32bc3, 0x337bc5dfecec97ec, + 0x9690ab4ddbdb4bdb, 0x611f5fc0a1a1bea1, 0x1c8307918d8d0e8d, 0xf5c97ac83d3df43d, + 0xccf1335b97976697, 0x0000000000000000, 0x36d483f9cfcf1bcf, 0x4587566e2b2bac2b, + 0x97b3ece17676c576, 0x64b019e682823282, 0xfea9b128d6d67fd6, 0xd87736c31b1b6c1b, + 0xc15b7774b5b5eeb5, 0x112943beafaf86af, 0x77dfd41d6a6ab56a, 0xba0da0ea50505d50, + 0x124c8a5745450945, 0xcb18fb38f3f3ebf3, 0x9df060ad3030c030, 0x2b74c3c4efef9bef, + 0xe5c37eda3f3ffc3f, 0x921caac755554955, 0x791059dba2a2b2a2, 0x0365c9e9eaea8fea, + 0x0fecca6a65658965, 0xb9686903babad2ba, 0x65935e4a2f2fbc2f, 0x4ee79d8ec0c027c0, + 0xbe81a160dede5fde, 0xe06c38fc1c1c701c, 0xbb2ee746fdfdd3fd, 0x52649a1f4d4d294d, + 0xe4e0397692927292, 0x8fbceafa7575c975, 0x301e0c3606061806, 0x249809ae8a8a128a, + 0xf940794bb2b2f2b2, 0x6359d185e6e6bfe6, 0x70361c7e0e0e380e, 0xf8633ee71f1f7c1f, + 0x37f7c45562629562, 0xeea3b53ad4d477d4, 0x29324d81a8a89aa8, 0xc4f4315296966296, + 0x9b3aef62f9f9c3f9, 0x66f697a3c5c533c5, 0x35b14a1025259425, 0xf220b2ab59597959, + 0x54ae15d084842a84, 0xb7a7e4c57272d572, 0xd5dd72ec3939e439, 0x5a6198164c4c2d4c, + 0xca3bbc945e5e655e, 0xe785f09f7878fd78, 0xddd870e53838e038, 0x148605988c8c0a8c, + 0xc6b2bf17d1d163d1, 0x410b57e4a5a5aea5, 0x434dd9a1e2e2afe2, 0x2ff8c24e61619961, + 0xf1457b42b3b3f6b3, 0x15a5423421218421, 0x94d625089c9c4a9c, 0xf0663cee1e1e781e, + 0x2252866143431143, 0x76fc93b1c7c73bc7, 0xb32be54ffcfcd7fc, 0x2014082404041004, + 0xb208a2e351515951, 0xbcc72f2599995e99, 0x4fc4da226d6da96d, 0x68391a650d0d340d, + 0x8335e979fafacffa, 0xb684a369dfdf5bdf, 0xd79bfca97e7ee57e, 0x3db4481924249024, + 0xc5d776fe3b3bec3b, 0x313d4b9aabab96ab, 0x3ed181f0cece1fce, 0x8855229911114411, + 0x0c8903838f8f068f, 0x4a6b9c044e4e254e, 0xd1517366b7b7e6b7, 0x0b60cbe0ebeb8beb, + 0xfdcc78c13c3cf03c, 0x7cbf1ffd81813e81, 0xd4fe354094946a94, 0xeb0cf31cf7f7fbf7, + 0xa1676f18b9b9deb9, 0x985f268b13134c13, 0x7d9c58512c2cb02c, 0xd6b8bb05d3d36bd3, + 0x6b5cd38ce7e7bbe7, 0x57cbdc396e6ea56e, 0x6ef395aac4c437c4, 0x180f061b03030c03, + 0x8a13acdc56564556, 0x1a49885e44440d44, 0xdf9efea07f7fe17f, 0x21374f88a9a99ea9, + 0x4d8254672a2aa82a, 0xb16d6b0abbbbd6bb, 0x46e29f87c1c123c1, 0xa202a6f153535153, + 0xae8ba572dcdc57dc, 0x582716530b0b2c0b, 0x9cd327019d9d4e9d, 0x47c1d82b6c6cad6c, + 0x95f562a43131c431, 0x87b9e8f37474cd74, 0xe309f115f6f6fff6, 0x0a438c4c46460546, + 0x092645a5acac8aac, 0x3c970fb589891e89, 0xa04428b414145014, 0x5b42dfbae1e1a3e1, + 0xb04e2ca616165816, 0xcdd274f73a3ae83a, 0x6fd0d2066969b969, 0x482d124109092409, + 0xa7ade0d77070dd70, 0xd954716fb6b6e2b6, 0xceb7bd1ed0d067d0, 0x3b7ec7d6eded93ed, + 0x2edb85e2cccc17cc, 0x2a57846842421542, 0xb4c22d2c98985a98, 0x490e55eda4a4aaa4, + 0x5d8850752828a028, 0xda31b8865c5c6d5c, 0x933fed6bf8f8c7f8, 0x44a411c286862286, +}; + +CONSTANT_VK u64a MT5[256] = +{ + 0x18c07830d8181860, 0x2305af462623238c, 0xc67ef991b8c6c63f, 0xe8136fcdfbe8e887, + 0x874ca113cb878726, 0xb8a9626d11b8b8da, 0x0108050209010104, 0x4f426e9e0d4f4f21, + 0x36adee6c9b3636d8, 0xa6590451ffa6a6a2, 0xd2debdb90cd2d26f, 0xf5fb06f70ef5f5f3, + 0x79ef80f2967979f9, 0x6f5fcede306f6fa1, 0x91fcef3f6d91917e, 0x52aa07a4f8525255, + 0x6027fdc04760609d, 0xbc89766535bcbcca, 0x9baccd2b379b9b56, 0x8e048c018a8e8e02, + 0xa371155bd2a3a3b6, 0x0c603c186c0c0c30, 0x7bff8af6847b7bf1, 0x35b5e16a803535d4, + 0x1de8693af51d1d74, 0xe05347ddb3e0e0a7, 0xd7f6acb321d7d77b, 0xc25eed999cc2c22f, + 0x2e6d965c432e2eb8, 0x4b627a96294b4b31, 0xfea321e15dfefedf, 0x578216aed5575741, + 0x15a8412abd151554, 0x779fb6eee87777c1, 0x37a5eb6e923737dc, 0xe57b56d79ee5e5b3, + 0x9f8cd923139f9f46, 0xf0d317fd23f0f0e7, 0x4a6a7f94204a4a35, 0xda9e95a944dada4f, + 0x58fa25b0a258587d, 0xc906ca8fcfc9c903, 0x29558d527c2929a4, 0x0a5022145a0a0a28, + 0xb1e14f7f50b1b1fe, 0xa0691a5dc9a0a0ba, 0x6b7fdad6146b6bb1, 0x855cab17d985852e, + 0xbd8173673cbdbdce, 0x5dd234ba8f5d5d69, 0x1080502090101040, 0xf4f303f507f4f4f7, + 0xcb16c08bddcbcb0b, 0x3eedc67cd33e3ef8, 0x0528110a2d050514, 0x671fe6ce78676781, + 0xe47353d597e4e4b7, 0x2725bb4e0227279c, 0x4132588273414119, 0x8b2c9d0ba78b8b16, + 0xa7510153f6a7a7a6, 0x7dcf94fab27d7de9, 0x95dcfb374995956e, 0xd88e9fad56d8d847, + 0xfb8b30eb70fbfbcb, 0xee2371c1cdeeee9f, 0x7cc791f8bb7c7ced, 0x6617e3cc71666685, + 0xdda68ea77bdddd53, 0x17b84b2eaf17175c, 0x4702468e45474701, 0x9e84dc211a9e9e42, + 0xca1ec589d4caca0f, 0x2d75995a582d2db4, 0xbf9179632ebfbfc6, 0x07381b0e3f07071c, + 0xad012347acadad8e, 0x5aea2fb4b05a5a75, 0x836cb51bef838336, 0x3385ff66b63333cc, + 0x633ff2c65c636391, 0x02100a0412020208, 0xaa39384993aaaa92, 0x71afa8e2de7171d9, + 0xc80ecf8dc6c8c807, 0x19c87d32d1191964, 0x497270923b494939, 0xd9869aaf5fd9d943, + 0xf2c31df931f2f2ef, 0xe34b48dba8e3e3ab, 0x5be22ab6b95b5b71, 0x8834920dbc88881a, + 0x9aa4c8293e9a9a52, 0x262dbe4c0b262698, 0x328dfa64bf3232c8, 0xb0e94a7d59b0b0fa, + 0xe91b6acff2e9e983, 0x0f78331e770f0f3c, 0xd5e6a6b733d5d573, 0x8074ba1df480803a, + 0xbe997c6127bebec2, 0xcd26de87ebcdcd13, 0x34bde468893434d0, 0x487a75903248483d, + 0xffab24e354ffffdb, 0x7af78ff48d7a7af5, 0x90f4ea3d6490907a, 0x5fc23ebe9d5f5f61, + 0x201da0403d202080, 0x6867d5d00f6868bd, 0x1ad07234ca1a1a68, 0xae192c41b7aeae82, + 0xb4c95e757db4b4ea, 0x549a19a8ce54544d, 0x93ece53b7f939376, 0x220daa442f222288, + 0x6407e9c86364648d, 0xf1db12ff2af1f1e3, 0x73bfa2e6cc7373d1, 0x12905a2482121248, + 0x403a5d807a40401d, 0x0840281048080820, 0xc356e89b95c3c32b, 0xec337bc5dfecec97, + 0xdb9690ab4ddbdb4b, 0xa1611f5fc0a1a1be, 0x8d1c8307918d8d0e, 0x3df5c97ac83d3df4, + 0x97ccf1335b979766, 0x0000000000000000, 0xcf36d483f9cfcf1b, 0x2b4587566e2b2bac, + 0x7697b3ece17676c5, 0x8264b019e6828232, 0xd6fea9b128d6d67f, 0x1bd87736c31b1b6c, + 0xb5c15b7774b5b5ee, 0xaf112943beafaf86, 0x6a77dfd41d6a6ab5, 0x50ba0da0ea50505d, + 0x45124c8a57454509, 0xf3cb18fb38f3f3eb, 0x309df060ad3030c0, 0xef2b74c3c4efef9b, + 0x3fe5c37eda3f3ffc, 0x55921caac7555549, 0xa2791059dba2a2b2, 0xea0365c9e9eaea8f, + 0x650fecca6a656589, 0xbab9686903babad2, 0x2f65935e4a2f2fbc, 0xc04ee79d8ec0c027, + 0xdebe81a160dede5f, 0x1ce06c38fc1c1c70, 0xfdbb2ee746fdfdd3, 0x4d52649a1f4d4d29, + 0x92e4e03976929272, 0x758fbceafa7575c9, 0x06301e0c36060618, 0x8a249809ae8a8a12, + 0xb2f940794bb2b2f2, 0xe66359d185e6e6bf, 0x0e70361c7e0e0e38, 0x1ff8633ee71f1f7c, + 0x6237f7c455626295, 0xd4eea3b53ad4d477, 0xa829324d81a8a89a, 0x96c4f43152969662, + 0xf99b3aef62f9f9c3, 0xc566f697a3c5c533, 0x2535b14a10252594, 0x59f220b2ab595979, + 0x8454ae15d084842a, 0x72b7a7e4c57272d5, 0x39d5dd72ec3939e4, 0x4c5a6198164c4c2d, + 0x5eca3bbc945e5e65, 0x78e785f09f7878fd, 0x38ddd870e53838e0, 0x8c148605988c8c0a, + 0xd1c6b2bf17d1d163, 0xa5410b57e4a5a5ae, 0xe2434dd9a1e2e2af, 0x612ff8c24e616199, + 0xb3f1457b42b3b3f6, 0x2115a54234212184, 0x9c94d625089c9c4a, 0x1ef0663cee1e1e78, + 0x4322528661434311, 0xc776fc93b1c7c73b, 0xfcb32be54ffcfcd7, 0x0420140824040410, + 0x51b208a2e3515159, 0x99bcc72f2599995e, 0x6d4fc4da226d6da9, 0x0d68391a650d0d34, + 0xfa8335e979fafacf, 0xdfb684a369dfdf5b, 0x7ed79bfca97e7ee5, 0x243db44819242490, + 0x3bc5d776fe3b3bec, 0xab313d4b9aabab96, 0xce3ed181f0cece1f, 0x1188552299111144, + 0x8f0c8903838f8f06, 0x4e4a6b9c044e4e25, 0xb7d1517366b7b7e6, 0xeb0b60cbe0ebeb8b, + 0x3cfdcc78c13c3cf0, 0x817cbf1ffd81813e, 0x94d4fe354094946a, 0xf7eb0cf31cf7f7fb, + 0xb9a1676f18b9b9de, 0x13985f268b13134c, 0x2c7d9c58512c2cb0, 0xd3d6b8bb05d3d36b, + 0xe76b5cd38ce7e7bb, 0x6e57cbdc396e6ea5, 0xc46ef395aac4c437, 0x03180f061b03030c, + 0x568a13acdc565645, 0x441a49885e44440d, 0x7fdf9efea07f7fe1, 0xa921374f88a9a99e, + 0x2a4d8254672a2aa8, 0xbbb16d6b0abbbbd6, 0xc146e29f87c1c123, 0x53a202a6f1535351, + 0xdcae8ba572dcdc57, 0x0b582716530b0b2c, 0x9d9cd327019d9d4e, 0x6c47c1d82b6c6cad, + 0x3195f562a43131c4, 0x7487b9e8f37474cd, 0xf6e309f115f6f6ff, 0x460a438c4c464605, + 0xac092645a5acac8a, 0x893c970fb589891e, 0x14a04428b4141450, 0xe15b42dfbae1e1a3, + 0x16b04e2ca6161658, 0x3acdd274f73a3ae8, 0x696fd0d2066969b9, 0x09482d1241090924, + 0x70a7ade0d77070dd, 0xb6d954716fb6b6e2, 0xd0ceb7bd1ed0d067, 0xed3b7ec7d6eded93, + 0xcc2edb85e2cccc17, 0x422a578468424215, 0x98b4c22d2c98985a, 0xa4490e55eda4a4aa, + 0x285d8850752828a0, 0x5cda31b8865c5c6d, 0xf8933fed6bf8f8c7, 0x8644a411c2868622, +}; + +CONSTANT_VK u64a MT6[256] = +{ + 0x6018c07830d81818, 0x8c2305af46262323, 0x3fc67ef991b8c6c6, 0x87e8136fcdfbe8e8, + 0x26874ca113cb8787, 0xdab8a9626d11b8b8, 0x0401080502090101, 0x214f426e9e0d4f4f, + 0xd836adee6c9b3636, 0xa2a6590451ffa6a6, 0x6fd2debdb90cd2d2, 0xf3f5fb06f70ef5f5, + 0xf979ef80f2967979, 0xa16f5fcede306f6f, 0x7e91fcef3f6d9191, 0x5552aa07a4f85252, + 0x9d6027fdc0476060, 0xcabc89766535bcbc, 0x569baccd2b379b9b, 0x028e048c018a8e8e, + 0xb6a371155bd2a3a3, 0x300c603c186c0c0c, 0xf17bff8af6847b7b, 0xd435b5e16a803535, + 0x741de8693af51d1d, 0xa7e05347ddb3e0e0, 0x7bd7f6acb321d7d7, 0x2fc25eed999cc2c2, + 0xb82e6d965c432e2e, 0x314b627a96294b4b, 0xdffea321e15dfefe, 0x41578216aed55757, + 0x5415a8412abd1515, 0xc1779fb6eee87777, 0xdc37a5eb6e923737, 0xb3e57b56d79ee5e5, + 0x469f8cd923139f9f, 0xe7f0d317fd23f0f0, 0x354a6a7f94204a4a, 0x4fda9e95a944dada, + 0x7d58fa25b0a25858, 0x03c906ca8fcfc9c9, 0xa429558d527c2929, 0x280a5022145a0a0a, + 0xfeb1e14f7f50b1b1, 0xbaa0691a5dc9a0a0, 0xb16b7fdad6146b6b, 0x2e855cab17d98585, + 0xcebd8173673cbdbd, 0x695dd234ba8f5d5d, 0x4010805020901010, 0xf7f4f303f507f4f4, + 0x0bcb16c08bddcbcb, 0xf83eedc67cd33e3e, 0x140528110a2d0505, 0x81671fe6ce786767, + 0xb7e47353d597e4e4, 0x9c2725bb4e022727, 0x1941325882734141, 0x168b2c9d0ba78b8b, + 0xa6a7510153f6a7a7, 0xe97dcf94fab27d7d, 0x6e95dcfb37499595, 0x47d88e9fad56d8d8, + 0xcbfb8b30eb70fbfb, 0x9fee2371c1cdeeee, 0xed7cc791f8bb7c7c, 0x856617e3cc716666, + 0x53dda68ea77bdddd, 0x5c17b84b2eaf1717, 0x014702468e454747, 0x429e84dc211a9e9e, + 0x0fca1ec589d4caca, 0xb42d75995a582d2d, 0xc6bf9179632ebfbf, 0x1c07381b0e3f0707, + 0x8ead012347acadad, 0x755aea2fb4b05a5a, 0x36836cb51bef8383, 0xcc3385ff66b63333, + 0x91633ff2c65c6363, 0x0802100a04120202, 0x92aa39384993aaaa, 0xd971afa8e2de7171, + 0x07c80ecf8dc6c8c8, 0x6419c87d32d11919, 0x39497270923b4949, 0x43d9869aaf5fd9d9, + 0xeff2c31df931f2f2, 0xabe34b48dba8e3e3, 0x715be22ab6b95b5b, 0x1a8834920dbc8888, + 0x529aa4c8293e9a9a, 0x98262dbe4c0b2626, 0xc8328dfa64bf3232, 0xfab0e94a7d59b0b0, + 0x83e91b6acff2e9e9, 0x3c0f78331e770f0f, 0x73d5e6a6b733d5d5, 0x3a8074ba1df48080, + 0xc2be997c6127bebe, 0x13cd26de87ebcdcd, 0xd034bde468893434, 0x3d487a7590324848, + 0xdbffab24e354ffff, 0xf57af78ff48d7a7a, 0x7a90f4ea3d649090, 0x615fc23ebe9d5f5f, + 0x80201da0403d2020, 0xbd6867d5d00f6868, 0x681ad07234ca1a1a, 0x82ae192c41b7aeae, + 0xeab4c95e757db4b4, 0x4d549a19a8ce5454, 0x7693ece53b7f9393, 0x88220daa442f2222, + 0x8d6407e9c8636464, 0xe3f1db12ff2af1f1, 0xd173bfa2e6cc7373, 0x4812905a24821212, + 0x1d403a5d807a4040, 0x2008402810480808, 0x2bc356e89b95c3c3, 0x97ec337bc5dfecec, + 0x4bdb9690ab4ddbdb, 0xbea1611f5fc0a1a1, 0x0e8d1c8307918d8d, 0xf43df5c97ac83d3d, + 0x6697ccf1335b9797, 0x0000000000000000, 0x1bcf36d483f9cfcf, 0xac2b4587566e2b2b, + 0xc57697b3ece17676, 0x328264b019e68282, 0x7fd6fea9b128d6d6, 0x6c1bd87736c31b1b, + 0xeeb5c15b7774b5b5, 0x86af112943beafaf, 0xb56a77dfd41d6a6a, 0x5d50ba0da0ea5050, + 0x0945124c8a574545, 0xebf3cb18fb38f3f3, 0xc0309df060ad3030, 0x9bef2b74c3c4efef, + 0xfc3fe5c37eda3f3f, 0x4955921caac75555, 0xb2a2791059dba2a2, 0x8fea0365c9e9eaea, + 0x89650fecca6a6565, 0xd2bab9686903baba, 0xbc2f65935e4a2f2f, 0x27c04ee79d8ec0c0, + 0x5fdebe81a160dede, 0x701ce06c38fc1c1c, 0xd3fdbb2ee746fdfd, 0x294d52649a1f4d4d, + 0x7292e4e039769292, 0xc9758fbceafa7575, 0x1806301e0c360606, 0x128a249809ae8a8a, + 0xf2b2f940794bb2b2, 0xbfe66359d185e6e6, 0x380e70361c7e0e0e, 0x7c1ff8633ee71f1f, + 0x956237f7c4556262, 0x77d4eea3b53ad4d4, 0x9aa829324d81a8a8, 0x6296c4f431529696, + 0xc3f99b3aef62f9f9, 0x33c566f697a3c5c5, 0x942535b14a102525, 0x7959f220b2ab5959, + 0x2a8454ae15d08484, 0xd572b7a7e4c57272, 0xe439d5dd72ec3939, 0x2d4c5a6198164c4c, + 0x655eca3bbc945e5e, 0xfd78e785f09f7878, 0xe038ddd870e53838, 0x0a8c148605988c8c, + 0x63d1c6b2bf17d1d1, 0xaea5410b57e4a5a5, 0xafe2434dd9a1e2e2, 0x99612ff8c24e6161, + 0xf6b3f1457b42b3b3, 0x842115a542342121, 0x4a9c94d625089c9c, 0x781ef0663cee1e1e, + 0x1143225286614343, 0x3bc776fc93b1c7c7, 0xd7fcb32be54ffcfc, 0x1004201408240404, + 0x5951b208a2e35151, 0x5e99bcc72f259999, 0xa96d4fc4da226d6d, 0x340d68391a650d0d, + 0xcffa8335e979fafa, 0x5bdfb684a369dfdf, 0xe57ed79bfca97e7e, 0x90243db448192424, + 0xec3bc5d776fe3b3b, 0x96ab313d4b9aabab, 0x1fce3ed181f0cece, 0x4411885522991111, + 0x068f0c8903838f8f, 0x254e4a6b9c044e4e, 0xe6b7d1517366b7b7, 0x8beb0b60cbe0ebeb, + 0xf03cfdcc78c13c3c, 0x3e817cbf1ffd8181, 0x6a94d4fe35409494, 0xfbf7eb0cf31cf7f7, + 0xdeb9a1676f18b9b9, 0x4c13985f268b1313, 0xb02c7d9c58512c2c, 0x6bd3d6b8bb05d3d3, + 0xbbe76b5cd38ce7e7, 0xa56e57cbdc396e6e, 0x37c46ef395aac4c4, 0x0c03180f061b0303, + 0x45568a13acdc5656, 0x0d441a49885e4444, 0xe17fdf9efea07f7f, 0x9ea921374f88a9a9, + 0xa82a4d8254672a2a, 0xd6bbb16d6b0abbbb, 0x23c146e29f87c1c1, 0x5153a202a6f15353, + 0x57dcae8ba572dcdc, 0x2c0b582716530b0b, 0x4e9d9cd327019d9d, 0xad6c47c1d82b6c6c, + 0xc43195f562a43131, 0xcd7487b9e8f37474, 0xfff6e309f115f6f6, 0x05460a438c4c4646, + 0x8aac092645a5acac, 0x1e893c970fb58989, 0x5014a04428b41414, 0xa3e15b42dfbae1e1, + 0x5816b04e2ca61616, 0xe83acdd274f73a3a, 0xb9696fd0d2066969, 0x2409482d12410909, + 0xdd70a7ade0d77070, 0xe2b6d954716fb6b6, 0x67d0ceb7bd1ed0d0, 0x93ed3b7ec7d6eded, + 0x17cc2edb85e2cccc, 0x15422a5784684242, 0x5a98b4c22d2c9898, 0xaaa4490e55eda4a4, + 0xa0285d8850752828, 0x6d5cda31b8865c5c, 0xc7f8933fed6bf8f8, 0x228644a411c28686, +}; + +CONSTANT_VK u64a MT7[256] = +{ + 0x186018c07830d818, 0x238c2305af462623, 0xc63fc67ef991b8c6, 0xe887e8136fcdfbe8, + 0x8726874ca113cb87, 0xb8dab8a9626d11b8, 0x0104010805020901, 0x4f214f426e9e0d4f, + 0x36d836adee6c9b36, 0xa6a2a6590451ffa6, 0xd26fd2debdb90cd2, 0xf5f3f5fb06f70ef5, + 0x79f979ef80f29679, 0x6fa16f5fcede306f, 0x917e91fcef3f6d91, 0x525552aa07a4f852, + 0x609d6027fdc04760, 0xbccabc89766535bc, 0x9b569baccd2b379b, 0x8e028e048c018a8e, + 0xa3b6a371155bd2a3, 0x0c300c603c186c0c, 0x7bf17bff8af6847b, 0x35d435b5e16a8035, + 0x1d741de8693af51d, 0xe0a7e05347ddb3e0, 0xd77bd7f6acb321d7, 0xc22fc25eed999cc2, + 0x2eb82e6d965c432e, 0x4b314b627a96294b, 0xfedffea321e15dfe, 0x5741578216aed557, + 0x155415a8412abd15, 0x77c1779fb6eee877, 0x37dc37a5eb6e9237, 0xe5b3e57b56d79ee5, + 0x9f469f8cd923139f, 0xf0e7f0d317fd23f0, 0x4a354a6a7f94204a, 0xda4fda9e95a944da, + 0x587d58fa25b0a258, 0xc903c906ca8fcfc9, 0x29a429558d527c29, 0x0a280a5022145a0a, + 0xb1feb1e14f7f50b1, 0xa0baa0691a5dc9a0, 0x6bb16b7fdad6146b, 0x852e855cab17d985, + 0xbdcebd8173673cbd, 0x5d695dd234ba8f5d, 0x1040108050209010, 0xf4f7f4f303f507f4, + 0xcb0bcb16c08bddcb, 0x3ef83eedc67cd33e, 0x05140528110a2d05, 0x6781671fe6ce7867, + 0xe4b7e47353d597e4, 0x279c2725bb4e0227, 0x4119413258827341, 0x8b168b2c9d0ba78b, + 0xa7a6a7510153f6a7, 0x7de97dcf94fab27d, 0x956e95dcfb374995, 0xd847d88e9fad56d8, + 0xfbcbfb8b30eb70fb, 0xee9fee2371c1cdee, 0x7ced7cc791f8bb7c, 0x66856617e3cc7166, + 0xdd53dda68ea77bdd, 0x175c17b84b2eaf17, 0x47014702468e4547, 0x9e429e84dc211a9e, + 0xca0fca1ec589d4ca, 0x2db42d75995a582d, 0xbfc6bf9179632ebf, 0x071c07381b0e3f07, + 0xad8ead012347acad, 0x5a755aea2fb4b05a, 0x8336836cb51bef83, 0x33cc3385ff66b633, + 0x6391633ff2c65c63, 0x020802100a041202, 0xaa92aa39384993aa, 0x71d971afa8e2de71, + 0xc807c80ecf8dc6c8, 0x196419c87d32d119, 0x4939497270923b49, 0xd943d9869aaf5fd9, + 0xf2eff2c31df931f2, 0xe3abe34b48dba8e3, 0x5b715be22ab6b95b, 0x881a8834920dbc88, + 0x9a529aa4c8293e9a, 0x2698262dbe4c0b26, 0x32c8328dfa64bf32, 0xb0fab0e94a7d59b0, + 0xe983e91b6acff2e9, 0x0f3c0f78331e770f, 0xd573d5e6a6b733d5, 0x803a8074ba1df480, + 0xbec2be997c6127be, 0xcd13cd26de87ebcd, 0x34d034bde4688934, 0x483d487a75903248, + 0xffdbffab24e354ff, 0x7af57af78ff48d7a, 0x907a90f4ea3d6490, 0x5f615fc23ebe9d5f, + 0x2080201da0403d20, 0x68bd6867d5d00f68, 0x1a681ad07234ca1a, 0xae82ae192c41b7ae, + 0xb4eab4c95e757db4, 0x544d549a19a8ce54, 0x937693ece53b7f93, 0x2288220daa442f22, + 0x648d6407e9c86364, 0xf1e3f1db12ff2af1, 0x73d173bfa2e6cc73, 0x124812905a248212, + 0x401d403a5d807a40, 0x0820084028104808, 0xc32bc356e89b95c3, 0xec97ec337bc5dfec, + 0xdb4bdb9690ab4ddb, 0xa1bea1611f5fc0a1, 0x8d0e8d1c8307918d, 0x3df43df5c97ac83d, + 0x976697ccf1335b97, 0x0000000000000000, 0xcf1bcf36d483f9cf, 0x2bac2b4587566e2b, + 0x76c57697b3ece176, 0x82328264b019e682, 0xd67fd6fea9b128d6, 0x1b6c1bd87736c31b, + 0xb5eeb5c15b7774b5, 0xaf86af112943beaf, 0x6ab56a77dfd41d6a, 0x505d50ba0da0ea50, + 0x450945124c8a5745, 0xf3ebf3cb18fb38f3, 0x30c0309df060ad30, 0xef9bef2b74c3c4ef, + 0x3ffc3fe5c37eda3f, 0x554955921caac755, 0xa2b2a2791059dba2, 0xea8fea0365c9e9ea, + 0x6589650fecca6a65, 0xbad2bab9686903ba, 0x2fbc2f65935e4a2f, 0xc027c04ee79d8ec0, + 0xde5fdebe81a160de, 0x1c701ce06c38fc1c, 0xfdd3fdbb2ee746fd, 0x4d294d52649a1f4d, + 0x927292e4e0397692, 0x75c9758fbceafa75, 0x061806301e0c3606, 0x8a128a249809ae8a, + 0xb2f2b2f940794bb2, 0xe6bfe66359d185e6, 0x0e380e70361c7e0e, 0x1f7c1ff8633ee71f, + 0x62956237f7c45562, 0xd477d4eea3b53ad4, 0xa89aa829324d81a8, 0x966296c4f4315296, + 0xf9c3f99b3aef62f9, 0xc533c566f697a3c5, 0x25942535b14a1025, 0x597959f220b2ab59, + 0x842a8454ae15d084, 0x72d572b7a7e4c572, 0x39e439d5dd72ec39, 0x4c2d4c5a6198164c, + 0x5e655eca3bbc945e, 0x78fd78e785f09f78, 0x38e038ddd870e538, 0x8c0a8c148605988c, + 0xd163d1c6b2bf17d1, 0xa5aea5410b57e4a5, 0xe2afe2434dd9a1e2, 0x6199612ff8c24e61, + 0xb3f6b3f1457b42b3, 0x21842115a5423421, 0x9c4a9c94d625089c, 0x1e781ef0663cee1e, + 0x4311432252866143, 0xc73bc776fc93b1c7, 0xfcd7fcb32be54ffc, 0x0410042014082404, + 0x515951b208a2e351, 0x995e99bcc72f2599, 0x6da96d4fc4da226d, 0x0d340d68391a650d, + 0xfacffa8335e979fa, 0xdf5bdfb684a369df, 0x7ee57ed79bfca97e, 0x2490243db4481924, + 0x3bec3bc5d776fe3b, 0xab96ab313d4b9aab, 0xce1fce3ed181f0ce, 0x1144118855229911, + 0x8f068f0c8903838f, 0x4e254e4a6b9c044e, 0xb7e6b7d1517366b7, 0xeb8beb0b60cbe0eb, + 0x3cf03cfdcc78c13c, 0x813e817cbf1ffd81, 0x946a94d4fe354094, 0xf7fbf7eb0cf31cf7, + 0xb9deb9a1676f18b9, 0x134c13985f268b13, 0x2cb02c7d9c58512c, 0xd36bd3d6b8bb05d3, + 0xe7bbe76b5cd38ce7, 0x6ea56e57cbdc396e, 0xc437c46ef395aac4, 0x030c03180f061b03, + 0x5645568a13acdc56, 0x440d441a49885e44, 0x7fe17fdf9efea07f, 0xa99ea921374f88a9, + 0x2aa82a4d8254672a, 0xbbd6bbb16d6b0abb, 0xc123c146e29f87c1, 0x535153a202a6f153, + 0xdc57dcae8ba572dc, 0x0b2c0b582716530b, 0x9d4e9d9cd327019d, 0x6cad6c47c1d82b6c, + 0x31c43195f562a431, 0x74cd7487b9e8f374, 0xf6fff6e309f115f6, 0x4605460a438c4c46, + 0xac8aac092645a5ac, 0x891e893c970fb589, 0x145014a04428b414, 0xe1a3e15b42dfbae1, + 0x165816b04e2ca616, 0x3ae83acdd274f73a, 0x69b9696fd0d20669, 0x092409482d124109, + 0x70dd70a7ade0d770, 0xb6e2b6d954716fb6, 0xd067d0ceb7bd1ed0, 0xed93ed3b7ec7d6ed, + 0xcc17cc2edb85e2cc, 0x4215422a57846842, 0x985a98b4c22d2c98, 0xa4aaa4490e55eda4, + 0x28a0285d88507528, 0x5c6d5cda31b8865c, 0xf8c7f8933fed6bf8, 0x86228644a411c286, }; // important notes on this: @@ -546,7 +558,7 @@ CONSTANT_VK u64a MT[8][256] = // input buf needs to be in algorithm native byte order (md5 = LE, sha256 = BE, etc) // input buf needs to be 64 byte aligned when using whirlpool_update() -#define F1(l,m,v0,v1,v2,v3,v4,v5,v6,v7) \ +#define F1(l,v0,v1,v2,v3,v4,v5,v6,v7) \ { \ const u8 Lp0 = v8h_from_v64_S ((v0)); \ const u8 Lp1 = v8g_from_v64_S ((v1)); \ @@ -557,14 +569,14 @@ CONSTANT_VK u64a MT[8][256] = const u8 Lp6 = v8b_from_v64_S ((v6)); \ const u8 Lp7 = v8a_from_v64_S ((v7)); \ \ - const u64 X0 = BOX64_S ((m), 0, Lp0); \ - const u64 X1 = BOX64_S ((m), 1, Lp1); \ - const u64 X2 = BOX64_S ((m), 2, Lp2); \ - const u64 X3 = BOX64_S ((m), 3, Lp3); \ - const u64 X4 = BOX64_S ((m), 4, Lp4); \ - const u64 X5 = BOX64_S ((m), 5, Lp5); \ - const u64 X6 = BOX64_S ((m), 6, Lp6); \ - const u64 X7 = BOX64_S ((m), 7, Lp7); \ + const u64 X0 = BOX64_S (s_MT0, Lp0); \ + const u64 X1 = BOX64_S (s_MT1, Lp1); \ + const u64 X2 = BOX64_S (s_MT2, Lp2); \ + const u64 X3 = BOX64_S (s_MT3, Lp3); \ + const u64 X4 = BOX64_S (s_MT4, Lp4); \ + const u64 X5 = BOX64_S (s_MT5, Lp5); \ + const u64 X6 = BOX64_S (s_MT6, Lp6); \ + const u64 X7 = BOX64_S (s_MT7, Lp7); \ \ (l) = X0 \ ^ X1 \ @@ -587,14 +599,14 @@ CONSTANT_VK u64a MT[8][256] = u64 L6; \ u64 L7; \ \ - F1 (L0, s_MT, K0, K7, K6, K5, K4, K3, K2, K1); \ - F1 (L1, s_MT, K1, K0, K7, K6, K5, K4, K3, K2); \ - F1 (L2, s_MT, K2, K1, K0, K7, K6, K5, K4, K3); \ - F1 (L3, s_MT, K3, K2, K1, K0, K7, K6, K5, K4); \ - F1 (L4, s_MT, K4, K3, K2, K1, K0, K7, K6, K5); \ - F1 (L5, s_MT, K5, K4, K3, K2, K1, K0, K7, K6); \ - F1 (L6, s_MT, K6, K5, K4, K3, K2, K1, K0, K7); \ - F1 (L7, s_MT, K7, K6, K5, K4, K3, K2, K1, K0); \ + F1 (L0, K0, K7, K6, K5, K4, K3, K2, K1); \ + F1 (L1, K1, K0, K7, K6, K5, K4, K3, K2); \ + F1 (L2, K2, K1, K0, K7, K6, K5, K4, K3); \ + F1 (L3, K3, K2, K1, K0, K7, K6, K5, K4); \ + F1 (L4, K4, K3, K2, K1, K0, K7, K6, K5); \ + F1 (L5, K5, K4, K3, K2, K1, K0, K7, K6); \ + F1 (L6, K6, K5, K4, K3, K2, K1, K0, K7); \ + F1 (L7, K7, K6, K5, K4, K3, K2, K1, K0); \ \ K0 = L0 ^ (rc); \ K1 = L1; \ @@ -605,14 +617,14 @@ CONSTANT_VK u64a MT[8][256] = K6 = L6; \ K7 = L7; \ \ - F1 (L0, s_MT, S0, S7, S6, S5, S4, S3, S2, S1); \ - F1 (L1, s_MT, S1, S0, S7, S6, S5, S4, S3, S2); \ - F1 (L2, s_MT, S2, S1, S0, S7, S6, S5, S4, S3); \ - F1 (L3, s_MT, S3, S2, S1, S0, S7, S6, S5, S4); \ - F1 (L4, s_MT, S4, S3, S2, S1, S0, S7, S6, S5); \ - F1 (L5, s_MT, S5, S4, S3, S2, S1, S0, S7, S6); \ - F1 (L6, s_MT, S6, S5, S4, S3, S2, S1, S0, S7); \ - F1 (L7, s_MT, S7, S6, S5, S4, S3, S2, S1, S0); \ + F1 (L0, S0, S7, S6, S5, S4, S3, S2, S1); \ + F1 (L1, S1, S0, S7, S6, S5, S4, S3, S2); \ + F1 (L2, S2, S1, S0, S7, S6, S5, S4, S3); \ + F1 (L3, S3, S2, S1, S0, S7, S6, S5, S4); \ + F1 (L4, S4, S3, S2, S1, S0, S7, S6, S5); \ + F1 (L5, S5, S4, S3, S2, S1, S0, S7, S6); \ + F1 (L6, S6, S5, S4, S3, S2, S1, S0, S7); \ + F1 (L7, S7, S6, S5, S4, S3, S2, S1, S0); \ \ S0 = L0 ^ K0; \ S1 = L1 ^ K1; \ @@ -624,7 +636,7 @@ CONSTANT_VK u64a MT[8][256] = S7 = L7 ^ K7; \ } -DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { u64 W0 = hl32_to_64_S (w0[0], w0[1]); u64 W1 = hl32_to_64_S (w0[2], w0[3]); @@ -700,7 +712,7 @@ DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, digest[15] = l32_from_64_S (D7); } -DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { ctx->h[ 0] = 0; ctx->h[ 1] = 0; @@ -738,7 +750,14 @@ DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256]) ctx->len = 0; - ctx->s_MT = s_MT; + ctx->s_MT0 = s_MT0; + ctx->s_MT1 = s_MT1; + ctx->s_MT2 = s_MT2; + ctx->s_MT3 = s_MT3; + ctx->s_MT4 = s_MT4; + ctx->s_MT5 = s_MT5; + ctx->s_MT6 = s_MT6; + ctx->s_MT7 = s_MT7; } DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len) @@ -768,7 +787,7 @@ DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 * if (len == 64) { - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT0, ctx->s_MT1, ctx->s_MT2, ctx->s_MT3, ctx->s_MT4, ctx->s_MT5, ctx->s_MT6, ctx->s_MT7); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -837,7 +856,7 @@ DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 * ctx->w3[2] |= w3[2]; ctx->w3[3] |= w3[3]; - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT0, ctx->s_MT1, ctx->s_MT2, ctx->s_MT3, ctx->s_MT4, ctx->s_MT5, ctx->s_MT6, ctx->s_MT7); ctx->w0[0] = c0[0]; ctx->w0[1] = c0[1]; @@ -1379,7 +1398,7 @@ DECLSPEC void whirlpool_final (whirlpool_ctx_t *ctx) if (pos >= 32) { - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT0, ctx->s_MT1, ctx->s_MT2, ctx->s_MT3, ctx->s_MT4, ctx->s_MT5, ctx->s_MT6, ctx->s_MT7); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -1402,12 +1421,12 @@ DECLSPEC void whirlpool_final (whirlpool_ctx_t *ctx) ctx->w3[2] = 0; ctx->w3[3] = ctx->len * 8; - whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); + whirlpool_transform (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT0, ctx->s_MT1, ctx->s_MT2, ctx->s_MT3, ctx->s_MT4, ctx->s_MT5, ctx->s_MT6, ctx->s_MT7); } // whirlpool_hmac -DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { u32 t0[4]; u32 t1[4]; @@ -1433,7 +1452,7 @@ DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, t3[2] = w3[2] ^ 0x36363636; t3[3] = w3[3] ^ 0x36363636; - whirlpool_init (&ctx->ipad, s_MT); + whirlpool_init (&ctx->ipad, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_64 (&ctx->ipad, t0, t1, t2, t3, 64); @@ -1456,12 +1475,12 @@ DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, t3[2] = w3[2] ^ 0x5c5c5c5c; t3[3] = w3[3] ^ 0x5c5c5c5c; - whirlpool_init (&ctx->opad, s_MT); + whirlpool_init (&ctx->opad, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_64 (&ctx->opad, t0, t1, t2, t3, 64); } -DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { u32 w0[4]; u32 w1[4]; @@ -1472,7 +1491,7 @@ DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, cons { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_MT); + whirlpool_init (&tmp, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update (&tmp, w, len); @@ -1515,10 +1534,10 @@ DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, cons w3[3] = w[15]; } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } -DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { u32 w0[4]; u32 w1[4]; @@ -1529,7 +1548,7 @@ DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_MT); + whirlpool_init (&tmp, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_swap (&tmp, w, len); @@ -1572,10 +1591,10 @@ DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, w3[3] = hc_swap32_S (w[15]); } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } -DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { u32 w0[4]; u32 w1[4]; @@ -1586,7 +1605,7 @@ DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS c { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_MT); + whirlpool_init (&tmp, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_global (&tmp, w, len); @@ -1629,10 +1648,10 @@ DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS c w3[3] = w[15]; } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } -DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { u32 w0[4]; u32 w1[4]; @@ -1643,7 +1662,7 @@ DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL { whirlpool_ctx_t tmp; - whirlpool_init (&tmp, s_MT); + whirlpool_init (&tmp, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_global_swap (&tmp, w, len); @@ -1686,7 +1705,7 @@ DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL w3[3] = hc_swap32_S (w[15]); } - whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_64 (ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } DECLSPEC void whirlpool_hmac_update_64 (whirlpool_hmac_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len) @@ -1757,7 +1776,7 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) ctx->opad.len += 64; - whirlpool_transform (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_MT); + whirlpool_transform (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_MT0, ctx->opad.s_MT1, ctx->opad.s_MT2, ctx->opad.s_MT3, ctx->opad.s_MT4, ctx->opad.s_MT5, ctx->opad.s_MT6, ctx->opad.s_MT7); ctx->opad.w0[0] = 0; ctx->opad.w0[1] = 0; @@ -1781,7 +1800,7 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) // while input buf can be a vector datatype, the length of the different elements can not -#define F1x(l,m,v0,v1,v2,v3,v4,v5,v6,v7) \ +#define F1x(l,v0,v1,v2,v3,v4,v5,v6,v7) \ { \ const u8x Lp0 = v8h_from_v64 ((v0)); \ const u8x Lp1 = v8g_from_v64 ((v1)); \ @@ -1792,14 +1811,14 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) const u8x Lp6 = v8b_from_v64 ((v6)); \ const u8x Lp7 = v8a_from_v64 ((v7)); \ \ - const u64x X0 = BOX64 ((m), 0, Lp0); \ - const u64x X1 = BOX64 ((m), 1, Lp1); \ - const u64x X2 = BOX64 ((m), 2, Lp2); \ - const u64x X3 = BOX64 ((m), 3, Lp3); \ - const u64x X4 = BOX64 ((m), 4, Lp4); \ - const u64x X5 = BOX64 ((m), 5, Lp5); \ - const u64x X6 = BOX64 ((m), 6, Lp6); \ - const u64x X7 = BOX64 ((m), 7, Lp7); \ + const u64x X0 = BOX64 (s_MT0, Lp0); \ + const u64x X1 = BOX64 (s_MT1, Lp1); \ + const u64x X2 = BOX64 (s_MT2, Lp2); \ + const u64x X3 = BOX64 (s_MT3, Lp3); \ + const u64x X4 = BOX64 (s_MT4, Lp4); \ + const u64x X5 = BOX64 (s_MT5, Lp5); \ + const u64x X6 = BOX64 (s_MT6, Lp6); \ + const u64x X7 = BOX64 (s_MT7, Lp7); \ \ (l) = X0 \ ^ X1 \ @@ -1822,14 +1841,14 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) u64x L6; \ u64x L7; \ \ - F1x (L0, s_MT, K0, K7, K6, K5, K4, K3, K2, K1); \ - F1x (L1, s_MT, K1, K0, K7, K6, K5, K4, K3, K2); \ - F1x (L2, s_MT, K2, K1, K0, K7, K6, K5, K4, K3); \ - F1x (L3, s_MT, K3, K2, K1, K0, K7, K6, K5, K4); \ - F1x (L4, s_MT, K4, K3, K2, K1, K0, K7, K6, K5); \ - F1x (L5, s_MT, K5, K4, K3, K2, K1, K0, K7, K6); \ - F1x (L6, s_MT, K6, K5, K4, K3, K2, K1, K0, K7); \ - F1x (L7, s_MT, K7, K6, K5, K4, K3, K2, K1, K0); \ + F1x (L0, K0, K7, K6, K5, K4, K3, K2, K1); \ + F1x (L1, K1, K0, K7, K6, K5, K4, K3, K2); \ + F1x (L2, K2, K1, K0, K7, K6, K5, K4, K3); \ + F1x (L3, K3, K2, K1, K0, K7, K6, K5, K4); \ + F1x (L4, K4, K3, K2, K1, K0, K7, K6, K5); \ + F1x (L5, K5, K4, K3, K2, K1, K0, K7, K6); \ + F1x (L6, K6, K5, K4, K3, K2, K1, K0, K7); \ + F1x (L7, K7, K6, K5, K4, K3, K2, K1, K0); \ \ K0 = L0 ^ (rc); \ K1 = L1; \ @@ -1840,14 +1859,14 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) K6 = L6; \ K7 = L7; \ \ - F1x (L0, s_MT, S0, S7, S6, S5, S4, S3, S2, S1); \ - F1x (L1, s_MT, S1, S0, S7, S6, S5, S4, S3, S2); \ - F1x (L2, s_MT, S2, S1, S0, S7, S6, S5, S4, S3); \ - F1x (L3, s_MT, S3, S2, S1, S0, S7, S6, S5, S4); \ - F1x (L4, s_MT, S4, S3, S2, S1, S0, S7, S6, S5); \ - F1x (L5, s_MT, S5, S4, S3, S2, S1, S0, S7, S6); \ - F1x (L6, s_MT, S6, S5, S4, S3, S2, S1, S0, S7); \ - F1x (L7, s_MT, S7, S6, S5, S4, S3, S2, S1, S0); \ + F1x (L0, S0, S7, S6, S5, S4, S3, S2, S1); \ + F1x (L1, S1, S0, S7, S6, S5, S4, S3, S2); \ + F1x (L2, S2, S1, S0, S7, S6, S5, S4, S3); \ + F1x (L3, S3, S2, S1, S0, S7, S6, S5, S4); \ + F1x (L4, S4, S3, S2, S1, S0, S7, S6, S5); \ + F1x (L5, S5, S4, S3, S2, S1, S0, S7, S6); \ + F1x (L6, S6, S5, S4, S3, S2, S1, S0, S7); \ + F1x (L7, S7, S6, S5, S4, S3, S2, S1, S0); \ \ S0 = L0 ^ K0; \ S1 = L1 ^ K1; \ @@ -1859,7 +1878,7 @@ DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx) S7 = L7 ^ K7; \ } -DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { u64x W0 = hl32_to_64 (w0[0], w0[1]); u64x W1 = hl32_to_64 (w0[2], w0[3]); @@ -1935,7 +1954,7 @@ DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const digest[15] = l32_from_64 (D7); } -DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { ctx->h[ 0] = 0; ctx->h[ 1] = 0; @@ -1973,7 +1992,14 @@ DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 ( ctx->len = 0; - ctx->s_MT = s_MT; + ctx->s_MT0 = s_MT0; + ctx->s_MT1 = s_MT1; + ctx->s_MT2 = s_MT2; + ctx->s_MT3 = s_MT3; + ctx->s_MT4 = s_MT4; + ctx->s_MT5 = s_MT5; + ctx->s_MT6 = s_MT6; + ctx->s_MT7 = s_MT7; } DECLSPEC void whirlpool_init_vector_from_scalar (whirlpool_ctx_vector_t *ctx, whirlpool_ctx_t *ctx0) @@ -2014,7 +2040,14 @@ DECLSPEC void whirlpool_init_vector_from_scalar (whirlpool_ctx_vector_t *ctx, wh ctx->len = ctx0->len; - ctx->s_MT = ctx0->s_MT; + ctx->s_MT0 = ctx0->s_MT0; + ctx->s_MT1 = ctx0->s_MT1; + ctx->s_MT2 = ctx0->s_MT2; + ctx->s_MT3 = ctx0->s_MT3; + ctx->s_MT4 = ctx0->s_MT4; + ctx->s_MT5 = ctx0->s_MT5; + ctx->s_MT6 = ctx0->s_MT6; + ctx->s_MT7 = ctx0->s_MT7; } DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len) @@ -2044,7 +2077,7 @@ DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, if (len == 64) { - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT0, ctx->s_MT1, ctx->s_MT2, ctx->s_MT3, ctx->s_MT4, ctx->s_MT5, ctx->s_MT6, ctx->s_MT7); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -2113,7 +2146,7 @@ DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, ctx->w3[2] |= w3[2]; ctx->w3[3] |= w3[3]; - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT0, ctx->s_MT1, ctx->s_MT2, ctx->s_MT3, ctx->s_MT4, ctx->s_MT5, ctx->s_MT6, ctx->s_MT7); ctx->w0[0] = c0[0]; ctx->w0[1] = c0[1]; @@ -2399,7 +2432,7 @@ DECLSPEC void whirlpool_final_vector (whirlpool_ctx_vector_t *ctx) if (pos >= 32) { - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT0, ctx->s_MT1, ctx->s_MT2, ctx->s_MT3, ctx->s_MT4, ctx->s_MT5, ctx->s_MT6, ctx->s_MT7); ctx->w0[0] = 0; ctx->w0[1] = 0; @@ -2422,12 +2455,12 @@ DECLSPEC void whirlpool_final_vector (whirlpool_ctx_vector_t *ctx) ctx->w3[2] = 0; ctx->w3[3] = ctx->len * 8; - whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT); + whirlpool_transform_vector (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, ctx->s_MT0, ctx->s_MT1, ctx->s_MT2, ctx->s_MT3, ctx->s_MT4, ctx->s_MT5, ctx->s_MT6, ctx->s_MT7); } // HMAC + Vector -DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { u32x t0[4]; u32x t1[4]; @@ -2453,7 +2486,7 @@ DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, c t3[2] = w3[2] ^ 0x36363636; t3[3] = w3[3] ^ 0x36363636; - whirlpool_init_vector (&ctx->ipad, s_MT); + whirlpool_init_vector (&ctx->ipad, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64); @@ -2476,12 +2509,12 @@ DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, c t3[2] = w3[2] ^ 0x5c5c5c5c; t3[3] = w3[3] ^ 0x5c5c5c5c; - whirlpool_init_vector (&ctx->opad, s_MT); + whirlpool_init_vector (&ctx->opad, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64); } -DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { u32x w0[4]; u32x w1[4]; @@ -2492,7 +2525,7 @@ DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, cons { whirlpool_ctx_vector_t tmp; - whirlpool_init_vector (&tmp, s_MT); + whirlpool_init_vector (&tmp, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_vector (&tmp, w, len); @@ -2535,7 +2568,7 @@ DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, cons w3[3] = w[15]; } - whirlpool_hmac_init_vector_64 (ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_vector_64 (ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } DECLSPEC void whirlpool_hmac_update_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len) @@ -2571,7 +2604,7 @@ DECLSPEC void whirlpool_hmac_final_vector (whirlpool_hmac_ctx_vector_t *ctx) ctx->opad.len += 64; - whirlpool_transform_vector (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_MT); + whirlpool_transform_vector (ctx->opad.w0, ctx->opad.w1, ctx->opad.w2, ctx->opad.w3, ctx->opad.h, ctx->opad.s_MT0, ctx->opad.s_MT1, ctx->opad.s_MT2, ctx->opad.s_MT3, ctx->opad.s_MT4, ctx->opad.s_MT5, ctx->opad.s_MT6, ctx->opad.s_MT7); ctx->opad.w0[0] = 0; ctx->opad.w0[1] = 0; diff --git a/OpenCL/inc_hash_whirlpool.h b/OpenCL/inc_hash_whirlpool.h index 2375725a9..e13ec9960 100644 --- a/OpenCL/inc_hash_whirlpool.h +++ b/OpenCL/inc_hash_whirlpool.h @@ -6,27 +6,25 @@ #ifndef _INC_HASH_WHIRLPOOL_H #define _INC_HASH_WHIRLPOOL_H -#define R 10 - #if VECT_SIZE == 1 -#define BOX(S,n,i) (S)[(n)][(i)] -#define BOX64(S,n,i) (S)[(n)][(i)] +#define BOX(S,i) (S)[(i)] +#define BOX64(S,i) (S)[(i)] #elif VECT_SIZE == 2 -#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1]) -#define BOX64(S,n,i) make_u64x ((S)[(n)][(i).s0], (S)[(n)][(i).s1]) +#define BOX(S,i) make_u32x ((S)[(i).s0], (S)[(i).s1]) +#define BOX64(S,i) make_u64x ((S)[(i).s0], (S)[(i).s1]) #elif VECT_SIZE == 4 -#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3]) -#define BOX64(S,n,i) make_u64x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3]) +#define BOX(S,i) make_u32x ((S)[(i).s0], (S)[(i).s1], (S)[(i).s2], (S)[(i).s3]) +#define BOX64(S,i) make_u64x ((S)[(i).s0], (S)[(i).s1], (S)[(i).s2], (S)[(i).s3]) #elif VECT_SIZE == 8 -#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7]) -#define BOX64(S,n,i) make_u64x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7]) +#define BOX(S,i) make_u32x ((S)[(i).s0], (S)[(i).s1], (S)[(i).s2], (S)[(i).s3], (S)[(i).s4], (S)[(i).s5], (S)[(i).s6], (S)[(i).s7]) +#define BOX64(S,i) make_u64x ((S)[(i).s0], (S)[(i).s1], (S)[(i).s2], (S)[(i).s3], (S)[(i).s4], (S)[(i).s5], (S)[(i).s6], (S)[(i).s7]) #elif VECT_SIZE == 16 -#define BOX(S,n,i) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) -#define BOX64(S,n,i) make_u64x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) +#define BOX(S,i) make_u32x ((S)[(i).s0], (S)[(i).s1], (S)[(i).s2], (S)[(i).s3], (S)[(i).s4], (S)[(i).s5], (S)[(i).s6], (S)[(i).s7], (S)[(i).s8], (S)[(i).s9], (S)[(i).sa], (S)[(i).sb], (S)[(i).sc], (S)[(i).sd], (S)[(i).se], (S)[(i).sf]) +#define BOX64(S,i) make_u64x ((S)[(i).s0], (S)[(i).s1], (S)[(i).s2], (S)[(i).s3], (S)[(i).s4], (S)[(i).s5], (S)[(i).s6], (S)[(i).s7], (S)[(i).s8], (S)[(i).s9], (S)[(i).sa], (S)[(i).sb], (S)[(i).sc], (S)[(i).sd], (S)[(i).se], (S)[(i).sf]) #endif -#define BOX_S(S,n,i) (S)[(n)][(i)] -#define BOX64_S(S,n,i) (S)[(n)][(i)] +#define BOX_S(S,i) (S)[(i)] +#define BOX64_S(S,i) (S)[(i)] typedef struct whirlpool_ctx { @@ -39,7 +37,14 @@ typedef struct whirlpool_ctx int len; - SHM_TYPE u64 (*s_MT)[256]; + SHM_TYPE u64 *s_MT0; + SHM_TYPE u64 *s_MT1; + SHM_TYPE u64 *s_MT2; + SHM_TYPE u64 *s_MT3; + SHM_TYPE u64 *s_MT4; + SHM_TYPE u64 *s_MT5; + SHM_TYPE u64 *s_MT6; + SHM_TYPE u64 *s_MT7; } whirlpool_ctx_t; @@ -61,7 +66,14 @@ typedef struct whirlpool_ctx_vector int len; - SHM_TYPE u64 (*s_MT)[256]; + SHM_TYPE u64 *s_MT0; + SHM_TYPE u64 *s_MT1; + SHM_TYPE u64 *s_MT2; + SHM_TYPE u64 *s_MT3; + SHM_TYPE u64 *s_MT4; + SHM_TYPE u64 *s_MT5; + SHM_TYPE u64 *s_MT6; + SHM_TYPE u64 *s_MT7; } whirlpool_ctx_vector_t; @@ -72,8 +84,8 @@ typedef struct whirlpool_hmac_ctx_vector } whirlpool_hmac_ctx_vector_t; -DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 (*s_MT)[256]); -DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); +DECLSPEC void whirlpool_init (whirlpool_ctx_t *ctx, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); DECLSPEC void whirlpool_update_64 (whirlpool_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len); DECLSPEC void whirlpool_update (whirlpool_ctx_t *ctx, const u32 *w, const int len); DECLSPEC void whirlpool_update_swap (whirlpool_ctx_t *ctx, const u32 *w, const int len); @@ -84,11 +96,11 @@ DECLSPEC void whirlpool_update_global_swap (whirlpool_ctx_t *ctx, GLOBAL_AS cons DECLSPEC void whirlpool_update_global_utf16le (whirlpool_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_update_global_utf16le_swap (whirlpool_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_final (whirlpool_ctx_t *ctx); -DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64 (*s_MT)[256]); -DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]); -DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]); -DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]); -DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_hmac_init_64 (whirlpool_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); +DECLSPEC void whirlpool_hmac_init (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); +DECLSPEC void whirlpool_hmac_init_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); +DECLSPEC void whirlpool_hmac_init_global (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); +DECLSPEC void whirlpool_hmac_init_global_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); DECLSPEC void whirlpool_hmac_update_64 (whirlpool_hmac_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len); DECLSPEC void whirlpool_hmac_update (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len); DECLSPEC void whirlpool_hmac_update_swap (whirlpool_hmac_ctx_t *ctx, const u32 *w, const int len); @@ -99,8 +111,8 @@ DECLSPEC void whirlpool_hmac_update_global_swap (whirlpool_hmac_ctx_t *ctx, GLOB DECLSPEC void whirlpool_hmac_update_global_utf16le (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_hmac_update_global_utf16le_swap (whirlpool_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void whirlpool_hmac_final (whirlpool_hmac_ctx_t *ctx); -DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 (*s_MT)[256]); -DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_transform_vector (const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); +DECLSPEC void whirlpool_init_vector (whirlpool_ctx_vector_t *ctx, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); DECLSPEC void whirlpool_init_vector_from_scalar (whirlpool_ctx_vector_t *ctx, whirlpool_ctx_t *ctx0); DECLSPEC void whirlpool_update_vector_64 (whirlpool_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len); DECLSPEC void whirlpool_update_vector (whirlpool_ctx_vector_t *ctx, const u32x *w, const int len); @@ -108,8 +120,8 @@ DECLSPEC void whirlpool_update_vector_swap (whirlpool_ctx_vector_t *ctx, const u DECLSPEC void whirlpool_update_vector_utf16le (whirlpool_ctx_vector_t *ctx, const u32x *w, const int len); DECLSPEC void whirlpool_update_vector_utf16le_swap (whirlpool_ctx_vector_t *ctx, const u32x *w, const int len); DECLSPEC void whirlpool_final_vector (whirlpool_ctx_vector_t *ctx); -DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64 (*s_MT)[256]); -DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64 (*s_MT)[256]); +DECLSPEC void whirlpool_hmac_init_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); +DECLSPEC void whirlpool_hmac_init_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7); DECLSPEC void whirlpool_hmac_update_vector_64 (whirlpool_hmac_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len); DECLSPEC void whirlpool_hmac_update_vector (whirlpool_hmac_ctx_vector_t *ctx, const u32x *w, const int len); DECLSPEC void whirlpool_hmac_final_vector (whirlpool_hmac_ctx_vector_t *ctx); diff --git a/OpenCL/m06100_a0-optimized.cl b/OpenCL/m06100_a0-optimized.cl index 88cfd2a7d..51d05c983 100644 --- a/OpenCL/m06100_a0-optimized.cl +++ b/OpenCL/m06100_a0-optimized.cl @@ -16,9 +16,9 @@ #include "inc_hash_whirlpool.cl" #endif -DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { - whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT); + whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m06100_m04 (KERN_ATTR_RULES ()) @@ -37,25 +37,39 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_RULES ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -136,7 +150,7 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_RULES ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT); + whirlpool_transform_transport_vector (w, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); COMPARE_M_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } @@ -166,25 +180,39 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_RULES ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -277,7 +305,7 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_RULES ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT); + whirlpool_transform_transport_vector (w, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); COMPARE_S_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } diff --git a/OpenCL/m06100_a0-pure.cl b/OpenCL/m06100_a0-pure.cl index 769ba26e7..a6e8cf2e8 100644 --- a/OpenCL/m06100_a0-pure.cl +++ b/OpenCL/m06100_a0-pure.cl @@ -32,25 +32,39 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_RULES ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -74,7 +88,7 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_RULES ()) whirlpool_ctx_t ctx; - whirlpool_init (&ctx, s_MT); + whirlpool_init (&ctx, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_swap (&ctx, tmp.i, tmp.pw_len); @@ -105,25 +119,39 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_RULES ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -159,7 +187,7 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_RULES ()) whirlpool_ctx_t ctx; - whirlpool_init (&ctx, s_MT); + whirlpool_init (&ctx, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_swap (&ctx, tmp.i, tmp.pw_len); diff --git a/OpenCL/m06100_a1-optimized.cl b/OpenCL/m06100_a1-optimized.cl index 87d62f4ff..55ec3dcaf 100644 --- a/OpenCL/m06100_a1-optimized.cl +++ b/OpenCL/m06100_a1-optimized.cl @@ -14,9 +14,9 @@ #include "inc_hash_whirlpool.cl" #endif -DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { - whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT); + whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) @@ -35,25 +35,39 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -192,7 +206,7 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT); + whirlpool_transform_transport_vector (w, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); COMPARE_M_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } @@ -222,25 +236,39 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -391,7 +419,7 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT); + whirlpool_transform_transport_vector (w, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); COMPARE_S_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } diff --git a/OpenCL/m06100_a1-pure.cl b/OpenCL/m06100_a1-pure.cl index 7d89131a6..4863fc2e5 100644 --- a/OpenCL/m06100_a1-pure.cl +++ b/OpenCL/m06100_a1-pure.cl @@ -30,25 +30,39 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -60,7 +74,7 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_BASIC ()) whirlpool_ctx_t ctx0; - whirlpool_init (&ctx0, s_MT); + whirlpool_init (&ctx0, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); @@ -101,25 +115,39 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -143,7 +171,7 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_BASIC ()) whirlpool_ctx_t ctx0; - whirlpool_init (&ctx0, s_MT); + whirlpool_init (&ctx0, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_global_swap (&ctx0, pws[gid].i, pws[gid].pw_len); diff --git a/OpenCL/m06100_a3-optimized.cl b/OpenCL/m06100_a3-optimized.cl index 02f700eab..f1d4204f5 100644 --- a/OpenCL/m06100_a3-optimized.cl +++ b/OpenCL/m06100_a3-optimized.cl @@ -14,12 +14,12 @@ #include "inc_hash_whirlpool.cl" #endif -DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void whirlpool_transform_transport_vector (const u32x *w, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { - whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT); + whirlpool_transform_vector (w + 0, w + 4, w + 8, w + 12, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } -DECLSPEC void m06100m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void m06100m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { /** * modifier @@ -82,13 +82,13 @@ DECLSPEC void m06100m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT); + whirlpool_transform_transport_vector (w, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); COMPARE_M_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } } -DECLSPEC void m06100s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void m06100s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC (), SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { /** * modifier @@ -163,7 +163,7 @@ DECLSPEC void m06100s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER dgst[14] = 0; dgst[15] = 0; - whirlpool_transform_transport_vector (w, dgst, s_MT); + whirlpool_transform_transport_vector (w, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); COMPARE_S_SIMD (dgst[0], dgst[1], dgst[2], dgst[3]); } @@ -185,25 +185,39 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -247,7 +261,7 @@ KERNEL_FQ void m06100_m04 (KERN_ATTR_BASIC ()) * main */ - m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT); + m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m06100_m08 (KERN_ATTR_BASIC ()) @@ -266,25 +280,39 @@ KERNEL_FQ void m06100_m08 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -328,7 +356,7 @@ KERNEL_FQ void m06100_m08 (KERN_ATTR_BASIC ()) * main */ - m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT); + m06100m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m06100_m16 (KERN_ATTR_BASIC ()) @@ -351,25 +379,39 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -413,7 +455,7 @@ KERNEL_FQ void m06100_s04 (KERN_ATTR_BASIC ()) * main */ - m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT); + m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m06100_s08 (KERN_ATTR_BASIC ()) @@ -432,25 +474,39 @@ KERNEL_FQ void m06100_s08 (KERN_ATTR_BASIC ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -494,7 +550,7 @@ KERNEL_FQ void m06100_s08 (KERN_ATTR_BASIC ()) * main */ - m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT); + m06100s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m06100_s16 (KERN_ATTR_BASIC ()) diff --git a/OpenCL/m06100_a3-pure.cl b/OpenCL/m06100_a3-pure.cl index 83ee08949..14851dc2b 100644 --- a/OpenCL/m06100_a3-pure.cl +++ b/OpenCL/m06100_a3-pure.cl @@ -30,25 +30,39 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_VECTOR ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -83,7 +97,7 @@ KERNEL_FQ void m06100_mxx (KERN_ATTR_VECTOR ()) whirlpool_ctx_vector_t ctx; - whirlpool_init_vector (&ctx, s_MT); + whirlpool_init_vector (&ctx, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_vector (&ctx, w, pw_len); @@ -114,25 +128,39 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_VECTOR ()) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -179,7 +207,7 @@ KERNEL_FQ void m06100_sxx (KERN_ATTR_VECTOR ()) whirlpool_ctx_vector_t ctx; - whirlpool_init_vector (&ctx, s_MT); + whirlpool_init_vector (&ctx, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); whirlpool_update_vector (&ctx, w, pw_len); diff --git a/OpenCL/m06231-pure.cl b/OpenCL/m06231-pure.cl index ab0c0b99c..302f6d735 100644 --- a/OpenCL/m06231-pure.cl +++ b/OpenCL/m06231-pure.cl @@ -45,7 +45,7 @@ typedef struct tc_tmp } tc_tmp_t; -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -64,7 +64,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -83,7 +83,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -119,7 +119,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -138,7 +138,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m06231_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) @@ -168,25 +168,39 @@ KERNEL_FQ void m06231_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -258,7 +272,7 @@ KERNEL_FQ void m06231_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -369,25 +383,39 @@ KERNEL_FQ void m06231_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -493,7 +521,7 @@ KERNEL_FQ void m06231_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; diff --git a/OpenCL/m06232-pure.cl b/OpenCL/m06232-pure.cl index 883fa5cf0..a547273e0 100644 --- a/OpenCL/m06232-pure.cl +++ b/OpenCL/m06232-pure.cl @@ -45,7 +45,7 @@ typedef struct tc_tmp } tc_tmp_t; -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -64,7 +64,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -83,7 +83,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -119,7 +119,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -138,7 +138,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m06232_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) @@ -168,25 +168,39 @@ KERNEL_FQ void m06232_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -258,7 +272,7 @@ KERNEL_FQ void m06232_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -369,25 +383,39 @@ KERNEL_FQ void m06232_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -493,7 +521,7 @@ KERNEL_FQ void m06232_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; diff --git a/OpenCL/m06233-pure.cl b/OpenCL/m06233-pure.cl index c95944450..b7737d0b4 100644 --- a/OpenCL/m06233-pure.cl +++ b/OpenCL/m06233-pure.cl @@ -45,7 +45,7 @@ typedef struct tc_tmp } tc_tmp_t; -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -64,7 +64,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -83,7 +83,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -119,7 +119,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -138,7 +138,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m06233_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) @@ -168,25 +168,39 @@ KERNEL_FQ void m06233_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -258,7 +272,7 @@ KERNEL_FQ void m06233_init (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -369,25 +383,39 @@ KERNEL_FQ void m06233_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -493,7 +521,7 @@ KERNEL_FQ void m06233_loop (KERN_ATTR_TMPS_ESALT (tc_tmp_t, tc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; diff --git a/OpenCL/m13731-pure.cl b/OpenCL/m13731-pure.cl index 971e72cb3..761141945 100644 --- a/OpenCL/m13731-pure.cl +++ b/OpenCL/m13731-pure.cl @@ -86,7 +86,7 @@ DECLSPEC int check_header_0512 (GLOBAL_AS const vc_t *esalt_bufs, GLOBAL_AS u32 return -1; } -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -105,7 +105,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -124,7 +124,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -160,7 +160,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -179,7 +179,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m13731_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) @@ -209,25 +209,39 @@ KERNEL_FQ void m13731_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -299,7 +313,7 @@ KERNEL_FQ void m13731_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -461,25 +475,39 @@ KERNEL_FQ void m13731_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -616,7 +644,7 @@ KERNEL_FQ void m13731_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -755,34 +783,6 @@ KERNEL_FQ void m13731_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #endif - /** - * Whirlpool shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u64 s_MT[8][256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u64a (*s_MT)[256] = MT; - - #endif - if (gid >= gid_max) return; if (tmps[gid].pim) diff --git a/OpenCL/m13732-pure.cl b/OpenCL/m13732-pure.cl index 68b4f5283..26b5a5d62 100644 --- a/OpenCL/m13732-pure.cl +++ b/OpenCL/m13732-pure.cl @@ -137,7 +137,7 @@ DECLSPEC int check_header_1024 (GLOBAL_AS const vc_t *esalt_bufs, GLOBAL_AS u32 return -1; } -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -156,7 +156,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -175,7 +175,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -211,7 +211,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -230,7 +230,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m13732_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) @@ -260,25 +260,39 @@ KERNEL_FQ void m13732_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -350,7 +364,7 @@ KERNEL_FQ void m13732_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -512,25 +526,39 @@ KERNEL_FQ void m13732_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -667,7 +695,7 @@ KERNEL_FQ void m13732_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -807,34 +835,6 @@ KERNEL_FQ void m13732_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #endif - /** - * Whirlpool shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u64 s_MT[8][256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u64a (*s_MT)[256] = MT; - - #endif - if (gid >= gid_max) return; if (tmps[gid].pim) diff --git a/OpenCL/m13733-pure.cl b/OpenCL/m13733-pure.cl index 1136733bc..0a9059b5b 100644 --- a/OpenCL/m13733-pure.cl +++ b/OpenCL/m13733-pure.cl @@ -202,7 +202,7 @@ DECLSPEC int check_header_1536 (GLOBAL_AS const vc_t *esalt_bufs, GLOBAL_AS u32 return -1; } -DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 (*s_MT)[256]) +DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest, SHM_TYPE u64 *s_MT0, SHM_TYPE u64 *s_MT1, SHM_TYPE u64 *s_MT2, SHM_TYPE u64 *s_MT3, SHM_TYPE u64 *s_MT4, SHM_TYPE u64 *s_MT5, SHM_TYPE u64 *s_MT6, SHM_TYPE u64 *s_MT7) { digest[ 0] = ipad[ 0]; digest[ 1] = ipad[ 1]; @@ -221,7 +221,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = ipad[14]; digest[15] = ipad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -240,7 +240,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = digest[ 0]; w0[1] = digest[ 1]; @@ -276,7 +276,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x digest[14] = opad[14]; digest[15] = opad[15]; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); w0[0] = 0x80000000; w0[1] = 0; @@ -295,7 +295,7 @@ DECLSPEC void hmac_whirlpool_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x w3[2] = 0; w3[3] = (64 + 64) * 8; - whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT); + whirlpool_transform_vector (w0, w1, w2, w3, digest, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); } KERNEL_FQ void m13733_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) @@ -325,25 +325,39 @@ KERNEL_FQ void m13733_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -415,7 +429,7 @@ KERNEL_FQ void m13733_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) whirlpool_hmac_ctx_t whirlpool_hmac_ctx; - whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT); + whirlpool_hmac_init_64 (&whirlpool_hmac_ctx, w0, w1, w2, w3, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); tmps[gid].ipad[ 0] = whirlpool_hmac_ctx.ipad.h[ 0]; tmps[gid].ipad[ 1] = whirlpool_hmac_ctx.ipad.h[ 1]; @@ -577,25 +591,39 @@ KERNEL_FQ void m13733_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #ifdef REAL_SHM - LOCAL_VK u64 s_MT[8][256]; + LOCAL_VK u64 s_MT0[256]; + LOCAL_VK u64 s_MT1[256]; + LOCAL_VK u64 s_MT2[256]; + LOCAL_VK u64 s_MT3[256]; + LOCAL_VK u64 s_MT4[256]; + LOCAL_VK u64 s_MT5[256]; + LOCAL_VK u64 s_MT6[256]; + LOCAL_VK u64 s_MT7[256]; for (u32 i = lid; i < 256; i += lsz) { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; + s_MT0[i] = MT0[i]; + s_MT1[i] = MT1[i]; + s_MT2[i] = MT2[i]; + s_MT3[i] = MT3[i]; + s_MT4[i] = MT4[i]; + s_MT5[i] = MT5[i]; + s_MT6[i] = MT6[i]; + s_MT7[i] = MT7[i]; } SYNC_THREADS (); #else - CONSTANT_AS u64a (*s_MT)[256] = MT; + CONSTANT_AS u64a *s_MT0 = MT0; + CONSTANT_AS u64a *s_MT1 = MT1; + CONSTANT_AS u64a *s_MT2 = MT2; + CONSTANT_AS u64a *s_MT3 = MT3; + CONSTANT_AS u64a *s_MT4 = MT4; + CONSTANT_AS u64a *s_MT5 = MT5; + CONSTANT_AS u64a *s_MT6 = MT6; + CONSTANT_AS u64a *s_MT7 = MT7; #endif @@ -732,7 +760,7 @@ KERNEL_FQ void m13733_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) w3[2] = dgst[14]; w3[3] = dgst[15]; - hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT); + hmac_whirlpool_run_V (w0, w1, w2, w3, ipad, opad, dgst, s_MT0, s_MT1, s_MT2, s_MT3, s_MT4, s_MT5, s_MT6, s_MT7); out[ 0] ^= dgst[ 0]; out[ 1] ^= dgst[ 1]; @@ -873,34 +901,6 @@ KERNEL_FQ void m13733_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) #endif - /** - * Whirlpool shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u64 s_MT[8][256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_MT[0][i] = MT[0][i]; - s_MT[1][i] = MT[1][i]; - s_MT[2][i] = MT[2][i]; - s_MT[3][i] = MT[3][i]; - s_MT[4][i] = MT[4][i]; - s_MT[5][i] = MT[5][i]; - s_MT[6][i] = MT[6][i]; - s_MT[7][i] = MT[7][i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u64a (*s_MT)[256] = MT; - - #endif - if (gid >= gid_max) return; if (tmps[gid].pim) From c9fdb346989e7864685cd4da034f23644bf63f2a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 13 Feb 2020 13:24:20 +0100 Subject: [PATCH 222/300] Do not use V_BFE_U32 with latest rocm version --- OpenCL/inc_common.cl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/OpenCL/inc_common.cl b/OpenCL/inc_common.cl index e407e02c2..6a7373867 100644 --- a/OpenCL/inc_common.cl +++ b/OpenCL/inc_common.cl @@ -496,8 +496,8 @@ DECLSPEC u32 unpack_v8a_from_v32_S (const u32 v32) #if defined IS_NV && HAS_BFE == 1 asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r) : "r"(v32)); - #elif defined IS_AMD && HAS_VBFE == 1 - __asm__ __volatile__ ("V_BFE_U32 %0, %1, 0, 8;" : "=v"(r) : "v"(v32)); + //#elif defined IS_AMD && HAS_VBFE == 1 + //__asm__ __volatile__ ("V_BFE_U32 %0, %1, 0, 8;" : "=v"(r) : "v"(v32)); #else r = (v32 >> 0) & 0xff; #endif @@ -511,8 +511,8 @@ DECLSPEC u32 unpack_v8b_from_v32_S (const u32 v32) #if defined IS_NV && HAS_BFE == 1 asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r) : "r"(v32)); - #elif defined IS_AMD && HAS_VBFE == 1 - __asm__ __volatile__ ("V_BFE_U32 %0, %1, 8, 8;" : "=v"(r) : "v"(v32)); + //#elif defined IS_AMD && HAS_VBFE == 1 + //__asm__ __volatile__ ("V_BFE_U32 %0, %1, 8, 8;" : "=v"(r) : "v"(v32)); #else r = (v32 >> 8) & 0xff; #endif @@ -526,8 +526,8 @@ DECLSPEC u32 unpack_v8c_from_v32_S (const u32 v32) #if defined IS_NV && HAS_BFE == 1 asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r) : "r"(v32)); - #elif defined IS_AMD && HAS_VBFE == 1 - __asm__ __volatile__ ("V_BFE_U32 %0, %1, 16, 8;" : "=v"(r) : "v"(v32)); + //#elif defined IS_AMD && HAS_VBFE == 1 + //__asm__ __volatile__ ("V_BFE_U32 %0, %1, 16, 8;" : "=v"(r) : "v"(v32)); #else r = (v32 >> 16) & 0xff; #endif @@ -541,8 +541,8 @@ DECLSPEC u32 unpack_v8d_from_v32_S (const u32 v32) #if defined IS_NV && HAS_BFE == 1 asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r) : "r"(v32)); - #elif defined IS_AMD && HAS_VBFE == 1 - __asm__ __volatile__ ("V_BFE_U32 %0, %1, 24, 8;" : "=v"(r) : "v"(v32)); + //#elif defined IS_AMD && HAS_VBFE == 1 + //__asm__ __volatile__ ("V_BFE_U32 %0, %1, 24, 8;" : "=v"(r) : "v"(v32)); #else r = (v32 >> 24) & 0xff; #endif From 42e7fa1303ae801208250df799bb57ec0a1b627e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 13 Feb 2020 13:59:32 +0100 Subject: [PATCH 223/300] Fix buffer overflow in module_hash_encode() in hash-mode 13600 --- src/modules/module_13600.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_13600.c b/src/modules/module_13600.c index f984d0473..6aaae4200 100644 --- a/src/modules/module_13600.c +++ b/src/modules/module_13600.c @@ -364,7 +364,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u32 data_len = zip2->data_len; - char data_tmp[8192 + 1] = { 0 }; + char data_tmp[16384 + 1] = { 0 }; for (u32 i = 0, j = 0; i < data_len; i += 1, j += 2) { From 4883371ada01db81bf33d3754840ffe92b98e894 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 14 Feb 2020 11:05:42 +0100 Subject: [PATCH 224/300] Update hashcat.hctune --- hashcat.hctune | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/hashcat.hctune b/hashcat.hctune index 113be9635..49d767bec 100644 --- a/hashcat.hctune +++ b/hashcat.hctune @@ -272,9 +272,13 @@ GeForce_RTX_2080_Ti ALIAS_nv_sm50_or_higher ## ENTRIES ## ############# -DEVICE_TYPE_CPU * * N A A DEVICE_TYPE_CPU * 6100 1 A A -DEVICE_TYPE_CPU * 6900 1 A A +DEVICE_TYPE_CPU * 6231 1 A A +DEVICE_TYPE_CPU * 6232 1 A A +DEVICE_TYPE_CPU * 6233 1 A A +DEVICE_TYPE_CPU * 13731 1 A A +DEVICE_TYPE_CPU * 13732 1 A A +DEVICE_TYPE_CPU * 13733 1 A A #Device Attack Hash Vector Kernel Kernel #Name Mode Type Width Accel Loops @@ -355,21 +359,9 @@ GeForce_GTX_TITAN 3 2410 2 A GeForce_GTX_TITAN 3 5500 1 A A GeForce_GTX_TITAN 3 9900 2 A A -####################### -## EXTREME SLOW ALGOS # -####################### - -#DEVICE_TYPE_GPU * 14600 1 2 M -#DEVICE_TYPE_GPU * 14800 1 2 250 - ########### ## SCRYPT # ########### -DEVICE_TYPE_CPU * 8900 1 16 1 -DEVICE_TYPE_CPU * 9300 1 16 1 DEVICE_TYPE_CPU * 15700 1 1 1 - -DEVICE_TYPE_GPU * 8900 1 16 1 -DEVICE_TYPE_GPU * 9300 1 16 1 DEVICE_TYPE_GPU * 15700 1 1 1 From 20fa2167af12ad0a404793bffa00a3841e210d4c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 14 Feb 2020 11:29:19 +0100 Subject: [PATCH 225/300] Add NO_UNROLL to -m 13800 --- src/modules/module_13800.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/modules/module_13800.c b/src/modules/module_13800.c index 5f75c5384..38e7442ba 100644 --- a/src/modules/module_13800.c +++ b/src/modules/module_13800.c @@ -51,6 +51,15 @@ typedef struct win8phone } win8phone_t; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (win8phone_t); @@ -202,7 +211,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; From ec841fcd1cb4ae44158b2e03b86f1339f552c61e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 14 Feb 2020 12:21:00 +0100 Subject: [PATCH 226/300] Add NO_UNROLL to -m 15900 --- src/modules/module_15900.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/modules/module_15900.c b/src/modules/module_15900.c index 33a240e23..04aa87d7f 100644 --- a/src/modules/module_15900.c +++ b/src/modules/module_15900.c @@ -76,6 +76,15 @@ typedef struct dpapimk_tmp_v2 static const char *SIGNATURE_DPAPIMK = "$DPAPImk$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (dpapimk_tmp_v2_t); @@ -425,7 +434,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; From 809c1c5e1e3b5b51fd95ff2b348186e522b6fa8f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 14 Feb 2020 21:38:36 +0100 Subject: [PATCH 227/300] Add missing algorithm to tools/benchmark_deep.pl --- tools/benchmark_deep.pl | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/benchmark_deep.pl b/tools/benchmark_deep.pl index ee562403b..4b6f629fe 100755 --- a/tools/benchmark_deep.pl +++ b/tools/benchmark_deep.pl @@ -280,6 +280,25 @@ my @hash_types = 20013, 20500, 20510, + 20600, + 20710, + 20800, + 20900, + 21000, + 21100, + 21200, + 21300, + 21400, + 21500, + 21600, + 21700, + 21800, + 22000, + 22100, + 22200, + 22300, + 22400, + 22500, ); if (scalar @ARGV) From c90d83c3ebb220b3a3f5f477787880a8fd1b1570 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 15 Feb 2020 12:44:12 +0100 Subject: [PATCH 228/300] Prepare for UNROLL whitelisting --- OpenCL/inc_vendor.h | 13 ------------- src/backend.c | 4 ++-- src/modules/module_01450.c | 24 +----------------------- src/modules/module_01720.c | 24 +----------------------- src/modules/module_01722.c | 24 +----------------------- src/modules/module_01740.c | 24 +----------------------- src/modules/module_01750.c | 24 +----------------------- src/modules/module_01760.c | 24 +----------------------- src/modules/module_01800.c | 18 +----------------- src/modules/module_06211.c | 14 +------------- src/modules/module_06212.c | 14 +------------- src/modules/module_06213.c | 14 +------------- src/modules/module_06221.c | 11 +---------- src/modules/module_06222.c | 11 +---------- src/modules/module_06223.c | 13 +------------ src/modules/module_06231.c | 14 +------------- src/modules/module_06232.c | 14 +------------- src/modules/module_06233.c | 14 +------------- src/modules/module_06241.c | 14 +------------- src/modules/module_06242.c | 14 +------------- src/modules/module_06243.c | 14 +------------- src/modules/module_06400.c | 24 +----------------------- src/modules/module_06500.c | 11 +---------- src/modules/module_06800.c | 24 +----------------------- src/modules/module_07000.c | 14 +------------- src/modules/module_07200.c | 11 +---------- src/modules/module_07400.c | 11 +---------- src/modules/module_07401.c | 11 +---------- src/modules/module_07900.c | 11 +---------- src/modules/module_08000.c | 14 +------------- src/modules/module_08200.c | 14 +------------- src/modules/module_09200.c | 17 +---------------- src/modules/module_09600.c | 11 +---------- src/modules/module_10800.c | 24 +----------------------- src/modules/module_10900.c | 24 +----------------------- src/modules/module_11000.c | 19 +------------------ src/modules/module_11300.c | 11 +---------- src/modules/module_11600.c | 19 +------------------ src/modules/module_12100.c | 14 +------------- src/modules/module_12200.c | 24 +----------------------- src/modules/module_12300.c | 11 +---------- src/modules/module_12800.c | 24 +----------------------- src/modules/module_12900.c | 24 +----------------------- src/modules/module_13000.c | 24 +----------------------- src/modules/module_13711.c | 14 +------------- src/modules/module_13712.c | 14 +------------- src/modules/module_13713.c | 14 +------------- src/modules/module_13721.c | 11 +---------- src/modules/module_13722.c | 11 +---------- src/modules/module_13723.c | 11 +---------- src/modules/module_13731.c | 14 +------------- src/modules/module_13732.c | 14 +------------- src/modules/module_13733.c | 14 +------------- src/modules/module_13741.c | 14 +------------- src/modules/module_13742.c | 14 +------------- src/modules/module_13743.c | 14 +------------- src/modules/module_13751.c | 14 +------------- src/modules/module_13752.c | 14 +------------- src/modules/module_13753.c | 14 +------------- src/modules/module_13761.c | 14 +------------- src/modules/module_13762.c | 14 +------------- src/modules/module_13763.c | 14 +------------- src/modules/module_13771.c | 13 +------------ src/modules/module_13772.c | 14 +------------- src/modules/module_13773.c | 14 +------------- src/modules/module_13800.c | 11 +---------- src/modules/module_14100.c | 14 +------------- src/modules/module_15000.c | 24 +----------------------- src/modules/module_15600.c | 24 +----------------------- src/modules/module_15900.c | 11 +---------- src/modules/module_16200.c | 24 +----------------------- src/modules/module_16300.c | 24 +----------------------- src/modules/module_16700.c | 24 +----------------------- src/modules/module_16900.c | 24 +----------------------- src/modules/module_17300.c | 15 +-------------- src/modules/module_17400.c | 15 +-------------- src/modules/module_17500.c | 15 +-------------- src/modules/module_17600.c | 15 +-------------- src/modules/module_17700.c | 15 +-------------- src/modules/module_17800.c | 15 +-------------- src/modules/module_17900.c | 15 +-------------- src/modules/module_18000.c | 15 +-------------- src/modules/module_18300.c | 24 +----------------------- src/modules/module_19100.c | 24 +----------------------- src/modules/module_19200.c | 24 +----------------------- src/modules/module_20200.c | 10 +--------- src/modules/module_20300.c | 10 +--------- src/modules/module_20400.c | 10 +--------- src/modules/module_21500.c | 14 +------------- src/modules/module_21600.c | 14 +------------- src/modules/module_21700.c | 11 +---------- src/modules/module_21800.c | 11 +---------- 92 files changed, 92 insertions(+), 1375 deletions(-) diff --git a/OpenCL/inc_vendor.h b/OpenCL/inc_vendor.h index 4f8a1f38a..8cdd60673 100644 --- a/OpenCL/inc_vendor.h +++ b/OpenCL/inc_vendor.h @@ -135,19 +135,6 @@ #endif #endif -/** - * Unrolling is generally enabled, for all device types and hash modes - * There's a few exception when it's better not to unroll - * Some algorithms run into too much register pressure due to loop unrolling - */ - -// generic vendors: those algos have shown that they produce better results on both amd and nv when not unrolled -// so we can assume they will produce better results on other vendors as well - -#ifdef NO_UNROLL -#undef _unroll -#endif - // Whitelist some OpenCL specific functions // This could create more stable kernels on systems with bad OpenCL drivers diff --git a/src/backend.c b/src/backend.c index 72041c6c0..ad1d02235 100644 --- a/src/backend.c +++ b/src/backend.c @@ -7780,9 +7780,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) // we don't have sm_* on vendors not NV but it doesn't matter #if defined (DEBUG) - build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_ADD=%u -D HAS_ADDC=%u -D HAS_SUB=%u -D HAS_SUBC=%u -D HAS_VADD=%u -D HAS_VADDC=%u -D HAS_VADD_CO=%u -D HAS_VADDC_CO=%u -D HAS_VSUB=%u -D HAS_VSUBB=%u -D HAS_VSUB_CO=%u -D HAS_VSUBB_CO=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -D _unroll ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_add, device_param->has_addc, device_param->has_sub, device_param->has_subc, device_param->has_vadd, device_param->has_vaddc, device_param->has_vadd_co, device_param->has_vaddc_co, device_param->has_vsub, device_param->has_vsubb, device_param->has_vsub_co, device_param->has_vsubb_co, device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); + build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_ADD=%u -D HAS_ADDC=%u -D HAS_SUB=%u -D HAS_SUBC=%u -D HAS_VADD=%u -D HAS_VADDC=%u -D HAS_VADD_CO=%u -D HAS_VADDC_CO=%u -D HAS_VSUB=%u -D HAS_VSUBB=%u -D HAS_VSUB_CO=%u -D HAS_VSUBB_CO=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_add, device_param->has_addc, device_param->has_sub, device_param->has_subc, device_param->has_vadd, device_param->has_vaddc, device_param->has_vadd_co, device_param->has_vaddc_co, device_param->has_vsub, device_param->has_vsubb, device_param->has_vsub_co, device_param->has_vsubb_co, device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); #else - build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_ADD=%u -D HAS_ADDC=%u -D HAS_SUB=%u -D HAS_SUBC=%u -D HAS_VADD=%u -D HAS_VADDC=%u -D HAS_VADD_CO=%u -D HAS_VADDC_CO=%u -D HAS_VSUB=%u -D HAS_VSUBB=%u -D HAS_VSUB_CO=%u -D HAS_VSUBB_CO=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -D _unroll -w ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_add, device_param->has_addc, device_param->has_sub, device_param->has_subc, device_param->has_vadd, device_param->has_vaddc, device_param->has_vadd_co, device_param->has_vaddc_co, device_param->has_vsub, device_param->has_vsubb, device_param->has_vsub_co, device_param->has_vsubb_co, device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); + build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D LOCAL_MEM_TYPE=%d -D VENDOR_ID=%u -D CUDA_ARCH=%u -D HAS_ADD=%u -D HAS_ADDC=%u -D HAS_SUB=%u -D HAS_SUBC=%u -D HAS_VADD=%u -D HAS_VADDC=%u -D HAS_VADD_CO=%u -D HAS_VADDC_CO=%u -D HAS_VSUB=%u -D HAS_VSUBB=%u -D HAS_VSUB_CO=%u -D HAS_VSUBB_CO=%u -D HAS_VPERM=%u -D HAS_VADD3=%u -D HAS_VBFE=%u -D HAS_BFE=%u -D HAS_LOP3=%u -D HAS_MOV64=%u -D HAS_PRMT=%u -D VECT_SIZE=%d -D DEVICE_TYPE=%u -D DGST_R0=%u -D DGST_R1=%u -D DGST_R2=%u -D DGST_R3=%u -D DGST_ELEM=%u -D KERN_TYPE=%u -D ATTACK_EXEC=%u -D ATTACK_KERN=%u -w ", device_param->device_local_mem_type, device_param->opencl_platform_vendor_id, (device_param->sm_major * 100) + (device_param->sm_minor * 10), device_param->has_add, device_param->has_addc, device_param->has_sub, device_param->has_subc, device_param->has_vadd, device_param->has_vaddc, device_param->has_vadd_co, device_param->has_vaddc_co, device_param->has_vsub, device_param->has_vsubb, device_param->has_vsub_co, device_param->has_vsubb_co, device_param->has_vperm, device_param->has_vadd3, device_param->has_vbfe, device_param->has_bfe, device_param->has_lop3, device_param->has_mov64, device_param->has_prmt, device_param->vector_width, (u32) device_param->opencl_device_type, hashconfig->dgst_pos0, hashconfig->dgst_pos1, hashconfig->dgst_pos2, hashconfig->dgst_pos3, hashconfig->dgst_size / 4, kern_type, hashconfig->attack_exec, user_options_extra->attack_kern); #endif build_options_buf[build_options_len] = 0; diff --git a/src/modules/module_01450.c b/src/modules/module_01450.c index f986b4e7d..06c85549c 100644 --- a/src/modules/module_01450.c +++ b/src/modules/module_01450.c @@ -42,28 +42,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -215,7 +193,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_01720.c b/src/modules/module_01720.c index 7bb4f2e51..622ce62c9 100644 --- a/src/modules/module_01720.c +++ b/src/modules/module_01720.c @@ -48,28 +48,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -245,7 +223,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_01722.c b/src/modules/module_01722.c index 4a575d258..9654fe9e0 100644 --- a/src/modules/module_01722.c +++ b/src/modules/module_01722.c @@ -49,28 +49,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -222,7 +200,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_01740.c b/src/modules/module_01740.c index 083c274f9..9f4656673 100644 --- a/src/modules/module_01740.c +++ b/src/modules/module_01740.c @@ -49,28 +49,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -246,7 +224,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_01750.c b/src/modules/module_01750.c index ed0e6e54d..c4a8c458e 100644 --- a/src/modules/module_01750.c +++ b/src/modules/module_01750.c @@ -43,28 +43,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -216,7 +194,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_01760.c b/src/modules/module_01760.c index 0d862910f..2fb10e83b 100644 --- a/src/modules/module_01760.c +++ b/src/modules/module_01760.c @@ -44,28 +44,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -217,7 +195,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_01800.c b/src/modules/module_01800.c index 4b1540dd7..0c7422b53 100644 --- a/src/modules/module_01800.c +++ b/src/modules/module_01800.c @@ -430,22 +430,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - // unroll is faster on rocm in this kernel - } - else - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -564,7 +548,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06211.c b/src/modules/module_06211.c index 8f2be8897..57a80bf9e 100644 --- a/src/modules/module_06211.c +++ b/src/modules/module_06211.c @@ -70,18 +70,6 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_2K = 2000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -277,7 +265,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06212.c b/src/modules/module_06212.c index bfc9d05d8..74617ea03 100644 --- a/src/modules/module_06212.c +++ b/src/modules/module_06212.c @@ -70,18 +70,6 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_2K = 2000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -277,7 +265,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06213.c b/src/modules/module_06213.c index 1b09d8607..6a04c82fc 100644 --- a/src/modules/module_06213.c +++ b/src/modules/module_06213.c @@ -70,18 +70,6 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_2K = 2000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -275,7 +263,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06221.c b/src/modules/module_06221.c index 6d43ffe3c..2744b6b37 100644 --- a/src/modules/module_06221.c +++ b/src/modules/module_06221.c @@ -109,15 +109,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) { const size_t st_hash_len = strlen (hashconfig->st_hash); @@ -275,7 +266,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06222.c b/src/modules/module_06222.c index b0ae40989..d4314e47f 100644 --- a/src/modules/module_06222.c +++ b/src/modules/module_06222.c @@ -109,15 +109,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) { const size_t st_hash_len = strlen (hashconfig->st_hash); @@ -275,7 +266,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06223.c b/src/modules/module_06223.c index ee3c1f5ed..ec19b3c56 100644 --- a/src/modules/module_06223.c +++ b/src/modules/module_06223.c @@ -109,15 +109,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) { const size_t st_hash_len = strlen (hashconfig->st_hash); @@ -133,8 +124,6 @@ int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hook_salt, hash->hash_info, tmpdata, st_hash_len / 2); - - hcfree (tmpdata); return parser_status; @@ -275,7 +264,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06231.c b/src/modules/module_06231.c index 5586ad2cb..61b6709c5 100644 --- a/src/modules/module_06231.c +++ b/src/modules/module_06231.c @@ -84,18 +84,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -291,7 +279,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06232.c b/src/modules/module_06232.c index 75c51d4ed..8ff1aaf79 100644 --- a/src/modules/module_06232.c +++ b/src/modules/module_06232.c @@ -84,18 +84,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -291,7 +279,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06233.c b/src/modules/module_06233.c index 25217984b..a586cd923 100644 --- a/src/modules/module_06233.c +++ b/src/modules/module_06233.c @@ -84,18 +84,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -291,7 +279,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06241.c b/src/modules/module_06241.c index 6154ca84a..4ff957c71 100644 --- a/src/modules/module_06241.c +++ b/src/modules/module_06241.c @@ -71,18 +71,6 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_1K = 1000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const tc_t *tc = (const tc_t *) hashes->esalts_buf; @@ -290,7 +278,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06242.c b/src/modules/module_06242.c index 68a34eeff..048df78b1 100644 --- a/src/modules/module_06242.c +++ b/src/modules/module_06242.c @@ -71,18 +71,6 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_1K = 1000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const tc_t *tc = (const tc_t *) hashes->esalts_buf; @@ -290,7 +278,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06243.c b/src/modules/module_06243.c index 4ce623ae2..2ee532815 100644 --- a/src/modules/module_06243.c +++ b/src/modules/module_06243.c @@ -71,18 +71,6 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_1K = 1000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const tc_t *tc = (const tc_t *) hashes->esalts_buf; @@ -290,7 +278,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06400.c b/src/modules/module_06400.c index 51ed05522..82010ed67 100644 --- a/src/modules/module_06400.c +++ b/src/modules/module_06400.c @@ -254,28 +254,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -421,7 +399,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06500.c b/src/modules/module_06500.c index a8c51fd28..63607b2ba 100644 --- a/src/modules/module_06500.c +++ b/src/modules/module_06500.c @@ -530,15 +530,6 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE return line_len; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - void module_init (module_ctx_t *module_ctx) { module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; @@ -581,7 +572,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06800.c b/src/modules/module_06800.c index f90796038..d478fa439 100644 --- a/src/modules/module_06800.c +++ b/src/modules/module_06800.c @@ -68,28 +68,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -205,7 +183,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_07000.c b/src/modules/module_07000.c index 6cdbe3b84..44f23cbc2 100644 --- a/src/modules/module_07000.c +++ b/src/modules/module_07000.c @@ -44,18 +44,6 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, static const char *SIGNATURE_FORTIGATE = "AK1"; -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { u32 pw_max = PW_MAX; @@ -234,7 +222,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_07200.c b/src/modules/module_07200.c index 074043ef5..03cff75f2 100644 --- a/src/modules/module_07200.c +++ b/src/modules/module_07200.c @@ -84,15 +84,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -253,7 +244,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_07400.c b/src/modules/module_07400.c index 70bea0efc..7dece89ff 100644 --- a/src/modules/module_07400.c +++ b/src/modules/module_07400.c @@ -255,15 +255,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -382,7 +373,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_07401.c b/src/modules/module_07401.c index 8452ba567..022897c71 100644 --- a/src/modules/module_07401.c +++ b/src/modules/module_07401.c @@ -256,15 +256,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -427,7 +418,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_07900.c b/src/modules/module_07900.c index 6c6d23c8d..95c86a12a 100644 --- a/src/modules/module_07900.c +++ b/src/modules/module_07900.c @@ -299,15 +299,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -461,7 +452,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_08000.c b/src/modules/module_08000.c index 9ac33a4a5..d23d400d2 100644 --- a/src/modules/module_08000.c +++ b/src/modules/module_08000.c @@ -67,18 +67,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -207,7 +195,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_08200.c b/src/modules/module_08200.c index 4d44eb5a7..0c1cbfde6 100644 --- a/src/modules/module_08200.c +++ b/src/modules/module_08200.c @@ -58,18 +58,6 @@ typedef struct pbkdf2_sha512_tmp } pbkdf2_sha512_tmp_t; -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (cloudkey_t); @@ -283,7 +271,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_09200.c b/src/modules/module_09200.c index bf26e3ed8..13d63eead 100644 --- a/src/modules/module_09200.c +++ b/src/modules/module_09200.c @@ -84,22 +84,7 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { @@ -257,7 +242,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_09600.c b/src/modules/module_09600.c index 7e5fe1f82..615b59308 100644 --- a/src/modules/module_09600.c +++ b/src/modules/module_09600.c @@ -97,15 +97,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -322,7 +313,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_10800.c b/src/modules/module_10800.c index 83f7c04c7..5580785e9 100644 --- a/src/modules/module_10800.c +++ b/src/modules/module_10800.c @@ -48,28 +48,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -217,7 +195,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_10900.c b/src/modules/module_10900.c index e09a65e84..6f94ee4d6 100644 --- a/src/modules/module_10900.c +++ b/src/modules/module_10900.c @@ -85,28 +85,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -248,7 +226,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_11000.c b/src/modules/module_11000.c index 138f23ce5..c79414903 100644 --- a/src/modules/module_11000.c +++ b/src/modules/module_11000.c @@ -58,23 +58,6 @@ u32 module_salt_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return salt_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -188,7 +171,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_11300.c b/src/modules/module_11300.c index 70676cdbb..20cea4cae 100644 --- a/src/modules/module_11300.c +++ b/src/modules/module_11300.c @@ -102,15 +102,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -301,7 +292,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_11600.c b/src/modules/module_11600.c index 7e36daf43..6563d2d23 100644 --- a/src/modules/module_11600.c +++ b/src/modules/module_11600.c @@ -340,23 +340,6 @@ u32 module_kernel_loops_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_ return kernel_loops_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { // amdgpu-pro-19.30-934563-ubuntu-18.04: Segmentation fault @@ -761,7 +744,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = module_hook23; module_ctx->module_hook_salt_size = module_hook_salt_size; module_ctx->module_hook_size = module_hook_size; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_12100.c b/src/modules/module_12100.c index abd252672..546191755 100644 --- a/src/modules/module_12100.c +++ b/src/modules/module_12100.c @@ -86,18 +86,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -243,7 +231,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_12200.c b/src/modules/module_12200.c index d857b7e49..894b20e14 100644 --- a/src/modules/module_12200.c +++ b/src/modules/module_12200.c @@ -68,28 +68,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -229,7 +207,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_12300.c b/src/modules/module_12300.c index dee15c73d..e91d361f3 100644 --- a/src/modules/module_12300.c +++ b/src/modules/module_12300.c @@ -71,15 +71,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -217,7 +208,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_12800.c b/src/modules/module_12800.c index 8d54446f2..4a70a6cd8 100644 --- a/src/modules/module_12800.c +++ b/src/modules/module_12800.c @@ -70,28 +70,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -247,7 +225,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_12900.c b/src/modules/module_12900.c index 061515591..9b8502bd5 100644 --- a/src/modules/module_12900.c +++ b/src/modules/module_12900.c @@ -70,28 +70,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -252,7 +230,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13000.c b/src/modules/module_13000.c index 431233d2d..d91f96558 100644 --- a/src/modules/module_13000.c +++ b/src/modules/module_13000.c @@ -83,28 +83,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -286,7 +264,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13711.c b/src/modules/module_13711.c index b04f6e935..d61ebd25d 100644 --- a/src/modules/module_13711.c +++ b/src/modules/module_13711.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -332,7 +320,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13712.c b/src/modules/module_13712.c index 5bd1c8368..2bad6eff2 100644 --- a/src/modules/module_13712.c +++ b/src/modules/module_13712.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -332,7 +320,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13713.c b/src/modules/module_13713.c index 3b7a1a90a..286f18bf8 100644 --- a/src/modules/module_13713.c +++ b/src/modules/module_13713.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -332,7 +320,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13721.c b/src/modules/module_13721.c index 272fbe3fe..325152c1e 100644 --- a/src/modules/module_13721.c +++ b/src/modules/module_13721.c @@ -148,15 +148,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) { const size_t st_hash_len = strlen (hashconfig->st_hash); @@ -330,7 +321,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13722.c b/src/modules/module_13722.c index 64324fa03..21687d8e3 100644 --- a/src/modules/module_13722.c +++ b/src/modules/module_13722.c @@ -148,15 +148,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) { const size_t st_hash_len = strlen (hashconfig->st_hash); @@ -330,7 +321,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13723.c b/src/modules/module_13723.c index ba5d7a644..636d7ecc8 100644 --- a/src/modules/module_13723.c +++ b/src/modules/module_13723.c @@ -148,15 +148,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash) { const size_t st_hash_len = strlen (hashconfig->st_hash); @@ -330,7 +321,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13731.c b/src/modules/module_13731.c index a1fca2f9a..f9cf881c0 100644 --- a/src/modules/module_13731.c +++ b/src/modules/module_13731.c @@ -97,18 +97,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -341,7 +329,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13732.c b/src/modules/module_13732.c index 3b3508ab9..ba3f776c5 100644 --- a/src/modules/module_13732.c +++ b/src/modules/module_13732.c @@ -97,18 +97,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -341,7 +329,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13733.c b/src/modules/module_13733.c index f62d75dd9..d55f15da0 100644 --- a/src/modules/module_13733.c +++ b/src/modules/module_13733.c @@ -97,18 +97,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -341,7 +329,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13741.c b/src/modules/module_13741.c index a55c085d2..c04ef478d 100644 --- a/src/modules/module_13741.c +++ b/src/modules/module_13741.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -333,7 +321,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13742.c b/src/modules/module_13742.c index cd9c63191..89e21b597 100644 --- a/src/modules/module_13742.c +++ b/src/modules/module_13742.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -333,7 +321,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13743.c b/src/modules/module_13743.c index ff834d82f..a5c2792ce 100644 --- a/src/modules/module_13743.c +++ b/src/modules/module_13743.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -333,7 +321,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13751.c b/src/modules/module_13751.c index 110c0e6a1..4fff9a572 100644 --- a/src/modules/module_13751.c +++ b/src/modules/module_13751.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -332,7 +320,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13752.c b/src/modules/module_13752.c index 88f12bfc1..0907e2145 100644 --- a/src/modules/module_13752.c +++ b/src/modules/module_13752.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -332,7 +320,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13753.c b/src/modules/module_13753.c index 73c165b31..eb7fbaed8 100644 --- a/src/modules/module_13753.c +++ b/src/modules/module_13753.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -332,7 +320,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13761.c b/src/modules/module_13761.c index 47b1fb25a..f1beae125 100644 --- a/src/modules/module_13761.c +++ b/src/modules/module_13761.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -333,7 +321,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13762.c b/src/modules/module_13762.c index c738664d6..5a442cce1 100644 --- a/src/modules/module_13762.c +++ b/src/modules/module_13762.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -333,7 +321,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13763.c b/src/modules/module_13763.c index b4459d849..5d9d942f9 100644 --- a/src/modules/module_13763.c +++ b/src/modules/module_13763.c @@ -88,18 +88,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -333,7 +321,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13771.c b/src/modules/module_13771.c index 6fbcd8ccc..d2a4cf5b4 100644 --- a/src/modules/module_13771.c +++ b/src/modules/module_13771.c @@ -92,17 +92,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { @@ -336,7 +325,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13772.c b/src/modules/module_13772.c index 76421b2c5..ac47e5d81 100644 --- a/src/modules/module_13772.c +++ b/src/modules/module_13772.c @@ -92,18 +92,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_sbog_tmp_t *vc64_sbog_tmp = (const vc64_sbog_tmp_t *) tmps; @@ -336,7 +324,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13773.c b/src/modules/module_13773.c index 823683f66..248368d00 100644 --- a/src/modules/module_13773.c +++ b/src/modules/module_13773.c @@ -92,18 +92,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_sbog_tmp_t *vc64_sbog_tmp = (const vc64_sbog_tmp_t *) tmps; @@ -336,7 +324,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13800.c b/src/modules/module_13800.c index 38e7442ba..5f75c5384 100644 --- a/src/modules/module_13800.c +++ b/src/modules/module_13800.c @@ -51,15 +51,6 @@ typedef struct win8phone } win8phone_t; -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (win8phone_t); @@ -211,7 +202,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_14100.c b/src/modules/module_14100.c index 3d2e730c0..3449b6844 100644 --- a/src/modules/module_14100.c +++ b/src/modules/module_14100.c @@ -107,18 +107,6 @@ const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, return mask; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -245,7 +233,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_15000.c b/src/modules/module_15000.c index 3ccc9c068..3e6a6cbdf 100644 --- a/src/modules/module_15000.c +++ b/src/modules/module_15000.c @@ -59,28 +59,6 @@ u32 module_salt_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return salt_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -248,7 +226,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_15600.c b/src/modules/module_15600.c index 34c185fbf..f93734893 100644 --- a/src/modules/module_15600.c +++ b/src/modules/module_15600.c @@ -86,28 +86,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -295,7 +273,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_15900.c b/src/modules/module_15900.c index 04aa87d7f..33a240e23 100644 --- a/src/modules/module_15900.c +++ b/src/modules/module_15900.c @@ -76,15 +76,6 @@ typedef struct dpapimk_tmp_v2 static const char *SIGNATURE_DPAPIMK = "$DPAPImk$"; -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (dpapimk_tmp_v2_t); @@ -434,7 +425,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_16200.c b/src/modules/module_16200.c index 7a3f9aae0..100c6c7d4 100644 --- a/src/modules/module_16200.c +++ b/src/modules/module_16200.c @@ -76,28 +76,6 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return tmp_size; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -282,7 +260,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_16300.c b/src/modules/module_16300.c index ad6e9b970..cac770856 100644 --- a/src/modules/module_16300.c +++ b/src/modules/module_16300.c @@ -77,28 +77,6 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return tmp_size; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -295,7 +273,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_16700.c b/src/modules/module_16700.c index db3f2ee43..39a348c1e 100644 --- a/src/modules/module_16700.c +++ b/src/modules/module_16700.c @@ -76,28 +76,6 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return tmp_size; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -284,7 +262,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_16900.c b/src/modules/module_16900.c index 1b520901d..d2a122138 100644 --- a/src/modules/module_16900.c +++ b/src/modules/module_16900.c @@ -87,28 +87,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -318,7 +296,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_17300.c b/src/modules/module_17300.c index 06e2b7fe4..4b4869d7f 100644 --- a/src/modules/module_17300.c +++ b/src/modules/module_17300.c @@ -43,19 +43,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - // -Wpass-failed=transform-warning - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -159,7 +146,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_17400.c b/src/modules/module_17400.c index 31657b2bb..bb769e386 100644 --- a/src/modules/module_17400.c +++ b/src/modules/module_17400.c @@ -43,19 +43,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - // -Wpass-failed=transform-warning - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -150,7 +137,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_17500.c b/src/modules/module_17500.c index 25f8768e1..b177872e6 100644 --- a/src/modules/module_17500.c +++ b/src/modules/module_17500.c @@ -43,19 +43,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - // -Wpass-failed=transform-warning - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -156,7 +143,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_17600.c b/src/modules/module_17600.c index 7b4e506fa..478ccccf8 100644 --- a/src/modules/module_17600.c +++ b/src/modules/module_17600.c @@ -43,19 +43,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - // -Wpass-failed=transform-warning - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -162,7 +149,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_17700.c b/src/modules/module_17700.c index f8cd6aa4b..8d4003e0a 100644 --- a/src/modules/module_17700.c +++ b/src/modules/module_17700.c @@ -43,19 +43,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - // -Wpass-failed=transform-warning - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -159,7 +146,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_17800.c b/src/modules/module_17800.c index 01322071f..704d37190 100644 --- a/src/modules/module_17800.c +++ b/src/modules/module_17800.c @@ -43,19 +43,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - // -Wpass-failed=transform-warning - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -150,7 +137,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_17900.c b/src/modules/module_17900.c index 2441bd555..d4947e418 100644 --- a/src/modules/module_17900.c +++ b/src/modules/module_17900.c @@ -43,19 +43,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - // -Wpass-failed=transform-warning - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -156,7 +143,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_18000.c b/src/modules/module_18000.c index f2860130d..ad03e89af 100644 --- a/src/modules/module_18000.c +++ b/src/modules/module_18000.c @@ -43,19 +43,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - // -Wpass-failed=transform-warning - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -162,7 +149,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_18300.c b/src/modules/module_18300.c index 0ddd0cf91..96a211582 100644 --- a/src/modules/module_18300.c +++ b/src/modules/module_18300.c @@ -76,28 +76,6 @@ u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED return esalt_size; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -292,7 +270,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_19100.c b/src/modules/module_19100.c index c8ef5add7..520858229 100644 --- a/src/modules/module_19100.c +++ b/src/modules/module_19100.c @@ -57,28 +57,6 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return tmp_size; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -247,7 +225,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_19200.c b/src/modules/module_19200.c index affe045ca..2464f396a 100644 --- a/src/modules/module_19200.c +++ b/src/modules/module_19200.c @@ -59,28 +59,6 @@ u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED c return tmp_size; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->is_cuda == true) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -249,7 +227,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_20200.c b/src/modules/module_20200.c index 74d5e1379..514dd7511 100644 --- a/src/modules/module_20200.c +++ b/src/modules/module_20200.c @@ -84,14 +84,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -270,7 +262,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_20300.c b/src/modules/module_20300.c index d8e024b88..57dca6697 100644 --- a/src/modules/module_20300.c +++ b/src/modules/module_20300.c @@ -83,14 +83,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -269,7 +261,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_20400.c b/src/modules/module_20400.c index 4b1dd0ac8..b7f6a8200 100644 --- a/src/modules/module_20400.c +++ b/src/modules/module_20400.c @@ -83,14 +83,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -262,7 +254,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_21500.c b/src/modules/module_21500.c index 7a774dcd8..c2298bcbc 100644 --- a/src/modules/module_21500.c +++ b/src/modules/module_21500.c @@ -86,18 +86,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -262,7 +250,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_21600.c b/src/modules/module_21600.c index 4a0e5445c..0596f6b51 100644 --- a/src/modules/module_21600.c +++ b/src/modules/module_21600.c @@ -72,18 +72,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD) - { - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - } - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -207,7 +195,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_21700.c b/src/modules/module_21700.c index 612915934..92ee6a3b0 100644 --- a/src/modules/module_21700.c +++ b/src/modules/module_21700.c @@ -100,15 +100,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -311,7 +302,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_21800.c b/src/modules/module_21800.c index 1bb067efc..e148a3f3d 100644 --- a/src/modules/module_21800.c +++ b/src/modules/module_21800.c @@ -85,15 +85,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - char *jit_build_options = NULL; - - hc_asprintf (&jit_build_options, "-D NO_UNROLL"); - - return jit_build_options; -} - bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { // self-test failed @@ -305,7 +296,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_build_options = MODULE_DEFAULT; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; From 9980389f34852260a190c9221caa62b021faab90 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 15 Feb 2020 13:58:42 +0100 Subject: [PATCH 229/300] Update unroll and unstable configuration for Apple OpenCL runtime after unroll whitelisting change --- src/modules/module_06231.c | 16 +--------------- src/modules/module_06232.c | 16 +--------------- src/modules/module_06233.c | 16 +--------------- src/modules/module_07900.c | 16 +--------------- src/modules/module_11300.c | 16 +--------------- src/modules/module_12500.c | 9 --------- src/modules/module_13100.c | 9 --------- src/modules/module_13731.c | 9 --------- src/modules/module_13732.c | 9 --------- src/modules/module_13733.c | 9 --------- src/modules/module_13771.c | 1 - src/modules/module_15300.c | 9 --------- src/modules/module_15900.c | 16 +--------------- 13 files changed, 6 insertions(+), 145 deletions(-) diff --git a/src/modules/module_06231.c b/src/modules/module_06231.c index 61b6709c5..e86e09b69 100644 --- a/src/modules/module_06231.c +++ b/src/modules/module_06231.c @@ -70,20 +70,6 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_1K = 1000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - - return false; -} - bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -306,6 +292,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_06232.c b/src/modules/module_06232.c index 8ff1aaf79..847c2c3e9 100644 --- a/src/modules/module_06232.c +++ b/src/modules/module_06232.c @@ -70,20 +70,6 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_1K = 1000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - - return false; -} - bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -306,6 +292,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_06233.c b/src/modules/module_06233.c index a586cd923..080976adf 100644 --- a/src/modules/module_06233.c +++ b/src/modules/module_06233.c @@ -70,20 +70,6 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_1K = 1000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - - return false; -} - bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -306,6 +292,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_07900.c b/src/modules/module_07900.c index 95c86a12a..30d5a66b7 100644 --- a/src/modules/module_07900.c +++ b/src/modules/module_07900.c @@ -285,20 +285,6 @@ static void drupal7_encode (const u8 digest[64], u8 buf[43]) //buf[43] = int_to_itoa64 (l & 0x3f); } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // trap 6 - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -479,6 +465,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_11300.c b/src/modules/module_11300.c index 20cea4cae..6cc442743 100644 --- a/src/modules/module_11300.c +++ b/src/modules/module_11300.c @@ -88,20 +88,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // trap 6 - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -319,6 +305,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_12500.c b/src/modules/module_12500.c index a1688eeac..c95b57400 100644 --- a/src/modules/module_12500.c +++ b/src/modules/module_12500.c @@ -93,15 +93,6 @@ const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // Kernel minimum runtime larger than default TDR - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - // amdgpu-pro-18.50-708488-ubuntu-18.04: self-test failed if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { diff --git a/src/modules/module_13100.c b/src/modules/module_13100.c index 1203e34aa..2f6b98b45 100644 --- a/src/modules/module_13100.c +++ b/src/modules/module_13100.c @@ -75,15 +75,6 @@ u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYB bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { diff --git a/src/modules/module_13731.c b/src/modules/module_13731.c index f9cf881c0..47f5f204a 100644 --- a/src/modules/module_13731.c +++ b/src/modules/module_13731.c @@ -85,15 +85,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return true; } - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - return false; } diff --git a/src/modules/module_13732.c b/src/modules/module_13732.c index ba3f776c5..0cebe3856 100644 --- a/src/modules/module_13732.c +++ b/src/modules/module_13732.c @@ -85,15 +85,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return true; } - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - return false; } diff --git a/src/modules/module_13733.c b/src/modules/module_13733.c index d55f15da0..f6d89e01c 100644 --- a/src/modules/module_13733.c +++ b/src/modules/module_13733.c @@ -85,15 +85,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return true; } - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - return false; } diff --git a/src/modules/module_13771.c b/src/modules/module_13771.c index d2a4cf5b4..971b0de1e 100644 --- a/src/modules/module_13771.c +++ b/src/modules/module_13771.c @@ -92,7 +92,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE return false; } - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_sbog_tmp_t *vc64_sbog_tmp = (const vc64_sbog_tmp_t *) tmps; diff --git a/src/modules/module_15300.c b/src/modules/module_15300.c index 71b883ece..a57d6ca1e 100644 --- a/src/modules/module_15300.c +++ b/src/modules/module_15300.c @@ -98,15 +98,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // trap 6 - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - // amdgpu-pro-19.30-934563-ubuntu-18.04: self-test failed if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { diff --git a/src/modules/module_15900.c b/src/modules/module_15900.c index 33a240e23..984e66c85 100644 --- a/src/modules/module_15900.c +++ b/src/modules/module_15900.c @@ -97,20 +97,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) - { - // trap 6 - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) - { - return true; - } - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -452,6 +438,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } From cc3cb66f129170ac126afa9b50359e2ad2eda907 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 15 Feb 2020 14:39:26 +0100 Subject: [PATCH 230/300] Update unroll and unstable configuration for Intel OpenCL runtime after unroll whitelisting change --- src/modules/module_01500.c | 33 +++++++++++++++++++++++++++++++-- src/modules/module_03000.c | 33 ++++++++++++++++++++++++++++++++- src/modules/module_05200.c | 33 ++++++++++++++++++++++++++++++++- src/modules/module_08200.c | 21 ++++++++++++++++++++- src/modules/module_08500.c | 27 ++++++++++++++++++++++++++- src/modules/module_10400.c | 33 ++++++++++++++++++++++++++++++++- src/modules/module_10410.c | 33 ++++++++++++++++++++++++++++++++- src/modules/module_10500.c | 27 ++++++++++++++++++++++++++- src/modules/module_14000.c | 33 ++++++++++++++++++++++++++++++++- src/modules/module_18800.c | 33 ++++++++++++++++++++++++++++++++- src/modules/module_20600.c | 34 +++++++++++++++++++++++++++++++++- 11 files changed, 328 insertions(+), 12 deletions(-) diff --git a/src/modules/module_01500.c b/src/modules/module_01500.c index 563d9bfac..e97267a92 100644 --- a/src/modules/module_01500.c +++ b/src/modules/module_01500.c @@ -124,9 +124,38 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY { char *jit_build_options = NULL; - if ((user_options->attack_mode == ATTACK_MODE_BF) && (hashes->salts_cnt == 1) && (user_options->slow_candidates == false)) + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) { - hc_asprintf (&jit_build_options, "-DDESCRYPT_SALT=%u", hashes->salts_buf[0].salt_buf[0] & 0xfff); + if ((user_options->attack_mode == ATTACK_MODE_BF) && (hashes->salts_cnt == 1) && (user_options->slow_candidates == false)) + { + hc_asprintf (&jit_build_options, "-DDESCRYPT_SALT=%u", hashes->salts_buf[0].salt_buf[0] & 0xfff); + } + + return jit_build_options; + } + + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + if ((user_options->attack_mode == ATTACK_MODE_BF) && (hashes->salts_cnt == 1) && (user_options->slow_candidates == false)) + { + hc_asprintf (&jit_build_options, "-DDESCRYPT_SALT=%u -D _unroll", hashes->salts_buf[0].salt_buf[0] & 0xfff); + } + } + // ROCM + else if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + if ((user_options->attack_mode == ATTACK_MODE_BF) && (hashes->salts_cnt == 1) && (user_options->slow_candidates == false)) + { + hc_asprintf (&jit_build_options, "-DDESCRYPT_SALT=%u -D _unroll", hashes->salts_buf[0].salt_buf[0] & 0xfff); + } + } + else + { + if ((user_options->attack_mode == ATTACK_MODE_BF) && (hashes->salts_cnt == 1) && (user_options->slow_candidates == false)) + { + hc_asprintf (&jit_build_options, "-DDESCRYPT_SALT=%u", hashes->salts_buf[0].salt_buf[0] & 0xfff); + } } return jit_build_options; diff --git a/src/modules/module_03000.c b/src/modules/module_03000.c index 5cf3e2b5e..e98cb294c 100644 --- a/src/modules/module_03000.c +++ b/src/modules/module_03000.c @@ -48,6 +48,37 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // AMD-GPU-PRO + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u32 kernel_threads_max = 64; // performance only optimization @@ -212,7 +243,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_05200.c b/src/modules/module_05200.c index 7c50b5d47..9cd198e98 100644 --- a/src/modules/module_05200.c +++ b/src/modules/module_05200.c @@ -59,6 +59,37 @@ typedef struct pwsafe3_tmp static const char *SIGNATURE_PSAFE3 = "PWS3"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u32 pw_max = PW_MAX; @@ -185,7 +216,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_08200.c b/src/modules/module_08200.c index 0c1cbfde6..fffa11d5c 100644 --- a/src/modules/module_08200.c +++ b/src/modules/module_08200.c @@ -58,6 +58,25 @@ typedef struct pbkdf2_sha512_tmp } pbkdf2_sha512_tmp_t; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (cloudkey_t); @@ -271,7 +290,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_08500.c b/src/modules/module_08500.c index b39cd7c14..974cd8e0b 100644 --- a/src/modules/module_08500.c +++ b/src/modules/module_08500.c @@ -44,6 +44,31 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, static const char *SIGNATURE_RACF = "$racf$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // AMD-GPU-PRO + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u32 pw_max = 8; // Underlaying DES max @@ -213,7 +238,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_10400.c b/src/modules/module_10400.c index 0d683dc1d..60f3f28d8 100644 --- a/src/modules/module_10400.c +++ b/src/modules/module_10400.c @@ -64,6 +64,37 @@ typedef struct pdf static const char *SIGNATURE_PDF = "$pdf$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (pdf_t); @@ -345,7 +376,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_10410.c b/src/modules/module_10410.c index d641ae03c..998a79b4a 100644 --- a/src/modules/module_10410.c +++ b/src/modules/module_10410.c @@ -65,6 +65,37 @@ typedef struct pdf static const char *SIGNATURE_PDF = "$pdf$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (pdf_t); @@ -365,7 +396,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_10500.c b/src/modules/module_10500.c index 68975507a..54b1a770e 100644 --- a/src/modules/module_10500.c +++ b/src/modules/module_10500.c @@ -88,6 +88,31 @@ static void md5_complete_no_limit (u32 digest[4], const u32 *plain, const u32 pl digest[3] = md5_ctx.h[3]; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (pdf_t); @@ -471,7 +496,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_14000.c b/src/modules/module_14000.c index bb55b36ec..a26ce6cf1 100644 --- a/src/modules/module_14000.c +++ b/src/modules/module_14000.c @@ -43,6 +43,37 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // AMD-GPU-PRO + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u32 kernel_threads_max = 64; // performance only optimization @@ -241,7 +272,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_18800.c b/src/modules/module_18800.c index 9394bd875..81533c4d4 100644 --- a/src/modules/module_18800.c +++ b/src/modules/module_18800.c @@ -58,6 +58,37 @@ typedef struct bsp } bsp_t; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (bsp_tmp_t); @@ -226,7 +257,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_20600.c b/src/modules/module_20600.c index 0a9bc07b9..8189cb6fb 100644 --- a/src/modules/module_20600.c +++ b/src/modules/module_20600.c @@ -49,6 +49,38 @@ typedef struct omt_sha256_tmp } omt_sha256_tmp_t; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (omt_sha256_tmp_t); @@ -184,7 +216,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; From 87b151836d99df136071e7c8bcf27ac0dd5481f0 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 15 Feb 2020 15:34:47 +0100 Subject: [PATCH 231/300] Update unroll and unstable configuration for AMD-GPU-PRO OpenCL runtime after unroll whitelisting change --- src/modules/module_03100.c | 21 ++++++++++++++++++++- src/modules/module_04110.c | 16 +--------------- src/modules/module_07800.c | 16 +--------------- src/modules/module_07801.c | 16 +--------------- src/modules/module_07900.c | 27 ++++++++++++++++++++++++++- src/modules/module_11600.c | 35 ++++++++++++++++++++++------------- src/modules/module_11750.c | 13 +------------ src/modules/module_11760.c | 13 +------------ src/modules/module_11850.c | 13 +------------ src/modules/module_11860.c | 13 +------------ src/modules/module_12500.c | 13 +------------ src/modules/module_13800.c | 21 ++++++++++++++++++++- src/modules/module_14400.c | 13 +------------ src/modules/module_16000.c | 13 ++++++++++++- src/modules/module_18200.c | 21 ++++++++++++++++++++- src/modules/module_22100.c | 33 ++++++++++++++++++++++++++++++++- 16 files changed, 161 insertions(+), 136 deletions(-) diff --git a/src/modules/module_03100.c b/src/modules/module_03100.c index 7b6c8f845..d05fa2e42 100644 --- a/src/modules/module_03100.c +++ b/src/modules/module_03100.c @@ -42,6 +42,25 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // AMD-GPU-PRO + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u32 pw_max = 30; // http://www.red-database-security.de/whitepaper/oracle_passwords.html @@ -145,7 +164,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_04110.c b/src/modules/module_04110.c index 0f43d8d81..7aa0bbc8f 100644 --- a/src/modules/module_04110.c +++ b/src/modules/module_04110.c @@ -42,20 +42,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: self-test failure. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - if ((hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) == 1) - { - return true; - } - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -220,6 +206,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_07800.c b/src/modules/module_07800.c index ebf476908..0d79c1256 100644 --- a/src/modules/module_07800.c +++ b/src/modules/module_07800.c @@ -51,20 +51,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: password not found - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - if (user_options->attack_mode == ATTACK_MODE_BF) - { - return true; - } - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -224,6 +210,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_07801.c b/src/modules/module_07801.c index 469bbbc6a..03afc6595 100644 --- a/src/modules/module_07801.c +++ b/src/modules/module_07801.c @@ -51,20 +51,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: password not found - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - if (user_options->attack_mode == ATTACK_MODE_BF) - { - return true; - } - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -224,6 +210,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_07900.c b/src/modules/module_07900.c index 30d5a66b7..7e8821016 100644 --- a/src/modules/module_07900.c +++ b/src/modules/module_07900.c @@ -50,6 +50,31 @@ typedef struct drupal7_tmp static const char *SIGNATURE_DRUPAL7 = "$S$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // AMD-GPU-PRO + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (drupal7_tmp_t); @@ -438,7 +463,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_11600.c b/src/modules/module_11600.c index 6563d2d23..edb374ffd 100644 --- a/src/modules/module_11600.c +++ b/src/modules/module_11600.c @@ -94,6 +94,26 @@ typedef struct seven_zip_hook_salt static const char *SIGNATURE_SEVEN_ZIP = "$7z$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + + void module_hook23 (hc_device_param_t *device_param, const void *hook_salts_buf, const u32 salt_pos, const u64 pw_pos) { seven_zip_hook_t *hook_items = (seven_zip_hook_t *) device_param->hooks_buf; @@ -340,17 +360,6 @@ u32 module_kernel_loops_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_ return kernel_loops_max; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: Segmentation fault - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -744,7 +753,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = module_hook23; module_ctx->module_hook_salt_size = module_hook_salt_size; module_ctx->module_hook_size = module_hook_size; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; @@ -771,6 +780,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_11750.c b/src/modules/module_11750.c index e47c6cafd..8be5c4dbd 100644 --- a/src/modules/module_11750.c +++ b/src/modules/module_11750.c @@ -41,17 +41,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -212,6 +201,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_11760.c b/src/modules/module_11760.c index 115becc19..6af85b12e 100644 --- a/src/modules/module_11760.c +++ b/src/modules/module_11760.c @@ -41,17 +41,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -212,6 +201,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_11850.c b/src/modules/module_11850.c index 6be38b709..5832b0bce 100644 --- a/src/modules/module_11850.c +++ b/src/modules/module_11850.c @@ -41,17 +41,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -236,6 +225,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_11860.c b/src/modules/module_11860.c index bf0fa79b5..e906b095d 100644 --- a/src/modules/module_11860.c +++ b/src/modules/module_11860.c @@ -41,17 +41,6 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -236,6 +225,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_12500.c b/src/modules/module_12500.c index c95b57400..6e5c46635 100644 --- a/src/modules/module_12500.c +++ b/src/modules/module_12500.c @@ -91,17 +91,6 @@ const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, return mask; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-18.50-708488-ubuntu-18.04: self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -258,6 +247,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13800.c b/src/modules/module_13800.c index 5f75c5384..824072b74 100644 --- a/src/modules/module_13800.c +++ b/src/modules/module_13800.c @@ -51,6 +51,25 @@ typedef struct win8phone } win8phone_t; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // AMD-GPU-PRO + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (win8phone_t); @@ -202,7 +221,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_14400.c b/src/modules/module_14400.c index 4a290039e..d34342ece 100644 --- a/src/modules/module_14400.c +++ b/src/modules/module_14400.c @@ -56,17 +56,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: Segmentation fault - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -217,6 +206,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_16000.c b/src/modules/module_16000.c index 9f763f309..793157c3b 100644 --- a/src/modules/module_16000.c +++ b/src/modules/module_16000.c @@ -41,6 +41,17 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + // amdgpu-pro-19.30-934563-ubuntu-18.04: self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + return true; + } + + return false; +} + u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u32 pw_max = 8; // Underlaying DES max @@ -181,6 +192,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = MODULE_DEFAULT; - module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_unstable_warning = module_unstable_warning; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_18200.c b/src/modules/module_18200.c index 576f8c642..005a435c1 100644 --- a/src/modules/module_18200.c +++ b/src/modules/module_18200.c @@ -54,6 +54,25 @@ typedef struct krb5asrep static const char *SIGNATURE_KRB5ASREP = "$krb5asrep$23$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // AMD-GPU-PRO + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (krb5asrep_t); @@ -259,7 +278,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index 4565ff7f1..3c610f5c5 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -64,6 +64,37 @@ typedef struct bitlocker_tmp static const char *SIGNATURE_BITLOCKER = "$bitlocker$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // AMD-GPU-PRO + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (bitlocker_t); @@ -427,7 +458,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; From 193aa77cdf6bfa839b1d0b1c9f23da1dc3c1087c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 15 Feb 2020 16:09:37 +0100 Subject: [PATCH 232/300] Update unroll and unstable configuration for ROCM OpenCL runtime after unroll whitelisting change --- src/modules/module_01460.c | 27 ++++++++++++++++++++++++++- src/modules/module_01700.c | 21 ++++++++++++++++++++- src/modules/module_01720.c | 21 ++++++++++++++++++++- src/modules/module_01722.c | 21 ++++++++++++++++++++- src/modules/module_01800.c | 21 ++++++++++++++++++++- src/modules/module_06800.c | 27 ++++++++++++++++++++++++++- src/modules/module_07400.c | 21 ++++++++++++++++++++- src/modules/module_07401.c | 21 ++++++++++++++++++++- src/modules/module_09600.c | 28 +++++++++++++++++++++++++++- src/modules/module_10800.c | 21 ++++++++++++++++++++- src/modules/module_10900.c | 27 ++++++++++++++++++++++++++- src/modules/module_11300.c | 27 ++++++++++++++++++++++++++- src/modules/module_12200.c | 27 ++++++++++++++++++++++++++- src/modules/module_12800.c | 27 ++++++++++++++++++++++++++- src/modules/module_12900.c | 27 ++++++++++++++++++++++++++- src/modules/module_13000.c | 27 ++++++++++++++++++++++++++- src/modules/module_15000.c | 21 ++++++++++++++++++++- src/modules/module_15600.c | 27 ++++++++++++++++++++++++++- src/modules/module_16200.c | 27 ++++++++++++++++++++++++++- src/modules/module_16300.c | 27 ++++++++++++++++++++++++++- src/modules/module_16900.c | 27 ++++++++++++++++++++++++++- src/modules/module_18300.c | 27 ++++++++++++++++++++++++++- src/modules/module_21000.c | 21 ++++++++++++++++++++- src/modules/module_22200.c | 21 ++++++++++++++++++++- src/modules/module_22400.c | 27 ++++++++++++++++++++++++++- 25 files changed, 591 insertions(+), 25 deletions(-) diff --git a/src/modules/module_01460.c b/src/modules/module_01460.c index 3d73e6a40..9bf1562ab 100644 --- a/src/modules/module_01460.c +++ b/src/modules/module_01460.c @@ -43,6 +43,31 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -194,7 +219,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_01700.c b/src/modules/module_01700.c index 79b5cb8b8..4adc47171 100644 --- a/src/modules/module_01700.c +++ b/src/modules/module_01700.c @@ -48,6 +48,25 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -198,7 +217,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_01720.c b/src/modules/module_01720.c index 622ce62c9..3e771610f 100644 --- a/src/modules/module_01720.c +++ b/src/modules/module_01720.c @@ -48,6 +48,25 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -223,7 +242,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_01722.c b/src/modules/module_01722.c index 9654fe9e0..3a1f57cb4 100644 --- a/src/modules/module_01722.c +++ b/src/modules/module_01722.c @@ -49,6 +49,25 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -200,7 +219,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_01800.c b/src/modules/module_01800.c index 0c7422b53..5d997f5d8 100644 --- a/src/modules/module_01800.c +++ b/src/modules/module_01800.c @@ -414,6 +414,25 @@ static void sha512crypt_encode (const u8 digest[64], u8 buf[86]) buf[85] = int_to_itoa64 (l & 0x3f); //l >>= 6; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (sha512crypt_tmp_t); @@ -548,7 +567,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06800.c b/src/modules/module_06800.c index d478fa439..cc10b9e7e 100644 --- a/src/modules/module_06800.c +++ b/src/modules/module_06800.c @@ -51,6 +51,31 @@ typedef struct lastpass_tmp } lastpass_tmp_t; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (lastpass_tmp_t); @@ -183,7 +208,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_07400.c b/src/modules/module_07400.c index 7dece89ff..425811a6e 100644 --- a/src/modules/module_07400.c +++ b/src/modules/module_07400.c @@ -234,6 +234,25 @@ static void sha256crypt_encode (const u8 digest[32], u8 buf[43]) buf[42] = int_to_itoa64 (l & 0x3f); //l >>= 6; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (sha256crypt_tmp_t); @@ -373,7 +392,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_07401.c b/src/modules/module_07401.c index 022897c71..71ffae0cc 100644 --- a/src/modules/module_07401.c +++ b/src/modules/module_07401.c @@ -235,6 +235,25 @@ static void sha256crypt_encode (const u8 digest[32], u8 buf[43]) buf[42] = int_to_itoa64 (l & 0x3f); //l >>= 6; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (sha256crypt_tmp_t); @@ -418,7 +437,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_09600.c b/src/modules/module_09600.c index 615b59308..948fddf33 100644 --- a/src/modules/module_09600.c +++ b/src/modules/module_09600.c @@ -57,6 +57,32 @@ typedef struct office2013_tmp static const char *SIGNATURE_OFFICE2013 = "$office$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + + u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) { return KERN_RUN_3; @@ -313,7 +339,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_10800.c b/src/modules/module_10800.c index 5580785e9..b10c09996 100644 --- a/src/modules/module_10800.c +++ b/src/modules/module_10800.c @@ -48,6 +48,25 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -195,7 +214,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_10900.c b/src/modules/module_10900.c index 6f94ee4d6..9e629949b 100644 --- a/src/modules/module_10900.c +++ b/src/modules/module_10900.c @@ -61,6 +61,31 @@ typedef struct pbkdf2_sha256_tmp static const char *SIGNATURE_PBKDF2_SHA256 = "sha256"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (pbkdf2_sha256_t); @@ -226,7 +251,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_11300.c b/src/modules/module_11300.c index 6cc442743..5d3a31c88 100644 --- a/src/modules/module_11300.c +++ b/src/modules/module_11300.c @@ -64,6 +64,31 @@ typedef struct bitcoin_wallet_tmp static const char *SIGNATURE_BITCOIN_WALLET = "$bitcoin$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (bitcoin_wallet_t); @@ -278,7 +303,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_12200.c b/src/modules/module_12200.c index 894b20e14..1bc010075 100644 --- a/src/modules/module_12200.c +++ b/src/modules/module_12200.c @@ -51,6 +51,31 @@ typedef struct ecryptfs_tmp static const char *SIGNATURE_ECRYPTFS = "$ecryptfs$"; static const int ROUNDS_ECRYPTFS = 65536; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (ecryptfs_tmp_t); @@ -207,7 +232,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_12800.c b/src/modules/module_12800.c index 4a70a6cd8..2e69cd7fb 100644 --- a/src/modules/module_12800.c +++ b/src/modules/module_12800.c @@ -53,6 +53,31 @@ typedef struct pbkdf2_sha256_tmp static const char *SIGNATURE_MS_DRSR = "v1;PPH1_MD4"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (pbkdf2_sha256_tmp_t); @@ -225,7 +250,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_12900.c b/src/modules/module_12900.c index 9b8502bd5..a9275ac0f 100644 --- a/src/modules/module_12900.c +++ b/src/modules/module_12900.c @@ -53,6 +53,31 @@ typedef struct pbkdf2_sha256_tmp static const int ROUNDS_ANDROIDFDE_SAMSUNG = 4096; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (pbkdf2_sha256_tmp_t); @@ -230,7 +255,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13000.c b/src/modules/module_13000.c index d91f96558..da0e1880c 100644 --- a/src/modules/module_13000.c +++ b/src/modules/module_13000.c @@ -59,6 +59,31 @@ typedef struct rar5 static const char *SIGNATURE_RAR5 = "$rar5$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (rar5_t); @@ -264,7 +289,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_15000.c b/src/modules/module_15000.c index 3e6a6cbdf..ca167be63 100644 --- a/src/modules/module_15000.c +++ b/src/modules/module_15000.c @@ -45,6 +45,25 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u32 module_salt_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u32 salt_min = 64; @@ -226,7 +245,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_15600.c b/src/modules/module_15600.c index f93734893..8f5d65224 100644 --- a/src/modules/module_15600.c +++ b/src/modules/module_15600.c @@ -62,6 +62,31 @@ typedef struct ethereum_pbkdf2 static const char *SIGNATURE_ETHEREUM_PBKDF2 = "$ethereum$p"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (ethereum_pbkdf2_t); @@ -273,7 +298,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_16200.c b/src/modules/module_16200.c index 100c6c7d4..82645d06d 100644 --- a/src/modules/module_16200.c +++ b/src/modules/module_16200.c @@ -62,6 +62,31 @@ typedef struct apple_secure_notes_tmp static const char *SIGNATURE_APPLE_SECURE_NOTES = "$ASN$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (apple_secure_notes_t); @@ -260,7 +285,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_16300.c b/src/modules/module_16300.c index cac770856..03b47be5e 100644 --- a/src/modules/module_16300.c +++ b/src/modules/module_16300.c @@ -63,6 +63,31 @@ typedef struct pbkdf2_sha256_tmp static const char *SIGNATURE_ETHEREUM_PRESALE = "$ethereum$w"; static const int ROUNDS_ETHEREUM_PRESALE = 2000; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (ethereum_presale_t); @@ -273,7 +298,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_16900.c b/src/modules/module_16900.c index d2a122138..301f2032f 100644 --- a/src/modules/module_16900.c +++ b/src/modules/module_16900.c @@ -63,6 +63,31 @@ typedef struct ansible_vault static const char *SIGNATURE_ANSIBLE_VAULT = "$ansible$"; static const int ROUNDS_ANSIBLE_VAULT = 10000; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (ansible_vault_t); @@ -296,7 +321,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_18300.c b/src/modules/module_18300.c index 96a211582..aea70f144 100644 --- a/src/modules/module_18300.c +++ b/src/modules/module_18300.c @@ -62,6 +62,31 @@ typedef struct apple_secure_notes_tmp static const char *SIGNATURE_APFS = "$fvde$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (apple_secure_notes_tmp_t); @@ -270,7 +295,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_21000.c b/src/modules/module_21000.c index 737d3679f..1b0b1b71b 100644 --- a/src/modules/module_21000.c +++ b/src/modules/module_21000.c @@ -48,6 +48,25 @@ u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -198,7 +217,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_22200.c b/src/modules/module_22200.c index d9ba12286..060cdea68 100644 --- a/src/modules/module_22200.c +++ b/src/modules/module_22200.c @@ -48,6 +48,25 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, static const char *SIGNATURE_NETSCALER = "2"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -229,7 +248,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_22400.c b/src/modules/module_22400.c index 53186aeb1..024e9a8cd 100644 --- a/src/modules/module_22400.c +++ b/src/modules/module_22400.c @@ -61,6 +61,31 @@ typedef struct aescrypt_tmp static const char *SIGNATURE_AESCRYPT = "$aescrypt$"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (aescrypt_t); @@ -292,7 +317,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; From f946e321a985b5c4d55087e7335e88615b33a30e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 15 Feb 2020 16:17:05 +0100 Subject: [PATCH 233/300] Update unroll and unstable configuration for NVIDIA CUDA/OpenCL runtime after unroll whitelisting change --- src/modules/module_08000.c | 21 ++++++++++++++++++++- src/modules/module_12400.c | 21 ++++++++++++++++++++- src/modules/module_13751.c | 21 ++++++++++++++++++++- src/modules/module_13752.c | 21 ++++++++++++++++++++- src/modules/module_13753.c | 21 ++++++++++++++++++++- src/modules/module_13761.c | 21 ++++++++++++++++++++- src/modules/module_13762.c | 21 ++++++++++++++++++++- src/modules/module_13763.c | 21 ++++++++++++++++++++- 8 files changed, 160 insertions(+), 8 deletions(-) diff --git a/src/modules/module_08000.c b/src/modules/module_08000.c index d23d400d2..e5b33b331 100644 --- a/src/modules/module_08000.c +++ b/src/modules/module_08000.c @@ -56,6 +56,25 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { // self-test failed @@ -195,7 +214,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_12400.c b/src/modules/module_12400.c index 0152d36d9..9280a2f3f 100644 --- a/src/modules/module_12400.c +++ b/src/modules/module_12400.c @@ -53,6 +53,25 @@ typedef struct bsdicrypt_tmp static const char *SIGNATURE_BSDICRYPT = "_"; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 pw_max = (const u64) sizeof (bsdicrypt_tmp_t); @@ -231,7 +250,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13751.c b/src/modules/module_13751.c index 4fff9a572..8a15dbfa4 100644 --- a/src/modules/module_13751.c +++ b/src/modules/module_13751.c @@ -77,6 +77,25 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { // allocate SGPR spill should have worked.. UNREACHABLE executed at.. @@ -320,7 +339,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13752.c b/src/modules/module_13752.c index 0907e2145..f35812725 100644 --- a/src/modules/module_13752.c +++ b/src/modules/module_13752.c @@ -77,6 +77,25 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { // allocate SGPR spill should have worked.. UNREACHABLE executed at.. @@ -320,7 +339,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13753.c b/src/modules/module_13753.c index eb7fbaed8..54a2a2943 100644 --- a/src/modules/module_13753.c +++ b/src/modules/module_13753.c @@ -77,6 +77,25 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { // allocate SGPR spill should have worked.. UNREACHABLE executed at.. @@ -320,7 +339,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13761.c b/src/modules/module_13761.c index f1beae125..95d419c59 100644 --- a/src/modules/module_13761.c +++ b/src/modules/module_13761.c @@ -77,6 +77,25 @@ typedef struct vc static const int ROUNDS_VERACRYPT_200000 = 200000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { // allocate SGPR spill should have worked.. UNREACHABLE executed at.. @@ -321,7 +340,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13762.c b/src/modules/module_13762.c index 5a442cce1..10639cb78 100644 --- a/src/modules/module_13762.c +++ b/src/modules/module_13762.c @@ -77,6 +77,25 @@ typedef struct vc static const int ROUNDS_VERACRYPT_200000 = 200000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { // allocate SGPR spill should have worked.. UNREACHABLE executed at.. @@ -321,7 +340,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_13763.c b/src/modules/module_13763.c index 5d9d942f9..f28567c39 100644 --- a/src/modules/module_13763.c +++ b/src/modules/module_13763.c @@ -77,6 +77,25 @@ typedef struct vc static const int ROUNDS_VERACRYPT_200000 = 200000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // NVIDIA GPU + if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { // allocate SGPR spill should have worked.. UNREACHABLE executed at.. @@ -321,7 +340,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; From cd3ca53203aa100a826396deedb88943d7589412 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 16 Feb 2020 11:19:56 +0100 Subject: [PATCH 234/300] Update ROCM to use _unroll for mode -m 621x --- src/modules/module_06211.c | 21 ++++++++++++++++++++- src/modules/module_06212.c | 21 ++++++++++++++++++++- src/modules/module_06213.c | 21 ++++++++++++++++++++- 3 files changed, 60 insertions(+), 3 deletions(-) diff --git a/src/modules/module_06211.c b/src/modules/module_06211.c index 57a80bf9e..ef63c4be4 100644 --- a/src/modules/module_06211.c +++ b/src/modules/module_06211.c @@ -70,6 +70,25 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_2K = 2000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -265,7 +284,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06212.c b/src/modules/module_06212.c index 74617ea03..a2f6fc4bf 100644 --- a/src/modules/module_06212.c +++ b/src/modules/module_06212.c @@ -70,6 +70,25 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_2K = 2000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -265,7 +284,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; diff --git a/src/modules/module_06213.c b/src/modules/module_06213.c index 6a04c82fc..0cdbd43c5 100644 --- a/src/modules/module_06213.c +++ b/src/modules/module_06213.c @@ -70,6 +70,25 @@ typedef struct tc static const int ROUNDS_TRUECRYPT_2K = 2000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + bool module_potfile_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const bool potfile_disable = true; @@ -263,7 +282,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; From 2c74a54b72d0b2a3a1c72fe3b64a73ddd8a5b611 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Tue, 18 Feb 2020 10:40:00 +0100 Subject: [PATCH 235/300] update number of supported hash types in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e215a055b..438dd77f3 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ## *hashcat* ## -**hashcat** is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking. +**hashcat** is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking. ### License ### From 995742219107dc9703db030835ea811d4554c497 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 19 Feb 2020 10:35:44 +0100 Subject: [PATCH 236/300] Add tokenizer option TOKEN_ATTR_SEPARATOR_FARTHEST as an option to deal with hash formats where separator character could be part of the salt data itself and at the same time does not allow escape character logic to be applied. This can only work if it is guaranteed by the design of the hash format that the separator character does not occur after the position of the separator character. --- include/shared.h | 3 +++ include/types.h | 21 +++++++++++---------- src/modules/module_02100.c | 3 ++- src/shared.c | 31 ++++++++++++++++++++++++++++++- 4 files changed, 46 insertions(+), 12 deletions(-) diff --git a/include/shared.h b/include/shared.h index 203a85244..96604c730 100644 --- a/include/shared.h +++ b/include/shared.h @@ -79,6 +79,9 @@ u64 round_up_multiple_64 (const u64 v, const u64 m); void hc_strncat (u8 *dst, const u8 *src, const size_t n); +const u8 *hc_strchr_next (const u8 *input_buf, const int input_len, const u8 separator); +const u8 *hc_strchr_last (const u8 *input_buf, const int input_len, const u8 separator); + int count_char (const u8 *buf, const int len, const u8 c); float get_entropy (const u8 *buf, const int len); diff --git a/include/types.h b/include/types.h index dfccc083a..9f329ad0d 100644 --- a/include/types.h +++ b/include/types.h @@ -770,16 +770,17 @@ typedef enum user_options_map typedef enum token_attr { - TOKEN_ATTR_FIXED_LENGTH = 1 << 0, - TOKEN_ATTR_OPTIONAL_ROUNDS = 1 << 1, - TOKEN_ATTR_VERIFY_SIGNATURE = 1 << 2, - TOKEN_ATTR_VERIFY_LENGTH = 1 << 3, - TOKEN_ATTR_VERIFY_DIGIT = 1 << 4, - TOKEN_ATTR_VERIFY_FLOAT = 1 << 5, - TOKEN_ATTR_VERIFY_HEX = 1 << 6, - TOKEN_ATTR_VERIFY_BASE64A = 1 << 7, - TOKEN_ATTR_VERIFY_BASE64B = 1 << 8, - TOKEN_ATTR_VERIFY_BASE64C = 1 << 9 + TOKEN_ATTR_FIXED_LENGTH = 1 << 0, + TOKEN_ATTR_SEPARATOR_FARTHEST = 1 << 1, + TOKEN_ATTR_OPTIONAL_ROUNDS = 1 << 2, + TOKEN_ATTR_VERIFY_SIGNATURE = 1 << 3, + TOKEN_ATTR_VERIFY_LENGTH = 1 << 4, + TOKEN_ATTR_VERIFY_DIGIT = 1 << 5, + TOKEN_ATTR_VERIFY_FLOAT = 1 << 6, + TOKEN_ATTR_VERIFY_HEX = 1 << 7, + TOKEN_ATTR_VERIFY_BASE64A = 1 << 8, + TOKEN_ATTR_VERIFY_BASE64B = 1 << 9, + TOKEN_ATTR_VERIFY_BASE64C = 1 << 10, } token_attr_t; diff --git a/src/modules/module_02100.c b/src/modules/module_02100.c index a7ef91744..f2735b482 100644 --- a/src/modules/module_02100.c +++ b/src/modules/module_02100.c @@ -95,7 +95,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.len_min[2] = SALT_MIN; token.len_max[2] = SALT_MAX; token.sep[2] = '#'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_SEPARATOR_FARTHEST; token.len_min[3] = 32; token.len_max[3] = 32; diff --git a/src/shared.c b/src/shared.c index 0cb1323d3..05387f5e6 100644 --- a/src/shared.c +++ b/src/shared.c @@ -1028,6 +1028,26 @@ static int rounds_count_length (const char *input_buf, const int input_len) return -1; } +const u8 *hc_strchr_next (const u8 *input_buf, const int input_len, const u8 separator) +{ + for (int i = 0; i < input_len; i++) + { + if (input_buf[i] == separator) return &input_buf[i]; + } + + return NULL; +} + +const u8 *hc_strchr_last (const u8 *input_buf, const int input_len, const u8 separator) +{ + for (int i = input_len - 1; i >= 0; i--) + { + if (input_buf[i] == separator) return &input_buf[i]; + } + + return NULL; +} + int input_tokenizer (const u8 *input_buf, const int input_len, token_t *token) { int len_left = input_len; @@ -1066,7 +1086,16 @@ int input_tokenizer (const u8 *input_buf, const int input_len, token_t *token) } } - const u8 *next_pos = (const u8 *) strchr ((const char *) token->buf[token_idx], token->sep[token_idx]); + const u8 *next_pos = NULL; + + if (token->attr[token_idx] & TOKEN_ATTR_SEPARATOR_FARTHEST) + { + next_pos = hc_strchr_last (token->buf[token_idx], len_left, token->sep[token_idx]); + } + else + { + next_pos = hc_strchr_next (token->buf[token_idx], len_left, token->sep[token_idx]); + } if (next_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); From 189bbb26610f061293b4ba2614c381f66e6bf1e8 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 19 Feb 2020 18:50:50 +0100 Subject: [PATCH 237/300] Fixed buffer overflow in mp_add_cs_buf() function --- docs/changes.txt | 1 + src/mpsp.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/docs/changes.txt b/docs/changes.txt index 96f832fdc..03fdd6679 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -73,6 +73,7 @@ ## - Fixed buffer overflow in build_plain() function +- Fixed buffer overflow in mp_add_cs_buf() function - Fixed copy/paste error leading to invalid "Integer overflow detected in keyspace of mask" in attack-mode 6 and 7 - Fixed cracking multiple Office hashes (modes 9500, 9600) with the same salt - Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes with unexpected decrypted data diff --git a/src/mpsp.c b/src/mpsp.c index f3a7fc344..2ab211833 100644 --- a/src/mpsp.c +++ b/src/mpsp.c @@ -217,6 +217,13 @@ static int mp_add_cs_buf (hashcat_ctx_t *hashcat_ctx, const u32 *in_buf, size_t { const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; + if (css_cnt == 256) + { + event_log_error (hashcat_ctx, "Invalid mask length."); + + return -1; + } + cs_t *cs = &css[css_cnt]; size_t css_uniq_sz = CHARSIZ * sizeof (u32); From 1449e239c2e2eb00e911c1b241f5492805f17934 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 20 Feb 2020 11:01:56 +0100 Subject: [PATCH 238/300] Optimize some -m 780x code in kernels --- OpenCL/m07800_a0-optimized.cl | 124 ++++++++++++++++++---------------- OpenCL/m07800_a1-optimized.cl | 124 ++++++++++++++++++---------------- OpenCL/m07800_a3-optimized.cl | 124 ++++++++++++++++++---------------- OpenCL/m07801_a0-optimized.cl | 124 ++++++++++++++++++---------------- OpenCL/m07801_a1-optimized.cl | 124 ++++++++++++++++++---------------- OpenCL/m07801_a3-optimized.cl | 124 ++++++++++++++++++---------------- 6 files changed, 396 insertions(+), 348 deletions(-) diff --git a/OpenCL/m07800_a0-optimized.cl b/OpenCL/m07800_a0-optimized.cl index 4d86b2858..7dab142cb 100644 --- a/OpenCL/m07800_a0-optimized.cl +++ b/OpenCL/m07800_a0-optimized.cl @@ -191,33 +191,33 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_RULES ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -278,17 +278,21 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_RULES ()) // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_M_SIMD (digest[3], digest[4], digest[2], digest[1]); } @@ -451,33 +455,33 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_RULES ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -538,17 +542,21 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_RULES ()) // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_S_SIMD (digest[3], digest[4], digest[2], digest[1]); } diff --git a/OpenCL/m07800_a1-optimized.cl b/OpenCL/m07800_a1-optimized.cl index cc552143f..0ce766c16 100644 --- a/OpenCL/m07800_a1-optimized.cl +++ b/OpenCL/m07800_a1-optimized.cl @@ -249,33 +249,33 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -336,17 +336,21 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_M_SIMD (digest[3], digest[4], digest[2], digest[1]); } @@ -569,33 +573,33 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -656,17 +660,21 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_S_SIMD (digest[3], digest[4], digest[2], digest[1]); } diff --git a/OpenCL/m07800_a3-optimized.cl b/OpenCL/m07800_a3-optimized.cl index de22475f0..4ee34d3dc 100644 --- a/OpenCL/m07800_a3-optimized.cl +++ b/OpenCL/m07800_a3-optimized.cl @@ -165,33 +165,33 @@ DECLSPEC void m07800m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -252,17 +252,21 @@ DECLSPEC void m07800m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_M_SIMD (digest[3], digest[4], digest[2], digest[1]); } @@ -393,33 +397,33 @@ DECLSPEC void m07800s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -480,17 +484,21 @@ DECLSPEC void m07800s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_S_SIMD (digest[3], digest[4], digest[2], digest[1]); } diff --git a/OpenCL/m07801_a0-optimized.cl b/OpenCL/m07801_a0-optimized.cl index aeb9b95d0..13059adfe 100644 --- a/OpenCL/m07801_a0-optimized.cl +++ b/OpenCL/m07801_a0-optimized.cl @@ -191,33 +191,33 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_RULES ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -278,17 +278,21 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_RULES ()) // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_M_SIMD (0, 0, digest[2] & 0xffff0000, digest[1]); } @@ -451,33 +455,33 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_RULES ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -538,17 +542,21 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_RULES ()) // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_S_SIMD (0, 0, digest[2] & 0xffff0000, digest[1]); } diff --git a/OpenCL/m07801_a1-optimized.cl b/OpenCL/m07801_a1-optimized.cl index 8d055619c..ef836a019 100644 --- a/OpenCL/m07801_a1-optimized.cl +++ b/OpenCL/m07801_a1-optimized.cl @@ -249,33 +249,33 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -336,17 +336,21 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_M_SIMD (0, 0, digest[2] & 0xffff0000, digest[1]); } @@ -569,33 +573,33 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -656,17 +660,21 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_S_SIMD (0, 0, digest[2] & 0xffff0000, digest[1]); } diff --git a/OpenCL/m07801_a3-optimized.cl b/OpenCL/m07801_a3-optimized.cl index 7de9f2a11..59bc222cd 100644 --- a/OpenCL/m07801_a3-optimized.cl +++ b/OpenCL/m07801_a3-optimized.cl @@ -165,33 +165,33 @@ DECLSPEC void m07801m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -252,17 +252,21 @@ DECLSPEC void m07801m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_M_SIMD (0, 0, digest[2] & 0xffff0000, digest[1]); } @@ -393,33 +397,33 @@ DECLSPEC void m07801s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform (&final[0], &final[4], &final[8], &final[12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); // prepare magic array range u32 lengthMagicArray = 0x20; u32 offsetMagicArray = 0; - lengthMagicArray += ((digest[0] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[0] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 16) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 8) & 0xff) % 6; - lengthMagicArray += ((digest[1] >> 0) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 24) & 0xff) % 6; - lengthMagicArray += ((digest[2] >> 16) & 0xff) % 6; - offsetMagicArray += ((digest[2] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[2] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[3] >> 0) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 24) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 16) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 8) & 0xff) % 8; - offsetMagicArray += ((digest[4] >> 0) & 0xff) % 8; + lengthMagicArray += unpack_v8d_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[0]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8b_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8a_from_v32_S (digest[1]) % 6; + lengthMagicArray += unpack_v8d_from_v32_S (digest[2]) % 6; + lengthMagicArray += unpack_v8c_from_v32_S (digest[2]) % 6; + offsetMagicArray += unpack_v8b_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[2]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[3]) & 7; + offsetMagicArray += unpack_v8d_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8c_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8b_from_v32_S (digest[4]) & 7; + offsetMagicArray += unpack_v8a_from_v32_S (digest[4]) & 7; // final @@ -480,17 +484,21 @@ DECLSPEC void m07801s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER // calculate - int left; - int off; - - for (left = final_len, off = 0; left >= 56; left -= 64, off += 16) + if (final_len >= 56) { - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + final[30] = 0; + final[31] = final_len * 8; + + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + sha1_transform (final + 16, final + 20, final + 24, final + 28, digest); } + else + { + final[14] = 0; + final[15] = final_len * 8; - final[off + 15] = final_len * 8; - - sha1_transform (&final[off + 0], &final[off + 4], &final[off + 8], &final[off + 12], digest); + sha1_transform (final + 0, final + 4, final + 8, final + 12, digest); + } COMPARE_S_SIMD (0, 0, digest[2] & 0xffff0000, digest[1]); } From b1bb47c1ae2bc61cf992fc00515670effe09a9ba Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 20 Feb 2020 13:52:12 +0100 Subject: [PATCH 239/300] Precompute some constants to improve performance of -m 780x SAP kernels --- OpenCL/m07800_a0-optimized.cl | 472 ++++++++++++++++++++++----------- OpenCL/m07800_a1-optimized.cl | 480 +++++++++++++++++++++++----------- OpenCL/m07800_a3-optimized.cl | 426 ++++++++++++++++++++++-------- OpenCL/m07801_a0-optimized.cl | 472 ++++++++++++++++++++++----------- OpenCL/m07801_a1-optimized.cl | 480 +++++++++++++++++++++++----------- OpenCL/m07801_a3-optimized.cl | 426 ++++++++++++++++++++++-------- 6 files changed, 1930 insertions(+), 826 deletions(-) diff --git a/OpenCL/m07800_a0-optimized.cl b/OpenCL/m07800_a0-optimized.cl index 7dab142cb..92f46097c 100644 --- a/OpenCL/m07800_a0-optimized.cl +++ b/OpenCL/m07800_a0-optimized.cl @@ -17,30 +17,90 @@ #include "inc_hash_sha1.cl" #endif -CONSTANT_VK u32a theMagicArray[64] = +CONSTANT_VK u32a theMagicArray[80][16] = { - 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, - 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, - 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, - 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, - 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f, 0x37af944c, 0x29085282, 0xb23b4e37, 0x9f170791, 0x113bfdcd, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, + { 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194 }, + { 0xac51149f, 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f }, + { 0x51149f67, 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b }, + { 0x149f6754, 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1 }, + { 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b }, + { 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06 }, + { 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605 }, + { 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d }, + { 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03 }, + { 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d }, + { 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e }, + { 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13 }, + { 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a }, + { 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e }, + { 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a }, + { 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a }, + { 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8 }, + { 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9 }, + { 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c }, + { 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14 }, + { 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417 }, + { 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758 }, + { 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7 }, + { 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a }, + { 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6 }, + { 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1 }, + { 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199 }, + { 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963 }, + { 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a }, + { 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7 }, + { 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd }, + { 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70 }, + { 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3 }, + { 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6 }, + { 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e }, + { 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74 }, + { 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413 }, + { 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303 }, + { 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9 }, + { 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b }, + { 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04 }, + { 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426 }, + { 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698 }, + { 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7 }, + { 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726 }, + { 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a }, + { 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92 }, + { 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293 }, + { 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325 }, + { 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0 }, + { 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2 }, + { 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d }, + { 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23 }, + { 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed }, + { 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63 }, + { 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379 }, + { 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d }, + { 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13 }, + { 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332 }, + { 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa }, + { 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c }, + { 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35 }, + { 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502 }, + { 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a }, + { 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3 }, + { 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3 }, + { 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd }, + { 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e }, + { 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a }, + { 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24 }, + { 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf }, + { 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51 }, + { 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3 }, + { 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c }, + { 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd }, + { 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55 }, + { 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f }, + { 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c, 0xcd559f37 }, + { 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd, 0x559f37af }, + { 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55, 0x9f37af94 }, }; -DECLSPEC u32 GETSHIFTEDINT_CONST (CONSTANT_AS u32a *a, const int n) -{ - const int d = n / 4; - const int m = n & 3; - - u64 tmp = hl32_to_64_S (a[d + 0], a[d + 1]); - - tmp <<= m * 8; - - return h32_from_64_S (tmp); -} - DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) { const int d = n / 4; @@ -56,20 +116,52 @@ DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) KERNEL_FQ void m07800_m04 (KERN_ATTR_RULES ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif + + if (gid >= gid_max) return; + /** * modifier */ - const u64 lid = get_local_id (0); - - /** - * base - */ - - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - u32 pw_buf0[4]; u32 pw_buf1[4]; @@ -90,14 +182,14 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_RULES ()) u32 salt_buf[8]; - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[2] = salt_bufs[salt_pos].salt_buf[2]; - salt_buf[3] = salt_bufs[salt_pos].salt_buf[3]; - salt_buf[4] = salt_bufs[salt_pos].salt_buf[4]; - salt_buf[5] = salt_bufs[salt_pos].salt_buf[5]; - salt_buf[6] = salt_bufs[salt_pos].salt_buf[6]; - salt_buf[7] = salt_bufs[salt_pos].salt_buf[7]; + salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); + salt_buf[3] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[3]); + salt_buf[4] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[4]); + salt_buf[5] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[5]); + salt_buf[6] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[6]); + salt_buf[7] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[7]); const u32 salt_len = salt_bufs[salt_pos].salt_len; @@ -114,6 +206,15 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_RULES ()) const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + /** * SAP */ @@ -140,7 +241,7 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_RULES ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len); + switch_buffer_by_offset_be_S (s0, s1, s2, s3, out_len); const u32x pw_salt_len = out_len + salt_len; @@ -150,20 +251,20 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_RULES ()) u32 final[32]; - final[ 0] = hc_swap32_S (w0[0] | s0[0]); - final[ 1] = hc_swap32_S (w0[1] | s0[1]); - final[ 2] = hc_swap32_S (w0[2] | s0[2]); - final[ 3] = hc_swap32_S (w0[3] | s0[3]); - final[ 4] = hc_swap32_S (w1[0] | s1[0]); - final[ 5] = hc_swap32_S (w1[1] | s1[1]); - final[ 6] = hc_swap32_S (w1[2] | s1[2]); - final[ 7] = hc_swap32_S (w1[3] | s1[3]); - final[ 8] = hc_swap32_S (w2[0] | s2[0]); - final[ 9] = hc_swap32_S (w2[1] | s2[1]); - final[10] = hc_swap32_S (w2[2] | s2[2]); - final[11] = hc_swap32_S (w2[3] | s2[3]); - final[12] = hc_swap32_S (w3[0] | s3[0]); - final[13] = hc_swap32_S (w3[1] | s3[1]); + final[ 0] = w0[0] | s0[0]; + final[ 1] = w0[1] | s0[1]; + final[ 2] = w0[2] | s0[2]; + final[ 3] = w0[3] | s0[3]; + final[ 4] = w1[0] | s1[0]; + final[ 5] = w1[1] | s1[1]; + final[ 6] = w1[2] | s1[2]; + final[ 7] = w1[3] | s1[3]; + final[ 8] = w2[0] | s2[0]; + final[ 9] = w2[1] | s2[1]; + final[10] = w2[2] | s2[2]; + final[11] = w2[3] | s2[3]; + final[12] = w3[0] | s3[0]; + final[13] = w3[1] | s3[1]; final[14] = 0; final[15] = pw_salt_len * 8; final[16] = 0; @@ -227,49 +328,61 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_RULES ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = hc_swap32_S (w0[0]); - final[ 1] = hc_swap32_S (w0[1]); - final[ 2] = hc_swap32_S (w0[2]); - final[ 3] = hc_swap32_S (w0[3]); - final[ 4] = hc_swap32_S (w1[0]); - final[ 5] = hc_swap32_S (w1[1]); - final[ 6] = hc_swap32_S (w1[2]); - final[ 7] = hc_swap32_S (w1[3]); - final[ 8] = 0; - final[ 9] = 0; - final[10] = 0; - final[11] = 0; - final[12] = 0; - final[13] = 0; - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, out_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = out_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { - const u32 tmp = hc_swap32_S (salt_buf[i / 4]); // attention, int[] not char[] + const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] SETSHIFTEDINT (final, final_len + i, tmp); } @@ -308,20 +421,52 @@ KERNEL_FQ void m07800_m16 (KERN_ATTR_RULES ()) KERNEL_FQ void m07800_s04 (KERN_ATTR_RULES ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif + + if (gid >= gid_max) return; + /** * modifier */ - const u64 lid = get_local_id (0); - - /** - * base - */ - - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - u32 pw_buf0[4]; u32 pw_buf1[4]; @@ -342,14 +487,14 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_RULES ()) u32 salt_buf[8]; - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[2] = salt_bufs[salt_pos].salt_buf[2]; - salt_buf[3] = salt_bufs[salt_pos].salt_buf[3]; - salt_buf[4] = salt_bufs[salt_pos].salt_buf[4]; - salt_buf[5] = salt_bufs[salt_pos].salt_buf[5]; - salt_buf[6] = salt_bufs[salt_pos].salt_buf[6]; - salt_buf[7] = salt_bufs[salt_pos].salt_buf[7]; + salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); + salt_buf[3] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[3]); + salt_buf[4] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[4]); + salt_buf[5] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[5]); + salt_buf[6] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[6]); + salt_buf[7] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[7]); const u32 salt_len = salt_bufs[salt_pos].salt_len; @@ -378,6 +523,15 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_RULES ()) const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + /** * SAP */ @@ -404,7 +558,7 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_RULES ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len); + switch_buffer_by_offset_be_S (s0, s1, s2, s3, out_len); const u32x pw_salt_len = out_len + salt_len; @@ -414,20 +568,20 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_RULES ()) u32 final[32]; - final[ 0] = hc_swap32_S (w0[0] | s0[0]); - final[ 1] = hc_swap32_S (w0[1] | s0[1]); - final[ 2] = hc_swap32_S (w0[2] | s0[2]); - final[ 3] = hc_swap32_S (w0[3] | s0[3]); - final[ 4] = hc_swap32_S (w1[0] | s1[0]); - final[ 5] = hc_swap32_S (w1[1] | s1[1]); - final[ 6] = hc_swap32_S (w1[2] | s1[2]); - final[ 7] = hc_swap32_S (w1[3] | s1[3]); - final[ 8] = hc_swap32_S (w2[0] | s2[0]); - final[ 9] = hc_swap32_S (w2[1] | s2[1]); - final[10] = hc_swap32_S (w2[2] | s2[2]); - final[11] = hc_swap32_S (w2[3] | s2[3]); - final[12] = hc_swap32_S (w3[0] | s3[0]); - final[13] = hc_swap32_S (w3[1] | s3[1]); + final[ 0] = w0[0] | s0[0]; + final[ 1] = w0[1] | s0[1]; + final[ 2] = w0[2] | s0[2]; + final[ 3] = w0[3] | s0[3]; + final[ 4] = w1[0] | s1[0]; + final[ 5] = w1[1] | s1[1]; + final[ 6] = w1[2] | s1[2]; + final[ 7] = w1[3] | s1[3]; + final[ 8] = w2[0] | s2[0]; + final[ 9] = w2[1] | s2[1]; + final[10] = w2[2] | s2[2]; + final[11] = w2[3] | s2[3]; + final[12] = w3[0] | s3[0]; + final[13] = w3[1] | s3[1]; final[14] = 0; final[15] = pw_salt_len * 8; final[16] = 0; @@ -491,49 +645,61 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_RULES ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = hc_swap32_S (w0[0]); - final[ 1] = hc_swap32_S (w0[1]); - final[ 2] = hc_swap32_S (w0[2]); - final[ 3] = hc_swap32_S (w0[3]); - final[ 4] = hc_swap32_S (w1[0]); - final[ 5] = hc_swap32_S (w1[1]); - final[ 6] = hc_swap32_S (w1[2]); - final[ 7] = hc_swap32_S (w1[3]); - final[ 8] = 0; - final[ 9] = 0; - final[10] = 0; - final[11] = 0; - final[12] = 0; - final[13] = 0; - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, out_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = out_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { - const u32 tmp = hc_swap32_S (salt_buf[i / 4]); // attention, int[] not char[] + const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] SETSHIFTEDINT (final, final_len + i, tmp); } diff --git a/OpenCL/m07800_a1-optimized.cl b/OpenCL/m07800_a1-optimized.cl index 0ce766c16..1449476e8 100644 --- a/OpenCL/m07800_a1-optimized.cl +++ b/OpenCL/m07800_a1-optimized.cl @@ -15,30 +15,90 @@ #include "inc_hash_sha1.cl" #endif -CONSTANT_VK u32a theMagicArray[64] = +CONSTANT_VK u32a theMagicArray[80][16] = { - 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, - 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, - 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, - 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, - 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f, 0x37af944c, 0x29085282, 0xb23b4e37, 0x9f170791, 0x113bfdcd, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, + { 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194 }, + { 0xac51149f, 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f }, + { 0x51149f67, 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b }, + { 0x149f6754, 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1 }, + { 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b }, + { 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06 }, + { 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605 }, + { 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d }, + { 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03 }, + { 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d }, + { 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e }, + { 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13 }, + { 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a }, + { 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e }, + { 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a }, + { 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a }, + { 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8 }, + { 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9 }, + { 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c }, + { 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14 }, + { 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417 }, + { 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758 }, + { 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7 }, + { 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a }, + { 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6 }, + { 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1 }, + { 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199 }, + { 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963 }, + { 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a }, + { 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7 }, + { 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd }, + { 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70 }, + { 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3 }, + { 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6 }, + { 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e }, + { 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74 }, + { 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413 }, + { 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303 }, + { 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9 }, + { 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b }, + { 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04 }, + { 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426 }, + { 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698 }, + { 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7 }, + { 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726 }, + { 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a }, + { 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92 }, + { 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293 }, + { 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325 }, + { 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0 }, + { 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2 }, + { 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d }, + { 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23 }, + { 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed }, + { 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63 }, + { 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379 }, + { 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d }, + { 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13 }, + { 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332 }, + { 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa }, + { 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c }, + { 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35 }, + { 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502 }, + { 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a }, + { 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3 }, + { 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3 }, + { 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd }, + { 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e }, + { 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a }, + { 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24 }, + { 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf }, + { 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51 }, + { 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3 }, + { 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c }, + { 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd }, + { 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55 }, + { 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f }, + { 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c, 0xcd559f37 }, + { 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd, 0x559f37af }, + { 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55, 0x9f37af94 }, }; -DECLSPEC u32 GETSHIFTEDINT_CONST (CONSTANT_AS u32a *a, const int n) -{ - const int d = n / 4; - const int m = n & 3; - - u64 tmp = hl32_to_64_S (a[d + 0], a[d + 1]); - - tmp <<= m * 8; - - return h32_from_64_S (tmp); -} - DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) { const int d = n / 4; @@ -54,17 +114,45 @@ DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) { - /** - * modifier - */ - - const u64 lid = get_local_id (0); - - /** - * base - */ - const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -88,14 +176,14 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) u32 salt_buf[8]; - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[2] = salt_bufs[salt_pos].salt_buf[2]; - salt_buf[3] = salt_bufs[salt_pos].salt_buf[3]; - salt_buf[4] = salt_bufs[salt_pos].salt_buf[4]; - salt_buf[5] = salt_bufs[salt_pos].salt_buf[5]; - salt_buf[6] = salt_bufs[salt_pos].salt_buf[6]; - salt_buf[7] = salt_bufs[salt_pos].salt_buf[7]; + salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); + salt_buf[3] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[3]); + salt_buf[4] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[4]); + salt_buf[5] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[5]); + salt_buf[6] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[6]); + salt_buf[7] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[7]); const u32 salt_len = salt_bufs[salt_pos].salt_len; @@ -172,6 +260,23 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) w3[2] = wordl3[2] | wordr3[2]; w3[3] = wordl3[3] | wordr3[3]; + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + w2[0] = hc_swap32_S (w2[0]); + w2[1] = hc_swap32_S (w2[1]); + w2[2] = hc_swap32_S (w2[2]); + w2[3] = hc_swap32_S (w2[3]); + w3[0] = hc_swap32_S (w3[0]); + w3[1] = hc_swap32_S (w3[1]); + w3[2] = hc_swap32_S (w3[2]); + w3[3] = hc_swap32_S (w3[3]); + /** * SAP */ @@ -198,7 +303,7 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len); + switch_buffer_by_offset_be_S (s0, s1, s2, s3, pw_len); const u32x pw_salt_len = pw_len + salt_len; @@ -208,20 +313,20 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) u32 final[32]; - final[ 0] = hc_swap32_S (w0[0] | s0[0]); - final[ 1] = hc_swap32_S (w0[1] | s0[1]); - final[ 2] = hc_swap32_S (w0[2] | s0[2]); - final[ 3] = hc_swap32_S (w0[3] | s0[3]); - final[ 4] = hc_swap32_S (w1[0] | s1[0]); - final[ 5] = hc_swap32_S (w1[1] | s1[1]); - final[ 6] = hc_swap32_S (w1[2] | s1[2]); - final[ 7] = hc_swap32_S (w1[3] | s1[3]); - final[ 8] = hc_swap32_S (w2[0] | s2[0]); - final[ 9] = hc_swap32_S (w2[1] | s2[1]); - final[10] = hc_swap32_S (w2[2] | s2[2]); - final[11] = hc_swap32_S (w2[3] | s2[3]); - final[12] = hc_swap32_S (w3[0] | s3[0]); - final[13] = hc_swap32_S (w3[1] | s3[1]); + final[ 0] = w0[0] | s0[0]; + final[ 1] = w0[1] | s0[1]; + final[ 2] = w0[2] | s0[2]; + final[ 3] = w0[3] | s0[3]; + final[ 4] = w1[0] | s1[0]; + final[ 5] = w1[1] | s1[1]; + final[ 6] = w1[2] | s1[2]; + final[ 7] = w1[3] | s1[3]; + final[ 8] = w2[0] | s2[0]; + final[ 9] = w2[1] | s2[1]; + final[10] = w2[2] | s2[2]; + final[11] = w2[3] | s2[3]; + final[12] = w3[0] | s3[0]; + final[13] = w3[1] | s3[1]; final[14] = 0; final[15] = pw_salt_len * 8; final[16] = 0; @@ -285,49 +390,61 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = hc_swap32_S (w0[0]); - final[ 1] = hc_swap32_S (w0[1]); - final[ 2] = hc_swap32_S (w0[2]); - final[ 3] = hc_swap32_S (w0[3]); - final[ 4] = hc_swap32_S (w1[0]); - final[ 5] = hc_swap32_S (w1[1]); - final[ 6] = hc_swap32_S (w1[2]); - final[ 7] = hc_swap32_S (w1[3]); - final[ 8] = hc_swap32_S (w2[0]); - final[ 9] = hc_swap32_S (w2[1]); - final[10] = hc_swap32_S (w2[2]); - final[11] = hc_swap32_S (w2[3]); - final[12] = hc_swap32_S (w3[0]); - final[13] = hc_swap32_S (w3[1]); - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, pw_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = pw_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { - const u32 tmp = hc_swap32_S (salt_buf[i / 4]); // attention, int[] not char[] + const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] SETSHIFTEDINT (final, final_len + i, tmp); } @@ -366,17 +483,45 @@ KERNEL_FQ void m07800_m16 (KERN_ATTR_BASIC ()) KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) { - /** - * modifier - */ - - const u64 lid = get_local_id (0); - - /** - * base - */ - const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -400,14 +545,14 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) u32 salt_buf[8]; - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[2] = salt_bufs[salt_pos].salt_buf[2]; - salt_buf[3] = salt_bufs[salt_pos].salt_buf[3]; - salt_buf[4] = salt_bufs[salt_pos].salt_buf[4]; - salt_buf[5] = salt_bufs[salt_pos].salt_buf[5]; - salt_buf[6] = salt_bufs[salt_pos].salt_buf[6]; - salt_buf[7] = salt_bufs[salt_pos].salt_buf[7]; + salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); + salt_buf[3] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[3]); + salt_buf[4] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[4]); + salt_buf[5] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[5]); + salt_buf[6] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[6]); + salt_buf[7] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[7]); const u32 salt_len = salt_bufs[salt_pos].salt_len; @@ -496,6 +641,23 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) w3[2] = wordl3[2] | wordr3[2]; w3[3] = wordl3[3] | wordr3[3]; + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + w2[0] = hc_swap32_S (w2[0]); + w2[1] = hc_swap32_S (w2[1]); + w2[2] = hc_swap32_S (w2[2]); + w2[3] = hc_swap32_S (w2[3]); + w3[0] = hc_swap32_S (w3[0]); + w3[1] = hc_swap32_S (w3[1]); + w3[2] = hc_swap32_S (w3[2]); + w3[3] = hc_swap32_S (w3[3]); + /** * SAP */ @@ -522,7 +684,7 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len); + switch_buffer_by_offset_be_S (s0, s1, s2, s3, pw_len); const u32x pw_salt_len = pw_len + salt_len; @@ -532,20 +694,20 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) u32 final[32]; - final[ 0] = hc_swap32_S (w0[0] | s0[0]); - final[ 1] = hc_swap32_S (w0[1] | s0[1]); - final[ 2] = hc_swap32_S (w0[2] | s0[2]); - final[ 3] = hc_swap32_S (w0[3] | s0[3]); - final[ 4] = hc_swap32_S (w1[0] | s1[0]); - final[ 5] = hc_swap32_S (w1[1] | s1[1]); - final[ 6] = hc_swap32_S (w1[2] | s1[2]); - final[ 7] = hc_swap32_S (w1[3] | s1[3]); - final[ 8] = hc_swap32_S (w2[0] | s2[0]); - final[ 9] = hc_swap32_S (w2[1] | s2[1]); - final[10] = hc_swap32_S (w2[2] | s2[2]); - final[11] = hc_swap32_S (w2[3] | s2[3]); - final[12] = hc_swap32_S (w3[0] | s3[0]); - final[13] = hc_swap32_S (w3[1] | s3[1]); + final[ 0] = w0[0] | s0[0]; + final[ 1] = w0[1] | s0[1]; + final[ 2] = w0[2] | s0[2]; + final[ 3] = w0[3] | s0[3]; + final[ 4] = w1[0] | s1[0]; + final[ 5] = w1[1] | s1[1]; + final[ 6] = w1[2] | s1[2]; + final[ 7] = w1[3] | s1[3]; + final[ 8] = w2[0] | s2[0]; + final[ 9] = w2[1] | s2[1]; + final[10] = w2[2] | s2[2]; + final[11] = w2[3] | s2[3]; + final[12] = w3[0] | s3[0]; + final[13] = w3[1] | s3[1]; final[14] = 0; final[15] = pw_salt_len * 8; final[16] = 0; @@ -609,49 +771,61 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = hc_swap32_S (w0[0]); - final[ 1] = hc_swap32_S (w0[1]); - final[ 2] = hc_swap32_S (w0[2]); - final[ 3] = hc_swap32_S (w0[3]); - final[ 4] = hc_swap32_S (w1[0]); - final[ 5] = hc_swap32_S (w1[1]); - final[ 6] = hc_swap32_S (w1[2]); - final[ 7] = hc_swap32_S (w1[3]); - final[ 8] = hc_swap32_S (w2[0]); - final[ 9] = hc_swap32_S (w2[1]); - final[10] = hc_swap32_S (w2[2]); - final[11] = hc_swap32_S (w2[3]); - final[12] = hc_swap32_S (w3[0]); - final[13] = hc_swap32_S (w3[1]); - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, pw_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = pw_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { - const u32 tmp = hc_swap32_S (salt_buf[i / 4]); // attention, int[] not char[] + const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] SETSHIFTEDINT (final, final_len + i, tmp); } diff --git a/OpenCL/m07800_a3-optimized.cl b/OpenCL/m07800_a3-optimized.cl index 4ee34d3dc..fd58ed661 100644 --- a/OpenCL/m07800_a3-optimized.cl +++ b/OpenCL/m07800_a3-optimized.cl @@ -15,30 +15,90 @@ #include "inc_hash_sha1.cl" #endif -CONSTANT_VK u32a theMagicArray[64] = +CONSTANT_VK u32a theMagicArray[80][16] = { - 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, - 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, - 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, - 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, - 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f, 0x37af944c, 0x29085282, 0xb23b4e37, 0x9f170791, 0x113bfdcd, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, + { 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194 }, + { 0xac51149f, 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f }, + { 0x51149f67, 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b }, + { 0x149f6754, 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1 }, + { 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b }, + { 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06 }, + { 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605 }, + { 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d }, + { 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03 }, + { 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d }, + { 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e }, + { 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13 }, + { 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a }, + { 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e }, + { 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a }, + { 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a }, + { 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8 }, + { 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9 }, + { 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c }, + { 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14 }, + { 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417 }, + { 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758 }, + { 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7 }, + { 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a }, + { 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6 }, + { 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1 }, + { 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199 }, + { 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963 }, + { 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a }, + { 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7 }, + { 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd }, + { 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70 }, + { 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3 }, + { 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6 }, + { 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e }, + { 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74 }, + { 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413 }, + { 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303 }, + { 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9 }, + { 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b }, + { 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04 }, + { 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426 }, + { 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698 }, + { 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7 }, + { 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726 }, + { 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a }, + { 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92 }, + { 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293 }, + { 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325 }, + { 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0 }, + { 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2 }, + { 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d }, + { 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23 }, + { 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed }, + { 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63 }, + { 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379 }, + { 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d }, + { 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13 }, + { 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332 }, + { 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa }, + { 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c }, + { 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35 }, + { 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502 }, + { 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a }, + { 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3 }, + { 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3 }, + { 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd }, + { 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e }, + { 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a }, + { 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24 }, + { 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf }, + { 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51 }, + { 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3 }, + { 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c }, + { 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd }, + { 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55 }, + { 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f }, + { 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c, 0xcd559f37 }, + { 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd, 0x559f37af }, + { 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55, 0x9f37af94 }, }; -DECLSPEC u32 GETSHIFTEDINT_CONST (CONSTANT_AS u32a *a, const int n) -{ - const int d = n / 4; - const int m = n & 3; - - u64 tmp = hl32_to_64_S (a[d + 0], a[d + 1]); - - tmp <<= m * 8; - - return h32_from_64_S (tmp); -} - DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) { const int d = n / 4; @@ -52,7 +112,7 @@ DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) a[d + 1] = l32_from_64_S (tmp); } -DECLSPEC void m07800m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) +DECLSPEC void m07800m (SHM_TYPE u32a (*s_theMagicArray)[16], u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) { /** * modifier @@ -201,47 +261,59 @@ DECLSPEC void m07800m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = w0[0]; - final[ 1] = w0[1]; - final[ 2] = w0[2]; - final[ 3] = w0[3]; - final[ 4] = w1[0]; - final[ 5] = w1[1]; - final[ 6] = w1[2]; - final[ 7] = w1[3]; - final[ 8] = 0; - final[ 9] = 0; - final[10] = 0; - final[11] = 0; - final[12] = 0; - final[13] = 0; - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, pw_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = pw_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] @@ -272,7 +344,7 @@ DECLSPEC void m07800m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER } } -DECLSPEC void m07800s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) +DECLSPEC void m07800s (SHM_TYPE u32a (*s_theMagicArray)[16], u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) { /** * modifier @@ -433,47 +505,59 @@ DECLSPEC void m07800s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = w0[0]; - final[ 1] = w0[1]; - final[ 2] = w0[2]; - final[ 3] = w0[3]; - final[ 4] = w1[0]; - final[ 5] = w1[1]; - final[ 6] = w1[2]; - final[ 7] = w1[3]; - final[ 8] = 0; - final[ 9] = 0; - final[10] = 0; - final[11] = 0; - final[12] = 0; - final[13] = 0; - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, pw_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = pw_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] @@ -506,11 +590,45 @@ DECLSPEC void m07800s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + /** - * base + * aes shared */ - const u64 gid = get_global_id (0); + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -518,8 +636,6 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) * modifier */ - //const u64 lid = get_local_id (0); - u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -554,16 +670,50 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) * main */ - m07800m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07800m (s_theMagicArray, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m07800_m08 (KERN_ATTR_BASIC ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + /** - * base + * aes shared */ - const u64 gid = get_global_id (0); + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -571,8 +721,6 @@ KERNEL_FQ void m07800_m08 (KERN_ATTR_BASIC ()) * modifier */ - //const u64 lid = get_local_id (0); - u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -607,7 +755,7 @@ KERNEL_FQ void m07800_m08 (KERN_ATTR_BASIC ()) * main */ - m07800m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07800m (s_theMagicArray, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m07800_m16 (KERN_ATTR_BASIC ()) @@ -616,11 +764,45 @@ KERNEL_FQ void m07800_m16 (KERN_ATTR_BASIC ()) KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + /** - * base + * aes shared */ - const u64 gid = get_global_id (0); + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -628,8 +810,6 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) * modifier */ - //const u64 lid = get_local_id (0); - u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -664,16 +844,50 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) * main */ - m07800s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07800s (s_theMagicArray, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m07800_s08 (KERN_ATTR_BASIC ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + /** - * base + * aes shared */ - const u64 gid = get_global_id (0); + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -681,8 +895,6 @@ KERNEL_FQ void m07800_s08 (KERN_ATTR_BASIC ()) * modifier */ - //const u64 lid = get_local_id (0); - u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -717,7 +929,7 @@ KERNEL_FQ void m07800_s08 (KERN_ATTR_BASIC ()) * main */ - m07800s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07800s (s_theMagicArray, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m07800_s16 (KERN_ATTR_BASIC ()) diff --git a/OpenCL/m07801_a0-optimized.cl b/OpenCL/m07801_a0-optimized.cl index 13059adfe..c464d83dc 100644 --- a/OpenCL/m07801_a0-optimized.cl +++ b/OpenCL/m07801_a0-optimized.cl @@ -17,30 +17,90 @@ #include "inc_hash_sha1.cl" #endif -CONSTANT_VK u32a theMagicArray[64] = +CONSTANT_VK u32a theMagicArray[80][16] = { - 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, - 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, - 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, - 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, - 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f, 0x37af944c, 0x29085282, 0xb23b4e37, 0x9f170791, 0x113bfdcd, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, + { 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194 }, + { 0xac51149f, 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f }, + { 0x51149f67, 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b }, + { 0x149f6754, 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1 }, + { 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b }, + { 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06 }, + { 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605 }, + { 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d }, + { 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03 }, + { 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d }, + { 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e }, + { 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13 }, + { 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a }, + { 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e }, + { 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a }, + { 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a }, + { 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8 }, + { 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9 }, + { 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c }, + { 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14 }, + { 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417 }, + { 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758 }, + { 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7 }, + { 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a }, + { 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6 }, + { 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1 }, + { 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199 }, + { 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963 }, + { 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a }, + { 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7 }, + { 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd }, + { 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70 }, + { 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3 }, + { 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6 }, + { 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e }, + { 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74 }, + { 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413 }, + { 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303 }, + { 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9 }, + { 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b }, + { 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04 }, + { 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426 }, + { 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698 }, + { 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7 }, + { 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726 }, + { 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a }, + { 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92 }, + { 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293 }, + { 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325 }, + { 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0 }, + { 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2 }, + { 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d }, + { 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23 }, + { 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed }, + { 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63 }, + { 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379 }, + { 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d }, + { 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13 }, + { 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332 }, + { 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa }, + { 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c }, + { 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35 }, + { 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502 }, + { 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a }, + { 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3 }, + { 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3 }, + { 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd }, + { 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e }, + { 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a }, + { 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24 }, + { 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf }, + { 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51 }, + { 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3 }, + { 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c }, + { 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd }, + { 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55 }, + { 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f }, + { 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c, 0xcd559f37 }, + { 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd, 0x559f37af }, + { 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55, 0x9f37af94 }, }; -DECLSPEC u32 GETSHIFTEDINT_CONST (CONSTANT_AS u32a *a, const int n) -{ - const int d = n / 4; - const int m = n & 3; - - u64 tmp = hl32_to_64_S (a[d + 0], a[d + 1]); - - tmp <<= m * 8; - - return h32_from_64_S (tmp); -} - DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) { const int d = n / 4; @@ -56,20 +116,52 @@ DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) KERNEL_FQ void m07801_m04 (KERN_ATTR_RULES ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif + + if (gid >= gid_max) return; + /** * modifier */ - const u64 lid = get_local_id (0); - - /** - * base - */ - - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - u32 pw_buf0[4]; u32 pw_buf1[4]; @@ -90,14 +182,14 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_RULES ()) u32 salt_buf[8]; - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[2] = salt_bufs[salt_pos].salt_buf[2]; - salt_buf[3] = salt_bufs[salt_pos].salt_buf[3]; - salt_buf[4] = salt_bufs[salt_pos].salt_buf[4]; - salt_buf[5] = salt_bufs[salt_pos].salt_buf[5]; - salt_buf[6] = salt_bufs[salt_pos].salt_buf[6]; - salt_buf[7] = salt_bufs[salt_pos].salt_buf[7]; + salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); + salt_buf[3] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[3]); + salt_buf[4] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[4]); + salt_buf[5] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[5]); + salt_buf[6] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[6]); + salt_buf[7] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[7]); const u32 salt_len = salt_bufs[salt_pos].salt_len; @@ -114,6 +206,15 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_RULES ()) const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + /** * SAP */ @@ -140,7 +241,7 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_RULES ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len); + switch_buffer_by_offset_be_S (s0, s1, s2, s3, out_len); const u32x pw_salt_len = out_len + salt_len; @@ -150,20 +251,20 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_RULES ()) u32 final[32]; - final[ 0] = hc_swap32_S (w0[0] | s0[0]); - final[ 1] = hc_swap32_S (w0[1] | s0[1]); - final[ 2] = hc_swap32_S (w0[2] | s0[2]); - final[ 3] = hc_swap32_S (w0[3] | s0[3]); - final[ 4] = hc_swap32_S (w1[0] | s1[0]); - final[ 5] = hc_swap32_S (w1[1] | s1[1]); - final[ 6] = hc_swap32_S (w1[2] | s1[2]); - final[ 7] = hc_swap32_S (w1[3] | s1[3]); - final[ 8] = hc_swap32_S (w2[0] | s2[0]); - final[ 9] = hc_swap32_S (w2[1] | s2[1]); - final[10] = hc_swap32_S (w2[2] | s2[2]); - final[11] = hc_swap32_S (w2[3] | s2[3]); - final[12] = hc_swap32_S (w3[0] | s3[0]); - final[13] = hc_swap32_S (w3[1] | s3[1]); + final[ 0] = w0[0] | s0[0]; + final[ 1] = w0[1] | s0[1]; + final[ 2] = w0[2] | s0[2]; + final[ 3] = w0[3] | s0[3]; + final[ 4] = w1[0] | s1[0]; + final[ 5] = w1[1] | s1[1]; + final[ 6] = w1[2] | s1[2]; + final[ 7] = w1[3] | s1[3]; + final[ 8] = w2[0] | s2[0]; + final[ 9] = w2[1] | s2[1]; + final[10] = w2[2] | s2[2]; + final[11] = w2[3] | s2[3]; + final[12] = w3[0] | s3[0]; + final[13] = w3[1] | s3[1]; final[14] = 0; final[15] = pw_salt_len * 8; final[16] = 0; @@ -227,49 +328,61 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_RULES ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = hc_swap32_S (w0[0]); - final[ 1] = hc_swap32_S (w0[1]); - final[ 2] = hc_swap32_S (w0[2]); - final[ 3] = hc_swap32_S (w0[3]); - final[ 4] = hc_swap32_S (w1[0]); - final[ 5] = hc_swap32_S (w1[1]); - final[ 6] = hc_swap32_S (w1[2]); - final[ 7] = hc_swap32_S (w1[3]); - final[ 8] = 0; - final[ 9] = 0; - final[10] = 0; - final[11] = 0; - final[12] = 0; - final[13] = 0; - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, out_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = out_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { - const u32 tmp = hc_swap32_S (salt_buf[i / 4]); // attention, int[] not char[] + const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] SETSHIFTEDINT (final, final_len + i, tmp); } @@ -308,20 +421,52 @@ KERNEL_FQ void m07801_m16 (KERN_ATTR_RULES ()) KERNEL_FQ void m07801_s04 (KERN_ATTR_RULES ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif + + if (gid >= gid_max) return; + /** * modifier */ - const u64 lid = get_local_id (0); - - /** - * base - */ - - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - u32 pw_buf0[4]; u32 pw_buf1[4]; @@ -342,14 +487,14 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_RULES ()) u32 salt_buf[8]; - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[2] = salt_bufs[salt_pos].salt_buf[2]; - salt_buf[3] = salt_bufs[salt_pos].salt_buf[3]; - salt_buf[4] = salt_bufs[salt_pos].salt_buf[4]; - salt_buf[5] = salt_bufs[salt_pos].salt_buf[5]; - salt_buf[6] = salt_bufs[salt_pos].salt_buf[6]; - salt_buf[7] = salt_bufs[salt_pos].salt_buf[7]; + salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); + salt_buf[3] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[3]); + salt_buf[4] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[4]); + salt_buf[5] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[5]); + salt_buf[6] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[6]); + salt_buf[7] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[7]); const u32 salt_len = salt_bufs[salt_pos].salt_len; @@ -378,6 +523,15 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_RULES ()) const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + /** * SAP */ @@ -404,7 +558,7 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_RULES ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len); + switch_buffer_by_offset_be_S (s0, s1, s2, s3, out_len); const u32x pw_salt_len = out_len + salt_len; @@ -414,20 +568,20 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_RULES ()) u32 final[32]; - final[ 0] = hc_swap32_S (w0[0] | s0[0]); - final[ 1] = hc_swap32_S (w0[1] | s0[1]); - final[ 2] = hc_swap32_S (w0[2] | s0[2]); - final[ 3] = hc_swap32_S (w0[3] | s0[3]); - final[ 4] = hc_swap32_S (w1[0] | s1[0]); - final[ 5] = hc_swap32_S (w1[1] | s1[1]); - final[ 6] = hc_swap32_S (w1[2] | s1[2]); - final[ 7] = hc_swap32_S (w1[3] | s1[3]); - final[ 8] = hc_swap32_S (w2[0] | s2[0]); - final[ 9] = hc_swap32_S (w2[1] | s2[1]); - final[10] = hc_swap32_S (w2[2] | s2[2]); - final[11] = hc_swap32_S (w2[3] | s2[3]); - final[12] = hc_swap32_S (w3[0] | s3[0]); - final[13] = hc_swap32_S (w3[1] | s3[1]); + final[ 0] = w0[0] | s0[0]; + final[ 1] = w0[1] | s0[1]; + final[ 2] = w0[2] | s0[2]; + final[ 3] = w0[3] | s0[3]; + final[ 4] = w1[0] | s1[0]; + final[ 5] = w1[1] | s1[1]; + final[ 6] = w1[2] | s1[2]; + final[ 7] = w1[3] | s1[3]; + final[ 8] = w2[0] | s2[0]; + final[ 9] = w2[1] | s2[1]; + final[10] = w2[2] | s2[2]; + final[11] = w2[3] | s2[3]; + final[12] = w3[0] | s3[0]; + final[13] = w3[1] | s3[1]; final[14] = 0; final[15] = pw_salt_len * 8; final[16] = 0; @@ -491,49 +645,61 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_RULES ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = hc_swap32_S (w0[0]); - final[ 1] = hc_swap32_S (w0[1]); - final[ 2] = hc_swap32_S (w0[2]); - final[ 3] = hc_swap32_S (w0[3]); - final[ 4] = hc_swap32_S (w1[0]); - final[ 5] = hc_swap32_S (w1[1]); - final[ 6] = hc_swap32_S (w1[2]); - final[ 7] = hc_swap32_S (w1[3]); - final[ 8] = 0; - final[ 9] = 0; - final[10] = 0; - final[11] = 0; - final[12] = 0; - final[13] = 0; - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, out_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = out_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { - const u32 tmp = hc_swap32_S (salt_buf[i / 4]); // attention, int[] not char[] + const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] SETSHIFTEDINT (final, final_len + i, tmp); } diff --git a/OpenCL/m07801_a1-optimized.cl b/OpenCL/m07801_a1-optimized.cl index ef836a019..4cc78528f 100644 --- a/OpenCL/m07801_a1-optimized.cl +++ b/OpenCL/m07801_a1-optimized.cl @@ -15,30 +15,90 @@ #include "inc_hash_sha1.cl" #endif -CONSTANT_VK u32a theMagicArray[64] = +CONSTANT_VK u32a theMagicArray[80][16] = { - 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, - 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, - 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, - 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, - 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f, 0x37af944c, 0x29085282, 0xb23b4e37, 0x9f170791, 0x113bfdcd, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, + { 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194 }, + { 0xac51149f, 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f }, + { 0x51149f67, 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b }, + { 0x149f6754, 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1 }, + { 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b }, + { 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06 }, + { 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605 }, + { 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d }, + { 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03 }, + { 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d }, + { 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e }, + { 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13 }, + { 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a }, + { 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e }, + { 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a }, + { 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a }, + { 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8 }, + { 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9 }, + { 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c }, + { 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14 }, + { 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417 }, + { 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758 }, + { 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7 }, + { 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a }, + { 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6 }, + { 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1 }, + { 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199 }, + { 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963 }, + { 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a }, + { 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7 }, + { 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd }, + { 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70 }, + { 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3 }, + { 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6 }, + { 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e }, + { 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74 }, + { 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413 }, + { 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303 }, + { 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9 }, + { 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b }, + { 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04 }, + { 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426 }, + { 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698 }, + { 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7 }, + { 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726 }, + { 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a }, + { 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92 }, + { 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293 }, + { 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325 }, + { 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0 }, + { 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2 }, + { 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d }, + { 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23 }, + { 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed }, + { 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63 }, + { 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379 }, + { 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d }, + { 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13 }, + { 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332 }, + { 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa }, + { 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c }, + { 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35 }, + { 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502 }, + { 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a }, + { 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3 }, + { 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3 }, + { 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd }, + { 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e }, + { 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a }, + { 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24 }, + { 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf }, + { 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51 }, + { 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3 }, + { 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c }, + { 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd }, + { 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55 }, + { 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f }, + { 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c, 0xcd559f37 }, + { 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd, 0x559f37af }, + { 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55, 0x9f37af94 }, }; -DECLSPEC u32 GETSHIFTEDINT_CONST (CONSTANT_AS u32a *a, const int n) -{ - const int d = n / 4; - const int m = n & 3; - - u64 tmp = hl32_to_64_S (a[d + 0], a[d + 1]); - - tmp <<= m * 8; - - return h32_from_64_S (tmp); -} - DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) { const int d = n / 4; @@ -54,17 +114,45 @@ DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) { - /** - * modifier - */ - - const u64 lid = get_local_id (0); - - /** - * base - */ - const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -88,14 +176,14 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) u32 salt_buf[8]; - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[2] = salt_bufs[salt_pos].salt_buf[2]; - salt_buf[3] = salt_bufs[salt_pos].salt_buf[3]; - salt_buf[4] = salt_bufs[salt_pos].salt_buf[4]; - salt_buf[5] = salt_bufs[salt_pos].salt_buf[5]; - salt_buf[6] = salt_bufs[salt_pos].salt_buf[6]; - salt_buf[7] = salt_bufs[salt_pos].salt_buf[7]; + salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); + salt_buf[3] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[3]); + salt_buf[4] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[4]); + salt_buf[5] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[5]); + salt_buf[6] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[6]); + salt_buf[7] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[7]); const u32 salt_len = salt_bufs[salt_pos].salt_len; @@ -172,6 +260,23 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) w3[2] = wordl3[2] | wordr3[2]; w3[3] = wordl3[3] | wordr3[3]; + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + w2[0] = hc_swap32_S (w2[0]); + w2[1] = hc_swap32_S (w2[1]); + w2[2] = hc_swap32_S (w2[2]); + w2[3] = hc_swap32_S (w2[3]); + w3[0] = hc_swap32_S (w3[0]); + w3[1] = hc_swap32_S (w3[1]); + w3[2] = hc_swap32_S (w3[2]); + w3[3] = hc_swap32_S (w3[3]); + /** * SAP */ @@ -198,7 +303,7 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len); + switch_buffer_by_offset_be_S (s0, s1, s2, s3, pw_len); const u32x pw_salt_len = pw_len + salt_len; @@ -208,20 +313,20 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) u32 final[32]; - final[ 0] = hc_swap32_S (w0[0] | s0[0]); - final[ 1] = hc_swap32_S (w0[1] | s0[1]); - final[ 2] = hc_swap32_S (w0[2] | s0[2]); - final[ 3] = hc_swap32_S (w0[3] | s0[3]); - final[ 4] = hc_swap32_S (w1[0] | s1[0]); - final[ 5] = hc_swap32_S (w1[1] | s1[1]); - final[ 6] = hc_swap32_S (w1[2] | s1[2]); - final[ 7] = hc_swap32_S (w1[3] | s1[3]); - final[ 8] = hc_swap32_S (w2[0] | s2[0]); - final[ 9] = hc_swap32_S (w2[1] | s2[1]); - final[10] = hc_swap32_S (w2[2] | s2[2]); - final[11] = hc_swap32_S (w2[3] | s2[3]); - final[12] = hc_swap32_S (w3[0] | s3[0]); - final[13] = hc_swap32_S (w3[1] | s3[1]); + final[ 0] = w0[0] | s0[0]; + final[ 1] = w0[1] | s0[1]; + final[ 2] = w0[2] | s0[2]; + final[ 3] = w0[3] | s0[3]; + final[ 4] = w1[0] | s1[0]; + final[ 5] = w1[1] | s1[1]; + final[ 6] = w1[2] | s1[2]; + final[ 7] = w1[3] | s1[3]; + final[ 8] = w2[0] | s2[0]; + final[ 9] = w2[1] | s2[1]; + final[10] = w2[2] | s2[2]; + final[11] = w2[3] | s2[3]; + final[12] = w3[0] | s3[0]; + final[13] = w3[1] | s3[1]; final[14] = 0; final[15] = pw_salt_len * 8; final[16] = 0; @@ -285,49 +390,61 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = hc_swap32_S (w0[0]); - final[ 1] = hc_swap32_S (w0[1]); - final[ 2] = hc_swap32_S (w0[2]); - final[ 3] = hc_swap32_S (w0[3]); - final[ 4] = hc_swap32_S (w1[0]); - final[ 5] = hc_swap32_S (w1[1]); - final[ 6] = hc_swap32_S (w1[2]); - final[ 7] = hc_swap32_S (w1[3]); - final[ 8] = hc_swap32_S (w2[0]); - final[ 9] = hc_swap32_S (w2[1]); - final[10] = hc_swap32_S (w2[2]); - final[11] = hc_swap32_S (w2[3]); - final[12] = hc_swap32_S (w3[0]); - final[13] = hc_swap32_S (w3[1]); - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, pw_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = pw_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { - const u32 tmp = hc_swap32_S (salt_buf[i / 4]); // attention, int[] not char[] + const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] SETSHIFTEDINT (final, final_len + i, tmp); } @@ -366,17 +483,45 @@ KERNEL_FQ void m07801_m16 (KERN_ATTR_BASIC ()) KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) { - /** - * modifier - */ - - const u64 lid = get_local_id (0); - - /** - * base - */ - const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -400,14 +545,14 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) u32 salt_buf[8]; - salt_buf[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf[2] = salt_bufs[salt_pos].salt_buf[2]; - salt_buf[3] = salt_bufs[salt_pos].salt_buf[3]; - salt_buf[4] = salt_bufs[salt_pos].salt_buf[4]; - salt_buf[5] = salt_bufs[salt_pos].salt_buf[5]; - salt_buf[6] = salt_bufs[salt_pos].salt_buf[6]; - salt_buf[7] = salt_bufs[salt_pos].salt_buf[7]; + salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); + salt_buf[3] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[3]); + salt_buf[4] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[4]); + salt_buf[5] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[5]); + salt_buf[6] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[6]); + salt_buf[7] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[7]); const u32 salt_len = salt_bufs[salt_pos].salt_len; @@ -496,6 +641,23 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) w3[2] = wordl3[2] | wordr3[2]; w3[3] = wordl3[3] | wordr3[3]; + w0[0] = hc_swap32_S (w0[0]); + w0[1] = hc_swap32_S (w0[1]); + w0[2] = hc_swap32_S (w0[2]); + w0[3] = hc_swap32_S (w0[3]); + w1[0] = hc_swap32_S (w1[0]); + w1[1] = hc_swap32_S (w1[1]); + w1[2] = hc_swap32_S (w1[2]); + w1[3] = hc_swap32_S (w1[3]); + w2[0] = hc_swap32_S (w2[0]); + w2[1] = hc_swap32_S (w2[1]); + w2[2] = hc_swap32_S (w2[2]); + w2[3] = hc_swap32_S (w2[3]); + w3[0] = hc_swap32_S (w3[0]); + w3[1] = hc_swap32_S (w3[1]); + w3[2] = hc_swap32_S (w3[2]); + w3[3] = hc_swap32_S (w3[3]); + /** * SAP */ @@ -522,7 +684,7 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) s3[2] = 0; s3[3] = 0; - switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len); + switch_buffer_by_offset_be_S (s0, s1, s2, s3, pw_len); const u32x pw_salt_len = pw_len + salt_len; @@ -532,20 +694,20 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) u32 final[32]; - final[ 0] = hc_swap32_S (w0[0] | s0[0]); - final[ 1] = hc_swap32_S (w0[1] | s0[1]); - final[ 2] = hc_swap32_S (w0[2] | s0[2]); - final[ 3] = hc_swap32_S (w0[3] | s0[3]); - final[ 4] = hc_swap32_S (w1[0] | s1[0]); - final[ 5] = hc_swap32_S (w1[1] | s1[1]); - final[ 6] = hc_swap32_S (w1[2] | s1[2]); - final[ 7] = hc_swap32_S (w1[3] | s1[3]); - final[ 8] = hc_swap32_S (w2[0] | s2[0]); - final[ 9] = hc_swap32_S (w2[1] | s2[1]); - final[10] = hc_swap32_S (w2[2] | s2[2]); - final[11] = hc_swap32_S (w2[3] | s2[3]); - final[12] = hc_swap32_S (w3[0] | s3[0]); - final[13] = hc_swap32_S (w3[1] | s3[1]); + final[ 0] = w0[0] | s0[0]; + final[ 1] = w0[1] | s0[1]; + final[ 2] = w0[2] | s0[2]; + final[ 3] = w0[3] | s0[3]; + final[ 4] = w1[0] | s1[0]; + final[ 5] = w1[1] | s1[1]; + final[ 6] = w1[2] | s1[2]; + final[ 7] = w1[3] | s1[3]; + final[ 8] = w2[0] | s2[0]; + final[ 9] = w2[1] | s2[1]; + final[10] = w2[2] | s2[2]; + final[11] = w2[3] | s2[3]; + final[12] = w3[0] | s3[0]; + final[13] = w3[1] | s3[1]; final[14] = 0; final[15] = pw_salt_len * 8; final[16] = 0; @@ -609,49 +771,61 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = hc_swap32_S (w0[0]); - final[ 1] = hc_swap32_S (w0[1]); - final[ 2] = hc_swap32_S (w0[2]); - final[ 3] = hc_swap32_S (w0[3]); - final[ 4] = hc_swap32_S (w1[0]); - final[ 5] = hc_swap32_S (w1[1]); - final[ 6] = hc_swap32_S (w1[2]); - final[ 7] = hc_swap32_S (w1[3]); - final[ 8] = hc_swap32_S (w2[0]); - final[ 9] = hc_swap32_S (w2[1]); - final[10] = hc_swap32_S (w2[2]); - final[11] = hc_swap32_S (w2[3]); - final[12] = hc_swap32_S (w3[0]); - final[13] = hc_swap32_S (w3[1]); - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, pw_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = pw_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { - const u32 tmp = hc_swap32_S (salt_buf[i / 4]); // attention, int[] not char[] + const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] SETSHIFTEDINT (final, final_len + i, tmp); } diff --git a/OpenCL/m07801_a3-optimized.cl b/OpenCL/m07801_a3-optimized.cl index 59bc222cd..f1a03c6fd 100644 --- a/OpenCL/m07801_a3-optimized.cl +++ b/OpenCL/m07801_a3-optimized.cl @@ -15,30 +15,90 @@ #include "inc_hash_sha1.cl" #endif -CONSTANT_VK u32a theMagicArray[64] = +CONSTANT_VK u32a theMagicArray[80][16] = { - 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, - 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, - 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, - 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, - 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f, 0x37af944c, 0x29085282, 0xb23b4e37, 0x9f170791, 0x113bfdcd, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, + { 0x91ac5114, 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194 }, + { 0xac51149f, 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f }, + { 0x51149f67, 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b }, + { 0x149f6754, 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1 }, + { 0x9f675443, 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b }, + { 0x67544324, 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06 }, + { 0x544324e7, 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605 }, + { 0x4324e73b, 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d }, + { 0x24e73be0, 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03 }, + { 0xe73be028, 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d }, + { 0x3be02874, 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e }, + { 0xe028747b, 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13 }, + { 0x28747bc2, 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a }, + { 0x747bc286, 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e }, + { 0x7bc28633, 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a }, + { 0xc2863313, 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a }, + { 0x863313eb, 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8 }, + { 0x3313eb5a, 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9 }, + { 0x13eb5a4f, 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c }, + { 0xeb5a4fcb, 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14 }, + { 0x5a4fcb5c, 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417 }, + { 0x4fcb5c08, 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758 }, + { 0xcb5c080a, 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7 }, + { 0x5c080a73, 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a }, + { 0x080a7337, 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6 }, + { 0x0a73370e, 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1 }, + { 0x73370e5d, 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199 }, + { 0x370e5d1c, 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963 }, + { 0x0e5d1c2f, 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a }, + { 0x5d1c2f33, 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7 }, + { 0x1c2f338f, 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd }, + { 0x2f338fe6, 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70 }, + { 0x338fe6e5, 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3 }, + { 0x8fe6e5f8, 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6 }, + { 0xe6e5f89b, 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e }, + { 0xe5f89bae, 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74 }, + { 0xf89baedd, 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413 }, + { 0x9baedd16, 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303 }, + { 0xaedd16f2, 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9 }, + { 0xdd16f24b, 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b }, + { 0x16f24b8d, 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04 }, + { 0xf24b8d2c, 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426 }, + { 0x4b8d2ce1, 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698 }, + { 0x8d2ce1d4, 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7 }, + { 0x2ce1d4dc, 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726 }, + { 0xe1d4dcb0, 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a }, + { 0xd4dcb0cb, 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92 }, + { 0xdcb0cbdf, 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293 }, + { 0xb0cbdf9d, 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325 }, + { 0xcbdf9dd4, 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0 }, + { 0xdf9dd470, 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2 }, + { 0x9dd4706d, 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d }, + { 0xd4706d17, 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23 }, + { 0x706d17f9, 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed }, + { 0x6d17f94d, 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63 }, + { 0x17f94d42, 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379 }, + { 0xf94d423f, 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d }, + { 0x4d423f9b, 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13 }, + { 0x423f9b1b, 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332 }, + { 0x3f9b1b11, 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa }, + { 0x9b1b1194, 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c }, + { 0x1b11949f, 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35 }, + { 0x11949f5b, 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502 }, + { 0x949f5bc1, 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a }, + { 0x9f5bc19b, 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3 }, + { 0x5bc19b06, 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3 }, + { 0xc19b0605, 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd }, + { 0x9b06059d, 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e }, + { 0x06059d03, 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a }, + { 0x059d039d, 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24 }, + { 0x9d039d5e, 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf }, + { 0x039d5e13, 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51 }, + { 0x9d5e138a, 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3 }, + { 0x5e138a1e, 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c }, + { 0x138a1e9a, 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd }, + { 0x8a1e9a6a, 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55 }, + { 0x1e9a6ae8, 0xd97c1417, 0x58c72af6, 0xa199630a, 0xd7fd70c3, 0xf65e7413, 0x03c90b04, 0x2698f726, 0x8a929325, 0xb0a20d23, 0xed63796d, 0x1332fa3c, 0x35029aa3, 0xb3dd8e0a, 0x24bf51c3, 0x7ccd559f }, + { 0x9a6ae8d9, 0x7c141758, 0xc72af6a1, 0x99630ad7, 0xfd70c3f6, 0x5e741303, 0xc90b0426, 0x98f7268a, 0x929325b0, 0xa20d23ed, 0x63796d13, 0x32fa3c35, 0x029aa3b3, 0xdd8e0a24, 0xbf51c37c, 0xcd559f37 }, + { 0x6ae8d97c, 0x141758c7, 0x2af6a199, 0x630ad7fd, 0x70c3f65e, 0x741303c9, 0x0b042698, 0xf7268a92, 0x9325b0a2, 0x0d23ed63, 0x796d1332, 0xfa3c3502, 0x9aa3b3dd, 0x8e0a24bf, 0x51c37ccd, 0x559f37af }, + { 0xe8d97c14, 0x1758c72a, 0xf6a19963, 0x0ad7fd70, 0xc3f65e74, 0x1303c90b, 0x042698f7, 0x268a9293, 0x25b0a20d, 0x23ed6379, 0x6d1332fa, 0x3c35029a, 0xa3b3dd8e, 0x0a24bf51, 0xc37ccd55, 0x9f37af94 }, }; -DECLSPEC u32 GETSHIFTEDINT_CONST (CONSTANT_AS u32a *a, const int n) -{ - const int d = n / 4; - const int m = n & 3; - - u64 tmp = hl32_to_64_S (a[d + 0], a[d + 1]); - - tmp <<= m * 8; - - return h32_from_64_S (tmp); -} - DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) { const int d = n / 4; @@ -52,7 +112,7 @@ DECLSPEC void SETSHIFTEDINT (u32 *a, const int n, const u32 v) a[d + 1] = l32_from_64_S (tmp); } -DECLSPEC void m07801m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) +DECLSPEC void m07801m (SHM_TYPE u32a (*s_theMagicArray)[16], u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) { /** * modifier @@ -201,47 +261,59 @@ DECLSPEC void m07801m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = w0[0]; - final[ 1] = w0[1]; - final[ 2] = w0[2]; - final[ 3] = w0[3]; - final[ 4] = w1[0]; - final[ 5] = w1[1]; - final[ 6] = w1[2]; - final[ 7] = w1[3]; - final[ 8] = 0; - final[ 9] = 0; - final[10] = 0; - final[11] = 0; - final[12] = 0; - final[13] = 0; - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, pw_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = pw_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] @@ -272,7 +344,7 @@ DECLSPEC void m07801m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER } } -DECLSPEC void m07801s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) +DECLSPEC void m07801s (SHM_TYPE u32a (*s_theMagicArray)[16], u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ()) { /** * modifier @@ -433,47 +505,59 @@ DECLSPEC void m07801s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER digest[3] = SHA1M_D; digest[4] = SHA1M_E; - final[ 0] = w0[0]; - final[ 1] = w0[1]; - final[ 2] = w0[2]; - final[ 3] = w0[3]; - final[ 4] = w1[0]; - final[ 5] = w1[1]; - final[ 6] = w1[2]; - final[ 7] = w1[3]; - final[ 8] = 0; - final[ 9] = 0; - final[10] = 0; - final[11] = 0; - final[12] = 0; - final[13] = 0; - final[14] = 0; - final[15] = 0; - - u32 final_len = pw_len; - - u32 i; - // append MagicArray - for (i = 0; i < lengthMagicArray - 4; i += 4) - { - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i); + final[ 0] = s_theMagicArray[offsetMagicArray][ 0]; + final[ 1] = s_theMagicArray[offsetMagicArray][ 1]; + final[ 2] = s_theMagicArray[offsetMagicArray][ 2]; + final[ 3] = s_theMagicArray[offsetMagicArray][ 3]; + final[ 4] = s_theMagicArray[offsetMagicArray][ 4]; + final[ 5] = s_theMagicArray[offsetMagicArray][ 5]; + final[ 6] = s_theMagicArray[offsetMagicArray][ 6]; + final[ 7] = s_theMagicArray[offsetMagicArray][ 7]; + final[ 8] = s_theMagicArray[offsetMagicArray][ 8]; + final[ 9] = s_theMagicArray[offsetMagicArray][ 9]; + final[10] = s_theMagicArray[offsetMagicArray][10]; + final[11] = s_theMagicArray[offsetMagicArray][11]; + final[12] = s_theMagicArray[offsetMagicArray][12]; + final[13] = s_theMagicArray[offsetMagicArray][13]; + final[14] = s_theMagicArray[offsetMagicArray][14]; + final[15] = s_theMagicArray[offsetMagicArray][15]; + final[16] = 0; + final[17] = 0; + final[18] = 0; + final[19] = 0; + final[20] = 0; + final[21] = 0; + final[22] = 0; + final[23] = 0; + final[24] = 0; + final[25] = 0; + final[26] = 0; + final[27] = 0; + final[28] = 0; + final[29] = 0; + final[30] = 0; + final[31] = 0; - SETSHIFTEDINT (final, final_len + i, tmp); - } + truncate_block_16x4_be_S (final + 0, final + 4, final + 8, final + 12, lengthMagicArray); - const u32 mask = 0xffffffff << (((4 - (lengthMagicArray - i)) & 3) * 8); + switch_buffer_by_offset_8x4_be_S (final + 0, final + 4, final + 8, final + 12, final + 16, final + 20, final + 24, final + 28, pw_len); - const u32 tmp = GETSHIFTEDINT_CONST (theMagicArray, offsetMagicArray + i) & mask; + final[0] |= w0[0]; + final[1] |= w0[1]; + final[2] |= w0[2]; + final[3] |= w0[3]; + final[4] |= w1[0]; + final[5] |= w1[1]; + final[6] |= w1[2]; + final[7] |= w1[3]; - SETSHIFTEDINT (final, final_len + i, tmp); - - final_len += lengthMagicArray; + u32 final_len = pw_len + lengthMagicArray; // append Salt - for (i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 + for (int i = 0; i < salt_len + 1; i += 4) // +1 for the 0x80 { const u32 tmp = salt_buf[i / 4]; // attention, int[] not char[] @@ -506,11 +590,45 @@ DECLSPEC void m07801s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + /** - * base + * aes shared */ - const u64 gid = get_global_id (0); + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -518,8 +636,6 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) * modifier */ - //const u64 lid = get_local_id (0); - u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -554,16 +670,50 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) * main */ - m07801m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07801m (s_theMagicArray, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m07801_m08 (KERN_ATTR_BASIC ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + /** - * base + * aes shared */ - const u64 gid = get_global_id (0); + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -571,8 +721,6 @@ KERNEL_FQ void m07801_m08 (KERN_ATTR_BASIC ()) * modifier */ - //const u64 lid = get_local_id (0); - u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -607,7 +755,7 @@ KERNEL_FQ void m07801_m08 (KERN_ATTR_BASIC ()) * main */ - m07801m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07801m (s_theMagicArray, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m07801_m16 (KERN_ATTR_BASIC ()) @@ -616,11 +764,45 @@ KERNEL_FQ void m07801_m16 (KERN_ATTR_BASIC ()) KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + /** - * base + * aes shared */ - const u64 gid = get_global_id (0); + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -628,8 +810,6 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) * modifier */ - //const u64 lid = get_local_id (0); - u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -664,16 +844,50 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) * main */ - m07801s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07801s (s_theMagicArray, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m07801_s08 (KERN_ATTR_BASIC ()) { + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + /** - * base + * aes shared */ - const u64 gid = get_global_id (0); + #ifdef REAL_SHM + + LOCAL_VK u32 s_theMagicArray[80][16]; + + for (u32 i = lid; i < 80; i += lsz) + { + s_theMagicArray[i][ 0] = theMagicArray[i][ 0]; + s_theMagicArray[i][ 1] = theMagicArray[i][ 1]; + s_theMagicArray[i][ 2] = theMagicArray[i][ 2]; + s_theMagicArray[i][ 3] = theMagicArray[i][ 3]; + s_theMagicArray[i][ 4] = theMagicArray[i][ 4]; + s_theMagicArray[i][ 5] = theMagicArray[i][ 5]; + s_theMagicArray[i][ 6] = theMagicArray[i][ 6]; + s_theMagicArray[i][ 7] = theMagicArray[i][ 7]; + s_theMagicArray[i][ 8] = theMagicArray[i][ 8]; + s_theMagicArray[i][ 9] = theMagicArray[i][ 9]; + s_theMagicArray[i][10] = theMagicArray[i][10]; + s_theMagicArray[i][11] = theMagicArray[i][11]; + s_theMagicArray[i][12] = theMagicArray[i][12]; + s_theMagicArray[i][13] = theMagicArray[i][13]; + s_theMagicArray[i][14] = theMagicArray[i][14]; + s_theMagicArray[i][15] = theMagicArray[i][15]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + + #endif if (gid >= gid_max) return; @@ -681,8 +895,6 @@ KERNEL_FQ void m07801_s08 (KERN_ATTR_BASIC ()) * modifier */ - //const u64 lid = get_local_id (0); - u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -717,7 +929,7 @@ KERNEL_FQ void m07801_s08 (KERN_ATTR_BASIC ()) * main */ - m07801s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07801s (s_theMagicArray, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m07801_s16 (KERN_ATTR_BASIC ()) From d9473358efcbeb96c382b591ffdce2e3b09d04f2 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 20 Feb 2020 16:00:21 +0100 Subject: [PATCH 240/300] Add support for OPTS_TYPE_LOOP_EXTENDED kernel for special cases like VeraCrypt --- OpenCL/m13711-pure.cl | 142 +++++++++++++++++------------- OpenCL/m13712-pure.cl | 148 ++++++++++++++++++------------- OpenCL/m13713-pure.cl | 154 ++++++++++++++++++-------------- OpenCL/m13721-pure.cl | 148 ++++++++++++++++++------------- OpenCL/m13722-pure.cl | 159 +++++++++++++++++++-------------- OpenCL/m13723-pure.cl | 160 +++++++++++++++++++-------------- OpenCL/m13731-pure.cl | 160 ++++++++++++++++++--------------- OpenCL/m13732-pure.cl | 166 +++++++++++++++++++--------------- OpenCL/m13733-pure.cl | 172 +++++++++++++++++++++--------------- OpenCL/m13751-pure.cl | 148 +++++++++++++++++-------------- OpenCL/m13752-pure.cl | 154 ++++++++++++++++++-------------- OpenCL/m13753-pure.cl | 160 +++++++++++++++++++-------------- OpenCL/m13771-pure.cl | 164 +++++++++++++++++----------------- OpenCL/m13772-pure.cl | 170 ++++++++++++++++++----------------- OpenCL/m13773-pure.cl | 176 ++++++++++++++++++++----------------- include/types.h | 44 ++++++---- src/backend.c | 50 +++++++++++ src/modules/module_13711.c | 5 +- src/modules/module_13712.c | 5 +- src/modules/module_13713.c | 5 +- src/modules/module_13721.c | 5 +- src/modules/module_13722.c | 5 +- src/modules/module_13723.c | 5 +- src/modules/module_13731.c | 5 +- src/modules/module_13732.c | 5 +- src/modules/module_13733.c | 5 +- src/modules/module_13741.c | 5 +- src/modules/module_13742.c | 5 +- src/modules/module_13743.c | 5 +- src/modules/module_13751.c | 5 +- src/modules/module_13752.c | 5 +- src/modules/module_13753.c | 5 +- src/modules/module_13761.c | 5 +- src/modules/module_13762.c | 5 +- src/modules/module_13763.c | 5 +- src/modules/module_13771.c | 5 +- src/modules/module_13772.c | 5 +- src/modules/module_13773.c | 5 +- src/selftest.c | 5 ++ 39 files changed, 1505 insertions(+), 1080 deletions(-) diff --git a/OpenCL/m13711-pure.cl b/OpenCL/m13711-pure.cl index a74b318a6..52ebd1c3a 100644 --- a/OpenCL/m13711-pure.cl +++ b/OpenCL/m13711-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; @@ -252,61 +253,8 @@ KERNEL_FQ void m13711_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) KERNEL_FQ void m13711_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -407,11 +355,13 @@ KERNEL_FQ void m13711_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; + unpackv (tmps, pim_key, gid, i + 0, out[0]); + unpackv (tmps, pim_key, gid, i + 1, out[1]); + unpackv (tmps, pim_key, gid, i + 2, out[2]); + unpackv (tmps, pim_key, gid, i + 3, out[3]); + unpackv (tmps, pim_key, gid, i + 4, out[4]); + + tmps[gid].pim_check = pim; } } @@ -427,10 +377,78 @@ KERNEL_FQ void m13711_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) unpackv (tmps, out, gid, i + 3, out[3]); unpackv (tmps, out, gid, i + 4, out[4]); } +} - if (pim == 0) return; +KERNEL_FQ void m13711_loop_extended (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13711_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) diff --git a/OpenCL/m13712-pure.cl b/OpenCL/m13712-pure.cl index d754ae7df..c7e3d4b30 100644 --- a/OpenCL/m13712-pure.cl +++ b/OpenCL/m13712-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; @@ -303,61 +304,8 @@ KERNEL_FQ void m13712_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) KERNEL_FQ void m13712_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -458,11 +406,13 @@ KERNEL_FQ void m13712_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; + unpackv (tmps, pim_key, gid, i + 0, out[0]); + unpackv (tmps, pim_key, gid, i + 1, out[1]); + unpackv (tmps, pim_key, gid, i + 2, out[2]); + unpackv (tmps, pim_key, gid, i + 3, out[3]); + unpackv (tmps, pim_key, gid, i + 4, out[4]); + + tmps[gid].pim_check = pim; } } @@ -478,11 +428,83 @@ KERNEL_FQ void m13712_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) unpackv (tmps, out, gid, i + 3, out[3]); unpackv (tmps, out, gid, i + 4, out[4]); } +} - if (pim == 0) return; +KERNEL_FQ void m13712_loop_extended (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13712_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) diff --git a/OpenCL/m13713-pure.cl b/OpenCL/m13713-pure.cl index db6dc593f..fb42974a8 100644 --- a/OpenCL/m13713-pure.cl +++ b/OpenCL/m13713-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; @@ -368,61 +369,8 @@ KERNEL_FQ void m13713_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) KERNEL_FQ void m13713_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -523,11 +471,13 @@ KERNEL_FQ void m13713_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; + unpackv (tmps, pim_key, gid, i + 0, out[0]); + unpackv (tmps, pim_key, gid, i + 1, out[1]); + unpackv (tmps, pim_key, gid, i + 2, out[2]); + unpackv (tmps, pim_key, gid, i + 3, out[3]); + unpackv (tmps, pim_key, gid, i + 4, out[4]); + + tmps[gid].pim_check = pim; } } @@ -543,12 +493,88 @@ KERNEL_FQ void m13713_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) unpackv (tmps, out, gid, i + 3, out[3]); unpackv (tmps, out, gid, i + 4, out[4]); } +} - if (pim == 0) return; +KERNEL_FQ void m13713_loop_extended (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13713_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) diff --git a/OpenCL/m13721-pure.cl b/OpenCL/m13721-pure.cl index 3dbabb69d..f83fd39b2 100644 --- a/OpenCL/m13721-pure.cl +++ b/OpenCL/m13721-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc64_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_tmp_t; @@ -355,61 +356,8 @@ KERNEL_FQ void m13721_init (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) KERNEL_FQ void m13721_loop (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * shared lookup table - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -545,14 +493,16 @@ KERNEL_FQ void m13721_loop (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; - tmps[gid].pim_key[i + 5] = out[5]; - tmps[gid].pim_key[i + 6] = out[6]; - tmps[gid].pim_key[i + 7] = out[7]; + unpack64v (tmps, pim_key, gid, i + 0, out[0]); + unpack64v (tmps, pim_key, gid, i + 1, out[1]); + unpack64v (tmps, pim_key, gid, i + 2, out[2]); + unpack64v (tmps, pim_key, gid, i + 3, out[3]); + unpack64v (tmps, pim_key, gid, i + 4, out[4]); + unpack64v (tmps, pim_key, gid, i + 5, out[5]); + unpack64v (tmps, pim_key, gid, i + 6, out[6]); + unpack64v (tmps, pim_key, gid, i + 7, out[7]); + + tmps[gid].pim_check = pim; } } @@ -580,6 +530,78 @@ KERNEL_FQ void m13721_loop (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; } +KERNEL_FQ void m13721_loop_extended (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } +} + KERNEL_FQ void m13721_comp (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) { const u64 gid = get_global_id (0); diff --git a/OpenCL/m13722-pure.cl b/OpenCL/m13722-pure.cl index 9b74f8d41..cbcb75044 100644 --- a/OpenCL/m13722-pure.cl +++ b/OpenCL/m13722-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc64_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_tmp_t; @@ -406,61 +407,8 @@ KERNEL_FQ void m13722_init (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) KERNEL_FQ void m13722_loop (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * shared lookup table - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -596,14 +544,16 @@ KERNEL_FQ void m13722_loop (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; - tmps[gid].pim_key[i + 5] = out[5]; - tmps[gid].pim_key[i + 6] = out[6]; - tmps[gid].pim_key[i + 7] = out[7]; + unpack64v (tmps, pim_key, gid, i + 0, out[0]); + unpack64v (tmps, pim_key, gid, i + 1, out[1]); + unpack64v (tmps, pim_key, gid, i + 2, out[2]); + unpack64v (tmps, pim_key, gid, i + 3, out[3]); + unpack64v (tmps, pim_key, gid, i + 4, out[4]); + unpack64v (tmps, pim_key, gid, i + 5, out[5]); + unpack64v (tmps, pim_key, gid, i + 6, out[6]); + unpack64v (tmps, pim_key, gid, i + 7, out[7]); + + tmps[gid].pim_check = pim; } } @@ -625,11 +575,88 @@ KERNEL_FQ void m13722_loop (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) unpack64v (tmps, out, gid, i + 6, out[6]); unpack64v (tmps, out, gid, i + 7, out[7]); } +} - if (pim == 0) return; +KERNEL_FQ void m13722_loop_extended (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13722_comp (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) diff --git a/OpenCL/m13723-pure.cl b/OpenCL/m13723-pure.cl index ec722c387..da755b629 100644 --- a/OpenCL/m13723-pure.cl +++ b/OpenCL/m13723-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc64_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_tmp_t; @@ -471,61 +472,8 @@ KERNEL_FQ void m13723_init (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) KERNEL_FQ void m13723_loop (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * shared lookup table - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -661,14 +609,16 @@ KERNEL_FQ void m13723_loop (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; - tmps[gid].pim_key[i + 5] = out[5]; - tmps[gid].pim_key[i + 6] = out[6]; - tmps[gid].pim_key[i + 7] = out[7]; + unpack64v (tmps, pim_key, gid, i + 0, out[0]); + unpack64v (tmps, pim_key, gid, i + 1, out[1]); + unpack64v (tmps, pim_key, gid, i + 2, out[2]); + unpack64v (tmps, pim_key, gid, i + 3, out[3]); + unpack64v (tmps, pim_key, gid, i + 4, out[4]); + unpack64v (tmps, pim_key, gid, i + 5, out[5]); + unpack64v (tmps, pim_key, gid, i + 6, out[6]); + unpack64v (tmps, pim_key, gid, i + 7, out[7]); + + tmps[gid].pim_check = pim; } } @@ -690,12 +640,88 @@ KERNEL_FQ void m13723_loop (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) unpack64v (tmps, out, gid, i + 6, out[6]); unpack64v (tmps, out, gid, i + 7, out[7]); } +} - if (pim == 0) return; +KERNEL_FQ void m13723_loop_extended (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13723_comp (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) diff --git a/OpenCL/m13731-pure.cl b/OpenCL/m13731-pure.cl index 761141945..de76defc5 100644 --- a/OpenCL/m13731-pure.cl +++ b/OpenCL/m13731-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; @@ -418,57 +419,6 @@ KERNEL_FQ void m13731_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) const u64 lid = get_local_id (0); const u64 lsz = get_local_size (0); - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - /** * Whirlpool shared */ @@ -667,22 +617,24 @@ KERNEL_FQ void m13731_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[ 0]; - tmps[gid].pim_key[i + 1] = out[ 1]; - tmps[gid].pim_key[i + 2] = out[ 2]; - tmps[gid].pim_key[i + 3] = out[ 3]; - tmps[gid].pim_key[i + 4] = out[ 4]; - tmps[gid].pim_key[i + 5] = out[ 5]; - tmps[gid].pim_key[i + 6] = out[ 6]; - tmps[gid].pim_key[i + 7] = out[ 7]; - tmps[gid].pim_key[i + 8] = out[ 8]; - tmps[gid].pim_key[i + 9] = out[ 9]; - tmps[gid].pim_key[i + 10] = out[10]; - tmps[gid].pim_key[i + 11] = out[11]; - tmps[gid].pim_key[i + 12] = out[12]; - tmps[gid].pim_key[i + 13] = out[13]; - tmps[gid].pim_key[i + 14] = out[14]; - tmps[gid].pim_key[i + 15] = out[15]; + unpackv (tmps, pim_key, gid, i + 0, out[ 0]); + unpackv (tmps, pim_key, gid, i + 1, out[ 1]); + unpackv (tmps, pim_key, gid, i + 2, out[ 2]); + unpackv (tmps, pim_key, gid, i + 3, out[ 3]); + unpackv (tmps, pim_key, gid, i + 4, out[ 4]); + unpackv (tmps, pim_key, gid, i + 5, out[ 5]); + unpackv (tmps, pim_key, gid, i + 6, out[ 6]); + unpackv (tmps, pim_key, gid, i + 7, out[ 7]); + unpackv (tmps, pim_key, gid, i + 8, out[ 8]); + unpackv (tmps, pim_key, gid, i + 9, out[ 9]); + unpackv (tmps, pim_key, gid, i + 10, out[10]); + unpackv (tmps, pim_key, gid, i + 11, out[11]); + unpackv (tmps, pim_key, gid, i + 12, out[12]); + unpackv (tmps, pim_key, gid, i + 13, out[13]); + unpackv (tmps, pim_key, gid, i + 14, out[14]); + unpackv (tmps, pim_key, gid, i + 15, out[15]); + + tmps[gid].pim_check = pim; } } @@ -720,10 +672,78 @@ KERNEL_FQ void m13731_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) unpackv (tmps, out, gid, i + 14, out[14]); unpackv (tmps, out, gid, i + 15, out[15]); } +} - if (pim == 0) return; +KERNEL_FQ void m13731_loop_extended (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13731_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) diff --git a/OpenCL/m13732-pure.cl b/OpenCL/m13732-pure.cl index 26b5a5d62..2fb26cb25 100644 --- a/OpenCL/m13732-pure.cl +++ b/OpenCL/m13732-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; @@ -469,57 +470,6 @@ KERNEL_FQ void m13732_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) const u64 lid = get_local_id (0); const u64 lsz = get_local_size (0); - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - /** * Whirlpool shared */ @@ -718,22 +668,24 @@ KERNEL_FQ void m13732_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[ 0]; - tmps[gid].pim_key[i + 1] = out[ 1]; - tmps[gid].pim_key[i + 2] = out[ 2]; - tmps[gid].pim_key[i + 3] = out[ 3]; - tmps[gid].pim_key[i + 4] = out[ 4]; - tmps[gid].pim_key[i + 5] = out[ 5]; - tmps[gid].pim_key[i + 6] = out[ 6]; - tmps[gid].pim_key[i + 7] = out[ 7]; - tmps[gid].pim_key[i + 8] = out[ 8]; - tmps[gid].pim_key[i + 9] = out[ 9]; - tmps[gid].pim_key[i + 10] = out[10]; - tmps[gid].pim_key[i + 11] = out[11]; - tmps[gid].pim_key[i + 12] = out[12]; - tmps[gid].pim_key[i + 13] = out[13]; - tmps[gid].pim_key[i + 14] = out[14]; - tmps[gid].pim_key[i + 15] = out[15]; + unpackv (tmps, pim_key, gid, i + 0, out[ 0]); + unpackv (tmps, pim_key, gid, i + 1, out[ 1]); + unpackv (tmps, pim_key, gid, i + 2, out[ 2]); + unpackv (tmps, pim_key, gid, i + 3, out[ 3]); + unpackv (tmps, pim_key, gid, i + 4, out[ 4]); + unpackv (tmps, pim_key, gid, i + 5, out[ 5]); + unpackv (tmps, pim_key, gid, i + 6, out[ 6]); + unpackv (tmps, pim_key, gid, i + 7, out[ 7]); + unpackv (tmps, pim_key, gid, i + 8, out[ 8]); + unpackv (tmps, pim_key, gid, i + 9, out[ 9]); + unpackv (tmps, pim_key, gid, i + 10, out[10]); + unpackv (tmps, pim_key, gid, i + 11, out[11]); + unpackv (tmps, pim_key, gid, i + 12, out[12]); + unpackv (tmps, pim_key, gid, i + 13, out[13]); + unpackv (tmps, pim_key, gid, i + 14, out[14]); + unpackv (tmps, pim_key, gid, i + 15, out[15]); + + tmps[gid].pim_check = pim; } } @@ -771,11 +723,83 @@ KERNEL_FQ void m13732_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) unpackv (tmps, out, gid, i + 14, out[14]); unpackv (tmps, out, gid, i + 15, out[15]); } +} - if (pim == 0) return; +KERNEL_FQ void m13732_loop_extended (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13732_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) diff --git a/OpenCL/m13733-pure.cl b/OpenCL/m13733-pure.cl index 0a9059b5b..e39be38e3 100644 --- a/OpenCL/m13733-pure.cl +++ b/OpenCL/m13733-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; @@ -534,57 +535,6 @@ KERNEL_FQ void m13733_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) const u64 lid = get_local_id (0); const u64 lsz = get_local_size (0); - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - /** * Whirlpool shared */ @@ -783,22 +733,24 @@ KERNEL_FQ void m13733_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[ 0]; - tmps[gid].pim_key[i + 1] = out[ 1]; - tmps[gid].pim_key[i + 2] = out[ 2]; - tmps[gid].pim_key[i + 3] = out[ 3]; - tmps[gid].pim_key[i + 4] = out[ 4]; - tmps[gid].pim_key[i + 5] = out[ 5]; - tmps[gid].pim_key[i + 6] = out[ 6]; - tmps[gid].pim_key[i + 7] = out[ 7]; - tmps[gid].pim_key[i + 8] = out[ 8]; - tmps[gid].pim_key[i + 9] = out[ 9]; - tmps[gid].pim_key[i + 10] = out[10]; - tmps[gid].pim_key[i + 11] = out[11]; - tmps[gid].pim_key[i + 12] = out[12]; - tmps[gid].pim_key[i + 13] = out[13]; - tmps[gid].pim_key[i + 14] = out[14]; - tmps[gid].pim_key[i + 15] = out[15]; + unpackv (tmps, pim_key, gid, i + 0, out[ 0]); + unpackv (tmps, pim_key, gid, i + 1, out[ 1]); + unpackv (tmps, pim_key, gid, i + 2, out[ 2]); + unpackv (tmps, pim_key, gid, i + 3, out[ 3]); + unpackv (tmps, pim_key, gid, i + 4, out[ 4]); + unpackv (tmps, pim_key, gid, i + 5, out[ 5]); + unpackv (tmps, pim_key, gid, i + 6, out[ 6]); + unpackv (tmps, pim_key, gid, i + 7, out[ 7]); + unpackv (tmps, pim_key, gid, i + 8, out[ 8]); + unpackv (tmps, pim_key, gid, i + 9, out[ 9]); + unpackv (tmps, pim_key, gid, i + 10, out[10]); + unpackv (tmps, pim_key, gid, i + 11, out[11]); + unpackv (tmps, pim_key, gid, i + 12, out[12]); + unpackv (tmps, pim_key, gid, i + 13, out[13]); + unpackv (tmps, pim_key, gid, i + 14, out[14]); + unpackv (tmps, pim_key, gid, i + 15, out[15]); + + tmps[gid].pim_check = pim; } } @@ -836,12 +788,88 @@ KERNEL_FQ void m13733_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) unpackv (tmps, out, gid, i + 14, out[14]); unpackv (tmps, out, gid, i + 15, out[15]); } +} - if (pim == 0) return; +KERNEL_FQ void m13733_loop_extended (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13733_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) diff --git a/OpenCL/m13751-pure.cl b/OpenCL/m13751-pure.cl index 405d5c277..fef508f58 100644 --- a/OpenCL/m13751-pure.cl +++ b/OpenCL/m13751-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; @@ -287,61 +288,8 @@ KERNEL_FQ void m13751_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) KERNEL_FQ void m13751_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -486,14 +434,16 @@ KERNEL_FQ void m13751_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; - tmps[gid].pim_key[i + 5] = out[5]; - tmps[gid].pim_key[i + 6] = out[6]; - tmps[gid].pim_key[i + 7] = out[7]; + unpackv (tmps, pim_key, gid, i + 0, out[0]); + unpackv (tmps, pim_key, gid, i + 1, out[1]); + unpackv (tmps, pim_key, gid, i + 2, out[2]); + unpackv (tmps, pim_key, gid, i + 3, out[3]); + unpackv (tmps, pim_key, gid, i + 4, out[4]); + unpackv (tmps, pim_key, gid, i + 5, out[5]); + unpackv (tmps, pim_key, gid, i + 6, out[6]); + unpackv (tmps, pim_key, gid, i + 7, out[7]); + + tmps[gid].pim_check = pim; } } @@ -515,10 +465,78 @@ KERNEL_FQ void m13751_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) unpackv (tmps, out, gid, i + 6, out[6]); unpackv (tmps, out, gid, i + 7, out[7]); } +} - if (pim == 0) return; +KERNEL_FQ void m13751_loop_extended (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13751_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) diff --git a/OpenCL/m13752-pure.cl b/OpenCL/m13752-pure.cl index fbc4c5574..786bbff9b 100644 --- a/OpenCL/m13752-pure.cl +++ b/OpenCL/m13752-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; @@ -338,61 +339,8 @@ KERNEL_FQ void m13752_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) KERNEL_FQ void m13752_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -508,14 +456,16 @@ KERNEL_FQ void m13752_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; - tmps[gid].pim_key[i + 5] = out[5]; - tmps[gid].pim_key[i + 6] = out[6]; - tmps[gid].pim_key[i + 7] = out[7]; + unpackv (tmps, pim_key, gid, i + 0, out[0]); + unpackv (tmps, pim_key, gid, i + 1, out[1]); + unpackv (tmps, pim_key, gid, i + 2, out[2]); + unpackv (tmps, pim_key, gid, i + 3, out[3]); + unpackv (tmps, pim_key, gid, i + 4, out[4]); + unpackv (tmps, pim_key, gid, i + 5, out[5]); + unpackv (tmps, pim_key, gid, i + 6, out[6]); + unpackv (tmps, pim_key, gid, i + 7, out[7]); + + tmps[gid].pim_check = pim; } } @@ -537,11 +487,83 @@ KERNEL_FQ void m13752_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) unpackv (tmps, out, gid, i + 6, out[6]); unpackv (tmps, out, gid, i + 7, out[7]); } +} - if (pim == 0) return; +KERNEL_FQ void m13752_loop_extended (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13752_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) diff --git a/OpenCL/m13753-pure.cl b/OpenCL/m13753-pure.cl index 9e7fd752d..ba414dc58 100644 --- a/OpenCL/m13753-pure.cl +++ b/OpenCL/m13753-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -52,6 +52,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; @@ -403,61 +404,8 @@ KERNEL_FQ void m13753_init (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) KERNEL_FQ void m13753_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * aes shared - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -573,14 +521,16 @@ KERNEL_FQ void m13753_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; - tmps[gid].pim_key[i + 5] = out[5]; - tmps[gid].pim_key[i + 6] = out[6]; - tmps[gid].pim_key[i + 7] = out[7]; + unpackv (tmps, pim_key, gid, i + 0, out[0]); + unpackv (tmps, pim_key, gid, i + 1, out[1]); + unpackv (tmps, pim_key, gid, i + 2, out[2]); + unpackv (tmps, pim_key, gid, i + 3, out[3]); + unpackv (tmps, pim_key, gid, i + 4, out[4]); + unpackv (tmps, pim_key, gid, i + 5, out[5]); + unpackv (tmps, pim_key, gid, i + 6, out[6]); + unpackv (tmps, pim_key, gid, i + 7, out[7]); + + tmps[gid].pim_check = pim; } } @@ -602,12 +552,88 @@ KERNEL_FQ void m13753_loop (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) unpackv (tmps, out, gid, i + 6, out[6]); unpackv (tmps, out, gid, i + 7, out[7]); } +} - if (pim == 0) return; +KERNEL_FQ void m13753_loop_extended (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13753_comp (KERN_ATTR_TMPS_ESALT (vc_tmp_t, vc_t)) diff --git a/OpenCL/m13771-pure.cl b/OpenCL/m13771-pure.cl index 821ab8141..1d1ad45ab 100644 --- a/OpenCL/m13771-pure.cl +++ b/OpenCL/m13771-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -55,6 +55,7 @@ typedef struct vc64_sbog_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_sbog_tmp_t; @@ -371,77 +372,8 @@ KERNEL_FQ void m13771_init (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) KERNEL_FQ void m13771_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * shared lookup table - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - LOCAL_VK u64a s_sbob_sl64[8][256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_sbob_sl64[0][i] = sbob512_sl64[0][i]; - s_sbob_sl64[1][i] = sbob512_sl64[1][i]; - s_sbob_sl64[2][i] = sbob512_sl64[2][i]; - s_sbob_sl64[3][i] = sbob512_sl64[3][i]; - s_sbob_sl64[4][i] = sbob512_sl64[4][i]; - s_sbob_sl64[5][i] = sbob512_sl64[5][i]; - s_sbob_sl64[6][i] = sbob512_sl64[6][i]; - s_sbob_sl64[7][i] = sbob512_sl64[7][i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - CONSTANT_AS u64a (*s_sbob_sl64)[256] = sbob512_sl64; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -578,14 +510,16 @@ KERNEL_FQ void m13771_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; - tmps[gid].pim_key[i + 5] = out[5]; - tmps[gid].pim_key[i + 6] = out[6]; - tmps[gid].pim_key[i + 7] = out[7]; + unpack64v (tmps, pim_key, gid, i + 0, out[0]); + unpack64v (tmps, pim_key, gid, i + 1, out[1]); + unpack64v (tmps, pim_key, gid, i + 2, out[2]); + unpack64v (tmps, pim_key, gid, i + 3, out[3]); + unpack64v (tmps, pim_key, gid, i + 4, out[4]); + unpack64v (tmps, pim_key, gid, i + 5, out[5]); + unpack64v (tmps, pim_key, gid, i + 6, out[6]); + unpack64v (tmps, pim_key, gid, i + 7, out[7]); + + tmps[gid].pim_check = pim; } } @@ -607,10 +541,78 @@ KERNEL_FQ void m13771_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) unpack64v (tmps, out, gid, i + 6, out[6]); unpack64v (tmps, out, gid, i + 7, out[7]); } +} - if (pim == 0) return; +KERNEL_FQ void m13771_loop_extended (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13771_comp (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) diff --git a/OpenCL/m13772-pure.cl b/OpenCL/m13772-pure.cl index 7e8ef5b83..1fb4a07ee 100644 --- a/OpenCL/m13772-pure.cl +++ b/OpenCL/m13772-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -55,6 +55,7 @@ typedef struct vc64_sbog_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_sbog_tmp_t; @@ -422,77 +423,8 @@ KERNEL_FQ void m13772_init (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) KERNEL_FQ void m13772_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * shared lookup table - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - LOCAL_VK u64a s_sbob_sl64[8][256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_sbob_sl64[0][i] = sbob512_sl64[0][i]; - s_sbob_sl64[1][i] = sbob512_sl64[1][i]; - s_sbob_sl64[2][i] = sbob512_sl64[2][i]; - s_sbob_sl64[3][i] = sbob512_sl64[3][i]; - s_sbob_sl64[4][i] = sbob512_sl64[4][i]; - s_sbob_sl64[5][i] = sbob512_sl64[5][i]; - s_sbob_sl64[6][i] = sbob512_sl64[6][i]; - s_sbob_sl64[7][i] = sbob512_sl64[7][i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - CONSTANT_AS u64a (*s_sbob_sl64)[256] = sbob512_sl64; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -629,14 +561,16 @@ KERNEL_FQ void m13772_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; - tmps[gid].pim_key[i + 5] = out[5]; - tmps[gid].pim_key[i + 6] = out[6]; - tmps[gid].pim_key[i + 7] = out[7]; + unpack64v (tmps, pim_key, gid, i + 0, out[0]); + unpack64v (tmps, pim_key, gid, i + 1, out[1]); + unpack64v (tmps, pim_key, gid, i + 2, out[2]); + unpack64v (tmps, pim_key, gid, i + 3, out[3]); + unpack64v (tmps, pim_key, gid, i + 4, out[4]); + unpack64v (tmps, pim_key, gid, i + 5, out[5]); + unpack64v (tmps, pim_key, gid, i + 6, out[6]); + unpack64v (tmps, pim_key, gid, i + 7, out[7]); + + tmps[gid].pim_check = pim; } } @@ -658,11 +592,83 @@ KERNEL_FQ void m13772_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) unpack64v (tmps, out, gid, i + 6, out[6]); unpack64v (tmps, out, gid, i + 7, out[7]); } +} - if (pim == 0) return; +KERNEL_FQ void m13772_loop_extended (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13772_comp (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) diff --git a/OpenCL/m13773-pure.cl b/OpenCL/m13773-pure.cl index 1fad87e9e..c420be6d4 100644 --- a/OpenCL/m13773-pure.cl +++ b/OpenCL/m13773-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -55,6 +55,7 @@ typedef struct vc64_sbog_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_sbog_tmp_t; @@ -487,77 +488,8 @@ KERNEL_FQ void m13773_init (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) KERNEL_FQ void m13773_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) { const u64 gid = get_global_id (0); - const u64 lid = get_local_id (0); - const u64 lsz = get_local_size (0); - /** - * shared lookup table - */ - - #ifdef REAL_SHM - - LOCAL_VK u32 s_td0[256]; - LOCAL_VK u32 s_td1[256]; - LOCAL_VK u32 s_td2[256]; - LOCAL_VK u32 s_td3[256]; - LOCAL_VK u32 s_td4[256]; - - LOCAL_VK u32 s_te0[256]; - LOCAL_VK u32 s_te1[256]; - LOCAL_VK u32 s_te2[256]; - LOCAL_VK u32 s_te3[256]; - LOCAL_VK u32 s_te4[256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_td0[i] = td0[i]; - s_td1[i] = td1[i]; - s_td2[i] = td2[i]; - s_td3[i] = td3[i]; - s_td4[i] = td4[i]; - - s_te0[i] = te0[i]; - s_te1[i] = te1[i]; - s_te2[i] = te2[i]; - s_te3[i] = te3[i]; - s_te4[i] = te4[i]; - } - - LOCAL_VK u64a s_sbob_sl64[8][256]; - - for (u32 i = lid; i < 256; i += lsz) - { - s_sbob_sl64[0][i] = sbob512_sl64[0][i]; - s_sbob_sl64[1][i] = sbob512_sl64[1][i]; - s_sbob_sl64[2][i] = sbob512_sl64[2][i]; - s_sbob_sl64[3][i] = sbob512_sl64[3][i]; - s_sbob_sl64[4][i] = sbob512_sl64[4][i]; - s_sbob_sl64[5][i] = sbob512_sl64[5][i]; - s_sbob_sl64[6][i] = sbob512_sl64[6][i]; - s_sbob_sl64[7][i] = sbob512_sl64[7][i]; - } - - SYNC_THREADS (); - - #else - - CONSTANT_AS u32a *s_td0 = td0; - CONSTANT_AS u32a *s_td1 = td1; - CONSTANT_AS u32a *s_td2 = td2; - CONSTANT_AS u32a *s_td3 = td3; - CONSTANT_AS u32a *s_td4 = td4; - - CONSTANT_AS u32a *s_te0 = te0; - CONSTANT_AS u32a *s_te1 = te1; - CONSTANT_AS u32a *s_te2 = te2; - CONSTANT_AS u32a *s_te3 = te3; - CONSTANT_AS u32a *s_te4 = te4; - - CONSTANT_AS u64a (*s_sbob_sl64)[256] = sbob512_sl64; - - #endif - - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; // this is the pim range check // it is guaranteed that only 0 or 1 innerloops will match a "pim" mark (each 1000 iterations) @@ -694,14 +626,16 @@ KERNEL_FQ void m13773_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) if (j == pim_at) { - tmps[gid].pim_key[i + 0] = out[0]; - tmps[gid].pim_key[i + 1] = out[1]; - tmps[gid].pim_key[i + 2] = out[2]; - tmps[gid].pim_key[i + 3] = out[3]; - tmps[gid].pim_key[i + 4] = out[4]; - tmps[gid].pim_key[i + 5] = out[5]; - tmps[gid].pim_key[i + 6] = out[6]; - tmps[gid].pim_key[i + 7] = out[7]; + unpack64v (tmps, pim_key, gid, i + 0, out[0]); + unpack64v (tmps, pim_key, gid, i + 1, out[1]); + unpack64v (tmps, pim_key, gid, i + 2, out[2]); + unpack64v (tmps, pim_key, gid, i + 3, out[3]); + unpack64v (tmps, pim_key, gid, i + 4, out[4]); + unpack64v (tmps, pim_key, gid, i + 5, out[5]); + unpack64v (tmps, pim_key, gid, i + 6, out[6]); + unpack64v (tmps, pim_key, gid, i + 7, out[7]); + + tmps[gid].pim_check = pim; } } @@ -723,12 +657,88 @@ KERNEL_FQ void m13773_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) unpack64v (tmps, out, gid, i + 6, out[6]); unpack64v (tmps, out, gid, i + 7, out[7]); } +} - if (pim == 0) return; +KERNEL_FQ void m13773_loop_extended (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; - if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= gid_max) return; + + const u32 pim_check = tmps[gid].pim_check; + + if (pim_check) + { + if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1024 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) + { + tmps[gid].pim = pim_check; + } + + tmps[gid].pim_check = 0; + } } KERNEL_FQ void m13773_comp (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) diff --git a/include/types.h b/include/types.h index 9f329ad0d..ebcd53319 100644 --- a/include/types.h +++ b/include/types.h @@ -257,6 +257,7 @@ typedef enum kern_run KERN_RUN_1 = 1000, KERN_RUN_12 = 1500, KERN_RUN_2 = 2000, + KERN_RUN_2E = 2001, KERN_RUN_23 = 2500, KERN_RUN_3 = 3000, KERN_RUN_4 = 4000, @@ -410,23 +411,25 @@ typedef enum opts_type OPTS_TYPE_ST_HASH_MD5 = (1ULL << 28), OPTS_TYPE_HASH_COPY = (1ULL << 29), OPTS_TYPE_HASH_SPLIT = (1ULL << 30), - OPTS_TYPE_HOOK12 = (1ULL << 31), - OPTS_TYPE_HOOK23 = (1ULL << 32), - OPTS_TYPE_INIT2 = (1ULL << 33), - OPTS_TYPE_LOOP2 = (1ULL << 34), - OPTS_TYPE_AUX1 = (1ULL << 35), - OPTS_TYPE_AUX2 = (1ULL << 36), - OPTS_TYPE_AUX3 = (1ULL << 37), - OPTS_TYPE_AUX4 = (1ULL << 38), - OPTS_TYPE_BINARY_HASHFILE = (1ULL << 39), - OPTS_TYPE_PREFERED_THREAD = (1ULL << 40), // some algorithms (complicated ones with many branches) benefit from this - OPTS_TYPE_PT_ADD06 = (1ULL << 41), - OPTS_TYPE_KEYBOARD_MAPPING = (1ULL << 42), - OPTS_TYPE_DEEP_COMP_KERNEL = (1ULL << 43), // if we have to iterate through each hash inside the comp kernel, for example if each hash has to be decrypted separately - OPTS_TYPE_SUGGEST_KG = (1ULL << 44), // suggest keep guessing for modules the user maybe wants to use --keep-guessing - OPTS_TYPE_COPY_TMPS = (1ULL << 45), // if we want to use data from tmps buffer (for example get the PMK in WPA) - OPTS_TYPE_POTFILE_NOPASS = (1ULL << 46), // sometimes the password should not be printed to potfile - OPTS_TYPE_DYNAMIC_SHARED = (1ULL << 47), // use dynamic shared memory (note: needs special kernel changes) + OPTS_TYPE_LOOP_EXTENDED = (1ULL << 31), // a kernel which is called each time normal _loop kernel finished. + // but unlike a hook kernel this kernel is called for every _loop iteration offset + OPTS_TYPE_HOOK12 = (1ULL << 32), + OPTS_TYPE_HOOK23 = (1ULL << 33), + OPTS_TYPE_INIT2 = (1ULL << 34), + OPTS_TYPE_LOOP2 = (1ULL << 35), + OPTS_TYPE_AUX1 = (1ULL << 36), + OPTS_TYPE_AUX2 = (1ULL << 37), + OPTS_TYPE_AUX3 = (1ULL << 38), + OPTS_TYPE_AUX4 = (1ULL << 39), + OPTS_TYPE_BINARY_HASHFILE = (1ULL << 40), + OPTS_TYPE_PREFERED_THREAD = (1ULL << 41), // some algorithms (complicated ones with many branches) benefit from this + OPTS_TYPE_PT_ADD06 = (1ULL << 42), + OPTS_TYPE_KEYBOARD_MAPPING = (1ULL << 43), + OPTS_TYPE_DEEP_COMP_KERNEL = (1ULL << 44), // if we have to iterate through each hash inside the comp kernel, for example if each hash has to be decrypted separately + OPTS_TYPE_SUGGEST_KG = (1ULL << 45), // suggest keep guessing for modules the user maybe wants to use --keep-guessing + OPTS_TYPE_COPY_TMPS = (1ULL << 46), // if we want to use data from tmps buffer (for example get the PMK in WPA) + OPTS_TYPE_POTFILE_NOPASS = (1ULL << 47), // sometimes the password should not be printed to potfile + OPTS_TYPE_DYNAMIC_SHARED = (1ULL << 48), // use dynamic shared memory (note: needs special kernel changes) } opts_type_t; @@ -1077,6 +1080,7 @@ typedef struct hc_device_param u32 kernel_wgs1; u32 kernel_wgs12; u32 kernel_wgs2; + u32 kernel_wgs2e; u32 kernel_wgs23; u32 kernel_wgs3; u32 kernel_wgs4; @@ -1098,6 +1102,7 @@ typedef struct hc_device_param u32 kernel_preferred_wgs_multiple1; u32 kernel_preferred_wgs_multiple12; u32 kernel_preferred_wgs_multiple2; + u32 kernel_preferred_wgs_multiple2e; u32 kernel_preferred_wgs_multiple23; u32 kernel_preferred_wgs_multiple3; u32 kernel_preferred_wgs_multiple4; @@ -1119,6 +1124,7 @@ typedef struct hc_device_param u64 kernel_local_mem_size1; u64 kernel_local_mem_size12; u64 kernel_local_mem_size2; + u64 kernel_local_mem_size2e; u64 kernel_local_mem_size23; u64 kernel_local_mem_size3; u64 kernel_local_mem_size4; @@ -1140,6 +1146,7 @@ typedef struct hc_device_param u64 kernel_dynamic_local_mem_size1; u64 kernel_dynamic_local_mem_size12; u64 kernel_dynamic_local_mem_size2; + u64 kernel_dynamic_local_mem_size2e; u64 kernel_dynamic_local_mem_size23; u64 kernel_dynamic_local_mem_size3; u64 kernel_dynamic_local_mem_size4; @@ -1252,6 +1259,7 @@ typedef struct hc_device_param double exec_us_prev1[EXPECTED_ITERATIONS]; double exec_us_prev2[EXPECTED_ITERATIONS]; + double exec_us_prev2e[EXPECTED_ITERATIONS]; double exec_us_prev3[EXPECTED_ITERATIONS]; double exec_us_prev4[EXPECTED_ITERATIONS]; double exec_us_prev_init2[EXPECTED_ITERATIONS]; @@ -1355,6 +1363,7 @@ typedef struct hc_device_param CUfunction cuda_function1; CUfunction cuda_function12; CUfunction cuda_function2; + CUfunction cuda_function2e; CUfunction cuda_function23; CUfunction cuda_function3; CUfunction cuda_function4; @@ -1437,6 +1446,7 @@ typedef struct hc_device_param cl_kernel opencl_kernel1; cl_kernel opencl_kernel12; cl_kernel opencl_kernel2; + cl_kernel opencl_kernel2e; cl_kernel opencl_kernel23; cl_kernel opencl_kernel3; cl_kernel opencl_kernel4; diff --git a/src/backend.c b/src/backend.c index ad1d02235..1ef4a5761 100644 --- a/src/backend.c +++ b/src/backend.c @@ -3026,6 +3026,11 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, if (run_kernel (hashcat_ctx, device_param, KERN_RUN_2, pws_cnt, true, slow_iteration) == -1) return -1; + if (hashconfig->opts_type & OPTS_TYPE_LOOP_EXTENDED) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_2E, pws_cnt, true, slow_iteration) == -1) return -1; + } + //bug? //while (status_ctx->run_thread_level2 == false) break; if (status_ctx->run_thread_level2 == false) break; @@ -3444,6 +3449,10 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con kernel_threads = device_param->kernel_wgs2; dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size2; break; + case KERN_RUN_2E: + kernel_threads = device_param->kernel_wgs2e; + dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size2e; + break; case KERN_RUN_23: kernel_threads = device_param->kernel_wgs23; dynamic_shared_mem = device_param->kernel_dynamic_local_mem_size23; @@ -3516,6 +3525,7 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con case KERN_RUN_1: cuda_function = device_param->cuda_function1; break; case KERN_RUN_12: cuda_function = device_param->cuda_function12; break; case KERN_RUN_2: cuda_function = device_param->cuda_function2; break; + case KERN_RUN_2E: cuda_function = device_param->cuda_function2e; break; case KERN_RUN_23: cuda_function = device_param->cuda_function23; break; case KERN_RUN_3: cuda_function = device_param->cuda_function3; break; case KERN_RUN_4: cuda_function = device_param->cuda_function4; break; @@ -3609,6 +3619,7 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con case KERN_RUN_1: opencl_kernel = device_param->opencl_kernel1; break; case KERN_RUN_12: opencl_kernel = device_param->opencl_kernel12; break; case KERN_RUN_2: opencl_kernel = device_param->opencl_kernel2; break; + case KERN_RUN_2E: opencl_kernel = device_param->opencl_kernel2e; break; case KERN_RUN_23: opencl_kernel = device_param->opencl_kernel23; break; case KERN_RUN_3: opencl_kernel = device_param->opencl_kernel3; break; case KERN_RUN_4: opencl_kernel = device_param->opencl_kernel4; break; @@ -3703,6 +3714,7 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con { case KERN_RUN_1: if (device_param->exec_us_prev1[iterationm] > 0) usleep ((useconds_t) (device_param->exec_us_prev1[iterationm] * device_param->spin_damp)); break; case KERN_RUN_2: if (device_param->exec_us_prev2[iterationm] > 0) usleep ((useconds_t) (device_param->exec_us_prev2[iterationm] * device_param->spin_damp)); break; + case KERN_RUN_2E: if (device_param->exec_us_prev2e[iterationm] > 0) usleep ((useconds_t) (device_param->exec_us_prev2e[iterationm] * device_param->spin_damp)); break; case KERN_RUN_3: if (device_param->exec_us_prev3[iterationm] > 0) usleep ((useconds_t) (device_param->exec_us_prev3[iterationm] * device_param->spin_damp)); break; case KERN_RUN_4: if (device_param->exec_us_prev4[iterationm] > 0) usleep ((useconds_t) (device_param->exec_us_prev4[iterationm] * device_param->spin_damp)); break; case KERN_RUN_INIT2: if (device_param->exec_us_prev_init2[iterationm] > 0) usleep ((useconds_t) (device_param->exec_us_prev_init2[iterationm] * device_param->spin_damp)); break; @@ -3746,6 +3758,7 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con { case KERN_RUN_1: device_param->exec_us_prev1[iterationm] = exec_us; break; case KERN_RUN_2: device_param->exec_us_prev2[iterationm] = exec_us; break; + case KERN_RUN_2E: device_param->exec_us_prev2e[iterationm] = exec_us; break; case KERN_RUN_3: device_param->exec_us_prev3[iterationm] = exec_us; break; case KERN_RUN_4: device_param->exec_us_prev4[iterationm] = exec_us; break; case KERN_RUN_INIT2: device_param->exec_us_prev_init2[iterationm] = exec_us; break; @@ -8887,6 +8900,23 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) device_param->kernel_preferred_wgs_multiple3 = device_param->cuda_warp_size; + if (hashconfig->opts_type & OPTS_TYPE_LOOP_EXTENDED) + { + // kernel2e + + snprintf (kernel_name, sizeof (kernel_name), "m%05u_loop_extended", kern_type); + + if (hc_cuModuleGetFunction (hashcat_ctx, &device_param->cuda_function2e, device_param->cuda_module, kernel_name) == -1) return -1; + + if (get_cuda_kernel_wgs (hashcat_ctx, device_param->cuda_function2e, &device_param->kernel_wgs2e) == -1) return -1; + + if (get_cuda_kernel_local_mem_size (hashcat_ctx, device_param->cuda_function2e, &device_param->kernel_local_mem_size2e) == -1) return -1; + + if (get_cuda_kernel_dynamic_local_mem_size (hashcat_ctx, device_param->cuda_function2e, &device_param->kernel_dynamic_local_mem_size2e) == -1) return -1; + + device_param->kernel_preferred_wgs_multiple2e = device_param->cuda_warp_size; + } + // kernel12 if (hashconfig->opts_type & OPTS_TYPE_HOOK12) @@ -9453,6 +9483,23 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel3, &device_param->kernel_preferred_wgs_multiple3) == -1) return -1; + // aux1 + + if (hashconfig->opts_type & OPTS_TYPE_LOOP_EXTENDED) + { + snprintf (kernel_name, sizeof (kernel_name), "m%05u_loop_extended", kern_type); + + if (hc_clCreateKernel (hashcat_ctx, device_param->opencl_program, kernel_name, &device_param->opencl_kernel2e) == -1) return -1; + + if (get_opencl_kernel_wgs (hashcat_ctx, device_param, device_param->opencl_kernel2e, &device_param->kernel_wgs2e) == -1) return -1; + + if (get_opencl_kernel_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel2e, &device_param->kernel_local_mem_size2e) == -1) return -1; + + if (get_opencl_kernel_dynamic_local_mem_size (hashcat_ctx, device_param, device_param->opencl_kernel2e, &device_param->kernel_dynamic_local_mem_size2e) == -1) return -1; + + if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel2e, &device_param->kernel_preferred_wgs_multiple2e) == -1) return -1; + } + // kernel12 if (hashconfig->opts_type & OPTS_TYPE_HOOK12) @@ -10332,6 +10379,7 @@ void backend_session_destroy (hashcat_ctx_t *hashcat_ctx) device_param->cuda_function1 = NULL; device_param->cuda_function12 = NULL; device_param->cuda_function2 = NULL; + device_param->cuda_function2e = NULL; device_param->cuda_function23 = NULL; device_param->cuda_function3 = NULL; device_param->cuda_function4 = NULL; @@ -10399,6 +10447,7 @@ void backend_session_destroy (hashcat_ctx_t *hashcat_ctx) if (device_param->opencl_kernel1) hc_clReleaseKernel (hashcat_ctx, device_param->opencl_kernel1); if (device_param->opencl_kernel12) hc_clReleaseKernel (hashcat_ctx, device_param->opencl_kernel12); if (device_param->opencl_kernel2) hc_clReleaseKernel (hashcat_ctx, device_param->opencl_kernel2); + if (device_param->opencl_kernel2e) hc_clReleaseKernel (hashcat_ctx, device_param->opencl_kernel2e); if (device_param->opencl_kernel23) hc_clReleaseKernel (hashcat_ctx, device_param->opencl_kernel23); if (device_param->opencl_kernel3) hc_clReleaseKernel (hashcat_ctx, device_param->opencl_kernel3); if (device_param->opencl_kernel4) hc_clReleaseKernel (hashcat_ctx, device_param->opencl_kernel4); @@ -10464,6 +10513,7 @@ void backend_session_destroy (hashcat_ctx_t *hashcat_ctx) device_param->opencl_kernel1 = NULL; device_param->opencl_kernel12 = NULL; device_param->opencl_kernel2 = NULL; + device_param->opencl_kernel2e = NULL; device_param->opencl_kernel23 = NULL; device_param->opencl_kernel3 = NULL; device_param->opencl_kernel4 = NULL; diff --git a/src/modules/module_13711.c b/src/modules/module_13711.c index d61ebd25d..6c4402b74 100644 --- a/src/modules/module_13711.c +++ b/src/modules/module_13711.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_5; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 512 bit"; static const u64 KERN_TYPE = 13711; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13712.c b/src/modules/module_13712.c index 2bad6eff2..52ffe6b2b 100644 --- a/src/modules/module_13712.c +++ b/src/modules/module_13712.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_5; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 1024 bit"; static const u64 KERN_TYPE = 13712; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13713.c b/src/modules/module_13713.c index 286f18bf8..943ff93ab 100644 --- a/src/modules/module_13713.c +++ b/src/modules/module_13713.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_5; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 1536 bit"; static const u64 KERN_TYPE = 13713; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13721.c b/src/modules/module_13721.c index 325152c1e..24982d699 100644 --- a/src/modules/module_13721.c +++ b/src/modules/module_13721.c @@ -23,9 +23,11 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt SHA512 + XTS 512 bit"; static const u64 KERN_TYPE = 13721; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_USES_BITS_64; + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -56,6 +58,7 @@ typedef struct tc64_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_tmp_t; diff --git a/src/modules/module_13722.c b/src/modules/module_13722.c index 21687d8e3..5a7415224 100644 --- a/src/modules/module_13722.c +++ b/src/modules/module_13722.c @@ -23,9 +23,11 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt SHA512 + XTS 1024 bit"; static const u64 KERN_TYPE = 13722; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_USES_BITS_64; + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -56,6 +58,7 @@ typedef struct tc64_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_tmp_t; diff --git a/src/modules/module_13723.c b/src/modules/module_13723.c index 636d7ecc8..963492e2e 100644 --- a/src/modules/module_13723.c +++ b/src/modules/module_13723.c @@ -23,9 +23,11 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt SHA512 + XTS 1536 bit"; static const u64 KERN_TYPE = 13723; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_USES_BITS_64; + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -56,6 +58,7 @@ typedef struct tc64_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_tmp_t; diff --git a/src/modules/module_13731.c b/src/modules/module_13731.c index 47f5f204a..bff24ccfb 100644 --- a/src/modules/module_13731.c +++ b/src/modules/module_13731.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt Whirlpool + XTS 512 bit"; static const u64 KERN_TYPE = 13731; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13732.c b/src/modules/module_13732.c index 0cebe3856..f20b4ca77 100644 --- a/src/modules/module_13732.c +++ b/src/modules/module_13732.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt Whirlpool + XTS 1024 bit"; static const u64 KERN_TYPE = 13732; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13733.c b/src/modules/module_13733.c index f6d89e01c..b2dd17013 100644 --- a/src/modules/module_13733.c +++ b/src/modules/module_13733.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt Whirlpool + XTS 1536 bit"; static const u64 KERN_TYPE = 13733; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13741.c b/src/modules/module_13741.c index c04ef478d..33bbef907 100644 --- a/src/modules/module_13741.c +++ b/src/modules/module_13741.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_5; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 512 bit + boot-mode"; static const u64 KERN_TYPE = 13711; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_KEYBOARD_MAPPING; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13742.c b/src/modules/module_13742.c index 89e21b597..6f46eec32 100644 --- a/src/modules/module_13742.c +++ b/src/modules/module_13742.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_5; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 1024 bit + boot-mode"; static const u64 KERN_TYPE = 13712; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_KEYBOARD_MAPPING; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13743.c b/src/modules/module_13743.c index a5c2792ce..8db6127c6 100644 --- a/src/modules/module_13743.c +++ b/src/modules/module_13743.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_5; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode"; static const u64 KERN_TYPE = 13713; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_KEYBOARD_MAPPING; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13751.c b/src/modules/module_13751.c index 8a15dbfa4..a6de0854e 100644 --- a/src/modules/module_13751.c +++ b/src/modules/module_13751.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 512 bit"; static const u64 KERN_TYPE = 13751; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13752.c b/src/modules/module_13752.c index f35812725..4b6de70c7 100644 --- a/src/modules/module_13752.c +++ b/src/modules/module_13752.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 1024 bit"; static const u64 KERN_TYPE = 13752; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13753.c b/src/modules/module_13753.c index 54a2a2943..3b520b605 100644 --- a/src/modules/module_13753.c +++ b/src/modules/module_13753.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 1536 bit"; static const u64 KERN_TYPE = 13753; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13761.c b/src/modules/module_13761.c index 95d419c59..53bf93b29 100644 --- a/src/modules/module_13761.c +++ b/src/modules/module_13761.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 512 bit + boot-mode"; static const u64 KERN_TYPE = 13751; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_KEYBOARD_MAPPING; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13762.c b/src/modules/module_13762.c index 10639cb78..bfabfffcd 100644 --- a/src/modules/module_13762.c +++ b/src/modules/module_13762.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 1024 bit + boot-mode"; static const u64 KERN_TYPE = 13752; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_KEYBOARD_MAPPING; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13763.c b/src/modules/module_13763.c index f28567c39..7afd6927f 100644 --- a/src/modules/module_13763.c +++ b/src/modules/module_13763.c @@ -22,9 +22,11 @@ static const u32 DGST_SIZE = DGST_SIZE_4_8; static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt SHA256 + XTS 1536 bit + boot-mode"; static const u64 KERN_TYPE = 13753; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_KEYBOARD_MAPPING; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -55,6 +57,7 @@ typedef struct vc_tmp u32 pim_key[64]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc_tmp_t; diff --git a/src/modules/module_13771.c b/src/modules/module_13771.c index 971b0de1e..3acc6fdb4 100644 --- a/src/modules/module_13771.c +++ b/src/modules/module_13771.c @@ -23,9 +23,11 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt Streebog-512 + XTS 512 bit"; static const u64 KERN_TYPE = 13771; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_USES_BITS_64; + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -59,6 +61,7 @@ typedef struct vc64_sbog_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_sbog_tmp_t; diff --git a/src/modules/module_13772.c b/src/modules/module_13772.c index ac47e5d81..c80944864 100644 --- a/src/modules/module_13772.c +++ b/src/modules/module_13772.c @@ -23,9 +23,11 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt Streebog-512 + XTS 1024 bit"; static const u64 KERN_TYPE = 13772; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_USES_BITS_64; + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -59,6 +61,7 @@ typedef struct vc64_sbog_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_sbog_tmp_t; diff --git a/src/modules/module_13773.c b/src/modules/module_13773.c index 248368d00..2d3589db5 100644 --- a/src/modules/module_13773.c +++ b/src/modules/module_13773.c @@ -23,9 +23,11 @@ static const u32 HASH_CATEGORY = HASH_CATEGORY_FDE; static const char *HASH_NAME = "VeraCrypt Streebog-512 + XTS 1536 bit"; static const u64 KERN_TYPE = 13773; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_USES_BITS_64; + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE + | OPTS_TYPE_LOOP_EXTENDED | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; @@ -59,6 +61,7 @@ typedef struct vc64_sbog_tmp u64 pim_key[32]; int pim; // marker for cracked + int pim_check; // marker for _extended kernel } vc64_sbog_tmp_t; diff --git a/src/selftest.c b/src/selftest.c index 972aba475..0acb7b2a1 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -486,6 +486,11 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param device_param->kernel_params_buf32[29] = loop_left; if (run_kernel (hashcat_ctx, device_param, KERN_RUN_2, 1, false, 0) == -1) return -1; + + if (hashconfig->opts_type & OPTS_TYPE_LOOP_EXTENDED) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_2E, 1, false, 0) == -1) return -1; + } } if (hashconfig->opts_type & OPTS_TYPE_HOOK23) From 3ce3ecedd9ea6549e3db6b79c67c8ef476f48947 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 20 Feb 2020 16:09:41 +0100 Subject: [PATCH 241/300] Reenable VeraCrypt on ROCM --- src/modules/module_13711.c | 13 +------------ src/modules/module_13712.c | 13 +------------ src/modules/module_13713.c | 13 +------------ src/modules/module_13721.c | 13 +------------ src/modules/module_13722.c | 13 +------------ src/modules/module_13723.c | 13 +------------ src/modules/module_13731.c | 13 +------------ src/modules/module_13732.c | 13 +------------ src/modules/module_13733.c | 13 +------------ src/modules/module_13741.c | 13 +------------ src/modules/module_13742.c | 13 +------------ src/modules/module_13743.c | 13 +------------ src/modules/module_13751.c | 13 +------------ src/modules/module_13752.c | 13 +------------ src/modules/module_13753.c | 13 +------------ src/modules/module_13761.c | 13 +------------ src/modules/module_13762.c | 13 +------------ src/modules/module_13763.c | 13 +------------ src/modules/module_13771.c | 13 +------------ src/modules/module_13772.c | 13 +------------ src/modules/module_13773.c | 13 +------------ 21 files changed, 21 insertions(+), 252 deletions(-) diff --git a/src/modules/module_13711.c b/src/modules/module_13711.c index 6c4402b74..2096bd458 100644 --- a/src/modules/module_13711.c +++ b/src/modules/module_13711.c @@ -80,17 +80,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_655331 = 655331; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -350,6 +339,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13712.c b/src/modules/module_13712.c index 52ffe6b2b..8a5f1cf13 100644 --- a/src/modules/module_13712.c +++ b/src/modules/module_13712.c @@ -80,17 +80,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_655331 = 655331; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -350,6 +339,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13713.c b/src/modules/module_13713.c index 943ff93ab..7a5360837 100644 --- a/src/modules/module_13713.c +++ b/src/modules/module_13713.c @@ -80,17 +80,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_655331 = 655331; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -350,6 +339,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13721.c b/src/modules/module_13721.c index 24982d699..9680018f1 100644 --- a/src/modules/module_13721.c +++ b/src/modules/module_13721.c @@ -81,17 +81,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_tmp_t *vc64_tmp = (const vc64_tmp_t *) tmps; @@ -351,6 +340,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13722.c b/src/modules/module_13722.c index 5a7415224..88b7c0862 100644 --- a/src/modules/module_13722.c +++ b/src/modules/module_13722.c @@ -81,17 +81,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_tmp_t *vc64_tmp = (const vc64_tmp_t *) tmps; @@ -351,6 +340,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13723.c b/src/modules/module_13723.c index 963492e2e..bf90814ed 100644 --- a/src/modules/module_13723.c +++ b/src/modules/module_13723.c @@ -81,17 +81,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_tmp_t *vc64_tmp = (const vc64_tmp_t *) tmps; @@ -351,6 +340,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13731.c b/src/modules/module_13731.c index bff24ccfb..ab2885331 100644 --- a/src/modules/module_13731.c +++ b/src/modules/module_13731.c @@ -80,17 +80,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -350,6 +339,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13732.c b/src/modules/module_13732.c index f20b4ca77..7ba12cfca 100644 --- a/src/modules/module_13732.c +++ b/src/modules/module_13732.c @@ -80,17 +80,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -350,6 +339,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13733.c b/src/modules/module_13733.c index b2dd17013..2dfac5939 100644 --- a/src/modules/module_13733.c +++ b/src/modules/module_13733.c @@ -80,17 +80,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -350,6 +339,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13741.c b/src/modules/module_13741.c index 33bbef907..bf519f981 100644 --- a/src/modules/module_13741.c +++ b/src/modules/module_13741.c @@ -80,17 +80,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_327661 = 327661; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -351,6 +340,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13742.c b/src/modules/module_13742.c index 6f46eec32..1d8ea9103 100644 --- a/src/modules/module_13742.c +++ b/src/modules/module_13742.c @@ -80,17 +80,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_327661 = 327661; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -351,6 +340,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13743.c b/src/modules/module_13743.c index 8db6127c6..27ea002ce 100644 --- a/src/modules/module_13743.c +++ b/src/modules/module_13743.c @@ -80,17 +80,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_327661 = 327661; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -351,6 +340,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13751.c b/src/modules/module_13751.c index a6de0854e..df3dab805 100644 --- a/src/modules/module_13751.c +++ b/src/modules/module_13751.c @@ -99,17 +99,6 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return jit_build_options; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -369,6 +358,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13752.c b/src/modules/module_13752.c index 4b6de70c7..c2675a0e1 100644 --- a/src/modules/module_13752.c +++ b/src/modules/module_13752.c @@ -99,17 +99,6 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return jit_build_options; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -369,6 +358,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13753.c b/src/modules/module_13753.c index 3b520b605..df061adce 100644 --- a/src/modules/module_13753.c +++ b/src/modules/module_13753.c @@ -99,17 +99,6 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return jit_build_options; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_tmp_t *vc_tmp = (const vc_tmp_t *) tmps; @@ -369,6 +358,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13761.c b/src/modules/module_13761.c index 53bf93b29..6191be2d6 100644 --- a/src/modules/module_13761.c +++ b/src/modules/module_13761.c @@ -99,17 +99,6 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return jit_build_options; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -370,6 +359,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13762.c b/src/modules/module_13762.c index bfabfffcd..715309fbf 100644 --- a/src/modules/module_13762.c +++ b/src/modules/module_13762.c @@ -99,17 +99,6 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return jit_build_options; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -370,6 +359,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13763.c b/src/modules/module_13763.c index 7afd6927f..faa020ce7 100644 --- a/src/modules/module_13763.c +++ b/src/modules/module_13763.c @@ -99,17 +99,6 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return jit_build_options; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc_t *vc = (const vc_t *) hashes->esalts_buf; @@ -370,6 +359,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13771.c b/src/modules/module_13771.c index 3acc6fdb4..21ab8fc58 100644 --- a/src/modules/module_13771.c +++ b/src/modules/module_13771.c @@ -84,17 +84,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_sbog_tmp_t *vc64_sbog_tmp = (const vc64_sbog_tmp_t *) tmps; @@ -354,6 +343,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13772.c b/src/modules/module_13772.c index c80944864..ce9a1edd8 100644 --- a/src/modules/module_13772.c +++ b/src/modules/module_13772.c @@ -84,17 +84,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_sbog_tmp_t *vc64_sbog_tmp = (const vc64_sbog_tmp_t *) tmps; @@ -354,6 +343,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } diff --git a/src/modules/module_13773.c b/src/modules/module_13773.c index 2d3589db5..ed658c123 100644 --- a/src/modules/module_13773.c +++ b/src/modules/module_13773.c @@ -84,17 +84,6 @@ typedef struct vc static const int ROUNDS_VERACRYPT_500000 = 500000; static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f; -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // allocate SGPR spill should have worked.. UNREACHABLE executed at.. - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) - { - return true; - } - - return false; -} - int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const void *tmps, const u32 *src_buf, MAYBE_UNUSED const size_t src_sz, MAYBE_UNUSED const int src_len, u32 *dst_buf, MAYBE_UNUSED const size_t dst_sz) { const vc64_sbog_tmp_t *vc64_sbog_tmp = (const vc64_sbog_tmp_t *) tmps; @@ -354,6 +343,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } From 5512deef2e7f1c3db5159ea49dbd36a0b0a06bce Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 20 Feb 2020 16:11:40 +0100 Subject: [PATCH 242/300] Remove old code in m13721_loop() --- OpenCL/m13721-pure.cl | 4 ---- 1 file changed, 4 deletions(-) diff --git a/OpenCL/m13721-pure.cl b/OpenCL/m13721-pure.cl index f83fd39b2..e15638438 100644 --- a/OpenCL/m13721-pure.cl +++ b/OpenCL/m13721-pure.cl @@ -524,10 +524,6 @@ KERNEL_FQ void m13721_loop (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) unpack64v (tmps, out, gid, i + 6, out[6]); unpack64v (tmps, out, gid, i + 7, out[7]); } - - if (pim == 0) return; - - if (check_header_0512 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) tmps[gid].pim = pim; } KERNEL_FQ void m13721_loop_extended (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) From ee4168d8fc381062853dffa82909c591d0886ec7 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 20 Feb 2020 16:23:48 +0100 Subject: [PATCH 243/300] Fix missing s_sbob_sl64[] initialization in -m 1377x kernels --- OpenCL/m13771-pure.cl | 30 ++++++++++++++++++++++++++++++ OpenCL/m13772-pure.cl | 30 ++++++++++++++++++++++++++++++ OpenCL/m13773-pure.cl | 30 ++++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+) diff --git a/OpenCL/m13771-pure.cl b/OpenCL/m13771-pure.cl index 1d1ad45ab..14235fd43 100644 --- a/OpenCL/m13771-pure.cl +++ b/OpenCL/m13771-pure.cl @@ -372,6 +372,36 @@ KERNEL_FQ void m13771_init (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) KERNEL_FQ void m13771_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) { const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * shared lookup table + */ + + #ifdef REAL_SHM + + LOCAL_VK u64a s_sbob_sl64[8][256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_sbob_sl64[0][i] = sbob512_sl64[0][i]; + s_sbob_sl64[1][i] = sbob512_sl64[1][i]; + s_sbob_sl64[2][i] = sbob512_sl64[2][i]; + s_sbob_sl64[3][i] = sbob512_sl64[3][i]; + s_sbob_sl64[4][i] = sbob512_sl64[4][i]; + s_sbob_sl64[5][i] = sbob512_sl64[5][i]; + s_sbob_sl64[6][i] = sbob512_sl64[6][i]; + s_sbob_sl64[7][i] = sbob512_sl64[7][i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u64a (*s_sbob_sl64)[256] = sbob512_sl64; + + #endif if ((gid * VECT_SIZE) >= gid_max) return; diff --git a/OpenCL/m13772-pure.cl b/OpenCL/m13772-pure.cl index 1fb4a07ee..72ebb4701 100644 --- a/OpenCL/m13772-pure.cl +++ b/OpenCL/m13772-pure.cl @@ -423,6 +423,36 @@ KERNEL_FQ void m13772_init (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) KERNEL_FQ void m13772_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) { const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * shared lookup table + */ + + #ifdef REAL_SHM + + LOCAL_VK u64a s_sbob_sl64[8][256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_sbob_sl64[0][i] = sbob512_sl64[0][i]; + s_sbob_sl64[1][i] = sbob512_sl64[1][i]; + s_sbob_sl64[2][i] = sbob512_sl64[2][i]; + s_sbob_sl64[3][i] = sbob512_sl64[3][i]; + s_sbob_sl64[4][i] = sbob512_sl64[4][i]; + s_sbob_sl64[5][i] = sbob512_sl64[5][i]; + s_sbob_sl64[6][i] = sbob512_sl64[6][i]; + s_sbob_sl64[7][i] = sbob512_sl64[7][i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u64a (*s_sbob_sl64)[256] = sbob512_sl64; + + #endif if ((gid * VECT_SIZE) >= gid_max) return; diff --git a/OpenCL/m13773-pure.cl b/OpenCL/m13773-pure.cl index c420be6d4..8463f792f 100644 --- a/OpenCL/m13773-pure.cl +++ b/OpenCL/m13773-pure.cl @@ -488,6 +488,36 @@ KERNEL_FQ void m13773_init (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) KERNEL_FQ void m13773_loop (KERN_ATTR_TMPS_ESALT (vc64_sbog_tmp_t, vc_t)) { const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * shared lookup table + */ + + #ifdef REAL_SHM + + LOCAL_VK u64a s_sbob_sl64[8][256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_sbob_sl64[0][i] = sbob512_sl64[0][i]; + s_sbob_sl64[1][i] = sbob512_sl64[1][i]; + s_sbob_sl64[2][i] = sbob512_sl64[2][i]; + s_sbob_sl64[3][i] = sbob512_sl64[3][i]; + s_sbob_sl64[4][i] = sbob512_sl64[4][i]; + s_sbob_sl64[5][i] = sbob512_sl64[5][i]; + s_sbob_sl64[6][i] = sbob512_sl64[6][i]; + s_sbob_sl64[7][i] = sbob512_sl64[7][i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u64a (*s_sbob_sl64)[256] = sbob512_sl64; + + #endif if ((gid * VECT_SIZE) >= gid_max) return; From 398e06878d6e36460bcd00283d847c723a162be3 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 20 Feb 2020 16:42:12 +0100 Subject: [PATCH 244/300] Fix streebog512_g() in vector datatype mode --- OpenCL/inc_hash_streebog512.cl | 6 +++--- OpenCL/inc_hash_streebog512.h | 20 ++++++++++++++++---- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/OpenCL/inc_hash_streebog512.cl b/OpenCL/inc_hash_streebog512.cl index 85aaea233..e30119d3d 100644 --- a/OpenCL/inc_hash_streebog512.cl +++ b/OpenCL/inc_hash_streebog512.cl @@ -682,7 +682,7 @@ DECLSPEC void streebog512_g (u64 *h, const u64 *n, const u64 *m, SHM_TYPE u64a ( for (int i = 0; i < 8; i++) { - k[i] = SBOG_LPSti64; + k[i] = SBOG_LPSti64_S; } #ifdef _unroll @@ -708,7 +708,7 @@ DECLSPEC void streebog512_g (u64 *h, const u64 *n, const u64 *m, SHM_TYPE u64a ( #endif for (int i = 0; i < 8; i++) { - s[i] = SBOG_LPSti64; + s[i] = SBOG_LPSti64_S; } for (int i = 0; i < 8; i++) @@ -721,7 +721,7 @@ DECLSPEC void streebog512_g (u64 *h, const u64 *n, const u64 *m, SHM_TYPE u64a ( #endif for (int i = 0; i < 8; i++) { - k[i] = SBOG_LPSti64; + k[i] = SBOG_LPSti64_S; } } diff --git a/OpenCL/inc_hash_streebog512.h b/OpenCL/inc_hash_streebog512.h index 4181674e8..e038181c7 100644 --- a/OpenCL/inc_hash_streebog512.h +++ b/OpenCL/inc_hash_streebog512.h @@ -6,6 +6,8 @@ #ifndef _INC_HASH_STREEBOG512_H #define _INC_HASH_STREEBOG512_H +#define BOX_S(S,n,i) ((S)[(n)][(i)]) + #if VECT_SIZE == 1 #define BOX(S,n,i) ((S)[(n)][(i)]) @@ -17,15 +19,25 @@ #elif VECT_SIZE == 8 #define BOX(S,n,i) make_u64x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], \ - (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7]) + (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7]) #elif VECT_SIZE == 16 #define BOX(S,n,i) make_u64x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], \ - (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], \ - (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], \ - (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) + (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], \ + (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], \ + (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) #endif +#define SBOG_LPSti64_S \ + BOX_S (s_sbob_sl64, 0, ((t[0] >> (i * 8)) & 0xff)) ^ \ + BOX_S (s_sbob_sl64, 1, ((t[1] >> (i * 8)) & 0xff)) ^ \ + BOX_S (s_sbob_sl64, 2, ((t[2] >> (i * 8)) & 0xff)) ^ \ + BOX_S (s_sbob_sl64, 3, ((t[3] >> (i * 8)) & 0xff)) ^ \ + BOX_S (s_sbob_sl64, 4, ((t[4] >> (i * 8)) & 0xff)) ^ \ + BOX_S (s_sbob_sl64, 5, ((t[5] >> (i * 8)) & 0xff)) ^ \ + BOX_S (s_sbob_sl64, 6, ((t[6] >> (i * 8)) & 0xff)) ^ \ + BOX_S (s_sbob_sl64, 7, ((t[7] >> (i * 8)) & 0xff)) + #define SBOG_LPSti64 \ BOX (s_sbob_sl64, 0, ((t[0] >> (i * 8)) & 0xff)) ^ \ BOX (s_sbob_sl64, 1, ((t[1] >> (i * 8)) & 0xff)) ^ \ From cd20e43667e752bfea916281ccc3468dc5a9d962 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 21 Feb 2020 15:10:27 +0100 Subject: [PATCH 245/300] Precompute some steps in 3des to improve cracking performance --- OpenCL/m14100_a3-pure.cl | 103 ++++++++++++++++++++++----------------- 1 file changed, 58 insertions(+), 45 deletions(-) diff --git a/OpenCL/m14100_a3-pure.cl b/OpenCL/m14100_a3-pure.cl index 4b46cf5e8..95a90c529 100644 --- a/OpenCL/m14100_a3-pure.cl +++ b/OpenCL/m14100_a3-pure.cl @@ -549,6 +549,26 @@ DECLSPEC void m14100m (LOCAL_AS u32 (*s_SPtrans)[64], LOCAL_AS u32 (*s_skb)[64], salt_buf0[0] = salt_bufs[salt_pos].salt_buf_pc[0]; salt_buf0[1] = salt_bufs[salt_pos].salt_buf_pc[1]; + /** + * Precompute fixed key scheduler + */ + + const u32x c = (w[2]); + const u32x d = (w[3]); + + u32x Kc[16]; + u32x Kd[16]; + + _des_crypt_keysetup (c, d, Kc, Kd, s_skb); + + const u32x e = (w[4]); + const u32x f = (w[5]); + + u32x Ke[16]; + u32x Kf[16]; + + _des_crypt_keysetup (e, f, Ke, Kf, s_skb); + /** * loop */ @@ -584,28 +604,12 @@ DECLSPEC void m14100m (LOCAL_AS u32 (*s_SPtrans)[64], LOCAL_AS u32 (*s_skb)[64], /* Second Pass */ - const u32x c = (w[2]); - const u32x d = (w[3]); - - u32x Kc[16]; - u32x Kd[16]; - - _des_crypt_keysetup (c, d, Kc, Kd, s_skb); - u32x p2[2]; _des_crypt_decrypt (p2, p1, Kc, Kd, s_SPtrans); /* Third Pass */ - const u32x e = (w[4]); - const u32x f = (w[5]); - - u32x Ke[16]; - u32x Kf[16]; - - _des_crypt_keysetup (e, f, Ke, Kf, s_skb); - u32x iv[2]; _des_crypt_encrypt (iv, p2, Ke, Kf, s_SPtrans); @@ -634,14 +638,47 @@ DECLSPEC void m14100s (LOCAL_AS u32 (*s_SPtrans)[64], LOCAL_AS u32 (*s_skb)[64], salt_buf0[0] = salt_bufs[salt_pos].salt_buf_pc[0]; salt_buf0[1] = salt_bufs[salt_pos].salt_buf_pc[1]; + /** + * Precompute fixed key scheduler + */ + + u32x iv[2]; + + iv[0] = digests_buf[digests_offset].digest_buf[0]; + iv[1] = digests_buf[digests_offset].digest_buf[1]; + + const u32x e = (w[4]); + const u32x f = (w[5]); + + u32x Ke[16]; + u32x Kf[16]; + + _des_crypt_keysetup (e, f, Ke, Kf, s_skb); + + u32x p2[2]; + + _des_crypt_decrypt (p2, iv, Ke, Kf, s_SPtrans); + + const u32x c = (w[2]); + const u32x d = (w[3]); + + u32x Kc[16]; + u32x Kd[16]; + + _des_crypt_keysetup (c, d, Kc, Kd, s_skb); + + u32x p1[2]; + + _des_crypt_encrypt (p1, p2, Kc, Kd, s_SPtrans); + /** * digest */ const u32 search[4] = { - digests_buf[digests_offset].digest_buf[DGST_R0], - digests_buf[digests_offset].digest_buf[DGST_R1], + p1[0], + p1[1], 0, 0 }; @@ -679,37 +716,13 @@ DECLSPEC void m14100s (LOCAL_AS u32 (*s_SPtrans)[64], LOCAL_AS u32 (*s_skb)[64], _des_crypt_encrypt (p1, data, Ka, Kb, s_SPtrans); - /* Second Pass */ + /* Second Pass was precomputed */ - const u32x c = (w[2]); - const u32x d = (w[3]); - - u32x Kc[16]; - u32x Kd[16]; - - _des_crypt_keysetup (c, d, Kc, Kd, s_skb); - - u32x p2[2]; - - _des_crypt_decrypt (p2, p1, Kc, Kd, s_SPtrans); - - /* Third Pass */ - - const u32x e = (w[4]); - const u32x f = (w[5]); - - u32x Ke[16]; - u32x Kf[16]; - - _des_crypt_keysetup (e, f, Ke, Kf, s_skb); - - u32x iv[2]; - - _des_crypt_encrypt (iv, p2, Ke, Kf, s_SPtrans); + /* Third Pass was precomputed */ u32x z = 0; - COMPARE_S_SIMD (iv[0], iv[1], z, z); + COMPARE_S_SIMD (p1[0], p1[1], z, z); } } From 6b8f0da8e9d6a7f40e8376728be10908e7bb4c13 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 21 Feb 2020 15:23:16 +0100 Subject: [PATCH 246/300] Fix VECT_SIZE > 1 in OpenCL/m14100_a3-pure.cl --- OpenCL/m14100_a3-pure.cl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/OpenCL/m14100_a3-pure.cl b/OpenCL/m14100_a3-pure.cl index 95a90c529..3722e271a 100644 --- a/OpenCL/m14100_a3-pure.cl +++ b/OpenCL/m14100_a3-pure.cl @@ -675,6 +675,7 @@ DECLSPEC void m14100s (LOCAL_AS u32 (*s_SPtrans)[64], LOCAL_AS u32 (*s_skb)[64], * digest */ + #if VECT_SIZE == 1 const u32 search[4] = { p1[0], @@ -682,6 +683,15 @@ DECLSPEC void m14100s (LOCAL_AS u32 (*s_SPtrans)[64], LOCAL_AS u32 (*s_skb)[64], 0, 0 }; + #else + const u32 search[4] = + { + p1[0].s0, + p1[1].s0, + 0, + 0 + }; + #endif /** * loop From f96e35649d5dd39f70d3ca9969a9bc590256783f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 22 Feb 2020 07:59:58 +0100 Subject: [PATCH 247/300] Change bitsliced kernels from 3d to 2d invocation mode for slightly better performance --- OpenCL/m01500_a3-pure.cl | 1108 +++++++++++++++++----------------- OpenCL/m03000_a3-pure.cl | 1142 ++++++++++++++++++------------------ OpenCL/m14000_a3-pure.cl | 918 +++++++++++++---------------- include/types.h | 66 +-- src/backend.c | 132 ++--- src/modules/module_01500.c | 11 +- src/modules/module_03000.c | 2 +- src/modules/module_14000.c | 2 +- src/selftest.c | 2 +- 9 files changed, 1642 insertions(+), 1741 deletions(-) diff --git a/OpenCL/m01500_a3-pure.cl b/OpenCL/m01500_a3-pure.cl index ca612828d..6c45f125b 100644 --- a/OpenCL/m01500_a3-pure.cl +++ b/OpenCL/m01500_a3-pure.cl @@ -1998,296 +1998,293 @@ KERNEL_FQ void m01500_mxx (KERN_ATTR_BITSLICE ()) * inner loop */ - #ifdef IS_CUDA - const u32 pc_pos = (blockIdx.y * blockDim.y) + threadIdx.y; - #else - const u32 pc_pos = get_global_id (1); - #endif - - const u32 il_pos = pc_pos * 32; - - u32 k00 = K00; - u32 k01 = K01; - u32 k02 = K02; - u32 k03 = K03; - u32 k04 = K04; - u32 k05 = K05; - u32 k06 = K06; - u32 k07 = K07; - u32 k08 = K08; - u32 k09 = K09; - u32 k10 = K10; - u32 k11 = K11; - u32 k12 = K12; - u32 k13 = K13; - u32 k14 = K14; - u32 k15 = K15; - u32 k16 = K16; - u32 k17 = K17; - u32 k18 = K18; - u32 k19 = K19; - u32 k20 = K20; - u32 k21 = K21; - u32 k22 = K22; - u32 k23 = K23; - u32 k24 = K24; - u32 k25 = K25; - u32 k26 = K26; - u32 k27 = K27; - - k00 |= words_buf_s[pc_pos].b[ 0]; - k01 |= words_buf_s[pc_pos].b[ 1]; - k02 |= words_buf_s[pc_pos].b[ 2]; - k03 |= words_buf_s[pc_pos].b[ 3]; - k04 |= words_buf_s[pc_pos].b[ 4]; - k05 |= words_buf_s[pc_pos].b[ 5]; - k06 |= words_buf_s[pc_pos].b[ 6]; - k07 |= words_buf_s[pc_pos].b[ 7]; - k08 |= words_buf_s[pc_pos].b[ 8]; - k09 |= words_buf_s[pc_pos].b[ 9]; - k10 |= words_buf_s[pc_pos].b[10]; - k11 |= words_buf_s[pc_pos].b[11]; - k12 |= words_buf_s[pc_pos].b[12]; - k13 |= words_buf_s[pc_pos].b[13]; - k14 |= words_buf_s[pc_pos].b[14]; - k15 |= words_buf_s[pc_pos].b[15]; - k16 |= words_buf_s[pc_pos].b[16]; - k17 |= words_buf_s[pc_pos].b[17]; - k18 |= words_buf_s[pc_pos].b[18]; - k19 |= words_buf_s[pc_pos].b[19]; - k20 |= words_buf_s[pc_pos].b[20]; - k21 |= words_buf_s[pc_pos].b[21]; - k22 |= words_buf_s[pc_pos].b[22]; - k23 |= words_buf_s[pc_pos].b[23]; - k24 |= words_buf_s[pc_pos].b[24]; - k25 |= words_buf_s[pc_pos].b[25]; - k26 |= words_buf_s[pc_pos].b[26]; - k27 |= words_buf_s[pc_pos].b[27]; - - u32 D00 = 0; - u32 D01 = 0; - u32 D02 = 0; - u32 D03 = 0; - u32 D04 = 0; - u32 D05 = 0; - u32 D06 = 0; - u32 D07 = 0; - u32 D08 = 0; - u32 D09 = 0; - u32 D10 = 0; - u32 D11 = 0; - u32 D12 = 0; - u32 D13 = 0; - u32 D14 = 0; - u32 D15 = 0; - u32 D16 = 0; - u32 D17 = 0; - u32 D18 = 0; - u32 D19 = 0; - u32 D20 = 0; - u32 D21 = 0; - u32 D22 = 0; - u32 D23 = 0; - u32 D24 = 0; - u32 D25 = 0; - u32 D26 = 0; - u32 D27 = 0; - u32 D28 = 0; - u32 D29 = 0; - u32 D30 = 0; - u32 D31 = 0; - u32 D32 = 0; - u32 D33 = 0; - u32 D34 = 0; - u32 D35 = 0; - u32 D36 = 0; - u32 D37 = 0; - u32 D38 = 0; - u32 D39 = 0; - u32 D40 = 0; - u32 D41 = 0; - u32 D42 = 0; - u32 D43 = 0; - u32 D44 = 0; - u32 D45 = 0; - u32 D46 = 0; - u32 D47 = 0; - u32 D48 = 0; - u32 D49 = 0; - u32 D50 = 0; - u32 D51 = 0; - u32 D52 = 0; - u32 D53 = 0; - u32 D54 = 0; - u32 D55 = 0; - u32 D56 = 0; - u32 D57 = 0; - u32 D58 = 0; - u32 D59 = 0; - u32 D60 = 0; - u32 D61 = 0; - u32 D62 = 0; - u32 D63 = 0; - - DESCrypt - ( - salt, - k00, k01, k02, k03, k04, k05, k06, - k07, k08, k09, k10, k11, k12, k13, - k14, k15, k16, k17, k18, k19, k20, - k21, k22, k23, k24, k25, k26, k27, - K28, K29, K30, K31, K32, K33, K34, - K35, K36, K37, K38, K39, K40, K41, - K42, K43, K44, K45, K46, K47, K48, - K49, K50, K51, K52, K53, K54, K55, - &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, - &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, - &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, - &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, - &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, - &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, - &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, - &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 - ); - - u32 out[64]; - - out[ 0] = D00; - out[ 1] = D01; - out[ 2] = D02; - out[ 3] = D03; - out[ 4] = D04; - out[ 5] = D05; - out[ 6] = D06; - out[ 7] = D07; - out[ 8] = D08; - out[ 9] = D09; - out[10] = D10; - out[11] = D11; - out[12] = D12; - out[13] = D13; - out[14] = D14; - out[15] = D15; - out[16] = D16; - out[17] = D17; - out[18] = D18; - out[19] = D19; - out[20] = D20; - out[21] = D21; - out[22] = D22; - out[23] = D23; - out[24] = D24; - out[25] = D25; - out[26] = D26; - out[27] = D27; - out[28] = D28; - out[29] = D29; - out[30] = D30; - out[31] = D31; - out[32] = D32; - out[33] = D33; - out[34] = D34; - out[35] = D35; - out[36] = D36; - out[37] = D37; - out[38] = D38; - out[39] = D39; - out[40] = D40; - out[41] = D41; - out[42] = D42; - out[43] = D43; - out[44] = D44; - out[45] = D45; - out[46] = D46; - out[47] = D47; - out[48] = D48; - out[49] = D49; - out[50] = D50; - out[51] = D51; - out[52] = D52; - out[53] = D53; - out[54] = D54; - out[55] = D55; - out[56] = D56; - out[57] = D57; - out[58] = D58; - out[59] = D59; - out[60] = D60; - out[61] = D61; - out[62] = D62; - out[63] = D63; - - if (digests_cnt < 16) + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += 32) { - for (u32 d = 0; d < digests_cnt; d++) + u32 k00 = K00; + u32 k01 = K01; + u32 k02 = K02; + u32 k03 = K03; + u32 k04 = K04; + u32 k05 = K05; + u32 k06 = K06; + u32 k07 = K07; + u32 k08 = K08; + u32 k09 = K09; + u32 k10 = K10; + u32 k11 = K11; + u32 k12 = K12; + u32 k13 = K13; + u32 k14 = K14; + u32 k15 = K15; + u32 k16 = K16; + u32 k17 = K17; + u32 k18 = K18; + u32 k19 = K19; + u32 k20 = K20; + u32 k21 = K21; + u32 k22 = K22; + u32 k23 = K23; + u32 k24 = K24; + u32 k25 = K25; + u32 k26 = K26; + u32 k27 = K27; + + const u32 pc_pos = il_pos / 32; + + k00 |= words_buf_s[pc_pos].b[ 0]; + k01 |= words_buf_s[pc_pos].b[ 1]; + k02 |= words_buf_s[pc_pos].b[ 2]; + k03 |= words_buf_s[pc_pos].b[ 3]; + k04 |= words_buf_s[pc_pos].b[ 4]; + k05 |= words_buf_s[pc_pos].b[ 5]; + k06 |= words_buf_s[pc_pos].b[ 6]; + k07 |= words_buf_s[pc_pos].b[ 7]; + k08 |= words_buf_s[pc_pos].b[ 8]; + k09 |= words_buf_s[pc_pos].b[ 9]; + k10 |= words_buf_s[pc_pos].b[10]; + k11 |= words_buf_s[pc_pos].b[11]; + k12 |= words_buf_s[pc_pos].b[12]; + k13 |= words_buf_s[pc_pos].b[13]; + k14 |= words_buf_s[pc_pos].b[14]; + k15 |= words_buf_s[pc_pos].b[15]; + k16 |= words_buf_s[pc_pos].b[16]; + k17 |= words_buf_s[pc_pos].b[17]; + k18 |= words_buf_s[pc_pos].b[18]; + k19 |= words_buf_s[pc_pos].b[19]; + k20 |= words_buf_s[pc_pos].b[20]; + k21 |= words_buf_s[pc_pos].b[21]; + k22 |= words_buf_s[pc_pos].b[22]; + k23 |= words_buf_s[pc_pos].b[23]; + k24 |= words_buf_s[pc_pos].b[24]; + k25 |= words_buf_s[pc_pos].b[25]; + k26 |= words_buf_s[pc_pos].b[26]; + k27 |= words_buf_s[pc_pos].b[27]; + + u32 D00 = 0; + u32 D01 = 0; + u32 D02 = 0; + u32 D03 = 0; + u32 D04 = 0; + u32 D05 = 0; + u32 D06 = 0; + u32 D07 = 0; + u32 D08 = 0; + u32 D09 = 0; + u32 D10 = 0; + u32 D11 = 0; + u32 D12 = 0; + u32 D13 = 0; + u32 D14 = 0; + u32 D15 = 0; + u32 D16 = 0; + u32 D17 = 0; + u32 D18 = 0; + u32 D19 = 0; + u32 D20 = 0; + u32 D21 = 0; + u32 D22 = 0; + u32 D23 = 0; + u32 D24 = 0; + u32 D25 = 0; + u32 D26 = 0; + u32 D27 = 0; + u32 D28 = 0; + u32 D29 = 0; + u32 D30 = 0; + u32 D31 = 0; + u32 D32 = 0; + u32 D33 = 0; + u32 D34 = 0; + u32 D35 = 0; + u32 D36 = 0; + u32 D37 = 0; + u32 D38 = 0; + u32 D39 = 0; + u32 D40 = 0; + u32 D41 = 0; + u32 D42 = 0; + u32 D43 = 0; + u32 D44 = 0; + u32 D45 = 0; + u32 D46 = 0; + u32 D47 = 0; + u32 D48 = 0; + u32 D49 = 0; + u32 D50 = 0; + u32 D51 = 0; + u32 D52 = 0; + u32 D53 = 0; + u32 D54 = 0; + u32 D55 = 0; + u32 D56 = 0; + u32 D57 = 0; + u32 D58 = 0; + u32 D59 = 0; + u32 D60 = 0; + u32 D61 = 0; + u32 D62 = 0; + u32 D63 = 0; + + DESCrypt + ( + salt, + k00, k01, k02, k03, k04, k05, k06, + k07, k08, k09, k10, k11, k12, k13, + k14, k15, k16, k17, k18, k19, k20, + k21, k22, k23, k24, k25, k26, k27, + K28, K29, K30, K31, K32, K33, K34, + K35, K36, K37, K38, K39, K40, K41, + K42, K43, K44, K45, K46, K47, K48, + K49, K50, K51, K52, K53, K54, K55, + &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, + &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, + &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, + &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, + &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, + &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, + &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, + &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 + ); + + u32 out[64]; + + out[ 0] = D00; + out[ 1] = D01; + out[ 2] = D02; + out[ 3] = D03; + out[ 4] = D04; + out[ 5] = D05; + out[ 6] = D06; + out[ 7] = D07; + out[ 8] = D08; + out[ 9] = D09; + out[10] = D10; + out[11] = D11; + out[12] = D12; + out[13] = D13; + out[14] = D14; + out[15] = D15; + out[16] = D16; + out[17] = D17; + out[18] = D18; + out[19] = D19; + out[20] = D20; + out[21] = D21; + out[22] = D22; + out[23] = D23; + out[24] = D24; + out[25] = D25; + out[26] = D26; + out[27] = D27; + out[28] = D28; + out[29] = D29; + out[30] = D30; + out[31] = D31; + out[32] = D32; + out[33] = D33; + out[34] = D34; + out[35] = D35; + out[36] = D36; + out[37] = D37; + out[38] = D38; + out[39] = D39; + out[40] = D40; + out[41] = D41; + out[42] = D42; + out[43] = D43; + out[44] = D44; + out[45] = D45; + out[46] = D46; + out[47] = D47; + out[48] = D48; + out[49] = D49; + out[50] = D50; + out[51] = D51; + out[52] = D52; + out[53] = D53; + out[54] = D54; + out[55] = D55; + out[56] = D56; + out[57] = D57; + out[58] = D58; + out[59] = D59; + out[60] = D60; + out[61] = D61; + out[62] = D62; + out[63] = D63; + + if (digests_cnt < 16) { - const u32 final_hash_pos = digests_offset + d; + for (u32 d = 0; d < digests_cnt; d++) + { + const u32 final_hash_pos = digests_offset + d; - if (hashes_shown[final_hash_pos]) continue; + if (hashes_shown[final_hash_pos]) continue; - u32 search[2]; + u32 search[2]; - search[0] = digests_buf[final_hash_pos].digest_buf[DGST_R0]; - search[1] = digests_buf[final_hash_pos].digest_buf[DGST_R1]; + search[0] = digests_buf[final_hash_pos].digest_buf[DGST_R0]; + search[1] = digests_buf[final_hash_pos].digest_buf[DGST_R1]; - u32 tmpResult = 0; + u32 tmpResult = 0; + + #ifdef _unroll + #pragma unroll + #endif + for (int i = 0; i < 32; i++) + { + const u32 b0 = -((search[0] >> i) & 1); + const u32 b1 = -((search[1] >> i) & 1); + + tmpResult |= out[ 0 + i] ^ b0; + tmpResult |= out[32 + i] ^ b1; + } + + if (tmpResult == 0xffffffff) continue; + + const u32 slice = ffz (tmpResult); + + const u32 r0 = search[0]; + const u32 r1 = search[1]; + const u32 r2 = 0; + const u32 r3 = 0; + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif + } + } + else + { + u32 out0[32]; + u32 out1[32]; #ifdef _unroll #pragma unroll #endif for (int i = 0; i < 32; i++) { - const u32 b0 = -((search[0] >> i) & 1); - const u32 b1 = -((search[1] >> i) & 1); - - tmpResult |= out[ 0 + i] ^ b0; - tmpResult |= out[32 + i] ^ b1; + out0[i] = out[ 0 + 31 - i]; + out1[i] = out[32 + 31 - i]; } - if (tmpResult == 0xffffffff) continue; + transpose32c (out0); + transpose32c (out1); - const u32 slice = ffz (tmpResult); - - const u32 r0 = search[0]; - const u32 r1 = search[1]; - const u32 r2 = 0; - const u32 r3 = 0; - - #ifdef KERNEL_STATIC - #include COMPARE_M + #ifdef _unroll + #pragma unroll #endif - } - } - else - { - u32 out0[32]; - u32 out1[32]; + for (int slice = 0; slice < 32; slice++) + { + const u32 r0 = out0[31 - slice]; + const u32 r1 = out1[31 - slice]; + const u32 r2 = 0; + #ifdef KERNEL_STATIC + const u32 r3 = 0; + #endif - #ifdef _unroll - #pragma unroll - #endif - for (int i = 0; i < 32; i++) - { - out0[i] = out[ 0 + 31 - i]; - out1[i] = out[32 + 31 - i]; - } - - transpose32c (out0); - transpose32c (out1); - - #ifdef _unroll - #pragma unroll - #endif - for (int slice = 0; slice < 32; slice++) - { - const u32 r0 = out0[31 - slice]; - const u32 r1 = out1[31 - slice]; - const u32 r2 = 0; - #ifdef KERNEL_STATIC - const u32 r3 = 0; - #endif - - #include COMPARE_M + #include COMPARE_M + } } } } @@ -2314,70 +2311,70 @@ KERNEL_FQ void m01500_sxx (KERN_ATTR_BITSLICE ()) const u32 s0 = digests_buf[0].digest_buf[0]; const u32 s1 = digests_buf[0].digest_buf[1]; - #define S00 (((s0 >> 0) & 1) ? -1 : 0) - #define S01 (((s0 >> 1) & 1) ? -1 : 0) - #define S02 (((s0 >> 2) & 1) ? -1 : 0) - #define S03 (((s0 >> 3) & 1) ? -1 : 0) - #define S04 (((s0 >> 4) & 1) ? -1 : 0) - #define S05 (((s0 >> 5) & 1) ? -1 : 0) - #define S06 (((s0 >> 6) & 1) ? -1 : 0) - #define S07 (((s0 >> 7) & 1) ? -1 : 0) - #define S08 (((s0 >> 8) & 1) ? -1 : 0) - #define S09 (((s0 >> 9) & 1) ? -1 : 0) - #define S10 (((s0 >> 10) & 1) ? -1 : 0) - #define S11 (((s0 >> 11) & 1) ? -1 : 0) - #define S12 (((s0 >> 12) & 1) ? -1 : 0) - #define S13 (((s0 >> 13) & 1) ? -1 : 0) - #define S14 (((s0 >> 14) & 1) ? -1 : 0) - #define S15 (((s0 >> 15) & 1) ? -1 : 0) - #define S16 (((s0 >> 16) & 1) ? -1 : 0) - #define S17 (((s0 >> 17) & 1) ? -1 : 0) - #define S18 (((s0 >> 18) & 1) ? -1 : 0) - #define S19 (((s0 >> 19) & 1) ? -1 : 0) - #define S20 (((s0 >> 20) & 1) ? -1 : 0) - #define S21 (((s0 >> 21) & 1) ? -1 : 0) - #define S22 (((s0 >> 22) & 1) ? -1 : 0) - #define S23 (((s0 >> 23) & 1) ? -1 : 0) - #define S24 (((s0 >> 24) & 1) ? -1 : 0) - #define S25 (((s0 >> 25) & 1) ? -1 : 0) - #define S26 (((s0 >> 26) & 1) ? -1 : 0) - #define S27 (((s0 >> 27) & 1) ? -1 : 0) - #define S28 (((s0 >> 28) & 1) ? -1 : 0) - #define S29 (((s0 >> 29) & 1) ? -1 : 0) - #define S30 (((s0 >> 30) & 1) ? -1 : 0) - #define S31 (((s0 >> 31) & 1) ? -1 : 0) - #define S32 (((s1 >> 0) & 1) ? -1 : 0) - #define S33 (((s1 >> 1) & 1) ? -1 : 0) - #define S34 (((s1 >> 2) & 1) ? -1 : 0) - #define S35 (((s1 >> 3) & 1) ? -1 : 0) - #define S36 (((s1 >> 4) & 1) ? -1 : 0) - #define S37 (((s1 >> 5) & 1) ? -1 : 0) - #define S38 (((s1 >> 6) & 1) ? -1 : 0) - #define S39 (((s1 >> 7) & 1) ? -1 : 0) - #define S40 (((s1 >> 8) & 1) ? -1 : 0) - #define S41 (((s1 >> 9) & 1) ? -1 : 0) - #define S42 (((s1 >> 10) & 1) ? -1 : 0) - #define S43 (((s1 >> 11) & 1) ? -1 : 0) - #define S44 (((s1 >> 12) & 1) ? -1 : 0) - #define S45 (((s1 >> 13) & 1) ? -1 : 0) - #define S46 (((s1 >> 14) & 1) ? -1 : 0) - #define S47 (((s1 >> 15) & 1) ? -1 : 0) - #define S48 (((s1 >> 16) & 1) ? -1 : 0) - #define S49 (((s1 >> 17) & 1) ? -1 : 0) - #define S50 (((s1 >> 18) & 1) ? -1 : 0) - #define S51 (((s1 >> 19) & 1) ? -1 : 0) - #define S52 (((s1 >> 20) & 1) ? -1 : 0) - #define S53 (((s1 >> 21) & 1) ? -1 : 0) - #define S54 (((s1 >> 22) & 1) ? -1 : 0) - #define S55 (((s1 >> 23) & 1) ? -1 : 0) - #define S56 (((s1 >> 24) & 1) ? -1 : 0) - #define S57 (((s1 >> 25) & 1) ? -1 : 0) - #define S58 (((s1 >> 26) & 1) ? -1 : 0) - #define S59 (((s1 >> 27) & 1) ? -1 : 0) - #define S60 (((s1 >> 28) & 1) ? -1 : 0) - #define S61 (((s1 >> 29) & 1) ? -1 : 0) - #define S62 (((s1 >> 30) & 1) ? -1 : 0) - #define S63 (((s1 >> 31) & 1) ? -1 : 0) + const u32 S00 = (((s0 >> 0) & 1) ? -1 : 0); + const u32 S01 = (((s0 >> 1) & 1) ? -1 : 0); + const u32 S02 = (((s0 >> 2) & 1) ? -1 : 0); + const u32 S03 = (((s0 >> 3) & 1) ? -1 : 0); + const u32 S04 = (((s0 >> 4) & 1) ? -1 : 0); + const u32 S05 = (((s0 >> 5) & 1) ? -1 : 0); + const u32 S06 = (((s0 >> 6) & 1) ? -1 : 0); + const u32 S07 = (((s0 >> 7) & 1) ? -1 : 0); + const u32 S08 = (((s0 >> 8) & 1) ? -1 : 0); + const u32 S09 = (((s0 >> 9) & 1) ? -1 : 0); + const u32 S10 = (((s0 >> 10) & 1) ? -1 : 0); + const u32 S11 = (((s0 >> 11) & 1) ? -1 : 0); + const u32 S12 = (((s0 >> 12) & 1) ? -1 : 0); + const u32 S13 = (((s0 >> 13) & 1) ? -1 : 0); + const u32 S14 = (((s0 >> 14) & 1) ? -1 : 0); + const u32 S15 = (((s0 >> 15) & 1) ? -1 : 0); + const u32 S16 = (((s0 >> 16) & 1) ? -1 : 0); + const u32 S17 = (((s0 >> 17) & 1) ? -1 : 0); + const u32 S18 = (((s0 >> 18) & 1) ? -1 : 0); + const u32 S19 = (((s0 >> 19) & 1) ? -1 : 0); + const u32 S20 = (((s0 >> 20) & 1) ? -1 : 0); + const u32 S21 = (((s0 >> 21) & 1) ? -1 : 0); + const u32 S22 = (((s0 >> 22) & 1) ? -1 : 0); + const u32 S23 = (((s0 >> 23) & 1) ? -1 : 0); + const u32 S24 = (((s0 >> 24) & 1) ? -1 : 0); + const u32 S25 = (((s0 >> 25) & 1) ? -1 : 0); + const u32 S26 = (((s0 >> 26) & 1) ? -1 : 0); + const u32 S27 = (((s0 >> 27) & 1) ? -1 : 0); + const u32 S28 = (((s0 >> 28) & 1) ? -1 : 0); + const u32 S29 = (((s0 >> 29) & 1) ? -1 : 0); + const u32 S30 = (((s0 >> 30) & 1) ? -1 : 0); + const u32 S31 = (((s0 >> 31) & 1) ? -1 : 0); + const u32 S32 = (((s1 >> 0) & 1) ? -1 : 0); + const u32 S33 = (((s1 >> 1) & 1) ? -1 : 0); + const u32 S34 = (((s1 >> 2) & 1) ? -1 : 0); + const u32 S35 = (((s1 >> 3) & 1) ? -1 : 0); + const u32 S36 = (((s1 >> 4) & 1) ? -1 : 0); + const u32 S37 = (((s1 >> 5) & 1) ? -1 : 0); + const u32 S38 = (((s1 >> 6) & 1) ? -1 : 0); + const u32 S39 = (((s1 >> 7) & 1) ? -1 : 0); + const u32 S40 = (((s1 >> 8) & 1) ? -1 : 0); + const u32 S41 = (((s1 >> 9) & 1) ? -1 : 0); + const u32 S42 = (((s1 >> 10) & 1) ? -1 : 0); + const u32 S43 = (((s1 >> 11) & 1) ? -1 : 0); + const u32 S44 = (((s1 >> 12) & 1) ? -1 : 0); + const u32 S45 = (((s1 >> 13) & 1) ? -1 : 0); + const u32 S46 = (((s1 >> 14) & 1) ? -1 : 0); + const u32 S47 = (((s1 >> 15) & 1) ? -1 : 0); + const u32 S48 = (((s1 >> 16) & 1) ? -1 : 0); + const u32 S49 = (((s1 >> 17) & 1) ? -1 : 0); + const u32 S50 = (((s1 >> 18) & 1) ? -1 : 0); + const u32 S51 = (((s1 >> 19) & 1) ? -1 : 0); + const u32 S52 = (((s1 >> 20) & 1) ? -1 : 0); + const u32 S53 = (((s1 >> 21) & 1) ? -1 : 0); + const u32 S54 = (((s1 >> 22) & 1) ? -1 : 0); + const u32 S55 = (((s1 >> 23) & 1) ? -1 : 0); + const u32 S56 = (((s1 >> 24) & 1) ? -1 : 0); + const u32 S57 = (((s1 >> 25) & 1) ? -1 : 0); + const u32 S58 = (((s1 >> 26) & 1) ? -1 : 0); + const u32 S59 = (((s1 >> 27) & 1) ? -1 : 0); + const u32 S60 = (((s1 >> 28) & 1) ? -1 : 0); + const u32 S61 = (((s1 >> 29) & 1) ? -1 : 0); + const u32 S62 = (((s1 >> 30) & 1) ? -1 : 0); + const u32 S63 = (((s1 >> 31) & 1) ? -1 : 0); /** * base @@ -2450,239 +2447,236 @@ KERNEL_FQ void m01500_sxx (KERN_ATTR_BITSLICE ()) * inner loop */ - #ifdef IS_CUDA - const u32 pc_pos = (blockIdx.y * blockDim.y) + threadIdx.y; - #else - const u32 pc_pos = get_global_id (1); - #endif + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += 32) + { + u32 k00 = K00; + u32 k01 = K01; + u32 k02 = K02; + u32 k03 = K03; + u32 k04 = K04; + u32 k05 = K05; + u32 k06 = K06; + u32 k07 = K07; + u32 k08 = K08; + u32 k09 = K09; + u32 k10 = K10; + u32 k11 = K11; + u32 k12 = K12; + u32 k13 = K13; + u32 k14 = K14; + u32 k15 = K15; + u32 k16 = K16; + u32 k17 = K17; + u32 k18 = K18; + u32 k19 = K19; + u32 k20 = K20; + u32 k21 = K21; + u32 k22 = K22; + u32 k23 = K23; + u32 k24 = K24; + u32 k25 = K25; + u32 k26 = K26; + u32 k27 = K27; - const u32 il_pos = pc_pos * 32; + const u32 pc_pos = il_pos / 32; - u32 k00 = K00; - u32 k01 = K01; - u32 k02 = K02; - u32 k03 = K03; - u32 k04 = K04; - u32 k05 = K05; - u32 k06 = K06; - u32 k07 = K07; - u32 k08 = K08; - u32 k09 = K09; - u32 k10 = K10; - u32 k11 = K11; - u32 k12 = K12; - u32 k13 = K13; - u32 k14 = K14; - u32 k15 = K15; - u32 k16 = K16; - u32 k17 = K17; - u32 k18 = K18; - u32 k19 = K19; - u32 k20 = K20; - u32 k21 = K21; - u32 k22 = K22; - u32 k23 = K23; - u32 k24 = K24; - u32 k25 = K25; - u32 k26 = K26; - u32 k27 = K27; + k00 |= words_buf_s[pc_pos].b[ 0]; + k01 |= words_buf_s[pc_pos].b[ 1]; + k02 |= words_buf_s[pc_pos].b[ 2]; + k03 |= words_buf_s[pc_pos].b[ 3]; + k04 |= words_buf_s[pc_pos].b[ 4]; + k05 |= words_buf_s[pc_pos].b[ 5]; + k06 |= words_buf_s[pc_pos].b[ 6]; + k07 |= words_buf_s[pc_pos].b[ 7]; + k08 |= words_buf_s[pc_pos].b[ 8]; + k09 |= words_buf_s[pc_pos].b[ 9]; + k10 |= words_buf_s[pc_pos].b[10]; + k11 |= words_buf_s[pc_pos].b[11]; + k12 |= words_buf_s[pc_pos].b[12]; + k13 |= words_buf_s[pc_pos].b[13]; + k14 |= words_buf_s[pc_pos].b[14]; + k15 |= words_buf_s[pc_pos].b[15]; + k16 |= words_buf_s[pc_pos].b[16]; + k17 |= words_buf_s[pc_pos].b[17]; + k18 |= words_buf_s[pc_pos].b[18]; + k19 |= words_buf_s[pc_pos].b[19]; + k20 |= words_buf_s[pc_pos].b[20]; + k21 |= words_buf_s[pc_pos].b[21]; + k22 |= words_buf_s[pc_pos].b[22]; + k23 |= words_buf_s[pc_pos].b[23]; + k24 |= words_buf_s[pc_pos].b[24]; + k25 |= words_buf_s[pc_pos].b[25]; + k26 |= words_buf_s[pc_pos].b[26]; + k27 |= words_buf_s[pc_pos].b[27]; - k00 |= words_buf_s[pc_pos].b[ 0]; - k01 |= words_buf_s[pc_pos].b[ 1]; - k02 |= words_buf_s[pc_pos].b[ 2]; - k03 |= words_buf_s[pc_pos].b[ 3]; - k04 |= words_buf_s[pc_pos].b[ 4]; - k05 |= words_buf_s[pc_pos].b[ 5]; - k06 |= words_buf_s[pc_pos].b[ 6]; - k07 |= words_buf_s[pc_pos].b[ 7]; - k08 |= words_buf_s[pc_pos].b[ 8]; - k09 |= words_buf_s[pc_pos].b[ 9]; - k10 |= words_buf_s[pc_pos].b[10]; - k11 |= words_buf_s[pc_pos].b[11]; - k12 |= words_buf_s[pc_pos].b[12]; - k13 |= words_buf_s[pc_pos].b[13]; - k14 |= words_buf_s[pc_pos].b[14]; - k15 |= words_buf_s[pc_pos].b[15]; - k16 |= words_buf_s[pc_pos].b[16]; - k17 |= words_buf_s[pc_pos].b[17]; - k18 |= words_buf_s[pc_pos].b[18]; - k19 |= words_buf_s[pc_pos].b[19]; - k20 |= words_buf_s[pc_pos].b[20]; - k21 |= words_buf_s[pc_pos].b[21]; - k22 |= words_buf_s[pc_pos].b[22]; - k23 |= words_buf_s[pc_pos].b[23]; - k24 |= words_buf_s[pc_pos].b[24]; - k25 |= words_buf_s[pc_pos].b[25]; - k26 |= words_buf_s[pc_pos].b[26]; - k27 |= words_buf_s[pc_pos].b[27]; + u32 D00 = 0; + u32 D01 = 0; + u32 D02 = 0; + u32 D03 = 0; + u32 D04 = 0; + u32 D05 = 0; + u32 D06 = 0; + u32 D07 = 0; + u32 D08 = 0; + u32 D09 = 0; + u32 D10 = 0; + u32 D11 = 0; + u32 D12 = 0; + u32 D13 = 0; + u32 D14 = 0; + u32 D15 = 0; + u32 D16 = 0; + u32 D17 = 0; + u32 D18 = 0; + u32 D19 = 0; + u32 D20 = 0; + u32 D21 = 0; + u32 D22 = 0; + u32 D23 = 0; + u32 D24 = 0; + u32 D25 = 0; + u32 D26 = 0; + u32 D27 = 0; + u32 D28 = 0; + u32 D29 = 0; + u32 D30 = 0; + u32 D31 = 0; + u32 D32 = 0; + u32 D33 = 0; + u32 D34 = 0; + u32 D35 = 0; + u32 D36 = 0; + u32 D37 = 0; + u32 D38 = 0; + u32 D39 = 0; + u32 D40 = 0; + u32 D41 = 0; + u32 D42 = 0; + u32 D43 = 0; + u32 D44 = 0; + u32 D45 = 0; + u32 D46 = 0; + u32 D47 = 0; + u32 D48 = 0; + u32 D49 = 0; + u32 D50 = 0; + u32 D51 = 0; + u32 D52 = 0; + u32 D53 = 0; + u32 D54 = 0; + u32 D55 = 0; + u32 D56 = 0; + u32 D57 = 0; + u32 D58 = 0; + u32 D59 = 0; + u32 D60 = 0; + u32 D61 = 0; + u32 D62 = 0; + u32 D63 = 0; - u32 D00 = 0; - u32 D01 = 0; - u32 D02 = 0; - u32 D03 = 0; - u32 D04 = 0; - u32 D05 = 0; - u32 D06 = 0; - u32 D07 = 0; - u32 D08 = 0; - u32 D09 = 0; - u32 D10 = 0; - u32 D11 = 0; - u32 D12 = 0; - u32 D13 = 0; - u32 D14 = 0; - u32 D15 = 0; - u32 D16 = 0; - u32 D17 = 0; - u32 D18 = 0; - u32 D19 = 0; - u32 D20 = 0; - u32 D21 = 0; - u32 D22 = 0; - u32 D23 = 0; - u32 D24 = 0; - u32 D25 = 0; - u32 D26 = 0; - u32 D27 = 0; - u32 D28 = 0; - u32 D29 = 0; - u32 D30 = 0; - u32 D31 = 0; - u32 D32 = 0; - u32 D33 = 0; - u32 D34 = 0; - u32 D35 = 0; - u32 D36 = 0; - u32 D37 = 0; - u32 D38 = 0; - u32 D39 = 0; - u32 D40 = 0; - u32 D41 = 0; - u32 D42 = 0; - u32 D43 = 0; - u32 D44 = 0; - u32 D45 = 0; - u32 D46 = 0; - u32 D47 = 0; - u32 D48 = 0; - u32 D49 = 0; - u32 D50 = 0; - u32 D51 = 0; - u32 D52 = 0; - u32 D53 = 0; - u32 D54 = 0; - u32 D55 = 0; - u32 D56 = 0; - u32 D57 = 0; - u32 D58 = 0; - u32 D59 = 0; - u32 D60 = 0; - u32 D61 = 0; - u32 D62 = 0; - u32 D63 = 0; + DESCrypt + ( + salt, + k00, k01, k02, k03, k04, k05, k06, + k07, k08, k09, k10, k11, k12, k13, + k14, k15, k16, k17, k18, k19, k20, + k21, k22, k23, k24, k25, k26, k27, + K28, K29, K30, K31, K32, K33, K34, + K35, K36, K37, K38, K39, K40, K41, + K42, K43, K44, K45, K46, K47, K48, + K49, K50, K51, K52, K53, K54, K55, + &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, + &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, + &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, + &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, + &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, + &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, + &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, + &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 + ); - DESCrypt - ( - salt, - k00, k01, k02, k03, k04, k05, k06, - k07, k08, k09, k10, k11, k12, k13, - k14, k15, k16, k17, k18, k19, k20, - k21, k22, k23, k24, k25, k26, k27, - K28, K29, K30, K31, K32, K33, K34, - K35, K36, K37, K38, K39, K40, K41, - K42, K43, K44, K45, K46, K47, K48, - K49, K50, K51, K52, K53, K54, K55, - &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, - &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, - &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, - &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, - &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, - &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, - &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, - &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 - ); + u32 tmpResult = 0; - u32 tmpResult = 0; + tmpResult |= D00 ^ S00; + tmpResult |= D01 ^ S01; + tmpResult |= D02 ^ S02; + tmpResult |= D03 ^ S03; + tmpResult |= D04 ^ S04; + tmpResult |= D05 ^ S05; + tmpResult |= D06 ^ S06; + tmpResult |= D07 ^ S07; + tmpResult |= D08 ^ S08; + tmpResult |= D09 ^ S09; + tmpResult |= D10 ^ S10; + tmpResult |= D11 ^ S11; + tmpResult |= D12 ^ S12; + tmpResult |= D13 ^ S13; + tmpResult |= D14 ^ S14; + tmpResult |= D15 ^ S15; - tmpResult |= D00 ^ S00; - tmpResult |= D01 ^ S01; - tmpResult |= D02 ^ S02; - tmpResult |= D03 ^ S03; - tmpResult |= D04 ^ S04; - tmpResult |= D05 ^ S05; - tmpResult |= D06 ^ S06; - tmpResult |= D07 ^ S07; - tmpResult |= D08 ^ S08; - tmpResult |= D09 ^ S09; - tmpResult |= D10 ^ S10; - tmpResult |= D11 ^ S11; - tmpResult |= D12 ^ S12; - tmpResult |= D13 ^ S13; - tmpResult |= D14 ^ S14; - tmpResult |= D15 ^ S15; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + tmpResult |= D16 ^ S16; + tmpResult |= D17 ^ S17; + tmpResult |= D18 ^ S18; + tmpResult |= D19 ^ S19; + tmpResult |= D20 ^ S20; + tmpResult |= D21 ^ S21; + tmpResult |= D22 ^ S22; + tmpResult |= D23 ^ S23; + tmpResult |= D24 ^ S24; + tmpResult |= D25 ^ S25; + tmpResult |= D26 ^ S26; + tmpResult |= D27 ^ S27; + tmpResult |= D28 ^ S28; + tmpResult |= D29 ^ S29; + tmpResult |= D30 ^ S30; + tmpResult |= D31 ^ S31; - tmpResult |= D16 ^ S16; - tmpResult |= D17 ^ S17; - tmpResult |= D18 ^ S18; - tmpResult |= D19 ^ S19; - tmpResult |= D20 ^ S20; - tmpResult |= D21 ^ S21; - tmpResult |= D22 ^ S22; - tmpResult |= D23 ^ S23; - tmpResult |= D24 ^ S24; - tmpResult |= D25 ^ S25; - tmpResult |= D26 ^ S26; - tmpResult |= D27 ^ S27; - tmpResult |= D28 ^ S28; - tmpResult |= D29 ^ S29; - tmpResult |= D30 ^ S30; - tmpResult |= D31 ^ S31; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + tmpResult |= D32 ^ S32; + tmpResult |= D33 ^ S33; + tmpResult |= D34 ^ S34; + tmpResult |= D35 ^ S35; + tmpResult |= D36 ^ S36; + tmpResult |= D37 ^ S37; + tmpResult |= D38 ^ S38; + tmpResult |= D39 ^ S39; + tmpResult |= D40 ^ S40; + tmpResult |= D41 ^ S41; + tmpResult |= D42 ^ S42; + tmpResult |= D43 ^ S43; + tmpResult |= D44 ^ S44; + tmpResult |= D45 ^ S45; + tmpResult |= D46 ^ S46; + tmpResult |= D47 ^ S47; - tmpResult |= D32 ^ S32; - tmpResult |= D33 ^ S33; - tmpResult |= D34 ^ S34; - tmpResult |= D35 ^ S35; - tmpResult |= D36 ^ S36; - tmpResult |= D37 ^ S37; - tmpResult |= D38 ^ S38; - tmpResult |= D39 ^ S39; - tmpResult |= D40 ^ S40; - tmpResult |= D41 ^ S41; - tmpResult |= D42 ^ S42; - tmpResult |= D43 ^ S43; - tmpResult |= D44 ^ S44; - tmpResult |= D45 ^ S45; - tmpResult |= D46 ^ S46; - tmpResult |= D47 ^ S47; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + tmpResult |= D48 ^ S48; + tmpResult |= D49 ^ S49; + tmpResult |= D50 ^ S50; + tmpResult |= D51 ^ S51; + tmpResult |= D52 ^ S52; + tmpResult |= D53 ^ S53; + tmpResult |= D54 ^ S54; + tmpResult |= D55 ^ S55; + tmpResult |= D56 ^ S56; + tmpResult |= D57 ^ S57; + tmpResult |= D58 ^ S58; + tmpResult |= D59 ^ S59; + tmpResult |= D60 ^ S60; + tmpResult |= D61 ^ S61; + tmpResult |= D62 ^ S62; + tmpResult |= D63 ^ S63; - tmpResult |= D48 ^ S48; - tmpResult |= D49 ^ S49; - tmpResult |= D50 ^ S50; - tmpResult |= D51 ^ S51; - tmpResult |= D52 ^ S52; - tmpResult |= D53 ^ S53; - tmpResult |= D54 ^ S54; - tmpResult |= D55 ^ S55; - tmpResult |= D56 ^ S56; - tmpResult |= D57 ^ S57; - tmpResult |= D58 ^ S58; - tmpResult |= D59 ^ S59; - tmpResult |= D60 ^ S60; - tmpResult |= D61 ^ S61; - tmpResult |= D62 ^ S62; - tmpResult |= D63 ^ S63; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + const u32 slice = ffz (tmpResult); - const u32 slice = ffz (tmpResult); - - #ifdef KERNEL_STATIC - #include COMPARE_S - #endif + #ifdef KERNEL_STATIC + #include COMPARE_S + #endif + } } diff --git a/OpenCL/m03000_a3-pure.cl b/OpenCL/m03000_a3-pure.cl index 682edabf4..67f29aa4e 100644 --- a/OpenCL/m03000_a3-pure.cl +++ b/OpenCL/m03000_a3-pure.cl @@ -1830,305 +1830,302 @@ KERNEL_FQ void m03000_mxx (KERN_ATTR_BITSLICE ()) * inner loop */ - #ifdef IS_CUDA - const u32 pc_pos = (blockIdx.y * blockDim.y) + threadIdx.y; - #else - const u32 pc_pos = get_global_id (1); - #endif - - const u32 il_pos = pc_pos * 32; - - u32 k00 = K00; - u32 k01 = K01; - u32 k02 = K02; - u32 k03 = K03; - u32 k04 = K04; - u32 k05 = K05; - u32 k06 = K06; - u32 k07 = K07; - u32 k08 = K08; - u32 k09 = K09; - u32 k10 = K10; - u32 k11 = K11; - u32 k12 = K12; - u32 k13 = K13; - u32 k14 = K14; - u32 k15 = K15; - u32 k16 = K16; - u32 k17 = K17; - u32 k18 = K18; - u32 k19 = K19; - u32 k20 = K20; - u32 k21 = K21; - u32 k22 = K22; - u32 k23 = K23; - u32 k24 = K24; - u32 k25 = K25; - u32 k26 = K26; - u32 k27 = K27; - u32 k28 = K28; - u32 k29 = K29; - u32 k30 = K30; - u32 k31 = K31; - - k00 |= words_buf_s[pc_pos].b[ 0]; - k01 |= words_buf_s[pc_pos].b[ 1]; - k02 |= words_buf_s[pc_pos].b[ 2]; - k03 |= words_buf_s[pc_pos].b[ 3]; - k04 |= words_buf_s[pc_pos].b[ 4]; - k05 |= words_buf_s[pc_pos].b[ 5]; - k06 |= words_buf_s[pc_pos].b[ 6]; - k07 |= words_buf_s[pc_pos].b[ 7]; - k08 |= words_buf_s[pc_pos].b[ 8]; - k09 |= words_buf_s[pc_pos].b[ 9]; - k10 |= words_buf_s[pc_pos].b[10]; - k11 |= words_buf_s[pc_pos].b[11]; - k12 |= words_buf_s[pc_pos].b[12]; - k13 |= words_buf_s[pc_pos].b[13]; - k14 |= words_buf_s[pc_pos].b[14]; - k15 |= words_buf_s[pc_pos].b[15]; - k16 |= words_buf_s[pc_pos].b[16]; - k17 |= words_buf_s[pc_pos].b[17]; - k18 |= words_buf_s[pc_pos].b[18]; - k19 |= words_buf_s[pc_pos].b[19]; - k20 |= words_buf_s[pc_pos].b[20]; - k21 |= words_buf_s[pc_pos].b[21]; - k22 |= words_buf_s[pc_pos].b[22]; - k23 |= words_buf_s[pc_pos].b[23]; - k24 |= words_buf_s[pc_pos].b[24]; - k25 |= words_buf_s[pc_pos].b[25]; - k26 |= words_buf_s[pc_pos].b[26]; - k27 |= words_buf_s[pc_pos].b[27]; - k28 |= words_buf_s[pc_pos].b[28]; - k29 |= words_buf_s[pc_pos].b[29]; - k30 |= words_buf_s[pc_pos].b[30]; - k31 |= words_buf_s[pc_pos].b[31]; - - // KGS!@#$% including IP - - u32 D00 = 0; - u32 D01 = 0; - u32 D02 = 0; - u32 D03 = 0xffffffff; - u32 D04 = 0; - u32 D05 = 0xffffffff; - u32 D06 = 0xffffffff; - u32 D07 = 0xffffffff; - u32 D08 = 0; - u32 D09 = 0; - u32 D10 = 0; - u32 D11 = 0; - u32 D12 = 0; - u32 D13 = 0xffffffff; - u32 D14 = 0; - u32 D15 = 0; - u32 D16 = 0xffffffff; - u32 D17 = 0xffffffff; - u32 D18 = 0; - u32 D19 = 0; - u32 D20 = 0; - u32 D21 = 0; - u32 D22 = 0xffffffff; - u32 D23 = 0; - u32 D24 = 0xffffffff; - u32 D25 = 0; - u32 D26 = 0xffffffff; - u32 D27 = 0; - u32 D28 = 0xffffffff; - u32 D29 = 0xffffffff; - u32 D30 = 0xffffffff; - u32 D31 = 0xffffffff; - u32 D32 = 0; - u32 D33 = 0; - u32 D34 = 0; - u32 D35 = 0; - u32 D36 = 0; - u32 D37 = 0; - u32 D38 = 0; - u32 D39 = 0; - u32 D40 = 0xffffffff; - u32 D41 = 0xffffffff; - u32 D42 = 0xffffffff; - u32 D43 = 0; - u32 D44 = 0xffffffff; - u32 D45 = 0; - u32 D46 = 0; - u32 D47 = 0; - u32 D48 = 0; - u32 D49 = 0; - u32 D50 = 0; - u32 D51 = 0; - u32 D52 = 0; - u32 D53 = 0; - u32 D54 = 0; - u32 D55 = 0xffffffff; - u32 D56 = 0; - u32 D57 = 0; - u32 D58 = 0xffffffff; - u32 D59 = 0; - u32 D60 = 0; - u32 D61 = 0xffffffff; - u32 D62 = 0xffffffff; - u32 D63 = 0xffffffff; - - DES - ( - k00, k01, k02, k03, k04, k05, k06, - k07, k08, k09, k10, k11, k12, k13, - k14, k15, k16, k17, k18, k19, k20, - k21, k22, k23, k24, k25, k26, k27, - k28, k29, k30, k31, K32, K33, K34, - K35, K36, K37, K38, K39, K40, K41, - K42, K43, K44, K45, K46, K47, K48, - K49, K50, K51, K52, K53, K54, K55, - &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, - &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, - &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, - &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, - &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, - &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, - &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, - &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 - ); - - u32 out[64]; - - out[ 0] = D00; - out[ 1] = D01; - out[ 2] = D02; - out[ 3] = D03; - out[ 4] = D04; - out[ 5] = D05; - out[ 6] = D06; - out[ 7] = D07; - out[ 8] = D08; - out[ 9] = D09; - out[10] = D10; - out[11] = D11; - out[12] = D12; - out[13] = D13; - out[14] = D14; - out[15] = D15; - out[16] = D16; - out[17] = D17; - out[18] = D18; - out[19] = D19; - out[20] = D20; - out[21] = D21; - out[22] = D22; - out[23] = D23; - out[24] = D24; - out[25] = D25; - out[26] = D26; - out[27] = D27; - out[28] = D28; - out[29] = D29; - out[30] = D30; - out[31] = D31; - out[32] = D32; - out[33] = D33; - out[34] = D34; - out[35] = D35; - out[36] = D36; - out[37] = D37; - out[38] = D38; - out[39] = D39; - out[40] = D40; - out[41] = D41; - out[42] = D42; - out[43] = D43; - out[44] = D44; - out[45] = D45; - out[46] = D46; - out[47] = D47; - out[48] = D48; - out[49] = D49; - out[50] = D50; - out[51] = D51; - out[52] = D52; - out[53] = D53; - out[54] = D54; - out[55] = D55; - out[56] = D56; - out[57] = D57; - out[58] = D58; - out[59] = D59; - out[60] = D60; - out[61] = D61; - out[62] = D62; - out[63] = D63; - - if (digests_cnt < 16) + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += 32) { - for (u32 d = 0; d < digests_cnt; d++) + u32 k00 = K00; + u32 k01 = K01; + u32 k02 = K02; + u32 k03 = K03; + u32 k04 = K04; + u32 k05 = K05; + u32 k06 = K06; + u32 k07 = K07; + u32 k08 = K08; + u32 k09 = K09; + u32 k10 = K10; + u32 k11 = K11; + u32 k12 = K12; + u32 k13 = K13; + u32 k14 = K14; + u32 k15 = K15; + u32 k16 = K16; + u32 k17 = K17; + u32 k18 = K18; + u32 k19 = K19; + u32 k20 = K20; + u32 k21 = K21; + u32 k22 = K22; + u32 k23 = K23; + u32 k24 = K24; + u32 k25 = K25; + u32 k26 = K26; + u32 k27 = K27; + u32 k28 = K28; + u32 k29 = K29; + u32 k30 = K30; + u32 k31 = K31; + + const u32 pc_pos = il_pos / 32; + + k00 |= words_buf_s[pc_pos].b[ 0]; + k01 |= words_buf_s[pc_pos].b[ 1]; + k02 |= words_buf_s[pc_pos].b[ 2]; + k03 |= words_buf_s[pc_pos].b[ 3]; + k04 |= words_buf_s[pc_pos].b[ 4]; + k05 |= words_buf_s[pc_pos].b[ 5]; + k06 |= words_buf_s[pc_pos].b[ 6]; + k07 |= words_buf_s[pc_pos].b[ 7]; + k08 |= words_buf_s[pc_pos].b[ 8]; + k09 |= words_buf_s[pc_pos].b[ 9]; + k10 |= words_buf_s[pc_pos].b[10]; + k11 |= words_buf_s[pc_pos].b[11]; + k12 |= words_buf_s[pc_pos].b[12]; + k13 |= words_buf_s[pc_pos].b[13]; + k14 |= words_buf_s[pc_pos].b[14]; + k15 |= words_buf_s[pc_pos].b[15]; + k16 |= words_buf_s[pc_pos].b[16]; + k17 |= words_buf_s[pc_pos].b[17]; + k18 |= words_buf_s[pc_pos].b[18]; + k19 |= words_buf_s[pc_pos].b[19]; + k20 |= words_buf_s[pc_pos].b[20]; + k21 |= words_buf_s[pc_pos].b[21]; + k22 |= words_buf_s[pc_pos].b[22]; + k23 |= words_buf_s[pc_pos].b[23]; + k24 |= words_buf_s[pc_pos].b[24]; + k25 |= words_buf_s[pc_pos].b[25]; + k26 |= words_buf_s[pc_pos].b[26]; + k27 |= words_buf_s[pc_pos].b[27]; + k28 |= words_buf_s[pc_pos].b[28]; + k29 |= words_buf_s[pc_pos].b[29]; + k30 |= words_buf_s[pc_pos].b[30]; + k31 |= words_buf_s[pc_pos].b[31]; + + // KGS!@#$% including IP + + u32 D00 = 0; + u32 D01 = 0; + u32 D02 = 0; + u32 D03 = 0xffffffff; + u32 D04 = 0; + u32 D05 = 0xffffffff; + u32 D06 = 0xffffffff; + u32 D07 = 0xffffffff; + u32 D08 = 0; + u32 D09 = 0; + u32 D10 = 0; + u32 D11 = 0; + u32 D12 = 0; + u32 D13 = 0xffffffff; + u32 D14 = 0; + u32 D15 = 0; + u32 D16 = 0xffffffff; + u32 D17 = 0xffffffff; + u32 D18 = 0; + u32 D19 = 0; + u32 D20 = 0; + u32 D21 = 0; + u32 D22 = 0xffffffff; + u32 D23 = 0; + u32 D24 = 0xffffffff; + u32 D25 = 0; + u32 D26 = 0xffffffff; + u32 D27 = 0; + u32 D28 = 0xffffffff; + u32 D29 = 0xffffffff; + u32 D30 = 0xffffffff; + u32 D31 = 0xffffffff; + u32 D32 = 0; + u32 D33 = 0; + u32 D34 = 0; + u32 D35 = 0; + u32 D36 = 0; + u32 D37 = 0; + u32 D38 = 0; + u32 D39 = 0; + u32 D40 = 0xffffffff; + u32 D41 = 0xffffffff; + u32 D42 = 0xffffffff; + u32 D43 = 0; + u32 D44 = 0xffffffff; + u32 D45 = 0; + u32 D46 = 0; + u32 D47 = 0; + u32 D48 = 0; + u32 D49 = 0; + u32 D50 = 0; + u32 D51 = 0; + u32 D52 = 0; + u32 D53 = 0; + u32 D54 = 0; + u32 D55 = 0xffffffff; + u32 D56 = 0; + u32 D57 = 0; + u32 D58 = 0xffffffff; + u32 D59 = 0; + u32 D60 = 0; + u32 D61 = 0xffffffff; + u32 D62 = 0xffffffff; + u32 D63 = 0xffffffff; + + DES + ( + k00, k01, k02, k03, k04, k05, k06, + k07, k08, k09, k10, k11, k12, k13, + k14, k15, k16, k17, k18, k19, k20, + k21, k22, k23, k24, k25, k26, k27, + k28, k29, k30, k31, K32, K33, K34, + K35, K36, K37, K38, K39, K40, K41, + K42, K43, K44, K45, K46, K47, K48, + K49, K50, K51, K52, K53, K54, K55, + &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, + &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, + &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, + &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, + &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, + &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, + &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, + &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 + ); + + u32 out[64]; + + out[ 0] = D00; + out[ 1] = D01; + out[ 2] = D02; + out[ 3] = D03; + out[ 4] = D04; + out[ 5] = D05; + out[ 6] = D06; + out[ 7] = D07; + out[ 8] = D08; + out[ 9] = D09; + out[10] = D10; + out[11] = D11; + out[12] = D12; + out[13] = D13; + out[14] = D14; + out[15] = D15; + out[16] = D16; + out[17] = D17; + out[18] = D18; + out[19] = D19; + out[20] = D20; + out[21] = D21; + out[22] = D22; + out[23] = D23; + out[24] = D24; + out[25] = D25; + out[26] = D26; + out[27] = D27; + out[28] = D28; + out[29] = D29; + out[30] = D30; + out[31] = D31; + out[32] = D32; + out[33] = D33; + out[34] = D34; + out[35] = D35; + out[36] = D36; + out[37] = D37; + out[38] = D38; + out[39] = D39; + out[40] = D40; + out[41] = D41; + out[42] = D42; + out[43] = D43; + out[44] = D44; + out[45] = D45; + out[46] = D46; + out[47] = D47; + out[48] = D48; + out[49] = D49; + out[50] = D50; + out[51] = D51; + out[52] = D52; + out[53] = D53; + out[54] = D54; + out[55] = D55; + out[56] = D56; + out[57] = D57; + out[58] = D58; + out[59] = D59; + out[60] = D60; + out[61] = D61; + out[62] = D62; + out[63] = D63; + + if (digests_cnt < 16) { - const u32 final_hash_pos = digests_offset + d; + for (u32 d = 0; d < digests_cnt; d++) + { + const u32 final_hash_pos = digests_offset + d; - if (hashes_shown[final_hash_pos]) continue; + if (hashes_shown[final_hash_pos]) continue; - u32 search[2]; + u32 search[2]; - search[0] = digests_buf[final_hash_pos].digest_buf[DGST_R0]; - search[1] = digests_buf[final_hash_pos].digest_buf[DGST_R1]; + search[0] = digests_buf[final_hash_pos].digest_buf[DGST_R0]; + search[1] = digests_buf[final_hash_pos].digest_buf[DGST_R1]; - u32 tmpResult = 0; + u32 tmpResult = 0; + + #ifdef _unroll + #pragma unroll + #endif + for (int i = 0; i < 32; i++) + { + const u32 b0 = -((search[0] >> i) & 1); + const u32 b1 = -((search[1] >> i) & 1); + + tmpResult |= out[ 0 + i] ^ b0; + tmpResult |= out[32 + i] ^ b1; + } + + if (tmpResult == 0xffffffff) continue; + + const u32 slice = ffz (tmpResult); + + const u32 r0 = search[0]; + const u32 r1 = search[1]; + const u32 r2 = 0; + #ifdef KERNEL_STATIC + const u32 r3 = 0; + #endif + + #include COMPARE_M + } + } + else + { + u32 out0[32]; + u32 out1[32]; #ifdef _unroll #pragma unroll #endif for (int i = 0; i < 32; i++) { - const u32 b0 = -((search[0] >> i) & 1); - const u32 b1 = -((search[1] >> i) & 1); - - tmpResult |= out[ 0 + i] ^ b0; - tmpResult |= out[32 + i] ^ b1; + out0[i] = out[ 0 + 31 - i]; + out1[i] = out[32 + 31 - i]; } - if (tmpResult == 0xffffffff) continue; + transpose32c (out0); + transpose32c (out1); - const u32 slice = ffz (tmpResult); - - const u32 r0 = search[0]; - const u32 r1 = search[1]; - const u32 r2 = 0; - #ifdef KERNEL_STATIC - const u32 r3 = 0; + #ifdef _unroll + #pragma unroll #endif + for (int slice = 0; slice < 32; slice++) + { + const u32 r0 = out0[31 - slice]; + const u32 r1 = out1[31 - slice]; + const u32 r2 = 0; + #ifdef KERNEL_STATIC + const u32 r3 = 0; + #endif - #include COMPARE_M - } - } - else - { - u32 out0[32]; - u32 out1[32]; - - #ifdef _unroll - #pragma unroll - #endif - for (int i = 0; i < 32; i++) - { - out0[i] = out[ 0 + 31 - i]; - out1[i] = out[32 + 31 - i]; - } - - transpose32c (out0); - transpose32c (out1); - - #ifdef _unroll - #pragma unroll - #endif - for (int slice = 0; slice < 32; slice++) - { - const u32 r0 = out0[31 - slice]; - const u32 r1 = out1[31 - slice]; - const u32 r2 = 0; - #ifdef KERNEL_STATIC - const u32 r3 = 0; - #endif - - #include COMPARE_M + #include COMPARE_M + } } } } @@ -2149,70 +2146,70 @@ KERNEL_FQ void m03000_sxx (KERN_ATTR_BITSLICE ()) const u32 s0 = digests_buf[0].digest_buf[0]; const u32 s1 = digests_buf[0].digest_buf[1]; - #define S00 (((s0 >> 0) & 1) ? -1 : 0) - #define S01 (((s0 >> 1) & 1) ? -1 : 0) - #define S02 (((s0 >> 2) & 1) ? -1 : 0) - #define S03 (((s0 >> 3) & 1) ? -1 : 0) - #define S04 (((s0 >> 4) & 1) ? -1 : 0) - #define S05 (((s0 >> 5) & 1) ? -1 : 0) - #define S06 (((s0 >> 6) & 1) ? -1 : 0) - #define S07 (((s0 >> 7) & 1) ? -1 : 0) - #define S08 (((s0 >> 8) & 1) ? -1 : 0) - #define S09 (((s0 >> 9) & 1) ? -1 : 0) - #define S10 (((s0 >> 10) & 1) ? -1 : 0) - #define S11 (((s0 >> 11) & 1) ? -1 : 0) - #define S12 (((s0 >> 12) & 1) ? -1 : 0) - #define S13 (((s0 >> 13) & 1) ? -1 : 0) - #define S14 (((s0 >> 14) & 1) ? -1 : 0) - #define S15 (((s0 >> 15) & 1) ? -1 : 0) - #define S16 (((s0 >> 16) & 1) ? -1 : 0) - #define S17 (((s0 >> 17) & 1) ? -1 : 0) - #define S18 (((s0 >> 18) & 1) ? -1 : 0) - #define S19 (((s0 >> 19) & 1) ? -1 : 0) - #define S20 (((s0 >> 20) & 1) ? -1 : 0) - #define S21 (((s0 >> 21) & 1) ? -1 : 0) - #define S22 (((s0 >> 22) & 1) ? -1 : 0) - #define S23 (((s0 >> 23) & 1) ? -1 : 0) - #define S24 (((s0 >> 24) & 1) ? -1 : 0) - #define S25 (((s0 >> 25) & 1) ? -1 : 0) - #define S26 (((s0 >> 26) & 1) ? -1 : 0) - #define S27 (((s0 >> 27) & 1) ? -1 : 0) - #define S28 (((s0 >> 28) & 1) ? -1 : 0) - #define S29 (((s0 >> 29) & 1) ? -1 : 0) - #define S30 (((s0 >> 30) & 1) ? -1 : 0) - #define S31 (((s0 >> 31) & 1) ? -1 : 0) - #define S32 (((s1 >> 0) & 1) ? -1 : 0) - #define S33 (((s1 >> 1) & 1) ? -1 : 0) - #define S34 (((s1 >> 2) & 1) ? -1 : 0) - #define S35 (((s1 >> 3) & 1) ? -1 : 0) - #define S36 (((s1 >> 4) & 1) ? -1 : 0) - #define S37 (((s1 >> 5) & 1) ? -1 : 0) - #define S38 (((s1 >> 6) & 1) ? -1 : 0) - #define S39 (((s1 >> 7) & 1) ? -1 : 0) - #define S40 (((s1 >> 8) & 1) ? -1 : 0) - #define S41 (((s1 >> 9) & 1) ? -1 : 0) - #define S42 (((s1 >> 10) & 1) ? -1 : 0) - #define S43 (((s1 >> 11) & 1) ? -1 : 0) - #define S44 (((s1 >> 12) & 1) ? -1 : 0) - #define S45 (((s1 >> 13) & 1) ? -1 : 0) - #define S46 (((s1 >> 14) & 1) ? -1 : 0) - #define S47 (((s1 >> 15) & 1) ? -1 : 0) - #define S48 (((s1 >> 16) & 1) ? -1 : 0) - #define S49 (((s1 >> 17) & 1) ? -1 : 0) - #define S50 (((s1 >> 18) & 1) ? -1 : 0) - #define S51 (((s1 >> 19) & 1) ? -1 : 0) - #define S52 (((s1 >> 20) & 1) ? -1 : 0) - #define S53 (((s1 >> 21) & 1) ? -1 : 0) - #define S54 (((s1 >> 22) & 1) ? -1 : 0) - #define S55 (((s1 >> 23) & 1) ? -1 : 0) - #define S56 (((s1 >> 24) & 1) ? -1 : 0) - #define S57 (((s1 >> 25) & 1) ? -1 : 0) - #define S58 (((s1 >> 26) & 1) ? -1 : 0) - #define S59 (((s1 >> 27) & 1) ? -1 : 0) - #define S60 (((s1 >> 28) & 1) ? -1 : 0) - #define S61 (((s1 >> 29) & 1) ? -1 : 0) - #define S62 (((s1 >> 30) & 1) ? -1 : 0) - #define S63 (((s1 >> 31) & 1) ? -1 : 0) + const u32 S00 = (((s0 >> 0) & 1) ? -1 : 0); + const u32 S01 = (((s0 >> 1) & 1) ? -1 : 0); + const u32 S02 = (((s0 >> 2) & 1) ? -1 : 0); + const u32 S03 = (((s0 >> 3) & 1) ? -1 : 0); + const u32 S04 = (((s0 >> 4) & 1) ? -1 : 0); + const u32 S05 = (((s0 >> 5) & 1) ? -1 : 0); + const u32 S06 = (((s0 >> 6) & 1) ? -1 : 0); + const u32 S07 = (((s0 >> 7) & 1) ? -1 : 0); + const u32 S08 = (((s0 >> 8) & 1) ? -1 : 0); + const u32 S09 = (((s0 >> 9) & 1) ? -1 : 0); + const u32 S10 = (((s0 >> 10) & 1) ? -1 : 0); + const u32 S11 = (((s0 >> 11) & 1) ? -1 : 0); + const u32 S12 = (((s0 >> 12) & 1) ? -1 : 0); + const u32 S13 = (((s0 >> 13) & 1) ? -1 : 0); + const u32 S14 = (((s0 >> 14) & 1) ? -1 : 0); + const u32 S15 = (((s0 >> 15) & 1) ? -1 : 0); + const u32 S16 = (((s0 >> 16) & 1) ? -1 : 0); + const u32 S17 = (((s0 >> 17) & 1) ? -1 : 0); + const u32 S18 = (((s0 >> 18) & 1) ? -1 : 0); + const u32 S19 = (((s0 >> 19) & 1) ? -1 : 0); + const u32 S20 = (((s0 >> 20) & 1) ? -1 : 0); + const u32 S21 = (((s0 >> 21) & 1) ? -1 : 0); + const u32 S22 = (((s0 >> 22) & 1) ? -1 : 0); + const u32 S23 = (((s0 >> 23) & 1) ? -1 : 0); + const u32 S24 = (((s0 >> 24) & 1) ? -1 : 0); + const u32 S25 = (((s0 >> 25) & 1) ? -1 : 0); + const u32 S26 = (((s0 >> 26) & 1) ? -1 : 0); + const u32 S27 = (((s0 >> 27) & 1) ? -1 : 0); + const u32 S28 = (((s0 >> 28) & 1) ? -1 : 0); + const u32 S29 = (((s0 >> 29) & 1) ? -1 : 0); + const u32 S30 = (((s0 >> 30) & 1) ? -1 : 0); + const u32 S31 = (((s0 >> 31) & 1) ? -1 : 0); + const u32 S32 = (((s1 >> 0) & 1) ? -1 : 0); + const u32 S33 = (((s1 >> 1) & 1) ? -1 : 0); + const u32 S34 = (((s1 >> 2) & 1) ? -1 : 0); + const u32 S35 = (((s1 >> 3) & 1) ? -1 : 0); + const u32 S36 = (((s1 >> 4) & 1) ? -1 : 0); + const u32 S37 = (((s1 >> 5) & 1) ? -1 : 0); + const u32 S38 = (((s1 >> 6) & 1) ? -1 : 0); + const u32 S39 = (((s1 >> 7) & 1) ? -1 : 0); + const u32 S40 = (((s1 >> 8) & 1) ? -1 : 0); + const u32 S41 = (((s1 >> 9) & 1) ? -1 : 0); + const u32 S42 = (((s1 >> 10) & 1) ? -1 : 0); + const u32 S43 = (((s1 >> 11) & 1) ? -1 : 0); + const u32 S44 = (((s1 >> 12) & 1) ? -1 : 0); + const u32 S45 = (((s1 >> 13) & 1) ? -1 : 0); + const u32 S46 = (((s1 >> 14) & 1) ? -1 : 0); + const u32 S47 = (((s1 >> 15) & 1) ? -1 : 0); + const u32 S48 = (((s1 >> 16) & 1) ? -1 : 0); + const u32 S49 = (((s1 >> 17) & 1) ? -1 : 0); + const u32 S50 = (((s1 >> 18) & 1) ? -1 : 0); + const u32 S51 = (((s1 >> 19) & 1) ? -1 : 0); + const u32 S52 = (((s1 >> 20) & 1) ? -1 : 0); + const u32 S53 = (((s1 >> 21) & 1) ? -1 : 0); + const u32 S54 = (((s1 >> 22) & 1) ? -1 : 0); + const u32 S55 = (((s1 >> 23) & 1) ? -1 : 0); + const u32 S56 = (((s1 >> 24) & 1) ? -1 : 0); + const u32 S57 = (((s1 >> 25) & 1) ? -1 : 0); + const u32 S58 = (((s1 >> 26) & 1) ? -1 : 0); + const u32 S59 = (((s1 >> 27) & 1) ? -1 : 0); + const u32 S60 = (((s1 >> 28) & 1) ? -1 : 0); + const u32 S61 = (((s1 >> 29) & 1) ? -1 : 0); + const u32 S62 = (((s1 >> 30) & 1) ? -1 : 0); + const u32 S63 = (((s1 >> 31) & 1) ? -1 : 0); /** * base @@ -2282,248 +2279,245 @@ KERNEL_FQ void m03000_sxx (KERN_ATTR_BITSLICE ()) * inner loop */ - #ifdef IS_CUDA - const u32 pc_pos = (blockIdx.y * blockDim.y) + threadIdx.y; - #else - const u32 pc_pos = get_global_id (1); - #endif + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += 32) + { + u32 k00 = K00; + u32 k01 = K01; + u32 k02 = K02; + u32 k03 = K03; + u32 k04 = K04; + u32 k05 = K05; + u32 k06 = K06; + u32 k07 = K07; + u32 k08 = K08; + u32 k09 = K09; + u32 k10 = K10; + u32 k11 = K11; + u32 k12 = K12; + u32 k13 = K13; + u32 k14 = K14; + u32 k15 = K15; + u32 k16 = K16; + u32 k17 = K17; + u32 k18 = K18; + u32 k19 = K19; + u32 k20 = K20; + u32 k21 = K21; + u32 k22 = K22; + u32 k23 = K23; + u32 k24 = K24; + u32 k25 = K25; + u32 k26 = K26; + u32 k27 = K27; + u32 k28 = K28; + u32 k29 = K29; + u32 k30 = K30; + u32 k31 = K31; - const u32 il_pos = pc_pos * 32; + const u32 pc_pos = il_pos / 32; - u32 k00 = K00; - u32 k01 = K01; - u32 k02 = K02; - u32 k03 = K03; - u32 k04 = K04; - u32 k05 = K05; - u32 k06 = K06; - u32 k07 = K07; - u32 k08 = K08; - u32 k09 = K09; - u32 k10 = K10; - u32 k11 = K11; - u32 k12 = K12; - u32 k13 = K13; - u32 k14 = K14; - u32 k15 = K15; - u32 k16 = K16; - u32 k17 = K17; - u32 k18 = K18; - u32 k19 = K19; - u32 k20 = K20; - u32 k21 = K21; - u32 k22 = K22; - u32 k23 = K23; - u32 k24 = K24; - u32 k25 = K25; - u32 k26 = K26; - u32 k27 = K27; - u32 k28 = K28; - u32 k29 = K29; - u32 k30 = K30; - u32 k31 = K31; + k00 |= words_buf_s[pc_pos].b[ 0]; + k01 |= words_buf_s[pc_pos].b[ 1]; + k02 |= words_buf_s[pc_pos].b[ 2]; + k03 |= words_buf_s[pc_pos].b[ 3]; + k04 |= words_buf_s[pc_pos].b[ 4]; + k05 |= words_buf_s[pc_pos].b[ 5]; + k06 |= words_buf_s[pc_pos].b[ 6]; + k07 |= words_buf_s[pc_pos].b[ 7]; + k08 |= words_buf_s[pc_pos].b[ 8]; + k09 |= words_buf_s[pc_pos].b[ 9]; + k10 |= words_buf_s[pc_pos].b[10]; + k11 |= words_buf_s[pc_pos].b[11]; + k12 |= words_buf_s[pc_pos].b[12]; + k13 |= words_buf_s[pc_pos].b[13]; + k14 |= words_buf_s[pc_pos].b[14]; + k15 |= words_buf_s[pc_pos].b[15]; + k16 |= words_buf_s[pc_pos].b[16]; + k17 |= words_buf_s[pc_pos].b[17]; + k18 |= words_buf_s[pc_pos].b[18]; + k19 |= words_buf_s[pc_pos].b[19]; + k20 |= words_buf_s[pc_pos].b[20]; + k21 |= words_buf_s[pc_pos].b[21]; + k22 |= words_buf_s[pc_pos].b[22]; + k23 |= words_buf_s[pc_pos].b[23]; + k24 |= words_buf_s[pc_pos].b[24]; + k25 |= words_buf_s[pc_pos].b[25]; + k26 |= words_buf_s[pc_pos].b[26]; + k27 |= words_buf_s[pc_pos].b[27]; + k28 |= words_buf_s[pc_pos].b[28]; + k29 |= words_buf_s[pc_pos].b[29]; + k30 |= words_buf_s[pc_pos].b[30]; + k31 |= words_buf_s[pc_pos].b[31]; - k00 |= words_buf_s[pc_pos].b[ 0]; - k01 |= words_buf_s[pc_pos].b[ 1]; - k02 |= words_buf_s[pc_pos].b[ 2]; - k03 |= words_buf_s[pc_pos].b[ 3]; - k04 |= words_buf_s[pc_pos].b[ 4]; - k05 |= words_buf_s[pc_pos].b[ 5]; - k06 |= words_buf_s[pc_pos].b[ 6]; - k07 |= words_buf_s[pc_pos].b[ 7]; - k08 |= words_buf_s[pc_pos].b[ 8]; - k09 |= words_buf_s[pc_pos].b[ 9]; - k10 |= words_buf_s[pc_pos].b[10]; - k11 |= words_buf_s[pc_pos].b[11]; - k12 |= words_buf_s[pc_pos].b[12]; - k13 |= words_buf_s[pc_pos].b[13]; - k14 |= words_buf_s[pc_pos].b[14]; - k15 |= words_buf_s[pc_pos].b[15]; - k16 |= words_buf_s[pc_pos].b[16]; - k17 |= words_buf_s[pc_pos].b[17]; - k18 |= words_buf_s[pc_pos].b[18]; - k19 |= words_buf_s[pc_pos].b[19]; - k20 |= words_buf_s[pc_pos].b[20]; - k21 |= words_buf_s[pc_pos].b[21]; - k22 |= words_buf_s[pc_pos].b[22]; - k23 |= words_buf_s[pc_pos].b[23]; - k24 |= words_buf_s[pc_pos].b[24]; - k25 |= words_buf_s[pc_pos].b[25]; - k26 |= words_buf_s[pc_pos].b[26]; - k27 |= words_buf_s[pc_pos].b[27]; - k28 |= words_buf_s[pc_pos].b[28]; - k29 |= words_buf_s[pc_pos].b[29]; - k30 |= words_buf_s[pc_pos].b[30]; - k31 |= words_buf_s[pc_pos].b[31]; + // KGS!@#$% including IP - // KGS!@#$% including IP + u32 D00 = 0; + u32 D01 = 0; + u32 D02 = 0; + u32 D03 = 0xffffffff; + u32 D04 = 0; + u32 D05 = 0xffffffff; + u32 D06 = 0xffffffff; + u32 D07 = 0xffffffff; + u32 D08 = 0; + u32 D09 = 0; + u32 D10 = 0; + u32 D11 = 0; + u32 D12 = 0; + u32 D13 = 0xffffffff; + u32 D14 = 0; + u32 D15 = 0; + u32 D16 = 0xffffffff; + u32 D17 = 0xffffffff; + u32 D18 = 0; + u32 D19 = 0; + u32 D20 = 0; + u32 D21 = 0; + u32 D22 = 0xffffffff; + u32 D23 = 0; + u32 D24 = 0xffffffff; + u32 D25 = 0; + u32 D26 = 0xffffffff; + u32 D27 = 0; + u32 D28 = 0xffffffff; + u32 D29 = 0xffffffff; + u32 D30 = 0xffffffff; + u32 D31 = 0xffffffff; + u32 D32 = 0; + u32 D33 = 0; + u32 D34 = 0; + u32 D35 = 0; + u32 D36 = 0; + u32 D37 = 0; + u32 D38 = 0; + u32 D39 = 0; + u32 D40 = 0xffffffff; + u32 D41 = 0xffffffff; + u32 D42 = 0xffffffff; + u32 D43 = 0; + u32 D44 = 0xffffffff; + u32 D45 = 0; + u32 D46 = 0; + u32 D47 = 0; + u32 D48 = 0; + u32 D49 = 0; + u32 D50 = 0; + u32 D51 = 0; + u32 D52 = 0; + u32 D53 = 0; + u32 D54 = 0; + u32 D55 = 0xffffffff; + u32 D56 = 0; + u32 D57 = 0; + u32 D58 = 0xffffffff; + u32 D59 = 0; + u32 D60 = 0; + u32 D61 = 0xffffffff; + u32 D62 = 0xffffffff; + u32 D63 = 0xffffffff; - u32 D00 = 0; - u32 D01 = 0; - u32 D02 = 0; - u32 D03 = 0xffffffff; - u32 D04 = 0; - u32 D05 = 0xffffffff; - u32 D06 = 0xffffffff; - u32 D07 = 0xffffffff; - u32 D08 = 0; - u32 D09 = 0; - u32 D10 = 0; - u32 D11 = 0; - u32 D12 = 0; - u32 D13 = 0xffffffff; - u32 D14 = 0; - u32 D15 = 0; - u32 D16 = 0xffffffff; - u32 D17 = 0xffffffff; - u32 D18 = 0; - u32 D19 = 0; - u32 D20 = 0; - u32 D21 = 0; - u32 D22 = 0xffffffff; - u32 D23 = 0; - u32 D24 = 0xffffffff; - u32 D25 = 0; - u32 D26 = 0xffffffff; - u32 D27 = 0; - u32 D28 = 0xffffffff; - u32 D29 = 0xffffffff; - u32 D30 = 0xffffffff; - u32 D31 = 0xffffffff; - u32 D32 = 0; - u32 D33 = 0; - u32 D34 = 0; - u32 D35 = 0; - u32 D36 = 0; - u32 D37 = 0; - u32 D38 = 0; - u32 D39 = 0; - u32 D40 = 0xffffffff; - u32 D41 = 0xffffffff; - u32 D42 = 0xffffffff; - u32 D43 = 0; - u32 D44 = 0xffffffff; - u32 D45 = 0; - u32 D46 = 0; - u32 D47 = 0; - u32 D48 = 0; - u32 D49 = 0; - u32 D50 = 0; - u32 D51 = 0; - u32 D52 = 0; - u32 D53 = 0; - u32 D54 = 0; - u32 D55 = 0xffffffff; - u32 D56 = 0; - u32 D57 = 0; - u32 D58 = 0xffffffff; - u32 D59 = 0; - u32 D60 = 0; - u32 D61 = 0xffffffff; - u32 D62 = 0xffffffff; - u32 D63 = 0xffffffff; + DES + ( + k00, k01, k02, k03, k04, k05, k06, + k07, k08, k09, k10, k11, k12, k13, + k14, k15, k16, k17, k18, k19, k20, + k21, k22, k23, k24, k25, k26, k27, + k28, k29, k30, k31, K32, K33, K34, + K35, K36, K37, K38, K39, K40, K41, + K42, K43, K44, K45, K46, K47, K48, + K49, K50, K51, K52, K53, K54, K55, + &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, + &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, + &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, + &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, + &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, + &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, + &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, + &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 + ); - DES - ( - k00, k01, k02, k03, k04, k05, k06, - k07, k08, k09, k10, k11, k12, k13, - k14, k15, k16, k17, k18, k19, k20, - k21, k22, k23, k24, k25, k26, k27, - k28, k29, k30, k31, K32, K33, K34, - K35, K36, K37, K38, K39, K40, K41, - K42, K43, K44, K45, K46, K47, K48, - K49, K50, K51, K52, K53, K54, K55, - &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, - &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, - &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, - &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, - &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, - &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, - &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, - &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 - ); + u32 tmpResult = 0; - u32 tmpResult = 0; + tmpResult |= D00 ^ S00; + tmpResult |= D01 ^ S01; + tmpResult |= D02 ^ S02; + tmpResult |= D03 ^ S03; + tmpResult |= D04 ^ S04; + tmpResult |= D05 ^ S05; + tmpResult |= D06 ^ S06; + tmpResult |= D07 ^ S07; + tmpResult |= D08 ^ S08; + tmpResult |= D09 ^ S09; + tmpResult |= D10 ^ S10; + tmpResult |= D11 ^ S11; + tmpResult |= D12 ^ S12; + tmpResult |= D13 ^ S13; + tmpResult |= D14 ^ S14; + tmpResult |= D15 ^ S15; - tmpResult |= D00 ^ S00; - tmpResult |= D01 ^ S01; - tmpResult |= D02 ^ S02; - tmpResult |= D03 ^ S03; - tmpResult |= D04 ^ S04; - tmpResult |= D05 ^ S05; - tmpResult |= D06 ^ S06; - tmpResult |= D07 ^ S07; - tmpResult |= D08 ^ S08; - tmpResult |= D09 ^ S09; - tmpResult |= D10 ^ S10; - tmpResult |= D11 ^ S11; - tmpResult |= D12 ^ S12; - tmpResult |= D13 ^ S13; - tmpResult |= D14 ^ S14; - tmpResult |= D15 ^ S15; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + tmpResult |= D16 ^ S16; + tmpResult |= D17 ^ S17; + tmpResult |= D18 ^ S18; + tmpResult |= D19 ^ S19; + tmpResult |= D20 ^ S20; + tmpResult |= D21 ^ S21; + tmpResult |= D22 ^ S22; + tmpResult |= D23 ^ S23; + tmpResult |= D24 ^ S24; + tmpResult |= D25 ^ S25; + tmpResult |= D26 ^ S26; + tmpResult |= D27 ^ S27; + tmpResult |= D28 ^ S28; + tmpResult |= D29 ^ S29; + tmpResult |= D30 ^ S30; + tmpResult |= D31 ^ S31; - tmpResult |= D16 ^ S16; - tmpResult |= D17 ^ S17; - tmpResult |= D18 ^ S18; - tmpResult |= D19 ^ S19; - tmpResult |= D20 ^ S20; - tmpResult |= D21 ^ S21; - tmpResult |= D22 ^ S22; - tmpResult |= D23 ^ S23; - tmpResult |= D24 ^ S24; - tmpResult |= D25 ^ S25; - tmpResult |= D26 ^ S26; - tmpResult |= D27 ^ S27; - tmpResult |= D28 ^ S28; - tmpResult |= D29 ^ S29; - tmpResult |= D30 ^ S30; - tmpResult |= D31 ^ S31; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + tmpResult |= D32 ^ S32; + tmpResult |= D33 ^ S33; + tmpResult |= D34 ^ S34; + tmpResult |= D35 ^ S35; + tmpResult |= D36 ^ S36; + tmpResult |= D37 ^ S37; + tmpResult |= D38 ^ S38; + tmpResult |= D39 ^ S39; + tmpResult |= D40 ^ S40; + tmpResult |= D41 ^ S41; + tmpResult |= D42 ^ S42; + tmpResult |= D43 ^ S43; + tmpResult |= D44 ^ S44; + tmpResult |= D45 ^ S45; + tmpResult |= D46 ^ S46; + tmpResult |= D47 ^ S47; - tmpResult |= D32 ^ S32; - tmpResult |= D33 ^ S33; - tmpResult |= D34 ^ S34; - tmpResult |= D35 ^ S35; - tmpResult |= D36 ^ S36; - tmpResult |= D37 ^ S37; - tmpResult |= D38 ^ S38; - tmpResult |= D39 ^ S39; - tmpResult |= D40 ^ S40; - tmpResult |= D41 ^ S41; - tmpResult |= D42 ^ S42; - tmpResult |= D43 ^ S43; - tmpResult |= D44 ^ S44; - tmpResult |= D45 ^ S45; - tmpResult |= D46 ^ S46; - tmpResult |= D47 ^ S47; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + tmpResult |= D48 ^ S48; + tmpResult |= D49 ^ S49; + tmpResult |= D50 ^ S50; + tmpResult |= D51 ^ S51; + tmpResult |= D52 ^ S52; + tmpResult |= D53 ^ S53; + tmpResult |= D54 ^ S54; + tmpResult |= D55 ^ S55; + tmpResult |= D56 ^ S56; + tmpResult |= D57 ^ S57; + tmpResult |= D58 ^ S58; + tmpResult |= D59 ^ S59; + tmpResult |= D60 ^ S60; + tmpResult |= D61 ^ S61; + tmpResult |= D62 ^ S62; + tmpResult |= D63 ^ S63; - tmpResult |= D48 ^ S48; - tmpResult |= D49 ^ S49; - tmpResult |= D50 ^ S50; - tmpResult |= D51 ^ S51; - tmpResult |= D52 ^ S52; - tmpResult |= D53 ^ S53; - tmpResult |= D54 ^ S54; - tmpResult |= D55 ^ S55; - tmpResult |= D56 ^ S56; - tmpResult |= D57 ^ S57; - tmpResult |= D58 ^ S58; - tmpResult |= D59 ^ S59; - tmpResult |= D60 ^ S60; - tmpResult |= D61 ^ S61; - tmpResult |= D62 ^ S62; - tmpResult |= D63 ^ S63; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + const u32 slice = ffz (tmpResult); - const u32 slice = ffz (tmpResult); - - #ifdef KERNEL_STATIC - #include COMPARE_S - #endif + #ifdef KERNEL_STATIC + #include COMPARE_S + #endif + } } diff --git a/OpenCL/m14000_a3-pure.cl b/OpenCL/m14000_a3-pure.cl index 7d1b33e8a..253a6ee86 100644 --- a/OpenCL/m14000_a3-pure.cl +++ b/OpenCL/m14000_a3-pure.cl @@ -1903,78 +1903,6 @@ KERNEL_FQ void m14000_mxx (KERN_ATTR_BITSLICE ()) u32 D62 = d62; u32 D63 = d63; - /** - * digest - */ - - const u32 s0 = digests_buf[0].digest_buf[0]; - const u32 s1 = digests_buf[0].digest_buf[1]; - - #define S00 (((s0 >> 0) & 1) ? -1 : 0) - #define S01 (((s0 >> 1) & 1) ? -1 : 0) - #define S02 (((s0 >> 2) & 1) ? -1 : 0) - #define S03 (((s0 >> 3) & 1) ? -1 : 0) - #define S04 (((s0 >> 4) & 1) ? -1 : 0) - #define S05 (((s0 >> 5) & 1) ? -1 : 0) - #define S06 (((s0 >> 6) & 1) ? -1 : 0) - #define S07 (((s0 >> 7) & 1) ? -1 : 0) - #define S08 (((s0 >> 8) & 1) ? -1 : 0) - #define S09 (((s0 >> 9) & 1) ? -1 : 0) - #define S10 (((s0 >> 10) & 1) ? -1 : 0) - #define S11 (((s0 >> 11) & 1) ? -1 : 0) - #define S12 (((s0 >> 12) & 1) ? -1 : 0) - #define S13 (((s0 >> 13) & 1) ? -1 : 0) - #define S14 (((s0 >> 14) & 1) ? -1 : 0) - #define S15 (((s0 >> 15) & 1) ? -1 : 0) - #define S16 (((s0 >> 16) & 1) ? -1 : 0) - #define S17 (((s0 >> 17) & 1) ? -1 : 0) - #define S18 (((s0 >> 18) & 1) ? -1 : 0) - #define S19 (((s0 >> 19) & 1) ? -1 : 0) - #define S20 (((s0 >> 20) & 1) ? -1 : 0) - #define S21 (((s0 >> 21) & 1) ? -1 : 0) - #define S22 (((s0 >> 22) & 1) ? -1 : 0) - #define S23 (((s0 >> 23) & 1) ? -1 : 0) - #define S24 (((s0 >> 24) & 1) ? -1 : 0) - #define S25 (((s0 >> 25) & 1) ? -1 : 0) - #define S26 (((s0 >> 26) & 1) ? -1 : 0) - #define S27 (((s0 >> 27) & 1) ? -1 : 0) - #define S28 (((s0 >> 28) & 1) ? -1 : 0) - #define S29 (((s0 >> 29) & 1) ? -1 : 0) - #define S30 (((s0 >> 30) & 1) ? -1 : 0) - #define S31 (((s0 >> 31) & 1) ? -1 : 0) - #define S32 (((s1 >> 0) & 1) ? -1 : 0) - #define S33 (((s1 >> 1) & 1) ? -1 : 0) - #define S34 (((s1 >> 2) & 1) ? -1 : 0) - #define S35 (((s1 >> 3) & 1) ? -1 : 0) - #define S36 (((s1 >> 4) & 1) ? -1 : 0) - #define S37 (((s1 >> 5) & 1) ? -1 : 0) - #define S38 (((s1 >> 6) & 1) ? -1 : 0) - #define S39 (((s1 >> 7) & 1) ? -1 : 0) - #define S40 (((s1 >> 8) & 1) ? -1 : 0) - #define S41 (((s1 >> 9) & 1) ? -1 : 0) - #define S42 (((s1 >> 10) & 1) ? -1 : 0) - #define S43 (((s1 >> 11) & 1) ? -1 : 0) - #define S44 (((s1 >> 12) & 1) ? -1 : 0) - #define S45 (((s1 >> 13) & 1) ? -1 : 0) - #define S46 (((s1 >> 14) & 1) ? -1 : 0) - #define S47 (((s1 >> 15) & 1) ? -1 : 0) - #define S48 (((s1 >> 16) & 1) ? -1 : 0) - #define S49 (((s1 >> 17) & 1) ? -1 : 0) - #define S50 (((s1 >> 18) & 1) ? -1 : 0) - #define S51 (((s1 >> 19) & 1) ? -1 : 0) - #define S52 (((s1 >> 20) & 1) ? -1 : 0) - #define S53 (((s1 >> 21) & 1) ? -1 : 0) - #define S54 (((s1 >> 22) & 1) ? -1 : 0) - #define S55 (((s1 >> 23) & 1) ? -1 : 0) - #define S56 (((s1 >> 24) & 1) ? -1 : 0) - #define S57 (((s1 >> 25) & 1) ? -1 : 0) - #define S58 (((s1 >> 26) & 1) ? -1 : 0) - #define S59 (((s1 >> 27) & 1) ? -1 : 0) - #define S60 (((s1 >> 28) & 1) ? -1 : 0) - #define S61 (((s1 >> 29) & 1) ? -1 : 0) - #define S62 (((s1 >> 30) & 1) ? -1 : 0) - #define S63 (((s1 >> 31) & 1) ? -1 : 0) - /** * base */ @@ -2043,230 +1971,227 @@ KERNEL_FQ void m14000_mxx (KERN_ATTR_BITSLICE ()) * inner loop */ - #ifdef IS_CUDA - const u32 pc_pos = (blockIdx.y * blockDim.y) + threadIdx.y; - #else - const u32 pc_pos = get_global_id (1); - #endif - - const u32 il_pos = pc_pos * 32; - - u32 k00 = K00; - u32 k01 = K01; - u32 k02 = K02; - u32 k03 = K03; - u32 k04 = K04; - u32 k05 = K05; - u32 k06 = K06; - u32 k07 = K07; - u32 k08 = K08; - u32 k09 = K09; - u32 k10 = K10; - u32 k11 = K11; - u32 k12 = K12; - u32 k13 = K13; - u32 k14 = K14; - u32 k15 = K15; - u32 k16 = K16; - u32 k17 = K17; - u32 k18 = K18; - u32 k19 = K19; - u32 k20 = K20; - u32 k21 = K21; - u32 k22 = K22; - u32 k23 = K23; - u32 k24 = K24; - u32 k25 = K25; - u32 k26 = K26; - u32 k27 = K27; - - k00 |= words_buf_s[pc_pos].b[ 0]; - k01 |= words_buf_s[pc_pos].b[ 1]; - k02 |= words_buf_s[pc_pos].b[ 2]; - k03 |= words_buf_s[pc_pos].b[ 3]; - k04 |= words_buf_s[pc_pos].b[ 4]; - k05 |= words_buf_s[pc_pos].b[ 5]; - k06 |= words_buf_s[pc_pos].b[ 6]; - k07 |= words_buf_s[pc_pos].b[ 7]; - k08 |= words_buf_s[pc_pos].b[ 8]; - k09 |= words_buf_s[pc_pos].b[ 9]; - k10 |= words_buf_s[pc_pos].b[10]; - k11 |= words_buf_s[pc_pos].b[11]; - k12 |= words_buf_s[pc_pos].b[12]; - k13 |= words_buf_s[pc_pos].b[13]; - k14 |= words_buf_s[pc_pos].b[14]; - k15 |= words_buf_s[pc_pos].b[15]; - k16 |= words_buf_s[pc_pos].b[16]; - k17 |= words_buf_s[pc_pos].b[17]; - k18 |= words_buf_s[pc_pos].b[18]; - k19 |= words_buf_s[pc_pos].b[19]; - k20 |= words_buf_s[pc_pos].b[20]; - k21 |= words_buf_s[pc_pos].b[21]; - k22 |= words_buf_s[pc_pos].b[22]; - k23 |= words_buf_s[pc_pos].b[23]; - k24 |= words_buf_s[pc_pos].b[24]; - k25 |= words_buf_s[pc_pos].b[25]; - k26 |= words_buf_s[pc_pos].b[26]; - k27 |= words_buf_s[pc_pos].b[27]; - - DES - ( - k00, k01, k02, k03, k04, k05, k06, - k07, k08, k09, k10, k11, k12, k13, - k14, k15, k16, k17, k18, k19, k20, - k21, k22, k23, k24, k25, k26, k27, - K28, K29, K30, K31, K32, K33, K34, - K35, K36, K37, K38, K39, K40, K41, - K42, K43, K44, K45, K46, K47, K48, - K49, K50, K51, K52, K53, K54, K55, - &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, - &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, - &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, - &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, - &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, - &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, - &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, - &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 - ); - - u32 out[64]; - - out[ 0] = D00; - out[ 1] = D01; - out[ 2] = D02; - out[ 3] = D03; - out[ 4] = D04; - out[ 5] = D05; - out[ 6] = D06; - out[ 7] = D07; - out[ 8] = D08; - out[ 9] = D09; - out[10] = D10; - out[11] = D11; - out[12] = D12; - out[13] = D13; - out[14] = D14; - out[15] = D15; - out[16] = D16; - out[17] = D17; - out[18] = D18; - out[19] = D19; - out[20] = D20; - out[21] = D21; - out[22] = D22; - out[23] = D23; - out[24] = D24; - out[25] = D25; - out[26] = D26; - out[27] = D27; - out[28] = D28; - out[29] = D29; - out[30] = D30; - out[31] = D31; - out[32] = D32; - out[33] = D33; - out[34] = D34; - out[35] = D35; - out[36] = D36; - out[37] = D37; - out[38] = D38; - out[39] = D39; - out[40] = D40; - out[41] = D41; - out[42] = D42; - out[43] = D43; - out[44] = D44; - out[45] = D45; - out[46] = D46; - out[47] = D47; - out[48] = D48; - out[49] = D49; - out[50] = D50; - out[51] = D51; - out[52] = D52; - out[53] = D53; - out[54] = D54; - out[55] = D55; - out[56] = D56; - out[57] = D57; - out[58] = D58; - out[59] = D59; - out[60] = D60; - out[61] = D61; - out[62] = D62; - out[63] = D63; - - if (digests_cnt < 16) + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += 32) { - for (u32 d = 0; d < digests_cnt; d++) + u32 k00 = K00; + u32 k01 = K01; + u32 k02 = K02; + u32 k03 = K03; + u32 k04 = K04; + u32 k05 = K05; + u32 k06 = K06; + u32 k07 = K07; + u32 k08 = K08; + u32 k09 = K09; + u32 k10 = K10; + u32 k11 = K11; + u32 k12 = K12; + u32 k13 = K13; + u32 k14 = K14; + u32 k15 = K15; + u32 k16 = K16; + u32 k17 = K17; + u32 k18 = K18; + u32 k19 = K19; + u32 k20 = K20; + u32 k21 = K21; + u32 k22 = K22; + u32 k23 = K23; + u32 k24 = K24; + u32 k25 = K25; + u32 k26 = K26; + u32 k27 = K27; + + const u32 pc_pos = il_pos / 32; + + k00 |= words_buf_s[pc_pos].b[ 0]; + k01 |= words_buf_s[pc_pos].b[ 1]; + k02 |= words_buf_s[pc_pos].b[ 2]; + k03 |= words_buf_s[pc_pos].b[ 3]; + k04 |= words_buf_s[pc_pos].b[ 4]; + k05 |= words_buf_s[pc_pos].b[ 5]; + k06 |= words_buf_s[pc_pos].b[ 6]; + k07 |= words_buf_s[pc_pos].b[ 7]; + k08 |= words_buf_s[pc_pos].b[ 8]; + k09 |= words_buf_s[pc_pos].b[ 9]; + k10 |= words_buf_s[pc_pos].b[10]; + k11 |= words_buf_s[pc_pos].b[11]; + k12 |= words_buf_s[pc_pos].b[12]; + k13 |= words_buf_s[pc_pos].b[13]; + k14 |= words_buf_s[pc_pos].b[14]; + k15 |= words_buf_s[pc_pos].b[15]; + k16 |= words_buf_s[pc_pos].b[16]; + k17 |= words_buf_s[pc_pos].b[17]; + k18 |= words_buf_s[pc_pos].b[18]; + k19 |= words_buf_s[pc_pos].b[19]; + k20 |= words_buf_s[pc_pos].b[20]; + k21 |= words_buf_s[pc_pos].b[21]; + k22 |= words_buf_s[pc_pos].b[22]; + k23 |= words_buf_s[pc_pos].b[23]; + k24 |= words_buf_s[pc_pos].b[24]; + k25 |= words_buf_s[pc_pos].b[25]; + k26 |= words_buf_s[pc_pos].b[26]; + k27 |= words_buf_s[pc_pos].b[27]; + + DES + ( + k00, k01, k02, k03, k04, k05, k06, + k07, k08, k09, k10, k11, k12, k13, + k14, k15, k16, k17, k18, k19, k20, + k21, k22, k23, k24, k25, k26, k27, + K28, K29, K30, K31, K32, K33, K34, + K35, K36, K37, K38, K39, K40, K41, + K42, K43, K44, K45, K46, K47, K48, + K49, K50, K51, K52, K53, K54, K55, + &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, + &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, + &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, + &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, + &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, + &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, + &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, + &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 + ); + + u32 out[64]; + + out[ 0] = D00; + out[ 1] = D01; + out[ 2] = D02; + out[ 3] = D03; + out[ 4] = D04; + out[ 5] = D05; + out[ 6] = D06; + out[ 7] = D07; + out[ 8] = D08; + out[ 9] = D09; + out[10] = D10; + out[11] = D11; + out[12] = D12; + out[13] = D13; + out[14] = D14; + out[15] = D15; + out[16] = D16; + out[17] = D17; + out[18] = D18; + out[19] = D19; + out[20] = D20; + out[21] = D21; + out[22] = D22; + out[23] = D23; + out[24] = D24; + out[25] = D25; + out[26] = D26; + out[27] = D27; + out[28] = D28; + out[29] = D29; + out[30] = D30; + out[31] = D31; + out[32] = D32; + out[33] = D33; + out[34] = D34; + out[35] = D35; + out[36] = D36; + out[37] = D37; + out[38] = D38; + out[39] = D39; + out[40] = D40; + out[41] = D41; + out[42] = D42; + out[43] = D43; + out[44] = D44; + out[45] = D45; + out[46] = D46; + out[47] = D47; + out[48] = D48; + out[49] = D49; + out[50] = D50; + out[51] = D51; + out[52] = D52; + out[53] = D53; + out[54] = D54; + out[55] = D55; + out[56] = D56; + out[57] = D57; + out[58] = D58; + out[59] = D59; + out[60] = D60; + out[61] = D61; + out[62] = D62; + out[63] = D63; + + if (digests_cnt < 16) { - const u32 final_hash_pos = digests_offset + d; + for (u32 d = 0; d < digests_cnt; d++) + { + const u32 final_hash_pos = digests_offset + d; - if (hashes_shown[final_hash_pos]) continue; + if (hashes_shown[final_hash_pos]) continue; - u32 search[2]; + u32 search[2]; - search[0] = digests_buf[final_hash_pos].digest_buf[DGST_R0]; - search[1] = digests_buf[final_hash_pos].digest_buf[DGST_R1]; + search[0] = digests_buf[final_hash_pos].digest_buf[DGST_R0]; + search[1] = digests_buf[final_hash_pos].digest_buf[DGST_R1]; - u32 tmpResult = 0; + u32 tmpResult = 0; + + #ifdef _unroll + #pragma unroll + #endif + for (int i = 0; i < 32; i++) + { + const u32 b0 = -((search[0] >> i) & 1); + const u32 b1 = -((search[1] >> i) & 1); + + tmpResult |= out[ 0 + i] ^ b0; + tmpResult |= out[32 + i] ^ b1; + } + + if (tmpResult == 0xffffffff) continue; + + const u32 slice = ffz (tmpResult); + + const u32 r0 = search[0]; + const u32 r1 = search[1]; + const u32 r2 = 0; + const u32 r3 = 0; + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif + } + } + else + { + u32 out0[32]; + u32 out1[32]; #ifdef _unroll #pragma unroll #endif for (int i = 0; i < 32; i++) { - const u32 b0 = -((search[0] >> i) & 1); - const u32 b1 = -((search[1] >> i) & 1); - - tmpResult |= out[ 0 + i] ^ b0; - tmpResult |= out[32 + i] ^ b1; + out0[i] = out[ 0 + i]; + out1[i] = out[32 + i]; } - if (tmpResult == 0xffffffff) continue; + transpose32c (out0); + transpose32c (out1); - const u32 slice = ffz (tmpResult); - - const u32 r0 = search[0]; - const u32 r1 = search[1]; - const u32 r2 = 0; - const u32 r3 = 0; - - #ifdef KERNEL_STATIC - #include COMPARE_M + #ifdef _unroll + #pragma unroll #endif - } - } - else - { - u32 out0[32]; - u32 out1[32]; + for (int slice = 0; slice < 32; slice++) + { + const u32 r0 = out0[slice]; + const u32 r1 = out1[slice]; + const u32 r2 = 0; + const u32 r3 = 0; - #ifdef _unroll - #pragma unroll - #endif - for (int i = 0; i < 32; i++) - { - out0[i] = out[ 0 + i]; - out1[i] = out[32 + i]; - } - - transpose32c (out0); - transpose32c (out1); - - #ifdef _unroll - #pragma unroll - #endif - for (int slice = 0; slice < 32; slice++) - { - const u32 r0 = out0[slice]; - const u32 r1 = out1[slice]; - const u32 r2 = 0; - const u32 r3 = 0; - - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif + } } } } @@ -2426,70 +2351,70 @@ KERNEL_FQ void m14000_sxx (KERN_ATTR_BITSLICE ()) const u32 s0 = digests_buf[0].digest_buf[0]; const u32 s1 = digests_buf[0].digest_buf[1]; - #define S00 (((s0 >> 0) & 1) ? -1 : 0) - #define S01 (((s0 >> 1) & 1) ? -1 : 0) - #define S02 (((s0 >> 2) & 1) ? -1 : 0) - #define S03 (((s0 >> 3) & 1) ? -1 : 0) - #define S04 (((s0 >> 4) & 1) ? -1 : 0) - #define S05 (((s0 >> 5) & 1) ? -1 : 0) - #define S06 (((s0 >> 6) & 1) ? -1 : 0) - #define S07 (((s0 >> 7) & 1) ? -1 : 0) - #define S08 (((s0 >> 8) & 1) ? -1 : 0) - #define S09 (((s0 >> 9) & 1) ? -1 : 0) - #define S10 (((s0 >> 10) & 1) ? -1 : 0) - #define S11 (((s0 >> 11) & 1) ? -1 : 0) - #define S12 (((s0 >> 12) & 1) ? -1 : 0) - #define S13 (((s0 >> 13) & 1) ? -1 : 0) - #define S14 (((s0 >> 14) & 1) ? -1 : 0) - #define S15 (((s0 >> 15) & 1) ? -1 : 0) - #define S16 (((s0 >> 16) & 1) ? -1 : 0) - #define S17 (((s0 >> 17) & 1) ? -1 : 0) - #define S18 (((s0 >> 18) & 1) ? -1 : 0) - #define S19 (((s0 >> 19) & 1) ? -1 : 0) - #define S20 (((s0 >> 20) & 1) ? -1 : 0) - #define S21 (((s0 >> 21) & 1) ? -1 : 0) - #define S22 (((s0 >> 22) & 1) ? -1 : 0) - #define S23 (((s0 >> 23) & 1) ? -1 : 0) - #define S24 (((s0 >> 24) & 1) ? -1 : 0) - #define S25 (((s0 >> 25) & 1) ? -1 : 0) - #define S26 (((s0 >> 26) & 1) ? -1 : 0) - #define S27 (((s0 >> 27) & 1) ? -1 : 0) - #define S28 (((s0 >> 28) & 1) ? -1 : 0) - #define S29 (((s0 >> 29) & 1) ? -1 : 0) - #define S30 (((s0 >> 30) & 1) ? -1 : 0) - #define S31 (((s0 >> 31) & 1) ? -1 : 0) - #define S32 (((s1 >> 0) & 1) ? -1 : 0) - #define S33 (((s1 >> 1) & 1) ? -1 : 0) - #define S34 (((s1 >> 2) & 1) ? -1 : 0) - #define S35 (((s1 >> 3) & 1) ? -1 : 0) - #define S36 (((s1 >> 4) & 1) ? -1 : 0) - #define S37 (((s1 >> 5) & 1) ? -1 : 0) - #define S38 (((s1 >> 6) & 1) ? -1 : 0) - #define S39 (((s1 >> 7) & 1) ? -1 : 0) - #define S40 (((s1 >> 8) & 1) ? -1 : 0) - #define S41 (((s1 >> 9) & 1) ? -1 : 0) - #define S42 (((s1 >> 10) & 1) ? -1 : 0) - #define S43 (((s1 >> 11) & 1) ? -1 : 0) - #define S44 (((s1 >> 12) & 1) ? -1 : 0) - #define S45 (((s1 >> 13) & 1) ? -1 : 0) - #define S46 (((s1 >> 14) & 1) ? -1 : 0) - #define S47 (((s1 >> 15) & 1) ? -1 : 0) - #define S48 (((s1 >> 16) & 1) ? -1 : 0) - #define S49 (((s1 >> 17) & 1) ? -1 : 0) - #define S50 (((s1 >> 18) & 1) ? -1 : 0) - #define S51 (((s1 >> 19) & 1) ? -1 : 0) - #define S52 (((s1 >> 20) & 1) ? -1 : 0) - #define S53 (((s1 >> 21) & 1) ? -1 : 0) - #define S54 (((s1 >> 22) & 1) ? -1 : 0) - #define S55 (((s1 >> 23) & 1) ? -1 : 0) - #define S56 (((s1 >> 24) & 1) ? -1 : 0) - #define S57 (((s1 >> 25) & 1) ? -1 : 0) - #define S58 (((s1 >> 26) & 1) ? -1 : 0) - #define S59 (((s1 >> 27) & 1) ? -1 : 0) - #define S60 (((s1 >> 28) & 1) ? -1 : 0) - #define S61 (((s1 >> 29) & 1) ? -1 : 0) - #define S62 (((s1 >> 30) & 1) ? -1 : 0) - #define S63 (((s1 >> 31) & 1) ? -1 : 0) + const u32 S00 = (((s0 >> 0) & 1) ? -1 : 0); + const u32 S01 = (((s0 >> 1) & 1) ? -1 : 0); + const u32 S02 = (((s0 >> 2) & 1) ? -1 : 0); + const u32 S03 = (((s0 >> 3) & 1) ? -1 : 0); + const u32 S04 = (((s0 >> 4) & 1) ? -1 : 0); + const u32 S05 = (((s0 >> 5) & 1) ? -1 : 0); + const u32 S06 = (((s0 >> 6) & 1) ? -1 : 0); + const u32 S07 = (((s0 >> 7) & 1) ? -1 : 0); + const u32 S08 = (((s0 >> 8) & 1) ? -1 : 0); + const u32 S09 = (((s0 >> 9) & 1) ? -1 : 0); + const u32 S10 = (((s0 >> 10) & 1) ? -1 : 0); + const u32 S11 = (((s0 >> 11) & 1) ? -1 : 0); + const u32 S12 = (((s0 >> 12) & 1) ? -1 : 0); + const u32 S13 = (((s0 >> 13) & 1) ? -1 : 0); + const u32 S14 = (((s0 >> 14) & 1) ? -1 : 0); + const u32 S15 = (((s0 >> 15) & 1) ? -1 : 0); + const u32 S16 = (((s0 >> 16) & 1) ? -1 : 0); + const u32 S17 = (((s0 >> 17) & 1) ? -1 : 0); + const u32 S18 = (((s0 >> 18) & 1) ? -1 : 0); + const u32 S19 = (((s0 >> 19) & 1) ? -1 : 0); + const u32 S20 = (((s0 >> 20) & 1) ? -1 : 0); + const u32 S21 = (((s0 >> 21) & 1) ? -1 : 0); + const u32 S22 = (((s0 >> 22) & 1) ? -1 : 0); + const u32 S23 = (((s0 >> 23) & 1) ? -1 : 0); + const u32 S24 = (((s0 >> 24) & 1) ? -1 : 0); + const u32 S25 = (((s0 >> 25) & 1) ? -1 : 0); + const u32 S26 = (((s0 >> 26) & 1) ? -1 : 0); + const u32 S27 = (((s0 >> 27) & 1) ? -1 : 0); + const u32 S28 = (((s0 >> 28) & 1) ? -1 : 0); + const u32 S29 = (((s0 >> 29) & 1) ? -1 : 0); + const u32 S30 = (((s0 >> 30) & 1) ? -1 : 0); + const u32 S31 = (((s0 >> 31) & 1) ? -1 : 0); + const u32 S32 = (((s1 >> 0) & 1) ? -1 : 0); + const u32 S33 = (((s1 >> 1) & 1) ? -1 : 0); + const u32 S34 = (((s1 >> 2) & 1) ? -1 : 0); + const u32 S35 = (((s1 >> 3) & 1) ? -1 : 0); + const u32 S36 = (((s1 >> 4) & 1) ? -1 : 0); + const u32 S37 = (((s1 >> 5) & 1) ? -1 : 0); + const u32 S38 = (((s1 >> 6) & 1) ? -1 : 0); + const u32 S39 = (((s1 >> 7) & 1) ? -1 : 0); + const u32 S40 = (((s1 >> 8) & 1) ? -1 : 0); + const u32 S41 = (((s1 >> 9) & 1) ? -1 : 0); + const u32 S42 = (((s1 >> 10) & 1) ? -1 : 0); + const u32 S43 = (((s1 >> 11) & 1) ? -1 : 0); + const u32 S44 = (((s1 >> 12) & 1) ? -1 : 0); + const u32 S45 = (((s1 >> 13) & 1) ? -1 : 0); + const u32 S46 = (((s1 >> 14) & 1) ? -1 : 0); + const u32 S47 = (((s1 >> 15) & 1) ? -1 : 0); + const u32 S48 = (((s1 >> 16) & 1) ? -1 : 0); + const u32 S49 = (((s1 >> 17) & 1) ? -1 : 0); + const u32 S50 = (((s1 >> 18) & 1) ? -1 : 0); + const u32 S51 = (((s1 >> 19) & 1) ? -1 : 0); + const u32 S52 = (((s1 >> 20) & 1) ? -1 : 0); + const u32 S53 = (((s1 >> 21) & 1) ? -1 : 0); + const u32 S54 = (((s1 >> 22) & 1) ? -1 : 0); + const u32 S55 = (((s1 >> 23) & 1) ? -1 : 0); + const u32 S56 = (((s1 >> 24) & 1) ? -1 : 0); + const u32 S57 = (((s1 >> 25) & 1) ? -1 : 0); + const u32 S58 = (((s1 >> 26) & 1) ? -1 : 0); + const u32 S59 = (((s1 >> 27) & 1) ? -1 : 0); + const u32 S60 = (((s1 >> 28) & 1) ? -1 : 0); + const u32 S61 = (((s1 >> 29) & 1) ? -1 : 0); + const u32 S62 = (((s1 >> 30) & 1) ? -1 : 0); + const u32 S63 = (((s1 >> 31) & 1) ? -1 : 0); /** * base @@ -2559,173 +2484,170 @@ KERNEL_FQ void m14000_sxx (KERN_ATTR_BITSLICE ()) * inner loop */ - #ifdef IS_CUDA - const u32 pc_pos = (blockIdx.y * blockDim.y) + threadIdx.y; - #else - const u32 pc_pos = get_global_id (1); - #endif + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += 32) + { + u32 k00 = K00; + u32 k01 = K01; + u32 k02 = K02; + u32 k03 = K03; + u32 k04 = K04; + u32 k05 = K05; + u32 k06 = K06; + u32 k07 = K07; + u32 k08 = K08; + u32 k09 = K09; + u32 k10 = K10; + u32 k11 = K11; + u32 k12 = K12; + u32 k13 = K13; + u32 k14 = K14; + u32 k15 = K15; + u32 k16 = K16; + u32 k17 = K17; + u32 k18 = K18; + u32 k19 = K19; + u32 k20 = K20; + u32 k21 = K21; + u32 k22 = K22; + u32 k23 = K23; + u32 k24 = K24; + u32 k25 = K25; + u32 k26 = K26; + u32 k27 = K27; - const u32 il_pos = pc_pos * 32; + const u32 pc_pos = il_pos / 32; - u32 k00 = K00; - u32 k01 = K01; - u32 k02 = K02; - u32 k03 = K03; - u32 k04 = K04; - u32 k05 = K05; - u32 k06 = K06; - u32 k07 = K07; - u32 k08 = K08; - u32 k09 = K09; - u32 k10 = K10; - u32 k11 = K11; - u32 k12 = K12; - u32 k13 = K13; - u32 k14 = K14; - u32 k15 = K15; - u32 k16 = K16; - u32 k17 = K17; - u32 k18 = K18; - u32 k19 = K19; - u32 k20 = K20; - u32 k21 = K21; - u32 k22 = K22; - u32 k23 = K23; - u32 k24 = K24; - u32 k25 = K25; - u32 k26 = K26; - u32 k27 = K27; + k00 |= words_buf_s[pc_pos].b[ 0]; + k01 |= words_buf_s[pc_pos].b[ 1]; + k02 |= words_buf_s[pc_pos].b[ 2]; + k03 |= words_buf_s[pc_pos].b[ 3]; + k04 |= words_buf_s[pc_pos].b[ 4]; + k05 |= words_buf_s[pc_pos].b[ 5]; + k06 |= words_buf_s[pc_pos].b[ 6]; + k07 |= words_buf_s[pc_pos].b[ 7]; + k08 |= words_buf_s[pc_pos].b[ 8]; + k09 |= words_buf_s[pc_pos].b[ 9]; + k10 |= words_buf_s[pc_pos].b[10]; + k11 |= words_buf_s[pc_pos].b[11]; + k12 |= words_buf_s[pc_pos].b[12]; + k13 |= words_buf_s[pc_pos].b[13]; + k14 |= words_buf_s[pc_pos].b[14]; + k15 |= words_buf_s[pc_pos].b[15]; + k16 |= words_buf_s[pc_pos].b[16]; + k17 |= words_buf_s[pc_pos].b[17]; + k18 |= words_buf_s[pc_pos].b[18]; + k19 |= words_buf_s[pc_pos].b[19]; + k20 |= words_buf_s[pc_pos].b[20]; + k21 |= words_buf_s[pc_pos].b[21]; + k22 |= words_buf_s[pc_pos].b[22]; + k23 |= words_buf_s[pc_pos].b[23]; + k24 |= words_buf_s[pc_pos].b[24]; + k25 |= words_buf_s[pc_pos].b[25]; + k26 |= words_buf_s[pc_pos].b[26]; + k27 |= words_buf_s[pc_pos].b[27]; - k00 |= words_buf_s[pc_pos].b[ 0]; - k01 |= words_buf_s[pc_pos].b[ 1]; - k02 |= words_buf_s[pc_pos].b[ 2]; - k03 |= words_buf_s[pc_pos].b[ 3]; - k04 |= words_buf_s[pc_pos].b[ 4]; - k05 |= words_buf_s[pc_pos].b[ 5]; - k06 |= words_buf_s[pc_pos].b[ 6]; - k07 |= words_buf_s[pc_pos].b[ 7]; - k08 |= words_buf_s[pc_pos].b[ 8]; - k09 |= words_buf_s[pc_pos].b[ 9]; - k10 |= words_buf_s[pc_pos].b[10]; - k11 |= words_buf_s[pc_pos].b[11]; - k12 |= words_buf_s[pc_pos].b[12]; - k13 |= words_buf_s[pc_pos].b[13]; - k14 |= words_buf_s[pc_pos].b[14]; - k15 |= words_buf_s[pc_pos].b[15]; - k16 |= words_buf_s[pc_pos].b[16]; - k17 |= words_buf_s[pc_pos].b[17]; - k18 |= words_buf_s[pc_pos].b[18]; - k19 |= words_buf_s[pc_pos].b[19]; - k20 |= words_buf_s[pc_pos].b[20]; - k21 |= words_buf_s[pc_pos].b[21]; - k22 |= words_buf_s[pc_pos].b[22]; - k23 |= words_buf_s[pc_pos].b[23]; - k24 |= words_buf_s[pc_pos].b[24]; - k25 |= words_buf_s[pc_pos].b[25]; - k26 |= words_buf_s[pc_pos].b[26]; - k27 |= words_buf_s[pc_pos].b[27]; + DES + ( + k00, k01, k02, k03, k04, k05, k06, + k07, k08, k09, k10, k11, k12, k13, + k14, k15, k16, k17, k18, k19, k20, + k21, k22, k23, k24, k25, k26, k27, + K28, K29, K30, K31, K32, K33, K34, + K35, K36, K37, K38, K39, K40, K41, + K42, K43, K44, K45, K46, K47, K48, + K49, K50, K51, K52, K53, K54, K55, + &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, + &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, + &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, + &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, + &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, + &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, + &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, + &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 + ); - DES - ( - k00, k01, k02, k03, k04, k05, k06, - k07, k08, k09, k10, k11, k12, k13, - k14, k15, k16, k17, k18, k19, k20, - k21, k22, k23, k24, k25, k26, k27, - K28, K29, K30, K31, K32, K33, K34, - K35, K36, K37, K38, K39, K40, K41, - K42, K43, K44, K45, K46, K47, K48, - K49, K50, K51, K52, K53, K54, K55, - &D00, &D01, &D02, &D03, &D04, &D05, &D06, &D07, - &D08, &D09, &D10, &D11, &D12, &D13, &D14, &D15, - &D16, &D17, &D18, &D19, &D20, &D21, &D22, &D23, - &D24, &D25, &D26, &D27, &D28, &D29, &D30, &D31, - &D32, &D33, &D34, &D35, &D36, &D37, &D38, &D39, - &D40, &D41, &D42, &D43, &D44, &D45, &D46, &D47, - &D48, &D49, &D50, &D51, &D52, &D53, &D54, &D55, - &D56, &D57, &D58, &D59, &D60, &D61, &D62, &D63 - ); + u32 tmpResult = 0; - u32 tmpResult = 0; + tmpResult |= D00 ^ S00; + tmpResult |= D01 ^ S01; + tmpResult |= D02 ^ S02; + tmpResult |= D03 ^ S03; + tmpResult |= D04 ^ S04; + tmpResult |= D05 ^ S05; + tmpResult |= D06 ^ S06; + tmpResult |= D07 ^ S07; + tmpResult |= D08 ^ S08; + tmpResult |= D09 ^ S09; + tmpResult |= D10 ^ S10; + tmpResult |= D11 ^ S11; + tmpResult |= D12 ^ S12; + tmpResult |= D13 ^ S13; + tmpResult |= D14 ^ S14; + tmpResult |= D15 ^ S15; - tmpResult |= D00 ^ S00; - tmpResult |= D01 ^ S01; - tmpResult |= D02 ^ S02; - tmpResult |= D03 ^ S03; - tmpResult |= D04 ^ S04; - tmpResult |= D05 ^ S05; - tmpResult |= D06 ^ S06; - tmpResult |= D07 ^ S07; - tmpResult |= D08 ^ S08; - tmpResult |= D09 ^ S09; - tmpResult |= D10 ^ S10; - tmpResult |= D11 ^ S11; - tmpResult |= D12 ^ S12; - tmpResult |= D13 ^ S13; - tmpResult |= D14 ^ S14; - tmpResult |= D15 ^ S15; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + tmpResult |= D16 ^ S16; + tmpResult |= D17 ^ S17; + tmpResult |= D18 ^ S18; + tmpResult |= D19 ^ S19; + tmpResult |= D20 ^ S20; + tmpResult |= D21 ^ S21; + tmpResult |= D22 ^ S22; + tmpResult |= D23 ^ S23; + tmpResult |= D24 ^ S24; + tmpResult |= D25 ^ S25; + tmpResult |= D26 ^ S26; + tmpResult |= D27 ^ S27; + tmpResult |= D28 ^ S28; + tmpResult |= D29 ^ S29; + tmpResult |= D30 ^ S30; + tmpResult |= D31 ^ S31; - tmpResult |= D16 ^ S16; - tmpResult |= D17 ^ S17; - tmpResult |= D18 ^ S18; - tmpResult |= D19 ^ S19; - tmpResult |= D20 ^ S20; - tmpResult |= D21 ^ S21; - tmpResult |= D22 ^ S22; - tmpResult |= D23 ^ S23; - tmpResult |= D24 ^ S24; - tmpResult |= D25 ^ S25; - tmpResult |= D26 ^ S26; - tmpResult |= D27 ^ S27; - tmpResult |= D28 ^ S28; - tmpResult |= D29 ^ S29; - tmpResult |= D30 ^ S30; - tmpResult |= D31 ^ S31; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + tmpResult |= D32 ^ S32; + tmpResult |= D33 ^ S33; + tmpResult |= D34 ^ S34; + tmpResult |= D35 ^ S35; + tmpResult |= D36 ^ S36; + tmpResult |= D37 ^ S37; + tmpResult |= D38 ^ S38; + tmpResult |= D39 ^ S39; + tmpResult |= D40 ^ S40; + tmpResult |= D41 ^ S41; + tmpResult |= D42 ^ S42; + tmpResult |= D43 ^ S43; + tmpResult |= D44 ^ S44; + tmpResult |= D45 ^ S45; + tmpResult |= D46 ^ S46; + tmpResult |= D47 ^ S47; - tmpResult |= D32 ^ S32; - tmpResult |= D33 ^ S33; - tmpResult |= D34 ^ S34; - tmpResult |= D35 ^ S35; - tmpResult |= D36 ^ S36; - tmpResult |= D37 ^ S37; - tmpResult |= D38 ^ S38; - tmpResult |= D39 ^ S39; - tmpResult |= D40 ^ S40; - tmpResult |= D41 ^ S41; - tmpResult |= D42 ^ S42; - tmpResult |= D43 ^ S43; - tmpResult |= D44 ^ S44; - tmpResult |= D45 ^ S45; - tmpResult |= D46 ^ S46; - tmpResult |= D47 ^ S47; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + tmpResult |= D48 ^ S48; + tmpResult |= D49 ^ S49; + tmpResult |= D50 ^ S50; + tmpResult |= D51 ^ S51; + tmpResult |= D52 ^ S52; + tmpResult |= D53 ^ S53; + tmpResult |= D54 ^ S54; + tmpResult |= D55 ^ S55; + tmpResult |= D56 ^ S56; + tmpResult |= D57 ^ S57; + tmpResult |= D58 ^ S58; + tmpResult |= D59 ^ S59; + tmpResult |= D60 ^ S60; + tmpResult |= D61 ^ S61; + tmpResult |= D62 ^ S62; + tmpResult |= D63 ^ S63; - tmpResult |= D48 ^ S48; - tmpResult |= D49 ^ S49; - tmpResult |= D50 ^ S50; - tmpResult |= D51 ^ S51; - tmpResult |= D52 ^ S52; - tmpResult |= D53 ^ S53; - tmpResult |= D54 ^ S54; - tmpResult |= D55 ^ S55; - tmpResult |= D56 ^ S56; - tmpResult |= D57 ^ S57; - tmpResult |= D58 ^ S58; - tmpResult |= D59 ^ S59; - tmpResult |= D60 ^ S60; - tmpResult |= D61 ^ S61; - tmpResult |= D62 ^ S62; - tmpResult |= D63 ^ S63; + if (tmpResult == 0xffffffff) continue; - if (tmpResult == 0xffffffff) return; + const u32 slice = ffz (tmpResult); - const u32 slice = ffz (tmpResult); - - #ifdef KERNEL_STATIC - #include COMPARE_S - #endif + #ifdef KERNEL_STATIC + #include COMPARE_S + #endif + } } diff --git a/include/types.h b/include/types.h index ebcd53319..fabf9f063 100644 --- a/include/types.h +++ b/include/types.h @@ -392,40 +392,40 @@ typedef enum opts_type OPTS_TYPE_PT_GENERATE_LE = (1ULL << 9), OPTS_TYPE_PT_GENERATE_BE = (1ULL << 10), OPTS_TYPE_PT_NEVERCRACK = (1ULL << 11), // if we want all possible results - OPTS_TYPE_PT_BITSLICE = (1ULL << 12), - OPTS_TYPE_PT_ALWAYS_ASCII = (1ULL << 13), - OPTS_TYPE_PT_ALWAYS_HEXIFY = (1ULL << 14), - OPTS_TYPE_PT_LM = (1ULL << 15), // special handling: all lower, 7 max, ... - OPTS_TYPE_PT_HEX = (1ULL << 16), // input wordlist (and masks!) are always in hex - OPTS_TYPE_ST_UTF16LE = (1ULL << 17), - OPTS_TYPE_ST_UTF16BE = (1ULL << 18), - OPTS_TYPE_ST_UPPER = (1ULL << 19), - OPTS_TYPE_ST_LOWER = (1ULL << 20), - OPTS_TYPE_ST_ADD01 = (1ULL << 21), - OPTS_TYPE_ST_ADD02 = (1ULL << 22), - OPTS_TYPE_ST_ADD80 = (1ULL << 23), - OPTS_TYPE_ST_ADDBITS14 = (1ULL << 24), - OPTS_TYPE_ST_ADDBITS15 = (1ULL << 25), - OPTS_TYPE_ST_HEX = (1ULL << 26), - OPTS_TYPE_ST_BASE64 = (1ULL << 27), - OPTS_TYPE_ST_HASH_MD5 = (1ULL << 28), - OPTS_TYPE_HASH_COPY = (1ULL << 29), - OPTS_TYPE_HASH_SPLIT = (1ULL << 30), - OPTS_TYPE_LOOP_EXTENDED = (1ULL << 31), // a kernel which is called each time normal _loop kernel finished. + OPTS_TYPE_PT_ALWAYS_ASCII = (1ULL << 12), + OPTS_TYPE_PT_ALWAYS_HEXIFY = (1ULL << 13), + OPTS_TYPE_PT_LM = (1ULL << 14), // special handling: all lower, 7 max, ... + OPTS_TYPE_PT_HEX = (1ULL << 15), // input wordlist (and masks!) are always in hex + OPTS_TYPE_ST_UTF16LE = (1ULL << 16), + OPTS_TYPE_ST_UTF16BE = (1ULL << 17), + OPTS_TYPE_ST_UPPER = (1ULL << 18), + OPTS_TYPE_ST_LOWER = (1ULL << 19), + OPTS_TYPE_ST_ADD01 = (1ULL << 20), + OPTS_TYPE_ST_ADD02 = (1ULL << 21), + OPTS_TYPE_ST_ADD80 = (1ULL << 22), + OPTS_TYPE_ST_ADDBITS14 = (1ULL << 23), + OPTS_TYPE_ST_ADDBITS15 = (1ULL << 24), + OPTS_TYPE_ST_HEX = (1ULL << 25), + OPTS_TYPE_ST_BASE64 = (1ULL << 26), + OPTS_TYPE_ST_HASH_MD5 = (1ULL << 27), + OPTS_TYPE_HASH_COPY = (1ULL << 28), + OPTS_TYPE_HASH_SPLIT = (1ULL << 29), + OPTS_TYPE_LOOP_EXTENDED = (1ULL << 30), // a kernel which is called each time normal _loop kernel finished. // but unlike a hook kernel this kernel is called for every _loop iteration offset - OPTS_TYPE_HOOK12 = (1ULL << 32), - OPTS_TYPE_HOOK23 = (1ULL << 33), - OPTS_TYPE_INIT2 = (1ULL << 34), - OPTS_TYPE_LOOP2 = (1ULL << 35), - OPTS_TYPE_AUX1 = (1ULL << 36), - OPTS_TYPE_AUX2 = (1ULL << 37), - OPTS_TYPE_AUX3 = (1ULL << 38), - OPTS_TYPE_AUX4 = (1ULL << 39), - OPTS_TYPE_BINARY_HASHFILE = (1ULL << 40), - OPTS_TYPE_PREFERED_THREAD = (1ULL << 41), // some algorithms (complicated ones with many branches) benefit from this - OPTS_TYPE_PT_ADD06 = (1ULL << 42), - OPTS_TYPE_KEYBOARD_MAPPING = (1ULL << 43), - OPTS_TYPE_DEEP_COMP_KERNEL = (1ULL << 44), // if we have to iterate through each hash inside the comp kernel, for example if each hash has to be decrypted separately + OPTS_TYPE_HOOK12 = (1ULL << 31), + OPTS_TYPE_HOOK23 = (1ULL << 32), + OPTS_TYPE_INIT2 = (1ULL << 33), + OPTS_TYPE_LOOP2 = (1ULL << 34), + OPTS_TYPE_AUX1 = (1ULL << 35), + OPTS_TYPE_AUX2 = (1ULL << 36), + OPTS_TYPE_AUX3 = (1ULL << 37), + OPTS_TYPE_AUX4 = (1ULL << 38), + OPTS_TYPE_BINARY_HASHFILE = (1ULL << 39), + OPTS_TYPE_PREFERED_THREAD = (1ULL << 40), // some algorithms (complicated ones with many branches) benefit from this + OPTS_TYPE_PT_ADD06 = (1ULL << 41), + OPTS_TYPE_KEYBOARD_MAPPING = (1ULL << 42), + OPTS_TYPE_DEEP_COMP_KERNEL = (1ULL << 43), // if we have to iterate through each hash inside the comp kernel, for example if each hash has to be decrypted separately + OPTS_TYPE_TM_KERNEL = (1ULL << 44), OPTS_TYPE_SUGGEST_KG = (1ULL << 45), // suggest keep guessing for modules the user maybe wants to use --keep-guessing OPTS_TYPE_COPY_TMPS = (1ULL << 46), // if we want to use data from tmps buffer (for example get the PMK in WPA) OPTS_TYPE_POTFILE_NOPASS = (1ULL << 47), // sometimes the password should not be printed to potfile diff --git a/src/backend.c b/src/backend.c index 1ef4a5761..a8d4d2bae 100644 --- a/src/backend.c +++ b/src/backend.c @@ -2868,7 +2868,7 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, } else { - if (hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) + if (hashconfig->opts_type & OPTS_TYPE_TM_KERNEL) { const u32 size_tm = device_param->size_tm; @@ -3430,7 +3430,6 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con { const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; const status_ctx_t *status_ctx = hashcat_ctx->status_ctx; - const user_options_t *user_options = hashcat_ctx->user_options; u64 kernel_threads = 0; u64 dynamic_shared_mem = 0; @@ -3544,44 +3543,33 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con num_elements = CEILDIV (num_elements, kernel_threads); - if ((hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) && (user_options->attack_mode == ATTACK_MODE_BF)) + if (kern_run == KERN_RUN_1) { - if (hc_cuEventRecord (hashcat_ctx, device_param->cuda_event1, device_param->cuda_stream) == -1) return -1; - - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 32, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params, NULL) == -1) return -1; - - if (hc_cuEventRecord (hashcat_ctx, device_param->cuda_event2, device_param->cuda_stream) == -1) return -1; + if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_INIT) + { + num_elements = CEILDIV (num_elements, device_param->vector_width); + } } - else + else if (kern_run == KERN_RUN_2) { - if (kern_run == KERN_RUN_1) + if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_LOOP) { - if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_INIT) - { - num_elements = CEILDIV (num_elements, device_param->vector_width); - } + num_elements = CEILDIV (num_elements, device_param->vector_width); } - else if (kern_run == KERN_RUN_2) - { - if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_LOOP) - { - num_elements = CEILDIV (num_elements, device_param->vector_width); - } - } - else if (kern_run == KERN_RUN_3) - { - if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_COMP) - { - num_elements = CEILDIV (num_elements, device_param->vector_width); - } - } - - if (hc_cuEventRecord (hashcat_ctx, device_param->cuda_event1, device_param->cuda_stream) == -1) return -1; - - if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params, NULL) == -1) return -1; - - if (hc_cuEventRecord (hashcat_ctx, device_param->cuda_event2, device_param->cuda_stream) == -1) return -1; } + else if (kern_run == KERN_RUN_3) + { + if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_COMP) + { + num_elements = CEILDIV (num_elements, device_param->vector_width); + } + } + + if (hc_cuEventRecord (hashcat_ctx, device_param->cuda_event1, device_param->cuda_stream) == -1) return -1; + + if (hc_cuLaunchKernel (hashcat_ctx, cuda_function, num_elements, 1, 1, kernel_threads, 1, 1, dynamic_shared_mem, device_param->cuda_stream, device_param->kernel_params, NULL) == -1) return -1; + + if (hc_cuEventRecord (hashcat_ctx, device_param->cuda_event2, device_param->cuda_stream) == -1) return -1; if (hc_cuStreamSynchronize (hashcat_ctx, device_param->cuda_stream) == -1) return -1; @@ -3651,44 +3639,34 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con cl_event opencl_event; - if ((hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) && (user_options->attack_mode == ATTACK_MODE_BF)) + if (kern_run == KERN_RUN_1) { - const size_t global_work_size[3] = { num_elements, 32, 1 }; - const size_t local_work_size[3] = { kernel_threads, 1, 1 }; - - if (hc_clEnqueueNDRangeKernel (hashcat_ctx, device_param->opencl_command_queue, opencl_kernel, 2, NULL, global_work_size, local_work_size, 0, NULL, &opencl_event) == -1) return -1; + if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_INIT) + { + num_elements = CEILDIV (num_elements, device_param->vector_width); + } } - else + else if (kern_run == KERN_RUN_2) { - if (kern_run == KERN_RUN_1) + if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_LOOP) { - if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_INIT) - { - num_elements = CEILDIV (num_elements, device_param->vector_width); - } + num_elements = CEILDIV (num_elements, device_param->vector_width); } - else if (kern_run == KERN_RUN_2) - { - if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_LOOP) - { - num_elements = CEILDIV (num_elements, device_param->vector_width); - } - } - else if (kern_run == KERN_RUN_3) - { - if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_COMP) - { - num_elements = CEILDIV (num_elements, device_param->vector_width); - } - } - - num_elements = round_up_multiple_64 (num_elements, kernel_threads); - - const size_t global_work_size[3] = { num_elements, 1, 1 }; - const size_t local_work_size[3] = { kernel_threads, 1, 1 }; - - if (hc_clEnqueueNDRangeKernel (hashcat_ctx, device_param->opencl_command_queue, opencl_kernel, 1, NULL, global_work_size, local_work_size, 0, NULL, &opencl_event) == -1) return -1; } + else if (kern_run == KERN_RUN_3) + { + if (hashconfig->opti_type & OPTI_TYPE_SLOW_HASH_SIMD_COMP) + { + num_elements = CEILDIV (num_elements, device_param->vector_width); + } + } + + num_elements = round_up_multiple_64 (num_elements, kernel_threads); + + const size_t global_work_size[3] = { num_elements, 1, 1 }; + const size_t local_work_size[3] = { kernel_threads, 1, 1 }; + + if (hc_clEnqueueNDRangeKernel (hashcat_ctx, device_param->opencl_command_queue, opencl_kernel, 1, NULL, global_work_size, local_work_size, 0, NULL, &opencl_event) == -1) return -1; if (hc_clFlush (hashcat_ctx, device_param->opencl_command_queue) == -1) return -1; @@ -8839,7 +8817,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) { if (user_options->attack_mode == ATTACK_MODE_BF) { - if (hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) + if (hashconfig->opts_type & OPTS_TYPE_TM_KERNEL) { snprintf (kernel_name, sizeof (kernel_name), "m%05u_tm", kern_type); @@ -9092,10 +9070,13 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) device_param->kernel_preferred_wgs_multiple_mp_r = device_param->cuda_warp_size; - if (hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) + if (user_options->attack_mode == ATTACK_MODE_BF) { - //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_tm, 0, sizeof (cl_mem), device_param->kernel_params_tm[0]); if (CL_rc == -1) return -1; - //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_tm, 1, sizeof (cl_mem), device_param->kernel_params_tm[1]); if (CL_rc == -1) return -1; + if (hashconfig->opts_type & OPTS_TYPE_TM_KERNEL) + { + //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_tm, 0, sizeof (cl_mem), device_param->kernel_params_tm[0]); if (CL_rc == -1) return -1; + //CL_rc = hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_tm, 1, sizeof (cl_mem), device_param->kernel_params_tm[1]); if (CL_rc == -1) return -1; + } } } else if (user_options->attack_mode == ATTACK_MODE_HYBRID1) @@ -9422,7 +9403,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) { if (user_options->attack_mode == ATTACK_MODE_BF) { - if (hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) + if (hashconfig->opts_type & OPTS_TYPE_TM_KERNEL) { snprintf (kernel_name, sizeof (kernel_name), "m%05u_tm", kern_type); @@ -9670,10 +9651,13 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) if (get_opencl_kernel_preferred_wgs_multiple (hashcat_ctx, device_param, device_param->opencl_kernel_mp_r, &device_param->kernel_preferred_wgs_multiple_mp_r) == -1) return -1; - if (hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) + if (user_options->attack_mode == ATTACK_MODE_BF) { - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_tm, 0, sizeof (cl_mem), device_param->kernel_params_tm[0]) == -1) return -1; - if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_tm, 1, sizeof (cl_mem), device_param->kernel_params_tm[1]) == -1) return -1; + if (hashconfig->opts_type & OPTS_TYPE_TM_KERNEL) + { + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_tm, 0, sizeof (cl_mem), device_param->kernel_params_tm[0]) == -1) return -1; + if (hc_clSetKernelArg (hashcat_ctx, device_param->opencl_kernel_tm, 1, sizeof (cl_mem), device_param->kernel_params_tm[1]) == -1) return -1; + } } } else if (user_options->attack_mode == ATTACK_MODE_HYBRID1) diff --git a/src/modules/module_01500.c b/src/modules/module_01500.c index e97267a92..d2b325339 100644 --- a/src/modules/module_01500.c +++ b/src/modules/module_01500.c @@ -22,7 +22,7 @@ static const char *HASH_NAME = "descrypt, DES (Unix), Traditional DES"; static const u64 KERN_TYPE = 1500; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_PT_BITSLICE; + | OPTS_TYPE_TM_KERNEL; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = NULL; // the self-test can't work because the salt is not part of the code at compile-time static const char *ST_HASH = "8133vc.5rieNk"; @@ -73,6 +73,13 @@ int module_build_plain_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, return src_len; } +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 64; // performance only optimization + + return kernel_threads_max; +} + u32 module_kernel_loops_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { u32 kernel_loops_max = KERNEL_LOOPS_MAX; @@ -301,7 +308,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_kernel_accel_min = MODULE_DEFAULT; module_ctx->module_kernel_loops_max = module_kernel_loops_max; module_ctx->module_kernel_loops_min = module_kernel_loops_min; - module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; module_ctx->module_kernel_threads_min = MODULE_DEFAULT; module_ctx->module_kern_type = module_kern_type; module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; diff --git a/src/modules/module_03000.c b/src/modules/module_03000.c index e98cb294c..8d5e8c7a8 100644 --- a/src/modules/module_03000.c +++ b/src/modules/module_03000.c @@ -23,7 +23,7 @@ static const u64 KERN_TYPE = 3000; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_PT_UPPER - | OPTS_TYPE_PT_BITSLICE + | OPTS_TYPE_TM_KERNEL | OPTS_TYPE_PT_ALWAYS_ASCII | OPTS_TYPE_PT_LM | OPTS_TYPE_HASH_SPLIT; diff --git a/src/modules/module_14000.c b/src/modules/module_14000.c index a26ce6cf1..e2dabbed1 100644 --- a/src/modules/module_14000.c +++ b/src/modules/module_14000.c @@ -22,7 +22,7 @@ static const char *HASH_NAME = "DES (PT = $salt, key = $pass)"; static const u64 KERN_TYPE = 14000; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_PT_BITSLICE + | OPTS_TYPE_TM_KERNEL | OPTS_TYPE_ST_HEX; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat1"; diff --git a/src/selftest.c b/src/selftest.c index 0acb7b2a1..829f40f69 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -201,7 +201,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param { device_param->kernel_params_buf32[30] = 1; - if (hashconfig->opts_type & OPTS_TYPE_PT_BITSLICE) + if (hashconfig->opts_type & OPTS_TYPE_TM_KERNEL) { pw_t pw; From 669619c1a7391df6dd0e79c09265afc52deda1c0 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 22 Feb 2020 08:42:36 +0100 Subject: [PATCH 248/300] Fixed out-of-boundary write to decrypted[] in DPAPI masterkey file v1 kernel --- OpenCL/m15300-pure.cl | 4 +++- docs/changes.txt | 1 + src/modules/module_15300.c | 19 +------------------ 3 files changed, 5 insertions(+), 19 deletions(-) diff --git a/OpenCL/m15300-pure.cl b/OpenCL/m15300-pure.cl index 9a2b01cf3..1defd3d30 100644 --- a/OpenCL/m15300-pure.cl +++ b/OpenCL/m15300-pure.cl @@ -507,6 +507,8 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) iv[0] = data[0]; iv[1] = data[1]; + + if (wx_off == 24) break; } u32 hmacSalt[4]; @@ -523,7 +525,7 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) expectedHmac[2] = hc_swap32_S (decrypted[4 + 2]); expectedHmac[3] = hc_swap32_S (decrypted[4 + 3]); - for(int i = 0; i < 16; i++) + for (int i = 0; i < 16; i++) { lastKey[i] = decrypted[i + 26 - 16]; } diff --git a/docs/changes.txt b/docs/changes.txt index 03fdd6679..45b99f56d 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -88,6 +88,7 @@ - Fixed invalid use of --hex-wordlist if encoded wordlist string is larger than length 256 - Fixed maximum password length limit which was announced as 256 but actually was 255 - Fixed out-of-boundary read in pure kernel rule engine rule 'p' if parameter is set to 2 or higher +- Fixed out-of-boundary write to decrypted[] in DPAPI masterkey file v1 kernel - Fixed output of IKE PSK (mode 5300 and 5400) hashes to have separators at right position - Fixed output password of "e" rule in pure and cpu rule engine if separator character is also the first letter - Fixed problem with the usage of the hexadecimal notations (\x00-\xff) within rules diff --git a/src/modules/module_15300.c b/src/modules/module_15300.c index a57d6ca1e..3fd578bed 100644 --- a/src/modules/module_15300.c +++ b/src/modules/module_15300.c @@ -96,23 +96,6 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con return pw_max; } -bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) -{ - // amdgpu-pro-19.30-934563-ubuntu-18.04: self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) - { - return true; - } - - // l_opencl_p_18.1.0.013.tgz: self-test failed - if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) - { - return true; - } - - return false; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; @@ -456,6 +439,6 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_st_hash = module_st_hash; module_ctx->module_st_pass = module_st_pass; module_ctx->module_tmp_size = module_tmp_size; - module_ctx->module_unstable_warning = module_unstable_warning; + module_ctx->module_unstable_warning = MODULE_DEFAULT; module_ctx->module_warmup_disable = MODULE_DEFAULT; } From 09b8a30da23d5666ac8758327e6c5a3dd2bf1187 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 22 Feb 2020 09:11:04 +0100 Subject: [PATCH 249/300] Small optimizations in -m 15300 and -m 15900 --- OpenCL/m15300-pure.cl | 67 ++++++++++++++++--------------------------- OpenCL/m15900-pure.cl | 63 ++++++++++++++++------------------------ 2 files changed, 48 insertions(+), 82 deletions(-) diff --git a/OpenCL/m15300-pure.cl b/OpenCL/m15300-pure.cl index 1defd3d30..57e920a11 100644 --- a/OpenCL/m15300-pure.cl +++ b/OpenCL/m15300-pure.cl @@ -511,25 +511,6 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) if (wx_off == 24) break; } - u32 hmacSalt[4]; - u32 expectedHmac[4]; - u32 lastKey[16]; - - hmacSalt[0] = hc_swap32_S (decrypted[0]); - hmacSalt[1] = hc_swap32_S (decrypted[1]); - hmacSalt[2] = hc_swap32_S (decrypted[2]); - hmacSalt[3] = hc_swap32_S (decrypted[3]); - - expectedHmac[0] = hc_swap32_S (decrypted[4 + 0]); - expectedHmac[1] = hc_swap32_S (decrypted[4 + 1]); - expectedHmac[2] = hc_swap32_S (decrypted[4 + 2]); - expectedHmac[3] = hc_swap32_S (decrypted[4 + 3]); - - for (int i = 0; i < 16; i++) - { - lastKey[i] = decrypted[i + 26 - 16]; - } - w0[0] = tmps[gid].userKey[0]; w0[1] = tmps[gid].userKey[1]; w0[2] = tmps[gid].userKey[2]; @@ -551,10 +532,10 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) sha1_hmac_init_64 (&ctx, w0, w1, w2, w3); - w0[0] = hmacSalt[0]; - w0[1] = hmacSalt[1]; - w0[2] = hmacSalt[2]; - w0[3] = hmacSalt[3]; + w0[0] = hc_swap32_S (decrypted[0]); + w0[1] = hc_swap32_S (decrypted[1]); + w0[2] = hc_swap32_S (decrypted[2]); + w0[3] = hc_swap32_S (decrypted[3]); w1[0] = 0; w1[1] = 0; w1[2] = 0; @@ -591,22 +572,22 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) sha1_hmac_init_64 (&ctx, w0, w1, w2, w3); - w0[0] = hc_swap32_S (lastKey[ 0]); - w0[1] = hc_swap32_S (lastKey[ 1]); - w0[2] = hc_swap32_S (lastKey[ 2]); - w0[3] = hc_swap32_S (lastKey[ 3]); - w1[0] = hc_swap32_S (lastKey[ 4]); - w1[1] = hc_swap32_S (lastKey[ 5]); - w1[2] = hc_swap32_S (lastKey[ 6]); - w1[3] = hc_swap32_S (lastKey[ 7]); - w2[0] = hc_swap32_S (lastKey[ 8]); - w2[1] = hc_swap32_S (lastKey[ 9]); - w2[2] = hc_swap32_S (lastKey[10]); - w2[3] = hc_swap32_S (lastKey[11]); - w3[0] = hc_swap32_S (lastKey[12]); - w3[1] = hc_swap32_S (lastKey[13]); - w3[2] = hc_swap32_S (lastKey[14]); - w3[3] = hc_swap32_S (lastKey[15]); + w0[0] = hc_swap32_S (decrypted[10]); + w0[1] = hc_swap32_S (decrypted[11]); + w0[2] = hc_swap32_S (decrypted[12]); + w0[3] = hc_swap32_S (decrypted[13]); + w1[0] = hc_swap32_S (decrypted[14]); + w1[1] = hc_swap32_S (decrypted[15]); + w1[2] = hc_swap32_S (decrypted[16]); + w1[3] = hc_swap32_S (decrypted[17]); + w2[0] = hc_swap32_S (decrypted[18]); + w2[1] = hc_swap32_S (decrypted[19]); + w2[2] = hc_swap32_S (decrypted[20]); + w2[3] = hc_swap32_S (decrypted[21]); + w3[0] = hc_swap32_S (decrypted[22]); + w3[1] = hc_swap32_S (decrypted[23]); + w3[2] = hc_swap32_S (decrypted[24]); + w3[3] = hc_swap32_S (decrypted[25]); sha1_hmac_update_64 (&ctx, w0, w1, w2, w3, 64); @@ -614,10 +595,10 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) #define il_pos 0 - if ((expectedHmac[0] == ctx.opad.h[0]) - && (expectedHmac[1] == ctx.opad.h[1]) - && (expectedHmac[2] == ctx.opad.h[2]) - && (expectedHmac[3] == ctx.opad.h[3])) + if ((decrypted[4] == hc_swap32_S (ctx.opad.h[0])) + && (decrypted[5] == hc_swap32_S (ctx.opad.h[1])) + && (decrypted[6] == hc_swap32_S (ctx.opad.h[2])) + && (decrypted[7] == hc_swap32_S (ctx.opad.h[3]))) { if (atomic_inc (&hashes_shown[digests_offset]) == 0) { diff --git a/OpenCL/m15900-pure.cl b/OpenCL/m15900-pure.cl index 2c2dd5adb..4ab4f7bd4 100644 --- a/OpenCL/m15900-pure.cl +++ b/OpenCL/m15900-pure.cl @@ -637,21 +637,6 @@ KERNEL_FQ void m15900_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v2_t, dpapimk_t)) if (contents_off == 32) break; } - u32 hmacSalt[4]; - u32 expectedHmac[16]; - u32 lastKey[16]; - - hmacSalt[0] = decrypted[0]; - hmacSalt[1] = decrypted[1]; - hmacSalt[2] = decrypted[2]; - hmacSalt[3] = decrypted[3]; - - for(int i = 0; i < 16; i++) - { - expectedHmac[i] = decrypted[i + 4]; - lastKey[i] = decrypted[i + 36 - 16]; - } - w0[0] = tmps[gid].userKey[0]; w0[1] = tmps[gid].userKey[1]; w0[2] = tmps[gid].userKey[2]; @@ -689,10 +674,10 @@ KERNEL_FQ void m15900_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v2_t, dpapimk_t)) sha512_hmac_init_128 (&ctx, w0, w1, w2, w3, w4, w5, w6, w7); - w0[0] = hmacSalt[0]; - w0[1] = hmacSalt[1]; - w0[2] = hmacSalt[2]; - w0[3] = hmacSalt[3]; + w0[0] = decrypted[0]; + w0[1] = decrypted[1]; + w0[2] = decrypted[2]; + w0[3] = decrypted[3]; w1[0] = 0; w1[1] = 0; w1[2] = 0; @@ -761,22 +746,22 @@ KERNEL_FQ void m15900_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v2_t, dpapimk_t)) sha512_hmac_init_128 (&ctx, w0, w1, w2, w3, w4, w5, w6, w7); - w0[0] = lastKey[ 0]; - w0[1] = lastKey[ 1]; - w0[2] = lastKey[ 2]; - w0[3] = lastKey[ 3]; - w1[0] = lastKey[ 4]; - w1[1] = lastKey[ 5]; - w1[2] = lastKey[ 6]; - w1[3] = lastKey[ 7]; - w2[0] = lastKey[ 8]; - w2[1] = lastKey[ 9]; - w2[2] = lastKey[10]; - w2[3] = lastKey[11]; - w3[0] = lastKey[12]; - w3[1] = lastKey[13]; - w3[2] = lastKey[14]; - w3[3] = lastKey[15]; + w0[0] = decrypted[20]; + w0[1] = decrypted[21]; + w0[2] = decrypted[22]; + w0[3] = decrypted[23]; + w1[0] = decrypted[24]; + w1[1] = decrypted[25]; + w1[2] = decrypted[26]; + w1[3] = decrypted[27]; + w2[0] = decrypted[28]; + w2[1] = decrypted[29]; + w2[2] = decrypted[30]; + w2[3] = decrypted[31]; + w3[0] = decrypted[32]; + w3[1] = decrypted[33]; + w3[2] = decrypted[34]; + w3[3] = decrypted[35]; w4[0] = 0; w4[1] = 0; w4[2] = 0; @@ -800,10 +785,10 @@ KERNEL_FQ void m15900_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v2_t, dpapimk_t)) #define il_pos 0 - if ((expectedHmac[0] == h32_from_64_S (ctx.opad.h[0])) - && (expectedHmac[1] == l32_from_64_S (ctx.opad.h[0])) - && (expectedHmac[2] == h32_from_64_S (ctx.opad.h[1])) - && (expectedHmac[3] == l32_from_64_S (ctx.opad.h[1]))) + if ((decrypted[4] == h32_from_64_S (ctx.opad.h[0])) + && (decrypted[5] == l32_from_64_S (ctx.opad.h[0])) + && (decrypted[6] == h32_from_64_S (ctx.opad.h[1])) + && (decrypted[7] == l32_from_64_S (ctx.opad.h[1]))) { if (atomic_inc (&hashes_shown[digests_offset]) == 0) { From caa34924bf8150cfd0b0f1ec5a5913c72de86fff Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 22 Feb 2020 10:18:09 +0100 Subject: [PATCH 250/300] More optimizations in -m 15300 and -m 15900 --- OpenCL/m15300-pure.cl | 192 +++++++++++++++++++++++++++++------------- OpenCL/m15900-pure.cl | 169 ++++++++++++++++++++++++++----------- 2 files changed, 253 insertions(+), 108 deletions(-) diff --git a/OpenCL/m15300-pure.cl b/OpenCL/m15300-pure.cl index 57e920a11..f49c5c410 100644 --- a/OpenCL/m15300-pure.cl +++ b/OpenCL/m15300-pure.cl @@ -442,8 +442,6 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) iv[0] = hc_swap32_S (tmps[gid].out[6]); iv[1] = hc_swap32_S (tmps[gid].out[7]); - u32 decrypted[26]; - /* Construct 3DES keys */ const u32 a = (key[0]); @@ -470,45 +468,123 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) _des_crypt_keysetup (e, f, Ke, Kf, s_skb); - u32 contents_pos; - u32 contents_off; - u32 wx_off; + u32 p1[2]; + u32 p2[2]; + u32 out[2]; - for (wx_off = 0, contents_pos = 0, contents_off = 0; contents_pos < esalt_bufs[digests_offset].contents_len; wx_off += 2, contents_pos += 8, contents_off += 2) + u32 hmac_data[4]; + + hmac_data[0] = hc_swap32_S (esalt_bufs[digests_offset].contents[0]); + hmac_data[1] = hc_swap32_S (esalt_bufs[digests_offset].contents[1]); + hmac_data[2] = hc_swap32_S (esalt_bufs[digests_offset].contents[2]); + hmac_data[3] = hc_swap32_S (esalt_bufs[digests_offset].contents[3]); + + u32 expected_key[4]; + + expected_key[0] = hc_swap32_S (esalt_bufs[digests_offset].contents[4]); + expected_key[1] = hc_swap32_S (esalt_bufs[digests_offset].contents[5]); + expected_key[2] = hc_swap32_S (esalt_bufs[digests_offset].contents[6]); + expected_key[3] = hc_swap32_S (esalt_bufs[digests_offset].contents[7]); + + u32 last_iv[2]; + + last_iv[0] = hc_swap32_S (esalt_bufs[digests_offset].contents[8]); + last_iv[1] = hc_swap32_S (esalt_bufs[digests_offset].contents[9]); + + u32 last_key[16]; + + last_key[ 0] = hc_swap32_S (esalt_bufs[digests_offset].contents[10]); + last_key[ 1] = hc_swap32_S (esalt_bufs[digests_offset].contents[11]); + last_key[ 2] = hc_swap32_S (esalt_bufs[digests_offset].contents[12]); + last_key[ 3] = hc_swap32_S (esalt_bufs[digests_offset].contents[13]); + last_key[ 4] = hc_swap32_S (esalt_bufs[digests_offset].contents[14]); + last_key[ 5] = hc_swap32_S (esalt_bufs[digests_offset].contents[15]); + last_key[ 6] = hc_swap32_S (esalt_bufs[digests_offset].contents[16]); + last_key[ 7] = hc_swap32_S (esalt_bufs[digests_offset].contents[17]); + last_key[ 8] = hc_swap32_S (esalt_bufs[digests_offset].contents[18]); + last_key[ 9] = hc_swap32_S (esalt_bufs[digests_offset].contents[19]); + last_key[10] = hc_swap32_S (esalt_bufs[digests_offset].contents[20]); + last_key[11] = hc_swap32_S (esalt_bufs[digests_offset].contents[21]); + last_key[12] = hc_swap32_S (esalt_bufs[digests_offset].contents[22]); + last_key[13] = hc_swap32_S (esalt_bufs[digests_offset].contents[23]); + last_key[14] = hc_swap32_S (esalt_bufs[digests_offset].contents[24]); + last_key[15] = hc_swap32_S (esalt_bufs[digests_offset].contents[25]); + + // hmac_data + + _des_crypt_decrypt (p1, hmac_data + 0, Ke, Kf, s_SPtrans); + _des_crypt_encrypt (p2, p1, Kc, Kd, s_SPtrans); + _des_crypt_decrypt (out, p2, Ka, Kb, s_SPtrans); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + + iv[0] = hmac_data[0]; + iv[1] = hmac_data[1]; + + hmac_data[0] = out[0]; + hmac_data[1] = out[1]; + + _des_crypt_decrypt (p1, hmac_data + 2, Ke, Kf, s_SPtrans); + _des_crypt_encrypt (p2, p1, Kc, Kd, s_SPtrans); + _des_crypt_decrypt (out, p2, Ka, Kb, s_SPtrans); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + + iv[0] = hmac_data[2]; + iv[1] = hmac_data[3]; + + hmac_data[2] = out[0]; + hmac_data[3] = out[1]; + + // expected_key + + _des_crypt_decrypt (p1, expected_key + 0, Ke, Kf, s_SPtrans); + _des_crypt_encrypt (p2, p1, Kc, Kd, s_SPtrans); + _des_crypt_decrypt (out, p2, Ka, Kb, s_SPtrans); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + + iv[0] = expected_key[0]; + iv[1] = expected_key[1]; + + expected_key[0] = out[0]; + expected_key[1] = out[1]; + + _des_crypt_decrypt (p1, expected_key + 2, Ke, Kf, s_SPtrans); + _des_crypt_encrypt (p2, p1, Kc, Kd, s_SPtrans); + _des_crypt_decrypt (out, p2, Ka, Kb, s_SPtrans); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + + iv[0] = expected_key[2]; + iv[1] = expected_key[3]; + + expected_key[2] = out[0]; + expected_key[3] = out[1]; + + // last_key + + iv[0] = last_iv[0]; + iv[1] = last_iv[1]; + + for (int off = 0; off < 16; off += 2) { - /* First Pass */ - - u32 data[2]; - - data[0] = hc_swap32_S (esalt_bufs[digests_offset].contents[contents_off + 0]); - data[1] = hc_swap32_S (esalt_bufs[digests_offset].contents[contents_off + 1]); - - u32 p1[2]; - - _des_crypt_decrypt (p1, data, Ke, Kf, s_SPtrans); - - /* Second Pass */ - - u32 p2[2]; - - _des_crypt_encrypt (p2, p1, Kc, Kd, s_SPtrans); - - /* Third Pass */ - - u32 out[2]; - - _des_crypt_decrypt (out, p2, Ka, Kb, s_SPtrans); + _des_crypt_decrypt (p1, last_key + off, Ke, Kf, s_SPtrans); + _des_crypt_encrypt (p2, p1, Kc, Kd, s_SPtrans); + _des_crypt_decrypt (out, p2, Ka, Kb, s_SPtrans); out[0] ^= iv[0]; out[1] ^= iv[1]; - decrypted[wx_off + 0] = out[0]; - decrypted[wx_off + 1] = out[1]; + iv[0] = last_key[off + 0]; + iv[1] = last_key[off + 1]; - iv[0] = data[0]; - iv[1] = data[1]; - - if (wx_off == 24) break; + last_key[off + 0] = out[0]; + last_key[off + 1] = out[1]; } w0[0] = tmps[gid].userKey[0]; @@ -532,10 +608,10 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) sha1_hmac_init_64 (&ctx, w0, w1, w2, w3); - w0[0] = hc_swap32_S (decrypted[0]); - w0[1] = hc_swap32_S (decrypted[1]); - w0[2] = hc_swap32_S (decrypted[2]); - w0[3] = hc_swap32_S (decrypted[3]); + w0[0] = hc_swap32_S (hmac_data[0]); + w0[1] = hc_swap32_S (hmac_data[1]); + w0[2] = hc_swap32_S (hmac_data[2]); + w0[3] = hc_swap32_S (hmac_data[3]); w1[0] = 0; w1[1] = 0; w1[2] = 0; @@ -572,22 +648,22 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) sha1_hmac_init_64 (&ctx, w0, w1, w2, w3); - w0[0] = hc_swap32_S (decrypted[10]); - w0[1] = hc_swap32_S (decrypted[11]); - w0[2] = hc_swap32_S (decrypted[12]); - w0[3] = hc_swap32_S (decrypted[13]); - w1[0] = hc_swap32_S (decrypted[14]); - w1[1] = hc_swap32_S (decrypted[15]); - w1[2] = hc_swap32_S (decrypted[16]); - w1[3] = hc_swap32_S (decrypted[17]); - w2[0] = hc_swap32_S (decrypted[18]); - w2[1] = hc_swap32_S (decrypted[19]); - w2[2] = hc_swap32_S (decrypted[20]); - w2[3] = hc_swap32_S (decrypted[21]); - w3[0] = hc_swap32_S (decrypted[22]); - w3[1] = hc_swap32_S (decrypted[23]); - w3[2] = hc_swap32_S (decrypted[24]); - w3[3] = hc_swap32_S (decrypted[25]); + w0[0] = hc_swap32_S (last_key[ 0]); + w0[1] = hc_swap32_S (last_key[ 1]); + w0[2] = hc_swap32_S (last_key[ 2]); + w0[3] = hc_swap32_S (last_key[ 3]); + w1[0] = hc_swap32_S (last_key[ 4]); + w1[1] = hc_swap32_S (last_key[ 5]); + w1[2] = hc_swap32_S (last_key[ 6]); + w1[3] = hc_swap32_S (last_key[ 7]); + w2[0] = hc_swap32_S (last_key[ 8]); + w2[1] = hc_swap32_S (last_key[ 9]); + w2[2] = hc_swap32_S (last_key[10]); + w2[3] = hc_swap32_S (last_key[11]); + w3[0] = hc_swap32_S (last_key[12]); + w3[1] = hc_swap32_S (last_key[13]); + w3[2] = hc_swap32_S (last_key[14]); + w3[3] = hc_swap32_S (last_key[15]); sha1_hmac_update_64 (&ctx, w0, w1, w2, w3, 64); @@ -595,10 +671,10 @@ KERNEL_FQ void m15300_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v1_t, dpapimk_t)) #define il_pos 0 - if ((decrypted[4] == hc_swap32_S (ctx.opad.h[0])) - && (decrypted[5] == hc_swap32_S (ctx.opad.h[1])) - && (decrypted[6] == hc_swap32_S (ctx.opad.h[2])) - && (decrypted[7] == hc_swap32_S (ctx.opad.h[3]))) + if ((expected_key[0] == hc_swap32_S (ctx.opad.h[0])) + && (expected_key[1] == hc_swap32_S (ctx.opad.h[1])) + && (expected_key[2] == hc_swap32_S (ctx.opad.h[2])) + && (expected_key[3] == hc_swap32_S (ctx.opad.h[3]))) { if (atomic_inc (&hashes_shown[digests_offset]) == 0) { diff --git a/OpenCL/m15900-pure.cl b/OpenCL/m15900-pure.cl index 4ab4f7bd4..82a47cee5 100644 --- a/OpenCL/m15900-pure.cl +++ b/OpenCL/m15900-pure.cl @@ -599,42 +599,111 @@ KERNEL_FQ void m15900_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v2_t, dpapimk_t)) AES256_set_decrypt_key (ks, key, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - /* 144 bytes */ - u32 decrypted[36] = { 0 }; + u32 out[4]; - u32 contents_pos; - u32 contents_off; - u32 wx_off; + u32 hmac_data[4]; - for (wx_off = 0, contents_pos = 0, contents_off = 0; contents_pos < esalt_bufs[digests_offset].contents_len; wx_off += 4, contents_pos += 16, contents_off += 4) + hmac_data[0] = esalt_bufs[digests_offset].contents[0]; + hmac_data[1] = esalt_bufs[digests_offset].contents[1]; + hmac_data[2] = esalt_bufs[digests_offset].contents[2]; + hmac_data[3] = esalt_bufs[digests_offset].contents[3]; + + u32 expected_key[4]; + + expected_key[0] = esalt_bufs[digests_offset].contents[4]; + expected_key[1] = esalt_bufs[digests_offset].contents[5]; + expected_key[2] = esalt_bufs[digests_offset].contents[6]; + expected_key[3] = esalt_bufs[digests_offset].contents[7]; + + u32 last_iv[4]; + + last_iv[0] = esalt_bufs[digests_offset].contents[16]; + last_iv[1] = esalt_bufs[digests_offset].contents[17]; + last_iv[2] = esalt_bufs[digests_offset].contents[18]; + last_iv[3] = esalt_bufs[digests_offset].contents[19]; + + u32 last_key[16]; + + last_key[ 0] = esalt_bufs[digests_offset].contents[20]; + last_key[ 1] = esalt_bufs[digests_offset].contents[21]; + last_key[ 2] = esalt_bufs[digests_offset].contents[22]; + last_key[ 3] = esalt_bufs[digests_offset].contents[23]; + last_key[ 4] = esalt_bufs[digests_offset].contents[24]; + last_key[ 5] = esalt_bufs[digests_offset].contents[25]; + last_key[ 6] = esalt_bufs[digests_offset].contents[26]; + last_key[ 7] = esalt_bufs[digests_offset].contents[27]; + last_key[ 8] = esalt_bufs[digests_offset].contents[28]; + last_key[ 9] = esalt_bufs[digests_offset].contents[29]; + last_key[10] = esalt_bufs[digests_offset].contents[30]; + last_key[11] = esalt_bufs[digests_offset].contents[31]; + last_key[12] = esalt_bufs[digests_offset].contents[32]; + last_key[13] = esalt_bufs[digests_offset].contents[33]; + last_key[14] = esalt_bufs[digests_offset].contents[34]; + last_key[15] = esalt_bufs[digests_offset].contents[35]; + + // hmac_data + + AES256_decrypt (ks, hmac_data, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + iv[0] = hmac_data[0]; + iv[1] = hmac_data[1]; + iv[2] = hmac_data[2]; + iv[3] = hmac_data[3]; + + hmac_data[0] = out[0]; + hmac_data[1] = out[1]; + hmac_data[2] = out[2]; + hmac_data[3] = out[3]; + + // expected_key + + AES256_decrypt (ks, expected_key, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + iv[0] = expected_key[0]; + iv[1] = expected_key[1]; + iv[2] = expected_key[2]; + iv[3] = expected_key[3]; + + expected_key[0] = out[0]; + expected_key[1] = out[1]; + expected_key[2] = out[2]; + expected_key[3] = out[3]; + + // last_key + + iv[0] = last_iv[0]; + iv[1] = last_iv[1]; + iv[2] = last_iv[2]; + iv[3] = last_iv[3]; + + for (int off = 0; off < 16; off += 4) { - u32 data[4]; - - data[0] = esalt_bufs[digests_offset].contents[contents_off + 0]; - data[1] = esalt_bufs[digests_offset].contents[contents_off + 1]; - data[2] = esalt_bufs[digests_offset].contents[contents_off + 2]; - data[3] = esalt_bufs[digests_offset].contents[contents_off + 3]; - - u32 out[4]; - - AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); + AES256_decrypt (ks, last_key + off, out, s_td0, s_td1, s_td2, s_td3, s_td4); out[0] ^= iv[0]; out[1] ^= iv[1]; out[2] ^= iv[2]; out[3] ^= iv[3]; - decrypted[wx_off + 0] = out[0]; - decrypted[wx_off + 1] = out[1]; - decrypted[wx_off + 2] = out[2]; - decrypted[wx_off + 3] = out[3]; + iv[0] = last_key[off + 0]; + iv[1] = last_key[off + 1]; + iv[2] = last_key[off + 2]; + iv[3] = last_key[off + 3]; - iv[0] = data[0]; - iv[1] = data[1]; - iv[2] = data[2]; - iv[3] = data[3]; - - if (contents_off == 32) break; + last_key[off + 0] = out[0]; + last_key[off + 1] = out[1]; + last_key[off + 2] = out[2]; + last_key[off + 3] = out[3]; } w0[0] = tmps[gid].userKey[0]; @@ -674,10 +743,10 @@ KERNEL_FQ void m15900_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v2_t, dpapimk_t)) sha512_hmac_init_128 (&ctx, w0, w1, w2, w3, w4, w5, w6, w7); - w0[0] = decrypted[0]; - w0[1] = decrypted[1]; - w0[2] = decrypted[2]; - w0[3] = decrypted[3]; + w0[0] = hmac_data[0]; + w0[1] = hmac_data[1]; + w0[2] = hmac_data[2]; + w0[3] = hmac_data[3]; w1[0] = 0; w1[1] = 0; w1[2] = 0; @@ -746,22 +815,22 @@ KERNEL_FQ void m15900_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v2_t, dpapimk_t)) sha512_hmac_init_128 (&ctx, w0, w1, w2, w3, w4, w5, w6, w7); - w0[0] = decrypted[20]; - w0[1] = decrypted[21]; - w0[2] = decrypted[22]; - w0[3] = decrypted[23]; - w1[0] = decrypted[24]; - w1[1] = decrypted[25]; - w1[2] = decrypted[26]; - w1[3] = decrypted[27]; - w2[0] = decrypted[28]; - w2[1] = decrypted[29]; - w2[2] = decrypted[30]; - w2[3] = decrypted[31]; - w3[0] = decrypted[32]; - w3[1] = decrypted[33]; - w3[2] = decrypted[34]; - w3[3] = decrypted[35]; + w0[0] = last_key[ 0]; + w0[1] = last_key[ 1]; + w0[2] = last_key[ 2]; + w0[3] = last_key[ 3]; + w1[0] = last_key[ 4]; + w1[1] = last_key[ 5]; + w1[2] = last_key[ 6]; + w1[3] = last_key[ 7]; + w2[0] = last_key[ 8]; + w2[1] = last_key[ 9]; + w2[2] = last_key[10]; + w2[3] = last_key[11]; + w3[0] = last_key[12]; + w3[1] = last_key[13]; + w3[2] = last_key[14]; + w3[3] = last_key[15]; w4[0] = 0; w4[1] = 0; w4[2] = 0; @@ -785,10 +854,10 @@ KERNEL_FQ void m15900_comp (KERN_ATTR_TMPS_ESALT (dpapimk_tmp_v2_t, dpapimk_t)) #define il_pos 0 - if ((decrypted[4] == h32_from_64_S (ctx.opad.h[0])) - && (decrypted[5] == l32_from_64_S (ctx.opad.h[0])) - && (decrypted[6] == h32_from_64_S (ctx.opad.h[1])) - && (decrypted[7] == l32_from_64_S (ctx.opad.h[1]))) + if ((expected_key[0] == h32_from_64_S (ctx.opad.h[0])) + && (expected_key[1] == l32_from_64_S (ctx.opad.h[0])) + && (expected_key[2] == h32_from_64_S (ctx.opad.h[1])) + && (expected_key[3] == l32_from_64_S (ctx.opad.h[1]))) { if (atomic_inc (&hashes_shown[digests_offset]) == 0) { From 48fd7d039fc36b4b51a65227d05ef5385146452e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 22 Feb 2020 20:40:47 +0100 Subject: [PATCH 251/300] Optimize access to s_lotus_magic_table[] in -m 8700 --- OpenCL/m08700_a0-optimized.cl | 66 ++++++++++++++++++++++------ OpenCL/m08700_a1-optimized.cl | 66 ++++++++++++++++++++++------ OpenCL/m08700_a3-optimized.cl | 82 ++++++++++++++++++++++++++--------- 3 files changed, 167 insertions(+), 47 deletions(-) diff --git a/OpenCL/m08700_a0-optimized.cl b/OpenCL/m08700_a0-optimized.cl index 2922cfb39..f173c703a 100644 --- a/OpenCL/m08700_a0-optimized.cl +++ b/OpenCL/m08700_a0-optimized.cl @@ -16,7 +16,9 @@ #include "inc_simd.cl" #endif -CONSTANT_VK u32a lotus_magic_table[256] = +// we just double this buffer so we can safe the & 0xff ;) + +CONSTANT_VK u32a lotus_magic_table[512] = { 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, @@ -50,6 +52,39 @@ CONSTANT_VK u32a lotus_magic_table[256] = 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, + + 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, + 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, + 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, + 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, + 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, + 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, + 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, + 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, + 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, + 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, + 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, + 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, + 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, + 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, + 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, + 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, + 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, }; #if VECT_SIZE == 1 @@ -89,10 +124,10 @@ DECLSPEC void lotus_mix (u32x *in, LOCAL_AS u32 *s_lotus_magic_table) u32x tmp_in = in[j]; u32x tmp_out = 0; - p = (p + s--) & 0xff; p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 0; - p = (p + s--) & 0xff; p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 8; - p = (p + s--) & 0xff; p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 16; - p = (p + s--) & 0xff; p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 24; + p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 0; + p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 8; + p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 16; + p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 24; in[j] = tmp_out; } @@ -110,10 +145,15 @@ DECLSPEC void lotus_transform_password (u32x *in, u32x *out, LOCAL_AS u32 *s_lot #endif for (int i = 0; i < 4; i++) { - t ^= (in[i] >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 0; t = ((out[i] >> 0) & 0xff); - t ^= (in[i] >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 8; t = ((out[i] >> 8) & 0xff); - t ^= (in[i] >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 16; t = ((out[i] >> 16) & 0xff); - t ^= (in[i] >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 24; t = ((out[i] >> 24) & 0xff); + u32x tmp_in = in[i]; + u32x tmp_out = 0; + + t ^= (tmp_in >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 0; t = (tmp_out >> 0) & 0xff; + t ^= (tmp_in >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 8; t = (tmp_out >> 8) & 0xff; + t ^= (tmp_in >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 16; t = (tmp_out >> 16) & 0xff; + t ^= (tmp_in >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 24; t = (tmp_out >> 24) & 0xff; + + out[i] = tmp_out; } } @@ -281,9 +321,9 @@ KERNEL_FQ void m08700_m04 (KERN_ATTR_RULES ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } @@ -468,9 +508,9 @@ KERNEL_FQ void m08700_s04 (KERN_ATTR_RULES ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } diff --git a/OpenCL/m08700_a1-optimized.cl b/OpenCL/m08700_a1-optimized.cl index 02d3873c3..2d5c72266 100644 --- a/OpenCL/m08700_a1-optimized.cl +++ b/OpenCL/m08700_a1-optimized.cl @@ -14,7 +14,9 @@ #include "inc_simd.cl" #endif -CONSTANT_VK u32a lotus_magic_table[256] = +// we just double this buffer so we can safe the & 0xff ;) + +CONSTANT_VK u32a lotus_magic_table[512] = { 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, @@ -48,6 +50,39 @@ CONSTANT_VK u32a lotus_magic_table[256] = 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, + + 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, + 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, + 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, + 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, + 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, + 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, + 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, + 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, + 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, + 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, + 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, + 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, + 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, + 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, + 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, + 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, + 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, }; #if VECT_SIZE == 1 @@ -87,10 +122,10 @@ DECLSPEC void lotus_mix (u32x *in, LOCAL_AS u32 *s_lotus_magic_table) u32x tmp_in = in[j]; u32x tmp_out = 0; - p = (p + s--) & 0xff; p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 0; - p = (p + s--) & 0xff; p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 8; - p = (p + s--) & 0xff; p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 16; - p = (p + s--) & 0xff; p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 24; + p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 0; + p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 8; + p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 16; + p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 24; in[j] = tmp_out; } @@ -108,10 +143,15 @@ DECLSPEC void lotus_transform_password (u32x *in, u32x *out, LOCAL_AS u32 *s_lot #endif for (int i = 0; i < 4; i++) { - t ^= (in[i] >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 0; t = ((out[i] >> 0) & 0xff); - t ^= (in[i] >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 8; t = ((out[i] >> 8) & 0xff); - t ^= (in[i] >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 16; t = ((out[i] >> 16) & 0xff); - t ^= (in[i] >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 24; t = ((out[i] >> 24) & 0xff); + u32x tmp_in = in[i]; + u32x tmp_out = 0; + + t ^= (tmp_in >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 0; t = (tmp_out >> 0) & 0xff; + t ^= (tmp_in >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 8; t = (tmp_out >> 8) & 0xff; + t ^= (tmp_in >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 16; t = (tmp_out >> 16) & 0xff; + t ^= (tmp_in >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 24; t = (tmp_out >> 24) & 0xff; + + out[i] = tmp_out; } } @@ -279,9 +319,9 @@ KERNEL_FQ void m08700_m04 (KERN_ATTR_BASIC ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } @@ -526,9 +566,9 @@ KERNEL_FQ void m08700_s04 (KERN_ATTR_BASIC ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } diff --git a/OpenCL/m08700_a3-optimized.cl b/OpenCL/m08700_a3-optimized.cl index f15b3722d..3fac4daab 100644 --- a/OpenCL/m08700_a3-optimized.cl +++ b/OpenCL/m08700_a3-optimized.cl @@ -13,7 +13,9 @@ #include "inc_simd.cl" #endif -CONSTANT_VK u32a lotus_magic_table[256] = +// we just double this buffer so we can safe the & 0xff ;) + +CONSTANT_VK u32a lotus_magic_table[512] = { 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, @@ -47,6 +49,39 @@ CONSTANT_VK u32a lotus_magic_table[256] = 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, + + 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, + 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, + 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, + 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, + 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, + 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, + 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, + 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, + 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, + 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, + 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, + 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, + 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, + 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, + 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, + 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, + 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, }; #define BOX(S,i) (S)[(i)] @@ -88,10 +123,10 @@ DECLSPEC void lotus_mix (u32x *in, LOCAL_AS u32 *s_lotus_magic_table) u32x tmp_in = in[j]; u32x tmp_out = 0; - p = (p + s--) & 0xff; p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 0; - p = (p + s--) & 0xff; p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 8; - p = (p + s--) & 0xff; p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 16; - p = (p + s--) & 0xff; p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 24; + p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 0; + p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 8; + p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 16; + p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 24; in[j] = tmp_out; } @@ -109,10 +144,15 @@ DECLSPEC void lotus_transform_password (u32x *in, u32x *out, LOCAL_AS u32 *s_lot #endif for (int i = 0; i < 4; i++) { - t ^= (in[i] >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 0; t = ((out[i] >> 0) & 0xff); - t ^= (in[i] >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 8; t = ((out[i] >> 8) & 0xff); - t ^= (in[i] >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 16; t = ((out[i] >> 16) & 0xff); - t ^= (in[i] >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 24; t = ((out[i] >> 24) & 0xff); + u32x tmp_in = in[i]; + u32x tmp_out = 0; + + t ^= (tmp_in >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 0; t = (tmp_out >> 0) & 0xff; + t ^= (tmp_in >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 8; t = (tmp_out >> 8) & 0xff; + t ^= (tmp_in >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 16; t = (tmp_out >> 16) & 0xff; + t ^= (tmp_in >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 24; t = (tmp_out >> 24) & 0xff; + + out[i] = tmp_out; } } @@ -558,9 +598,9 @@ KERNEL_FQ void m08700_m04 (KERN_ATTR_VECTOR ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } @@ -626,9 +666,9 @@ KERNEL_FQ void m08700_m08 (KERN_ATTR_VECTOR ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } @@ -694,9 +734,9 @@ KERNEL_FQ void m08700_m16 (KERN_ATTR_VECTOR ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } @@ -762,9 +802,9 @@ KERNEL_FQ void m08700_s04 (KERN_ATTR_VECTOR ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } @@ -830,9 +870,9 @@ KERNEL_FQ void m08700_s08 (KERN_ATTR_VECTOR ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } @@ -898,9 +938,9 @@ KERNEL_FQ void m08700_s16 (KERN_ATTR_VECTOR ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } From fdde629d429d02355c178e1d9049dbe0df8ff2ee Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 22 Feb 2020 22:53:16 +0100 Subject: [PATCH 252/300] Backport -m 8700 optimization to -m 8600 --- OpenCL/m08600_a0-pure.cl | 45 +++++++++++++++++++++++++++++++---- OpenCL/m08600_a1-pure.cl | 45 +++++++++++++++++++++++++++++++---- OpenCL/m08600_a3-pure.cl | 45 +++++++++++++++++++++++++++++++---- OpenCL/m08700_a0-optimized.cl | 23 +++++++----------- OpenCL/m08700_a1-optimized.cl | 23 +++++++----------- OpenCL/m08700_a3-optimized.cl | 23 +++++++----------- 6 files changed, 147 insertions(+), 57 deletions(-) diff --git a/OpenCL/m08600_a0-pure.cl b/OpenCL/m08600_a0-pure.cl index 486362174..1098de8f3 100644 --- a/OpenCL/m08600_a0-pure.cl +++ b/OpenCL/m08600_a0-pure.cl @@ -16,7 +16,9 @@ #include "inc_simd.cl" #endif -CONSTANT_VK u32a lotus_magic_table[256] = +// we just double this buffer so we can safe the & 0xff ;) + +CONSTANT_VK u32a lotus_magic_table[512] = { 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, @@ -50,6 +52,39 @@ CONSTANT_VK u32a lotus_magic_table[256] = 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, + + 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, + 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, + 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, + 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, + 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, + 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, + 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, + 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, + 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, + 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, + 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, + 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, + 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, + 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, + 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, + 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, + 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, }; #if VECT_SIZE == 1 @@ -244,9 +279,9 @@ KERNEL_FQ void m08600_mxx (KERN_ATTR_RULES ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } @@ -308,9 +343,9 @@ KERNEL_FQ void m08600_sxx (KERN_ATTR_RULES ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } diff --git a/OpenCL/m08600_a1-pure.cl b/OpenCL/m08600_a1-pure.cl index 1260a50cf..8d92c046f 100644 --- a/OpenCL/m08600_a1-pure.cl +++ b/OpenCL/m08600_a1-pure.cl @@ -14,7 +14,9 @@ #include "inc_simd.cl" #endif -CONSTANT_VK u32a lotus_magic_table[256] = +// we just double this buffer so we can safe the & 0xff ;) + +CONSTANT_VK u32a lotus_magic_table[512] = { 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, @@ -48,6 +50,39 @@ CONSTANT_VK u32a lotus_magic_table[256] = 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, + + 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, + 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, + 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, + 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, + 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, + 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, + 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, + 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, + 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, + 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, + 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, + 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, + 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, + 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, + 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, + 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, + 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, }; #if VECT_SIZE == 1 @@ -242,9 +277,9 @@ KERNEL_FQ void m08600_mxx (KERN_ATTR_BASIC ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } @@ -366,9 +401,9 @@ KERNEL_FQ void m08600_sxx (KERN_ATTR_BASIC ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } diff --git a/OpenCL/m08600_a3-pure.cl b/OpenCL/m08600_a3-pure.cl index fc58fcc34..58550b5c1 100644 --- a/OpenCL/m08600_a3-pure.cl +++ b/OpenCL/m08600_a3-pure.cl @@ -13,7 +13,9 @@ #include "inc_simd.cl" #endif -CONSTANT_VK u32a lotus_magic_table[256] = +// we just double this buffer so we can safe the & 0xff ;) + +CONSTANT_VK u32a lotus_magic_table[512] = { 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, @@ -47,6 +49,39 @@ CONSTANT_VK u32a lotus_magic_table[256] = 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, + + 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, + 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, + 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, + 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, + 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, + 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, + 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, + 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, + 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, + 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, + 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, + 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, + 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, + 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, + 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, + 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, + 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, }; #if VECT_SIZE == 1 @@ -347,9 +382,9 @@ KERNEL_FQ void m08600_mxx (KERN_ATTR_VECTOR ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } @@ -404,9 +439,9 @@ KERNEL_FQ void m08600_sxx (KERN_ATTR_VECTOR ()) * sbox */ - LOCAL_VK u32 s_lotus_magic_table[256]; + LOCAL_VK u32 s_lotus_magic_table[512]; - for (u32 i = lid; i < 256; i += lsz) + for (u32 i = lid; i < 512; i += lsz) { s_lotus_magic_table[i] = lotus_magic_table[i]; } diff --git a/OpenCL/m08700_a0-optimized.cl b/OpenCL/m08700_a0-optimized.cl index f173c703a..65d34fdb9 100644 --- a/OpenCL/m08700_a0-optimized.cl +++ b/OpenCL/m08700_a0-optimized.cl @@ -124,17 +124,17 @@ DECLSPEC void lotus_mix (u32x *in, LOCAL_AS u32 *s_lotus_magic_table) u32x tmp_in = in[j]; u32x tmp_out = 0; - p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 0; - p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 8; - p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 16; - p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 24; + p = p + s--; p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 0; + p = p + s--; p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 8; + p = p + s--; p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 16; + p = p + s--; p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 24; in[j] = tmp_out; } } } -DECLSPEC void lotus_transform_password (u32x *in, u32x *out, LOCAL_AS u32 *s_lotus_magic_table) +DECLSPEC void lotus_transform_password (const u32x *in, u32x *out, LOCAL_AS u32 *s_lotus_magic_table) { u32x t = out[3] >> 24; @@ -145,15 +145,10 @@ DECLSPEC void lotus_transform_password (u32x *in, u32x *out, LOCAL_AS u32 *s_lot #endif for (int i = 0; i < 4; i++) { - u32x tmp_in = in[i]; - u32x tmp_out = 0; - - t ^= (tmp_in >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 0; t = (tmp_out >> 0) & 0xff; - t ^= (tmp_in >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 8; t = (tmp_out >> 8) & 0xff; - t ^= (tmp_in >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 16; t = (tmp_out >> 16) & 0xff; - t ^= (tmp_in >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 24; t = (tmp_out >> 24) & 0xff; - - out[i] = tmp_out; + t ^= (in[i] >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 0; t = ((out[i] >> 0) & 0xff); + t ^= (in[i] >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 8; t = ((out[i] >> 8) & 0xff); + t ^= (in[i] >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 16; t = ((out[i] >> 16) & 0xff); + t ^= (in[i] >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 24; t = ((out[i] >> 24) & 0xff); } } diff --git a/OpenCL/m08700_a1-optimized.cl b/OpenCL/m08700_a1-optimized.cl index 2d5c72266..745475445 100644 --- a/OpenCL/m08700_a1-optimized.cl +++ b/OpenCL/m08700_a1-optimized.cl @@ -122,17 +122,17 @@ DECLSPEC void lotus_mix (u32x *in, LOCAL_AS u32 *s_lotus_magic_table) u32x tmp_in = in[j]; u32x tmp_out = 0; - p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 0; - p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 8; - p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 16; - p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 24; + p = p + s--; p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 0; + p = p + s--; p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 8; + p = p + s--; p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 16; + p = p + s--; p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 24; in[j] = tmp_out; } } } -DECLSPEC void lotus_transform_password (u32x *in, u32x *out, LOCAL_AS u32 *s_lotus_magic_table) +DECLSPEC void lotus_transform_password (const u32x *in, u32x *out, LOCAL_AS u32 *s_lotus_magic_table) { u32x t = out[3] >> 24; @@ -143,15 +143,10 @@ DECLSPEC void lotus_transform_password (u32x *in, u32x *out, LOCAL_AS u32 *s_lot #endif for (int i = 0; i < 4; i++) { - u32x tmp_in = in[i]; - u32x tmp_out = 0; - - t ^= (tmp_in >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 0; t = (tmp_out >> 0) & 0xff; - t ^= (tmp_in >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 8; t = (tmp_out >> 8) & 0xff; - t ^= (tmp_in >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 16; t = (tmp_out >> 16) & 0xff; - t ^= (tmp_in >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 24; t = (tmp_out >> 24) & 0xff; - - out[i] = tmp_out; + t ^= (in[i] >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 0; t = ((out[i] >> 0) & 0xff); + t ^= (in[i] >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 8; t = ((out[i] >> 8) & 0xff); + t ^= (in[i] >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 16; t = ((out[i] >> 16) & 0xff); + t ^= (in[i] >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 24; t = ((out[i] >> 24) & 0xff); } } diff --git a/OpenCL/m08700_a3-optimized.cl b/OpenCL/m08700_a3-optimized.cl index 3fac4daab..2a13fd3d8 100644 --- a/OpenCL/m08700_a3-optimized.cl +++ b/OpenCL/m08700_a3-optimized.cl @@ -123,17 +123,17 @@ DECLSPEC void lotus_mix (u32x *in, LOCAL_AS u32 *s_lotus_magic_table) u32x tmp_in = in[j]; u32x tmp_out = 0; - p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 0; - p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 8; - p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 16; - p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, (p + s--)); tmp_out |= p << 24; + p = p + s--; p = ((tmp_in >> 0) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 0; + p = p + s--; p = ((tmp_in >> 8) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 8; + p = p + s--; p = ((tmp_in >> 16) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 16; + p = p + s--; p = ((tmp_in >> 24) & 0xff) ^ BOX1 (s_lotus_magic_table, p); tmp_out |= p << 24; in[j] = tmp_out; } } } -DECLSPEC void lotus_transform_password (u32x *in, u32x *out, LOCAL_AS u32 *s_lotus_magic_table) +DECLSPEC void lotus_transform_password (const u32x *in, u32x *out, LOCAL_AS u32 *s_lotus_magic_table) { u32x t = out[3] >> 24; @@ -144,15 +144,10 @@ DECLSPEC void lotus_transform_password (u32x *in, u32x *out, LOCAL_AS u32 *s_lot #endif for (int i = 0; i < 4; i++) { - u32x tmp_in = in[i]; - u32x tmp_out = 0; - - t ^= (tmp_in >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 0; t = (tmp_out >> 0) & 0xff; - t ^= (tmp_in >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 8; t = (tmp_out >> 8) & 0xff; - t ^= (tmp_in >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 16; t = (tmp_out >> 16) & 0xff; - t ^= (tmp_in >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); tmp_out ^= c << 24; t = (tmp_out >> 24) & 0xff; - - out[i] = tmp_out; + t ^= (in[i] >> 0) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 0; t = ((out[i] >> 0) & 0xff); + t ^= (in[i] >> 8) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 8; t = ((out[i] >> 8) & 0xff); + t ^= (in[i] >> 16) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 16; t = ((out[i] >> 16) & 0xff); + t ^= (in[i] >> 24) & 0xff; c = BOX1 (s_lotus_magic_table, t); out[i] ^= c << 24; t = ((out[i] >> 24) & 0xff); } } From 4c2ef5993aaafb5ada1f7b3dec69e6fb90843b2f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 23 Feb 2020 15:21:34 +0100 Subject: [PATCH 253/300] Set -m 7000 to OPTS_TYPE_PT_GENERATE_BE mode to slightly improve performance --- OpenCL/m07000_a3-optimized.cl | 100 +++++++++++++++++----------------- OpenCL/m07000_a3-pure.cl | 4 +- src/modules/module_07000.c | 2 +- 3 files changed, 53 insertions(+), 53 deletions(-) diff --git a/OpenCL/m07000_a3-optimized.cl b/OpenCL/m07000_a3-optimized.cl index 5757962da..0ab3f796e 100644 --- a/OpenCL/m07000_a3-optimized.cl +++ b/OpenCL/m07000_a3-optimized.cl @@ -32,9 +32,9 @@ DECLSPEC void m07000m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER u32 salt_buf2[4]; u32 salt_buf3[4]; - salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf0[2] = salt_bufs[salt_pos].salt_buf[2]; + salt_buf0[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf0[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf0[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); salt_buf0[3] = 0; salt_buf1[0] = 0; salt_buf1[1] = 0; @@ -56,12 +56,12 @@ DECLSPEC void m07000m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER u32 magic_buf2[4]; u32 magic_buf3[4]; - magic_buf0[0] = FORTIGATE_A; - magic_buf0[1] = FORTIGATE_B; - magic_buf0[2] = FORTIGATE_C; - magic_buf0[3] = FORTIGATE_D; - magic_buf1[0] = FORTIGATE_E; - magic_buf1[1] = FORTIGATE_F; + magic_buf0[0] = hc_swap32_S (FORTIGATE_A); + magic_buf0[1] = hc_swap32_S (FORTIGATE_B); + magic_buf0[2] = hc_swap32_S (FORTIGATE_C); + magic_buf0[3] = hc_swap32_S (FORTIGATE_D); + magic_buf1[0] = hc_swap32_S (FORTIGATE_E); + magic_buf1[1] = hc_swap32_S (FORTIGATE_F); magic_buf1[2] = 0; magic_buf1[3] = 0; magic_buf2[0] = 0; @@ -77,7 +77,7 @@ DECLSPEC void m07000m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER const u32 salt_pw_len = salt_len + pw_len; - switch_buffer_by_offset_le_S (magic_buf0, magic_buf1, magic_buf2, magic_buf3, salt_pw_len); + switch_buffer_by_offset_be_S (magic_buf0, magic_buf1, magic_buf2, magic_buf3, salt_pw_len); salt_buf0[0] |= magic_buf0[0]; salt_buf0[1] |= magic_buf0[1]; @@ -98,7 +98,7 @@ DECLSPEC void m07000m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER const u32 final_len = salt_len + pw_len + magic_len; - append_0x80_4x4_S (salt_buf0, salt_buf1, salt_buf2, salt_buf3, final_len); + append_0x80_4x4_S (salt_buf0, salt_buf1, salt_buf2, salt_buf3, final_len ^ 3); /** * loop @@ -158,20 +158,20 @@ DECLSPEC void m07000m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER * sha1 */ - u32x w0_t = hc_swap32 (t0[0]); - u32x w1_t = hc_swap32 (t0[1]); - u32x w2_t = hc_swap32 (t0[2]); - u32x w3_t = hc_swap32 (t0[3]); - u32x w4_t = hc_swap32 (t1[0]); - u32x w5_t = hc_swap32 (t1[1]); - u32x w6_t = hc_swap32 (t1[2]); - u32x w7_t = hc_swap32 (t1[3]); - u32x w8_t = hc_swap32 (t2[0]); - u32x w9_t = hc_swap32 (t2[1]); - u32x wa_t = hc_swap32 (t2[2]); - u32x wb_t = hc_swap32 (t2[3]); - u32x wc_t = hc_swap32 (t3[0]); - u32x wd_t = hc_swap32 (t3[1]); + u32x w0_t = t0[0]; + u32x w1_t = t0[1]; + u32x w2_t = t0[2]; + u32x w3_t = t0[3]; + u32x w4_t = t1[0]; + u32x w5_t = t1[1]; + u32x w6_t = t1[2]; + u32x w7_t = t1[3]; + u32x w8_t = t2[0]; + u32x w9_t = t2[1]; + u32x wa_t = t2[2]; + u32x wb_t = t2[3]; + u32x wc_t = t3[0]; + u32x wd_t = t3[1]; u32x we_t = 0; u32x wf_t = final_len * 8; @@ -299,9 +299,9 @@ DECLSPEC void m07000s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER u32 salt_buf2[4]; u32 salt_buf3[4]; - salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf0[2] = salt_bufs[salt_pos].salt_buf[2]; + salt_buf0[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); + salt_buf0[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]); + salt_buf0[2] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[2]); salt_buf0[3] = 0; salt_buf1[0] = 0; salt_buf1[1] = 0; @@ -323,12 +323,12 @@ DECLSPEC void m07000s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER u32 magic_buf2[4]; u32 magic_buf3[4]; - magic_buf0[0] = FORTIGATE_A; - magic_buf0[1] = FORTIGATE_B; - magic_buf0[2] = FORTIGATE_C; - magic_buf0[3] = FORTIGATE_D; - magic_buf1[0] = FORTIGATE_E; - magic_buf1[1] = FORTIGATE_F; + magic_buf0[0] = hc_swap32_S (FORTIGATE_A); + magic_buf0[1] = hc_swap32_S (FORTIGATE_B); + magic_buf0[2] = hc_swap32_S (FORTIGATE_C); + magic_buf0[3] = hc_swap32_S (FORTIGATE_D); + magic_buf1[0] = hc_swap32_S (FORTIGATE_E); + magic_buf1[1] = hc_swap32_S (FORTIGATE_F); magic_buf1[2] = 0; magic_buf1[3] = 0; magic_buf2[0] = 0; @@ -344,7 +344,7 @@ DECLSPEC void m07000s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER const u32 salt_pw_len = salt_len + pw_len; - switch_buffer_by_offset_le_S (magic_buf0, magic_buf1, magic_buf2, magic_buf3, salt_pw_len); + switch_buffer_by_offset_be_S (magic_buf0, magic_buf1, magic_buf2, magic_buf3, salt_pw_len); salt_buf0[0] |= magic_buf0[0]; salt_buf0[1] |= magic_buf0[1]; @@ -365,7 +365,7 @@ DECLSPEC void m07000s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER const u32 final_len = salt_len + pw_len + magic_len; - append_0x80_4x4_S (salt_buf0, salt_buf1, salt_buf2, salt_buf3, final_len); + append_0x80_4x4_S (salt_buf0, salt_buf1, salt_buf2, salt_buf3, final_len ^ 3); /** * digest @@ -443,20 +443,20 @@ DECLSPEC void m07000s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER * sha1 */ - u32x w0_t = hc_swap32 (t0[0]); - u32x w1_t = hc_swap32 (t0[1]); - u32x w2_t = hc_swap32 (t0[2]); - u32x w3_t = hc_swap32 (t0[3]); - u32x w4_t = hc_swap32 (t1[0]); - u32x w5_t = hc_swap32 (t1[1]); - u32x w6_t = hc_swap32 (t1[2]); - u32x w7_t = hc_swap32 (t1[3]); - u32x w8_t = hc_swap32 (t2[0]); - u32x w9_t = hc_swap32 (t2[1]); - u32x wa_t = hc_swap32 (t2[2]); - u32x wb_t = hc_swap32 (t2[3]); - u32x wc_t = hc_swap32 (t3[0]); - u32x wd_t = hc_swap32 (t3[1]); + u32x w0_t = t0[0]; + u32x w1_t = t0[1]; + u32x w2_t = t0[2]; + u32x w3_t = t0[3]; + u32x w4_t = t1[0]; + u32x w5_t = t1[1]; + u32x w6_t = t1[2]; + u32x w7_t = t1[3]; + u32x w8_t = t2[0]; + u32x w9_t = t2[1]; + u32x wa_t = t2[2]; + u32x wb_t = t2[3]; + u32x wc_t = t3[0]; + u32x wd_t = t3[1]; u32x we_t = 0; u32x wf_t = final_len * 8; diff --git a/OpenCL/m07000_a3-pure.cl b/OpenCL/m07000_a3-pure.cl index db6f00a5f..aca25c9df 100644 --- a/OpenCL/m07000_a3-pure.cl +++ b/OpenCL/m07000_a3-pure.cl @@ -62,7 +62,7 @@ KERNEL_FQ void m07000_mxx (KERN_ATTR_VECTOR ()) sha1_init_vector_from_scalar (&ctx, &ctx0); - sha1_update_vector_swap (&ctx, w, pw_len); + sha1_update_vector (&ctx, w, pw_len); /** * pepper @@ -163,7 +163,7 @@ KERNEL_FQ void m07000_sxx (KERN_ATTR_VECTOR ()) sha1_init_vector_from_scalar (&ctx, &ctx0); - sha1_update_vector_swap (&ctx, w, pw_len); + sha1_update_vector (&ctx, w, pw_len); /** * pepper diff --git a/src/modules/module_07000.c b/src/modules/module_07000.c index 44f23cbc2..398191d92 100644 --- a/src/modules/module_07000.c +++ b/src/modules/module_07000.c @@ -22,7 +22,7 @@ static const u64 KERN_TYPE = 7000; static const u32 OPTI_TYPE = OPTI_TYPE_PRECOMPUTE_INIT | OPTI_TYPE_EARLY_SKIP | OPTI_TYPE_NOT_ITERATED; -static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_BE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "AK1FCIhM0IUIQVFJgcDFwLCMi7GppdwtRzMyDpFOFxdpH8="; From ed893e86fb824cc02c6d2117b51bad45556bd774 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 23 Feb 2020 16:30:29 +0100 Subject: [PATCH 254/300] Move esalt buffer in -m 7300 to shared memory to slightly improve performance --- OpenCL/m07300_a0-optimized.cl | 146 ++++++++++--------- OpenCL/m07300_a1-optimized.cl | 146 ++++++++++--------- OpenCL/m07300_a3-optimized.cl | 262 ++++++++++++++++++++++++---------- 3 files changed, 352 insertions(+), 202 deletions(-) diff --git a/OpenCL/m07300_a0-optimized.cl b/OpenCL/m07300_a0-optimized.cl index 35f4a3639..2deb27bac 100644 --- a/OpenCL/m07300_a0-optimized.cl +++ b/OpenCL/m07300_a0-optimized.cl @@ -118,13 +118,22 @@ KERNEL_FQ void m07300_m04 (KERN_ATTR_RULES_ESALT (rakp_t)) * modifier */ + const u64 gid = get_global_id (0); const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); /** - * base + * s_msg */ - const u64 gid = get_global_id (0); + LOCAL_VK u32 s_esalt_buf[128]; + + for (u32 i = lid; i < 128; i += lsz) + { + s_esalt_buf[i] = esalt_bufs[digests_offset].salt_buf[i]; + } + + SYNC_THREADS (); if (gid >= gid_max) return; @@ -186,40 +195,40 @@ KERNEL_FQ void m07300_m04 (KERN_ATTR_RULES_ESALT (rakp_t)) for (esalt_left = esalt_size, esalt_off = 0; esalt_left >= 56; esalt_left -= 64, esalt_off += 16) { - w0[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; - w3[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 14]; - w3[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 15]; + w0[0] = s_esalt_buf[esalt_off + 0]; + w0[1] = s_esalt_buf[esalt_off + 1]; + w0[2] = s_esalt_buf[esalt_off + 2]; + w0[3] = s_esalt_buf[esalt_off + 3]; + w1[0] = s_esalt_buf[esalt_off + 4]; + w1[1] = s_esalt_buf[esalt_off + 5]; + w1[2] = s_esalt_buf[esalt_off + 6]; + w1[3] = s_esalt_buf[esalt_off + 7]; + w2[0] = s_esalt_buf[esalt_off + 8]; + w2[1] = s_esalt_buf[esalt_off + 9]; + w2[2] = s_esalt_buf[esalt_off + 10]; + w2[3] = s_esalt_buf[esalt_off + 11]; + w3[0] = s_esalt_buf[esalt_off + 12]; + w3[1] = s_esalt_buf[esalt_off + 13]; + w3[2] = s_esalt_buf[esalt_off + 14]; + w3[3] = s_esalt_buf[esalt_off + 15]; sha1_transform_vector (w0, w1, w2, w3, ipad); } - w0[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; + w0[0] = s_esalt_buf[esalt_off + 0]; + w0[1] = s_esalt_buf[esalt_off + 1]; + w0[2] = s_esalt_buf[esalt_off + 2]; + w0[3] = s_esalt_buf[esalt_off + 3]; + w1[0] = s_esalt_buf[esalt_off + 4]; + w1[1] = s_esalt_buf[esalt_off + 5]; + w1[2] = s_esalt_buf[esalt_off + 6]; + w1[3] = s_esalt_buf[esalt_off + 7]; + w2[0] = s_esalt_buf[esalt_off + 8]; + w2[1] = s_esalt_buf[esalt_off + 9]; + w2[2] = s_esalt_buf[esalt_off + 10]; + w2[3] = s_esalt_buf[esalt_off + 11]; + w3[0] = s_esalt_buf[esalt_off + 12]; + w3[1] = s_esalt_buf[esalt_off + 13]; w3[2] = 0; w3[3] = (64 + esalt_size) * 8; @@ -245,13 +254,22 @@ KERNEL_FQ void m07300_s04 (KERN_ATTR_RULES_ESALT (rakp_t)) * modifier */ + const u64 gid = get_global_id (0); const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); /** - * base + * s_msg */ - const u64 gid = get_global_id (0); + LOCAL_VK u32 s_esalt_buf[128]; + + for (u32 i = lid; i < 128; i += lsz) + { + s_esalt_buf[i] = esalt_bufs[digests_offset].salt_buf[i]; + } + + SYNC_THREADS (); if (gid >= gid_max) return; @@ -325,40 +343,40 @@ KERNEL_FQ void m07300_s04 (KERN_ATTR_RULES_ESALT (rakp_t)) for (esalt_left = esalt_size, esalt_off = 0; esalt_left >= 56; esalt_left -= 64, esalt_off += 16) { - w0[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; - w3[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 14]; - w3[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 15]; + w0[0] = s_esalt_buf[esalt_off + 0]; + w0[1] = s_esalt_buf[esalt_off + 1]; + w0[2] = s_esalt_buf[esalt_off + 2]; + w0[3] = s_esalt_buf[esalt_off + 3]; + w1[0] = s_esalt_buf[esalt_off + 4]; + w1[1] = s_esalt_buf[esalt_off + 5]; + w1[2] = s_esalt_buf[esalt_off + 6]; + w1[3] = s_esalt_buf[esalt_off + 7]; + w2[0] = s_esalt_buf[esalt_off + 8]; + w2[1] = s_esalt_buf[esalt_off + 9]; + w2[2] = s_esalt_buf[esalt_off + 10]; + w2[3] = s_esalt_buf[esalt_off + 11]; + w3[0] = s_esalt_buf[esalt_off + 12]; + w3[1] = s_esalt_buf[esalt_off + 13]; + w3[2] = s_esalt_buf[esalt_off + 14]; + w3[3] = s_esalt_buf[esalt_off + 15]; sha1_transform_vector (w0, w1, w2, w3, ipad); } - w0[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; + w0[0] = s_esalt_buf[esalt_off + 0]; + w0[1] = s_esalt_buf[esalt_off + 1]; + w0[2] = s_esalt_buf[esalt_off + 2]; + w0[3] = s_esalt_buf[esalt_off + 3]; + w1[0] = s_esalt_buf[esalt_off + 4]; + w1[1] = s_esalt_buf[esalt_off + 5]; + w1[2] = s_esalt_buf[esalt_off + 6]; + w1[3] = s_esalt_buf[esalt_off + 7]; + w2[0] = s_esalt_buf[esalt_off + 8]; + w2[1] = s_esalt_buf[esalt_off + 9]; + w2[2] = s_esalt_buf[esalt_off + 10]; + w2[3] = s_esalt_buf[esalt_off + 11]; + w3[0] = s_esalt_buf[esalt_off + 12]; + w3[1] = s_esalt_buf[esalt_off + 13]; w3[2] = 0; w3[3] = (64 + esalt_size) * 8; diff --git a/OpenCL/m07300_a1-optimized.cl b/OpenCL/m07300_a1-optimized.cl index 83fce7cf9..21e1e0d2f 100644 --- a/OpenCL/m07300_a1-optimized.cl +++ b/OpenCL/m07300_a1-optimized.cl @@ -116,13 +116,22 @@ KERNEL_FQ void m07300_m04 (KERN_ATTR_ESALT (rakp_t)) * modifier */ + const u64 gid = get_global_id (0); const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); /** - * base + * s_msg */ - const u64 gid = get_global_id (0); + LOCAL_VK u32 s_esalt_buf[128]; + + for (u32 i = lid; i < 128; i += lsz) + { + s_esalt_buf[i] = esalt_bufs[digests_offset].salt_buf[i]; + } + + SYNC_THREADS (); if (gid >= gid_max) return; @@ -252,40 +261,40 @@ KERNEL_FQ void m07300_m04 (KERN_ATTR_ESALT (rakp_t)) for (esalt_left = esalt_size, esalt_off = 0; esalt_left >= 56; esalt_left -= 64, esalt_off += 16) { - w0[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; - w3[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 14]; - w3[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 15]; + w0[0] = s_esalt_buf[esalt_off + 0]; + w0[1] = s_esalt_buf[esalt_off + 1]; + w0[2] = s_esalt_buf[esalt_off + 2]; + w0[3] = s_esalt_buf[esalt_off + 3]; + w1[0] = s_esalt_buf[esalt_off + 4]; + w1[1] = s_esalt_buf[esalt_off + 5]; + w1[2] = s_esalt_buf[esalt_off + 6]; + w1[3] = s_esalt_buf[esalt_off + 7]; + w2[0] = s_esalt_buf[esalt_off + 8]; + w2[1] = s_esalt_buf[esalt_off + 9]; + w2[2] = s_esalt_buf[esalt_off + 10]; + w2[3] = s_esalt_buf[esalt_off + 11]; + w3[0] = s_esalt_buf[esalt_off + 12]; + w3[1] = s_esalt_buf[esalt_off + 13]; + w3[2] = s_esalt_buf[esalt_off + 14]; + w3[3] = s_esalt_buf[esalt_off + 15]; sha1_transform_vector (w0, w1, w2, w3, ipad); } - w0[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; + w0[0] = s_esalt_buf[esalt_off + 0]; + w0[1] = s_esalt_buf[esalt_off + 1]; + w0[2] = s_esalt_buf[esalt_off + 2]; + w0[3] = s_esalt_buf[esalt_off + 3]; + w1[0] = s_esalt_buf[esalt_off + 4]; + w1[1] = s_esalt_buf[esalt_off + 5]; + w1[2] = s_esalt_buf[esalt_off + 6]; + w1[3] = s_esalt_buf[esalt_off + 7]; + w2[0] = s_esalt_buf[esalt_off + 8]; + w2[1] = s_esalt_buf[esalt_off + 9]; + w2[2] = s_esalt_buf[esalt_off + 10]; + w2[3] = s_esalt_buf[esalt_off + 11]; + w3[0] = s_esalt_buf[esalt_off + 12]; + w3[1] = s_esalt_buf[esalt_off + 13]; w3[2] = 0; w3[3] = (64 + esalt_size) * 8; @@ -311,13 +320,22 @@ KERNEL_FQ void m07300_s04 (KERN_ATTR_ESALT (rakp_t)) * modifier */ + const u64 gid = get_global_id (0); const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); /** - * base + * s_msg */ - const u64 gid = get_global_id (0); + LOCAL_VK u32 s_esalt_buf[128]; + + for (u32 i = lid; i < 128; i += lsz) + { + s_esalt_buf[i] = esalt_bufs[digests_offset].salt_buf[i]; + } + + SYNC_THREADS (); if (gid >= gid_max) return; @@ -459,40 +477,40 @@ KERNEL_FQ void m07300_s04 (KERN_ATTR_ESALT (rakp_t)) for (esalt_left = esalt_size, esalt_off = 0; esalt_left >= 56; esalt_left -= 64, esalt_off += 16) { - w0[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; - w3[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 14]; - w3[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 15]; + w0[0] = s_esalt_buf[esalt_off + 0]; + w0[1] = s_esalt_buf[esalt_off + 1]; + w0[2] = s_esalt_buf[esalt_off + 2]; + w0[3] = s_esalt_buf[esalt_off + 3]; + w1[0] = s_esalt_buf[esalt_off + 4]; + w1[1] = s_esalt_buf[esalt_off + 5]; + w1[2] = s_esalt_buf[esalt_off + 6]; + w1[3] = s_esalt_buf[esalt_off + 7]; + w2[0] = s_esalt_buf[esalt_off + 8]; + w2[1] = s_esalt_buf[esalt_off + 9]; + w2[2] = s_esalt_buf[esalt_off + 10]; + w2[3] = s_esalt_buf[esalt_off + 11]; + w3[0] = s_esalt_buf[esalt_off + 12]; + w3[1] = s_esalt_buf[esalt_off + 13]; + w3[2] = s_esalt_buf[esalt_off + 14]; + w3[3] = s_esalt_buf[esalt_off + 15]; sha1_transform_vector (w0, w1, w2, w3, ipad); } - w0[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; + w0[0] = s_esalt_buf[esalt_off + 0]; + w0[1] = s_esalt_buf[esalt_off + 1]; + w0[2] = s_esalt_buf[esalt_off + 2]; + w0[3] = s_esalt_buf[esalt_off + 3]; + w1[0] = s_esalt_buf[esalt_off + 4]; + w1[1] = s_esalt_buf[esalt_off + 5]; + w1[2] = s_esalt_buf[esalt_off + 6]; + w1[3] = s_esalt_buf[esalt_off + 7]; + w2[0] = s_esalt_buf[esalt_off + 8]; + w2[1] = s_esalt_buf[esalt_off + 9]; + w2[2] = s_esalt_buf[esalt_off + 10]; + w2[3] = s_esalt_buf[esalt_off + 11]; + w3[0] = s_esalt_buf[esalt_off + 12]; + w3[1] = s_esalt_buf[esalt_off + 13]; w3[2] = 0; w3[3] = (64 + esalt_size) * 8; diff --git a/OpenCL/m07300_a3-optimized.cl b/OpenCL/m07300_a3-optimized.cl index b3b74c963..a8a2904a7 100644 --- a/OpenCL/m07300_a3-optimized.cl +++ b/OpenCL/m07300_a3-optimized.cl @@ -110,7 +110,7 @@ DECLSPEC void hmac_sha1_run (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, sha1_transform_vector (w0, w1, w2, w3, digest); } -DECLSPEC void m07300m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_ESALT (rakp_t)) +DECLSPEC void m07300m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_ESALT (rakp_t), LOCAL_AS u32 *s_esalt_buf) { /** * modifier @@ -175,40 +175,40 @@ DECLSPEC void m07300m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER for (esalt_left = esalt_size, esalt_off = 0; esalt_left >= 56; esalt_left -= 64, esalt_off += 16) { - w0_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; - w3_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 14]; - w3_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 15]; + w0_t[0] = s_esalt_buf[esalt_off + 0]; + w0_t[1] = s_esalt_buf[esalt_off + 1]; + w0_t[2] = s_esalt_buf[esalt_off + 2]; + w0_t[3] = s_esalt_buf[esalt_off + 3]; + w1_t[0] = s_esalt_buf[esalt_off + 4]; + w1_t[1] = s_esalt_buf[esalt_off + 5]; + w1_t[2] = s_esalt_buf[esalt_off + 6]; + w1_t[3] = s_esalt_buf[esalt_off + 7]; + w2_t[0] = s_esalt_buf[esalt_off + 8]; + w2_t[1] = s_esalt_buf[esalt_off + 9]; + w2_t[2] = s_esalt_buf[esalt_off + 10]; + w2_t[3] = s_esalt_buf[esalt_off + 11]; + w3_t[0] = s_esalt_buf[esalt_off + 12]; + w3_t[1] = s_esalt_buf[esalt_off + 13]; + w3_t[2] = s_esalt_buf[esalt_off + 14]; + w3_t[3] = s_esalt_buf[esalt_off + 15]; sha1_transform_vector (w0_t, w1_t, w2_t, w3_t, ipad); } - w0_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; + w0_t[0] = s_esalt_buf[esalt_off + 0]; + w0_t[1] = s_esalt_buf[esalt_off + 1]; + w0_t[2] = s_esalt_buf[esalt_off + 2]; + w0_t[3] = s_esalt_buf[esalt_off + 3]; + w1_t[0] = s_esalt_buf[esalt_off + 4]; + w1_t[1] = s_esalt_buf[esalt_off + 5]; + w1_t[2] = s_esalt_buf[esalt_off + 6]; + w1_t[3] = s_esalt_buf[esalt_off + 7]; + w2_t[0] = s_esalt_buf[esalt_off + 8]; + w2_t[1] = s_esalt_buf[esalt_off + 9]; + w2_t[2] = s_esalt_buf[esalt_off + 10]; + w2_t[3] = s_esalt_buf[esalt_off + 11]; + w3_t[0] = s_esalt_buf[esalt_off + 12]; + w3_t[1] = s_esalt_buf[esalt_off + 13]; w3_t[2] = 0; w3_t[3] = (64 + esalt_size) * 8; @@ -220,7 +220,7 @@ DECLSPEC void m07300m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER } } -DECLSPEC void m07300s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_ESALT (rakp_t)) +DECLSPEC void m07300s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_ESALT (rakp_t), LOCAL_AS u32 *s_esalt_buf) { /** * modifier @@ -297,40 +297,40 @@ DECLSPEC void m07300s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER for (esalt_left = esalt_size, esalt_off = 0; esalt_left >= 56; esalt_left -= 64, esalt_off += 16) { - w0_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; - w3_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 14]; - w3_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 15]; + w0_t[0] = s_esalt_buf[esalt_off + 0]; + w0_t[1] = s_esalt_buf[esalt_off + 1]; + w0_t[2] = s_esalt_buf[esalt_off + 2]; + w0_t[3] = s_esalt_buf[esalt_off + 3]; + w1_t[0] = s_esalt_buf[esalt_off + 4]; + w1_t[1] = s_esalt_buf[esalt_off + 5]; + w1_t[2] = s_esalt_buf[esalt_off + 6]; + w1_t[3] = s_esalt_buf[esalt_off + 7]; + w2_t[0] = s_esalt_buf[esalt_off + 8]; + w2_t[1] = s_esalt_buf[esalt_off + 9]; + w2_t[2] = s_esalt_buf[esalt_off + 10]; + w2_t[3] = s_esalt_buf[esalt_off + 11]; + w3_t[0] = s_esalt_buf[esalt_off + 12]; + w3_t[1] = s_esalt_buf[esalt_off + 13]; + w3_t[2] = s_esalt_buf[esalt_off + 14]; + w3_t[3] = s_esalt_buf[esalt_off + 15]; sha1_transform_vector (w0_t, w1_t, w2_t, w3_t, ipad); } - w0_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 0]; - w0_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 1]; - w0_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 2]; - w0_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 3]; - w1_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 4]; - w1_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 5]; - w1_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 6]; - w1_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 7]; - w2_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 8]; - w2_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 9]; - w2_t[2] = esalt_bufs[digests_offset].salt_buf[esalt_off + 10]; - w2_t[3] = esalt_bufs[digests_offset].salt_buf[esalt_off + 11]; - w3_t[0] = esalt_bufs[digests_offset].salt_buf[esalt_off + 12]; - w3_t[1] = esalt_bufs[digests_offset].salt_buf[esalt_off + 13]; + w0_t[0] = s_esalt_buf[esalt_off + 0]; + w0_t[1] = s_esalt_buf[esalt_off + 1]; + w0_t[2] = s_esalt_buf[esalt_off + 2]; + w0_t[3] = s_esalt_buf[esalt_off + 3]; + w1_t[0] = s_esalt_buf[esalt_off + 4]; + w1_t[1] = s_esalt_buf[esalt_off + 5]; + w1_t[2] = s_esalt_buf[esalt_off + 6]; + w1_t[3] = s_esalt_buf[esalt_off + 7]; + w2_t[0] = s_esalt_buf[esalt_off + 8]; + w2_t[1] = s_esalt_buf[esalt_off + 9]; + w2_t[2] = s_esalt_buf[esalt_off + 10]; + w2_t[3] = s_esalt_buf[esalt_off + 11]; + w3_t[0] = s_esalt_buf[esalt_off + 12]; + w3_t[1] = s_esalt_buf[esalt_off + 13]; w3_t[2] = 0; w3_t[3] = (64 + esalt_size) * 8; @@ -345,13 +345,32 @@ DECLSPEC void m07300s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER KERNEL_FQ void m07300_m04 (KERN_ATTR_ESALT (rakp_t)) { /** - * base + * modifier */ const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * s_msg + */ + + LOCAL_VK u32 s_esalt_buf[128]; + + for (u32 i = lid; i < 128; i += lsz) + { + s_esalt_buf[i] = esalt_bufs[digests_offset].salt_buf[i]; + } + + SYNC_THREADS (); if (gid >= gid_max) return; + /** + * base + */ + u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -386,19 +405,38 @@ KERNEL_FQ void m07300_m04 (KERN_ATTR_ESALT (rakp_t)) * main */ - m07300m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07300m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_esalt_buf); } KERNEL_FQ void m07300_m08 (KERN_ATTR_ESALT (rakp_t)) { /** - * base + * modifier */ const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * s_msg + */ + + LOCAL_VK u32 s_esalt_buf[128]; + + for (u32 i = lid; i < 128; i += lsz) + { + s_esalt_buf[i] = esalt_bufs[digests_offset].salt_buf[i]; + } + + SYNC_THREADS (); if (gid >= gid_max) return; + /** + * base + */ + u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -433,19 +471,38 @@ KERNEL_FQ void m07300_m08 (KERN_ATTR_ESALT (rakp_t)) * main */ - m07300m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07300m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_esalt_buf); } KERNEL_FQ void m07300_m16 (KERN_ATTR_ESALT (rakp_t)) { /** - * base + * modifier */ const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * s_msg + */ + + LOCAL_VK u32 s_esalt_buf[128]; + + for (u32 i = lid; i < 128; i += lsz) + { + s_esalt_buf[i] = esalt_bufs[digests_offset].salt_buf[i]; + } + + SYNC_THREADS (); if (gid >= gid_max) return; + /** + * base + */ + u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -480,19 +537,38 @@ KERNEL_FQ void m07300_m16 (KERN_ATTR_ESALT (rakp_t)) * main */ - m07300m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07300m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_esalt_buf); } KERNEL_FQ void m07300_s04 (KERN_ATTR_ESALT (rakp_t)) { /** - * base + * modifier */ const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * s_msg + */ + + LOCAL_VK u32 s_esalt_buf[128]; + + for (u32 i = lid; i < 128; i += lsz) + { + s_esalt_buf[i] = esalt_bufs[digests_offset].salt_buf[i]; + } + + SYNC_THREADS (); if (gid >= gid_max) return; + /** + * base + */ + u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -527,19 +603,38 @@ KERNEL_FQ void m07300_s04 (KERN_ATTR_ESALT (rakp_t)) * main */ - m07300s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07300s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_esalt_buf); } KERNEL_FQ void m07300_s08 (KERN_ATTR_ESALT (rakp_t)) { /** - * base + * modifier */ const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * s_msg + */ + + LOCAL_VK u32 s_esalt_buf[128]; + + for (u32 i = lid; i < 128; i += lsz) + { + s_esalt_buf[i] = esalt_bufs[digests_offset].salt_buf[i]; + } + + SYNC_THREADS (); if (gid >= gid_max) return; + /** + * base + */ + u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -574,19 +669,38 @@ KERNEL_FQ void m07300_s08 (KERN_ATTR_ESALT (rakp_t)) * main */ - m07300s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07300s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_esalt_buf); } KERNEL_FQ void m07300_s16 (KERN_ATTR_ESALT (rakp_t)) { /** - * base + * modifier */ const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * s_msg + */ + + LOCAL_VK u32 s_esalt_buf[128]; + + for (u32 i = lid; i < 128; i += lsz) + { + s_esalt_buf[i] = esalt_bufs[digests_offset].salt_buf[i]; + } + + SYNC_THREADS (); if (gid >= gid_max) return; + /** + * base + */ + u32 w0[4]; w0[0] = pws[gid].i[ 0]; @@ -621,5 +735,5 @@ KERNEL_FQ void m07300_s16 (KERN_ATTR_ESALT (rakp_t)) * main */ - m07300s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + m07300s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max, s_esalt_buf); } From 6b253c15c6243465c639335c511d258933bdd292 Mon Sep 17 00:00:00 2001 From: xambroz Date: Mon, 24 Feb 2020 03:17:48 +0100 Subject: [PATCH 255/300] Fix debugedit - canonicalization unexpectedly shrank by one character Hello, As some paths in the src/Makefile are containing trailing slash "/", this is causing that during compile time some sources get referenced with double "//" in the path. On RHEL7 this causing issue to debugedit and is reported as error during the RPM package build. Please consider adding this patch to prevent issue with debugedit on RHEL7 if path during compilation contains // in the reference to the file, the debugedit then reports unexpected difference. This is the sample error messahe from RHEL7 build: extracting debug info from /builddir/build/BUILDROOT/hashcat-5.1.0-7.20200220git398e068.el7.x86_64/usr/lib64/libhashcat.so.5.1.0 /usr/lib/rpm/debugedit: canonicalization unexpectedly shrank by one character https://download.copr.fedorainfracloud.org/results/rebus/infosec-rebus/epel-7-x86_64/01248605-hashcat/build.log.gz diff -ru hashcat-398e06878d6e36460bcd00283d847c723a162be3/src/Makefile hashcat-398e06878d6e36460bcd00283d847c723a162be3.new/src/Makefile Best regards Michal Ambroz --- src/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Makefile b/src/Makefile index f378c0fe1..ace912d1a 100644 --- a/src/Makefile +++ b/src/Makefile @@ -112,25 +112,25 @@ LIBRARY_DEV_FOLDER ?= $(LIBRARY_DEV_ROOT_FOLDER)/hashcat ifeq ($(USE_SYSTEM_LZMA),0) DEPS_LZMA_PATH := deps/LZMA-SDK/C else -DEPS_LZMA_PATH := $(LIBRARY_DEV_ROOT_FOLDER)/ +DEPS_LZMA_PATH := $(LIBRARY_DEV_ROOT_FOLDER) endif ifeq ($(USE_SYSTEM_ZLIB),0) -DEPS_ZLIB_PATH := deps/zlib/ +DEPS_ZLIB_PATH := deps/zlib else -DEPS_ZLIB_PATH := $(LIBRARY_DEV_ROOT_FOLDER)/ +DEPS_ZLIB_PATH := $(LIBRARY_DEV_ROOT_FOLDER) endif ifeq ($(USE_SYSTEM_OPENCL),0) DEPS_OPENCL_PATH := deps/OpenCL-Headers else -DEPS_OPENCL_PATH := $(LIBRARY_DEV_ROOT_FOLDER)/ +DEPS_OPENCL_PATH := $(LIBRARY_DEV_ROOT_FOLDER) endif ifeq ($(USE_SYSTEM_XXHASH),0) DEPS_XXHASH_PATH := deps/xxHash else -DEPS_XXHASH_PATH := $(LIBRARY_DEV_ROOT_FOLDER)/ +DEPS_XXHASH_PATH := $(LIBRARY_DEV_ROOT_FOLDER) endif ## From f381e1bbf8f1d2350611f2d7762df9140bbf2d2c Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 29 Feb 2020 10:38:20 +0100 Subject: [PATCH 256/300] Remove force_recompile functionality, doesn't work with cubin anymore --- src/backend.c | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/src/backend.c b/src/backend.c index a8d4d2bae..de6ce9c5d 100644 --- a/src/backend.c +++ b/src/backend.c @@ -428,7 +428,7 @@ static bool opencl_test_instruction (hashcat_ctx_t *hashcat_ctx, cl_context cont return true; } -static bool read_kernel_binary (hashcat_ctx_t *hashcat_ctx, const char *kernel_file, size_t *kernel_lengths, char **kernel_sources, const bool force_recompile) +static bool read_kernel_binary (hashcat_ctx_t *hashcat_ctx, const char *kernel_file, size_t *kernel_lengths, char **kernel_sources) { HCFILE fp; @@ -443,11 +443,9 @@ static bool read_kernel_binary (hashcat_ctx_t *hashcat_ctx, const char *kernel_f return false; } - #define EXTRASZ 100 + const size_t klen = st.st_size; - size_t klen = st.st_size; - - char *buf = (char *) hcmalloc (klen + 1 + EXTRASZ); + char *buf = (char *) hcmalloc (klen + 1); size_t num_read = hc_fread (buf, sizeof (char), klen, &fp); @@ -464,19 +462,6 @@ static bool read_kernel_binary (hashcat_ctx_t *hashcat_ctx, const char *kernel_f buf[klen] = 0; - if (force_recompile == true) - { - // this adds some hopefully unique data to the backend kernel source - // the effect should be that backend kernel compiler caching see this as new "uncached" source - // we have to do this since they do not check for the changes only in the #include source - - time_t tlog = time (NULL); - - const int extra_len = snprintf (buf + klen, EXTRASZ, "\n//%u\n", (u32) tlog); - - klen += extra_len; - } - kernel_lengths[0] = klen; kernel_sources[0] = buf; @@ -517,6 +502,15 @@ static bool write_kernel_binary (hashcat_ctx_t *hashcat_ctx, const char *kernel_ hc_fflush (&fp); + if (hc_unlockfile (&fp) == -1) + { + hc_fclose (&fp); + + event_log_error (hashcat_ctx, "%s: %s", kernel_file, strerror (errno)); + + return false; + } + hc_fclose (&fp); } @@ -6979,7 +6973,7 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p if (user_options->quiet == false) event_log_warning (hashcat_ctx, "* Device #%u: Kernel %s not found in cache! Building may take a while...", device_param->device_id + 1, filename_from_filepath (cached_file)); #endif - if (read_kernel_binary (hashcat_ctx, source_file, kernel_lengths, kernel_sources, true) == false) return false; + if (read_kernel_binary (hashcat_ctx, source_file, kernel_lengths, kernel_sources) == false) return false; if (device_param->is_cuda == true) { @@ -7257,7 +7251,7 @@ static bool load_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_p } else { - if (read_kernel_binary (hashcat_ctx, cached_file, kernel_lengths, kernel_sources, false) == false) return false; + if (read_kernel_binary (hashcat_ctx, cached_file, kernel_lengths, kernel_sources) == false) return false; if (device_param->is_cuda == true) { From 1da40bf5d8c72c504c79a24c4984165960000601 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 29 Feb 2020 10:39:28 +0100 Subject: [PATCH 257/300] Fix double close() in hc_fclose() --- src/filehandling.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/filehandling.c b/src/filehandling.c index 421d09d5a..22a9e2aa6 100644 --- a/src/filehandling.c +++ b/src/filehandling.c @@ -443,8 +443,6 @@ void hc_fclose (HCFILE *fp) fclose (fp->pfp); } - close (fp->fd); - fp->fd = -1; fp->pfp = NULL; fp->is_gzip = false; From f1d426098332bdc34baa7f8a55d9712efa3ced09 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 29 Feb 2020 10:40:47 +0100 Subject: [PATCH 258/300] Fix missing hc_unlockfile() --- src/debugfile.c | 2 ++ src/dictstat.c | 9 +++++++++ src/hashes.c | 12 ++++++++++++ src/logfile.c | 2 ++ src/loopback.c | 5 +---- src/outfile.c | 2 ++ src/stdout.c | 7 ++++++- 7 files changed, 34 insertions(+), 5 deletions(-) diff --git a/src/debugfile.c b/src/debugfile.c index 839dcba35..a6ffd3826 100644 --- a/src/debugfile.c +++ b/src/debugfile.c @@ -141,6 +141,8 @@ void debugfile_destroy (hashcat_ctx_t *hashcat_ctx) if (debugfile_ctx->filename) { + hc_unlockfile (&debugfile_ctx->fp); + hc_fclose (&debugfile_ctx->fp); } diff --git a/src/dictstat.c b/src/dictstat.c index caab3deea..15830c68b 100644 --- a/src/dictstat.c +++ b/src/dictstat.c @@ -217,6 +217,15 @@ int dictstat_write (hashcat_ctx_t *hashcat_ctx) hc_fwrite (dictstat_ctx->base, sizeof (dictstat_t), dictstat_ctx->cnt, &fp); + if (hc_unlockfile (&fp) == -1) + { + hc_fclose (&fp); + + event_log_error (hashcat_ctx, "%s: %s", dictstat_ctx->filename, strerror (errno)); + + return -1; + } + hc_fclose (&fp); return 0; diff --git a/src/hashes.c b/src/hashes.c index 73ea47c3b..c5d1df4f3 100644 --- a/src/hashes.c +++ b/src/hashes.c @@ -258,6 +258,18 @@ int save_hash (hashcat_ctx_t *hashcat_ctx) hc_fflush (&fp); + if (hc_unlockfile (&fp) == -1) + { + hc_fclose (&fp); + + event_log_error (hashcat_ctx, "%s: %s", new_hashfile, strerror (errno)); + + free (new_hashfile); + free (old_hashfile); + + return -1; + } + hc_fclose (&fp); unlink (old_hashfile); diff --git a/src/logfile.c b/src/logfile.c index 29f342a4b..d69e15d75 100644 --- a/src/logfile.c +++ b/src/logfile.c @@ -66,6 +66,8 @@ void logfile_append (hashcat_ctx_t *hashcat_ctx, const char *fmt, ...) hc_fflush (&fp); + hc_unlockfile (&fp); + hc_fclose (&fp); } diff --git a/src/loopback.c b/src/loopback.c index d289a70c1..2568971d7 100644 --- a/src/loopback.c +++ b/src/loopback.c @@ -158,10 +158,7 @@ void loopback_write_append (hashcat_ctx_t *hashcat_ctx, const u8 *plain_ptr, con hc_fflush (&loopback_ctx->fp); - if (hc_unlockfile (&loopback_ctx->fp)) - { - event_log_error (hashcat_ctx, "%s: Failed to unlock file", loopback_ctx->filename); - } + hc_unlockfile (&loopback_ctx->fp); loopback_ctx->unused = false; } diff --git a/src/outfile.c b/src/outfile.c index 2e49a4597..a0498b902 100644 --- a/src/outfile.c +++ b/src/outfile.c @@ -533,6 +533,8 @@ void outfile_write_close (hashcat_ctx_t *hashcat_ctx) if (outfile_ctx->fp.pfp == NULL) return; + hc_unlockfile (&outfile_ctx->fp); + hc_fclose (&outfile_ctx->fp); } diff --git a/src/stdout.c b/src/stdout.c index f7a4585f1..102b22d79 100644 --- a/src/stdout.c +++ b/src/stdout.c @@ -291,7 +291,12 @@ int process_stdout (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, out_flush (&out); - if (filename) hc_fclose (&out.fp); + if (filename) + { + hc_unlockfile (&out.fp); + + hc_fclose (&out.fp); + } return 0; } From 717f3e782531df3c4f60ff78323aac30ab2aa4bf Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 1 Mar 2020 09:42:55 +0100 Subject: [PATCH 259/300] Unroll BLAKE2B_ROUND in -m 600 --- OpenCL/m00600_a0-optimized.cl | 80 ++++++++++++++--------------------- OpenCL/m00600_a1-optimized.cl | 80 ++++++++++++++--------------------- OpenCL/m00600_a3-optimized.cl | 80 ++++++++++++++--------------------- 3 files changed, 96 insertions(+), 144 deletions(-) diff --git a/OpenCL/m00600_a0-optimized.cl b/OpenCL/m00600_a0-optimized.cl index e72920690..272fc6d97 100644 --- a/OpenCL/m00600_a0-optimized.cl +++ b/OpenCL/m00600_a0-optimized.cl @@ -28,28 +28,28 @@ typedef struct blake2 #define BLAKE2B_FINAL 1 #define BLAKE2B_UPDATE 0 -#define BLAKE2B_G(r,i,a,b,c,d) \ - do { \ - a = a + b + m[blake2b_sigma[r][2*i+0]]; \ - d = hc_rotr64 (d ^ a, 32); \ - c = c + d; \ - b = hc_rotr64 (b ^ c, 24); \ - a = a + b + m[blake2b_sigma[r][2*i+1]]; \ - d = hc_rotr64 (d ^ a, 16); \ - c = c + d; \ - b = hc_rotr64 (b ^ c, 63); \ +#define BLAKE2B_G(k0,k1,a,b,c,d) \ + do { \ + a = a + b + m[(k0)]; \ + d = hc_rotr64 (d ^ a, 32); \ + c = c + d; \ + b = hc_rotr64 (b ^ c, 24); \ + a = a + b + m[(k1)]; \ + d = hc_rotr64 (d ^ a, 16); \ + c = c + d; \ + b = hc_rotr64 (b ^ c, 63); \ } while(0) -#define BLAKE2B_ROUND(r) \ - do { \ - BLAKE2B_G (r,0,v[ 0],v[ 4],v[ 8],v[12]); \ - BLAKE2B_G (r,1,v[ 1],v[ 5],v[ 9],v[13]); \ - BLAKE2B_G (r,2,v[ 2],v[ 6],v[10],v[14]); \ - BLAKE2B_G (r,3,v[ 3],v[ 7],v[11],v[15]); \ - BLAKE2B_G (r,4,v[ 0],v[ 5],v[10],v[15]); \ - BLAKE2B_G (r,5,v[ 1],v[ 6],v[11],v[12]); \ - BLAKE2B_G (r,6,v[ 2],v[ 7],v[ 8],v[13]); \ - BLAKE2B_G (r,7,v[ 3],v[ 4],v[ 9],v[14]); \ +#define BLAKE2B_ROUND(c0,c1,c2,c3,c4,c5,c6,c7,c8,c9,ca,cb,cc,cd,ce,cf) \ + do { \ + BLAKE2B_G ((c0),(c1),v[ 0],v[ 4],v[ 8],v[12]); \ + BLAKE2B_G ((c2),(c3),v[ 1],v[ 5],v[ 9],v[13]); \ + BLAKE2B_G ((c4),(c5),v[ 2],v[ 6],v[10],v[14]); \ + BLAKE2B_G ((c6),(c7),v[ 3],v[ 7],v[11],v[15]); \ + BLAKE2B_G ((c8),(c9),v[ 0],v[ 5],v[10],v[15]); \ + BLAKE2B_G ((ca),(cb),v[ 1],v[ 6],v[11],v[12]); \ + BLAKE2B_G ((cc),(cd),v[ 2],v[ 7],v[ 8],v[13]); \ + BLAKE2B_G ((ce),(cf),v[ 3],v[ 4],v[ 9],v[14]); \ } while(0) DECLSPEC void blake2b_transform (u64x *h, u64x *t, u64x *f, u64x *m, u64x *v, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, const u32x out_len, const u8 isFinal) @@ -93,34 +93,18 @@ DECLSPEC void blake2b_transform (u64x *h, u64x *t, u64x *f, u64x *m, u64x *v, co v[14] = BLAKE2B_IV_06 ^ f[0]; v[15] = BLAKE2B_IV_07 ^ f[1]; - const int blake2b_sigma[12][16] = - { - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , - { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , - { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , - { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , - { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , - { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , - { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , - { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , - { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } - }; - - BLAKE2B_ROUND ( 0); - BLAKE2B_ROUND ( 1); - BLAKE2B_ROUND ( 2); - BLAKE2B_ROUND ( 3); - BLAKE2B_ROUND ( 4); - BLAKE2B_ROUND ( 5); - BLAKE2B_ROUND ( 6); - BLAKE2B_ROUND ( 7); - BLAKE2B_ROUND ( 8); - BLAKE2B_ROUND ( 9); - BLAKE2B_ROUND (10); - BLAKE2B_ROUND (11); + BLAKE2B_ROUND ( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + BLAKE2B_ROUND (14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3); + BLAKE2B_ROUND (11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4); + BLAKE2B_ROUND ( 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8); + BLAKE2B_ROUND ( 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13); + BLAKE2B_ROUND ( 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9); + BLAKE2B_ROUND (12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11); + BLAKE2B_ROUND (13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10); + BLAKE2B_ROUND ( 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5); + BLAKE2B_ROUND (10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0); + BLAKE2B_ROUND ( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + BLAKE2B_ROUND (14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3); h[0] = h[0] ^ v[0] ^ v[ 8]; h[1] = h[1] ^ v[1] ^ v[ 9]; diff --git a/OpenCL/m00600_a1-optimized.cl b/OpenCL/m00600_a1-optimized.cl index 9547523ac..8b51bfcf0 100644 --- a/OpenCL/m00600_a1-optimized.cl +++ b/OpenCL/m00600_a1-optimized.cl @@ -26,28 +26,28 @@ typedef struct blake2 #define BLAKE2B_FINAL 1 #define BLAKE2B_UPDATE 0 -#define BLAKE2B_G(r,i,a,b,c,d) \ - do { \ - a = a + b + m[blake2b_sigma[r][2*i+0]]; \ - d = hc_rotr64 (d ^ a, 32); \ - c = c + d; \ - b = hc_rotr64 (b ^ c, 24); \ - a = a + b + m[blake2b_sigma[r][2*i+1]]; \ - d = hc_rotr64 (d ^ a, 16); \ - c = c + d; \ - b = hc_rotr64 (b ^ c, 63); \ +#define BLAKE2B_G(k0,k1,a,b,c,d) \ + do { \ + a = a + b + m[(k0)]; \ + d = hc_rotr64 (d ^ a, 32); \ + c = c + d; \ + b = hc_rotr64 (b ^ c, 24); \ + a = a + b + m[(k1)]; \ + d = hc_rotr64 (d ^ a, 16); \ + c = c + d; \ + b = hc_rotr64 (b ^ c, 63); \ } while(0) -#define BLAKE2B_ROUND(r) \ - do { \ - BLAKE2B_G (r,0,v[ 0],v[ 4],v[ 8],v[12]); \ - BLAKE2B_G (r,1,v[ 1],v[ 5],v[ 9],v[13]); \ - BLAKE2B_G (r,2,v[ 2],v[ 6],v[10],v[14]); \ - BLAKE2B_G (r,3,v[ 3],v[ 7],v[11],v[15]); \ - BLAKE2B_G (r,4,v[ 0],v[ 5],v[10],v[15]); \ - BLAKE2B_G (r,5,v[ 1],v[ 6],v[11],v[12]); \ - BLAKE2B_G (r,6,v[ 2],v[ 7],v[ 8],v[13]); \ - BLAKE2B_G (r,7,v[ 3],v[ 4],v[ 9],v[14]); \ +#define BLAKE2B_ROUND(c0,c1,c2,c3,c4,c5,c6,c7,c8,c9,ca,cb,cc,cd,ce,cf) \ + do { \ + BLAKE2B_G ((c0),(c1),v[ 0],v[ 4],v[ 8],v[12]); \ + BLAKE2B_G ((c2),(c3),v[ 1],v[ 5],v[ 9],v[13]); \ + BLAKE2B_G ((c4),(c5),v[ 2],v[ 6],v[10],v[14]); \ + BLAKE2B_G ((c6),(c7),v[ 3],v[ 7],v[11],v[15]); \ + BLAKE2B_G ((c8),(c9),v[ 0],v[ 5],v[10],v[15]); \ + BLAKE2B_G ((ca),(cb),v[ 1],v[ 6],v[11],v[12]); \ + BLAKE2B_G ((cc),(cd),v[ 2],v[ 7],v[ 8],v[13]); \ + BLAKE2B_G ((ce),(cf),v[ 3],v[ 4],v[ 9],v[14]); \ } while(0) DECLSPEC void blake2b_transform (u64x *h, u64x *t, u64x *f, u64x *m, u64x *v, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, const u32x out_len, const u8 isFinal) @@ -91,34 +91,18 @@ DECLSPEC void blake2b_transform (u64x *h, u64x *t, u64x *f, u64x *m, u64x *v, co v[14] = BLAKE2B_IV_06 ^ f[0]; v[15] = BLAKE2B_IV_07 ^ f[1]; - const int blake2b_sigma[12][16] = - { - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , - { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , - { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , - { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , - { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , - { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , - { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , - { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , - { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } - }; - - BLAKE2B_ROUND ( 0); - BLAKE2B_ROUND ( 1); - BLAKE2B_ROUND ( 2); - BLAKE2B_ROUND ( 3); - BLAKE2B_ROUND ( 4); - BLAKE2B_ROUND ( 5); - BLAKE2B_ROUND ( 6); - BLAKE2B_ROUND ( 7); - BLAKE2B_ROUND ( 8); - BLAKE2B_ROUND ( 9); - BLAKE2B_ROUND (10); - BLAKE2B_ROUND (11); + BLAKE2B_ROUND ( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + BLAKE2B_ROUND (14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3); + BLAKE2B_ROUND (11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4); + BLAKE2B_ROUND ( 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8); + BLAKE2B_ROUND ( 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13); + BLAKE2B_ROUND ( 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9); + BLAKE2B_ROUND (12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11); + BLAKE2B_ROUND (13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10); + BLAKE2B_ROUND ( 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5); + BLAKE2B_ROUND (10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0); + BLAKE2B_ROUND ( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + BLAKE2B_ROUND (14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3); h[0] = h[0] ^ v[0] ^ v[ 8]; h[1] = h[1] ^ v[1] ^ v[ 9]; diff --git a/OpenCL/m00600_a3-optimized.cl b/OpenCL/m00600_a3-optimized.cl index 2545bdca5..1ae51223f 100644 --- a/OpenCL/m00600_a3-optimized.cl +++ b/OpenCL/m00600_a3-optimized.cl @@ -26,28 +26,28 @@ typedef struct blake2 #define BLAKE2B_FINAL 1 #define BLAKE2B_UPDATE 0 -#define BLAKE2B_G(r,i,a,b,c,d) \ - do { \ - a = a + b + m[blake2b_sigma[r][2*i+0]]; \ - d = hc_rotr64 (d ^ a, 32); \ - c = c + d; \ - b = hc_rotr64 (b ^ c, 24); \ - a = a + b + m[blake2b_sigma[r][2*i+1]]; \ - d = hc_rotr64 (d ^ a, 16); \ - c = c + d; \ - b = hc_rotr64 (b ^ c, 63); \ +#define BLAKE2B_G(k0,k1,a,b,c,d) \ + do { \ + a = a + b + m[(k0)]; \ + d = hc_rotr64 (d ^ a, 32); \ + c = c + d; \ + b = hc_rotr64 (b ^ c, 24); \ + a = a + b + m[(k1)]; \ + d = hc_rotr64 (d ^ a, 16); \ + c = c + d; \ + b = hc_rotr64 (b ^ c, 63); \ } while(0) -#define BLAKE2B_ROUND(r) \ - do { \ - BLAKE2B_G (r,0,v[ 0],v[ 4],v[ 8],v[12]); \ - BLAKE2B_G (r,1,v[ 1],v[ 5],v[ 9],v[13]); \ - BLAKE2B_G (r,2,v[ 2],v[ 6],v[10],v[14]); \ - BLAKE2B_G (r,3,v[ 3],v[ 7],v[11],v[15]); \ - BLAKE2B_G (r,4,v[ 0],v[ 5],v[10],v[15]); \ - BLAKE2B_G (r,5,v[ 1],v[ 6],v[11],v[12]); \ - BLAKE2B_G (r,6,v[ 2],v[ 7],v[ 8],v[13]); \ - BLAKE2B_G (r,7,v[ 3],v[ 4],v[ 9],v[14]); \ +#define BLAKE2B_ROUND(c0,c1,c2,c3,c4,c5,c6,c7,c8,c9,ca,cb,cc,cd,ce,cf) \ + do { \ + BLAKE2B_G ((c0),(c1),v[ 0],v[ 4],v[ 8],v[12]); \ + BLAKE2B_G ((c2),(c3),v[ 1],v[ 5],v[ 9],v[13]); \ + BLAKE2B_G ((c4),(c5),v[ 2],v[ 6],v[10],v[14]); \ + BLAKE2B_G ((c6),(c7),v[ 3],v[ 7],v[11],v[15]); \ + BLAKE2B_G ((c8),(c9),v[ 0],v[ 5],v[10],v[15]); \ + BLAKE2B_G ((ca),(cb),v[ 1],v[ 6],v[11],v[12]); \ + BLAKE2B_G ((cc),(cd),v[ 2],v[ 7],v[ 8],v[13]); \ + BLAKE2B_G ((ce),(cf),v[ 3],v[ 4],v[ 9],v[14]); \ } while(0) DECLSPEC void blake2b_transform (u64x *h, u64x *t, u64x *f, u64x *m, u64x *v, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, const u32x out_len, const u8 isFinal) @@ -91,34 +91,18 @@ DECLSPEC void blake2b_transform (u64x *h, u64x *t, u64x *f, u64x *m, u64x *v, co v[14] = BLAKE2B_IV_06 ^ f[0]; v[15] = BLAKE2B_IV_07 ^ f[1]; - const int blake2b_sigma[12][16] = - { - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , - { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , - { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , - { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , - { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , - { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , - { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , - { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , - { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } - }; - - BLAKE2B_ROUND ( 0); - BLAKE2B_ROUND ( 1); - BLAKE2B_ROUND ( 2); - BLAKE2B_ROUND ( 3); - BLAKE2B_ROUND ( 4); - BLAKE2B_ROUND ( 5); - BLAKE2B_ROUND ( 6); - BLAKE2B_ROUND ( 7); - BLAKE2B_ROUND ( 8); - BLAKE2B_ROUND ( 9); - BLAKE2B_ROUND (10); - BLAKE2B_ROUND (11); + BLAKE2B_ROUND ( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + BLAKE2B_ROUND (14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3); + BLAKE2B_ROUND (11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4); + BLAKE2B_ROUND ( 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8); + BLAKE2B_ROUND ( 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13); + BLAKE2B_ROUND ( 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9); + BLAKE2B_ROUND (12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11); + BLAKE2B_ROUND (13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10); + BLAKE2B_ROUND ( 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5); + BLAKE2B_ROUND (10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0); + BLAKE2B_ROUND ( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + BLAKE2B_ROUND (14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3); h[0] = h[0] ^ v[0] ^ v[ 8]; h[1] = h[1] ^ v[1] ^ v[ 9]; From b627536c452dc8f204da0c9c9417f7cf10e26d47 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 2 Mar 2020 10:20:22 +0100 Subject: [PATCH 260/300] Fixed missing OPTS_TYPE_COPY_TMPS in -m 1374x and -m 1376x --- src/modules/module_13741.c | 3 ++- src/modules/module_13742.c | 3 ++- src/modules/module_13743.c | 3 ++- src/modules/module_13761.c | 3 ++- src/modules/module_13762.c | 3 ++- src/modules/module_13763.c | 3 ++- 6 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/modules/module_13741.c b/src/modules/module_13741.c index bf519f981..e819dc268 100644 --- a/src/modules/module_13741.c +++ b/src/modules/module_13741.c @@ -27,7 +27,8 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED - | OPTS_TYPE_KEYBOARD_MAPPING; + | OPTS_TYPE_KEYBOARD_MAPPING + | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "528c2997054ce1d22cbc5233463df8119a0318ab94aa715e6e686c898f36690b443221a18f578fb893e0db1e4b875cc711eab542e70e13b55d6aa26134e1a8d34f5ae6caaea7390a5e2f50130e85f9e551216dd0895f4fb0bcdec219246c249236771e1f2a1f447054d363c398ab367ed7f9574eb0611211e742f429cd53b56fcdb42d2eb183c134847dc6efc7c8293d6481aa53406f0446398591956f79ca3ce76e80208fd409d0f6f14c68312fc119ab4292972338b1457c73585ae2fc863bf202f141495de50253799cbc27010fba6de6b0a36888d12f4e3964aaaf43a830097aee7d40c5e79e5e80e7b0228a67a95bb4969dd8afa0d51d6fff340f82e824547c708b5aa59274009d7d847c53a8019e73c068c6e96a4c3c6c27d0e9f4a8c3a9c52c964eebc00128e9a539f4f569606c92bfc2d4662494a1a6aca239d73399645c86bd66b8985b5bf217b29eeba0507a388aeec85fe94f6b42a1b805ecb90a08b2c8081fe51e76bc1d97f73ae10c72a9b2db694304e04807820c088f91bb97d4585493f3e6cc392a7e56a64a66b8e11b51898b4f956d1b5fe8cf55772fd6f8c0f2a2bb2d9fef05ab2bb90f251ff2e6aa0dfffeac9e045be2ec44ebc8dd4d260748e308205475dcc2cef369e869bfc1e6d7335620c694f524260770838c768346d83af7b467cdc80814d8f55a535dbac35fc278d0d1f6101db95019cee097bb"; diff --git a/src/modules/module_13742.c b/src/modules/module_13742.c index 1d8ea9103..42f09c216 100644 --- a/src/modules/module_13742.c +++ b/src/modules/module_13742.c @@ -27,7 +27,8 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED - | OPTS_TYPE_KEYBOARD_MAPPING; + | OPTS_TYPE_KEYBOARD_MAPPING + | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "a3c0fa44ec59bf7a3eed64bf70b8a60623664503eeb972eb51fa25ee921d813f8e45d3e1ab1c0088a62482bb78c6e07308d2308d3d66831505b0cb02fe214fbac8a51cf9be2ada3c46045afa7df810f2e7b57792150de63b111a9aa78d70e25d832b3d6901aa455b32da240ff68380d66da27f4f7ccc5fadc6b3ff68e27b6d5c48e6512865e3b9fbe2a64a55454cfc333d7850603ecf8e1cf19abaaf8c1581a6fa14c5091ebe70e6338081d72d6a95b542764f3865946edc8e626e166cc2e0f6260032f8decdd98f9a82aa2b065a41e9b42ce8c33d3f935706431d19888bd5b2bd4d34d9bceb8596b15994f247169ee7f8cd34b6955362b60f37a4167c7b63bab8af65e7c592e9ba4535c255b4b3d93b302aa017ea335af20f9d9696f1eb37770ca87b0245d29887cc4611a3a43d11170219c509814eb1fc122a189c08394f22309dd48a996cbfc70cf67f76b6b19e46407a12ef001b2c360501dbd63d1c9f85132204709204992078318920b32aac917bb98d8eeefb60abef47571404d069a6df7881f8e7815c18789f23561d7d33f47e1aa97fb4a60bac0332b0e742a9b0498e5641401567615fd6dbd0fcfff07aebce0d543f2c498486f15f38dcf1dd55d7144d3fc51bf1f491798b183a84f3f49a72944c8054cdab915e19dc376ae3fa681d4afcd7b13f425e96340a696a4f11929b2e769ba207c5bf2c2976a3834c499d"; diff --git a/src/modules/module_13743.c b/src/modules/module_13743.c index 27ea002ce..0c3e07a8b 100644 --- a/src/modules/module_13743.c +++ b/src/modules/module_13743.c @@ -27,7 +27,8 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED - | OPTS_TYPE_KEYBOARD_MAPPING; + | OPTS_TYPE_KEYBOARD_MAPPING + | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "1a8c0135fa94567aa866740cb27c5b9763c95be3ac0b7b5c744a36e48c08ae38d6d06ae5db926c64d05295cef134fb4d8eaa96a7b5673a1439f55c8ab829390ea945babc464e63f3aa33dcfed72c1bcf4051af13da96a2601a060d8c8be0343a7a4f0394b2bdd419b019bd10c3d39f0b6d9afd833816ee9ee5a8afada52db174a85ee029c46b706f8f96e937bb71569b65c2339a3ac8d831733888717fe08029013931ebed1fe932ceb16e52a5d54204e181057584d06991b8e9b16ba557d38f00e7c2be5ea864473e5e35d00a58b7ef8888c78d52ac1933011ca6c447bd16751024186657d1e314540e2c847115b70a51a23e61426ae09e646d715f807eed85e5c14ab2130da0ba86ddc40d3cdce035b454fceb969094d8d1b66e69f34e24d642dc244a81d163c395837d4cd9e2d581f4bb470ad4e5a2037068947f14676796f4adf208621c3db4629b3fec9a24edebfc37f97ea657295a2efbdd18fc44a0cc04f429d4da374db3ba2f3fc7dece70b64ac2c2a94ce5334b20b4251534f9ff3f60b1b252019d2617379bba68a4bc621cbd070881301beb0300bee243d113347d2f0a52fa79fb9fb349eba0056678618c006287e9730a0af32daa17841d88b99e25a9afcedd292a0592565f0ba533f1022ed4d6e51e64b98bab390fee3646133a0e02a5724bb14203fd50006e4be86544b62a9cb64188fbbf4ccd90a32022aa7c"; diff --git a/src/modules/module_13761.c b/src/modules/module_13761.c index 6191be2d6..d121c9928 100644 --- a/src/modules/module_13761.c +++ b/src/modules/module_13761.c @@ -27,7 +27,8 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED - | OPTS_TYPE_KEYBOARD_MAPPING; + | OPTS_TYPE_KEYBOARD_MAPPING + | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "c8a5f07efc320ecd797ac2c5b911b0f7ee688f859890dd3fa39b4808eb3113219e2bf1517f46a20feba286a3f3e997c80361132262bc0dacb6e9f7088bec9f5689a0b989ad9d4cc847170422ecd3384c9ee5ccf813fa8fe8ba4d2e6a993c99032337032b83471e9e0aa2531d85481c6d66f3a0d24688e1a17b5e81b3f68736ed05279ac05bcb83bea0c813d807e8c5547f11774c93a0e9de280c1ac5b5f170c0a4b5234f7d0d35a8ec7ec69454607cd35be24428a7be1799beed0ccd6a2af49b920446ebb0cb0bebda4a86c386fcffbb61cb93894ad74819a288c6e5b2e12111011e9f149d165b91f79897f71a96bc17c2b7a5e184147a90e9289d143b597ea98797c560e91b454461d03182f1a6c0bfd2b332829f30f0f18c8253d3194aac7996d4c401a3c1de7b266962a7dd8bc0b071a357121f00bafda835584a119f8fa23306545c413856ad3b2784b8de8ce9377f180baeb0f41590eb603110ff0a82f67349711d6f1b5d707f9c655318af88530962b9127fcf3c73b4d26319a9760cd795cd5ecba203dade9e1c79af14a9e06b9b56ce0af024e6ac582bd3ced1051fb865b55b4b6eaa65789a0c31c04cc4f2fc7b458fda188907f16810f4ce6e12a264cdcb264f1c26533758b92f585a3bbc2cac84731d74e9603d1c43b321ca36b01e5724e0e5558bcba56b57c8d59ded93c12d2664350cf6a048bcfc5d62aa85c590"; diff --git a/src/modules/module_13762.c b/src/modules/module_13762.c index 715309fbf..a772f9180 100644 --- a/src/modules/module_13762.c +++ b/src/modules/module_13762.c @@ -27,7 +27,8 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED - | OPTS_TYPE_KEYBOARD_MAPPING; + | OPTS_TYPE_KEYBOARD_MAPPING + | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "6bb6eef1af55eb2b2849e1fc9c90c08f705010efa6443581111216b3e145201374bb8e626e4d94a4ce7ecabb11aa57610063fceed38ca9873b0e1194bd12121d2f6b8a71994c5982049c4517ca7178a55b68cee773e06532b46d68810ede1b18783d7bca98bebf1778d14ecc18e0791190402c6a82bf3ec93e715e65997812363cc6e6bcad4f751fce16f37bbc1d6ac1d0a24c5685e85501a7c46d1cd5b04c55c605357906e5957b99230e2e9834a206e6ff48270ddf3c08c39e5c8390b2a7b7e6064719dbac29ef7513ea78c0edf420eb7ac6db684e890c5fcacfb230996f335f48f4472eaa33f3abe59943a8e3bc27ff4c24fd42015fdacd5e2eaf448049b4aa5ef1c038ca853871fc7f2573aace0874cdd1f3e01140803c1ad036b801cc1a54d619064b9b31e70e7e2601fd7b40f67814320c56721e86ddb3c62ec8cb9680ca7d2504b9decf360e32497ace8171dd9602f01db3be1541f659643e1bdc5139815acdf4debf0186707569c9b57c0fd0031ce03a5091d7937bca8f37015fa35af5f44968176164c0b9194f895a2346dacc51f5e3e7be5682ea7860c4b4302a0f22edecc7ccaebb1c824c5ca4ed4c5e674e742a1d55a7d3e732e40f0107ffad1e3876ec909fac58f1ee21ac99de2c8c29272b1df9dd7f724ff497925898506c4f6e2ae81e285239e5260b119af959338340876b5b8fdd6fede67ae37d3c750265"; diff --git a/src/modules/module_13763.c b/src/modules/module_13763.c index faa020ce7..885e9c1c6 100644 --- a/src/modules/module_13763.c +++ b/src/modules/module_13763.c @@ -27,7 +27,8 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_BINARY_HASHFILE | OPTS_TYPE_LOOP_EXTENDED - | OPTS_TYPE_KEYBOARD_MAPPING; + | OPTS_TYPE_KEYBOARD_MAPPING + | OPTS_TYPE_COPY_TMPS; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "f95b222552195378a228d932f7df38ca459b6d812899be43944ba2e9bf47967ba35da17bf69cc3f424521983989a66fd3c7865af6dd8ac2aeb82e10c92cae66f62c89b7053d2ba18ee5adcebcf426cc7720f029f7ea5409b3b7182593afbee99f6a3828887d9da6438fafd766589c35c210de60b013d9f816f9a1c8e7e76159347611c3dba00f433aa419dcb9eaf59af6886fccd7d12ae09c2b3d7a8a6102c511e8a34b4c39df8b1938dd5fe037d7087cf2a33b5410df9a6d83d218819b32bc13999c2dd7e96eb740902699ffe5fbaa47270cf1a7e3488198495059e1520ad4ad8beec0c63827286c300555a30febfe29a359d7e364c0b52613d9cff9348152f6871b6210681ab8cfdf24b96c4793c546083197d6e5377a59d7fcab9aa679fddf550ac1ab04249d0d679e8a39ddcca26f9b8b21f7f8b71d64a0ad3d9e3ed9e2e41abd6a9b4ff4d4a7ab29c27882487909fb1118a91de8e2e2d0dea7501a63b7553fd4ff26a5f64964031c9aa3fabbc09e3f58b09ce42bbf3f05afe0f9ea18331c7ba1a887afe307fedc2be93568fe80def12e97d5e129c373814a560573ee6350f59b329352e28137aa31688c499ae1c20b25c91506c520cae56c969790204de1ba46773197fb6a72fd4742712375e89cb5ee41f3ec8b64f3322ba389c947e671b0414e981fe582898af8a5bab09e094f03cb4cab047e7547313a7d1ddba7b70"; From c258aa41114aa67b9bf7db7327ff716c50c7d741 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 2 Mar 2020 15:00:52 +0100 Subject: [PATCH 261/300] Reenable SIMD mode for -m 13600 --- OpenCL/m13600-pure.cl | 94 +++++++++++++++++++------------------- src/modules/module_13600.c | 3 +- 2 files changed, 49 insertions(+), 48 deletions(-) diff --git a/OpenCL/m13600-pure.cl b/OpenCL/m13600-pure.cl index 915b7a5f6..3de444bdb 100644 --- a/OpenCL/m13600-pure.cl +++ b/OpenCL/m13600-pure.cl @@ -3,7 +3,7 @@ * License.....: MIT */ -//#define NEW_SIMD_CODE +#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -43,7 +43,7 @@ typedef struct zip2 } zip2_t; -DECLSPEC void hmac_sha1_run (u32 *w0, u32 *w1, u32 *w2, u32 *w3, u32 *ipad, u32 *opad, u32 *digest) +DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest) { digest[0] = ipad[0]; digest[1] = ipad[1]; @@ -51,7 +51,7 @@ DECLSPEC void hmac_sha1_run (u32 *w0, u32 *w1, u32 *w2, u32 *w3, u32 *ipad, u32 digest[3] = ipad[3]; digest[4] = ipad[4]; - sha1_transform (w0, w1, w2, w3, digest); + sha1_transform_vector (w0, w1, w2, w3, digest); w0[0] = digest[0]; w0[1] = digest[1]; @@ -76,7 +76,7 @@ DECLSPEC void hmac_sha1_run (u32 *w0, u32 *w1, u32 *w2, u32 *w3, u32 *ipad, u32 digest[3] = opad[3]; digest[4] = opad[4]; - sha1_transform (w0, w1, w2, w3, digest); + sha1_transform_vector (w0, w1, w2, w3, digest); } KERNEL_FQ void m13600_init (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, zip2_t)) @@ -192,22 +192,22 @@ KERNEL_FQ void m13600_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, zip2_t)) { const u64 gid = get_global_id (0); - if (gid >= gid_max) return; + if ((gid * VECT_SIZE) >= gid_max) return; - u32 ipad[5]; - u32 opad[5]; + u32x ipad[5]; + u32x opad[5]; - ipad[0] = tmps[gid].ipad[0]; - ipad[1] = tmps[gid].ipad[1]; - ipad[2] = tmps[gid].ipad[2]; - ipad[3] = tmps[gid].ipad[3]; - ipad[4] = tmps[gid].ipad[4]; + ipad[0] = packv (tmps, ipad, gid, 0); + ipad[1] = packv (tmps, ipad, gid, 1); + ipad[2] = packv (tmps, ipad, gid, 2); + ipad[3] = packv (tmps, ipad, gid, 3); + ipad[4] = packv (tmps, ipad, gid, 4); - opad[0] = tmps[gid].opad[0]; - opad[1] = tmps[gid].opad[1]; - opad[2] = tmps[gid].opad[2]; - opad[3] = tmps[gid].opad[3]; - opad[4] = tmps[gid].opad[4]; + opad[0] = packv (tmps, opad, gid, 0); + opad[1] = packv (tmps, opad, gid, 1); + opad[2] = packv (tmps, opad, gid, 2); + opad[3] = packv (tmps, opad, gid, 3); + opad[4] = packv (tmps, opad, gid, 4); const u32 verify_bytes = esalt_bufs[digests_offset].verify_bytes; @@ -233,27 +233,27 @@ KERNEL_FQ void m13600_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, zip2_t)) { const u32 i5 = i * 5; - u32 dgst[5]; - u32 out[5]; + u32x dgst[5]; + u32x out[5]; - dgst[0] = tmps[gid].dgst[i5 + 0]; - dgst[1] = tmps[gid].dgst[i5 + 1]; - dgst[2] = tmps[gid].dgst[i5 + 2]; - dgst[3] = tmps[gid].dgst[i5 + 3]; - dgst[4] = tmps[gid].dgst[i5 + 4]; + dgst[0] = packv (tmps, dgst, gid, i5 + 0); + dgst[1] = packv (tmps, dgst, gid, i5 + 1); + dgst[2] = packv (tmps, dgst, gid, i5 + 2); + dgst[3] = packv (tmps, dgst, gid, i5 + 3); + dgst[4] = packv (tmps, dgst, gid, i5 + 4); - out[0] = tmps[gid].out[i5 + 0]; - out[1] = tmps[gid].out[i5 + 1]; - out[2] = tmps[gid].out[i5 + 2]; - out[3] = tmps[gid].out[i5 + 3]; - out[4] = tmps[gid].out[i5 + 4]; + out[0] = packv (tmps, out, gid, i5 + 0); + out[1] = packv (tmps, out, gid, i5 + 1); + out[2] = packv (tmps, out, gid, i5 + 2); + out[3] = packv (tmps, out, gid, i5 + 3); + out[4] = packv (tmps, out, gid, i5 + 4); for (u32 j = 0; j < loop_cnt; j++) { - u32 w0[4]; - u32 w1[4]; - u32 w2[4]; - u32 w3[4]; + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; w0[0] = dgst[0]; w0[1] = dgst[1]; @@ -272,7 +272,7 @@ KERNEL_FQ void m13600_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, zip2_t)) w3[2] = 0; w3[3] = (64 + 20) * 8; - hmac_sha1_run (w0, w1, w2, w3, ipad, opad, dgst); + hmac_sha1_run_V (w0, w1, w2, w3, ipad, opad, dgst); out[0] ^= dgst[0]; out[1] ^= dgst[1]; @@ -283,22 +283,22 @@ KERNEL_FQ void m13600_loop (KERN_ATTR_TMPS_ESALT (pbkdf2_sha1_tmp_t, zip2_t)) if (i == iter_stop - 1) // 2 byte optimization check { - if (mode == 1) if ((out[3] >> 16) != verify_bytes) break; - if (mode == 2) if ((out[2] >> 16) != verify_bytes) break; - if (mode == 3) if ((out[1] >> 16) != verify_bytes) break; + if (mode == 1) if (MATCHES_NONE_VS ((out[3] >> 16), verify_bytes)) break; + if (mode == 2) if (MATCHES_NONE_VS ((out[2] >> 16), verify_bytes)) break; + if (mode == 3) if (MATCHES_NONE_VS ((out[1] >> 16), verify_bytes)) break; } - tmps[gid].dgst[i5 + 0] = dgst[0]; - tmps[gid].dgst[i5 + 1] = dgst[1]; - tmps[gid].dgst[i5 + 2] = dgst[2]; - tmps[gid].dgst[i5 + 3] = dgst[3]; - tmps[gid].dgst[i5 + 4] = dgst[4]; + unpackv (tmps, dgst, gid, i5 + 0, dgst[0]); + unpackv (tmps, dgst, gid, i5 + 1, dgst[1]); + unpackv (tmps, dgst, gid, i5 + 2, dgst[2]); + unpackv (tmps, dgst, gid, i5 + 3, dgst[3]); + unpackv (tmps, dgst, gid, i5 + 4, dgst[4]); - tmps[gid].out[i5 + 0] = out[0]; - tmps[gid].out[i5 + 1] = out[1]; - tmps[gid].out[i5 + 2] = out[2]; - tmps[gid].out[i5 + 3] = out[3]; - tmps[gid].out[i5 + 4] = out[4]; + unpackv (tmps, out, gid, i5 + 0, out[0]); + unpackv (tmps, out, gid, i5 + 1, out[1]); + unpackv (tmps, out, gid, i5 + 2, out[2]); + unpackv (tmps, out, gid, i5 + 3, out[3]); + unpackv (tmps, out, gid, i5 + 4, out[4]); } } diff --git a/src/modules/module_13600.c b/src/modules/module_13600.c index 6aaae4200..891c8518a 100644 --- a/src/modules/module_13600.c +++ b/src/modules/module_13600.c @@ -19,7 +19,8 @@ static const u32 DGST_SIZE = DGST_SIZE_4_4; static const u32 HASH_CATEGORY = HASH_CATEGORY_ARCHIVE; static const char *HASH_NAME = "WinZip"; static const u64 KERN_TYPE = 13600; -static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; From e53bff0fb00201f7882210858f289dbd4cbed255 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 2 Mar 2020 16:07:13 +0100 Subject: [PATCH 262/300] Reenable bitselect() and rotate() on Intel SDK --- OpenCL/inc_vendor.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/OpenCL/inc_vendor.h b/OpenCL/inc_vendor.h index 8cdd60673..06e3d15e6 100644 --- a/OpenCL/inc_vendor.h +++ b/OpenCL/inc_vendor.h @@ -148,6 +148,11 @@ #define USE_ROTATE #endif +#ifdef IS_INTEL_SDK +#define USE_BITSELECT +#define USE_ROTATE +#endif + #ifdef IS_OPENCL //#define USE_BITSELECT //#define USE_ROTATE From 4fafca4747e02121ec65b7d066d78c95d91caefe Mon Sep 17 00:00:00 2001 From: thesubtlety Date: Mon, 2 Mar 2020 19:12:47 -0800 Subject: [PATCH 263/300] Add new module for 389-ds --- src/modules/module_23911.c | 388 +++++++++++++++++++++++++++++++++++ tools/test_modules/m23911.pm | 77 +++++++ 2 files changed, 465 insertions(+) create mode 100644 src/modules/module_23911.c create mode 100644 tools/test_modules/m23911.pm diff --git a/src/modules/module_23911.c b/src/modules/module_23911.c new file mode 100644 index 000000000..b014bac33 --- /dev/null +++ b/src/modules/module_23911.c @@ -0,0 +1,388 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; + +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_64; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_SERVER; +static const char *HASH_NAME = "RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256)"; +static const u64 KERN_TYPE = 10900; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "{PBKDF2_SHA256}AACkEGhlaiBqZW5z/jtuSox0CrtV9SHiVFjYeHpQ/ki2kwDrQeSqiiTn8LOmpPCw3r6TK/JDfl+ZAXRoc3VidGxldHllIXuxBDl6ItQOMupkRn+hzi/LEdr62a7B9sNOo8BPL9Z2nOi/m9AI+nAd/qwpLD1fbeDgs2DdpCZ4QfljuCLRBdURZV3HcXDUjD7PZ1CQcIOv9VbFlbu0IBmiU7ccMyb/qoxi+rPMqE4U8f6hL0TQjTjlOzU9MpPYS+WfztpYy7lEN6QghhOz0xe+0y2rDoK+yCS4PykkNS4FFc+xeiT6SNy3r7m+0teyaQKOExLrjogWkj+t+e4bMpHNx/FL3jkjCsuZnhq/t8eshG9DKmeD9b/QMkqT8dxe0jmr0s4+GnmHpMQMAxYW3pg70TluiDp3kJrDr1/d8OQerkQRevNx"; + +static const u32 HASH_LEN_RAW = 256; +static const u32 SALT_LEN_RAW = 64; +static const u32 ITER_LEN_RAW = 4; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pbkdf2_sha256 +{ + u32 salt_buf[64]; + +} pbkdf2_sha256_t; + +typedef struct pbkdf2_sha256_tmp +{ + u32 ipad[8]; + u32 opad[8]; + + u32 dgst[32]; + u32 out[32]; + +} pbkdf2_sha256_tmp_t; + +static const char *SIGNATURE_REDHAT_PBKDF2_SHA256 = "{PBKDF2_SHA256}"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pbkdf2_sha256_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pbkdf2_sha256_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pbkdf2_sha256_t *pbkdf2_sha256 = (pbkdf2_sha256_t *) esalt_buf; + + token_t token; + + token.token_cnt = 2; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_REDHAT_PBKDF2_SHA256; + + //length of signature + token.len[0] = 15; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + //length of base64 encoded hash + token.len_min[1] = 432; + token.len_max[1] = 432; + + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE64A; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + //read hash into tmp_buf + + const u8 *tmp_pos = token.buf[1]; + const int tmp_len = token.len[1]; + + u8 tmp_buf[324]; + + memset (tmp_buf, 0, sizeof (tmp_buf)); + + const int base64_decode_len = base64_decode (base64_to_int, tmp_pos, tmp_len, tmp_buf); + + if (base64_decode_len != (4 + 64 + 256)) return (PARSER_HASH_LENGTH); + + // iter + + u8 *iter_pos = tmp_buf; + + uint32_t iters[4] = {0}; + + memcpy (iters, iter_pos, ITER_LEN_RAW); + + // implementation does a ntohl(*iters) + salt->salt_iter = byte_swap_32(*iters) - 1; + + // salt + + u8 *salt_pos = tmp_buf + ITER_LEN_RAW; + + salt->salt_len = SALT_LEN_RAW; + + u8 *salt_buf_ptr = (u8 *) pbkdf2_sha256->salt_buf; + memcpy (salt_buf_ptr, salt_pos, SALT_LEN_RAW); + + // hash + + u8 *hash_pos = tmp_buf + ITER_LEN_RAW + SALT_LEN_RAW; + memcpy(digest, hash_pos, HASH_LEN_RAW); + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + digest[4] = byte_swap_32 (digest[4]); + digest[5] = byte_swap_32 (digest[5]); + digest[6] = byte_swap_32 (digest[6]); + digest[7] = byte_swap_32 (digest[7]); + digest[8] = byte_swap_32 (digest[8]); + digest[9] = byte_swap_32 (digest[9]); + digest[10] = byte_swap_32 (digest[10]); + digest[11] = byte_swap_32 (digest[11]); + digest[12] = byte_swap_32 (digest[12]); + digest[13] = byte_swap_32 (digest[13]); + digest[14] = byte_swap_32 (digest[14]); + digest[15] = byte_swap_32 (digest[15]); + digest[16] = byte_swap_32 (digest[16]); + digest[17] = byte_swap_32 (digest[17]); + digest[18] = byte_swap_32 (digest[18]); + digest[19] = byte_swap_32 (digest[19]); + digest[20] = byte_swap_32 (digest[20]); + digest[21] = byte_swap_32 (digest[21]); + digest[22] = byte_swap_32 (digest[22]); + digest[23] = byte_swap_32 (digest[23]); + digest[24] = byte_swap_32 (digest[24]); + digest[25] = byte_swap_32 (digest[25]); + digest[26] = byte_swap_32 (digest[26]); + digest[27] = byte_swap_32 (digest[27]); + digest[28] = byte_swap_32 (digest[28]); + digest[29] = byte_swap_32 (digest[29]); + digest[30] = byte_swap_32 (digest[30]); + digest[31] = byte_swap_32 (digest[31]); + digest[32] = byte_swap_32 (digest[32]); + digest[33] = byte_swap_32 (digest[33]); + digest[34] = byte_swap_32 (digest[34]); + digest[35] = byte_swap_32 (digest[35]); + digest[36] = byte_swap_32 (digest[36]); + digest[37] = byte_swap_32 (digest[37]); + digest[38] = byte_swap_32 (digest[38]); + digest[39] = byte_swap_32 (digest[39]); + digest[40] = byte_swap_32 (digest[40]); + digest[41] = byte_swap_32 (digest[41]); + digest[42] = byte_swap_32 (digest[42]); + digest[43] = byte_swap_32 (digest[43]); + digest[44] = byte_swap_32 (digest[44]); + digest[45] = byte_swap_32 (digest[45]); + digest[46] = byte_swap_32 (digest[46]); + digest[47] = byte_swap_32 (digest[47]); + digest[48] = byte_swap_32 (digest[48]); + digest[49] = byte_swap_32 (digest[49]); + digest[50] = byte_swap_32 (digest[50]); + digest[51] = byte_swap_32 (digest[51]); + digest[52] = byte_swap_32 (digest[52]); + digest[53] = byte_swap_32 (digest[53]); + digest[54] = byte_swap_32 (digest[54]); + digest[55] = byte_swap_32 (digest[55]); + digest[56] = byte_swap_32 (digest[56]); + digest[57] = byte_swap_32 (digest[57]); + digest[58] = byte_swap_32 (digest[58]); + digest[59] = byte_swap_32 (digest[59]); + digest[60] = byte_swap_32 (digest[60]); + digest[61] = byte_swap_32 (digest[61]); + digest[62] = byte_swap_32 (digest[62]); + digest[63] = byte_swap_32 (digest[63]); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const pbkdf2_sha256_t *pbkdf2_sha256 = (pbkdf2_sha256_t *) esalt_buf; + + u32 tmp_digest[64]; + tmp_digest[0] = byte_swap_32 (digest[0]); + tmp_digest[1] = byte_swap_32 (digest[1]); + tmp_digest[2] = byte_swap_32 (digest[2]); + tmp_digest[3] = byte_swap_32 (digest[3]); + tmp_digest[4] = byte_swap_32 (digest[4]); + tmp_digest[5] = byte_swap_32 (digest[5]); + tmp_digest[6] = byte_swap_32 (digest[6]); + tmp_digest[7] = byte_swap_32 (digest[7]); + tmp_digest[8] = byte_swap_32 (digest[8]); + tmp_digest[9] = byte_swap_32 (digest[9]); + tmp_digest[10] = byte_swap_32 (digest[10]); + tmp_digest[11] = byte_swap_32 (digest[11]); + tmp_digest[12] = byte_swap_32 (digest[12]); + tmp_digest[13] = byte_swap_32 (digest[13]); + tmp_digest[14] = byte_swap_32 (digest[14]); + tmp_digest[15] = byte_swap_32 (digest[15]); + tmp_digest[16] = byte_swap_32 (digest[16]); + tmp_digest[17] = byte_swap_32 (digest[17]); + tmp_digest[18] = byte_swap_32 (digest[18]); + tmp_digest[19] = byte_swap_32 (digest[19]); + tmp_digest[20] = byte_swap_32 (digest[20]); + tmp_digest[21] = byte_swap_32 (digest[21]); + tmp_digest[22] = byte_swap_32 (digest[22]); + tmp_digest[23] = byte_swap_32 (digest[23]); + tmp_digest[24] = byte_swap_32 (digest[24]); + tmp_digest[25] = byte_swap_32 (digest[25]); + tmp_digest[26] = byte_swap_32 (digest[26]); + tmp_digest[27] = byte_swap_32 (digest[27]); + tmp_digest[28] = byte_swap_32 (digest[28]); + tmp_digest[29] = byte_swap_32 (digest[29]); + tmp_digest[30] = byte_swap_32 (digest[30]); + tmp_digest[31] = byte_swap_32 (digest[31]); + tmp_digest[32] = byte_swap_32 (digest[32]); + tmp_digest[33] = byte_swap_32 (digest[33]); + tmp_digest[34] = byte_swap_32 (digest[34]); + tmp_digest[35] = byte_swap_32 (digest[35]); + tmp_digest[36] = byte_swap_32 (digest[36]); + tmp_digest[37] = byte_swap_32 (digest[37]); + tmp_digest[38] = byte_swap_32 (digest[38]); + tmp_digest[39] = byte_swap_32 (digest[39]); + tmp_digest[40] = byte_swap_32 (digest[40]); + tmp_digest[41] = byte_swap_32 (digest[41]); + tmp_digest[42] = byte_swap_32 (digest[42]); + tmp_digest[43] = byte_swap_32 (digest[43]); + tmp_digest[44] = byte_swap_32 (digest[44]); + tmp_digest[45] = byte_swap_32 (digest[45]); + tmp_digest[46] = byte_swap_32 (digest[46]); + tmp_digest[47] = byte_swap_32 (digest[47]); + tmp_digest[48] = byte_swap_32 (digest[48]); + tmp_digest[49] = byte_swap_32 (digest[49]); + tmp_digest[50] = byte_swap_32 (digest[50]); + tmp_digest[51] = byte_swap_32 (digest[51]); + tmp_digest[52] = byte_swap_32 (digest[52]); + tmp_digest[53] = byte_swap_32 (digest[53]); + tmp_digest[54] = byte_swap_32 (digest[54]); + tmp_digest[55] = byte_swap_32 (digest[55]); + tmp_digest[56] = byte_swap_32 (digest[56]); + tmp_digest[57] = byte_swap_32 (digest[57]); + tmp_digest[58] = byte_swap_32 (digest[58]); + tmp_digest[59] = byte_swap_32 (digest[59]); + tmp_digest[60] = byte_swap_32 (digest[60]); + tmp_digest[61] = byte_swap_32 (digest[61]); + tmp_digest[62] = byte_swap_32 (digest[62]); + tmp_digest[63] = byte_swap_32 (digest[63]); + + char tmp_buf[324] = { 0 }; + memset (tmp_buf, 0, sizeof (tmp_buf)); + + uint32_t salt_iters[4] = { 0 }; + + salt_iters[0] = byte_swap_32 (salt->salt_iter + 1); //htonl(salt->salt_iter); + + memcpy (tmp_buf, salt_iters, 4); + memcpy (tmp_buf + 4, pbkdf2_sha256->salt_buf, salt->salt_len); + memcpy (tmp_buf + 4 + 64, tmp_digest, 256); + + char ptr_plain[433] = { 0 }; + + base64_encode (int_to_base64, (const u8 *) tmp_buf, 324, (u8 *) ptr_plain); + + const int line_len = snprintf (line_buf, line_size, "%s%s", SIGNATURE_REDHAT_PBKDF2_SHA256, ptr_plain); + + return line_len; + +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} + diff --git a/tools/test_modules/m23911.pm b/tools/test_modules/m23911.pm new file mode 100644 index 000000000..fe7269069 --- /dev/null +++ b/tools/test_modules/m23911.pm @@ -0,0 +1,77 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; +use Crypt::PBKDF2; +use MIME::Base64; + +sub module_constraints { [[0, 256], [64, 64], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $iter = shift // 10000; + + if (length $salt == 0) + { + $salt = random_bytes (16); + } + + my $pbkdf2 = Crypt::PBKDF2->new( + hash_class => 'HMACSHA2', + iterations => $iter, + output_len => 256, + salt_len => 64, + ); + my $p = $pbkdf2->generate($word, $salt); + + my $decoded_hash = $pbkdf2->decode_string($p); + + my $diter = $decoded_hash->{"iterations"}; + + my $iterbytes = pack('I', unpack('N*', pack('L*', $diter))); + + my $dsalt = $decoded_hash->{"salt"}; + + my $dhash = $decoded_hash->{"hash"}; + + my $tmp = $iterbytes . $dsalt . $dhash; + + my $hash = "{PBKDF2_SHA256}" . encode_base64($tmp, ''); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my ($hash, $word) = split (':', $line); + + return unless (substr ($hash, 0, 15) eq '{PBKDF2_SHA256}'); + + my $hashbytes = decode_base64(substr ($hash, 15, length $hash)); + + my $iterbytes = substr $hashbytes, 0, 4; + + my $iter = unpack('N*', pack('L*', unpack("I",$iterbytes))); + + my $salt = substr $hashbytes, 4, 64; + + return unless defined $salt; + return unless defined $iter; + return unless defined $word; + + my $new_hash = module_generate_hash ($word, $salt, $iter); + + return ($new_hash, $word); +} + +1; + From b4bac70bd683b6db13054950a6bdc710d7c03cf0 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 3 Mar 2020 08:52:26 +0100 Subject: [PATCH 264/300] Remove inline keyword in DECLSPEC for CPU --- OpenCL/inc_vendor.h | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/OpenCL/inc_vendor.h b/OpenCL/inc_vendor.h index 06e3d15e6..1ba5833eb 100644 --- a/OpenCL/inc_vendor.h +++ b/OpenCL/inc_vendor.h @@ -110,16 +110,12 @@ * fast but pure kernels on rocm is a good example */ -#if defined IS_CPU -#define DECLSPEC inline -#elif defined IS_GPU +#define DECLSPEC + #if defined IS_AMD +#if defined IS_GPU #define DECLSPEC inline static -#else -#define DECLSPEC #endif -#else -#define DECLSPEC #endif /** @@ -149,8 +145,10 @@ #endif #ifdef IS_INTEL_SDK -#define USE_BITSELECT -#define USE_ROTATE +#ifdef IS_CPU +//#define USE_BITSELECT +//#define USE_ROTATE +#endif #endif #ifdef IS_OPENCL From ef47811c9d5bd0354b0b78e37f8152058a4d83f0 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 3 Mar 2020 09:55:13 +0100 Subject: [PATCH 265/300] Rename 23911 to 10901 and populate salt->salt_buf[] --- docs/changes.txt | 1 + docs/readme.txt | 1 + .../{module_23911.c => module_10901.c} | 183 +++--------------- tools/test_modules/{m23911.pm => m10901.pm} | 3 +- 4 files changed, 34 insertions(+), 154 deletions(-) rename src/modules/{module_23911.c => module_10901.c} (62%) rename tools/test_modules/{m23911.pm => m10901.pm} (92%) diff --git a/docs/changes.txt b/docs/changes.txt index 45b99f56d..dfea6fb71 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -53,6 +53,7 @@ - Added hash-mode: QNX /etc/shadow (MD5) - Added hash-mode: QNX /etc/shadow (SHA256) - Added hash-mode: QNX /etc/shadow (SHA512) +- Added hash-mode: RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256) - Added hash-mode: Ruby on Rails Restful-Authentication - Added hash-mode: sha1(md5(md5($pass))) - Added hash-mode: sha1(md5($pass.$salt)) diff --git a/docs/readme.txt b/docs/readme.txt index bcd8b2fec..372197e3d 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -220,6 +220,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (9.0 or - CRAM-MD5 Dovecot - SSHA-256(Base64), LDAP {SSHA256} - SSHA-512(Base64), LDAP {SSHA512} +- RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256) - FileZilla Server >= 0.9.55 - ColdFusion 10+ - Apache $apr1$ MD5, md5apr1, MD5 (APR) diff --git a/src/modules/module_23911.c b/src/modules/module_10901.c similarity index 62% rename from src/modules/module_23911.c rename to src/modules/module_10901.c index b014bac33..0ecf50529 100644 --- a/src/modules/module_23911.c +++ b/src/modules/module_10901.c @@ -25,11 +25,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; -static const char *ST_HASH = "{PBKDF2_SHA256}AACkEGhlaiBqZW5z/jtuSox0CrtV9SHiVFjYeHpQ/ki2kwDrQeSqiiTn8LOmpPCw3r6TK/JDfl+ZAXRoc3VidGxldHllIXuxBDl6ItQOMupkRn+hzi/LEdr62a7B9sNOo8BPL9Z2nOi/m9AI+nAd/qwpLD1fbeDgs2DdpCZ4QfljuCLRBdURZV3HcXDUjD7PZ1CQcIOv9VbFlbu0IBmiU7ccMyb/qoxi+rPMqE4U8f6hL0TQjTjlOzU9MpPYS+WfztpYy7lEN6QghhOz0xe+0y2rDoK+yCS4PykkNS4FFc+xeiT6SNy3r7m+0teyaQKOExLrjogWkj+t+e4bMpHNx/FL3jkjCsuZnhq/t8eshG9DKmeD9b/QMkqT8dxe0jmr0s4+GnmHpMQMAxYW3pg70TluiDp3kJrDr1/d8OQerkQRevNx"; - -static const u32 HASH_LEN_RAW = 256; -static const u32 SALT_LEN_RAW = 64; -static const u32 ITER_LEN_RAW = 4; +static const char *ST_HASH = "{PBKDF2_SHA256}AAAgADkxMjM2NTIzMzgzMjQ3MjI4MDAwNTk5OTAyOTk4NDI2MjkyMzAzNjg0NjQwOTMxNjI3OTMzNjg0MDI0OTY5NTe5ULagRTYpLaUoeqJMg8x9W/DXu+9VTFaVhaYvebYrY+sOqn1ZMRnws22C1uAkiE2tFM8qN+xw5xe7OmCPZ203NuruK4oB33QlsKIEz4ppm0TR94JB9PJx7lIQwFHD3FUNUNryj4jk6UYyJ4+V1Z9Ug/Iy/ylQBJgfs5ihzgxHYZrfp1wUCXFzlZG9mxmziPm8VFnAhaX4+FBAZvLAx33jpbKOwEg7TmwP2VJ8BNFLQRqwYdlqIjQlAhncXH+dqIF9VdM4MonAA0hx76bMvFTP7LF5VO1IqVmcuYz7YG9v4KKRjnvoUUqOj6okUBQTay3EzsdFVnUW1FemYOccJd5q"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } @@ -64,6 +60,10 @@ typedef struct pbkdf2_sha256_tmp static const char *SIGNATURE_REDHAT_PBKDF2_SHA256 = "{PBKDF2_SHA256}"; +static const int HASH_LEN_RAW = 256; +static const int SALT_LEN_RAW = 64; +static const int ITER_LEN_RAW = 4; + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (pbkdf2_sha256_t); @@ -106,7 +106,6 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE //length of base64 encoded hash token.len_min[1] = 432; token.len_max[1] = 432; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_BASE64A; @@ -119,103 +118,43 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *tmp_pos = token.buf[1]; const int tmp_len = token.len[1]; - u8 tmp_buf[324]; + u8 tmp_buf[512]; memset (tmp_buf, 0, sizeof (tmp_buf)); const int base64_decode_len = base64_decode (base64_to_int, tmp_pos, tmp_len, tmp_buf); - if (base64_decode_len != (4 + 64 + 256)) return (PARSER_HASH_LENGTH); + if (base64_decode_len != (ITER_LEN_RAW + SALT_LEN_RAW + HASH_LEN_RAW)) return (PARSER_HASH_LENGTH); // iter u8 *iter_pos = tmp_buf; - uint32_t iters[4] = {0}; + u32 salt_iter; - memcpy (iters, iter_pos, ITER_LEN_RAW); + memcpy (&salt_iter, iter_pos, ITER_LEN_RAW); - // implementation does a ntohl(*iters) - salt->salt_iter = byte_swap_32(*iters) - 1; + salt_iter = byte_swap_32 (salt_iter); // implementation does a ntohl() + + salt->salt_iter = salt_iter - 1; // salt u8 *salt_pos = tmp_buf + ITER_LEN_RAW; - salt->salt_len = SALT_LEN_RAW; + salt->salt_len = SALT_LEN_RAW; - u8 *salt_buf_ptr = (u8 *) pbkdf2_sha256->salt_buf; - memcpy (salt_buf_ptr, salt_pos, SALT_LEN_RAW); + memcpy (pbkdf2_sha256->salt_buf, salt_pos, SALT_LEN_RAW); + + for (int i = 0; i < SALT_LEN_RAW / 4; i++) salt->salt_buf[i] = pbkdf2_sha256->salt_buf[i]; // hash u8 *hash_pos = tmp_buf + ITER_LEN_RAW + SALT_LEN_RAW; - memcpy(digest, hash_pos, HASH_LEN_RAW); - digest[0] = byte_swap_32 (digest[0]); - digest[1] = byte_swap_32 (digest[1]); - digest[2] = byte_swap_32 (digest[2]); - digest[3] = byte_swap_32 (digest[3]); - digest[4] = byte_swap_32 (digest[4]); - digest[5] = byte_swap_32 (digest[5]); - digest[6] = byte_swap_32 (digest[6]); - digest[7] = byte_swap_32 (digest[7]); - digest[8] = byte_swap_32 (digest[8]); - digest[9] = byte_swap_32 (digest[9]); - digest[10] = byte_swap_32 (digest[10]); - digest[11] = byte_swap_32 (digest[11]); - digest[12] = byte_swap_32 (digest[12]); - digest[13] = byte_swap_32 (digest[13]); - digest[14] = byte_swap_32 (digest[14]); - digest[15] = byte_swap_32 (digest[15]); - digest[16] = byte_swap_32 (digest[16]); - digest[17] = byte_swap_32 (digest[17]); - digest[18] = byte_swap_32 (digest[18]); - digest[19] = byte_swap_32 (digest[19]); - digest[20] = byte_swap_32 (digest[20]); - digest[21] = byte_swap_32 (digest[21]); - digest[22] = byte_swap_32 (digest[22]); - digest[23] = byte_swap_32 (digest[23]); - digest[24] = byte_swap_32 (digest[24]); - digest[25] = byte_swap_32 (digest[25]); - digest[26] = byte_swap_32 (digest[26]); - digest[27] = byte_swap_32 (digest[27]); - digest[28] = byte_swap_32 (digest[28]); - digest[29] = byte_swap_32 (digest[29]); - digest[30] = byte_swap_32 (digest[30]); - digest[31] = byte_swap_32 (digest[31]); - digest[32] = byte_swap_32 (digest[32]); - digest[33] = byte_swap_32 (digest[33]); - digest[34] = byte_swap_32 (digest[34]); - digest[35] = byte_swap_32 (digest[35]); - digest[36] = byte_swap_32 (digest[36]); - digest[37] = byte_swap_32 (digest[37]); - digest[38] = byte_swap_32 (digest[38]); - digest[39] = byte_swap_32 (digest[39]); - digest[40] = byte_swap_32 (digest[40]); - digest[41] = byte_swap_32 (digest[41]); - digest[42] = byte_swap_32 (digest[42]); - digest[43] = byte_swap_32 (digest[43]); - digest[44] = byte_swap_32 (digest[44]); - digest[45] = byte_swap_32 (digest[45]); - digest[46] = byte_swap_32 (digest[46]); - digest[47] = byte_swap_32 (digest[47]); - digest[48] = byte_swap_32 (digest[48]); - digest[49] = byte_swap_32 (digest[49]); - digest[50] = byte_swap_32 (digest[50]); - digest[51] = byte_swap_32 (digest[51]); - digest[52] = byte_swap_32 (digest[52]); - digest[53] = byte_swap_32 (digest[53]); - digest[54] = byte_swap_32 (digest[54]); - digest[55] = byte_swap_32 (digest[55]); - digest[56] = byte_swap_32 (digest[56]); - digest[57] = byte_swap_32 (digest[57]); - digest[58] = byte_swap_32 (digest[58]); - digest[59] = byte_swap_32 (digest[59]); - digest[60] = byte_swap_32 (digest[60]); - digest[61] = byte_swap_32 (digest[61]); - digest[62] = byte_swap_32 (digest[62]); - digest[63] = byte_swap_32 (digest[63]); + memcpy (digest, hash_pos, HASH_LEN_RAW); + + for (int i = 0; i < HASH_LEN_RAW / 4; i++) digest[i] = byte_swap_32 (digest[i]); return (PARSER_OK); } @@ -227,90 +166,28 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const pbkdf2_sha256_t *pbkdf2_sha256 = (pbkdf2_sha256_t *) esalt_buf; u32 tmp_digest[64]; - tmp_digest[0] = byte_swap_32 (digest[0]); - tmp_digest[1] = byte_swap_32 (digest[1]); - tmp_digest[2] = byte_swap_32 (digest[2]); - tmp_digest[3] = byte_swap_32 (digest[3]); - tmp_digest[4] = byte_swap_32 (digest[4]); - tmp_digest[5] = byte_swap_32 (digest[5]); - tmp_digest[6] = byte_swap_32 (digest[6]); - tmp_digest[7] = byte_swap_32 (digest[7]); - tmp_digest[8] = byte_swap_32 (digest[8]); - tmp_digest[9] = byte_swap_32 (digest[9]); - tmp_digest[10] = byte_swap_32 (digest[10]); - tmp_digest[11] = byte_swap_32 (digest[11]); - tmp_digest[12] = byte_swap_32 (digest[12]); - tmp_digest[13] = byte_swap_32 (digest[13]); - tmp_digest[14] = byte_swap_32 (digest[14]); - tmp_digest[15] = byte_swap_32 (digest[15]); - tmp_digest[16] = byte_swap_32 (digest[16]); - tmp_digest[17] = byte_swap_32 (digest[17]); - tmp_digest[18] = byte_swap_32 (digest[18]); - tmp_digest[19] = byte_swap_32 (digest[19]); - tmp_digest[20] = byte_swap_32 (digest[20]); - tmp_digest[21] = byte_swap_32 (digest[21]); - tmp_digest[22] = byte_swap_32 (digest[22]); - tmp_digest[23] = byte_swap_32 (digest[23]); - tmp_digest[24] = byte_swap_32 (digest[24]); - tmp_digest[25] = byte_swap_32 (digest[25]); - tmp_digest[26] = byte_swap_32 (digest[26]); - tmp_digest[27] = byte_swap_32 (digest[27]); - tmp_digest[28] = byte_swap_32 (digest[28]); - tmp_digest[29] = byte_swap_32 (digest[29]); - tmp_digest[30] = byte_swap_32 (digest[30]); - tmp_digest[31] = byte_swap_32 (digest[31]); - tmp_digest[32] = byte_swap_32 (digest[32]); - tmp_digest[33] = byte_swap_32 (digest[33]); - tmp_digest[34] = byte_swap_32 (digest[34]); - tmp_digest[35] = byte_swap_32 (digest[35]); - tmp_digest[36] = byte_swap_32 (digest[36]); - tmp_digest[37] = byte_swap_32 (digest[37]); - tmp_digest[38] = byte_swap_32 (digest[38]); - tmp_digest[39] = byte_swap_32 (digest[39]); - tmp_digest[40] = byte_swap_32 (digest[40]); - tmp_digest[41] = byte_swap_32 (digest[41]); - tmp_digest[42] = byte_swap_32 (digest[42]); - tmp_digest[43] = byte_swap_32 (digest[43]); - tmp_digest[44] = byte_swap_32 (digest[44]); - tmp_digest[45] = byte_swap_32 (digest[45]); - tmp_digest[46] = byte_swap_32 (digest[46]); - tmp_digest[47] = byte_swap_32 (digest[47]); - tmp_digest[48] = byte_swap_32 (digest[48]); - tmp_digest[49] = byte_swap_32 (digest[49]); - tmp_digest[50] = byte_swap_32 (digest[50]); - tmp_digest[51] = byte_swap_32 (digest[51]); - tmp_digest[52] = byte_swap_32 (digest[52]); - tmp_digest[53] = byte_swap_32 (digest[53]); - tmp_digest[54] = byte_swap_32 (digest[54]); - tmp_digest[55] = byte_swap_32 (digest[55]); - tmp_digest[56] = byte_swap_32 (digest[56]); - tmp_digest[57] = byte_swap_32 (digest[57]); - tmp_digest[58] = byte_swap_32 (digest[58]); - tmp_digest[59] = byte_swap_32 (digest[59]); - tmp_digest[60] = byte_swap_32 (digest[60]); - tmp_digest[61] = byte_swap_32 (digest[61]); - tmp_digest[62] = byte_swap_32 (digest[62]); - tmp_digest[63] = byte_swap_32 (digest[63]); - char tmp_buf[324] = { 0 }; + for (int i = 0; i < HASH_LEN_RAW / 4; i++) tmp_digest[i] = byte_swap_32 (digest[i]); + + char tmp_buf[512]; + memset (tmp_buf, 0, sizeof (tmp_buf)); - uint32_t salt_iters[4] = { 0 }; + const u32 salt_iters = byte_swap_32 (salt->salt_iter + 1); //htonl (salt->salt_iter); - salt_iters[0] = byte_swap_32 (salt->salt_iter + 1); //htonl(salt->salt_iter); + memcpy (tmp_buf, &salt_iters, ITER_LEN_RAW); + memcpy (tmp_buf + ITER_LEN_RAW, pbkdf2_sha256->salt_buf, salt->salt_len); + memcpy (tmp_buf + ITER_LEN_RAW + SALT_LEN_RAW, tmp_digest, HASH_LEN_RAW); - memcpy (tmp_buf, salt_iters, 4); - memcpy (tmp_buf + 4, pbkdf2_sha256->salt_buf, salt->salt_len); - memcpy (tmp_buf + 4 + 64, tmp_digest, 256); + char ptr_plain[512]; - char ptr_plain[433] = { 0 }; + memset (ptr_plain, 0, sizeof (ptr_plain)); - base64_encode (int_to_base64, (const u8 *) tmp_buf, 324, (u8 *) ptr_plain); + base64_encode (int_to_base64, (const u8 *) tmp_buf, (ITER_LEN_RAW + SALT_LEN_RAW + HASH_LEN_RAW), (u8 *) ptr_plain); const int line_len = snprintf (line_buf, line_size, "%s%s", SIGNATURE_REDHAT_PBKDF2_SHA256, ptr_plain); return line_len; - } void module_init (module_ctx_t *module_ctx) diff --git a/tools/test_modules/m23911.pm b/tools/test_modules/m10901.pm similarity index 92% rename from tools/test_modules/m23911.pm rename to tools/test_modules/m10901.pm index fe7269069..d74ee2c29 100644 --- a/tools/test_modules/m23911.pm +++ b/tools/test_modules/m10901.pm @@ -16,7 +16,7 @@ sub module_generate_hash { my $word = shift; my $salt = shift; - my $iter = shift // 10000; + my $iter = shift // 8192; ## https://pagure.io/389-ds-base/blob/master/f/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c if (length $salt == 0) { @@ -29,6 +29,7 @@ sub module_generate_hash output_len => 256, salt_len => 64, ); + my $p = $pbkdf2->generate($word, $salt); my $decoded_hash = $pbkdf2->decode_string($p); From 61fe90bacb02c1bde820107be775a9a05c5e803e Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 3 Mar 2020 12:36:55 +0100 Subject: [PATCH 266/300] Use oldschool SHA1 kernel for CPU it's slightly faster --- OpenCL/inc_hash_sha1.cl | 240 ++++++++++++++++++++++++++++++++++++++++ OpenCL/inc_vendor.h | 8 +- 2 files changed, 243 insertions(+), 5 deletions(-) diff --git a/OpenCL/inc_hash_sha1.cl b/OpenCL/inc_hash_sha1.cl index 7f1da4105..a8f754c1a 100644 --- a/OpenCL/inc_hash_sha1.cl +++ b/OpenCL/inc_hash_sha1.cl @@ -22,6 +22,124 @@ DECLSPEC void sha1_transform (const u32 *w0, const u32 *w1, const u32 *w2, const u32 d = digest[3]; u32 e = digest[4]; + #ifdef IS_CPU + + u32 w0_t = w0[0]; + u32 w1_t = w0[1]; + u32 w2_t = w0[2]; + u32 w3_t = w0[3]; + u32 w4_t = w1[0]; + u32 w5_t = w1[1]; + u32 w6_t = w1[2]; + u32 w7_t = w1[3]; + u32 w8_t = w2[0]; + u32 w9_t = w2[1]; + u32 wa_t = w2[2]; + u32 wb_t = w2[3]; + u32 wc_t = w3[0]; + u32 wd_t = w3[1]; + u32 we_t = w3[2]; + u32 wf_t = w3[3]; + + #define K SHA1C00 + + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w0_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w1_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w2_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w3_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w4_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w5_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w6_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w7_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w8_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w9_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, wa_t); + SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, wb_t); + SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, wc_t); + SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, wd_t); + SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, we_t); + SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, wf_t); + w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w0_t); + w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w1_t); + w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w2_t); + w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w3_t); + + #undef K + #define K SHA1C01 + + w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w4_t); + w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w5_t); + w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w6_t); + w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w7_t); + w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w8_t); + w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w9_t); + wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wa_t); + wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, wb_t); + wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, wc_t); + wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wd_t); + we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, we_t); + wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wf_t); + w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w0_t); + w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w1_t); + w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w2_t); + w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w3_t); + w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w4_t); + w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w5_t); + w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w6_t); + w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w7_t); + + #undef K + #define K SHA1C02 + + w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w8_t); + w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w9_t); + wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, wa_t); + wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, wb_t); + wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, wc_t); + wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, wd_t); + we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, we_t); + wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, wf_t); + w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w0_t); + w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w1_t); + w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w2_t); + w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w3_t); + w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w4_t); + w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w5_t); + w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w6_t); + w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w7_t); + w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w8_t); + w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w9_t); + wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, wa_t); + wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, wb_t); + + #undef K + #define K SHA1C03 + + wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, wc_t); + wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wd_t); + we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, we_t); + wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, wf_t); + w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w0_t); + w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w1_t); + w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w2_t); + w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w3_t); + w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w4_t); + w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w5_t); + w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w6_t); + w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w7_t); + w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w8_t); + w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w9_t); + wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wa_t); + wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, wb_t); + wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wc_t); + wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, wd_t); + we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, we_t); + wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wf_t); + + #undef K + + #else + u32 w00_t = w0[0]; u32 w01_t = w0[1]; u32 w02_t = w0[2]; @@ -199,6 +317,7 @@ DECLSPEC void sha1_transform (const u32 *w0, const u32 *w1, const u32 *w2, const w4f_t = hc_rotl32_S ((w43_t ^ w2f_t ^ w17_t ^ w0f_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w4f_t); #undef K + #endif digest[0] += a; digest[1] += b; @@ -1500,6 +1619,125 @@ DECLSPEC void sha1_transform_vector (const u32x *w0, const u32x *w1, const u32x u32x d = digest[3]; u32x e = digest[4]; + #ifdef IS_CPU + + + u32x w0_t = w0[0]; + u32x w1_t = w0[1]; + u32x w2_t = w0[2]; + u32x w3_t = w0[3]; + u32x w4_t = w1[0]; + u32x w5_t = w1[1]; + u32x w6_t = w1[2]; + u32x w7_t = w1[3]; + u32x w8_t = w2[0]; + u32x w9_t = w2[1]; + u32x wa_t = w2[2]; + u32x wb_t = w2[3]; + u32x wc_t = w3[0]; + u32x wd_t = w3[1]; + u32x we_t = w3[2]; + u32x wf_t = w3[3]; + + #define K SHA1C00 + + SHA1_STEP (SHA1_F0o, a, b, c, d, e, w0_t); + SHA1_STEP (SHA1_F0o, e, a, b, c, d, w1_t); + SHA1_STEP (SHA1_F0o, d, e, a, b, c, w2_t); + SHA1_STEP (SHA1_F0o, c, d, e, a, b, w3_t); + SHA1_STEP (SHA1_F0o, b, c, d, e, a, w4_t); + SHA1_STEP (SHA1_F0o, a, b, c, d, e, w5_t); + SHA1_STEP (SHA1_F0o, e, a, b, c, d, w6_t); + SHA1_STEP (SHA1_F0o, d, e, a, b, c, w7_t); + SHA1_STEP (SHA1_F0o, c, d, e, a, b, w8_t); + SHA1_STEP (SHA1_F0o, b, c, d, e, a, w9_t); + SHA1_STEP (SHA1_F0o, a, b, c, d, e, wa_t); + SHA1_STEP (SHA1_F0o, e, a, b, c, d, wb_t); + SHA1_STEP (SHA1_F0o, d, e, a, b, c, wc_t); + SHA1_STEP (SHA1_F0o, c, d, e, a, b, wd_t); + SHA1_STEP (SHA1_F0o, b, c, d, e, a, we_t); + SHA1_STEP (SHA1_F0o, a, b, c, d, e, wf_t); + w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F0o, e, a, b, c, d, w0_t); + w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F0o, d, e, a, b, c, w1_t); + w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F0o, c, d, e, a, b, w2_t); + w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F0o, b, c, d, e, a, w3_t); + + #undef K + #define K SHA1C01 + + w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w4_t); + w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w5_t); + w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w6_t); + w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w7_t); + w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w8_t); + w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w9_t); + wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, wa_t); + wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, wb_t); + wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, wc_t); + wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, wd_t); + we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, we_t); + wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, wf_t); + w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w0_t); + w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w1_t); + w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w2_t); + w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w3_t); + w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w4_t); + w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w5_t); + w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w6_t); + w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w7_t); + + #undef K + #define K SHA1C02 + + w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, w8_t); + w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, w9_t); + wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, wa_t); + wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, wb_t); + wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, wc_t); + wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, wd_t); + we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, we_t); + wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, wf_t); + w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, w0_t); + w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, w1_t); + w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, w2_t); + w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, w3_t); + w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, w4_t); + w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, w5_t); + w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, w6_t); + w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F2o, a, b, c, d, e, w7_t); + w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, e, a, b, c, d, w8_t); + w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, d, e, a, b, c, w9_t); + wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, c, d, e, a, b, wa_t); + wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, b, c, d, e, a, wb_t); + + #undef K + #define K SHA1C03 + + wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, wc_t); + wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, wd_t); + we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, we_t); + wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, wf_t); + w0_t = hc_rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w0_t); + w1_t = hc_rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w1_t); + w2_t = hc_rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w2_t); + w3_t = hc_rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w3_t); + w4_t = hc_rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w4_t); + w5_t = hc_rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, w5_t); + w6_t = hc_rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, w6_t); + w7_t = hc_rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, w7_t); + w8_t = hc_rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, w8_t); + w9_t = hc_rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, w9_t); + wa_t = hc_rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, wa_t); + wb_t = hc_rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, a, b, c, d, e, wb_t); + wc_t = hc_rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, e, a, b, c, d, wc_t); + wd_t = hc_rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, d, e, a, b, c, wd_t); + we_t = hc_rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, c, d, e, a, b, we_t); + wf_t = hc_rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, b, c, d, e, a, wf_t); + + #undef K + + #else + u32x w00_t = w0[0]; u32x w01_t = w0[1]; u32x w02_t = w0[2]; @@ -1678,6 +1916,8 @@ DECLSPEC void sha1_transform_vector (const u32x *w0, const u32x *w1, const u32x #undef K + #endif + digest[0] += a; digest[1] += b; digest[2] += c; diff --git a/OpenCL/inc_vendor.h b/OpenCL/inc_vendor.h index 1ba5833eb..cbaf093f5 100644 --- a/OpenCL/inc_vendor.h +++ b/OpenCL/inc_vendor.h @@ -110,12 +110,10 @@ * fast but pure kernels on rocm is a good example */ -#define DECLSPEC - -#if defined IS_AMD -#if defined IS_GPU +#if defined IS_AMD && defined IS_GPU #define DECLSPEC inline static -#endif +#else +#define DECLSPEC #endif /** From e5889c21fb442765ec501901993df5ebf0425edd Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 4 Mar 2020 11:18:52 +0100 Subject: [PATCH 267/300] Fix invalid call to check_header_1536() in -m 13722 --- OpenCL/m13722-pure.cl | 5 ----- 1 file changed, 5 deletions(-) diff --git a/OpenCL/m13722-pure.cl b/OpenCL/m13722-pure.cl index cbcb75044..b2aa906b6 100644 --- a/OpenCL/m13722-pure.cl +++ b/OpenCL/m13722-pure.cl @@ -650,11 +650,6 @@ KERNEL_FQ void m13722_loop_extended (KERN_ATTR_TMPS_ESALT (vc64_tmp_t, vc_t)) tmps[gid].pim = pim_check; } - if (check_header_1536 (esalt_bufs, tmps[gid].pim_key, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) != -1) - { - tmps[gid].pim = pim_check; - } - tmps[gid].pim_check = 0; } } From b6feddd81fdf7e76800a995b9a73716b7956d24b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 4 Mar 2020 13:30:09 +0100 Subject: [PATCH 268/300] Unroll some of the code in the candidate generators --- OpenCL/amp_a1.cl | 69 +++++++++++++- OpenCL/markov_be.cl | 226 ++++++++++++++++++++++++++++++++++++++++---- OpenCL/markov_le.cl | 225 +++++++++++++++++++++++++++++++++++++++---- OpenCL/shared.cl | 81 ++++++++++++++-- 4 files changed, 548 insertions(+), 53 deletions(-) diff --git a/OpenCL/amp_a1.cl b/OpenCL/amp_a1.cl index 5ab241211..1b0ef4c33 100644 --- a/OpenCL/amp_a1.cl +++ b/OpenCL/amp_a1.cl @@ -34,11 +34,70 @@ KERNEL_FQ void amp (GLOBAL_AS pw_t *pws, GLOBAL_AS pw_t *pws_amp, GLOBAL_AS cons switch_buffer_by_offset_1x64_le_S (pw.i, comb_len); } - #pragma unroll - for (int i = 0; i < 64; i++) - { - pw.i[i] |= comb.i[i]; - } + pw.i[ 0] |= comb.i[ 0]; + pw.i[ 1] |= comb.i[ 1]; + pw.i[ 2] |= comb.i[ 2]; + pw.i[ 3] |= comb.i[ 3]; + pw.i[ 4] |= comb.i[ 4]; + pw.i[ 5] |= comb.i[ 5]; + pw.i[ 6] |= comb.i[ 6]; + pw.i[ 7] |= comb.i[ 7]; + pw.i[ 8] |= comb.i[ 8]; + pw.i[ 9] |= comb.i[ 9]; + pw.i[10] |= comb.i[10]; + pw.i[11] |= comb.i[11]; + pw.i[12] |= comb.i[12]; + pw.i[13] |= comb.i[13]; + pw.i[14] |= comb.i[14]; + pw.i[15] |= comb.i[15]; + pw.i[16] |= comb.i[16]; + pw.i[17] |= comb.i[17]; + pw.i[18] |= comb.i[18]; + pw.i[19] |= comb.i[19]; + pw.i[20] |= comb.i[20]; + pw.i[21] |= comb.i[21]; + pw.i[22] |= comb.i[22]; + pw.i[23] |= comb.i[23]; + pw.i[24] |= comb.i[24]; + pw.i[25] |= comb.i[25]; + pw.i[26] |= comb.i[26]; + pw.i[27] |= comb.i[27]; + pw.i[28] |= comb.i[28]; + pw.i[29] |= comb.i[29]; + pw.i[30] |= comb.i[30]; + pw.i[31] |= comb.i[31]; + pw.i[32] |= comb.i[32]; + pw.i[33] |= comb.i[33]; + pw.i[34] |= comb.i[34]; + pw.i[35] |= comb.i[35]; + pw.i[36] |= comb.i[36]; + pw.i[37] |= comb.i[37]; + pw.i[38] |= comb.i[38]; + pw.i[39] |= comb.i[39]; + pw.i[40] |= comb.i[40]; + pw.i[41] |= comb.i[41]; + pw.i[42] |= comb.i[42]; + pw.i[43] |= comb.i[43]; + pw.i[44] |= comb.i[44]; + pw.i[45] |= comb.i[45]; + pw.i[46] |= comb.i[46]; + pw.i[47] |= comb.i[47]; + pw.i[48] |= comb.i[48]; + pw.i[49] |= comb.i[49]; + pw.i[50] |= comb.i[50]; + pw.i[51] |= comb.i[51]; + pw.i[52] |= comb.i[52]; + pw.i[53] |= comb.i[53]; + pw.i[54] |= comb.i[54]; + pw.i[55] |= comb.i[55]; + pw.i[56] |= comb.i[56]; + pw.i[57] |= comb.i[57]; + pw.i[58] |= comb.i[58]; + pw.i[59] |= comb.i[59]; + pw.i[60] |= comb.i[60]; + pw.i[61] |= comb.i[61]; + pw.i[62] |= comb.i[62]; + pw.i[63] |= comb.i[63]; pw.pw_len = pw_len + comb_len; diff --git a/OpenCL/markov_be.cl b/OpenCL/markov_be.cl index a69e5e691..8463bcfe2 100644 --- a/OpenCL/markov_be.cl +++ b/OpenCL/markov_be.cl @@ -52,17 +52,79 @@ KERNEL_FQ void l_markov (GLOBAL_AS pw_t *pws_buf_l, GLOBAL_AS const cs_t *root_c if (gid >= gid_max) return; - u32 pw_buf[64] = { 0 }; - generate_pw (pw_buf, root_css_buf, markov_css_buf, pw_l_len, pw_r_len, mask80, bits14, bits15, off + gid); + pw_t pw; - #pragma unroll - for (int idx = 0; idx < 64; idx++) - { - pws_buf_l[gid].i[idx] = pw_buf[idx]; - } + pw.i[ 0] = 0; + pw.i[ 1] = 0; + pw.i[ 2] = 0; + pw.i[ 3] = 0; + pw.i[ 4] = 0; + pw.i[ 5] = 0; + pw.i[ 6] = 0; + pw.i[ 7] = 0; + pw.i[ 8] = 0; + pw.i[ 9] = 0; + pw.i[10] = 0; + pw.i[11] = 0; + pw.i[12] = 0; + pw.i[13] = 0; + pw.i[14] = 0; + pw.i[15] = 0; + pw.i[16] = 0; + pw.i[17] = 0; + pw.i[18] = 0; + pw.i[19] = 0; + pw.i[20] = 0; + pw.i[21] = 0; + pw.i[22] = 0; + pw.i[23] = 0; + pw.i[24] = 0; + pw.i[25] = 0; + pw.i[26] = 0; + pw.i[27] = 0; + pw.i[28] = 0; + pw.i[29] = 0; + pw.i[30] = 0; + pw.i[31] = 0; + pw.i[32] = 0; + pw.i[33] = 0; + pw.i[34] = 0; + pw.i[35] = 0; + pw.i[36] = 0; + pw.i[37] = 0; + pw.i[38] = 0; + pw.i[39] = 0; + pw.i[40] = 0; + pw.i[41] = 0; + pw.i[42] = 0; + pw.i[43] = 0; + pw.i[44] = 0; + pw.i[45] = 0; + pw.i[46] = 0; + pw.i[47] = 0; + pw.i[48] = 0; + pw.i[49] = 0; + pw.i[50] = 0; + pw.i[51] = 0; + pw.i[52] = 0; + pw.i[53] = 0; + pw.i[54] = 0; + pw.i[55] = 0; + pw.i[56] = 0; + pw.i[57] = 0; + pw.i[58] = 0; + pw.i[59] = 0; + pw.i[60] = 0; + pw.i[61] = 0; + pw.i[62] = 0; + pw.i[63] = 0; - pws_buf_l[gid].pw_len = pw_l_len + pw_r_len; + pw.pw_len = pw_l_len + pw_r_len; + + generate_pw (pw.i, root_css_buf, markov_css_buf, pw_l_len, pw_r_len, mask80, bits14, bits15, off + gid); + + pws_buf_l[gid] = pw; } KERNEL_FQ void r_markov (GLOBAL_AS bf_t *pws_buf_r, GLOBAL_AS const cs_t *root_css_buf, GLOBAL_AS const cs_t *markov_css_buf, const u64 off, const u32 pw_r_len, const u32 mask80, const u32 bits14, const u32 bits15, const u64 gid_max) @@ -71,11 +133,76 @@ KERNEL_FQ void r_markov (GLOBAL_AS bf_t *pws_buf_r, GLOBAL_AS const cs_t *root_c if (gid >= gid_max) return; - u32 pw_buf[64] = { 0 }; + pw_t pw; - generate_pw (pw_buf, root_css_buf, markov_css_buf, pw_r_len, 0, 0, 0, 0, off + gid); + pw.i[ 0] = 0; + pw.i[ 1] = 0; + pw.i[ 2] = 0; + pw.i[ 3] = 0; + pw.i[ 4] = 0; + pw.i[ 5] = 0; + pw.i[ 6] = 0; + pw.i[ 7] = 0; + pw.i[ 8] = 0; + pw.i[ 9] = 0; + pw.i[10] = 0; + pw.i[11] = 0; + pw.i[12] = 0; + pw.i[13] = 0; + pw.i[14] = 0; + pw.i[15] = 0; + pw.i[16] = 0; + pw.i[17] = 0; + pw.i[18] = 0; + pw.i[19] = 0; + pw.i[20] = 0; + pw.i[21] = 0; + pw.i[22] = 0; + pw.i[23] = 0; + pw.i[24] = 0; + pw.i[25] = 0; + pw.i[26] = 0; + pw.i[27] = 0; + pw.i[28] = 0; + pw.i[29] = 0; + pw.i[30] = 0; + pw.i[31] = 0; + pw.i[32] = 0; + pw.i[33] = 0; + pw.i[34] = 0; + pw.i[35] = 0; + pw.i[36] = 0; + pw.i[37] = 0; + pw.i[38] = 0; + pw.i[39] = 0; + pw.i[40] = 0; + pw.i[41] = 0; + pw.i[42] = 0; + pw.i[43] = 0; + pw.i[44] = 0; + pw.i[45] = 0; + pw.i[46] = 0; + pw.i[47] = 0; + pw.i[48] = 0; + pw.i[49] = 0; + pw.i[50] = 0; + pw.i[51] = 0; + pw.i[52] = 0; + pw.i[53] = 0; + pw.i[54] = 0; + pw.i[55] = 0; + pw.i[56] = 0; + pw.i[57] = 0; + pw.i[58] = 0; + pw.i[59] = 0; + pw.i[60] = 0; + pw.i[61] = 0; + pw.i[62] = 0; + pw.i[63] = 0; - pws_buf_r[gid].i = pw_buf[0]; + generate_pw (pw.i, root_css_buf, markov_css_buf, pw_r_len, 0, 0, 0, 0, off + gid); + + pws_buf_r[gid].i = pw.i[0]; } KERNEL_FQ void C_markov (GLOBAL_AS pw_t *pws_buf, GLOBAL_AS const cs_t *root_css_buf, GLOBAL_AS const cs_t *markov_css_buf, const u64 off, const u32 pw_len, const u32 mask80, const u32 bits14, const u32 bits15, const u64 gid_max) @@ -84,15 +211,76 @@ KERNEL_FQ void C_markov (GLOBAL_AS pw_t *pws_buf, GLOBAL_AS const cs_t *root_css if (gid >= gid_max) return; - u32 pw_buf[64] = { 0 }; + pw_t pw; - generate_pw (pw_buf, root_css_buf, markov_css_buf, pw_len, 0, mask80, bits14, bits15, off + gid); + pw.i[ 0] = 0; + pw.i[ 1] = 0; + pw.i[ 2] = 0; + pw.i[ 3] = 0; + pw.i[ 4] = 0; + pw.i[ 5] = 0; + pw.i[ 6] = 0; + pw.i[ 7] = 0; + pw.i[ 8] = 0; + pw.i[ 9] = 0; + pw.i[10] = 0; + pw.i[11] = 0; + pw.i[12] = 0; + pw.i[13] = 0; + pw.i[14] = 0; + pw.i[15] = 0; + pw.i[16] = 0; + pw.i[17] = 0; + pw.i[18] = 0; + pw.i[19] = 0; + pw.i[20] = 0; + pw.i[21] = 0; + pw.i[22] = 0; + pw.i[23] = 0; + pw.i[24] = 0; + pw.i[25] = 0; + pw.i[26] = 0; + pw.i[27] = 0; + pw.i[28] = 0; + pw.i[29] = 0; + pw.i[30] = 0; + pw.i[31] = 0; + pw.i[32] = 0; + pw.i[33] = 0; + pw.i[34] = 0; + pw.i[35] = 0; + pw.i[36] = 0; + pw.i[37] = 0; + pw.i[38] = 0; + pw.i[39] = 0; + pw.i[40] = 0; + pw.i[41] = 0; + pw.i[42] = 0; + pw.i[43] = 0; + pw.i[44] = 0; + pw.i[45] = 0; + pw.i[46] = 0; + pw.i[47] = 0; + pw.i[48] = 0; + pw.i[49] = 0; + pw.i[50] = 0; + pw.i[51] = 0; + pw.i[52] = 0; + pw.i[53] = 0; + pw.i[54] = 0; + pw.i[55] = 0; + pw.i[56] = 0; + pw.i[57] = 0; + pw.i[58] = 0; + pw.i[59] = 0; + pw.i[60] = 0; + pw.i[61] = 0; + pw.i[62] = 0; + pw.i[63] = 0; - #pragma unroll - for (int idx = 0; idx < 64; idx++) - { - pws_buf[gid].i[idx] = pw_buf[idx]; - } + pw.pw_len = pw_len; - pws_buf[gid].pw_len = pw_len; + generate_pw (pw.i, root_css_buf, markov_css_buf, pw_len, 0, mask80, bits14, bits15, off + gid); + + pws_buf[gid] = pw; } diff --git a/OpenCL/markov_le.cl b/OpenCL/markov_le.cl index f1feb7819..530b8acc4 100644 --- a/OpenCL/markov_le.cl +++ b/OpenCL/markov_le.cl @@ -52,17 +52,78 @@ KERNEL_FQ void l_markov (GLOBAL_AS pw_t *pws_buf_l, GLOBAL_AS const cs_t *root_c if (gid >= gid_max) return; - u32 pw_buf[64] = { 0 }; + pw_t pw; - generate_pw (pw_buf, root_css_buf, markov_css_buf, pw_l_len, pw_r_len, mask80, bits14, bits15, off + gid); + pw.i[ 0] = 0; + pw.i[ 1] = 0; + pw.i[ 2] = 0; + pw.i[ 3] = 0; + pw.i[ 4] = 0; + pw.i[ 5] = 0; + pw.i[ 6] = 0; + pw.i[ 7] = 0; + pw.i[ 8] = 0; + pw.i[ 9] = 0; + pw.i[10] = 0; + pw.i[11] = 0; + pw.i[12] = 0; + pw.i[13] = 0; + pw.i[14] = 0; + pw.i[15] = 0; + pw.i[16] = 0; + pw.i[17] = 0; + pw.i[18] = 0; + pw.i[19] = 0; + pw.i[20] = 0; + pw.i[21] = 0; + pw.i[22] = 0; + pw.i[23] = 0; + pw.i[24] = 0; + pw.i[25] = 0; + pw.i[26] = 0; + pw.i[27] = 0; + pw.i[28] = 0; + pw.i[29] = 0; + pw.i[30] = 0; + pw.i[31] = 0; + pw.i[32] = 0; + pw.i[33] = 0; + pw.i[34] = 0; + pw.i[35] = 0; + pw.i[36] = 0; + pw.i[37] = 0; + pw.i[38] = 0; + pw.i[39] = 0; + pw.i[40] = 0; + pw.i[41] = 0; + pw.i[42] = 0; + pw.i[43] = 0; + pw.i[44] = 0; + pw.i[45] = 0; + pw.i[46] = 0; + pw.i[47] = 0; + pw.i[48] = 0; + pw.i[49] = 0; + pw.i[50] = 0; + pw.i[51] = 0; + pw.i[52] = 0; + pw.i[53] = 0; + pw.i[54] = 0; + pw.i[55] = 0; + pw.i[56] = 0; + pw.i[57] = 0; + pw.i[58] = 0; + pw.i[59] = 0; + pw.i[60] = 0; + pw.i[61] = 0; + pw.i[62] = 0; + pw.i[63] = 0; - #pragma unroll - for (int idx = 0; idx < 64; idx++) - { - pws_buf_l[gid].i[idx] = pw_buf[idx]; - } + pw.pw_len = pw_l_len + pw_r_len; - pws_buf_l[gid].pw_len = pw_l_len + pw_r_len; + generate_pw (pw.i, root_css_buf, markov_css_buf, pw_l_len, pw_r_len, mask80, bits14, bits15, off + gid); + + pws_buf_l[gid] = pw; } KERNEL_FQ void r_markov (GLOBAL_AS bf_t *pws_buf_r, GLOBAL_AS const cs_t *root_css_buf, GLOBAL_AS const cs_t *markov_css_buf, const u64 off, const u32 pw_r_len, const u32 mask80, const u32 bits14, const u32 bits15, const u64 gid_max) @@ -71,11 +132,76 @@ KERNEL_FQ void r_markov (GLOBAL_AS bf_t *pws_buf_r, GLOBAL_AS const cs_t *root_c if (gid >= gid_max) return; - u32 pw_buf[64] = { 0 }; + pw_t pw; - generate_pw (pw_buf, root_css_buf, markov_css_buf, pw_r_len, 0, 0, 0, 0, off + gid); + pw.i[ 0] = 0; + pw.i[ 1] = 0; + pw.i[ 2] = 0; + pw.i[ 3] = 0; + pw.i[ 4] = 0; + pw.i[ 5] = 0; + pw.i[ 6] = 0; + pw.i[ 7] = 0; + pw.i[ 8] = 0; + pw.i[ 9] = 0; + pw.i[10] = 0; + pw.i[11] = 0; + pw.i[12] = 0; + pw.i[13] = 0; + pw.i[14] = 0; + pw.i[15] = 0; + pw.i[16] = 0; + pw.i[17] = 0; + pw.i[18] = 0; + pw.i[19] = 0; + pw.i[20] = 0; + pw.i[21] = 0; + pw.i[22] = 0; + pw.i[23] = 0; + pw.i[24] = 0; + pw.i[25] = 0; + pw.i[26] = 0; + pw.i[27] = 0; + pw.i[28] = 0; + pw.i[29] = 0; + pw.i[30] = 0; + pw.i[31] = 0; + pw.i[32] = 0; + pw.i[33] = 0; + pw.i[34] = 0; + pw.i[35] = 0; + pw.i[36] = 0; + pw.i[37] = 0; + pw.i[38] = 0; + pw.i[39] = 0; + pw.i[40] = 0; + pw.i[41] = 0; + pw.i[42] = 0; + pw.i[43] = 0; + pw.i[44] = 0; + pw.i[45] = 0; + pw.i[46] = 0; + pw.i[47] = 0; + pw.i[48] = 0; + pw.i[49] = 0; + pw.i[50] = 0; + pw.i[51] = 0; + pw.i[52] = 0; + pw.i[53] = 0; + pw.i[54] = 0; + pw.i[55] = 0; + pw.i[56] = 0; + pw.i[57] = 0; + pw.i[58] = 0; + pw.i[59] = 0; + pw.i[60] = 0; + pw.i[61] = 0; + pw.i[62] = 0; + pw.i[63] = 0; - pws_buf_r[gid].i = pw_buf[0]; + generate_pw (pw.i, root_css_buf, markov_css_buf, pw_r_len, 0, 0, 0, 0, off + gid); + + pws_buf_r[gid].i = pw.i[0]; } KERNEL_FQ void C_markov (GLOBAL_AS pw_t *pws_buf, GLOBAL_AS const cs_t *root_css_buf, GLOBAL_AS const cs_t *markov_css_buf, const u64 off, const u32 pw_len, const u32 mask80, const u32 bits14, const u32 bits15, const u64 gid_max) @@ -84,15 +210,76 @@ KERNEL_FQ void C_markov (GLOBAL_AS pw_t *pws_buf, GLOBAL_AS const cs_t *root_css if (gid >= gid_max) return; - u32 pw_buf[64] = { 0 }; + pw_t pw; - generate_pw (pw_buf, root_css_buf, markov_css_buf, pw_len, 0, mask80, bits14, bits15, off + gid); + pw.i[ 0] = 0; + pw.i[ 1] = 0; + pw.i[ 2] = 0; + pw.i[ 3] = 0; + pw.i[ 4] = 0; + pw.i[ 5] = 0; + pw.i[ 6] = 0; + pw.i[ 7] = 0; + pw.i[ 8] = 0; + pw.i[ 9] = 0; + pw.i[10] = 0; + pw.i[11] = 0; + pw.i[12] = 0; + pw.i[13] = 0; + pw.i[14] = 0; + pw.i[15] = 0; + pw.i[16] = 0; + pw.i[17] = 0; + pw.i[18] = 0; + pw.i[19] = 0; + pw.i[20] = 0; + pw.i[21] = 0; + pw.i[22] = 0; + pw.i[23] = 0; + pw.i[24] = 0; + pw.i[25] = 0; + pw.i[26] = 0; + pw.i[27] = 0; + pw.i[28] = 0; + pw.i[29] = 0; + pw.i[30] = 0; + pw.i[31] = 0; + pw.i[32] = 0; + pw.i[33] = 0; + pw.i[34] = 0; + pw.i[35] = 0; + pw.i[36] = 0; + pw.i[37] = 0; + pw.i[38] = 0; + pw.i[39] = 0; + pw.i[40] = 0; + pw.i[41] = 0; + pw.i[42] = 0; + pw.i[43] = 0; + pw.i[44] = 0; + pw.i[45] = 0; + pw.i[46] = 0; + pw.i[47] = 0; + pw.i[48] = 0; + pw.i[49] = 0; + pw.i[50] = 0; + pw.i[51] = 0; + pw.i[52] = 0; + pw.i[53] = 0; + pw.i[54] = 0; + pw.i[55] = 0; + pw.i[56] = 0; + pw.i[57] = 0; + pw.i[58] = 0; + pw.i[59] = 0; + pw.i[60] = 0; + pw.i[61] = 0; + pw.i[62] = 0; + pw.i[63] = 0; - #pragma unroll - for (int idx = 0; idx < 64; idx++) - { - pws_buf[gid].i[idx] = pw_buf[idx]; - } + pw.pw_len = pw_len; - pws_buf[gid].pw_len = pw_len; + generate_pw (pw.i, root_css_buf, markov_css_buf, pw_len, 0, mask80, bits14, bits15, off + gid); + + pws_buf[gid] = pw; } diff --git a/OpenCL/shared.cl b/OpenCL/shared.cl index 30df353ef..47c37c3c6 100644 --- a/OpenCL/shared.cl +++ b/OpenCL/shared.cl @@ -10,26 +10,87 @@ #include "inc_common.cl" #endif -DECLSPEC void gpu_decompress_entry (GLOBAL_AS pw_idx_t *pws_idx, GLOBAL_AS u32 *pws_comp, pw_t *pw, const u64 gid) +DECLSPEC void gpu_decompress_entry (GLOBAL_AS pw_idx_t *pws_idx, GLOBAL_AS u32 *pws_comp, pw_t *buf, const u64 gid) { const u32 off = pws_idx[gid].off; const u32 cnt = pws_idx[gid].cnt; const u32 len = pws_idx[gid].len; - #ifdef _unroll - #pragma unroll - #endif - for (u32 i = 0; i < 64; i++) - { - pw->i[i] = 0; - } + pw_t pw; + + pw.i[ 0] = 0; + pw.i[ 1] = 0; + pw.i[ 2] = 0; + pw.i[ 3] = 0; + pw.i[ 4] = 0; + pw.i[ 5] = 0; + pw.i[ 6] = 0; + pw.i[ 7] = 0; + pw.i[ 8] = 0; + pw.i[ 9] = 0; + pw.i[10] = 0; + pw.i[11] = 0; + pw.i[12] = 0; + pw.i[13] = 0; + pw.i[14] = 0; + pw.i[15] = 0; + pw.i[16] = 0; + pw.i[17] = 0; + pw.i[18] = 0; + pw.i[19] = 0; + pw.i[20] = 0; + pw.i[21] = 0; + pw.i[22] = 0; + pw.i[23] = 0; + pw.i[24] = 0; + pw.i[25] = 0; + pw.i[26] = 0; + pw.i[27] = 0; + pw.i[28] = 0; + pw.i[29] = 0; + pw.i[30] = 0; + pw.i[31] = 0; + pw.i[32] = 0; + pw.i[33] = 0; + pw.i[34] = 0; + pw.i[35] = 0; + pw.i[36] = 0; + pw.i[37] = 0; + pw.i[38] = 0; + pw.i[39] = 0; + pw.i[40] = 0; + pw.i[41] = 0; + pw.i[42] = 0; + pw.i[43] = 0; + pw.i[44] = 0; + pw.i[45] = 0; + pw.i[46] = 0; + pw.i[47] = 0; + pw.i[48] = 0; + pw.i[49] = 0; + pw.i[50] = 0; + pw.i[51] = 0; + pw.i[52] = 0; + pw.i[53] = 0; + pw.i[54] = 0; + pw.i[55] = 0; + pw.i[56] = 0; + pw.i[57] = 0; + pw.i[58] = 0; + pw.i[59] = 0; + pw.i[60] = 0; + pw.i[61] = 0; + pw.i[62] = 0; + pw.i[63] = 0; + + pw.pw_len = len; for (u32 i = 0, j = off; i < cnt; i++, j++) { - pw->i[i] = pws_comp[j]; + pw.i[i] = pws_comp[j]; } - pw->pw_len = len; + *buf = pw; } KERNEL_FQ void gpu_decompress (GLOBAL_AS pw_idx_t *pws_idx, GLOBAL_AS u32 *pws_comp, GLOBAL_AS pw_t *pws_buf, const u64 gid_max) From 9f9ed78ca7d05b3b68e4d7dceb1db7339cc9e743 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 4 Mar 2020 15:19:55 +0100 Subject: [PATCH 269/300] Fix -m 7800 and -m 7801 on CPU --- OpenCL/m07800_a0-optimized.cl | 4 ++-- OpenCL/m07800_a1-optimized.cl | 4 ++-- OpenCL/m07800_a3-optimized.cl | 8 ++++---- OpenCL/m07801_a0-optimized.cl | 4 ++-- OpenCL/m07801_a1-optimized.cl | 4 ++-- OpenCL/m07801_a3-optimized.cl | 8 ++++---- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/OpenCL/m07800_a0-optimized.cl b/OpenCL/m07800_a0-optimized.cl index 92f46097c..8f921f42f 100644 --- a/OpenCL/m07800_a0-optimized.cl +++ b/OpenCL/m07800_a0-optimized.cl @@ -152,7 +152,7 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_RULES ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif @@ -457,7 +457,7 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_RULES ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif diff --git a/OpenCL/m07800_a1-optimized.cl b/OpenCL/m07800_a1-optimized.cl index 1449476e8..5b43a174d 100644 --- a/OpenCL/m07800_a1-optimized.cl +++ b/OpenCL/m07800_a1-optimized.cl @@ -150,7 +150,7 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif @@ -519,7 +519,7 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif diff --git a/OpenCL/m07800_a3-optimized.cl b/OpenCL/m07800_a3-optimized.cl index fd58ed661..a5370badb 100644 --- a/OpenCL/m07800_a3-optimized.cl +++ b/OpenCL/m07800_a3-optimized.cl @@ -626,7 +626,7 @@ KERNEL_FQ void m07800_m04 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif @@ -711,7 +711,7 @@ KERNEL_FQ void m07800_m08 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif @@ -800,7 +800,7 @@ KERNEL_FQ void m07800_s04 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif @@ -885,7 +885,7 @@ KERNEL_FQ void m07800_s08 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif diff --git a/OpenCL/m07801_a0-optimized.cl b/OpenCL/m07801_a0-optimized.cl index c464d83dc..ba695ee76 100644 --- a/OpenCL/m07801_a0-optimized.cl +++ b/OpenCL/m07801_a0-optimized.cl @@ -152,7 +152,7 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_RULES ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif @@ -457,7 +457,7 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_RULES ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif diff --git a/OpenCL/m07801_a1-optimized.cl b/OpenCL/m07801_a1-optimized.cl index 4cc78528f..96c5a9e73 100644 --- a/OpenCL/m07801_a1-optimized.cl +++ b/OpenCL/m07801_a1-optimized.cl @@ -150,7 +150,7 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif @@ -519,7 +519,7 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif diff --git a/OpenCL/m07801_a3-optimized.cl b/OpenCL/m07801_a3-optimized.cl index f1a03c6fd..7c3d987f6 100644 --- a/OpenCL/m07801_a3-optimized.cl +++ b/OpenCL/m07801_a3-optimized.cl @@ -626,7 +626,7 @@ KERNEL_FQ void m07801_m04 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif @@ -711,7 +711,7 @@ KERNEL_FQ void m07801_m08 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif @@ -800,7 +800,7 @@ KERNEL_FQ void m07801_s04 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif @@ -885,7 +885,7 @@ KERNEL_FQ void m07801_s08 (KERN_ATTR_BASIC ()) #else - CONSTANT_AS u32a *s_theMagicArray = theMagicArray; + CONSTANT_AS u32a (*s_theMagicArray)[16] = theMagicArray; #endif From a4db1a0abd47fb27d50b2ad6b5c86a3eefcfc848 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 5 Mar 2020 12:43:48 +0100 Subject: [PATCH 270/300] Remove unused OPTS_TYPE_ST_HASH_MD5 --- include/types.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/types.h b/include/types.h index fabf9f063..a0f800ed2 100644 --- a/include/types.h +++ b/include/types.h @@ -407,7 +407,6 @@ typedef enum opts_type OPTS_TYPE_ST_ADDBITS15 = (1ULL << 24), OPTS_TYPE_ST_HEX = (1ULL << 25), OPTS_TYPE_ST_BASE64 = (1ULL << 26), - OPTS_TYPE_ST_HASH_MD5 = (1ULL << 27), OPTS_TYPE_HASH_COPY = (1ULL << 28), OPTS_TYPE_HASH_SPLIT = (1ULL << 29), OPTS_TYPE_LOOP_EXTENDED = (1ULL << 30), // a kernel which is called each time normal _loop kernel finished. From f8f5e1cc931b3fcc051b4fb8f047e03394f8a003 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 6 Mar 2020 08:53:43 +0100 Subject: [PATCH 271/300] Remove unused OPTS_TYPE_PREFERED_THREAD --- include/types.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/types.h b/include/types.h index a0f800ed2..a17f9d10f 100644 --- a/include/types.h +++ b/include/types.h @@ -420,7 +420,6 @@ typedef enum opts_type OPTS_TYPE_AUX3 = (1ULL << 37), OPTS_TYPE_AUX4 = (1ULL << 38), OPTS_TYPE_BINARY_HASHFILE = (1ULL << 39), - OPTS_TYPE_PREFERED_THREAD = (1ULL << 40), // some algorithms (complicated ones with many branches) benefit from this OPTS_TYPE_PT_ADD06 = (1ULL << 41), OPTS_TYPE_KEYBOARD_MAPPING = (1ULL << 42), OPTS_TYPE_DEEP_COMP_KERNEL = (1ULL << 43), // if we have to iterate through each hash inside the comp kernel, for example if each hash has to be decrypted separately From 7f55f69d7fe3bd8efaf7b8244be16066f4034167 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Fri, 6 Mar 2020 11:49:22 +0100 Subject: [PATCH 272/300] solve telegram format conflict with jtr --- src/modules/module_22301.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/modules/module_22301.c b/src/modules/module_22301.c index 9f87465c7..cda57a6e7 100644 --- a/src/modules/module_22301.c +++ b/src/modules/module_22301.c @@ -27,7 +27,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_BE; static const u32 SALT_TYPE = SALT_TYPE_GENERIC; static const char *ST_PASS = "hashcat"; -static const char *ST_HASH = "$telegram$1*518c001aeb3b4ae96c6173be4cebe60a85f67b1e087b045935849e2f815b5e41*25184098058621950709328221838128"; +static const char *ST_HASH = "$telegram$0*518c001aeb3b4ae96c6173be4cebe60a85f67b1e087b045935849e2f815b5e41*25184098058621950709328221838128"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } @@ -84,7 +84,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *version_pos = token.buf[1]; - if (version_pos[0] != '1') return (PARSER_SALT_VALUE); + if (version_pos[0] != '0') return (PARSER_SALT_VALUE); const u8 *hash_pos = token.buf[2]; @@ -162,7 +162,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const int line_len = snprintf (line_buf, line_size, "%s%i*%08x%08x%08x%08x%08x%08x%08x%08x*%08x%08x%08x%08x", SIGNATURE_TELEGRAM, - 1, + 0, tmp[0], tmp[1], tmp[2], From eb46c829983849c81df2c9ebfa4d35d2683ca266 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Fri, 6 Mar 2020 11:50:16 +0100 Subject: [PATCH 273/300] tests: solve telegram format conflict with jtr --- tools/test_modules/m22301.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/test_modules/m22301.pm b/tools/test_modules/m22301.pm index 6a3a32e79..6c708d513 100644 --- a/tools/test_modules/m22301.pm +++ b/tools/test_modules/m22301.pm @@ -21,7 +21,7 @@ sub module_generate_hash my $digest = sha256_hex ($salt_bin . $word . $salt_bin); - my $hash = sprintf ("\$telegram\$1*%s*%s", $digest, $salt); + my $hash = sprintf ("\$telegram\$0*%s*%s", $digest, $salt); return $hash; } @@ -40,7 +40,7 @@ sub module_verify_hash my $version = substr ($data[0], 10); - return unless ($version eq "1"); + return unless ($version eq "0"); my $digest = $data[1]; my $salt = $data[2]; From fa4b521d484d7ced67376ade7f1b97ab93115ac7 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 6 Mar 2020 13:31:32 +0100 Subject: [PATCH 274/300] Add unpack_v8x_from_v32 for vector datatypes, update -m 200 --- OpenCL/inc_common.cl | 188 +++++++++++++++++++++++ OpenCL/inc_common.h | 5 + OpenCL/m00200_a0-optimized.cl | 40 ++--- OpenCL/m00200_a1-optimized.cl | 42 +++--- OpenCL/m00200_a3-optimized.cl | 272 ++++++++++++++-------------------- 5 files changed, 347 insertions(+), 200 deletions(-) diff --git a/OpenCL/inc_common.cl b/OpenCL/inc_common.cl index 6a7373867..407a24ef6 100644 --- a/OpenCL/inc_common.cl +++ b/OpenCL/inc_common.cl @@ -490,6 +490,194 @@ DECLSPEC u64 v64_from_v32ab_S (const u32 v32a, const u32 v32b) // unpack function are similar, but always return u32 +DECLSPEC u32x unpack_v8a_from_v32 (const u32x v32) +{ + u32x r = 0; + + #if defined IS_NV && HAS_BFE == 1 + + #if VECT_SIZE == 1 + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r) : "r"(v32)); + #endif + + #if VECT_SIZE >= 2 + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.s0) : "r"(v32.s0)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.s1) : "r"(v32.s1)); + #endif + + #if VECT_SIZE >= 4 + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.s2) : "r"(v32.s2)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.s3) : "r"(v32.s3)); + #endif + + #if VECT_SIZE >= 8 + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.s4) : "r"(v32.s4)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.s5) : "r"(v32.s5)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.s6) : "r"(v32.s6)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.s7) : "r"(v32.s7)); + #endif + + #if VECT_SIZE >= 16 + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.s8) : "r"(v32.s8)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.s9) : "r"(v32.s9)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.sa) : "r"(v32.sa)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.sb) : "r"(v32.sb)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.sc) : "r"(v32.sc)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.sd) : "r"(v32.sd)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.se) : "r"(v32.se)); + asm volatile ("bfe.u32 %0, %1, 0, 8;" : "=r"(r.sf) : "r"(v32.sf)); + #endif + + //#elif defined IS_AMD && HAS_VBFE == 1 + //__asm__ __volatile__ ("V_BFE_U32 %0, %1, 0, 8;" : "=v"(r) : "v"(v32)); + #else + r = (v32 >> 0) & 0xff; + #endif + + return r; +} + +DECLSPEC u32x unpack_v8b_from_v32 (const u32x v32) +{ + u32x r = 0; + + #if defined IS_NV && HAS_BFE == 1 + + #if VECT_SIZE == 1 + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r) : "r"(v32)); + #endif + + #if VECT_SIZE >= 2 + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.s0) : "r"(v32.s0)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.s1) : "r"(v32.s1)); + #endif + + #if VECT_SIZE >= 4 + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.s2) : "r"(v32.s2)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.s3) : "r"(v32.s3)); + #endif + + #if VECT_SIZE >= 8 + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.s4) : "r"(v32.s4)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.s5) : "r"(v32.s5)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.s6) : "r"(v32.s6)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.s7) : "r"(v32.s7)); + #endif + + #if VECT_SIZE >= 16 + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.s8) : "r"(v32.s8)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.s9) : "r"(v32.s9)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.sa) : "r"(v32.sa)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.sb) : "r"(v32.sb)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.sc) : "r"(v32.sc)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.sd) : "r"(v32.sd)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.se) : "r"(v32.se)); + asm volatile ("bfe.u32 %0, %1, 8, 8;" : "=r"(r.sf) : "r"(v32.sf)); + #endif + + //#elif defined IS_AMD && HAS_VBFE == 1 + //__asm__ __volatile__ ("V_BFE_U32 %0, %1, 8, 8;" : "=v"(r) : "v"(v32)); + #else + r = (v32 >> 8) & 0xff; + #endif + + return r; +} + +DECLSPEC u32x unpack_v8c_from_v32 (const u32x v32) +{ + u32x r = 0; + + #if defined IS_NV && HAS_BFE == 1 + + #if VECT_SIZE == 1 + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r) : "r"(v32)); + #endif + + #if VECT_SIZE >= 2 + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.s0) : "r"(v32.s0)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.s1) : "r"(v32.s1)); + #endif + + #if VECT_SIZE >= 4 + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.s2) : "r"(v32.s2)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.s3) : "r"(v32.s3)); + #endif + + #if VECT_SIZE >= 8 + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.s4) : "r"(v32.s4)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.s5) : "r"(v32.s5)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.s6) : "r"(v32.s6)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.s7) : "r"(v32.s7)); + #endif + + #if VECT_SIZE >= 16 + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.s8) : "r"(v32.s8)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.s9) : "r"(v32.s9)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.sa) : "r"(v32.sa)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.sb) : "r"(v32.sb)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.sc) : "r"(v32.sc)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.sd) : "r"(v32.sd)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.se) : "r"(v32.se)); + asm volatile ("bfe.u32 %0, %1, 16, 8;" : "=r"(r.sf) : "r"(v32.sf)); + #endif + + //#elif defined IS_AMD && HAS_VBFE == 1 + //__asm__ __volatile__ ("V_BFE_U32 %0, %1, 16, 8;" : "=v"(r) : "v"(v32)); + #else + r = (v32 >> 16) & 0xff; + #endif + + return r; +} + +DECLSPEC u32x unpack_v8d_from_v32 (const u32x v32) +{ + u32x r = 0; + + #if defined IS_NV && HAS_BFE == 1 + + #if VECT_SIZE == 1 + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r) : "r"(v32)); + #endif + + #if VECT_SIZE >= 2 + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.s0) : "r"(v32.s0)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.s1) : "r"(v32.s1)); + #endif + + #if VECT_SIZE >= 4 + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.s2) : "r"(v32.s2)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.s3) : "r"(v32.s3)); + #endif + + #if VECT_SIZE >= 8 + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.s4) : "r"(v32.s4)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.s5) : "r"(v32.s5)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.s6) : "r"(v32.s6)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.s7) : "r"(v32.s7)); + #endif + + #if VECT_SIZE >= 16 + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.s8) : "r"(v32.s8)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.s9) : "r"(v32.s9)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.sa) : "r"(v32.sa)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.sb) : "r"(v32.sb)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.sc) : "r"(v32.sc)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.sd) : "r"(v32.sd)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.se) : "r"(v32.se)); + asm volatile ("bfe.u32 %0, %1, 24, 8;" : "=r"(r.sf) : "r"(v32.sf)); + #endif + + //#elif defined IS_AMD && HAS_VBFE == 1 + //__asm__ __volatile__ ("V_BFE_U32 %0, %1, 24, 8;" : "=v"(r) : "v"(v32)); + #else + r = (v32 >> 24) & 0xff; + #endif + + return r; +} + DECLSPEC u32 unpack_v8a_from_v32_S (const u32 v32) { u32 r = 0; diff --git a/OpenCL/inc_common.h b/OpenCL/inc_common.h index 8715ae75e..07137297b 100644 --- a/OpenCL/inc_common.h +++ b/OpenCL/inc_common.h @@ -171,6 +171,11 @@ DECLSPEC u64 v64_from_v32ab_S (const u32 v32a, const u32 v32b); // inline asm packing +DECLSPEC u32x unpack_v8a_from_v32 (const u32x v32); +DECLSPEC u32x unpack_v8b_from_v32 (const u32x v32); +DECLSPEC u32x unpack_v8c_from_v32 (const u32x v32); +DECLSPEC u32x unpack_v8d_from_v32 (const u32x v32); + DECLSPEC u32 unpack_v8a_from_v32_S (const u32 v32); DECLSPEC u32 unpack_v8b_from_v32_S (const u32 v32); DECLSPEC u32 unpack_v8c_from_v32_S (const u32 v32); diff --git a/OpenCL/m00200_a0-optimized.cl b/OpenCL/m00200_a0-optimized.cl index c5d334f36..ab9071cb0 100644 --- a/OpenCL/m00200_a0-optimized.cl +++ b/OpenCL/m00200_a0-optimized.cl @@ -99,10 +99,10 @@ KERNEL_FQ void m00200_m04 (KERN_ATTR_RULES ()) { const u32x wj = w_t[j]; - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); - ROUND ((wj >> 16) & 0xff); - ROUND ((wj >> 24) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); + ROUND (unpack_v8c_from_v32 (wj)); + ROUND (unpack_v8d_from_v32 (wj)); } const u32x wj = w_t[j]; @@ -111,18 +111,18 @@ KERNEL_FQ void m00200_m04 (KERN_ATTR_RULES ()) if (left == 3) { - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); - ROUND ((wj >> 16) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); + ROUND (unpack_v8c_from_v32 (wj)); } else if (left == 2) { - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); } else if (left == 1) { - ROUND ((wj >> 0) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); } a &= 0x7fffffff; @@ -237,10 +237,10 @@ KERNEL_FQ void m00200_s04 (KERN_ATTR_RULES ()) { const u32x wj = w_t[j]; - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); - ROUND ((wj >> 16) & 0xff); - ROUND ((wj >> 24) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); + ROUND (unpack_v8c_from_v32 (wj)); + ROUND (unpack_v8d_from_v32 (wj)); } const u32x wj = w_t[j]; @@ -249,18 +249,18 @@ KERNEL_FQ void m00200_s04 (KERN_ATTR_RULES ()) if (left == 3) { - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); - ROUND ((wj >> 16) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); + ROUND (unpack_v8c_from_v32 (wj)); } else if (left == 2) { - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); } else if (left == 1) { - ROUND ((wj >> 0) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); } a &= 0x7fffffff; diff --git a/OpenCL/m00200_a1-optimized.cl b/OpenCL/m00200_a1-optimized.cl index 5589a386a..16b5054ab 100644 --- a/OpenCL/m00200_a1-optimized.cl +++ b/OpenCL/m00200_a1-optimized.cl @@ -142,6 +142,8 @@ KERNEL_FQ void m00200_m04 (KERN_ATTR_BASIC ()) u32x a = MYSQL323_A; u32x b = MYSQL323_B; + u32x c = 0; + u32x d = 0; u32x add = 7; @@ -159,10 +161,10 @@ KERNEL_FQ void m00200_m04 (KERN_ATTR_BASIC ()) { const u32x wj = w_t[j]; - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); - ROUND ((wj >> 16) & 0xff); - ROUND ((wj >> 24) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); + ROUND (unpack_v8c_from_v32 (wj)); + ROUND (unpack_v8d_from_v32 (wj)); } const u32x wj = w_t[j]; @@ -171,18 +173,18 @@ KERNEL_FQ void m00200_m04 (KERN_ATTR_BASIC ()) if (left == 3) { - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); - ROUND ((wj >> 16) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); + ROUND (unpack_v8c_from_v32 (wj)); } else if (left == 2) { - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); } else if (left == 1) { - ROUND ((wj >> 0) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); } a &= 0x7fffffff; @@ -361,10 +363,10 @@ KERNEL_FQ void m00200_s04 (KERN_ATTR_BASIC ()) { const u32x wj = w_t[j]; - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); - ROUND ((wj >> 16) & 0xff); - ROUND ((wj >> 24) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); + ROUND (unpack_v8c_from_v32 (wj)); + ROUND (unpack_v8d_from_v32 (wj)); } const u32x wj = w_t[j]; @@ -373,18 +375,18 @@ KERNEL_FQ void m00200_s04 (KERN_ATTR_BASIC ()) if (left == 3) { - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); - ROUND ((wj >> 16) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); + ROUND (unpack_v8c_from_v32 (wj)); } else if (left == 2) { - ROUND ((wj >> 0) & 0xff); - ROUND ((wj >> 8) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); + ROUND (unpack_v8b_from_v32 (wj)); } else if (left == 1) { - ROUND ((wj >> 0) & 0xff); + ROUND (unpack_v8a_from_v32 (wj)); } a &= 0x7fffffff; diff --git a/OpenCL/m00200_a3-optimized.cl b/OpenCL/m00200_a3-optimized.cl index 74a1c3234..1a9b72e39 100644 --- a/OpenCL/m00200_a3-optimized.cl +++ b/OpenCL/m00200_a3-optimized.cl @@ -42,10 +42,10 @@ { \ const u32 wj = w[j]; \ \ - ROUND ((wj >> 0) & 0xff); \ - ROUND ((wj >> 8) & 0xff); \ - ROUND ((wj >> 16) & 0xff); \ - ROUND ((wj >> 24) & 0xff); \ + ROUND (unpack_v8a_from_v32 (wj)); \ + ROUND (unpack_v8b_from_v32 (wj)); \ + ROUND (unpack_v8c_from_v32 (wj)); \ + ROUND (unpack_v8d_from_v32 (wj)); \ } \ \ const u32 wj = w[j]; \ @@ -54,18 +54,18 @@ \ if (left == 3) \ { \ - ROUND ((wj >> 0) & 0xff); \ - ROUND ((wj >> 8) & 0xff); \ - ROUND ((wj >> 16) & 0xff); \ + ROUND (unpack_v8a_from_v32 (wj)); \ + ROUND (unpack_v8b_from_v32 (wj)); \ + ROUND (unpack_v8c_from_v32 (wj)); \ } \ else if (left == 2) \ { \ - ROUND ((wj >> 0) & 0xff); \ - ROUND ((wj >> 8) & 0xff); \ + ROUND (unpack_v8a_from_v32 (wj)); \ + ROUND (unpack_v8b_from_v32 (wj)); \ } \ else if (left == 1) \ { \ - ROUND ((wj >> 0) & 0xff); \ + ROUND (unpack_v8a_from_v32 (wj)); \ } #define CODE_POST_M \ @@ -99,141 +99,123 @@ DECLSPEC void m00200m (u32 *w, const u32 pw_len, KERN_ATTR_VECTOR ()) const u64 gid = get_global_id (0); const u64 lid = get_local_id (0); + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[digests_offset].digest_buf[DGST_R0], + digests_buf[digests_offset].digest_buf[DGST_R1], + 0, + 0 + }; + /** * loop */ u32 w0l = w[0]; + CODE_PRE; + switch (pw_len) { case 1: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); break; case 2: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); break; case 3: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); break; case 4: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); break; case 5: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); break; case 6: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); break; case 7: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); break; case 8: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); break; case 9: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); break; case 10: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); break; case 11: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); break; case 12: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); ROUND ((w[2] >> 24) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); ROUND (unpack_v8d_from_v32 (w[2])); break; case 13: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); ROUND ((w[2] >> 24) & 0xff); - ROUND ((w[3] >> 0) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); ROUND (unpack_v8d_from_v32 (w[2])); + ROUND (unpack_v8a_from_v32 (w[3])); break; case 14: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); ROUND ((w[2] >> 24) & 0xff); - ROUND ((w[3] >> 0) & 0xff); ROUND ((w[3] >> 8) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); ROUND (unpack_v8d_from_v32 (w[2])); + ROUND (unpack_v8a_from_v32 (w[3])); ROUND (unpack_v8b_from_v32 (w[3])); break; case 15: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); ROUND ((w[2] >> 24) & 0xff); - ROUND ((w[3] >> 0) & 0xff); ROUND ((w[3] >> 8) & 0xff); ROUND ((w[3] >> 16) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); ROUND (unpack_v8d_from_v32 (w[2])); + ROUND (unpack_v8a_from_v32 (w[3])); ROUND (unpack_v8b_from_v32 (w[3])); ROUND (unpack_v8c_from_v32 (w[3])); break; case 16: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); ROUND ((w[2] >> 24) & 0xff); - ROUND ((w[3] >> 0) & 0xff); ROUND ((w[3] >> 8) & 0xff); ROUND ((w[3] >> 16) & 0xff); ROUND ((w[3] >> 24) & 0xff); - CODE_POST_M; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); ROUND (unpack_v8d_from_v32 (w[2])); + ROUND (unpack_v8a_from_v32 (w[3])); ROUND (unpack_v8b_from_v32 (w[3])); ROUND (unpack_v8c_from_v32 (w[3])); ROUND (unpack_v8d_from_v32 (w[3])); break; default: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); CODE_LOOP (pw_len - 4); - CODE_POST_M; break; } + + CODE_POST_M; } DECLSPEC void m00200s (u32 *w, const u32 pw_len, KERN_ATTR_VECTOR ()) @@ -263,135 +245,105 @@ DECLSPEC void m00200s (u32 *w, const u32 pw_len, KERN_ATTR_VECTOR ()) u32 w0l = w[0]; + CODE_PRE; + switch (pw_len) { case 1: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); break; case 2: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); break; case 3: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); break; case 4: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); break; case 5: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); break; case 6: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); break; case 7: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); break; case 8: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); break; case 9: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); break; case 10: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); break; case 11: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); break; case 12: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); ROUND ((w[2] >> 24) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); ROUND (unpack_v8d_from_v32 (w[2])); break; case 13: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); ROUND ((w[2] >> 24) & 0xff); - ROUND ((w[3] >> 0) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); ROUND (unpack_v8d_from_v32 (w[2])); + ROUND (unpack_v8a_from_v32 (w[3])); break; case 14: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); ROUND ((w[2] >> 24) & 0xff); - ROUND ((w[3] >> 0) & 0xff); ROUND ((w[3] >> 8) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); ROUND (unpack_v8d_from_v32 (w[2])); + ROUND (unpack_v8a_from_v32 (w[3])); ROUND (unpack_v8b_from_v32 (w[3])); break; case 15: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); ROUND ((w[2] >> 24) & 0xff); - ROUND ((w[3] >> 0) & 0xff); ROUND ((w[3] >> 8) & 0xff); ROUND ((w[3] >> 16) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); ROUND (unpack_v8d_from_v32 (w[2])); + ROUND (unpack_v8a_from_v32 (w[3])); ROUND (unpack_v8b_from_v32 (w[3])); ROUND (unpack_v8c_from_v32 (w[3])); break; case 16: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); - ROUND ((w[1] >> 0) & 0xff); ROUND ((w[1] >> 8) & 0xff); ROUND ((w[1] >> 16) & 0xff); ROUND ((w[1] >> 24) & 0xff); - ROUND ((w[2] >> 0) & 0xff); ROUND ((w[2] >> 8) & 0xff); ROUND ((w[2] >> 16) & 0xff); ROUND ((w[2] >> 24) & 0xff); - ROUND ((w[3] >> 0) & 0xff); ROUND ((w[3] >> 8) & 0xff); ROUND ((w[3] >> 16) & 0xff); ROUND ((w[3] >> 24) & 0xff); - CODE_POST_S; + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); + ROUND (unpack_v8a_from_v32 (w[1])); ROUND (unpack_v8b_from_v32 (w[1])); ROUND (unpack_v8c_from_v32 (w[1])); ROUND (unpack_v8d_from_v32 (w[1])); + ROUND (unpack_v8a_from_v32 (w[2])); ROUND (unpack_v8b_from_v32 (w[2])); ROUND (unpack_v8c_from_v32 (w[2])); ROUND (unpack_v8d_from_v32 (w[2])); + ROUND (unpack_v8a_from_v32 (w[3])); ROUND (unpack_v8b_from_v32 (w[3])); ROUND (unpack_v8c_from_v32 (w[3])); ROUND (unpack_v8d_from_v32 (w[3])); break; default: - CODE_PRE; - ROUND ((w0 >> 0) & 0xff); ROUND ((w0 >> 8) & 0xff); ROUND ((w0 >> 16) & 0xff); ROUND ((w0 >> 24) & 0xff); + ROUND (unpack_v8a_from_v32 ( w0)); ROUND (unpack_v8b_from_v32 ( w0)); ROUND (unpack_v8c_from_v32 ( w0)); ROUND (unpack_v8d_from_v32 ( w0)); CODE_LOOP (pw_len - 4); - CODE_POST_S; break; } + + CODE_POST_S; } KERNEL_FQ void m00200_m04 (KERN_ATTR_VECTOR ()) From fd06e407cfc362fa20549cc1ab063a0e020dc48b Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 6 Mar 2020 13:44:07 +0100 Subject: [PATCH 275/300] Remove #undef _unroll because _unroll is no longer the default --- OpenCL/m01500_a3-pure.cl | 1 - OpenCL/m03000_a3-pure.cl | 1 - OpenCL/m14000_a3-pure.cl | 1 - 3 files changed, 3 deletions(-) diff --git a/OpenCL/m01500_a3-pure.cl b/OpenCL/m01500_a3-pure.cl index 6c45f125b..a751c55fe 100644 --- a/OpenCL/m01500_a3-pure.cl +++ b/OpenCL/m01500_a3-pure.cl @@ -16,7 +16,6 @@ #define COMPARE_M "inc_comp_multi_bs.cl" #ifdef IS_NV -#undef _unroll #define KXX_DECL #endif diff --git a/OpenCL/m03000_a3-pure.cl b/OpenCL/m03000_a3-pure.cl index 67f29aa4e..27b5c5630 100644 --- a/OpenCL/m03000_a3-pure.cl +++ b/OpenCL/m03000_a3-pure.cl @@ -16,7 +16,6 @@ #define COMPARE_M "inc_comp_multi_bs.cl" #ifdef IS_NV -#undef _unroll #define KXX_DECL #endif diff --git a/OpenCL/m14000_a3-pure.cl b/OpenCL/m14000_a3-pure.cl index 253a6ee86..5f3abca84 100644 --- a/OpenCL/m14000_a3-pure.cl +++ b/OpenCL/m14000_a3-pure.cl @@ -16,7 +16,6 @@ #define COMPARE_M "inc_comp_multi_bs.cl" #ifdef IS_NV -#undef _unroll #define KXX_DECL #endif From 2fdb7ded8b5ec6e1ede4c602a42626a4b083f0a3 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 6 Mar 2020 14:09:38 +0100 Subject: [PATCH 276/300] Update self-test hash for -m 1500 --- src/modules/module_01500.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_01500.c b/src/modules/module_01500.c index d2b325339..77ab912d2 100644 --- a/src/modules/module_01500.c +++ b/src/modules/module_01500.c @@ -25,7 +25,7 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_TM_KERNEL; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = NULL; // the self-test can't work because the salt is not part of the code at compile-time -static const char *ST_HASH = "8133vc.5rieNk"; +static const char *ST_HASH = "24leDr0hHfb3A"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } From af1e5f111aa0164a36ae4bc56c427a63054613f0 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 6 Mar 2020 14:23:44 +0100 Subject: [PATCH 277/300] Add missing entry in changes.txt --- docs/changes.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changes.txt b/docs/changes.txt index dfea6fb71..34f830347 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -81,6 +81,7 @@ - Fixed cracking of Cisco-PIX and Cisco-ASA MD5 passwords in mask-attack mode if mask > length 16 - Fixed cracking of Electrum Wallet Salt-Type 2 hashes - Fixed cracking of NetNTLMv1 passwords in mask-attack mode if mask > length 16 (optimized kernels only) +- Fixed cracking of VeraCrypt Streebog-512 hashes (CPU only) - Fixed cracking raw Streebog-HMAC 256 and 512 hashes with password of length >= 64 - Fixed cracking raw Whirlpool hashes cracking with password of length >= 32 - Fixed incorrect progress-only result in a special race condition From 5b58cba12eec0dcb8a7e66a0ed7c15763184f18d Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 6 Mar 2020 14:34:41 +0100 Subject: [PATCH 278/300] Use _unroll in -m 5500 for CPU --- src/modules/module_05500.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/modules/module_05500.c b/src/modules/module_05500.c index 6a57ee25b..1ebabe097 100644 --- a/src/modules/module_05500.c +++ b/src/modules/module_05500.c @@ -79,6 +79,25 @@ static void transform_netntlmv1_key (const u8 *nthash, u8 *key) key[7] |= 0x01; } +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (netntlm_t); @@ -424,7 +443,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_hook23 = MODULE_DEFAULT; module_ctx->module_hook_salt_size = MODULE_DEFAULT; module_ctx->module_hook_size = MODULE_DEFAULT; - module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; module_ctx->module_jit_cache_disable = MODULE_DEFAULT; module_ctx->module_kernel_accel_max = MODULE_DEFAULT; module_ctx->module_kernel_accel_min = MODULE_DEFAULT; From b1d5f92c2d98a22f5cd156335a5d4ad7b4069db0 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 6 Mar 2020 15:48:01 +0100 Subject: [PATCH 279/300] Do not use __local keyword in -m 5500 for devices without real shared memory --- OpenCL/m05500_a0-optimized.cl | 22 +++++++++++-- OpenCL/m05500_a0-pure.cl | 22 +++++++++++-- OpenCL/m05500_a1-optimized.cl | 22 +++++++++++-- OpenCL/m05500_a1-pure.cl | 22 +++++++++++-- OpenCL/m05500_a3-optimized.cl | 62 ++++++++++++++++++++++++++++++++--- OpenCL/m05500_a3-pure.cl | 22 +++++++++++-- 6 files changed, 158 insertions(+), 14 deletions(-) diff --git a/OpenCL/m05500_a0-optimized.cl b/OpenCL/m05500_a0-optimized.cl index 6a5c8451c..03dfe4f7a 100644 --- a/OpenCL/m05500_a0-optimized.cl +++ b/OpenCL/m05500_a0-optimized.cl @@ -356,7 +356,7 @@ CONSTANT_VK u32a c_skb[8][64] = #define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) #endif -DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, LOCAL_AS u32 (*s_SPtrans)[64]) +DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, SHM_TYPE u32 (*s_SPtrans)[64]) { u32x r = data[0]; u32x l = data[1]; @@ -398,7 +398,7 @@ DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, LOCA iv[1] = r; } -DECLSPEC void _des_crypt_keysetup (u32x c, u32x d, u32x *Kc, u32x *Kd, LOCAL_AS u32 (*s_skb)[64]) +DECLSPEC void _des_crypt_keysetup (u32x c, u32x d, u32x *Kc, u32x *Kd, SHM_TYPE u32 (*s_skb)[64]) { u32x tt; @@ -516,6 +516,8 @@ KERNEL_FQ void m05500_m04 (KERN_ATTR_RULES ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -542,6 +544,13 @@ KERNEL_FQ void m05500_m04 (KERN_ATTR_RULES ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** @@ -729,6 +738,8 @@ KERNEL_FQ void m05500_s04 (KERN_ATTR_RULES ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -755,6 +766,13 @@ KERNEL_FQ void m05500_s04 (KERN_ATTR_RULES ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** diff --git a/OpenCL/m05500_a0-pure.cl b/OpenCL/m05500_a0-pure.cl index 7681eea15..ac9c30f35 100644 --- a/OpenCL/m05500_a0-pure.cl +++ b/OpenCL/m05500_a0-pure.cl @@ -356,7 +356,7 @@ CONSTANT_VK u32a c_skb[8][64] = #define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) #endif -DECLSPEC void _des_crypt_encrypt (u32 *iv, u32 *data, u32 *Kc, u32 *Kd, LOCAL_AS u32 (*s_SPtrans)[64]) +DECLSPEC void _des_crypt_encrypt (u32 *iv, u32 *data, u32 *Kc, u32 *Kd, SHM_TYPE u32 (*s_SPtrans)[64]) { u32 r = data[0]; u32 l = data[1]; @@ -398,7 +398,7 @@ DECLSPEC void _des_crypt_encrypt (u32 *iv, u32 *data, u32 *Kc, u32 *Kd, LOCAL_AS iv[1] = r; } -DECLSPEC void _des_crypt_keysetup (u32 c, u32 d, u32 *Kc, u32 *Kd, LOCAL_AS u32 (*s_skb)[64]) +DECLSPEC void _des_crypt_keysetup (u32 c, u32 d, u32 *Kc, u32 *Kd, SHM_TYPE u32 (*s_skb)[64]) { u32 tt; @@ -516,6 +516,8 @@ KERNEL_FQ void m05500_mxx (KERN_ATTR_RULES ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -542,6 +544,13 @@ KERNEL_FQ void m05500_mxx (KERN_ATTR_RULES ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** @@ -640,6 +649,8 @@ KERNEL_FQ void m05500_sxx (KERN_ATTR_RULES ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -666,6 +677,13 @@ KERNEL_FQ void m05500_sxx (KERN_ATTR_RULES ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** diff --git a/OpenCL/m05500_a1-optimized.cl b/OpenCL/m05500_a1-optimized.cl index d4ae2526a..39a7ed212 100644 --- a/OpenCL/m05500_a1-optimized.cl +++ b/OpenCL/m05500_a1-optimized.cl @@ -354,7 +354,7 @@ CONSTANT_VK u32a c_skb[8][64] = #define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) #endif -DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, LOCAL_AS u32 (*s_SPtrans)[64]) +DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, SHM_TYPE u32 (*s_SPtrans)[64]) { u32x r = data[0]; u32x l = data[1]; @@ -396,7 +396,7 @@ DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, LOCA iv[1] = r; } -DECLSPEC void _des_crypt_keysetup (u32x c, u32x d, u32x *Kc, u32x *Kd, LOCAL_AS u32 (*s_skb)[64]) +DECLSPEC void _des_crypt_keysetup (u32x c, u32x d, u32x *Kc, u32x *Kd, SHM_TYPE u32 (*s_skb)[64]) { u32x tt; @@ -514,6 +514,8 @@ KERNEL_FQ void m05500_m04 (KERN_ATTR_BASIC ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -540,6 +542,13 @@ KERNEL_FQ void m05500_m04 (KERN_ATTR_BASIC ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** @@ -780,6 +789,8 @@ KERNEL_FQ void m05500_s04 (KERN_ATTR_BASIC ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -806,6 +817,13 @@ KERNEL_FQ void m05500_s04 (KERN_ATTR_BASIC ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** diff --git a/OpenCL/m05500_a1-pure.cl b/OpenCL/m05500_a1-pure.cl index 28b5a627c..c53e12357 100644 --- a/OpenCL/m05500_a1-pure.cl +++ b/OpenCL/m05500_a1-pure.cl @@ -354,7 +354,7 @@ CONSTANT_VK u32a c_skb[8][64] = #define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) #endif -DECLSPEC void _des_crypt_encrypt (u32 *iv, u32 *data, u32 *Kc, u32 *Kd, LOCAL_AS u32 (*s_SPtrans)[64]) +DECLSPEC void _des_crypt_encrypt (u32 *iv, u32 *data, u32 *Kc, u32 *Kd, SHM_TYPE u32 (*s_SPtrans)[64]) { u32 r = data[0]; u32 l = data[1]; @@ -396,7 +396,7 @@ DECLSPEC void _des_crypt_encrypt (u32 *iv, u32 *data, u32 *Kc, u32 *Kd, LOCAL_AS iv[1] = r; } -DECLSPEC void _des_crypt_keysetup (u32 c, u32 d, u32 *Kc, u32 *Kd, LOCAL_AS u32 (*s_skb)[64]) +DECLSPEC void _des_crypt_keysetup (u32 c, u32 d, u32 *Kc, u32 *Kd, SHM_TYPE u32 (*s_skb)[64]) { u32 tt; @@ -514,6 +514,8 @@ KERNEL_FQ void m05500_mxx (KERN_ATTR_BASIC ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -540,6 +542,13 @@ KERNEL_FQ void m05500_mxx (KERN_ATTR_BASIC ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** @@ -636,6 +645,8 @@ KERNEL_FQ void m05500_sxx (KERN_ATTR_BASIC ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -662,6 +673,13 @@ KERNEL_FQ void m05500_sxx (KERN_ATTR_BASIC ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** diff --git a/OpenCL/m05500_a3-optimized.cl b/OpenCL/m05500_a3-optimized.cl index 90a3c3b14..a52b1cc7c 100644 --- a/OpenCL/m05500_a3-optimized.cl +++ b/OpenCL/m05500_a3-optimized.cl @@ -354,7 +354,7 @@ CONSTANT_VK u32a c_skb[8][64] = #define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) #endif -DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, LOCAL_AS u32 (*s_SPtrans)[64]) +DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, SHM_TYPE u32 (*s_SPtrans)[64]) { u32x r = data[0]; u32x l = data[1]; @@ -396,7 +396,7 @@ DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, LOCA iv[1] = r; } -DECLSPEC void _des_crypt_keysetup (u32x c, u32x d, u32x *Kc, u32x *Kd, LOCAL_AS u32 (*s_skb)[64]) +DECLSPEC void _des_crypt_keysetup (u32x c, u32x d, u32x *Kc, u32x *Kd, SHM_TYPE u32 (*s_skb)[64]) { u32x tt; @@ -500,7 +500,7 @@ DECLSPEC void transform_netntlmv1_key (const u32x w0, const u32x w1, u32x *out) | ((k[7] & 0xff) << 24); } -DECLSPEC void m05500m (LOCAL_AS u32 (*s_SPtrans)[64], LOCAL_AS u32 (*s_skb)[64], u32 *w, const u32 pw_len, KERN_ATTR_VECTOR ()) +DECLSPEC void m05500m (SHM_TYPE u32 (*s_SPtrans)[64], SHM_TYPE u32 (*s_skb)[64], u32 *w, const u32 pw_len, KERN_ATTR_VECTOR ()) { /** * modifier @@ -657,7 +657,7 @@ DECLSPEC void m05500m (LOCAL_AS u32 (*s_SPtrans)[64], LOCAL_AS u32 (*s_skb)[64], } } -DECLSPEC void m05500s (LOCAL_AS u32 (*s_SPtrans)[64], LOCAL_AS u32 (*s_skb)[64], u32 *w, const u32 pw_len, KERN_ATTR_VECTOR ()) +DECLSPEC void m05500s (SHM_TYPE u32 (*s_SPtrans)[64], SHM_TYPE u32 (*s_skb)[64], u32 *w, const u32 pw_len, KERN_ATTR_VECTOR ()) { /** * modifier @@ -847,6 +847,8 @@ KERNEL_FQ void m05500_m04 (KERN_ATTR_VECTOR ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -873,6 +875,13 @@ KERNEL_FQ void m05500_m04 (KERN_ATTR_VECTOR ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** @@ -921,6 +930,8 @@ KERNEL_FQ void m05500_m08 (KERN_ATTR_VECTOR ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -947,6 +958,13 @@ KERNEL_FQ void m05500_m08 (KERN_ATTR_VECTOR ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** @@ -995,6 +1013,8 @@ KERNEL_FQ void m05500_m16 (KERN_ATTR_VECTOR ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -1021,6 +1041,13 @@ KERNEL_FQ void m05500_m16 (KERN_ATTR_VECTOR ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** @@ -1069,6 +1096,8 @@ KERNEL_FQ void m05500_s04 (KERN_ATTR_VECTOR ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -1095,6 +1124,13 @@ KERNEL_FQ void m05500_s04 (KERN_ATTR_VECTOR ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** @@ -1143,6 +1179,8 @@ KERNEL_FQ void m05500_s08 (KERN_ATTR_VECTOR ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -1169,6 +1207,13 @@ KERNEL_FQ void m05500_s08 (KERN_ATTR_VECTOR ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** @@ -1217,6 +1262,8 @@ KERNEL_FQ void m05500_s16 (KERN_ATTR_VECTOR ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -1243,6 +1290,13 @@ KERNEL_FQ void m05500_s16 (KERN_ATTR_VECTOR ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** diff --git a/OpenCL/m05500_a3-pure.cl b/OpenCL/m05500_a3-pure.cl index 25e6392fb..e691330cd 100644 --- a/OpenCL/m05500_a3-pure.cl +++ b/OpenCL/m05500_a3-pure.cl @@ -354,7 +354,7 @@ CONSTANT_VK u32a c_skb[8][64] = #define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf]) #endif -DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, LOCAL_AS u32 (*s_SPtrans)[64]) +DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, SHM_TYPE u32 (*s_SPtrans)[64]) { u32x r = data[0]; u32x l = data[1]; @@ -396,7 +396,7 @@ DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, LOCA iv[1] = r; } -DECLSPEC void _des_crypt_keysetup (u32x c, u32x d, u32x *Kc, u32x *Kd, LOCAL_AS u32 (*s_skb)[64]) +DECLSPEC void _des_crypt_keysetup (u32x c, u32x d, u32x *Kc, u32x *Kd, SHM_TYPE u32 (*s_skb)[64]) { u32x tt; @@ -514,6 +514,8 @@ KERNEL_FQ void m05500_mxx (KERN_ATTR_VECTOR ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -540,6 +542,13 @@ KERNEL_FQ void m05500_mxx (KERN_ATTR_VECTOR ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** @@ -649,6 +658,8 @@ KERNEL_FQ void m05500_sxx (KERN_ATTR_VECTOR ()) * sbox, kbox */ + #ifdef REAL_SHM + LOCAL_VK u32 s_SPtrans[8][64]; LOCAL_VK u32 s_skb[8][64]; @@ -675,6 +686,13 @@ KERNEL_FQ void m05500_sxx (KERN_ATTR_VECTOR ()) SYNC_THREADS (); + #else + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + if (gid >= gid_max) return; /** From 125e9ec86389f9e1da396190fcb79414e1e7afc8 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 9 Mar 2020 11:13:43 +0100 Subject: [PATCH 280/300] Do not redirect stderr to /dev/null to prevent rocm 3.1 from crashing on debian --- src/backend.c | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/src/backend.c b/src/backend.c index de6ce9c5d..7e7caee89 100644 --- a/src/backend.c +++ b/src/backend.c @@ -369,32 +369,7 @@ static bool opencl_test_instruction (hashcat_ctx_t *hashcat_ctx, cl_context cont OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; - // LLVM seems to write an error message (if there's an error) directly to stderr - // and not (as supposted to) into buffer for later request using clGetProgramBuildInfo() - - #ifndef DEBUG - #ifndef _WIN - fflush (stderr); - int bak = fcntl(2, F_DUPFD_CLOEXEC); - int tmp = open ("/dev/null", O_WRONLY | O_CLOEXEC); - dup2 (tmp, 2); - close (tmp); - #endif - #endif - - int CL_rc = ocl->clBuildProgram (program, 1, &device, "-Werror", NULL, NULL); // do not use the wrapper to avoid the error message - - #ifndef DEBUG - #ifndef _WIN - fflush (stderr); - #ifndef __APPLE__ - dup3 (bak, 2, O_CLOEXEC); - #else - dup2 (bak, 2); - #endif - close (bak); - #endif - #endif + const int CL_rc = ocl->clBuildProgram (program, 1, &device, NULL, NULL, NULL); if (CL_rc != CL_SUCCESS) { From 3e4d110fd21271e1d2765fc7c47cbf0dc3d0f1b7 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 9 Mar 2020 20:05:23 +0100 Subject: [PATCH 281/300] Add stderr redirection the regular way --- src/backend.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/backend.c b/src/backend.c index 7e7caee89..b020825e9 100644 --- a/src/backend.c +++ b/src/backend.c @@ -369,8 +369,26 @@ static bool opencl_test_instruction (hashcat_ctx_t *hashcat_ctx, cl_context cont OCL_PTR *ocl = (OCL_PTR *) backend_ctx->ocl; + const int fd_stderr = fileno (stderr); + + #ifndef DEBUG + const int stderr_bak = dup (fd_stderr); + #ifdef _WIN + const int tmp = open ("NIL", O_WRONLY); + #else + const int tmp = open ("/dev/null", O_WRONLY); + #endif + dup2 (tmp, fd_stderr); + close (tmp); + #endif + const int CL_rc = ocl->clBuildProgram (program, 1, &device, NULL, NULL, NULL); + #ifndef DEBUG + dup2 (stderr_bak, fd_stderr); + close (stderr_bak); + #endif + if (CL_rc != CL_SUCCESS) { #if defined (DEBUG) From 8c3808bad5f5ff07b8428e98c84ae310a164e5f5 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 9 Mar 2020 20:12:36 +0100 Subject: [PATCH 282/300] Fix NUL filename on windows --- src/backend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend.c b/src/backend.c index b020825e9..1989359a9 100644 --- a/src/backend.c +++ b/src/backend.c @@ -374,7 +374,7 @@ static bool opencl_test_instruction (hashcat_ctx_t *hashcat_ctx, cl_context cont #ifndef DEBUG const int stderr_bak = dup (fd_stderr); #ifdef _WIN - const int tmp = open ("NIL", O_WRONLY); + const int tmp = open ("NUL", O_WRONLY); #else const int tmp = open ("/dev/null", O_WRONLY); #endif From d706f90a75d472a1dc2fe53083525d937ece472f Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 10 Mar 2020 15:42:55 +0100 Subject: [PATCH 283/300] Dictstat: On Windows, the st_ino attribute in the stat struct is not set which can lead to invalid cache hits. Added the filename to the database entry. --- docs/changes.txt | 1 + include/dictstat.h | 2 +- include/types.h | 2 ++ src/dictstat.c | 4 ++++ src/wordlist.c | 16 +++++++++++++++- 5 files changed, 23 insertions(+), 2 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 34f830347..160004738 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -108,6 +108,7 @@ - Building: Fix for library compilation failure due to multiple defenition of sbob_xx64() - Building: Updated BUILD.md - Cracking bcrypt and Password Safe v2: Use a feedback from the compute API backend to dynamically find out optimal thread count +- Dictstat: On Windows, the st_ino attribute in the stat struct is not set which can lead to invalid cache hits. Added the filename to the database entry. - Documents: Added README on how to build hashcat on MSYS2 - File handling: Print a truncation warning when an oversized line is detected - My Wallet: Added additional plaintext pattern used in newer versions diff --git a/include/dictstat.h b/include/dictstat.h index 4e79169b1..bfe8fe7b0 100644 --- a/include/dictstat.h +++ b/include/dictstat.h @@ -18,7 +18,7 @@ #define MAX_DICTSTAT 100000 #define DICTSTAT_FILENAME "hashcat.dictstat2" -#define DICTSTAT_VERSION (0x6863646963743200 | 0x01) +#define DICTSTAT_VERSION (0x6863646963743200 | 0x02) int sort_by_dictstat (const void *s1, const void *s2); diff --git a/include/types.h b/include/types.h index a17f9d10f..5ae4f2b0e 100644 --- a/include/types.h +++ b/include/types.h @@ -1656,6 +1656,8 @@ typedef struct dictstat char encoding_from[64]; char encoding_to[64]; + u8 hash_filename[16]; + } dictstat_t; typedef struct hashdump diff --git a/src/dictstat.c b/src/dictstat.c index 15830c68b..03736e74b 100644 --- a/src/dictstat.c +++ b/src/dictstat.c @@ -17,6 +17,10 @@ int sort_by_dictstat (const void *s1, const void *s2) const dictstat_t *d1 = (const dictstat_t *) s1; const dictstat_t *d2 = (const dictstat_t *) s2; + const int rc_hash = memcmp (d1->hash_filename, d2->hash_filename, 16); + + if (rc_hash != 0) return rc_hash; + const int rc_from = strcmp (d1->encoding_from, d2->encoding_from); if (rc_from != 0) return rc_from; diff --git a/src/wordlist.c b/src/wordlist.c index 380dfcf4d..651ff4d80 100644 --- a/src/wordlist.c +++ b/src/wordlist.c @@ -13,6 +13,7 @@ #include "rp_cpu.h" #include "shared.h" #include "wordlist.h" +#include "emu_inc_hash_sha1.h" size_t convert_from_hex (hashcat_ctx_t *hashcat_ctx, char *line_buf, const size_t line_len) { @@ -340,7 +341,7 @@ int count_words (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, const char *dictfile, u dictstat_t d; - d.cnt = 0; + memset (&d, 0, sizeof (d)); if (fstat (hc_fileno (fp), &d.stat)) { @@ -378,6 +379,19 @@ int count_words (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, const char *dictfile, u return 0; } + const size_t dictfile_len = strlen (dictfile); + + u32 *dictfile_padded = (u32 *) hcmalloc (dictfile_len + 64); // padding required for sha1_update() + + sha1_ctx_t sha1_ctx; + sha1_init (&sha1_ctx); + sha1_update (&sha1_ctx, dictfile_padded, dictfile_len); + sha1_final (&sha1_ctx); + + hcfree (dictfile_padded); + + memcpy (d.hash_filename, sha1_ctx.h, 16); + const u64 cached_cnt = dictstat_find (hashcat_ctx, &d); if (run_rule_engine (user_options_extra->rule_len_l, user_options->rule_buf_l) == 0) From d2527d142adbdc6bb1292dda73c8478f89689f09 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 10 Mar 2020 15:49:02 +0100 Subject: [PATCH 284/300] Fixed missing to copy the dictfile to dictfile_padded buffer --- src/wordlist.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/wordlist.c b/src/wordlist.c index 651ff4d80..deda8afd2 100644 --- a/src/wordlist.c +++ b/src/wordlist.c @@ -383,6 +383,8 @@ int count_words (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, const char *dictfile, u u32 *dictfile_padded = (u32 *) hcmalloc (dictfile_len + 64); // padding required for sha1_update() + memcpy (dictfile_padded, dictfile, dictfile_len); + sha1_ctx_t sha1_ctx; sha1_init (&sha1_ctx); sha1_update (&sha1_ctx, dictfile_padded, dictfile_len); From 2b2a7ede666ca11b17dd9e74325e6032df15e6cc Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 12 Mar 2020 10:51:10 +0100 Subject: [PATCH 285/300] OpenCL Options: Set --spin-damp to 0 (disabled) by default. With the CUDA backend this workaround became deprecated --- docs/changes.txt | 1 + include/types.h | 2 +- src/backend.c | 12 ++++++------ src/usage.c | 2 +- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 160004738..787f034a2 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -162,6 +162,7 @@ - Kernel Compile: Removed -cl-std= from all kernel build options since we're compatible to all OpenCL versions - OpenCL Kernels: Fix OpenCL compiler warning on double precision constants - OpenCL Kernels: Moved "gpu_decompress", "gpu_memset" and "gpu_atinit" into shared.cl in order to reduce compile time +- OpenCL Options: Set --spin-damp to 0 (disabled) by default. With the CUDA backend this workaround became deprecated - OpenCL Options: Removed --opencl-platforms filter in order to force backend device numbers to stay constant - Parsers: switched from strtok() to strtok_r() for thread safety - Requirements: Add new requirement for NVIDIA GPU: CUDA Toolkit (9.0 or later) diff --git a/include/types.h b/include/types.h index 5ae4f2b0e..f59655f60 100644 --- a/include/types.h +++ b/include/types.h @@ -638,7 +638,7 @@ typedef enum user_options_defaults SKIP = 0, SLOW_CANDIDATES = false, SPEED_ONLY = false, - SPIN_DAMP = 8, + SPIN_DAMP = 0, STATUS = false, STATUS_JSON = false, STATUS_TIMER = 10, diff --git a/src/backend.c b/src/backend.c index 1989359a9..1622b652e 100644 --- a/src/backend.c +++ b/src/backend.c @@ -3661,14 +3661,14 @@ int run_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, con const u32 iterationm = iteration % EXPECTED_ITERATIONS; - cl_int opencl_event_status; - - size_t param_value_size_ret; - - if (hc_clGetEventInfo (hashcat_ctx, opencl_event, CL_EVENT_COMMAND_EXECUTION_STATUS, sizeof (opencl_event_status), &opencl_event_status, ¶m_value_size_ret) == -1) return -1; - if (device_param->spin_damp > 0) { + cl_int opencl_event_status; + + size_t param_value_size_ret; + + if (hc_clGetEventInfo (hashcat_ctx, opencl_event, CL_EVENT_COMMAND_EXECUTION_STATUS, sizeof (opencl_event_status), &opencl_event_status, ¶m_value_size_ret) == -1) return -1; + double spin_total = device_param->spin_damp; while (opencl_event_status != CL_COMPLETE) diff --git a/src/usage.c b/src/usage.c index 6f5df8c74..0f30e2109 100644 --- a/src/usage.c +++ b/src/usage.c @@ -101,7 +101,7 @@ static const char *const USAGE_BIG_PRE_HASHMODES[] = " -u, --kernel-loops | Num | Manual workload tuning, set innerloop step size to X | -u 256", " -T, --kernel-threads | Num | Manual workload tuning, set thread count to X | -T 64", " --backend-vector-width | Num | Manually override backend vector-width to X | --backend-vector=4", - " --spin-damp | Num | Use CPU for device synchronization, in percent | --spin-damp=50", + " --spin-damp | Num | Use CPU for device synchronization, in percent | --spin-damp=10", " --hwmon-disable | | Disable temperature and fanspeed reads and triggers |", " --hwmon-temp-abort | Num | Abort if temperature reaches X degrees Celsius | --hwmon-temp-abort=100", " --scrypt-tmto | Num | Manually override TMTO value for scrypt to X | --scrypt-tmto=3", From ba7163062d948fea22e6532b5130d2d6e0398ab4 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 13 Mar 2020 09:43:41 +0100 Subject: [PATCH 286/300] Do not set -cl-std=XXX to workaround NEO driver bug causing to hang while compiling -m 22000 --- docs/changes.txt | 1 - include/types.h | 1 + src/backend.c | 52 ++++++++++++++++++++++++++++++------------------ 3 files changed, 34 insertions(+), 20 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 787f034a2..b5946a01a 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -116,7 +116,6 @@ - OpenCL Runtime: Do not run shared- and constant-memory size checks if their memory type is of type global memory (typically CPU) - OpenCL Runtime: Improve ROCm detection and make sure to not confuse with recent AMDGPU drivers - OpenCL Runtime: Not using amd_bytealign (amd_bitalign is fine) on AMDGPU driver drastically reduces JiT segfaults -- OpenCL Runtime: Reenabled support for Intel GPU OpenCL runtime (Beignet and NEO) because a workaround was found (force -cl-std=CL2.0) - OpenCL Runtime: Unlocked maximum thread count for NVIDIA GPU - OpenCL Runtime: Update unstable mode warnings for Apple and AMDGPU drivers - OpenCL Runtime: Workaround JiT compiler error on AMDGPU driver compiling WPA-EAPOL-PBKDF2 OpenCL kernel diff --git a/include/types.h b/include/types.h index f59655f60..47eff8f28 100644 --- a/include/types.h +++ b/include/types.h @@ -1280,6 +1280,7 @@ typedef struct hc_device_param bool use_opencl12; bool use_opencl20; + bool use_opencl21; // AMD bool has_vadd; diff --git a/src/backend.c b/src/backend.c index 1622b652e..9b773076e 100644 --- a/src/backend.c +++ b/src/backend.c @@ -5364,6 +5364,7 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) device_param->use_opencl12 = false; device_param->use_opencl20 = false; + device_param->use_opencl21 = false; // device_name @@ -5648,12 +5649,14 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) cl_device_id **opencl_platforms_devices = backend_ctx->opencl_platforms_devices; cl_uint *opencl_platforms_devices_cnt = backend_ctx->opencl_platforms_devices_cnt; cl_uint *opencl_platforms_vendor_id = backend_ctx->opencl_platforms_vendor_id; + char **opencl_platforms_version = backend_ctx->opencl_platforms_version; for (u32 opencl_platforms_idx = 0; opencl_platforms_idx < opencl_platforms_cnt; opencl_platforms_idx++) { cl_device_id *opencl_platform_devices = opencl_platforms_devices[opencl_platforms_idx]; cl_uint opencl_platform_devices_cnt = opencl_platforms_devices_cnt[opencl_platforms_idx]; cl_uint opencl_platform_vendor_id = opencl_platforms_vendor_id[opencl_platforms_idx]; + char *opencl_platform_version = opencl_platforms_version[opencl_platforms_idx]; for (u32 opencl_platform_devices_idx = 0; opencl_platform_devices_idx < opencl_platform_devices_cnt; opencl_platform_devices_idx++, backend_devices_idx++, opencl_devices_cnt++) { @@ -5677,8 +5680,30 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) device_param->is_opencl = true; + // check OpenCL version + device_param->use_opencl12 = false; device_param->use_opencl20 = false; + device_param->use_opencl21 = false; + + int opencl_version_min = 0; + int opencl_version_maj = 0; + + if (sscanf (opencl_platform_version, "OpenCL %d.%d", &opencl_version_min, &opencl_version_maj) == 2) + { + if ((opencl_version_min == 1) && (opencl_version_maj == 2)) + { + device_param->use_opencl12 = true; + } + else if ((opencl_version_min == 2) && (opencl_version_maj == 0)) + { + device_param->use_opencl20 = true; + } + else if ((opencl_version_min == 2) && (opencl_version_maj == 1)) + { + device_param->use_opencl21 = true; + } + } size_t param_value_size = 0; @@ -5793,23 +5818,6 @@ int backend_ctx_devices_init (hashcat_ctx_t *hashcat_ctx, const int comptime) device_param->opencl_device_c_version = opencl_device_c_version; - // check OpenCL version - - int opencl_version_min = 0; - int opencl_version_maj = 0; - - if (sscanf (opencl_device_c_version, "OpenCL C %d.%d", &opencl_version_min, &opencl_version_maj) == 2) - { - if ((opencl_version_min == 1) && (opencl_version_maj == 2)) - { - device_param->use_opencl12 = true; - } - else if ((opencl_version_min == 2) && (opencl_version_maj == 0)) - { - device_param->use_opencl20 = true; - } - } - // max_compute_units cl_uint device_processors = 0; @@ -7740,8 +7748,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-D KERNEL_STATIC -I OpenCL -I %s ", folder_config->cpath_real); #endif - // workarounds reproduceable bugs on some OpenCL runtimes (Beignet and NEO) - // ex: remove empty code in m04, m08 and m16 in OpenCL/m05600_a3-optimized.cl will break s04 kernel (not cracking anymore) + /* currently disabled, hangs NEO drivers since 20.09. + was required for NEO driver 20.08 to workaround the same issue! + we go with the latest version if (device_param->is_opencl == true) { @@ -7753,7 +7762,12 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) { build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-cl-std=CL2.0 "); } + else if (device_param->use_opencl21 == true) + { + build_options_len += snprintf (build_options_buf + build_options_len, build_options_sz - build_options_len, "-cl-std=CL2.1 "); + } } + */ // we don't have sm_* on vendors not NV but it doesn't matter From 119344c084e5f0a4e51c92bbef791d843a5f61bd Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 13 Mar 2020 09:51:27 +0100 Subject: [PATCH 287/300] Mark -m 13100 as unstable on Apple + Iris --- src/modules/module_13100.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/modules/module_13100.c b/src/modules/module_13100.c index 2f6b98b45..1203e34aa 100644 --- a/src/modules/module_13100.c +++ b/src/modules/module_13100.c @@ -75,6 +75,15 @@ u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYB bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hc_device_param_t *device_param) { + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + // self-test failed + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_GPU)) + { + return true; + } + } + // amdgpu-pro-19.30-934563-ubuntu-18.04: CL_OUT_OF_RESOURCES if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == false)) { From 434ad76381afb3f24003e9f0a59a13821f09dd11 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 13 Mar 2020 10:01:57 +0100 Subject: [PATCH 288/300] Improve alias device detection to distinguish between Intel CPU and embedded GPU --- src/backend.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/backend.c b/src/backend.c index 9b773076e..fdc8dba83 100644 --- a/src/backend.c +++ b/src/backend.c @@ -43,6 +43,10 @@ static bool is_same_device (const hc_device_param_t *src, const hc_device_param_ if (src->pcie_device != dst->pcie_device) return false; if (src->pcie_function != dst->pcie_function) return false; + // Intel CPU and embedded GPU would survive up to here! + + if (src->opencl_device_type != dst->opencl_device_type) return false; + return true; } From 2bc126ac96b7a59adbb7c41a8571213909a53864 Mon Sep 17 00:00:00 2001 From: philsmd Date: Mon, 16 Mar 2020 16:30:35 +0100 Subject: [PATCH 289/300] fixes #2067: 40-bit oldoffice false positive problem --- OpenCL/m09800_a0-optimized.cl | 231 +++++++++++++++--- OpenCL/m09800_a1-optimized.cl | 231 +++++++++++++++--- OpenCL/m09800_a3-optimized.cl | 231 +++++++++++++++--- OpenCL/m09810_a0-optimized.cl | 2 + OpenCL/m09810_a1-optimized.cl | 2 + OpenCL/m09810_a3-optimized.cl | 2 + OpenCL/m09820_a0-optimized.cl | 379 +++++++++++++++++++++++++++--- OpenCL/m09820_a1-optimized.cl | 379 +++++++++++++++++++++++++++--- OpenCL/m09820_a3-optimized.cl | 427 +++++++++++++++++++++++++++++++--- src/modules/module_09800.c | 58 ++++- src/modules/module_09810.c | 58 ++++- src/modules/module_09820.c | 68 +++++- tools/test_modules/m09800.pm | 78 ++++++- 13 files changed, 1961 insertions(+), 185 deletions(-) diff --git a/OpenCL/m09800_a0-optimized.cl b/OpenCL/m09800_a0-optimized.cl index ffa5c1388..3257c0cbb 100644 --- a/OpenCL/m09800_a0-optimized.cl +++ b/OpenCL/m09800_a0-optimized.cl @@ -17,11 +17,15 @@ #include "inc_hash_sha1.cl" #endif +#define MIN_NULL_BYTES 10 + typedef struct oldoffice34 { u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; @@ -252,21 +256,21 @@ KERNEL_FQ void m09800_m04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) w0[1] = salt_buf[1]; w0[0] = salt_buf[0]; - u32 digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, pass_hash); - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; w1[1] = 0; w1[2] = 0x80000000; w1[3] = 0; @@ -279,6 +283,8 @@ KERNEL_FQ void m09800_m04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) w3[2] = 0; w3[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; @@ -337,7 +343,93 @@ KERNEL_FQ void m09800_m04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) rc4_next_16 (rc4_key, 16, j, digest, out); - COMPARE_M_SIMD (out[0], out[1], out[2], out[3]); + // initial compare + + int digest_pos = find_hash (out, digests_cnt, &digests_buf[digests_offset]); + + if (digest_pos == -1) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + const u32 final_hash_pos = digests_offset + digest_pos; + + if (atomic_inc (&hashes_shown[final_hash_pos]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, final_hash_pos, gid, il_pos, 0, 0); + } } } @@ -464,21 +556,21 @@ KERNEL_FQ void m09800_s04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) w0[1] = salt_buf[1]; w0[0] = salt_buf[0]; - u32 digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, pass_hash); - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; w1[1] = 0; w1[2] = 0x80000000; w1[3] = 0; @@ -491,6 +583,8 @@ KERNEL_FQ void m09800_s04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) w3[2] = 0; w3[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; @@ -549,7 +643,92 @@ KERNEL_FQ void m09800_s04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) rc4_next_16 (rc4_key, 16, j, digest, out); - COMPARE_S_SIMD (out[0], out[1], out[2], out[3]); + // initial compare + + if (out[0] != search[0]) continue; + if (out[1] != search[1]) continue; + if (out[2] != search[2]) continue; + if (out[3] != search[3]) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } } } diff --git a/OpenCL/m09800_a1-optimized.cl b/OpenCL/m09800_a1-optimized.cl index 07bfb15ca..891d7ca67 100644 --- a/OpenCL/m09800_a1-optimized.cl +++ b/OpenCL/m09800_a1-optimized.cl @@ -15,11 +15,15 @@ #include "inc_hash_sha1.cl" #endif +#define MIN_NULL_BYTES 10 + typedef struct oldoffice34 { u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; @@ -300,21 +304,21 @@ KERNEL_FQ void m09800_m04 (KERN_ATTR_ESALT (oldoffice34_t)) w0[1] = salt_buf[1]; w0[0] = salt_buf[0]; - u32 digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, pass_hash); - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; w1[1] = 0; w1[2] = 0x80000000; w1[3] = 0; @@ -327,6 +331,8 @@ KERNEL_FQ void m09800_m04 (KERN_ATTR_ESALT (oldoffice34_t)) w3[2] = 0; w3[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; @@ -385,7 +391,93 @@ KERNEL_FQ void m09800_m04 (KERN_ATTR_ESALT (oldoffice34_t)) rc4_next_16 (rc4_key, 16, j, digest, out); - COMPARE_M_SIMD (out[0], out[1], out[2], out[3]); + // initial compare + + int digest_pos = find_hash (out, digests_cnt, &digests_buf[digests_offset]); + + if (digest_pos == -1) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + const u32 final_hash_pos = digests_offset + digest_pos; + + if (atomic_inc (&hashes_shown[final_hash_pos]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, final_hash_pos, gid, il_pos, 0, 0); + } } } @@ -562,21 +654,21 @@ KERNEL_FQ void m09800_s04 (KERN_ATTR_ESALT (oldoffice34_t)) w0[1] = salt_buf[1]; w0[0] = salt_buf[0]; - u32 digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, pass_hash); - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; w1[1] = 0; w1[2] = 0x80000000; w1[3] = 0; @@ -589,6 +681,8 @@ KERNEL_FQ void m09800_s04 (KERN_ATTR_ESALT (oldoffice34_t)) w3[2] = 0; w3[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; @@ -647,7 +741,92 @@ KERNEL_FQ void m09800_s04 (KERN_ATTR_ESALT (oldoffice34_t)) rc4_next_16 (rc4_key, 16, j, digest, out); - COMPARE_S_SIMD (out[0], out[1], out[2], out[3]); + // initial compare + + if (out[0] != search[0]) continue; + if (out[1] != search[1]) continue; + if (out[2] != search[2]) continue; + if (out[3] != search[3]) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } } } diff --git a/OpenCL/m09800_a3-optimized.cl b/OpenCL/m09800_a3-optimized.cl index 303b177a8..8315abfdf 100644 --- a/OpenCL/m09800_a3-optimized.cl +++ b/OpenCL/m09800_a3-optimized.cl @@ -12,11 +12,15 @@ #include "inc_hash_sha1.cl" #endif +#define MIN_NULL_BYTES 10 + typedef struct oldoffice34 { u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; @@ -223,21 +227,21 @@ DECLSPEC void m09800m (LOCAL_AS RC4_KEY *rc4_keys, u32 *w0, u32 *w1, u32 *w2, u3 w3_t[2] = 0; w3_t[3] = pw_salt_len * 8; - u32 digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform (w0_t, w1_t, w2_t, w3_t, digest); + sha1_transform (w0_t, w1_t, w2_t, w3_t, pass_hash); - w0_t[0] = digest[0]; - w0_t[1] = digest[1]; - w0_t[2] = digest[2]; - w0_t[3] = digest[3]; - w1_t[0] = digest[4]; + w0_t[0] = pass_hash[0]; + w0_t[1] = pass_hash[1]; + w0_t[2] = pass_hash[2]; + w0_t[3] = pass_hash[3]; + w1_t[0] = pass_hash[4]; w1_t[1] = 0; w1_t[2] = 0x80000000; w1_t[3] = 0; @@ -250,6 +254,8 @@ DECLSPEC void m09800m (LOCAL_AS RC4_KEY *rc4_keys, u32 *w0, u32 *w1, u32 *w2, u3 w3_t[2] = 0; w3_t[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; @@ -308,7 +314,93 @@ DECLSPEC void m09800m (LOCAL_AS RC4_KEY *rc4_keys, u32 *w0, u32 *w1, u32 *w2, u3 rc4_next_16 (rc4_key, 16, j, digest, out); - COMPARE_M_SIMD (out[0], out[1], out[2], out[3]); + // initial compare + + int digest_pos = find_hash (out, digests_cnt, &digests_buf[digests_offset]); + + if (digest_pos == -1) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + const u32 final_hash_pos = digests_offset + digest_pos; + + if (atomic_inc (&hashes_shown[final_hash_pos]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, final_hash_pos, gid, il_pos, 0, 0); + } } } @@ -403,21 +495,21 @@ DECLSPEC void m09800s (LOCAL_AS RC4_KEY *rc4_keys, u32 *w0, u32 *w1, u32 *w2, u3 w3_t[2] = 0; w3_t[3] = pw_salt_len * 8; - u32 digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform (w0_t, w1_t, w2_t, w3_t, digest); + sha1_transform (w0_t, w1_t, w2_t, w3_t, pass_hash); - w0_t[0] = digest[0]; - w0_t[1] = digest[1]; - w0_t[2] = digest[2]; - w0_t[3] = digest[3]; - w1_t[0] = digest[4]; + w0_t[0] = pass_hash[0]; + w0_t[1] = pass_hash[1]; + w0_t[2] = pass_hash[2]; + w0_t[3] = pass_hash[3]; + w1_t[0] = pass_hash[4]; w1_t[1] = 0; w1_t[2] = 0x80000000; w1_t[3] = 0; @@ -430,6 +522,8 @@ DECLSPEC void m09800s (LOCAL_AS RC4_KEY *rc4_keys, u32 *w0, u32 *w1, u32 *w2, u3 w3_t[2] = 0; w3_t[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; @@ -488,7 +582,92 @@ DECLSPEC void m09800s (LOCAL_AS RC4_KEY *rc4_keys, u32 *w0, u32 *w1, u32 *w2, u3 rc4_next_16 (rc4_key, 16, j, digest, out); - COMPARE_S_SIMD (out[0], out[1], out[2], out[3]); + // initial compare + + if (out[0] != search[0]) continue; + if (out[1] != search[1]) continue; + if (out[2] != search[2]) continue; + if (out[3] != search[3]) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } } } diff --git a/OpenCL/m09810_a0-optimized.cl b/OpenCL/m09810_a0-optimized.cl index 5db2264a6..3b911251c 100644 --- a/OpenCL/m09810_a0-optimized.cl +++ b/OpenCL/m09810_a0-optimized.cl @@ -22,6 +22,8 @@ typedef struct oldoffice34 u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; diff --git a/OpenCL/m09810_a1-optimized.cl b/OpenCL/m09810_a1-optimized.cl index 69ecab5c3..b488cdf49 100644 --- a/OpenCL/m09810_a1-optimized.cl +++ b/OpenCL/m09810_a1-optimized.cl @@ -20,6 +20,8 @@ typedef struct oldoffice34 u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; diff --git a/OpenCL/m09810_a3-optimized.cl b/OpenCL/m09810_a3-optimized.cl index 495adc734..760dcb932 100644 --- a/OpenCL/m09810_a3-optimized.cl +++ b/OpenCL/m09810_a3-optimized.cl @@ -20,6 +20,8 @@ typedef struct oldoffice34 u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; diff --git a/OpenCL/m09820_a0-optimized.cl b/OpenCL/m09820_a0-optimized.cl index 0e9a95ca6..3f4bfeb2b 100644 --- a/OpenCL/m09820_a0-optimized.cl +++ b/OpenCL/m09820_a0-optimized.cl @@ -3,7 +3,8 @@ * License.....: MIT */ -#define NEW_SIMD_CODE +//too much register pressure +//#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -16,15 +17,142 @@ #include "inc_hash_sha1.cl" #endif +#define MIN_NULL_BYTES 10 + typedef struct oldoffice34 { u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; +typedef struct +{ + u8 S[256]; + + u32 wtf_its_faster; + +} RC4_KEY; + +DECLSPEC void swap (LOCAL_AS RC4_KEY *rc4_key, const u8 i, const u8 j) +{ + u8 tmp; + + tmp = rc4_key->S[i]; + rc4_key->S[i] = rc4_key->S[j]; + rc4_key->S[j] = tmp; +} + +DECLSPEC void rc4_init_16 (LOCAL_AS RC4_KEY *rc4_key, const u32 *data) +{ + u32 v = 0x03020100; + u32 a = 0x04040404; + + LOCAL_AS u32 *ptr = (LOCAL_AS u32 *) rc4_key->S; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 64; i++) + { + *ptr++ = v; v += a; + } + + u32 j = 0; + + for (u32 i = 0; i < 16; i++) + { + u32 idx = i * 16; + + u32 v; + + v = data[0]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[1]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[2]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[3]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + } +} + +DECLSPEC u8 rc4_next_16 (LOCAL_AS RC4_KEY *rc4_key, u8 i, u8 j, const u32 *in, u32 *out) +{ + #ifdef _unroll + #pragma unroll + #endif + for (u32 k = 0; k < 4; k++) + { + u32 xor4 = 0; + + u8 idx; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 0; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 8; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 16; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 24; + + out[k] = in[k] ^ xor4; + } + + return j; +} + KERNEL_FQ void m09820_m04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) { /** @@ -55,6 +183,14 @@ KERNEL_FQ void m09820_m04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) const u32 pw_len = pws[gid].pw_len & 63; + /** + * shared + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid]; + /** * salt */ @@ -107,21 +243,21 @@ KERNEL_FQ void m09820_m04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) w0[1] = salt_buf[1]; w0[0] = salt_buf[0]; - u32x digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform_vector (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, pass_hash); - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; w1[1] = 0; w1[2] = 0x80000000; w1[3] = 0; @@ -134,20 +270,110 @@ KERNEL_FQ void m09820_m04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) w3[2] = 0; w3[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform_vector (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, digest); digest[0] = hc_swap32 (digest[0]); digest[1] = hc_swap32 (digest[1]) & 0xff; digest[2] = 0; digest[3] = 0; - COMPARE_M_SIMD (digest[0], digest[1], digest[2], digest[3]); + // initial compare + + int digest_pos = find_hash (digest, digests_cnt, &digests_buf[digests_offset]); + + if (digest_pos == -1) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + u32 out[4]; + + u32 j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + const u32 final_hash_pos = digests_offset + digest_pos; + + if (atomic_inc (&hashes_shown[final_hash_pos]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, final_hash_pos, gid, il_pos, 0, 0); + } } } @@ -189,6 +415,14 @@ KERNEL_FQ void m09820_s04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) const u32 pw_len = pws[gid].pw_len & 63; + /** + * shared + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid]; + /** * salt */ @@ -253,21 +487,21 @@ KERNEL_FQ void m09820_s04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) w0[1] = salt_buf[1]; w0[0] = salt_buf[0]; - u32x digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform_vector (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, pass_hash); - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; w1[1] = 0; w1[2] = 0x80000000; w1[3] = 0; @@ -280,20 +514,107 @@ KERNEL_FQ void m09820_s04 (KERN_ATTR_RULES_ESALT (oldoffice34_t)) w3[2] = 0; w3[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform_vector (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, digest); digest[0] = hc_swap32 (digest[0]); digest[1] = hc_swap32 (digest[1]) & 0xff; digest[2] = 0; digest[3] = 0; - COMPARE_S_SIMD (digest[0], digest[1], digest[2], digest[3]); + // initial compare + + if (digest[0] != search[0]) continue; + if (digest[1] != search[1]) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + u32 out[4]; + + u32 j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } } } diff --git a/OpenCL/m09820_a1-optimized.cl b/OpenCL/m09820_a1-optimized.cl index 028b3d28f..bedc61bb8 100644 --- a/OpenCL/m09820_a1-optimized.cl +++ b/OpenCL/m09820_a1-optimized.cl @@ -3,7 +3,8 @@ * License.....: MIT */ -#define NEW_SIMD_CODE +//too much register pressure +//#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -14,15 +15,142 @@ #include "inc_hash_sha1.cl" #endif +#define MIN_NULL_BYTES 10 + typedef struct oldoffice34 { u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; +typedef struct +{ + u8 S[256]; + + u32 wtf_its_faster; + +} RC4_KEY; + +DECLSPEC void swap (LOCAL_AS RC4_KEY *rc4_key, const u8 i, const u8 j) +{ + u8 tmp; + + tmp = rc4_key->S[i]; + rc4_key->S[i] = rc4_key->S[j]; + rc4_key->S[j] = tmp; +} + +DECLSPEC void rc4_init_16 (LOCAL_AS RC4_KEY *rc4_key, const u32 *data) +{ + u32 v = 0x03020100; + u32 a = 0x04040404; + + LOCAL_AS u32 *ptr = (LOCAL_AS u32 *) rc4_key->S; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 64; i++) + { + *ptr++ = v; v += a; + } + + u32 j = 0; + + for (u32 i = 0; i < 16; i++) + { + u32 idx = i * 16; + + u32 v; + + v = data[0]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[1]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[2]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[3]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + } +} + +DECLSPEC u8 rc4_next_16 (LOCAL_AS RC4_KEY *rc4_key, u8 i, u8 j, const u32 *in, u32 *out) +{ + #ifdef _unroll + #pragma unroll + #endif + for (u32 k = 0; k < 4; k++) + { + u32 xor4 = 0; + + u8 idx; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 0; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 8; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 16; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 24; + + out[k] = in[k] ^ xor4; + } + + return j; +} + KERNEL_FQ void m09820_m04 (KERN_ATTR_ESALT (oldoffice34_t)) { /** @@ -53,6 +181,14 @@ KERNEL_FQ void m09820_m04 (KERN_ATTR_ESALT (oldoffice34_t)) const u32 pw_l_len = pws[gid].pw_len & 63; + /** + * shared + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid]; + /** * salt */ @@ -155,21 +291,21 @@ KERNEL_FQ void m09820_m04 (KERN_ATTR_ESALT (oldoffice34_t)) w0[1] = salt_buf[1]; w0[0] = salt_buf[0]; - u32x digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform_vector (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, pass_hash); - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; w1[1] = 0; w1[2] = 0x80000000; w1[3] = 0; @@ -182,20 +318,110 @@ KERNEL_FQ void m09820_m04 (KERN_ATTR_ESALT (oldoffice34_t)) w3[2] = 0; w3[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform_vector (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, digest); digest[0] = hc_swap32 (digest[0]); digest[1] = hc_swap32 (digest[1]) & 0xff; digest[2] = 0; digest[3] = 0; - COMPARE_M_SIMD (digest[0], digest[1], digest[2], digest[3]); + // initial compare + + int digest_pos = find_hash (digest, digests_cnt, &digests_buf[digests_offset]); + + if (digest_pos == -1) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + u32 out[4]; + + u32 j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + const u32 final_hash_pos = digests_offset + digest_pos; + + if (atomic_inc (&hashes_shown[final_hash_pos]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, final_hash_pos, gid, il_pos, 0, 0); + } } } @@ -237,6 +463,14 @@ KERNEL_FQ void m09820_s04 (KERN_ATTR_ESALT (oldoffice34_t)) const u32 pw_l_len = pws[gid].pw_len & 63; + /** + * shared + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid]; + /** * salt */ @@ -351,21 +585,21 @@ KERNEL_FQ void m09820_s04 (KERN_ATTR_ESALT (oldoffice34_t)) w0[1] = salt_buf[1]; w0[0] = salt_buf[0]; - u32x digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform_vector (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, pass_hash); - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; w1[1] = 0; w1[2] = 0x80000000; w1[3] = 0; @@ -378,20 +612,107 @@ KERNEL_FQ void m09820_s04 (KERN_ATTR_ESALT (oldoffice34_t)) w3[2] = 0; w3[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform_vector (w0, w1, w2, w3, digest); + sha1_transform (w0, w1, w2, w3, digest); digest[0] = hc_swap32 (digest[0]); digest[1] = hc_swap32 (digest[1]) & 0xff; digest[2] = 0; digest[3] = 0; - COMPARE_S_SIMD (digest[0], digest[1], digest[2], digest[3]); + // initial compare + + if (digest[0] != search[0]) continue; + if (digest[1] != search[1]) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + u32 out[4]; + + u32 j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } } } diff --git a/OpenCL/m09820_a3-optimized.cl b/OpenCL/m09820_a3-optimized.cl index cde918d0e..a0c0a568d 100644 --- a/OpenCL/m09820_a3-optimized.cl +++ b/OpenCL/m09820_a3-optimized.cl @@ -3,7 +3,8 @@ * License.....: MIT */ -#define NEW_SIMD_CODE +//too much register pressure +//#define NEW_SIMD_CODE #ifdef KERNEL_STATIC #include "inc_vendor.h" @@ -14,16 +15,143 @@ #include "inc_hash_sha1.cl" #endif +#define MIN_NULL_BYTES 10 + typedef struct oldoffice34 { u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; -DECLSPEC void m09820m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_ESALT (oldoffice34_t)) +typedef struct +{ + u8 S[256]; + + u32 wtf_its_faster; + +} RC4_KEY; + +DECLSPEC void swap (LOCAL_AS RC4_KEY *rc4_key, const u8 i, const u8 j) +{ + u8 tmp; + + tmp = rc4_key->S[i]; + rc4_key->S[i] = rc4_key->S[j]; + rc4_key->S[j] = tmp; +} + +DECLSPEC void rc4_init_16 (LOCAL_AS RC4_KEY *rc4_key, const u32 *data) +{ + u32 v = 0x03020100; + u32 a = 0x04040404; + + LOCAL_AS u32 *ptr = (LOCAL_AS u32 *) rc4_key->S; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 64; i++) + { + *ptr++ = v; v += a; + } + + u32 j = 0; + + for (u32 i = 0; i < 16; i++) + { + u32 idx = i * 16; + + u32 v; + + v = data[0]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[1]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[2]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[3]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + } +} + +DECLSPEC u8 rc4_next_16 (LOCAL_AS RC4_KEY *rc4_key, u8 i, u8 j, const u32 *in, u32 *out) +{ + #ifdef _unroll + #pragma unroll + #endif + for (u32 k = 0; k < 4; k++) + { + u32 xor4 = 0; + + u8 idx; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 0; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 8; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 16; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 24; + + out[k] = in[k] ^ xor4; + } + + return j; +} + +DECLSPEC void m09820m (LOCAL_AS RC4_KEY *rc4_keys, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_ESALT (oldoffice34_t)) { /** * modifier @@ -32,6 +160,12 @@ DECLSPEC void m09820m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER const u64 gid = get_global_id (0); const u64 lid = get_local_id (0); + /** + * shared + */ + + LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid]; + /** * salt */ @@ -81,21 +215,21 @@ DECLSPEC void m09820m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER w3_t[2] = 0; w3_t[3] = (pw_len + 16) * 8; - u32x digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform_vector (w0_t, w1_t, w2_t, w3_t, digest); + sha1_transform (w0_t, w1_t, w2_t, w3_t, pass_hash); - w0_t[0] = digest[0]; - w0_t[1] = digest[1]; - w0_t[2] = digest[2]; - w0_t[3] = digest[3]; - w1_t[0] = digest[4]; + w0_t[0] = pass_hash[0]; + w0_t[1] = pass_hash[1]; + w0_t[2] = pass_hash[2]; + w0_t[3] = pass_hash[3]; + w1_t[0] = pass_hash[4]; w1_t[1] = 0; w1_t[2] = 0x80000000; w1_t[3] = 0; @@ -108,24 +242,114 @@ DECLSPEC void m09820m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER w3_t[2] = 0; w3_t[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform_vector (w0_t, w1_t, w2_t, w3_t, digest); + sha1_transform (w0_t, w1_t, w2_t, w3_t, digest); digest[0] = hc_swap32 (digest[0]); digest[1] = hc_swap32 (digest[1]) & 0xff; digest[2] = 0; digest[3] = 0; - COMPARE_M_SIMD (digest[0], digest[1], digest[2], digest[3]); + // initial compare + + int digest_pos = find_hash (digest, digests_cnt, &digests_buf[digests_offset]); + + if (digest_pos == -1) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + u32 out[4]; + + u32 j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + const u32 final_hash_pos = digests_offset + digest_pos; + + if (atomic_inc (&hashes_shown[final_hash_pos]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, final_hash_pos, gid, il_pos, 0, 0); + } } } -DECLSPEC void m09820s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_ESALT (oldoffice34_t)) +DECLSPEC void m09820s (LOCAL_AS RC4_KEY *rc4_keys, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_ESALT (oldoffice34_t)) { /** * modifier @@ -134,6 +358,12 @@ DECLSPEC void m09820s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER const u64 gid = get_global_id (0); const u64 lid = get_local_id (0); + /** + * shared + */ + + LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid]; + /** * salt */ @@ -195,21 +425,21 @@ DECLSPEC void m09820s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER w3_t[2] = 0; w3_t[3] = (pw_len + 16) * 8; - u32x digest[5]; + u32 pass_hash[5]; - digest[0] = SHA1M_A; - digest[1] = SHA1M_B; - digest[2] = SHA1M_C; - digest[3] = SHA1M_D; - digest[4] = SHA1M_E; + pass_hash[0] = SHA1M_A; + pass_hash[1] = SHA1M_B; + pass_hash[2] = SHA1M_C; + pass_hash[3] = SHA1M_D; + pass_hash[4] = SHA1M_E; - sha1_transform_vector (w0_t, w1_t, w2_t, w3_t, digest); + sha1_transform (w0_t, w1_t, w2_t, w3_t, pass_hash); - w0_t[0] = digest[0]; - w0_t[1] = digest[1]; - w0_t[2] = digest[2]; - w0_t[3] = digest[3]; - w1_t[0] = digest[4]; + w0_t[0] = pass_hash[0]; + w0_t[1] = pass_hash[1]; + w0_t[2] = pass_hash[2]; + w0_t[3] = pass_hash[3]; + w1_t[0] = pass_hash[4]; w1_t[1] = 0; w1_t[2] = 0x80000000; w1_t[3] = 0; @@ -222,20 +452,107 @@ DECLSPEC void m09820s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER w3_t[2] = 0; w3_t[3] = (20 + 4) * 8; + u32 digest[5]; + digest[0] = SHA1M_A; digest[1] = SHA1M_B; digest[2] = SHA1M_C; digest[3] = SHA1M_D; digest[4] = SHA1M_E; - sha1_transform_vector (w0_t, w1_t, w2_t, w3_t, digest); + sha1_transform (w0_t, w1_t, w2_t, w3_t, digest); digest[0] = hc_swap32 (digest[0]); digest[1] = hc_swap32 (digest[1]) & 0xff; digest[2] = 0; digest[3] = 0; - COMPARE_S_SIMD (digest[0], digest[1], digest[2], digest[3]); + // initial compare + + if (digest[0] != search[0]) continue; + if (digest[1] != search[1]) continue; + + if (esalt_bufs[digests_offset].secondBlockLen != 0) + { + w0[0] = pass_hash[0]; + w0[1] = pass_hash[1]; + w0[2] = pass_hash[2]; + w0[3] = pass_hash[3]; + w1[0] = pass_hash[4]; + w1[1] = 0x01000000; + w1[2] = 0x80000000; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (20 + 4) * 8; + + digest[0] = SHA1M_A; + digest[1] = SHA1M_B; + digest[2] = SHA1M_C; + digest[3] = SHA1M_D; + digest[4] = SHA1M_E; + + sha1_transform (w0, w1, w2, w3, digest); + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = 0; + digest[3] = 0; + + digest[1] &= 0xff; // only 40-bit key + + // second block decrypt: + + rc4_init_16 (rc4_key, digest); + + u32 secondBlockData[4]; + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[0]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[1]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[2]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[3]; + + u32 out[4]; + + u32 j = rc4_next_16 (rc4_key, 0, 0, secondBlockData, out); + + int null_bytes = 0; + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + secondBlockData[0] = esalt_bufs[digests_offset].secondBlockData[4]; + secondBlockData[1] = esalt_bufs[digests_offset].secondBlockData[5]; + secondBlockData[2] = esalt_bufs[digests_offset].secondBlockData[6]; + secondBlockData[3] = esalt_bufs[digests_offset].secondBlockData[7]; + + rc4_next_16 (rc4_key, 16, j, secondBlockData, out); + + for (int k = 0; k < 4; k++) + { + if ((out[k] & 0x000000ff) == 0) null_bytes++; + if ((out[k] & 0x0000ff00) == 0) null_bytes++; + if ((out[k] & 0x00ff0000) == 0) null_bytes++; + if ((out[k] & 0xff000000) == 0) null_bytes++; + } + + if (null_bytes < MIN_NULL_BYTES) continue; + } + + if (atomic_inc (&hashes_shown[digests_offset]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, il_pos, 0, 0); + } } } @@ -279,7 +596,13 @@ KERNEL_FQ void m09820_m04 (KERN_ATTR_ESALT (oldoffice34_t)) const u32 pw_len = pws[gid].pw_len & 63; - m09820m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + /** + * main + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + m09820m (rc4_keys, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m09820_m08 (KERN_ATTR_ESALT (oldoffice34_t)) @@ -322,7 +645,13 @@ KERNEL_FQ void m09820_m08 (KERN_ATTR_ESALT (oldoffice34_t)) const u32 pw_len = pws[gid].pw_len & 63; - m09820m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + /** + * main + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + m09820m (rc4_keys, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m09820_m16 (KERN_ATTR_ESALT (oldoffice34_t)) @@ -365,7 +694,13 @@ KERNEL_FQ void m09820_m16 (KERN_ATTR_ESALT (oldoffice34_t)) const u32 pw_len = pws[gid].pw_len & 63; - m09820m (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + /** + * main + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + m09820m (rc4_keys, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m09820_s04 (KERN_ATTR_ESALT (oldoffice34_t)) @@ -408,7 +743,13 @@ KERNEL_FQ void m09820_s04 (KERN_ATTR_ESALT (oldoffice34_t)) const u32 pw_len = pws[gid].pw_len & 63; - m09820s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + /** + * main + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + m09820s (rc4_keys, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m09820_s08 (KERN_ATTR_ESALT (oldoffice34_t)) @@ -451,7 +792,13 @@ KERNEL_FQ void m09820_s08 (KERN_ATTR_ESALT (oldoffice34_t)) const u32 pw_len = pws[gid].pw_len & 63; - m09820s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + /** + * main + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + m09820s (rc4_keys, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } KERNEL_FQ void m09820_s16 (KERN_ATTR_ESALT (oldoffice34_t)) @@ -494,5 +841,11 @@ KERNEL_FQ void m09820_s16 (KERN_ATTR_ESALT (oldoffice34_t)) const u32 pw_len = pws[gid].pw_len & 63; - m09820s (w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); + /** + * main + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + m09820s (rc4_keys, w0, w1, w2, w3, pw_len, pws, rules_buf, combs_buf, bfs_buf, tmps, hooks, bitmaps_buf_s1_a, bitmaps_buf_s1_b, bitmaps_buf_s1_c, bitmaps_buf_s1_d, bitmaps_buf_s2_a, bitmaps_buf_s2_b, bitmaps_buf_s2_c, bitmaps_buf_s2_d, plains_buf, digests_buf, hashes_shown, salt_bufs, esalt_bufs, d_return_buf, d_extra0_buf, d_extra1_buf, d_extra2_buf, d_extra3_buf, bitmap_mask, bitmap_shift1, bitmap_shift2, salt_pos, loop_pos, loop_cnt, il_cnt, digests_cnt, digests_offset, combs_mode, gid_max); } diff --git a/src/modules/module_09800.c b/src/modules/module_09800.c index b191924dc..61ab1471a 100644 --- a/src/modules/module_09800.c +++ b/src/modules/module_09800.c @@ -49,6 +49,8 @@ typedef struct oldoffice34 u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; @@ -137,7 +139,22 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + // alternative format (with second block data): + + if (rc_tokenizer == PARSER_TOKEN_LENGTH) // or just rc_tokenizer != PARSER_OK + { + token.token_cnt = 6; + + token.len_min[5] = 64; + token.len_max[5] = 64; + token.sep[5] = '*'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + } if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); @@ -165,6 +182,24 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE oldoffice34->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); oldoffice34->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); + // second block (if needed) + + oldoffice34->secondBlockLen = 0; + + if (token.token_cnt == 6) + { + oldoffice34->secondBlockData[0] = 0; + + const u8 *second_block_data = token.buf[5]; + + for (int i = 0, j = 0; i < 8; i += 1, j += 8) + { + oldoffice34->secondBlockData[i] = hex_to_u32 (second_block_data + j); + } + + oldoffice34->secondBlockLen = 64; + } + // salt salt->salt_len = 16; @@ -208,7 +243,23 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE { const oldoffice34_t *oldoffice34 = (const oldoffice34_t *) esalt_buf; - const int line_len = snprintf (line_buf, line_size, "%s%u*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x", + u8 secondBlockData[64 + 1 + 1]; + + memset (secondBlockData, 0, sizeof (secondBlockData)); + + if (oldoffice34->secondBlockLen != 0) + { + secondBlockData[0] = '*'; + + u8 *ptr = (u8 *) oldoffice34->secondBlockData; + + for (int i = 0, j = 1; i < 32; i += 1, j += 2) + { + u8_to_hex (ptr[i], secondBlockData + j); + } + } + + const int line_len = snprintf (line_buf, line_size, "%s%u*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x%s", SIGNATURE_OLDOFFICE, oldoffice34->version, salt->salt_buf[0], @@ -223,7 +274,8 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE byte_swap_32 (oldoffice34->encryptedVerifierHash[1]), byte_swap_32 (oldoffice34->encryptedVerifierHash[2]), byte_swap_32 (oldoffice34->encryptedVerifierHash[3]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[4])); + byte_swap_32 (oldoffice34->encryptedVerifierHash[4]), + secondBlockData); return line_len; } diff --git a/src/modules/module_09810.c b/src/modules/module_09810.c index fd80151fa..ff9ccd2a5 100644 --- a/src/modules/module_09810.c +++ b/src/modules/module_09810.c @@ -48,6 +48,8 @@ typedef struct oldoffice34 u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; @@ -144,7 +146,22 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + // alternative format (with second block data): + + if (rc_tokenizer == PARSER_TOKEN_LENGTH) // or just rc_tokenizer != PARSER_OK + { + token.token_cnt = 6; + + token.len_min[5] = 64; + token.len_max[5] = 64; + token.sep[5] = '*'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + } if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); @@ -172,6 +189,24 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE oldoffice34->encryptedVerifierHash[3] = hex_to_u32 (encryptedVerifierHash_pos + 24); oldoffice34->encryptedVerifierHash[4] = hex_to_u32 (encryptedVerifierHash_pos + 32); + // second block (if needed) + + oldoffice34->secondBlockLen = 0; + + if (token.token_cnt == 6) + { + oldoffice34->secondBlockData[0] = 0; + + const u8 *second_block_data = token.buf[5]; + + for (int i = 0, j = 0; i < 8; i += 1, j += 8) + { + oldoffice34->secondBlockData[i] = hex_to_u32 (second_block_data + j); + } + + oldoffice34->secondBlockLen = 64; + } + // salt salt->salt_len = 16; @@ -215,7 +250,23 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE { const oldoffice34_t *oldoffice34 = (const oldoffice34_t *) esalt_buf; - const int line_len = snprintf (line_buf, line_size, "%s%u*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x", + u8 secondBlockData[64 + 1 + 1]; + + memset (secondBlockData, 0, sizeof (secondBlockData)); + + if (oldoffice34->secondBlockLen != 0) + { + secondBlockData[0] = '*'; + + u8 *ptr = (u8 *) oldoffice34->secondBlockData; + + for (int i = 0, j = 1; i < 32; i += 1, j += 2) + { + u8_to_hex (ptr[i], secondBlockData + j); + } + } + + const int line_len = snprintf (line_buf, line_size, "%s%u*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x%s", SIGNATURE_OLDOFFICE, oldoffice34->version, salt->salt_buf[0], @@ -230,7 +281,8 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE byte_swap_32 (oldoffice34->encryptedVerifierHash[1]), byte_swap_32 (oldoffice34->encryptedVerifierHash[2]), byte_swap_32 (oldoffice34->encryptedVerifierHash[3]), - byte_swap_32 (oldoffice34->encryptedVerifierHash[4])); + byte_swap_32 (oldoffice34->encryptedVerifierHash[4]), + secondBlockData); return line_len; } diff --git a/src/modules/module_09820.c b/src/modules/module_09820.c index fd1aeabc1..7a6b2869c 100644 --- a/src/modules/module_09820.c +++ b/src/modules/module_09820.c @@ -50,6 +50,8 @@ typedef struct oldoffice34 u32 version; u32 encryptedVerifier[4]; u32 encryptedVerifierHash[5]; + u32 secondBlockData[8]; + u32 secondBlockLen; u32 rc4key[2]; } oldoffice34_t; @@ -117,7 +119,29 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + // alternative format (with second block data): + + if (rc_tokenizer == PARSER_TOKEN_LENGTH) // or just rc_tokenizer != PARSER_OK + { + token.token_cnt = 7; + + token.sep[4] = '*'; + + token.len_min[5] = 64; + token.len_max[5] = 64; + token.sep[5] = ':'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[6] = 10; + token.len_max[6] = 10; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + } if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); @@ -125,7 +149,10 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *osalt_pos = token.buf[2]; const u8 *encryptedVerifier_pos = token.buf[3]; const u8 *encryptedVerifierHash_pos = token.buf[4]; - const u8 *rc4key_pos = token.buf[5]; + + const u8 rc4_idx = token.token_cnt - 1; + + const u8 *rc4key_pos = token.buf[rc4_idx]; // esalt @@ -163,6 +190,24 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE oldoffice34->rc4key[0] = byte_swap_32 (oldoffice34->rc4key[0]); oldoffice34->rc4key[1] = byte_swap_32 (oldoffice34->rc4key[1]); + // second block (if needed) + + oldoffice34->secondBlockLen = 0; + + if (token.token_cnt == 7) + { + oldoffice34->secondBlockData[0] = 0; + + const u8 *second_block_data = token.buf[5]; + + for (int i = 0, j = 0; i < 8; i += 1, j += 8) + { + oldoffice34->secondBlockData[i] = hex_to_u32 (second_block_data + j); + } + + oldoffice34->secondBlockLen = 64; + } + // salt salt->salt_len = 16; @@ -208,7 +253,23 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *rc4key = (const u8 *) oldoffice34->rc4key; - const int line_len = snprintf (line_buf, line_size, "%s%u*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x:%02x%02x%02x%02x%02x", + u8 secondBlockData[64 + 1 + 1]; + + memset (secondBlockData, 0, sizeof (secondBlockData)); + + if (oldoffice34->secondBlockLen != 0) + { + secondBlockData[0] = '*'; + + u8 *ptr = (u8 *) oldoffice34->secondBlockData; + + for (int i = 0, j = 1; i < 32; i += 1, j += 2) + { + u8_to_hex (ptr[i], secondBlockData + j); + } + } + + const int line_len = snprintf (line_buf, line_size, "%s%u*%08x%08x%08x%08x*%08x%08x%08x%08x*%08x%08x%08x%08x%08x%s:%02x%02x%02x%02x%02x", SIGNATURE_OLDOFFICE, oldoffice34->version, salt->salt_buf[0], @@ -224,6 +285,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE byte_swap_32 (oldoffice34->encryptedVerifierHash[2]), byte_swap_32 (oldoffice34->encryptedVerifierHash[3]), byte_swap_32 (oldoffice34->encryptedVerifierHash[4]), + secondBlockData, rc4key[0], rc4key[1], rc4key[2], diff --git a/tools/test_modules/m09800.pm b/tools/test_modules/m09800.pm index 5e4c7a39d..995a92a07 100644 --- a/tools/test_modules/m09800.pm +++ b/tools/test_modules/m09800.pm @@ -20,6 +20,7 @@ sub module_generate_hash my $salt = shift; my $param = shift; my $param2 = shift; + my $param3 = shift; my $salt_bin = pack ("H*", $salt); @@ -64,7 +65,67 @@ sub module_generate_hash my $encrypted1 = $m->RC4 ($data1_buf); my $encrypted2 = $m->RC4 ($data2_buf); - my $hash = sprintf ("\$oldoffice\$%d*%s*%s*%s", $version, $salt, unpack ("H*", $encrypted1), unpack ("H*", $encrypted2)); + + my $secblock = ""; + + if ($version == 3) + { + my $key2 = substr (sha1 ($tmp . "\x01\x00\x00\x00"), 0, 5) . "\x00" x 11; + + my $rc4 = Crypt::RC4->new ($key2); + + if (defined $param3) # verify/decrypt: + { + if (length ($param3) > 0) + { + my $decrypted = $rc4->RC4 (pack ("H*", $param3)); + + # count the number of NUL (\x00) bytes: + + my $num_nul_bytes = 0; + + for (my $i = 0; $i < 32; $i++) + { + $num_nul_bytes++ if (substr ($decrypted, $i, 1) eq "\x00"); + } + + if ($num_nul_bytes < 10) + { + $secblock = "*"; # incorrect/fake/empty result + } + else + { + $secblock = "*$param3"; + } + } + } + else + { + if (random_number (0, 1) == 1) # the second block data is optional + { + my $num_zeros = random_number (10, 32); # at least 10 NUL bytes + + $secblock = "\x00" x $num_zeros; + + # fill the buffer with some random bytes (up to 32 bytes total): + + for (my $i = 0; $i < 32 - $num_zeros; $i++) + { + my $idx = random_number (0, $num_zeros + $i); # insert at random position + + my $c = random_bytes (1); # 0x00-0xff + + $secblock = substr ($secblock, 0, $idx) . $c . substr ($secblock, $idx); + } + + $secblock = $rc4->RC4 ($secblock); + + $secblock = "*" . unpack ("H*", $secblock); + } + } + } + + my $hash = sprintf ("\$oldoffice\$%d*%s*%s*%s%s", $version, $salt, unpack ("H*", $encrypted1), unpack ("H*", $encrypted2), $secblock); return $hash; } @@ -81,7 +142,9 @@ sub module_verify_hash my @data = split /\*/, $hash_in; - return unless scalar @data == 4; + my $num_fields = scalar @data; + + return unless (($num_fields == 4) || ($num_fields == 5)); my $signature = shift @data; @@ -95,6 +158,15 @@ sub module_verify_hash my $param = shift @data; my $param2 = substr ($signature, 11, 1); + my $param3 = ""; + + if ($num_fields == 5) + { + shift @data; # ignore the "digest" + + $param3 = shift @data; + } + return unless defined $salt; return unless defined $word; return unless defined $param; @@ -102,7 +174,7 @@ sub module_verify_hash $word = pack_if_HEX_notation ($word); - my $new_hash = module_generate_hash ($word, $salt, $param, $param2); + my $new_hash = module_generate_hash ($word, $salt, $param, $param2, $param3); return ($new_hash, $word); } From 787b0822398968af89cd99cedfd2b652bd1a4fad Mon Sep 17 00:00:00 2001 From: philsmd Date: Mon, 16 Mar 2020 16:58:20 +0100 Subject: [PATCH 290/300] solves problems with paths in tab completion --- extra/tab_completion/hashcat.sh | 173 ++++++++++++++++++++++++++------ 1 file changed, 142 insertions(+), 31 deletions(-) diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh index ad32a61f4..62d51e518 100644 --- a/extra/tab_completion/hashcat.sh +++ b/extra/tab_completion/hashcat.sh @@ -37,8 +37,7 @@ _hashcat_backend_devices () # sanity check, all device ids must be numerical if [ -n "${cur_selection}" ]; then - if echo "${cur_selection}" | sed 's/,/\n/g' | grep -q -v '^[0-9]\+$' - then + if echo "${cur_selection}" | sed 's/,/\n/g' | grep -q -v '^[0-9]\+$'; then return fi fi @@ -155,6 +154,7 @@ _hashcat_backend_devices () _hashcat_cpu_devices () { local cur_selection="${1}" + hashcat_device_list="" if [ ! -f "/proc/cpuinfo" ]; then @@ -172,8 +172,7 @@ _hashcat_cpu_devices () # sanity check, all device ids must be numerical if [ -n "${cur_selection}" ]; then - if echo "${cur_selection}" | sed 's/,/\n/g' | grep -q -v '^[0-9]\+$' - then + if echo "${cur_selection}" | sed 's/,/\n/g' | grep -q -v '^[0-9]\+$'; then return fi fi @@ -220,7 +219,7 @@ _hashcat_cpu_devices () _hashcat_files_replace_home () { local cur_select="${1}" - local cur_files="${2}" + local cur_files="${2}" hashcat_select="${cur_select}" hashcat_file_list="${cur_files}" @@ -235,43 +234,106 @@ _hashcat_files_replace_home () fi } -_hashcat_files_include () +_hashcat_recursive_file_search () { - local cur_select="${1}" - local cur_filter="${2}" + local allow_dir="${1}" + local is_include="${2}" + local file_list="${3}" + local cur_filter="${4}" - # allow starting/ending quotes (" and '): + local grep_flags="-Ei" - cur_select=$(echo -n "${cur_select}" | sed 's/^["'"'"']//' | sed 's/["'"'"']\$//') + if [ "${is_include}" -eq 0 ]; then + grep_flags="-Eiv" + fi - hashcat_file_list=$(bash -c "ls -d ${cur_select}*" 2> /dev/null | grep -Ei "${cur_filter}" 2> /dev/null) + hashcat_file_list="" + local dir_loop="" - # special case: add all folders/directories (ending with "/") + for dir_loop in "${file_list}"; do + if [ -d "${dir_loop}" ]; then + # check subdirs: - local all_dirs=$(bash -c "ls -d ${cur_select}*/" 2> /dev/null) + local subdir="${dir_loop}" + local loop_cnt=0 - hashcat_file_list="${hashcat_file_list} ${all_dirs}" + for loop_cnt in $(seq 1 35); do # maximum number of recursive (subdir) tests + local subdir_files=$(bash -c "ls -d ${subdir}/*" 2> /dev/null | grep ${grep_flags} '*\.('${cur_filter}')' 2> /dev/null) + if [ "${allow_dir}" -eq 1 ]; then + if [ -n "${hashcat_file_list}" ]; then + hashcat_file_list="${hashcat_file_list} " + fi - # special case: $HOME directory (~/) + hashcat_file_list="${hashcat_file_list}${subdir}" + fi - _hashcat_files_replace_home "${cur_select}" "${hashcat_file_list}" + if [ -z "${subdir_files}" ]; then + break + fi - # (hashcat_select and hashcat_file_list are modified and "returned") + local subdir_file="" + + for subdir_file in "${subdir_files}"; do + if [ "${allow_dir}" -eq 1 ]; then + if [ -n "${hashcat_file_list}" ]; then + hashcat_file_list="${hashcat_file_list} " + fi + + hashcat_file_list="${hashcat_file_list}${subdir_file}" + else + if [ ! -d "${subdir_file}" ]; then + if [ -n "${hashcat_file_list}" ]; then + hashcat_file_list="${hashcat_file_list} " + fi + + hashcat_file_list="${hashcat_file_list}${subdir_file}" + fi + fi + done + + local amount=$(echo "${subdir_files}" | wc -l) + + if [ "${amount}" -gt 1 ]; then + break + fi + + subdir="${subdir_files}" + done + else + if [ -n "${hashcat_file_list}" ]; then + hashcat_file_list="${hashcat_file_list} " + fi + + hashcat_file_list="${hashcat_file_list}${dir_loop}" + fi + done } -_hashcat_files_exclude () +_hashcat_include () { - local cur_select="${1}" - local cur_filter="${2}" + local allow_dir="${1}" + local cur_select="${2}" + local cur_filter="${3}" # allow starting/ending quotes (" and '): cur_select=$(echo -n "${cur_select}" | sed 's/^["'"'"']//' | sed 's/["'"'"']\$//') - hashcat_file_list=$(bash -c "ls -d ${cur_select}*" 2> /dev/null | grep -Eiv '*\.('${cur_filter}')' 2> /dev/null) + local file_list=$(bash -c "ls -d ${cur_select}*" 2> /dev/null | grep -Ei "${cur_filter}" 2> /dev/null) + _hashcat_recursive_file_search "${allow_dir}" 1 "${file_list}" "${cur_filter}" + + if [ "${allow_dir}" -eq 1 ]; then + if [ -d "${cur_select}" ]; then + if [ -n "${hashcat_file_list}" ]; then + hashcat_file_list="${hashcat_file_list} " + fi + + hashcat_file_list="${hashcat_file_list}${cur_select}" + fi + fi # handle special case for $HOME directory (~/) @@ -280,14 +342,65 @@ _hashcat_files_exclude () # (hashcat_select and hashcat_file_list are modified and "returned") } +_hashcat_files_include () +{ + _hashcat_include 0 "${1}" "${2}" +} + +_hashcat_files_folders_include () +{ + _hashcat_include 1 "${1}" "${2}" +} + +_hashcat_exclude () +{ + local allow_dir="${1}" + local cur_select="${2}" + local cur_filter="${3}" + + # allow starting/ending quotes (" and '): + + cur_select=$(echo -n "${cur_select}" | sed 's/^["'"'"']//' | sed 's/["'"'"']\$//') + + local file_list=$(bash -c "ls -d ${cur_select}*" 2> /dev/null | grep -Eiv '*\.('${cur_filter}')' 2> /dev/null) + + _hashcat_recursive_file_search "${allow_dir}" 0 "${file_list}" "${cur_filter}" + + if [ "${allow_dir}" -eq 1 ]; then + if [ -d "${cur_select}" ]; then + if [ -n "${hashcat_file_list}" ]; then + hashcat_file_list="${hashcat_file_list} " + fi + + hashcat_file_list="${hashcat_file_list}${cur_select}" + fi + fi + + # handle special case for $HOME directory (~/) + + _hashcat_files_replace_home "${cur_select}" "${hashcat_file_list}" + + # (hashcat_select and hashcat_file_list are modified and "returned") +} + +_hashcat_files_exclude () +{ + _hashcat_exclude 0 "${1}" "${2}" +} + +_hashcat_files_folders_exclude () +{ + _hashcat_exclude 1 "${1}" "${2}" +} + _hashcat_contains () { local haystack=${1} local needle="${2}" - if echo "${haystack}" | grep -q " ${needle} " 2> /dev/null; then + if echo "${haystack}" | grep -q " ${needle} " 2> /dev/null; then return 0 - elif echo "${haystack}" | grep -q "^${needle} " 2> /dev/null; then + elif echo "${haystack}" | grep -q "^${needle} " 2> /dev/null; then return 0 elif echo "${haystack}" | grep -q " ${needle}\$" 2> /dev/null; then return 0 @@ -430,10 +543,8 @@ _hashcat () local mask=${BUILD_IN_CHARSETS} if [ -e "${cur}" ]; then # should be hcchr file (but not enforced) - COMPREPLY=($(compgen -W "${cur}" -- ${cur})) return 0 - fi if [ -n "${cur}" ]; then @@ -712,7 +823,7 @@ _hashcat () 0) # dict/directory are files here - _hashcat_files_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" + _hashcat_files_folders_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) return 0 ;; @@ -722,7 +833,7 @@ _hashcat () return 0 fi - _hashcat_files_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" + _hashcat_files_folders_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) return 0 ;; @@ -779,7 +890,7 @@ _hashcat () 6) if [ "${no_opts}" -eq 2 ]; then - _hashcat_files_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" + _hashcat_files_folders_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) elif [ "${no_opts}" -eq 3 ]; then @@ -820,7 +931,7 @@ _hashcat () mask="${mask} ${cur_var}" fi - _hashcat_files_exclude "${cur}" "${HIDDEN_FILES}" + _hashcat_files_folders_exclude "${cur}" "${HIDDEN_FILES}" mask="${mask} ${hashcat_file_list}" @@ -869,7 +980,7 @@ _hashcat () mask="${mask} ${cur_var}" fi - _hashcat_files_exclude "${cur}" "${HIDDEN_FILES}" + _hashcat_files_folders_exclude "${cur}" "${HIDDEN_FILES}" mask="${mask} ${hashcat_file_list}" @@ -878,7 +989,7 @@ _hashcat () elif [ "${no_opts}" -eq 3 ]; then - _hashcat_files_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" + _hashcat_files_folders_exclude "${cur}" "${HIDDEN_FILES_AGGRESSIVE}" COMPREPLY=($(compgen -W "${hashcat_file_list}" -- ${hashcat_select})) return 0 From a6cf7caf4a522dba39b7b8d9a144b86f7a0a5415 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 17 Mar 2020 14:44:11 +0100 Subject: [PATCH 291/300] Extend hashes in -m 7100 to be of length 128 or 256 --- src/modules/module_07100.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/modules/module_07100.c b/src/modules/module_07100.c index 36214e2b5..a4d868565 100644 --- a/src/modules/module_07100.c +++ b/src/modules/module_07100.c @@ -22,7 +22,8 @@ static const u64 KERN_TYPE = 7100; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_USES_BITS_64 | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; -static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_HASH_COPY; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "$ml$1024$2484380731132131624506271467162123576077004878124365203837706482$89a3a979ee186c0c837ca4551f32e951e6564c7ac6798aa35baf4427fbf6bd1d630642c12cfd5c236c7b0104782237db95e895f7c0e372cd81d58f0448daf958"; @@ -120,7 +121,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE | TOKEN_ATTR_VERIFY_HEX; token.len_min[3] = 128; - token.len_max[3] = 128; + token.len_max[3] = 256; token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; @@ -128,6 +129,10 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + const int hash_len = token.len[3]; + + if ((hash_len != 128) && (hash_len != 256)) return (PARSER_HASH_LENGTH); + const u8 *hash_pos = token.buf[3]; digest[0] = hex_to_u64 (hash_pos + 0); @@ -177,6 +182,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE return (PARSER_OK); } +/* replaced with OPTS_TYPE_HASH_COPY version + int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) { const u32 *digest = (const u32 *) digest_buf; @@ -215,6 +222,14 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE return line_len; } +*/ + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const int line_len = snprintf (line_buf, line_size, "%s", hash_info->orighash); + + return line_len; +} void module_init (module_ctx_t *module_ctx) { From f1b676a154df9831184ea9ab46f6ba7008e2b074 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Wed, 18 Mar 2020 11:13:01 +0100 Subject: [PATCH 292/300] docs: update changes.txt for the new/optional oldoffice format --- docs/changes.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changes.txt b/docs/changes.txt index b5946a01a..5c002432b 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -112,6 +112,7 @@ - Documents: Added README on how to build hashcat on MSYS2 - File handling: Print a truncation warning when an oversized line is detected - My Wallet: Added additional plaintext pattern used in newer versions +- Office cracking: Support hash format with second block data for 40-bit oldoffice files (eliminates false positives) - OpenCL Runtime: Disable OpenCL kernel cache on Apple for Intel CPU (throws CL_BUILD_PROGRAM_FAILURE for no reason) - OpenCL Runtime: Do not run shared- and constant-memory size checks if their memory type is of type global memory (typically CPU) - OpenCL Runtime: Improve ROCm detection and make sure to not confuse with recent AMDGPU drivers From 24094793dabe3ede1d3cb0bdfc787ce80746afae Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 18 Mar 2020 16:13:57 +0100 Subject: [PATCH 293/300] Workaround for -m 22100 on NVIDIA --- OpenCL/m22100-pure.cl | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/OpenCL/m22100-pure.cl b/OpenCL/m22100-pure.cl index af98a712a..3a5f60b84 100644 --- a/OpenCL/m22100-pure.cl +++ b/OpenCL/m22100-pure.cl @@ -265,11 +265,35 @@ KERNEL_FQ void m22100_loop (KERN_ATTR_TMPS_ESALT (bitlocker_tmp_t, bitlocker_t)) { #ifdef REAL_SHM - for (u32 i = lid; i < FIXED_ITER_INCR; i += lsz) + /** + * On NVIDIA, the __sync_threads() is not working as expected if called from inside a loop. + * This is a unique situation across all hashcat kernels so far. + * From CUDA manual: + * __syncthreads() is allowed in conditional code but only if the conditional evaluates identically across the entire thread block, + * otherwise the code execution is likely to hang or produce unintended side effects. + * NVIDIA OpenCL runtime is also affected, but other OpenCL runtimes work as they should. + * An workaround exists by disabling shared memory access. Speed drop is around 4%. + * Another workaround is to let only a single thread do all the work while all other threads wait for it to finish. Speed drop is around 0.05%. + + // original code + for (int i = lid; i < FIXED_ITER_INCR; i += lsz) + { + for (int j = 0; j < 48; j++) // first 16 set to register + { + s_wb_ke_pc[i][j] = esalt_bufs[digests_offset].wb_ke_pc[loop_pos + t + i][j]; + } + } + + */ + + if (lid == 0) { - for (u32 j = 0; j < 48; j++) // first 16 set to register + for (int i = 0; i < FIXED_ITER_INCR; i++) { - s_wb_ke_pc[i][j] = esalt_bufs[digests_offset].wb_ke_pc[loop_pos + t + i][j]; + for (int j = 0; j < 48; j++) // first 16 set to register + { + s_wb_ke_pc[i][j] = esalt_bufs[digests_offset].wb_ke_pc[loop_pos + t + i][j]; + } } } From 9776738a2cebf9873e361dfdfa83ecb44047a714 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 20 Mar 2020 08:57:50 +0100 Subject: [PATCH 294/300] The official hashcat plugin development guide --- docs/hashcat-plugin-development-guide.md | 813 +++++++++++++++++++++++ 1 file changed, 813 insertions(+) create mode 100644 docs/hashcat-plugin-development-guide.md diff --git a/docs/hashcat-plugin-development-guide.md b/docs/hashcat-plugin-development-guide.md new file mode 100644 index 000000000..dadfa1a1c --- /dev/null +++ b/docs/hashcat-plugin-development-guide.md @@ -0,0 +1,813 @@ +# Hashcat Plugin Development Guide # +" +The purpose of this document is to introduce you to the development of plugins for hashcat 6.0.0 and newer. We will update this document regularly and add more detailed content. The content in its current state includes enough details to write easy, medium and hard plugins. + +With hashcat 6.0.0, a new interface has been designed which enables you to add new hash-modes more easily than in older hashcat versions. The plugin interface is an essential new feature of hashcat 6.0.0. + +One of our goals was to have the new interface to be independent from future versions of hashcat. This is achieved by hashcat loading your plugin code dynamically from a .so/.dll/.dylib library on startup. Another goal was to give the author of the plugin the option to share the plugin as source or in binary form. This is achieved by a clear separation between hashcat core code and plugin code. There is no longer a need to change hashcat core sources in order to add a new hash-mode. All existing hash-modes (300+) from older hashcat versions have been refactored to this new interface. + +We are well aware that as a developer you want to see as little change as possible on this interface. That is why our third goal was to get the interface to a fairly final state and minimize the risk of changing it once it is released. That is not an easy task. When you are designing such an interface, there is always a chance that you are missing some details for rare use cases. The refactorization of the 300+ existing hash-modes served both as a reference check and a feasibility study. We do not plan to change the interface except if there is a strong need for it. For that unlikely event of a major change, there is an automatic version check which is added automatically to your module at compile time. + +To make kernel development as easy as possible, we have already started in previous hashcat versions to include GPU-optimized OpenSSL-like crypto interfaces and finalized it with hashcat 6.0.0. If you are familiar with that interface, you know it typically uses a chain of context init(), update() and final() function calls. In all refactored pure kernel sources, you can see this interface type design being used. It is also our hope that the structure of the well known interface will make it easy for developers to use the existing kernel source as a useful reference. + +Developing a hashcat plugin can be very overwhelming at first. Do not get discouraged by it. After the first plugin, you will already feel practiced - and you will soon realize that the development steps are always the same. + +## Plugin Structure ## + +Let us jump right in. To develop a plugin for hashcat, you basically just need to create two files: + +* Module: This is where you do all the initial hash-mode configuration work. It is the code which executes on the CPU of the host system. Note that we are not talking about the compute-intense crypto stuff. For instance, the module is responsible for decoding of the hash file entries and to copy the data to the standardized hashcat memory structures. It features many different functions which you can use for special handling of your hash file data. You can choose much easier the rich library for decoding, encoding and converting you want to use. The modules are stored in the folder `src/modules/`. +* Kernel: This is the place where you put the real crypto implementation of your hash mode. This is the time-consuming code which is executed on the compute devices. The kernels are stored in the folder `OpenCL/`. Note that CUDA kernels also will be stored in that folder and have a .cl filename suffix. This may change in the future. + +You will read the terms "module" and "kernel" quite often from now on. Just for terminology, the combination of both "module" and "kernel" is what we call a hashcat "plugin". + +There is an -optional- third file: The unit-test stub. In this file you can implement the crypto scheme of your hash-mode from a "high-level" perspective. The stub is then called from hashcat's own testing suite. The goal is to test your hashcat plugin implementation by comparing the results of the unit-test stub with the results created from hashcat itself while using your plugin. It will automatically generate random passwords, salts, hashes, etc. for you and compare everything in very deep detail - so you can be sure your plugin implementation works in all different attack modes and most importantly also in some corner cases that might exist. + +## Before the code ## + +You need to code in the C language. If you are a C beginner, this may be a bit too hard, but if you have programming skills in C or if you have crypto programming skills in a different programming language, you should be able to write a hashcat plugin. While you have this documentation as a reference, it won't give you all the information (rarely used module functions or kernel function etc) you need. Be prepared to study existing code from other plugins for information. + +Rule number one: It is pointless to start developing a plugin if you do not have a deep understanding of the algorithm which you want to implement. Writing a plugin is a multi-layered process which you have to approach step by step. You never write the plugin from start to finish in a giant leap. Since we are working on a very low level, there is a big need for small milestones where you can stop and control intermediate values. For instance, if you want to implement a hash-mode which does md5(sha1($p)), then you implement sha1($p) first. At this point it makes sense to add a milestone to control the intermediate hash before you continue implementing the md5(). But where do you get these intermediate control values from? The answer is simple: from proof-of-concept code which you already have or write yourself first. It does not matter which language that this POC is written in, as long as you know how to breakpoint or how to manipulate the POC in order to print the wanted intermediate values. + +One more thing. You need to make an essential decision before you start with your implementation. You need to categorize your algorithm beforehand. Based on the details of the algorithm, it is either a so-called "fast" or a "slow" kernel type. This decision cannot be changed easily afterwards, so take your time. Do not worry, the right answer to this decision is simple and you can derive it from some algorithm details. + +Rule of thumb: + +* More than 100 iterations from whatever crypto primitive? -> slow kernel +* Expected less than 10 million guesses per second per GPU? -> slow kernel + +Otherwise you probably want to develop a "fast" kernel. Note that the most crypto primitives that would need to be implemented as a fast kernel already are implemented. However, if you actually want to write a "fast" kernel the main goal is to workaround the PCI Express bottleneck. For a more detailed explanation on how to calculate the bandwidth please have a look here: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#does_the_pci-express_speed_have_any_influence_on_cracking_speed. To workaround this bottleneck, you need to write attack-mode specific kernels. These kernels have a very special structure, but from a development perspective you just write your code in a "block" inside another level of a for() loop, the remaining parts are similar to what is used in a typical slow kernel. + +However, I expect most people reading this document want to write a "slow" kernel. Luckily, writing a slow kernel is easier to start with. Most of the time, you will find the compute-intense code in a kernel you can copy/paste from other kernels or the GPU crypto library and it is just for the final comparison/verification that you need to put in some brain power. + +Another preparation you need to make before you start coding is to pick the right hash-mode number. To make it short, there is some logic to this, but it is not easy to explain. + +* If you do not want to push your code to hashcat upstream, simply pick a number between 90000 and 100000. We will not use this range in the upstream repository. This way we can avoid any collisions in the numbering system. +* If you plan to contribute your code to hashcat upstream, please follow these guidelines: Think in steps of 100's, so that your hash-mode ends with 00. Go to hashcat GitHub master and check for the highest hash-mode being used (For example, see src/modules/). Select a number by yourself which ends with 00 and that is a number which is between 1000 and 2000 higher than the current highest existing hash-mode. For instance, if the highest value is 21500, then a valid hash-mode number for your plugin could be 22800. The moment when you PR your code, we will reserve a fixed hash-mode number for you. The changes afterwards will cost only a few minutes of time. + +## Development Environment ## + +In theory there is no special hardware required for hashcat plugin development. However, there are some recommendations that we can give you: + +* Stick as close as possible to the hardware on which the plugin is supposed to run on. For instance, If you write a plugin which is supposed to be used by pentesters (like Kerberos), you probably want to use a mobile GPU for development. If you write a plugin which is probably used on private computers (like crypto-currency wallets), use a discrete mid-range GPU. If you write a plugin being used in digital forensics (like TC), you probably want to use a discrete high-end GPU. +* If you plan to use an NVIDIA GPU you will have the least unwanted side effects. Additionally this has the advantage you can test it on both the new CUDA and the old OpenCL backend. Since hashcat version 6.0.0 there is a backend which supports both compute API. Note that you will need to install the CUDA SDK in case you want to use the CUDA backend. The CUDA SDK is required for both developing and running CUDA kernels. This goes back to the problem that the NVIDIA driver does not support JIT compiling the kernels. That is the advantage of OpenCL over CUDA. You only need the drivers and the ICD installed. +* If you plan to use an AMD GPU, please use ROCm drivers. This limits you to use Linux. At the time of writing this document, the use of amdgpu-pro drivers is a pain. Do yourself a favor and do not try to develop on amdgpu-pro drivers. +* If you plan to use a CPU for development, make sure that you install and use the Intel OpenCL Runtime. Interestingly, even if you are using an AMD CPU, the Intel runtime runs very smoothly with them. Do not try to use MESA, POCL or Beignet/NEO drivers. Also note that on a CPU there is no such thing like shared memory that we have on GPUs. If your algorithm is making heavy use of shared memory you will not see the effects of it. + +One of the most important factors for choosing the right compute API is that it supports using printf() from inside the kernel. In the past this way of debugging was not possible, which made kernel development a real pain. With the current OpenCL drivers this works pretty well. Get used to the idea that printf() becomes your primary debugging utility. Since you only write a very small piece of code in the kernel it is not as bad as you may think. + +Personally, I like to write my plugins on Linux, but of course you can also use macOS or Windows. All regular runtimes support debugging functionalities on all operating systems. + +Some more remarks for the hardware of your development platform: + +* Since you will recompile the kernel (via the JiT) very often. To avoid getting frustrated waiting for the compiler to finish, I think it is very beneficial to have a high clocked CPU. The number of cores is not very important (for development system). +* Limit the system to a single GPU only. Otherwise the code is compiled for each GPU in the system. While the code is cached after the same GPU types, the memory allocation can not. Each additional GPU will significantly increase your startup time. Start on a single GPU, then switch to a multi GPU system at a later point in time. +* High-End GPUs can have a negative effect on development since they ship with a lot of specialized hardware instructions. Since the JiT will always try to optimize your code as much as possible, these additional instructions will complicate the optimizers task. +* Low-END GPUs can have a negative effect on development since they lack resources. You will maybe write your code in a too resource saving way, hurting the performance on a High-End GPUs. + +My Development at the time of writing this document (beginning of 2020) is an Intel I5 generation 6 with a regular SSD and 16GB memory. The system runs on Ubuntu 18.04 Server. The GPU is an NVIDIA GTX 980. Additionally I am using Intel OpenCL runtime, but only to test the code on the CPU afterwards. + +Before you actually start with your implementation make sure you have already cloned hashcat from GitHub master, that you are able to compile it on your system and that it runs smoothly. Make sure you have a clean installation with no previous version artifacts laying around. + +## Test Suite ## + +The optional unit-test stub originally was made only to automate the task of plugin verification. It is written intentionally in a different language (Perl) and not in C. From our perspective this has a lot of advantages and benefits. Despite of the language the input and the output data of any hashing/encryption algorithm should be the same. If they match, then your plugin implementation is very likely to be working correctly. + +From our experience in the last years adding new hashcat hash-modes we cannot stress enough how important it is to have a POC (as described earlier) to print intermediate values. If we do not already have some sort of POC, we use this optional unit-test stub as a POC replacement. Writing a unit-test is typically done from a high-level programming language, thus Perl is a good candidate to do so, but there is also some unit-test stubs written in python. At this point we already created some synergy because you can use it as a POC to start with the development and later it acts as a normal unit-test stub and you do not have to write it twice. If you do not care about POC's and unit-test you can directly jump to the module subsection from here. + +The Test Suite is a Perl Framework. The main program (tools/test.pl) loads at runtime the hash-mode specific code written like a plugin. The structure of this perl module is standardized. We have already mentioned that all existing code to the 300+ hash-modes from previous hashcat versions have been refactored. Also all 300+ hash-mode specific unit-test stubs have been refactored into this new Test Suite Framework. The same way the before mentioned modules and kernels act as a reference, the unit-test stubs can also be used as reference. In most of the cases you can simply copy/paste from an existing unit-test stubs, change a small piece of code and both are ready, the POC and the unit-test stub. + +The test suite itself consists of two files: + +* tools/test.pl: This program generates random passwords, salts and loads the unit-test stub code which you will develop. +* tools/test.sh: This script compares the generated passwords from test.pl with the output from hashcat. It calls the hashcat binary multiple times, each time with a different set options to test your implementation on a deep level. + +The filename of your unit-test stub has to be: tools/test_modules/m[hash_mode].pm + +### test.pl ### + +The tools/test.pl Script has three different use cases: + +* Single (default) +* Passthrough +* Verify + +When calling tools/test.pl from the command line, the first parameter you have to give is the use case type. It should be either "single", "passthrough" or "verify". + +You need to implement three methods in your unit test stub. Note that the use cases are not directly related to the methods. You need to implement all three, then you can make use of all three use cases: + +* module_constraints() +* module_generate_hash() +* module_verify_hash() + +The second parameter is the hash-mode itself. In case of "verify" you have to give some additional parameters. For the exact syntax please see `tools/test.pl --help`. + +In order to get `tools/test.pl` running you need to install a lot of perl modules. To help you install them quickly, we have developed a simple script `tools/install_modules.sh`. You may want to take a look inside before you execute it. At this time, none of the perl modules require a special version which means you can also use the perl modules which your distribution offers to you (if you prefer it that way, for instance the GCrypt perl module with `apt install libcrypt-gcrypt-perl` on Debian/Ubuntu). + +#### Single Mode #### + +In single mode, a number of random passwords are generated for the selected hash mode. Each of the generated passwords is passed to the module_generate_hash() method (which is one of the methods you have to populate with code) and thus a hash is generated. In the end, both information, password and final hash line (which typically also contains the salt) are output to stdout, so that you can execute the output as if it would be a real shell script. If your hash-mode requires one (or more) salts, this will also be created automatically. The most important thing is that test.pl generates passwords of different lengths, with the guarantee that the minimum and maximum length password are always included. + +Attention: The testing suite expects that the module_generate_hash() method will return the output of the final hash line. You have to return this as a string in the exact format that hashcat will later accept. + +If your implementation contains optimizations based on the password length (for example 0x80's, zero based options, etc.) then you would also want to verify that such optimizations also work with all possible password lengths. Therefore, another function must exist in your stub: module_constraints(). + +The module_constraints() method is easy to understand. It returns exactly 5 integer pairs. These pairs always define a range, therefore they consist of a minimum and a maximum number. The order of the pairs is the following: + +* Pure-Mode-PW-Constraints +* Pure-Mode-Salt-Constraints +* Optimized-Mode-PW-Constraints +* Optimized-Mode-Salt-Constraints +* Optimized-Combined-PW-and-Salt-Constraints + +If you do not need one of the named pairs or the pair does not make sense because it is not applicable, you must use -1 for minimum and maximum. Please note that there is a strong difference between pure and optimized kernels. We have not discussed this concept so far, therefore let us stick to pure kernels. With a few exceptions, slow hash types have no implementation of an optimized mode, because the performance does not drop too much because of register pressure, but because of the iteration count, which you cannot optimize. We will come to the different kernel modes in the kernel section. + +Another important note about salts. Often one or more salts are needed. Possible iteration counts, IV or random content data can also be seen here as "salt". This data can be so different that it does not fit into a single policy / interface. Therefore, test.pl cannot standardize this complex situation. For simple forms of salts only, test.pl provides you with a simple form of random salt data. You can specify the length constraints (min/max) of the salt data in the constraints section. In more complex situations, you will not be able to avoid creating your own salts by calling some helper functions that test.pl provides you with, directly in the module_generate_hash() method. + +Example: + +``` +my $iter = shift // 10000; +my $user_salt = shift // random_hex_string (128) +my $ck_salt = shift // random_hex_string (128) +my $user_iv = shift // random_hex_string (32) +``` + +#### Passthrough Mode ##### + +In passthrough mode, test.pl expects the *passwords* from you, quite the opposite of single mode where they were generated automatically. Every password that you send via stdin (e.g. pipe) is passed to the module_generate_hash() method and the resulting hash is sent to stdout. The rest is identical to single mode. + +Example: + +``` +$ echo hashcat | tools/test.pl passthrough 1600 +$apr1$93341$gNT2pItX5h6Lc/XjTWuyb1 +``` + +Note: In this specific case the newline character after the password (compare it to `echo -n hashcat`) is used as a delimiter between the lines/passwords and therefore not considered part of the password (remember that `echo hashcat | md5sum` for instance produces "wrong" results, in general, because of the extra newline). + +#### Verify Mode ##### + +In verify mode you go one step further than in single or in passthrough mode. In two different files you give both, a specific hash and in another file the (same) hash including the matching password. The goal is that the expected hash is generated from the module_generate_hash() method, which is then compared with the input from the first file. If the comparison passed, the original hash is written in a third file. + +This is where the module_verify_hash() method is used for the first time. In this method, you have to break down the hash line into its individual parts, especially those components that are absolutely necessary to reconstruct the exact same hash. For instance, if the algorithm needs one or more salts, then this salt must be extracted. Finally you call the module_generate_hash() using the extracted components (salts, iteration counts etc). + +At this point we need to go back to the module_generate_hash() function. To make the verification work. It is necessary that your module_generate_hash() function recognizes whether a salt has been newly generated and, if this is the case, only then actually generate a random salt yourself (as described in the single mode). + +Here is a real life example from Android Backup plugin (tools/test_modules/m18900.pm) + +``` +sub module_generate_hash +{ + my $masterkey_blob = shift; + ... + if (defined $masterkey_blob) + { + # verify call, write code to use the given salt + } + else + { + # regular call, write code to generate random salt + } + ... +``` + +The script is called with the following command line parameters: + +``` +perl tools/test.pl verify 18900 hash_list.txt cracked_list.txt verified_list.txt +``` + +After the command line parameter "verify" the hash mode is specified ("18900" in this example), followed by the original hash list (hash_list.txt) without passwords. After the hashfile the path of the file with the list of cracked hashes, including passwords is given. The format of this file is simply hash[:salt]:password the same way as hashcat would output them. Note that you can have multiple lines. The third parameter specifies the output file. It contains the lines that have been verified as correct and that also appear in the original hash list. + +You should also always test that the exit code of test.pl is 0, otherwise it could be that the output file was not overwritten. + +The verify mode is an excellent replacement for a missing POC. + +### test.sh ### + +The test.sh is an overlay for test.pl, which actually calls the hashcat binary based on the return values from test.pl in single mode (it interacts with both). The test.sh shell script also compares the return values of the hashcat binary with the expected result. This includes tests such as whether all hashes have been cracked, whether the associated password is the correct one and not any other from the test.pl return, whether the output hash is displayed in the correct format, etc. + +Furthermore, the script has many different options (when called in the command line) with which you can narrow down to specific tests. You typically want to make use of this feature, because a complete test run across all hash modes can take several days. + +The main options: + +* Select hash type (-m): Test only a special hash-mode +* Select test mode (-t): Test either single-hash or multi-hash kernel +* Select attack mode (-a): Test a special attack mode. With a slow hash, this is automatically switches to a straight attack, because there are no attack-mode specific kernel implementations + +If the options are not set, attack-mode 0 for hash-mode 0 is executed. To see additional options, see tools/test.sh --help + + + + +## Module ## + +The first really needed ingredient to create a plugin is the module. The module is a single .c source code file in which you can freely implement the 68 different interface functions or add your own auxiliary functions. No worries, I have never had a module which required me to implement all 68 functions. Many functions are really only required in special cases. In the best cast you only need to implement 2 functions. + +The integration in hashcat is very easy. Your module is compiled to a .so shared object on Linux (or .dll on Windows and .dylib on macOS). The moment when hashcat starts, it loads the shared object corresponding to the hashmode the user specified by the -m option (default is -m 0). + +The path in which you have to store your module is `src/modules/module_XXXXX.c`. From there the module is compiled as a shared object into the folder `$(SHARED_FOLDER)/modules/module_XXXXX.[so|dll|dylib]`. The XXXXX is the hash-mode number (with leading zeros). There is no need to adjust any hashcat core sources. The makefile `src/Makefile` automatically finds the module you added and compiles it with the necessary flags. + +If you run hashcat under linux or macOS without the `make install` target from the current working directory, then `$SHARED_FOLDER` typically equals the current working directory. On Windows it is always the current working directory because there is no install target in the makefile. A modification of the Makefile is probably only necessary in exceptional cases, i.e. if your module requires an external library. In this case and if you want to contribute the plugin to upstream, then we have to coordinate the development. Please contact us directly in such cases. + +There is no need to implement any black magic into the module. A module covers exactly what you would expect from plugin, which is this: + +* Attack type (fast hash or slow hash) +* Digest size and orderings +* Salt type +* Hash name and category +* Kernel number +* Various optimizers and workflow options +* Hash and Password for self-test purpose +* Decoder and Encoder +* Password and Salt length limits +* Hook functions +* JiT compiler options + +Namely, these configurations take place in a variety of optional functions that you provide in every module. There is a few mandatory functions which need to be implemented: + +* module_init() +* module_hash_decode() +* module_hash_encode() +* module_attack_exec() +* module_dgst_pos0() +* module_dgst_pos1() +* module_dgst_pos2() +* module_dgst_pos3() +* module_dgst_size() +* module_hash_category() +* module_hash_name() +* module_kern_type() +* module_opti_type() +* module_opts_type() +* module_salt_type() +* module_st_hash() +* module_st_pass() + +At first glance, this looks a bit overwhelming. But in fact, all of these functions (apart from the first three) are only configuration parameters. You may wonder why we have not designed the module by simply setting a macro/number item for each of the configurations. But we wanted to give you the opportunity to change this configuration at runtime and not just at compile time. For example, if you only want to use a specific optimizer but only if the user runs the kernel on a GPU and not if the user runs it on a CPU. But this actually goes into deep detail. In reality, it usually looks like this: + +``` +static const char *HASH_NAME = "MD5"; +... +const char *module_hash_name (...) { return HASH_NAME; } +... +module_ctx->module_hash_name = module_hash_name; +``` + +As you can see here, there is a so-called module_ctx object. Here you register all functions that you have implemented in your module and which should be used by hashcat. A list of all functions and their prototypes can be found under `include/modules.h`. + +Hashcat will automatically call the module_init() function when it loads your module. In this function, you simply register all the functions that you have programmed by assigning it to module_ctx. + +Example: + +``` +module_ctx->module_hash_name = module_hash_name; +``` + +For all functions that you do not use, please use the macro MODULE_DEFAULT. Using this macro, hashcat can see that its module_ctx_t structure is in the correct version (if you only want to distribute a binary). For instance, if a new function is added in a future version, the structure in the binary-distributed older version is one address too short and contains the value NULL. With this approach, hashcat can ensure that you work with your compatible module_ctx_t structure. + +The only two mandatory functions that you normally have to program for a minimal plugin integration, are the decoder function module_hash_decode() and the encoder function module_hash_encode(). The other remaining mandatory function which typically only consists of static configuration items, but not code. Here is each of them explained: + +### module_attack_exec() ### + +There are only two different types that have already been discussed in the "Before the code" chapter. Here you determine whether your kernel is slow or fast hash. + +* ATTACK_EXEC_OUTSIDE_KERNEL -> slow hash +* ATTACK_EXEC_INSIDE_KERNEL -> fast hash + +The naming goes back to how the password candidate generator was implemented in the past. If the hash is a slow hash, reading a password candidate from GPU memory does not have any relevant impact on the performance. Therefore we can execute the password candidate generator in a standalone kernel and call it beforehand (there are actually three: STRAIGHT, COMBINATOR, MASK). The kernel then writes the resulting candidates to GPU memory. After that, hashcat calls the hash-type specific _init kernel function which loads the candidates from GPU memory. + +If the crypto of the kernel is very fast, reading from GPU memory would create a bottleneck. For fast hashes we need a different approach. We load a "base" passwords from GPU memory to GPU registers, but only at the start of the kernel, in the "outer" loop. Then we enter an inner loop inside the kernel in which we iterate through a (limited) number of modifications and apply them to the base word. Note: this is what we call the kernel-loops. We can modify the candidate on a register level which keeps the memory access very low. In hashcat we have three base attack modes (STRAIGHT, COMBINATOR, MASK), for each of which we need to implement a specific kernel. The only difference is how we apply the modification on the base password candidate. + +I will explain more about the details in the kernel section, but this already explains why writing a slow hash kernel is much easier. It is just one kernel, not three. + +Example: + +``` +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +``` + +### module_dgst_pos0() - module_dgst_pos3() ### + +Before we can understand exactly why this is here, we must briefly note the following: + +Cracking passwords is about time. That means depending on the speed of your kernel, iteration count, etc. you will never be able to try out a certain amount of password candidates. For instance, take NTLM. This hash mode is calculated on a high-end GPU like a 2080Ti with approx. 100GH/s. If we assume that you have 8 of these GPUs in a node and if we assume that you have 1,000,000 nodes, then you will still need roughly 6,500 billion years to try out 2^127 password candidates. What I want to say with this: there is an upper limit of password candidates we can search through because we are always limited in time, no matter how much money we spent on hardware. Or from a different angle: It does not matter how many bits a hash actually outputs because what actually prevents guaranteed cracking is not its output bit size but only time to go through a specific keyspace. At this time of writing I assume with a multi million dollar budget you can search through a maximum of 56 bits per second. If we assume a runtime of 10 years we can cover another 30 bits. So it is safe to say we can never search through a keyspace which is larger than roughly 90 bits. Therefore it is safe to store only 128 bits of it in a lookup database in hashcat. That means even for SHA512 with 512 bits, we are actually only interested in 128 bits of it. That is great, so we only need to test for 128 bits instead of 512 bits and save some clocks. + +That means that you have to "select" these 128 bits. This makes particular sense because a cryptographic algorithm can never calculate all of its bits at the same time in its implementation. For instance, in MD5 (128 bit) the first 32 bits are calculated first, but then followed by the last 32 bits, then the penultimate 32 bits, etc. Exactly this effect which must exist in all hash algorithms is exploited by the hashcat optimizers. After the first 32 bits are known they are checked against the database if they do not exist, no further steps of the crypto algorithm need to be calculated. This order is given in an index of 32 bit integers. That means for MD5 the first check index is 0 and the second index is not 1 but 3, etc. + +To find the right values for you, just take a deep look into your crypto algorithm and figure out which parts (in 32 bit blocks) of the output hash is finished first, which one finishes next, and so on. + +Example: + +``` +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 3; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 1; +``` + +For slow hashes, you will normally set the "order" to 0, 1, 2 and 3, because such optimizations are of little importance here. + +### module_dgst_size() ### + +As you can see in the previous section, only 128 bits of the target hash are tested, but the hash must be saved entirely so that it can later be converted from its binary form back to its original form. Only you can know the size of the hash you are storing, but hashcat needs this information so that it can allocate necessary memory buffers. + +Important: Hashcat will provide this buffer of the size you specified in a void buffer which you will use as *digest_buf in the decoder/encoder. + +Some macros already exist because they have already been used in many modules before. A list of the well known digest sizes already defined can be found in `include/types.h`. + +Example: + +``` +static const u32 DGST_SIZE = DGST_SIZE_4_4; +``` + +This scheme is a bit cryptic. It goes back to the following logic: We store 32 bit values (each 4 byte) and we have 4 of them, in that order. So the macro results in 16 bytes (128 bits). + +Tip: If you have a real hash as a target, this is relatively self-explanatory. But if you are not using a real target hash, but for example some encrypted data, then it makes more sense to save this data in an "esalt" struct. From there only save the encrypted data (for example the first 16 bytes) as a digest replacement. Encrypted text has a sufficiently high entropy to provide the uniqueness that hashcat expects in the digest buffer. An "esalt" is described at the end of this document because there is two different types of salt structures used in hashcat code. + +### module_hash_category() ### + +This configuration has no influence on the process in hashcat, but only serves for documentation. The only time that hashcat is currently using this information is when it is called with --help. Here the modes are first sorted by category. A list of the categories already defined can be found in `include/types.h`. + +Example: + +``` +static const u32 HASH_CATEGORY = HASH_CATEGORY_RAW_HASH; +``` + +If you want to add a category/type, that is not a problem. But since a change like this would change hashcat's core source, you should use a separate pull request (PR) in GIT. + +### module_hash_name() ### + +This configuration has no influence on the process in hashcat, but only serves for documentation. It is a simple string that you can name as you like. It is then displayed in the status view or in the --help menu. + +Tip: Try to limit the length to a maximum of 48 characters, otherwise it may exceed the maximum column size in the --help menu. + +Example: + +``` +static const char *HASH_NAME = "MD5"; +``` + +### module_kern_type() ### + +Here you specify the kernel hash mode number that this module should load. A kernel is always located under `OpenCL/mXXXXX_a[0|1|3]-[optimized|pure].cl`. This configuration is possible because of the feature to use a kernel from different modules. A good example of this is PBKDF2-HMAC-SHA512 which is used for both GRUB2 and macOS 10.8. + +In theory, one could imagine implementing all such hash modes in a huge single kernel in this way, but such a kernel would become very inefficient due to the number of branches. Again, this is a trade off from readability/maintainability vs. performance. Since a password cracker is a product in which high performance is one of the most important properties, it usually ends up in a dedicated kernel for each hash mode. A look at the `OpenCL/` folder will confirm that. + +Example: + +``` +static const u64 KERN_TYPE = 7100; +``` + +### module_opti_type() ### + +This configuration item is a bitmask field. There are a few switches which you can enable and disable. But be careful, some of them have the potential to break your plugin. I recommend being very cautious using these flags. As always, the list of flags can be found here: `include/types.h`. I will comment the ones which exist right now: + +* OPTI_TYPE_OPTIMIZED_KERNEL: This flag indicates if an optimized kernel should be used (otherwise a pure kernel will be used). It can be set by the hashcat user by passing the -O option on the command line or by hashcat if it detects that no pure kernel for that particular hash-mode exists in the `OpenCL/` folder. Note that it can also be automatically deactivated by hashcat if the user set the -O option on the command line but no optimized kernel was found. Do not set this flag from within your module. +* OPTI_TYPE_ZERO_BYTE: This indicates that the zero byte auto-optimizer is active. I have described the zero byte optimizations here: https://hashcat.net/events/p13/js-ocohaaaa.pdf. Note that with today's OpenCL/CUDA JiT many optimizations that had to be optimized by hand are done by these compilers automatically. Therefore this flag acts as a documentation flag only (it is shown as an optimizer on hashcat startup). Some other optimizers are actually used by the kernel. The downside of this is that you cannot disable these kinds of Jit compiler optimizations selectively. You can only disable them all by using the `-cl-opt-disable` flag in the JiT compiler options. there is a special function module_jit_build_options() which you can use if you want to pass it to the JiT compiler. +* OPTI_TYPE_PRECOMPUTE_INIT: similar to OPTI_TYPE_ZERO_BYTE. +* OPTI_TYPE_MEET_IN_MIDDLE: similar to OPTI_TYPE_ZERO_BYTE. +* OPTI_TYPE_EARLY_SKIP: similar to OPTI_TYPE_ZERO_BYTE. +* OPTI_TYPE_NOT_SALTED: similar to OPTI_TYPE_ZERO_BYTE. +* OPTI_TYPE_NOT_ITERATED: similar to OPTI_TYPE_ZERO_BYTE. +* OPTI_TYPE_PREPENDED_SALT: similar to OPTI_TYPE_ZERO_BYTE. +* OPTI_TYPE_APPENDED_SALT: Appended salts can be optimized as if they do not exist in some circumstances. Typically this flag makes sense for generic raw hash primitives. For instance, sha1($p.$s). This flag copies the salt data to the end of a mask in an -a 3 attack automatically. From the perspective of the mask processor (password candidate generator) the salt is a static part given by the user as part of the password. By doing so, we can save the append branch of the salt in the inner loop of the kernel which improves the performance. If the hash cracks, hashcat will automatically remove it from the mask. +* OPTI_TYPE_SINGLE_HASH: For fast hashes this will select the sXX kernels instead of the mXX kernels. The sXX kernels do not need to go through a bloom filter and no binary tree search is performed. Instead, they will store the target hash (which is just a single one) on the register level. As a result, the comparison will be much faster, and the speed improves. This flag is set by hashcat automatically on startup. Do not set this flag from within your module. +* OPTI_TYPE_SINGLE_SALT: similar to OPTI_TYPE_ZERO_BYTE. +* OPTI_TYPE_BRUTE_FORCE: This flag is a requirement for some other flags, such as OPTI_TYPE_APPENDED_SALT. Only when this flag is active, can OPTI_TYPE_APPENDED_SALT be exploited. This flag is set by hashcat automatically on startup. Do not set this flag from within your module. +* OPTI_TYPE_RAW_HASH: This flag is a requirement for some other flags, such as OPTI_TYPE_APPENDED_SALT. If this flag is active, then OPTI_TYPE_APPENDED_SALT can be exploited. This flag needs to be set from within the module, based on whether the kernel can make use of OPTI_TYPE_APPENDED_SALT. +* OPTI_TYPE_SLOW_HASH_SIMD_INIT: This flag tells the hashcat host binary to divide the number of work items with the size of the vector being used. The *_init kernel needs to be written using vector data types. Vector data types have a strong impact on CPU performance, since they will be translated from the OpenCL JiT into SSE2/AVX/AVX2/XOP instructions. Modern GPUs use scalar data types thus there is no benefit from using vector data types. This is not recommended for *_init kernels because it makes the kernel much more complicated while at the same time the _init kernel is called only once per password guess. +* OPTI_TYPE_SLOW_HASH_SIMD_LOOP: see OPTI_TYPE_SLOW_HASH_SIMD_INIT but for *_loop kernels. If it is possible for your *_loop kernel to be written in vector data types, this is highly recommended. You will typically find this option being used if the _loop kernel does not do any data-dependent branching. +* OPTI_TYPE_SLOW_HASH_SIMD_COMP: see OPTI_TYPE_SLOW_HASH_SIMD_INIT but for *_comp kernels. +* OPTI_TYPE_USES_BITS_8: This flag is passed to the JiT and helps optimize some of the GPU library functions at compile time. The configuration defines the bitsize of the underlying crypto primitive. +* OPTI_TYPE_USES_BITS_16: see OPTI_TYPE_USES_BITS_8 +* OPTI_TYPE_USES_BITS_32: see OPTI_TYPE_USES_BITS_8. This is the default in case no OPTI_TYPE_USES_BITS_* flag is being used. Almost all traditional crypto primitives use 32 bits: MD4, MD5, SHA1, SHA256, RipeMD160, etc. +* OPTI_TYPE_USES_BITS_64: see OPTI_TYPE_USES_BITS_8. It is important to set this flag in case your crypto primitive uses 64 bit integers. Examples: SHA512, Blake2, SHA3, Streebog, etc. +* OPTI_TYPE_REGISTER_LIMIT: This flag limits the maximum register counter to 128. This flag only has an effect on NVIDIA devices since the NVIDIA compiler is the only one that supports it. Only a few algorithms really benefit from it. It is worth testing to see if there is a performance increase, otherwise, do not use it. + +### module_hash_decode() ### + +The decoder function is the function that is called again and again for every line in your hashfile. We also call this sometimes the hash parser. Here you have to program the logic which decodes the line into its components and then stores them in the standardized data structure which hashcat understands. + +Typically hash files are text files in which each hash is stored in a single line. Before the decoder function is called, Hashcat opens the hash file and scans the number of lines. Based on this information, it pre-allocates memory buffers for the hash digest, the salt and the esalt so you do not need to allocate any buffers from inside the decoder. If you allocate buffers from inside the decoder, you must free them as well. The size of the digest is based on what is returned from module_dgst_size(). The salt_t is a fixed size structure and the esalt size is known from module_esalt_size(). There is also some more rarely used buffers like module_hook_salt_size() but the logic is always the same. Hashcat simply multiplies the size of all these different structures by the number of lines. It then rewinds the file handle and starts iterating. For each iteration of these input lines, the module_hash_decode() function is called. The input pointer points to the new hash line and the output pointers point to the corresponding previously allocated buffers. You can directly access the pointers to store the digest, salt, esalt and other buffers without any offsets. + +In hashcat there are two different types of salt structures. It is essential to understand them; please read the section "About salts" at the end of this document first. If you are unaware about the different concepts of salt_t and esalt, you really need to read that section before you continue this section. + +For instance, if your crypto algorithm is something like MD5(MD5($pass.$salt)), then you can expect to find both a hash and a salt in each of your hash lines. In the decoder function, it is up to you to split these two parts (typically by using the tokenizer - please read the tokenizer section below) and copy them into a standardized hashcat structure. + +You are also responsible for checking the boundaries of all the input data. The tokenizer helps you with some very specific validation routines beforehand, but some very specific tests can be done only by you. If there is an error, you can simply return from this function by setting a specific error code, such as PARSER_HASH_VALUE or some other descriptive output. As always, a list of available error codes can be found in the `include/types.h` header. If everything works okay, you need to return this function with PARSER_OK. + +If you are working with salts, you need to guarantee you have set the salt_buf[] array and salt_len value. If you are writing a slow kernel, you need to guarantee you have set the salt_iter value. Please read the "About salts" section if you do not know what these variables are. + +In addition to the input line and the output buffers, there are some extra buffers available for you in the decoder functions. For instance, the *hashconfig structure. Sometimes you need to execute different branches of code in the decoder, based on the user options being set. For instance, if the user sets the -O option on the command line, you can detect this from inside the decoder by checking the OPTI_TYPE_OPTIMIZED_KERNEL in hashconfig->opti_type. A good example for this is `src/modules/module_00000.c` which exploits the fact that you can reverse the Merkle-Damgard construction in optimized kernels since it is guaranteed that the password is never longer than 55 characters. + +A typical decoder function covers the following actions (not all of them always apply): + +* If esalt: cast esalt to plugin specific data types +* Cast void* digest array to either u32* or u64* array, based on what your algorithm uses. This is the digest buffer which is also copied to the compute devices. We will write to this buffer at the end of the function. +* Initialize tokenizer +* Configure the number of tokens based on the format of your hash lines +* Configure each token based on the format of your hash lines +* Run the tokenizer, check its result and return in case of an error +* Cast the tokenizer pointer to an element specific pointer +* Do additional boundary/limits checks on the specific pointers you just created and return in case of an error +* Convert the element specific pointers and typically write them to some local variables +* If slow hash: Set the iteration count +* Copy data (IV, salts, digests) to hashcat buffers +* Adapt buffers/variables (typically byte swaps for endianness or precomputations) based on user options +* Return with PARSER_OK + +### module_hash_encode() ### + +The opposite is the case with the encoder function. It is only called up as soon as hashcat has to provide the user with the hash in its original hash form. For instance, if a hash is cracked or in the status display (with single hashes). Typically you will find a number of snprintf() statements here, but for more details, there is an extra section below. + +Important: Keep in mind the input buffer you get access to in the encoders are probably reused again in a later point of time. If you need to modify values before printing it to the user, make sure to not write into the original buffers. Instead, create a local buffer, copy the data to that buffer, and modify it in there. + +The final hash should go to line_buf[] array and the length of the data in this array is the return value of the function itself. + +Note: the general rule is that the kernel code should not do any unnecessary repetition of data manipulation (e.g byte swaps etc) because it should run as fast as possible. Instead, the encoder and decoder are host functions that are normally only executed very rarely - and therefore it is not a problem if they need to change the data a little bit to pre-compute, or adapt the data to make it look nice in the output. + +### module_opts_type() ### + +This configuration item is a bitmask field and is very similar to the module_opti_type() function. The main difference is that here you configure general options of the workflow and not optimization specific settings. As always, the list of flags can be found here: `include/types.h`. The following list contains the flags currently supported: + +* OPTS_TYPE_PT_UTF16LE: This option will generate a password based on a given mask but in UTF16LE encoding instead of raw 8 bit encoding. There are two important things to mention. First, the encoding is not a true UTF16 encoding. There is no iconv conversion done. It is a naive implementation which works by just putting zero bytes in between the characters. This is a performance-relevant optimization. This works fine for any characters that would not need utf8 to be displayed/used correctly (in other words, everything that is covered with the hashcat ?a character set). Second, it is effective only for fast hash kernels and only in -a 3 attacks. For all other attack mode kernels for fast hashes, you need to use the *_utf16le() specific functions for pure kernels or the make_utf16le() function for optimized kernels from inside the kernel manually. For slow hashes you need to use the *_utf16le() specific functions manually, too. +* OPTS_TYPE_PT_UTF16BE: Same as OPTS_TYPE_PT_UTF16LE but using big endian byte order. +* OPTS_TYPE_PT_UPPER: This needs to be used in case your hash is designed to uppercase (not capitalize!) the password before it hashes it. A good example is the LM hash. When the flag is used, this option is always active no matter which attack mode or fast vs slow hash. Note that a user can override this by using a rule which lowercases the password. +* OPTS_TYPE_PT_LOWER: Same as OPTS_TYPE_PT_UPPER but lowercase the password. +* OPTS_TYPE_PT_ADD01: This will append a 0x01 to the password. Some algorithms use stop bits like this to mark the end of the data input stream. The idea is to workaround unwanted collisions so we need to do so, too. This is effective only for fast hash kernels and only in -a 3 attacks. For all other attack mode kernels for fast hashes you need to add the 0x01 byte yourself from inside the kernel manually, typically with functions like append_0x01_4x4_S() or similar. For slow hashes, if you use the crypto libraries, they typically handle this for you. +* OPTS_TYPE_PT_ADD02: Same as OPTS_TYPE_PT_ADD01 but use 0x02 byte instead. +* OPTS_TYPE_PT_ADD06: Same as OPTS_TYPE_PT_ADD01 but use 0x06 byte instead. +* OPTS_TYPE_PT_ADD80: Same as OPTS_TYPE_PT_ADD01 but use 0x80 byte instead. +* OPTS_TYPE_PT_ADDBITS14: Same as OPTS_TYPE_PT_ADD01 but add the length of the password * 8 to the 14th' 32 bit integer (Typically algorithms using little endian: MD4, MD5, RipeMD160, etc). +* OPTS_TYPE_PT_ADDBITS15: Same OPTS_TYPE_PT_ADD01 but add the length of the password * 8 to the 15th' 32 bit integer (Typically algorithms using big endian: SHA1, SHA256, etc). +* OPTS_TYPE_PT_GENERATE_LE: Generate passwords from mask in little endian byte order. This is the default if no OPTS_TYPE_PT_GENERATE_* option is set. +* OPTS_TYPE_PT_GENERATE_BE: Generate passwords from mask in big endian byte order. +* OPTS_TYPE_PT_NEVERCRACK: This option tells hashcat to continue cracking the same hashes after they have been cracked - typically, for algorithms that are known to produce a lot of false positives or to collide easily. If the user uses the --keep-guessing command line option, this option is automatically added to the opts_type variable. Do not set this option from the module. +* OPTS_TYPE_PT_ALWAYS_ASCII: This option prevents hashcat to automatically convert a password into the $HEX[...] encoding type. This automatic conversion is typically performed if the password itself contains the same character as the hash line separator character. +* OPTS_TYPE_PT_ALWAYS_HEXIFY: This option forces all the cracked passwords to be written always in hex. In this case neither "$HEX[", nor "]", is added. +* OPTS_TYPE_PT_LM: Special handling for LM passwords: all lower, 7 max, ... +* OPTS_TYPE_PT_HEX: Assume that all input data like wordlist and masks are always given in hex +* OPTS_TYPE_ST_UTF16LE: Same as OPTS_TYPE_PT_UTF16LE but applied on the salt buffer. +* OPTS_TYPE_ST_UTF16BE: Same as OPTS_TYPE_PT_UTF16BE but applied on the salt buffer. +* OPTS_TYPE_ST_UPPER: Same as OPTS_TYPE_PT_UPPER but applied on the salt buffer. +* OPTS_TYPE_ST_LOWER: Same as OPTS_TYPE_PT_LOWER but applied on the salt buffer. +* OPTS_TYPE_ST_ADD01: Same as OPTS_TYPE_PT_ADD01 but applied on the salt buffer. +* OPTS_TYPE_ST_ADD02: Same as OPTS_TYPE_PT_ADD02 but applied on the salt buffer. +* OPTS_TYPE_ST_ADD80: Same as OPTS_TYPE_PT_ADD80 but applied on the salt buffer. +* OPTS_TYPE_ST_ADDBITS14: Same as OPTS_TYPE_PT_ADDBITS14 but applied on the salt buffer. +* OPTS_TYPE_ST_ADDBITS15: Same as OPTS_TYPE_PT_ADDBITS15 but applied on the salt buffer. +* OPTS_TYPE_ST_HEX: Same as OPTS_TYPE_PT_HEX but applied on the salt buffer. +* OPTS_TYPE_ST_BASE64: Same as OPTS_TYPE_ST_HEX but using base64 encoding. +* OPTS_TYPE_HASH_COPY: This copies the original input hash line as it is into a buffer so that it can be used later. This is required if the original input hash line ships with the same data which is not copied into salt_t or esalt buffer because it is overhead data which is not used in any way. The hash line is copied to the buffer hash_info->orighash and can be used from the encoder function by simply returning hash_info->orighash. Please do not abuse this functionality, for two reasons: First, by being able to reconstruct the original hash line from only the hashcat data we verify that the correct amount of data has been stored in the hashcat memory structures (IOW, it is a good verification process). Second, the host memory requirement for saving this data increases drastically. +* OPTS_TYPE_HASH_SPLIT: This needs to be used if the hash actually contains multiple hashes in the same hash line. A good example is the LM hash which is typically stored as a 128 bit hash, but actually is built on two 64 bit hashes. +* OPTS_TYPE_LOOP_EXTENDED: This flag can be used if you want to execute a *_loop_extended kernel directly each time a _loop kernel is finished. This actually means directly after each _loop kernel invocation when no final values are ready. The _loop kernel typically only iterates for a maximum of 1024 iterations and then returns. This provides low kernel runtimes, which reduces GPU screen lags and avoids driver watchdog events. However, some algorithms can be exploited by working on exactly these intermediate values. +* OPTS_TYPE_HOOK12: Execute a hook kernel (CPU code) between _init and _loop kernel. A hook kernel is a normal kernel which can be used to select/copy very specific intermediate data and copy it to a so-called hook transfer buffer. This transfer buffer exists on both GPU and CPU. After the kernel is completed, the GPU buffer is copied to the corresponding CPU buffer so it can be processed. Then, the real hook function from your module is called from which you can read the intermediate data, process it as you need and then store it back. After your CPU function is finished, the buffer is copied back to the GPU automatically. The typical use case for this is if you need to deal with algorithms which include libraries which have no GPU implementation. Hashcat will automatically spawn a number of threads for you, so this is a multi threaded process. All buffers which are not constant buffers are thread-safe. +* OPTS_TYPE_HOOK23: Same as OPTS_TYPE_HOOK12 but the hook is between the _loop and the _comp kernel. Do not confuse this with OPTS_TYPE_LOOP_EXTENDED. A hook is always when the final values are ready to be processed. We believe most algorithms that need hook code will use this hook instead of OPTS_TYPE_HOOK12. +* OPTS_TYPE_INIT2: Some algorithms (usually updated from previous crypto schemes) execute two different types of compute intensive derivation functions. A good example is iTunes 10+. In iTunes 9 there is an algorithm with 10,000 iterations of SHA256. However, Apple updated this algorithm to be backward compatible. They use the output of the iTunes 9 KDF as the password to a new KDF which is 10,000,000 iterations of SHA256. The problem is that even for a KDF with 10,000 iteration we need to split this. In this instance we split this into 10 calls to a _loop kernel with 1,000 iteration otherwise users get massive screen lags or some watchdogs restart the drivers. In such a case, you can use OPTS_TYPE_INIT2 and OPTS_TYPE_LOOP2 kernels where you can execute the updated KDF with 10,000,000 iterations and also split it into 1,000 iteration chunks. +* OPTS_TYPE_LOOP2: See OPTS_TYPE_INIT2 +* OPTS_TYPE_AUX1: Some hash algorithms, often those with backward compatibility, share the same KDF (for instance, PBKDF2-HMAC-SHA1) but also use the derived key differently, depending on a version number. In theory you can check this version in the _comp kernel and build two different branches inside the _comp kernel. In many cases this is implemented like this. The AUX kernels are an alternative where you can assign the different branches to specific kernels. This greatly reduces instruction cache misses and helps the JiT to produce better code. It can also help in cases where both branches require a certain amount of shared memory that is larger then you are able to allocate. In case you use AUX kernels, the _comp kernel is executed, but it is expected to be empty. +* OPTS_TYPE_AUX2: See OPTS_TYPE_AUX1, but for a different branch. +* OPTS_TYPE_AUX3: See OPTS_TYPE_AUX1, but for a different branch. +* OPTS_TYPE_AUX4: See OPTS_TYPE_AUX1, but for a different branch. +* OPTS_TYPE_BINARY_HASHFILE: Use this in case your hash file contains binary data. As you can imagine, a bit of special handling is required. For normal hash files with only text data, hashcat reads the file line by line and for each line the decoder function is called. For binary data you can decide yourself if you want to use hashcat to load the binary data and present it in the line_buf[] buffer or if you want to iterate through the binary data yourself. If you select the first variant (default) this has the disadvantage that you can only load a single hash. If you want to load multiple hashes from binary data, then you need to understand that it is unknown to hashcat how to iterate through different "hashes" because it cannot know the binary structure. However, hashcat needs to know the number of hashes that are included in the binary file in order to allocate the required memory structure. In the first step, hashcat calls the module function module_hash_binary_count() in which you need to return the number of hashes which will be read from this particular binary data. In a second step, the module function module_hash_binary_parse() is called in which you have to implement the logic to iterate through the different hashes yourself. In theory there is no need to provide module_hash_decode() because it is not called by hashcat, however in the spirit of good programming we recommend to stick to this function for binary hashes as well. Use the module_hash_binary_parse() to load the binary data and prepare the chunks and then call module_hash_decode() and provide the hash. Then regularly parse the data in module_hash_decode() and copy its data to hashcat structures. For easy single hash loading of binary data you can take a look at `src/modules/module_05200.c` and for a multi hash example take a look at `src/modules/module_02500.c`. Note that for the WPA example there is also a lot of other functions involved to deal with binary data, such as writing the binary data in case a hash was cracked. +* OPTS_TYPE_KEYBOARD_MAPPING: there are a few algorithms which support the remapping of characters from inside the kernel. The configuration of the mapping can be loaded from the hashcat host binary on startup, thus it is required to set this option to let the hashcat host binary know that your kernel will support this functionality. Please read `docs/keyboard-layout-mapping.md` for a detailed explanation. +* OPTS_TYPE_DEEP_COMP_KERNEL: This option is used for algorithms that use a salt which is related but unlinked from the esalt. Use this in case you want the hashcat host binary to iterate through the different esalts in the _comp kernel for you. This is a very complex scenario which requires a detailed explanation. Please refer to the section "Data Structures: salt_t vs esalt" at the end of this documentation. A good example is `src/modules/module_22000.c`. +* OPTS_TYPE_TM_KERNEL: This option works for fast hashes only. It enables you to run a special transpose multiplier (TM) kernel prior to each kernel invocation. This can be handy for bitsliced kernels where you have to transpose the multiplier data, for instance in a 32x32 matrix. Typically doing this kind of operation forces you to use fixed kernel loop count, so that you have guaranteed fixed size data blocks to transpose. You can do so by using the same fixed value from module_kernel_loops_min() and module_kernel_loops_max(). However, a transpose matrix is just application. Feel free to exploit this kernel for your own needs. +* OPTS_TYPE_SUGGEST_KG: This option prints a warning screen to the user on startup of hashcat. You can use this option to inform the user that your plugin is known to emit collisions and/or false positives and to suggest use of the --keep-guessing option. We do not want to enable this option by default - otherwise, the user would have no chance to disable it since there is no --no-keep-guessing option. +* OPTS_TYPE_COPY_TMPS: This option tells the hashcat host binary to copy the `tmps` data structure from the compute device to the host in case a hash was cracked. In order to access this data, you need to implement and register the module function module_build_plain_postprocess(). There are several scenarios in which this can be useful. For instance, if you have a weak algorithm that could be exploited to leak portions of the password and you use this leaked data to speed up your attacks, you still need to know the leaked data on the host to copy it to the password buffer before printing it to the user. A good example for this is PKZIP `src/modules/module_20510.c` which leaks the first 6 bytes of the password. Another scenario is the PIM brute force in VeraCrypt. The PIM in this case can be seen as an additional numeric password. In case we crack it, the user needs to know both the password and the PIM in order to mount the volume. +* OPTS_TYPE_POTFILE_NOPASS: This option simply prevents the hashcat host binary from adding a cracked hash to the potfile. For instance, if a specific hashing algorithm is implemented with several hash formats and therefore your plugins hash format shares the same format with a different plugin hash format (think of it like a format clash where the potfile parser could not really decide if it is the correct hash format to accept). A good example is the WPA PMK, which cannot be used to login to a specific WPA network directly. There could be other reasons for not printing the cracked hashes to the potfile. +* OPTS_TYPE_DYNAMIC_SHARED: This is a very special option which tells the hashcat host binary to query the real available shared memory on a device for a particular kernel. In addition it will also register the queried amount of shared memory from the host. On NVIDIA, this allows us to use the full available shared memory (regions in the post 48k range), though we still need to prepare the kernel in order to make use of the dynamic allocated shared memory. A good example is the bcrypt kernel `OpenCL/m03200-pure.cl`. + +### module_salt_type() ### + +This option tells hashcat that your hash is salted. Not all hashes are salted (mainly raw hashes have no salt). If they are salted, hashcat needs to know which strategy to use for storing the hashes. Here are the possible options: + +* SALT_TYPE_NONE: This type is used if the hash is not salted. +* SALT_TYPE_EMBEDDED: This type is used if you have a strict hash format ruleset and you do not need to give the user the opportunity to use --hex-salt. You should use this type if there are dedicated extraction tools for your hash or if you are under the control of the extraction tool (so that you can make changes to it). +* SALT_TYPE_GENERIC: This type is used if you have a generic salt, that is if the salt is part of a hash line which does not go back to a strict formatting ruleset. Typically if you need to implement a hash mode for which you know there are multiple exporting tools that work slightly differently. This mode is required if you want to enable the use of --hex-salt for the user. +* SALT_TYPE_VIRTUAL: This type is used if you want to reuse an existing kernel implementation of a hash mode which normally expects a salt, but for this variant you want to support loading a hash file in a format that does not ship with a salt. You will generate a `virtual` salt that is always the same (typically empty) and set the data in the decoder function accordingly. A good example for this is md5(md5($p)) which shares the same kernel with vBull (which is md5(md5($p).$s). + +### module_st_hash() ### + +Here you provide a hash for the self-test functionality. You also need to provide the correct password for this hash later. Please only use artificial hashes which you generated yourself. Typically this is a hash with the password "hashcat" which you have generated by using test.pl in passthrough mode. + +Note that this hash will also be used as reference for the benchmark mode. In some rare circumstances to have a not too long running iteration count to reduce startup time delays. A good example for this is iTunes 10+ `src/modules/module_14800.c`. This can also be done using test.pl. + +The --example-hashes command line argument together with a specific hash mode (-m) will also instruct hashcat to show the example hash and example password. + +### module_st_pass() ### + +This is the password to crack the hash given in module_st_hash() for the self-test functionality. + +## Kernel ## + +This is the second necessary ingredient for creating a plugin. Particular attention should be paid to the development of the kernel. Compiling the kernel takes a relatively long time, so both hashcat and the various compute APIs try to save a binary kernel in a cached structure. This serves to reduce the startup time and it is important for the user experience (UX). This however can be a pain as a developer. + +NOTE: You -must- manually delete all cached kernels with every change to your kernel code. This is -very- important! + +``` +$ rm -rf kernels/ +``` + +Note: `make clean` will automatically remove all cached kernels, but the recompilation with `make` of the whole hashcat binary will of course take much longer and this is therefore not recommended. + +Keep in mind that a GPU is a multi-core device; hashcat will always try to utilize the parallelization power of the hardware as much as possible. This can be undesirable behavior while you are developing a kernel. Especially when you start using printf() - your console can get flooded easily with debugging information because hundreds of work items will be executed. Keep in mind that the printf() will be called for every workitem. + +Additionally, there are a couple of kernel invocations which are unwanted when developing a kernel. They go back to the self-test functionality and the autotune engine. Both features are important for user experience. Keep in mind that the input password for these kernels invocation are not based on the password candidate you expect. It is therefore recommended to disable these features while developing the kernel. + +To enable some of the special developing functionalities - for example, to disable the autotune - you need to unlock these undocumented features first. The first step is to enable debugging in `src/Makefile` by setting DEBUG to `1`. Run a `make clean` afterwards. + +Typically you want to develop the kernel with the least amount of unwanted side effects and we should invest in some proper preparation before actually starting writing code. A good example for this is the hash which you are using. Hashcat supports the hash given at the command line, but the command line can create unwanted side effects. For instance, the `$` character could be part of the hash and you forgot to quote it correctly. The safer way is to write the hash and the password into separate files, as this will generally avoid any problems with interpretation from the shell. Of course this is not required, but it is the mindset which I am trying to emphasize. + +Additionally there is a couple of command line parameters that you want to use: + +* --potfile-disable: The moment when your implementation is almost complete and you start cracking the hash for the first time as expected it is very likely it will turn out some other things are not perfect. For instance, the encoding of the cracked hash. So you need to change some code and run hashcat again to verify this option will prevent hashcat from writing the cracked hash to the potfile. This will allow you to restart hashcat without the need to remove the potfile manually. +* --self-test-disable: The self-test feature serves to test the kernel each time the user starts hashcat to ensure it works on the users hardware as expected. Hashcat does not know you are implementing a new kernel, so it will call the kernel you are implementing, too. This has two unwanted side-effects. First, it will print a self-test failure which is clear to us, but not to hashcat. Second and more relevant, if you use printf(), it is very likely to print values which you are not expecting. This is because you are expecting values based on the hash or password you gave on the command line, not the values produced by the self-test hash or self-test password. If you use the same hash and password, you may wonder why it is printed twice. +* -n 1 -u 1 -T 1: The combination of these three options with these exact values will disable the auto tune. This is hardcoded into hashcat. This is an undocumented feature. The auto tune will create the same problems as the self-test feature. +* --quiet: When you are expecting printf() results, try to limit the hashcat output to a minimum. The printf() itself is not affected by this option. +* --backend-vector-width 1: Only required if you are developing the kernel by using a CPU as compute device. Printing elements from vector data types is possible (for instance `printf (a.s1);`), but we should avoid any influence. Some OpenCL runtimes even support printf() of a vector data type, which results in very weird outputs. +* -d 1: In case you have multi compute devices in your system, limit it to a single compute device. This is to reduce startup and JiT compile time. + +Typically a developer command line for hashcat looks the following: + +``` +$ rm -rf kernels $HOME/.nv; ./hashcat -m XXXXX hash.txt word.txt --potfile-disable --self-test-disable -n 1 -u 1 -T 1 --quiet --backend-vector-width 1 -d 1 +``` + +If you need to printf from without a _loop kernel, keep in mind that you need to add a branching manually for a specific loop position. + +``` +if ((loop_pos + i) == 0) printf ("%08x\n", a); +``` + +Some last recommendations about printf() itself. Printing a string %s is not recommended. Missing zero bytes or big endian byte order can be very confusing. Instead try to use only the %08x template for everything. Especially for strings this makes a lot of sense, if for example you want to find unexpected non zero bytes. This can be done by calling printf() multiple times. Get used to this and it will simplify a lot of things for you. + +To decide which type of kernel you want to write (pure or optimized), here are some recommendations when to write an optimized kernel implementation: + +* If your algorithm can be optimized by artificially limiting the password or salt length to a specific range it makes sense to have an optimized kernel implementation. But note, this does not exclude the need for a pure kernel implementation for longer passwords. +* If your algorithm is limited to a maximum length per password, for example 8 characters, the previous recommendation applies the same way. But in this case it does not even make any sense to have a pure kernel implementation because the optimized kernels hashcat support passwords up to length 31. +* If your algorithm has some known weaknesses you probably cannot use the hashcat crypto library because to have full control you have to re-implement the hash in your own function. A good example is NTLM and the meet-in-the-middle optimization. If no hashcat crypto library is being used, you probably want to implement this in an optimized kernel. +* If your algorithm can be optimized based on the chosen attack-mode, it should be covered using an optimized kernel because you probably need to re-implement the hash in your own function. + +These recommendations apply for both fast and slow hashes. + +In most cases, however, the code for the hash is exactly the same. In these cases you probably want to only implement a pure kernel. + +### Kernel parameters ### + +Hashcat will call all kernels with exactly the same parameters. In most cases only a few of the parameters are used, but on the other hand they do not have a negative impact on the performance. Having a fixed prototype for all kernels makes it easier to work with all the different buffers and generally makes it easier to read kernels from other people. + +There is no need for you to change anything. This section is only for information. While it is not relevant for you to know all the different parameters, at least some of them are important to know. Never write to any of them directly unless you know about the implications. Use the macros provided if you want to write something. Most of the buffer you do not even need to read from. The ones that are interesting for reading I will mark in the description. + +* pw_t *pws: In fast hash kernel mode, this is the buffer of the base passwords. In slow hash kernel mode, this is the buffer of the passwords. You want to read from this buffer. There is one entry for each work item. +* kernel_rule_t *rules_buf: This is the buffer which holds the configuration of the modifier rules. In fast hash mode you want to read this buffer from the inner loop in your _a0 kernels. +* pw_t *combs_buf: This is the buffer which holds the modifier passwords. In fast hash mode you want to read this buffer from the inner loop in your _a1 kernels. +* void *bfs_buf: This is the buffer which holds the modifier part of the password mask. In fast hash mode you want to read this buffer from the inner loop in your _a3 kernels. +* void *tmps: This is the generic context buffer. It is available only in slow hash kernel mode. In slow hash mode you want to read and write this buffer. There is one entry for each work item. +* void *hooks: This is the generic hook buffer. It is available only in slow hash kernel mode and if hooks are enabled. In slow hash mode you want to read and write this buffer. There is one entry for each work item. +* u32 *bitmaps_buf_s1_a: This is the bitmap for the bloom filter which is used in a fast-hash multi-hash kernel. +* u32 *bitmaps_buf_s1_b: See bitmaps_buf_s1_a. +* u32 *bitmaps_buf_s1_c: See bitmaps_buf_s1_a. +* u32 *bitmaps_buf_s1_d: See bitmaps_buf_s1_a. +* u32 *bitmaps_buf_s2_a: See bitmaps_buf_s1_a. +* u32 *bitmaps_buf_s2_b: See bitmaps_buf_s1_a. +* u32 *bitmaps_buf_s2_c: See bitmaps_buf_s1_a. +* u32 *bitmaps_buf_s2_d: See bitmaps_buf_s1_a. +* plain_t *plains_buf: This is where hashcat stores the index to the base password and the modifier (if used) of a cracked hash. This buffer is used by hashcat to reproduce the password on the host and print it to the user along with the hash. The buffer has as many entries as there are unique digests. +* digest_t *digests_buf: This is the one big buffer which holds all unique digests. It is searched using a binary search after the hash passed the bloom filter. +* u32 *hashes_shown: This is a buffer which marks individual hashes as cracked after they have been cracked. This way we do not report the same hash cracked twice or more often. +* salt_t *salt_bufs: This is the buffer which holds the fixed size salt data. See the salt_t section below for details. If you are using a fixed size salt data, read from here. There are as many entries as there are unique salt_t buffers, but you do not need to iterate through them from inside the kernel. Use the "salt_pos" variable (see below) to index the current one. +* void *esalt_bufs: This is the buffer which holds the generic size salt data. You need to cast this type from inside the kernel manually. There are as many entries as there are unique digests, but you do not need to iterate through them from inside the kernel. Use the "digests_offset" variable (see below) to index the current one. +* u32 *d_return_buf: This buffer is used to indicate to hashcat that a hash has been cracked and should be shown to the user. +* void *d_extra0_buf: This buffer is used to workaround the OpenCL memory limitation that only a maximum of 1/4 of the total device memory can be used from a single allocation. Some algorithms, especially memory hard algorithms, can make use of this. +* void *d_extra1_buf: See d_extra0_buf. +* void *d_extra2_buf: See d_extra0_buf. +* void *d_extra3_buf: See d_extra0_buf. +* u32 bitmap_mask: This is the mask for the bloom filter. It depends on the bitmap size which was automatically calculated from hashcat on startup. +* u32 bitmap_shift1: This is the shift of the individual hash elements which is used for the bitmaps of type 1. There are two different data shifts to reduce the number of collisions in the bitmap. +* u32 bitmap_shift2: See bitmap_shift1. +* u32 salt_pos: This variable is used to index the current salt_t entry. You want to use this when you access the salt_bufs buffer. +* u32 loop_pos: This is the current iteration number to start with. If you have a slow hash kernel, this variable is relevant in the _loop kernel. Since the _loop kernel is limited to a maximum iteration count of 1024, some algorithms have higher iteration counts and have iteration count depending logic implemented. +* u32 loop_cnt: This is the number of iteration counts to loop in the inner loop in the _loop kernel. Typically not higher than 1024. +* u32 il_cnt: This is the number of iteration counts to loop in the inner loop in a fast hash kernel. Typically not higher than 1024. There is no offset needed because the modification buffers are maintained by hashcat and never exceed 512 entries. This enables hashcat to store the modifiers in the constant memory of the device. +* u32 digests_cnt: This is the total number of unique digests in the digests_buf array of the current salt. It is important for the binary search. +* u32 digests_offset: This is the offset to the first entry or unique digests in the digests_buf array of the current salt. It is important for the binary search. +* u32 combs_mode: This is a specific configuration for combinator based attack in slow hash mode. It defines which side (left or right) is the base and which is the modifier side. You want to access this variable from your _a1 kernels. +* u64 gid_max: This is the total number of unique work items started from the host program. Each work item needs to identify itself using the `get_global_id (0);` and check if the number is smaller than this variable. This goes back to the requirement of clEnqueueNDRangeKernel() that the total number of work items has to be a multiple of the thread count and therefore could be higher than the actual number of password candidates to test. If such a work item accidentally would crack the hash, the host binary would run into a out of boundary read because it could not find the corresponding base password. + +The large number of kernel parameters can be confusing when writing a kernel. But since they never change, we can easily replace them with a macro. There is a couple of kernel parameter replacement macros where you need to choose one from for your kernel: + +* KERN_ATTR_BASIC(): Use this in your fast hash kernel if this is attack mode 1 or 3 and not using vector data types. +* KERN_ATTR_BITSLICE(): Use this your fast hash kernel is using a bitsliced implementation. This requires the modifier buffers to be preprocessed with a TM kernel beforehand. +* KERN_ATTR_ESALT(e): Use this if your fast hash kernel uses an esalt structure. +* KERN_ATTR_RULES(): Use this in your fast hash kernel if this is attack mode 0. +* KERN_ATTR_RULES_ESALT(e): Use this in your fast hash kernel if this is attack mode 0 and uses an esalt structure. +* KERN_ATTR_TMPS(t): Use this if your slow hash kernel only uses a tmps structure. +* KERN_ATTR_TMPS_ESALT(t,e): Use this if your slow hash kernel uses a tmps structure and an esalt structure. +* KERN_ATTR_TMPS_HOOKS(t,h): Use this if your slow hash kernel uses a tmps structure and a hook structure. +* KERN_ATTR_TMPS_HOOKS_ESALT(t,h,e): Use this if your slow hash kernel uses a tmps structure, a hook structure and an esalt structure. +* KERN_ATTR_VECTOR(): Use this if your fast hash kernel uses vector data types in the inner loop. Note: Only valid for -a 3 kernels. +* KERN_ATTR_VECTOR_ESALT(e): Use this if your fast hash kernel uses vector data types in the inner loop and uses an esalt structure. Note: Only valid for -a 3 kernels. + +### Kernel: fast hash type ### + +The fast hash type is needed if we are cracking a hash that is so fast to compute that the PCI express bottleneck is taking more time than to compute the hash. These raw hashes are designed to compute very fast intentionally. They typically consist of only binary or arithmetic operations either with none or limited memory access. That means they often can be implemented on register level. On the other hand, if we need to access any memory structures just to provide the password candidates, it will hurt the performance significantly. Therefore the general concept of a fast hash kernel is to load a base password candidate directly onto a register and run a for() loop within the kernel which modifies the base password candidate. + +The modification is depending on the attack-mode. Hashcat supports 5 different attack-modes with the -a command line flag (0, 1, 3, 6 and 7) but attack-mode 6 and attack-mode 7 share the same kernel code with attack-mode 1. This means we have to implement three kernels. These kernels are implemented in three kernel source files (0, 1, 3). Based on the attack-mode selected by the user on startup, hashcat will load the corresponding kernel. + +The file name convention for fast hashes is: `OpenCL/mXXXXX_a[0|1|3]-[pure|optimized].cl` + +#### Kernel: fast hash type (optimized) #### + +As you can see from this convention, you actually have to implement six kernels if you want to add a full featured fast hash mode to hashcat. It is up to you if you want to save some time only implementing a pure kernel, only an optimized kernel or both. But in each case you must implement all three attack modes to support all the different attack types supported by hashcat. + +Remember we only need to have those three different implementations due to the different ways the password candidate is generated. You may think it would be easier to have like three branches but these branches would already decrease the performance drastically. + +Each fast hash kernel source in optimized mode has to provide the following kernel functions with this convention: `mXXXXX_[m|s][04|08|16]`. + +As always, the XXXXX is the hash mode with leading zeros. The `m` or `s` defines the multi-hash and single-hash implementation. In single hashes, often we can store the target hash on the register which makes the final test much faster compared to checking it on GPU memory. The `m` and `s` therefore often look almost the same. The only difference is that in the `s` kernel at some point you will store the target hash in a register. The final comparison function macro for `m` is COMPARE_M_SIMD() and for `s` is COMPARE_S_SIMD(). +For single-hash this will add code to do on-register comparison. For multi-hash this will add the code to run the bloom filter and a binary tree search. For both cases, the macros expect you to provide 4 times 32 bit values in the same order as you have configured in the module functions module_dgst_pos0() - module_dgst_pos3(). Note that it always has to be 4 times 32 bit values, also for hashes which provide much more or much less bits output size. See the sections about `module_dgst_pos0()` - `module_dgst_pos3()` for details. + +There are some kernels where using vector data types are beneficial even if they are executed on compute devices which have no native support for vector data types. A good example is NTLM running on a high end GPU. The performance gain comes from how the algorithm works and that there is in total 60 instructions that can be precomputed based only on the scalar base password. The base password never changes. The vectorization is done only in the inner loop, but from there it can access the precomputed (scalar) values from the outer loop. It saves both, instructions and resources. This is done automatically by the compiler because the structure of hashcat kernels allows the compiler to optimize it. + +#### Kernel: fast hash type (pure) #### + +The main purpose of pure kernels is to support long passwords (and salts) up to length 256. However, pure kernels are much easier to write than optimized kernels. First, it is only a single-hash and a multi-hash kernel to code. Second, it is expected you use the hashcat crypto libraries, for instance `OpenCL/inc_hash_sha256.cl`. To use the hashcat crypto libraries requires some detailed knowledge, please check the section on the hashcat crypto library below. + +Each fast hash kernel source in pure mode has to provide the following kernel functions with this convention: `mXXXXX_[mxx|sxx]`. + +The pure kernels are supposed to run slower than optimized kernels, but it is hard to define a percentage which shows the performance difference because it largely depends on what kind of optimization you can use. For instance, for NTLM in which you can do meet-in-the-middle tests, the optimized kernel is around three times faster than the pure kernel. On contrary, for SHA256-HMAC they have exactly the same performance. + +### Kernel: slow hash type ### + +Do not get the word "slow" in "slow kernel" wrong. This only means that the expected speed is so slow (or better said, the algorithm is so demanding) that the PCI Express Bottleneck is no longer relevant. + +The slow hash kernel also supports pure and optimized kernel implementations. + +In most cases you will develop only pure kernel implementations. An optimized slow hash implementation makes sense only if the _loop kernel uses parts of data (like the password or a salt) in its original form. Then you can do password length based optimizations. A good example is `OpenCL/m00500-optimized.cl`. However, these kernels are rare and therefore I will only describe the pure kernel implementation. There is also a specific kernel that I recommend looking at, `OpenCL/m00500-pure.cl`, you can use it for comparison. + +As already mentioned, most slow hash modes do not use password length specific kernels like in a fast hash kernel. There is no "s04", "s08" kernels or anything like this. Dedicated single and multi-hash kernels also do not exist in this case, because it wouldn't make any sense or performance difference. + +There are three kernels you need to implement. This means that you need to split the algorithm into a part which is done for initialization, a part which does the iterations (typically the part of the code which makes it slow) and final part where you do some comparisons or tests to see if the derived key matches. These kernels are: + +* mXXXXX_init: This is the first kernel which is called. In here you load the password candidate, convert it to UTF16 or a different endianness if needed, then store some precomputed values or crypto primitive contexts derived from passwords and salts and initialize the `tmps` buffer. +* mXXXXX_loop: This is where you put the real work intensive computation. Typically KDFs become slow artificially. They use a fast crypto primitive to produce some hash output and then use this hash output as input to another "round", and so on. There are some exceptions to this like scrypt, but in most cases there are some sort of iterations involved. Put them here. Note that hashcat will never execute all iterations in one big loop. This would create a very laggy screen to the user and some driver watch dogs will kill the kernel because it will think the algorithm hangs due to the long runtime. Typically no more than 1024 iterations per kernel invocation are executed (you can override this value, but only within the module). In order to achieve this we need to read the current context state from a special buffer `tmps` (which is explained below in detail) at the beginning of the kernel, then do the iterations in a loop and finally store the context state to the `tmps` buffer. When the _loop kernel is called again, it reads the `tmps` buffer which we set in the previous _loop kernel and continues from there. This goes up to the point that salt->salt_iter is reached. +* mXXXXX_comp: This kernel is called after the _loop kernel finished with the last iteration. Basically this is when the KDF is finished deriving some sort of key. This key often is used to decrypt some data. For some more generic KDF, the key can be used like a hash and you just call the macro to look it up in the database. This typically is the part which takes the most time to develop because the code is more complex. Often you have to match some patterns or test for known plaintexts but this is fresh code which you probably won't find in any of the other kernels. The _init and _loop kernels often can simply be copied from other kernels. The simple _loop kernel typically is much slower compared to the more complicated _comp kernel. That means it is often not worth to spend too much effort into optimization of the _comp kernel. + +It is obvious, but the kernels are executed in exactly this order: mXXXXX_init, mXXXXX_loop(N), mXXXXX_comp. + +Along with the three kernels goes a context buffer called `tmps` which is accessible for read and write by all three kernels. The data type of this buffer is a void* and you cast it to a structure you need from inside the kernel. Hashcat knows about the size of the buffer because you returned it in the module in the module_tmp_size() method. This buffer is unique for every work item executed on the compute device. This means that hashcat will allocate a buffer on the compute device which has the size of your structure multiplied with the maximum possible work items which was discovered by the auto tuner. Each password candidate has its own `tmps` buffer allocated. The buffer is thread safe and free to be read or written to. You do not need to care about race conditions, mutexes, etc. + +Typically it goes like this: + +* In the "mXXXXX_init" kernel you write into `tmps` at the end. +* In the "mXXXXX_loop" kernel you read from `tmps` at the beginning and write into `tmps` at the end. +* In the "mXXXXX_comp" kernel you read from `tmps` at the beginning. + +For slow hashes it is recommended to use vector data types if your algorithm allows to do so. If you use vector data types, use it in the _loop kernel only. Make sure to inform hashcat about using the appropriate opts_type option (see modules section). + +## Hashcat Crypto Library ## + +The hashcat crypto library interface is very close to the OpenSSL interface with the typical Init(), Update() and Final() calls. But there are some important differences: + +* The OpenSSL interface is designed with the idea the library is executed on a device which supports 8 bit, 32 bit and 64 bit registers. The hashcat crypto library is designed with the idea it is executed on a device which supports -only- 32 bit registers (like a GPU). +* The OpenSSL interface does not support the use of vector data types. This makes sense since in a typical use case scenario of OpenSSL there is no need to compute multiple keys based on multiple passwords at the same time. However, if we want to utilize special CPU instructions like SSE2, AVX2, XOP, etc. we need to write our code using vector data types. This enables the OpenCL runtime to do the translation. The hashcat crypto library therefore supports both scalar and vector data types as input data, but you need to use a different context data type. For instance, sha1_ctx_vector_t instead of sha1_ctx_t. + +Working with the hashcat crypto libraries is straightforward. There are however some limitations you need to know about and you need to align with. The functions are designed to make it more easy for you to develop kernels, but they are written with performance in mind. This is achieved by using different optimization techniques. For instance, a crypto library cannot know how much data the user will provide. It therefore has to keep some buffers in the context to maintain some offsets. Each update() typically changes the buffer values and the offset. Typically you would code this by using some pointers. But pointers are poison for high performance. The computation of the address requires at least a temporary register, one or more mul() and another add() instruction call. This can be avoided. To do so, most of the code is using large switch() statements to enable the kernel compiler to translate a lot of code directly to register without the need to use an address to access a certain value in an array. But this goes too deep. Check `OpenCL/inc_common.cl` if you want to know more about the details. + +The most important limits are the following: + +* Functions are not converting data to the native endianness operation mode of whatever crypto primitive you are using. This is different to regular crypto libraries and can create a lot of headache if you are not used to this! You need to convert the data manually (typically just a hc_swap32() or hc_swap64() call). Keep in mind that all compute devices supported by OpenCL which I know of, operate in LE byte order. For instance, MD5 is using LE byte order. This means that you do not need to swap any data. However, SHA1 has a BE byte order and you need to convert the data. This is why it is so important to have a POC to verify intermediate result values. +* The buffer you provide must be padded to a size of a multiple of the block size of whatever crypto primitive you are using. For example 64 byte for MD5, SHA256, etc. and 128 byte for SHA512 and others. If you do not know the block sizes, check the algorithm specs. For instance, if you want to statically append a 5 byte string to a password from inside the kernel, you could use `sha1_update (&ctx, buf, 5);`, the important thing here is that buf[] must be declared as u32 buf[16]. That is because the block size of SHA1 is 64 byte. +* The buffer also needs to be zero padded. If only the first 5 byte of this 64 byte buffer is used, the remaining 59 bytes need to be set to zero. +* This goes back to how hashcat actually appends the data to the buffer in the context. Keep in mind, in OpenCL/CUDA there is no such thing as memcpy(). Of course you could write it yourself, but you will run into the performance problems explained above. Instead we are using switch(), followed by shifting the data to the final offset and then OR the temporary buffer to the existing buffer. This only works if the unused data is set to zero and the buffer has a known size. +* Shifting the buffer data changes the data. While you can reuse the buffer keep in mind you have to re-initialize the data. This is not the case if the buffers are global memory buffers. +* Note that none of the limitations are tested from the hashcat crypto library. You need to be careful or you will run into errors like out of boundary read/writes or have unexpected data. + +Note that the type of buffer which holds the data is relevant, too. There are specific functions for working with local memory arrays and global memory arrays. + +Often there is also a function which does the byte swapping for you. For instance, there is not only sha1_update() but there is also sha1_update_swap(). The prototypes are the same. There is also sha1_update_utf16le() and sha1_update_utf16le_swap(). I am sure you got the idea. If some helper function is missing, feel free to commit it to upstream but in a dedicated PR. + +Since hashcat 6.0.0 it is also possible to use the hashcat crypto library from the host code. This is done by the emulation macros. To use a library, you just need to include `emu_inc_hash_sha1.h` or appropriate. Keep in mind that the limitations are exactly the same as if you use them from inside a kernel. A good example is `src/wordlist.c` or `src/modules/module_12600.c`. + +## About Salts ## + +In hashcat, we have two different types of salt structures. There is a fixed size data type and a generic size data type. This goes back to how hashcat was created and how it evolved over time. However, it turned out the concept still works very good even with the most complex algorithms of today. + +### salt_t ### + +The salt_t is a fixed size data type which is defined in `OpenCL/inc_types.cl` and holds a number of configuration settings and buffers with different meanings. However, they all are using 32 bit integers exclusively. This goes back to the fact that GPU registers are always 32 bit. You can work with 8 bit integers, but will make the GPU slower because it has to emulate an 8 bit register behavior (which is done transparently from your perspective). We however are trying to avoid this by sticking to u32 data type buffers for your entire kernel to achieve best performance. I will now explain the components of the salt_t structure in detail: + +* u32 salt_buf[64]: This is the main buffer to store your salt in. The salt is limited to 64 times 32 bit (which is 4 bytes, 4 * 8 bits) elements, so 256 bytes. You need to guarantee that your salt buffer will never exceed 256 bytes, otherwise you can not store the salt in the salt_t structure. But for most cases, this is enough. If the salt buffer exceeds the 256 byte range, you need to use an esalt structure which is explained later. +* u32 salt_buf_pc[64]: This is an additional buffer to store precomputed values (typically based on the salt buffer). For instance, if you have an algorithm like sha1($p.md5($s)) you do not need to compute the md5($s) part for every try. It is enough to compute it once. The buffer is used to store the result of the md5($s) which you can access from within your kernel. +* u32 salt_len: This is just the length of the data stored in salt_buf[], in bytes. It is important that this value is also used during the salt buffer unique check on hashcat startup. Since the data stored as a salt is in binary, hashcat needs to know the length of this data to compare with other elements in the array. Keep this in mind and make sure to set a useful value, even if you are using a faked salt. +* u32 salt_len_pc: Same as salt_len but for the precomputed buffer. Set to 0 if there is no precomputed buffer, but keep in mind 0 is the default so in most cases you do not touch this. +* u32 salt_iter: This value holds the iteration count of your algorithm. This applies to slow hash kernels only and is used only in the _loop kernel. Note that some KDF (like PBKDF2) count their initialization round (in the _init kernel) as 1, thus you need to subtract 1 from the salt_iter count for this group of algorithms. +* u32 salt_iter2: Same as salt_iter, but for plugins which make use of a secondary loop kernel and which have set the option OPTS_TYPE_LOOP2. +* u32 salt_sign[2]: This option is most commonly used to recreate the original iteration count, salt buffer or even digest buffer set from a hash which is sometimes ambiguous. A good instance is DEScrypt, where there is a 64 bit digest encoded in an 11 byte base64 encoded string which results in 66 bit. Some applications do not zero the last 2 bits before encoding, resulting in multiple digest values for the same password. Since we need to store the real hash in our digest buffers we also need to save the remaining 2 bit in case the hash ever gets cracked and when we need to print the original hash to the console or output file. +* u32 digests_cnt: This value holds the number of digests which belong to this particular salt. After hashcat finishes decoding all the hashes from your hash file, it starts sorting and removing duplicates. At this time, it will also find possible multiple digest values which belong to the same salt. This allows hashcat to optimize the attack. This option is maintained by hashcat, do not modify it. +* u32 digests_done: This value holds the number of cracked digests which belong to a particular salt. If this number equals the number stored in digests_cnt, then hashcat knows it can remove this salt element for all upcoming kernel invocations. This speeds up the cracking process while hashcat is running. This option is maintained by hashcat, do not modify it. +* u32 digests_offset: This value keeps track of the information at which point in the digest buffer the sorted section of all the digests belonging to this particular salt starts. Since all digests, no matter which salt they belong to, are stored in one big array of u32 values we need to keep track of the starting point per unique salt. This value is important in the binary search which runs on the kernel. This option is maintained by hashcat, do not modify it. +* u32 scrypt_N: Some leftover for scrypt based algorithms from a time when there was no esalt. This option is maintained by hashcat, do not modify it. +* u32 scrypt_r: See scrypt_N. +* u32 scrypt_p: See scrypt_N. + +### esalt ### + +Of course there are also generic buffers in case the data of your hash mode simply covers additional data like encrypted data, IV, etc. or simply salt buffers which are too long to fit into the standardized salt_t structure. To define your own struct, you need to define it in the module as well as in the kernel. Since both source codes are independent from each other, you need to maintain them and guarantee that they are synchronized. The esalt buffers and structs in the corresponding `src/modules/` and `OpenCL/` plugin files need to be the same and any change in one of these esalt structs in one of these source files would need to be accompanied by a change of the other file too. Other than that, it is a simple process. As described in the decoder section, hashcat needs to know the size of the structure so it can allocate enough memory space for it at the initialization phase. In order to inform the hashcat host binary of the esalt size, you must provide it via the function module_esalt_size(). It could be either a maximum size (upper limit) or a constant size. This depends on the algorithm. +That is all. You can now cast the void *esalt_buf which is provided to you in the decoder and encoder functions to your esalt structure type. Note this address is maintained by hashcat. It guarantees a fresh buffer for each invocation of module_hash_decode(). Therefore, you can simply cast it for instance like this: + +``` +wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) esalt_buf; +``` + +You can access the esalt from the encoder function and read the data the exact same way by casting it to your esalt struct. + +Important: No matter if you are going to use an esalt or not, you always need to fill the salt_buf[] array and set the salt_len for it. + +Important: In case you write a slow hash, you need to set the salt_iter element. Also never forget to implement module_esalt_size() if you use an esalt. + +## Data Structures: salt_t vs esalt ## + +Hashcat has a generic data structure to handle "easy" salts (salt_t) and an open data structure one, that you can define yourself in case the generic data structure does not fit your needs (esalt). An "easy" salt is a single buffer salt of less than 256 byte (can be binary). The open data structure is called "esalt". + +It is important to understand the difference between the generic salt_t struct and the esalt struct (which you create on your own). In fact it is essential to distinguish them. Based on the data we assign to the salt_t struct, hashcat sorts and groups all digests belonging to this particular salt_t first by the salt buffer content in salt->salt_buf[]. We can see it as a top level grouping. With the data we assign to the esalt, hashcat sorts and groups all hashes, but on a level below. Like in a SQL Statement when we do something like: + +`SELECT digest FROM hashes GROUP BY salt_t,esalt` + +But why is that? It is an optimization. If we have different data stored in salt_t and esalt, hashcat expects us to access salt_t data in the _init kernel and expects us to access the data of our esalt only from the _comp kernel. But that is an optional step and probably something of which you did not think of if you never wrote a hashcat plugin before. + +A good example is the WPA mode. The crypto scheme in this mode requires multiple salt fields (IVs, mac addresses, encrypted data, etc). To derive the PMK master key (the slow part in the algorithms), only the ESSID (the network name) is required. If we want to crack WPA, typically we capture multiple handshakes, however all handshakes could be belonging to the same network. If we are clever we can exploit this weakness. In the parser we would set only the ESSID in the salt_t struct and all other data (IV, MAC addresses, etc.) go into the esalt. By doing so, hashcat will only spawn that many _init and _loop kernels as there are unique ESSIDs in the generic salt_t buffers. If we have captured 100 handshakes of the same network, hashcat only needs to run the compute intensive _loop kernel one time, not 100 times. But how to use the _comp kernel in this case? + +Now let us talk about the three different types of _comp kernels. The first type is if we have an easy crypto algorithm which only contains a single salt buffer in the salt_t struct. Imagine we have ten real hashes but they all share the same salt. In such a case there is still no need to run the _init and the slow _loop kernel ten times. A single invocation of both is enough. In the _comp kernel hashcat will search a database if the digest exists in a database which is important. We only need to search this database for the existence of the hash, we do not need to decrypt something. This database is created automatically by hashcat at the very start. Every digest which we assign to the digest_t struct will be sorted and stored inside this database. Inside the _comp kernel, if we assign the final digest to r0 - r4 and call the #include COMPARE_M macro, the database gets searched. This code is highly optimized and is using a bloom filter and an additional binary tree search. So it can handle millions of hashes very efficiently. See `OpenCL/m00500-pure.cl` as an easy example. + +Sometimes this is not enough. For instance, if we do not have a final digest which we could search for "existence" in the database. This happens if we have to decrypt some data and match the content of the decrypted data against some known pattern. It is obvious if we match data in this case we can not search the data for existence, right? In this case we actually need to iterate through all entries in the database. This is something very irregular from the general hashcat concept but there is a way to deal with it. Of course, if you only support single targets this is not a problem. The recommended way to deal with this is to verify if the salt_buf data you are using is unique. The goal is to force hashcat to call the _comp kernel as many times as it loads unique hashes from your hash list and iterates through all of them individually. If we choose to use this mode, it is essential for the salt_t buffer to be exactly as unique as the esalt buffer (the same number of entries). This could be achieved by using parts of encrypted data and copying it to salt->salt_buf[]. Hashcat will be forced to increment the `digests_offset` variable for each iteration which gives you the opportunity to index the different hashes individually. A good example for such a _comp kernel can be found in `OpenCL/m14700-pure.cl`. + +There is even a third mode which is close to the second mode, but does not have the disadvantage of syncing the salt_t with the esalt, giving you the opportunity to exploit salt specific vulnerabilities in the algorithm (like in WPA). This mode can be activated by setting OPTS_TYPE_DEEP_COMP_KERNEL flag in the module. In this case hashcat will know that it has to call the _comp kernel for that many entries that are bound to a unique salt_t entry. So far there are only two algorithms which make use of that. This mode should therefore only be used in very rare cases and is discouraged if not applicable. See `OpenCL/m22000-pure.cl` as an example. + +Most kernels today go for the second mode. However, if possible we should use the first mode because it is much more elegant. There is a trick to step down from the second mode to the first mode. In case we need to match some data after decryption but we know 100% of the data it is better to encrypt the known plaintext data instead of decrypting the encrypted data. In this case our final value can be searched in a database for "existence" and we can operate in first mode (i.e. make a "lookup"). + +## Tokenizer ## + +The tokenizer is basically a CSV parser but with some special features. When it comes to loading hash files it is sometimes not so easy. The hash files often have been generated by extraction tools which do not follow CSV rules very carefully. Often the CSV is broken because of missing escape characters, quotation or other problems. Additionally, the tokenizer covers a preliminary data sanitization and data length check. + +Of course we could have used a regular expression engine to do the same. But if you think of the potential multi million hash entries in hash files the tokenizer is much faster than a regular expression. Also the tokenizer offers configuration items that are known to be relevant when it comes to parsing hashes. The configuration of the tokenizer is very easy to read for third parties and gives an easy overview of how the hash lines are separated from a standardized perspective. + +One very unique feature is that the tokenizer allows you to have both dynamic length columns and fixed length columns in the same hash line. This is sometimes the only way to read a hash line. Another unique feature is that it allows you to change the separator character for different columns in the same hash line. This is why you have to specify the separator character for each column separately. + +The first step after declaring the tokenizer context buffer is to create its configuration. There is just one mandatory parameter and a maximum of 128 optional configuration items (columns). The mandatory configuration item needs to be set to the number of columns/fields which the hash line includes. Note that this is a fixed value. For more complex hash lines with a dynamic column count you need to create multiple tokenizer instances (e.g. use a second configuration, if the first one failed), but in most of the times this is not required. + +``` +token_t token; + +token.token_cnt = 1; +``` + +For a very simple, unsalted hash there is just one column: the hash. If this is a MD5 hash, it is typically encoded as a hex string of exact size 32 byte. These properties we can configure for the first column: + +``` +token.len_min[0] = 32; +token.len_max[0] = 32; +token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; +``` + +The parameters len_min and len_max always define a valid range in bytes. Since it is always 32 byte, we simply set 32 to both parameters. With the configuration item `TOKEN_ATTR_VERIFY_LENGTH` we inform the tokenizer to verify the data length. If the length does not match, we will refuse the hash. The same goes for the configuration item `TOKEN_ATTR_VERIFY_HEX`. As you can imagine, this informs the tokenizer to verify if the data contains only hex characters (no matter the case). For more verification configuration items please see `includes/types.h`. + +Finally the tokenizer is called. If any of the verification configuration items do not pass, the tokenizer will return a specific error code. As always, the error codes can be found in `includes/types.h`. + +``` +const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + +if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); +``` + +If everything went well up to this point, the tokenizer has placed the pointer addresses for the start to each of the columns in the token.buf[] array and the corresponding length in the token.len[] array. For instance, if there is only one column, the pointer address in token.buf[0] will be populated as well as token.len[0]. If you have two columns (token_cnt = 2), there will also be token.buf[1] and token.len[1], and so on. + +As always, you can use the tokenizer configurations in the existing modules as a reference, especially for complex hash lines. + +For hash lines with multiple columns, we need to use for each column either TOKEN_ATTR_FIXED_LENGTH (see below) or configure the separator character. The separator has to be a single byte character and is set using the "sep" parameter. + +``` +token.sep[0] = ':'; +token.len_min[0] = 32; +token.len_max[0] = 32; +token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + +token.len_min[1] = 0; +token.len_max[1] = 32; +token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; +``` + +In the above example you can see that we have hard-coded the separator character to ':'. In addition, this type of configuration the tokenizer will refuse the hash line if the separator was not found. You can also use the hashconfig->separator character if you want to use the separator character the hashcat user set using the -p command line option (default being ':'). + +There is one more configuration item which I want to describe: + +* TOKEN_ATTR_FIXED_LENGTH: This is for columns of which you know the exact length -and- which are not followed by a separator character. In this case you do not need to set the parameters "len_min" and "len_max", but you need to set the parameter "len" instead. This is a typical pitfall if you copy/paste configuration settings from other modules and switch from a dynamic length to a fixed length. Do not forget to also change the parameter name ("len_min"/"len_max" instead of just "len") and the indices. + From bb94bf4359c63810101cd4d0e089dcc8b33f53b2 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 20 Mar 2020 09:04:16 +0100 Subject: [PATCH 295/300] Remove extra character in development guide --- docs/hashcat-plugin-development-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hashcat-plugin-development-guide.md b/docs/hashcat-plugin-development-guide.md index dadfa1a1c..5fd346c13 100644 --- a/docs/hashcat-plugin-development-guide.md +++ b/docs/hashcat-plugin-development-guide.md @@ -1,5 +1,5 @@ # Hashcat Plugin Development Guide # -" + The purpose of this document is to introduce you to the development of plugins for hashcat 6.0.0 and newer. We will update this document regularly and add more detailed content. The content in its current state includes enough details to write easy, medium and hard plugins. With hashcat 6.0.0, a new interface has been designed which enables you to add new hash-modes more easily than in older hashcat versions. The plugin interface is an essential new feature of hashcat 6.0.0. From ddb641b8430e90d8febb6fedb7dd9ae063fdfa38 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 20 Mar 2020 16:20:22 +0100 Subject: [PATCH 296/300] Add option to force disable real SHM access to be used from within the module --- OpenCL/inc_vendor.h | 5 +++++ src/modules/module_22100.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/OpenCL/inc_vendor.h b/OpenCL/inc_vendor.h index cbaf093f5..6ca2c5707 100644 --- a/OpenCL/inc_vendor.h +++ b/OpenCL/inc_vendor.h @@ -99,6 +99,11 @@ #define REAL_SHM #endif +// So far, only used by -m 22100 and only affects NVIDIA on OpenCL. CUDA seems to work fine. +#ifdef FORCE_DISABLE_SHM +#undef REAL_SHM +#endif + #ifdef REAL_SHM #define SHM_TYPE LOCAL_AS #else diff --git a/src/modules/module_22100.c b/src/modules/module_22100.c index 3c610f5c5..afbc29550 100644 --- a/src/modules/module_22100.c +++ b/src/modules/module_22100.c @@ -77,7 +77,7 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY // NVIDIA GPU if (device_param->opencl_device_vendor_id == VENDOR_ID_NV) { - hc_asprintf (&jit_build_options, "-D _unroll"); + hc_asprintf (&jit_build_options, "-D _unroll -D FORCE_DISABLE_SHM"); } // AMD-GPU-PRO From 4f3165c6ea49ada19a4b3f0aa305fc5d296292bf Mon Sep 17 00:00:00 2001 From: philsmd Date: Mon, 30 Mar 2020 13:53:37 +0200 Subject: [PATCH 297/300] make -m 21200 more generic (except all supported salt len) --- src/modules/module_21200.c | 4 ++-- tools/test_modules/m21200.pm | 4 ++-- tools/test_modules/m21300.pm | 7 +------ 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/src/modules/module_21200.c b/src/modules/module_21200.c index 6c9ea1daf..75b379c35 100644 --- a/src/modules/module_21200.c +++ b/src/modules/module_21200.c @@ -60,8 +60,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; - token.len_min[1] = 19; - token.len_max[1] = 19; + token.len_min[1] = SALT_MIN; + token.len_max[1] = SALT_MAX; token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; if (hashconfig->opts_type & OPTS_TYPE_ST_HEX) diff --git a/tools/test_modules/m21200.pm b/tools/test_modules/m21200.pm index 400afd6cb..3386d285d 100644 --- a/tools/test_modules/m21200.pm +++ b/tools/test_modules/m21200.pm @@ -11,12 +11,12 @@ use warnings; use Digest::MD5 qw (md5_hex); use Digest::SHA qw (sha1_hex); -sub module_constraints { [[0, 256], [19, 19], [0, 55], [-1, -1], [-1, -1]] } +sub module_constraints { [[0, 256], [0, 256], [0, 55], [-1, -1], [-1, -1]] } sub module_generate_hash { my $word = shift; - my $salt = random_hex_string (19, 19); + my $salt = shift; my $digest = md5_hex (sha1_hex ($salt) . md5_hex ($word)); diff --git a/tools/test_modules/m21300.pm b/tools/test_modules/m21300.pm index 6973f8946..fe5e2be44 100644 --- a/tools/test_modules/m21300.pm +++ b/tools/test_modules/m21300.pm @@ -11,18 +11,13 @@ use warnings; use Digest::MD5 qw (md5_hex); use Digest::SHA qw (sha1_hex); -sub module_constraints { [[0, 256], [1, 256], [0, 55], [-1, -1], [-1, -1]] } +sub module_constraints { [[0, 256], [0, 256], [0, 55], [0, 55], [0, 55]] } sub module_generate_hash { my $word = shift; my $salt = shift; - if (length $salt == 0) - { - $salt = random_hex_string (1, 256); - } - my $digest = md5_hex ($salt . sha1_hex ($salt . $word)); my $hash = sprintf ("%s:%s", $digest, $salt); From 619cd5f1ec81fa028153e9faf24e28e693a3e13c Mon Sep 17 00:00:00 2001 From: philsmd Date: Mon, 30 Mar 2020 14:02:57 +0200 Subject: [PATCH 298/300] docs: removed some unnecessary whitespace chars from the guide --- docs/hashcat-plugin-development-guide.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/hashcat-plugin-development-guide.md b/docs/hashcat-plugin-development-guide.md index 5fd346c13..b764145b6 100644 --- a/docs/hashcat-plugin-development-guide.md +++ b/docs/hashcat-plugin-development-guide.md @@ -394,7 +394,7 @@ This configuration item is a bitmask field. There are a few switches which you c The decoder function is the function that is called again and again for every line in your hashfile. We also call this sometimes the hash parser. Here you have to program the logic which decodes the line into its components and then stores them in the standardized data structure which hashcat understands. Typically hash files are text files in which each hash is stored in a single line. Before the decoder function is called, Hashcat opens the hash file and scans the number of lines. Based on this information, it pre-allocates memory buffers for the hash digest, the salt and the esalt so you do not need to allocate any buffers from inside the decoder. If you allocate buffers from inside the decoder, you must free them as well. The size of the digest is based on what is returned from module_dgst_size(). The salt_t is a fixed size structure and the esalt size is known from module_esalt_size(). There is also some more rarely used buffers like module_hook_salt_size() but the logic is always the same. Hashcat simply multiplies the size of all these different structures by the number of lines. It then rewinds the file handle and starts iterating. For each iteration of these input lines, the module_hash_decode() function is called. The input pointer points to the new hash line and the output pointers point to the corresponding previously allocated buffers. You can directly access the pointers to store the digest, salt, esalt and other buffers without any offsets. - + In hashcat there are two different types of salt structures. It is essential to understand them; please read the section "About salts" at the end of this document first. If you are unaware about the different concepts of salt_t and esalt, you really need to read that section before you continue this section. For instance, if your crypto algorithm is something like MD5(MD5($pass.$salt)), then you can expect to find both a hash and a salt in each of your hash lines. In the decoder function, it is up to you to split these two parts (typically by using the tokenizer - please read the tokenizer section below) and copy them into a standardized hashcat structure. @@ -508,7 +508,7 @@ This is the password to crack the hash given in module_st_hash() for the self-te This is the second necessary ingredient for creating a plugin. Particular attention should be paid to the development of the kernel. Compiling the kernel takes a relatively long time, so both hashcat and the various compute APIs try to save a binary kernel in a cached structure. This serves to reduce the startup time and it is important for the user experience (UX). This however can be a pain as a developer. -NOTE: You -must- manually delete all cached kernels with every change to your kernel code. This is -very- important! +NOTE: You -must- manually delete all cached kernels with every change to your kernel code. This is -very- important! ``` $ rm -rf kernels/ From 15eb70152f38efb224d74cedbce19fe71f8c0b68 Mon Sep 17 00:00:00 2001 From: philsmd Date: Mon, 30 Mar 2020 14:06:11 +0200 Subject: [PATCH 299/300] fixes #2339: problem with --hex-salt fixed --- src/modules/module_00040.c | 2 +- src/modules/module_04710.c | 2 +- src/modules/module_20710.c | 2 +- src/modules/module_21200.c | 2 +- src/modules/module_21300.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/modules/module_00040.c b/src/modules/module_00040.c index 198427067..2d4dc98cf 100644 --- a/src/modules/module_00040.c +++ b/src/modules/module_00040.c @@ -29,7 +29,7 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_PT_ADD80 | OPTS_TYPE_PT_ADDBITS14 | OPTS_TYPE_PT_UTF16LE; -static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "23a8a90599fc5d0d15265d4d3b565f6e:58802707"; diff --git a/src/modules/module_04710.c b/src/modules/module_04710.c index 0921abcbe..b16fb9e65 100644 --- a/src/modules/module_04710.c +++ b/src/modules/module_04710.c @@ -27,7 +27,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_PT_ADD80 | OPTS_TYPE_PT_ADDBITS14; -static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "53c724b7f34f09787ed3f1b316215fc35c789504:hashcat1"; diff --git a/src/modules/module_20710.c b/src/modules/module_20710.c index 6e956e43a..a401ce919 100644 --- a/src/modules/module_20710.c +++ b/src/modules/module_20710.c @@ -28,7 +28,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_BE | OPTS_TYPE_PT_ADD80 | OPTS_TYPE_PT_ADDBITS15; -static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "bfede293ecf6539211a7305ea218b9f3f608953130405cda9eaba6fb6250f824:7218532375810603"; diff --git a/src/modules/module_21200.c b/src/modules/module_21200.c index 6c9ea1daf..627464895 100644 --- a/src/modules/module_21200.c +++ b/src/modules/module_21200.c @@ -27,7 +27,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_PT_ADD80 | OPTS_TYPE_PT_ADDBITS14; -static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "e69b7a7fe1bf2ad9ef116f79551ee919:baa038987e582431a6d"; diff --git a/src/modules/module_21300.c b/src/modules/module_21300.c index 6c4522dc2..c687160a6 100644 --- a/src/modules/module_21300.c +++ b/src/modules/module_21300.c @@ -27,7 +27,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_PT_ADD80 | OPTS_TYPE_PT_ADDBITS14; -static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const u32 SALT_TYPE = SALT_TYPE_GENERIC; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "799dc7d9aa4d3f404cc21a4936dbdcde:68617368636174"; //6d455b6e8945bebfd0a5878eaa201523:hashcat"; //c8f4f1202e7aaebb14e49903ca973d39:943038186"; From 53d2e4579582645e19ea979ef0f83421085a1e1a Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Tue, 31 Mar 2020 11:01:47 +0200 Subject: [PATCH 300/300] fixes #2341: electrum 4/5 mod_512 () infinite loop fix --- OpenCL/inc_ecc_secp256k1.cl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/OpenCL/inc_ecc_secp256k1.cl b/OpenCL/inc_ecc_secp256k1.cl index f9ec34194..ff877ca11 100644 --- a/OpenCL/inc_ecc_secp256k1.cl +++ b/OpenCL/inc_ecc_secp256k1.cl @@ -512,6 +512,9 @@ DECLSPEC void mod_512 (u32 *n) // substract (a -= r): + if ((r[ 0] | r[ 1] | r[ 2] | r[ 3] | r[ 4] | r[ 5] | r[ 6] | r[ 7] | + r[ 8] | r[ 9] | r[10] | r[11] | r[12] | r[13] | r[14] | r[15]) == 0) break; + r[ 0] = a[ 0] - r[ 0]; r[ 1] = a[ 1] - r[ 1]; r[ 2] = a[ 2] - r[ 2];