diff --git a/OpenCL/m24410-pure.cl b/OpenCL/m24410-pure.cl new file mode 100644 index 000000000..2d5ef5143 --- /dev/null +++ b/OpenCL/m24410-pure.cl @@ -0,0 +1,600 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha1.cl" +#include "inc_cipher_aes.cl" +#include "inc_cipher_des.cl" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +typedef struct pkcs_sha1_tmp +{ + u32 ipad[5]; + u32 opad[5]; + + u32 dgst[32]; + u32 out[32]; + +} pkcs_sha1_tmp_t; + +typedef struct pkcs +{ + int cipher; + + u32 data_buf[16384]; + int data_len; + + u32 iv_buf[4]; + +} pkcs_t; + +DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + + sha1_transform_vector (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = 0x80000000; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 20) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + + sha1_transform_vector (w0, w1, w2, w3, digest); +} + +KERNEL_FQ void m24410_init (KERN_ATTR_TMPS_ESALT (pkcs_sha1_tmp_t, pkcs_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + sha1_hmac_ctx_t sha1_hmac_ctx; + + sha1_hmac_init_global_swap (&sha1_hmac_ctx, pws[gid].i, pws[gid].pw_len); + + tmps[gid].ipad[0] = sha1_hmac_ctx.ipad.h[0]; + tmps[gid].ipad[1] = sha1_hmac_ctx.ipad.h[1]; + tmps[gid].ipad[2] = sha1_hmac_ctx.ipad.h[2]; + tmps[gid].ipad[3] = sha1_hmac_ctx.ipad.h[3]; + tmps[gid].ipad[4] = sha1_hmac_ctx.ipad.h[4]; + + tmps[gid].opad[0] = sha1_hmac_ctx.opad.h[0]; + tmps[gid].opad[1] = sha1_hmac_ctx.opad.h[1]; + tmps[gid].opad[2] = sha1_hmac_ctx.opad.h[2]; + tmps[gid].opad[3] = sha1_hmac_ctx.opad.h[3]; + tmps[gid].opad[4] = sha1_hmac_ctx.opad.h[4]; + + sha1_hmac_update_global_swap (&sha1_hmac_ctx, salt_bufs[SALT_POS].salt_buf, salt_bufs[SALT_POS].salt_len); + + u32 key_elem = 0; + + if (esalt_bufs[DIGESTS_OFFSET].cipher == 1) { key_elem = (192 / 8) / 4; } + else if (esalt_bufs[DIGESTS_OFFSET].cipher == 2) { key_elem = (128 / 8) / 4; } + else if (esalt_bufs[DIGESTS_OFFSET].cipher == 3) { key_elem = (192 / 8) / 4; } + else if (esalt_bufs[DIGESTS_OFFSET].cipher == 4) { key_elem = (256 / 8) / 4; } + + for (u32 i = 0, j = 1; i < key_elem; i += 5, j += 1) + { + sha1_hmac_ctx_t sha1_hmac_ctx2 = sha1_hmac_ctx; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = j; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + sha1_hmac_update_64 (&sha1_hmac_ctx2, w0, w1, w2, w3, 4); + + sha1_hmac_final (&sha1_hmac_ctx2); + + tmps[gid].dgst[i + 0] = sha1_hmac_ctx2.opad.h[0]; + tmps[gid].dgst[i + 1] = sha1_hmac_ctx2.opad.h[1]; + tmps[gid].dgst[i + 2] = sha1_hmac_ctx2.opad.h[2]; + tmps[gid].dgst[i + 3] = sha1_hmac_ctx2.opad.h[3]; + tmps[gid].dgst[i + 4] = sha1_hmac_ctx2.opad.h[4]; + + tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; + tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; + tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; + tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; + tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; + } +} + +KERNEL_FQ void m24410_loop (KERN_ATTR_TMPS_ESALT (pkcs_sha1_tmp_t, pkcs_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= gid_max) return; + + u32x ipad[5]; + u32x opad[5]; + + ipad[0] = packv (tmps, ipad, gid, 0); + ipad[1] = packv (tmps, ipad, gid, 1); + ipad[2] = packv (tmps, ipad, gid, 2); + ipad[3] = packv (tmps, ipad, gid, 3); + ipad[4] = packv (tmps, ipad, gid, 4); + + opad[0] = packv (tmps, opad, gid, 0); + opad[1] = packv (tmps, opad, gid, 1); + opad[2] = packv (tmps, opad, gid, 2); + opad[3] = packv (tmps, opad, gid, 3); + opad[4] = packv (tmps, opad, gid, 4); + + u32 key_elem = 0; + + if (esalt_bufs[DIGESTS_OFFSET].cipher == 1) { key_elem = (192 / 8) / 4; } + else if (esalt_bufs[DIGESTS_OFFSET].cipher == 2) { key_elem = (128 / 8) / 4; } + else if (esalt_bufs[DIGESTS_OFFSET].cipher == 3) { key_elem = (192 / 8) / 4; } + else if (esalt_bufs[DIGESTS_OFFSET].cipher == 4) { key_elem = (256 / 8) / 4; } + + for (u32 i = 0; i < key_elem; i += 5) + { + u32x dgst[5]; + u32x out[5]; + + dgst[0] = packv (tmps, dgst, gid, i + 0); + dgst[1] = packv (tmps, dgst, gid, i + 1); + dgst[2] = packv (tmps, dgst, gid, i + 2); + dgst[3] = packv (tmps, dgst, gid, i + 3); + dgst[4] = packv (tmps, dgst, gid, i + 4); + + out[0] = packv (tmps, out, gid, i + 0); + out[1] = packv (tmps, out, gid, i + 1); + out[2] = packv (tmps, out, gid, i + 2); + out[3] = packv (tmps, out, gid, i + 3); + out[4] = packv (tmps, out, gid, i + 4); + + for (u32 j = 0; j < loop_cnt; j++) + { + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = dgst[0]; + w0[1] = dgst[1]; + w0[2] = dgst[2]; + w0[3] = dgst[3]; + w1[0] = dgst[4]; + w1[1] = 0x80000000; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 20) * 8; + + hmac_sha1_run_V (w0, w1, w2, w3, ipad, opad, dgst); + + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + } + + unpackv (tmps, dgst, gid, i + 0, dgst[0]); + unpackv (tmps, dgst, gid, i + 1, dgst[1]); + unpackv (tmps, dgst, gid, i + 2, dgst[2]); + unpackv (tmps, dgst, gid, i + 3, dgst[3]); + unpackv (tmps, dgst, gid, i + 4, dgst[4]); + + unpackv (tmps, out, gid, i + 0, out[0]); + unpackv (tmps, out, gid, i + 1, out[1]); + unpackv (tmps, out, gid, i + 2, out[2]); + unpackv (tmps, out, gid, i + 3, out[3]); + unpackv (tmps, out, gid, i + 4, out[4]); + } +} + +KERNEL_FQ void m24410_comp (KERN_ATTR_TMPS_ESALT (pkcs_sha1_tmp_t, pkcs_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + LOCAL_VK u32 s_SPtrans[8][64]; + LOCAL_VK u32 s_skb[8][64]; + + for (u32 i = lid; i < 64; i += lsz) + { + s_SPtrans[0][i] = c_SPtrans[0][i]; + s_SPtrans[1][i] = c_SPtrans[1][i]; + s_SPtrans[2][i] = c_SPtrans[2][i]; + s_SPtrans[3][i] = c_SPtrans[3][i]; + s_SPtrans[4][i] = c_SPtrans[4][i]; + s_SPtrans[5][i] = c_SPtrans[5][i]; + s_SPtrans[6][i] = c_SPtrans[6][i]; + s_SPtrans[7][i] = c_SPtrans[7][i]; + + s_skb[0][i] = c_skb[0][i]; + s_skb[1][i] = c_skb[1][i]; + s_skb[2][i] = c_skb[2][i]; + s_skb[3][i] = c_skb[3][i]; + s_skb[4][i] = c_skb[4][i]; + s_skb[5][i] = c_skb[5][i]; + s_skb[6][i] = c_skb[6][i]; + s_skb[7][i] = c_skb[7][i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + + if (gid >= gid_max) return; + + u32 ukey[8]; + + ukey[0] = tmps[gid].out[0]; + ukey[1] = tmps[gid].out[1]; + ukey[2] = tmps[gid].out[2]; + ukey[3] = tmps[gid].out[3]; + ukey[4] = tmps[gid].out[4]; + ukey[5] = tmps[gid].out[5]; + ukey[6] = tmps[gid].out[6]; + ukey[7] = tmps[gid].out[7]; + + const int data_len = esalt_bufs[DIGESTS_OFFSET].data_len; + + const int last_pad_pos = data_len - 1; + + const int last_pad_elem = last_pad_pos / 4; + + const int cipher = esalt_bufs[DIGESTS_OFFSET].cipher; + + u32 iv[4]; + + u32 enc[4]; + u32 dec[4]; + + if (cipher == 1) + { + ukey[0] = hc_swap32_S (ukey[0]); + ukey[1] = hc_swap32_S (ukey[1]); + ukey[2] = hc_swap32_S (ukey[2]); + ukey[3] = hc_swap32_S (ukey[3]); + ukey[4] = hc_swap32_S (ukey[4]); + ukey[5] = hc_swap32_S (ukey[5]); + + u32 K0[16]; + u32 K1[16]; + u32 K2[16]; + u32 K3[16]; + u32 K4[16]; + u32 K5[16]; + + _des_crypt_keysetup (ukey[0], ukey[1], K0, K1, s_skb); + _des_crypt_keysetup (ukey[2], ukey[3], K2, K3, s_skb); + _des_crypt_keysetup (ukey[4], ukey[5], K4, K5, s_skb); + + // first check the padding + + iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0]; + + u32 p1[2]; + u32 p2[2]; + + _des_crypt_decrypt (p1, enc, K4, K5, s_SPtrans); + _des_crypt_encrypt (p2, p1, K2, K3, s_SPtrans); + _des_crypt_decrypt (dec, p2, K0, K1, s_SPtrans); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + + const int paddingv = pkcs_padding_bs8 (dec, 8); + + if (paddingv == -1) return; + + // second check (naive code) ASN.1 structure + + iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1]; + + _des_crypt_decrypt (p1, enc, K4, K5, s_SPtrans); + _des_crypt_encrypt (p2, p1, K2, K3, s_SPtrans); + _des_crypt_decrypt (dec, p2, K0, K1, s_SPtrans); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + + const int real_len = (data_len - 8) + paddingv; + + const int asn1_ok = asn1_detect (dec, real_len); + + if (asn1_ok == 0) return; + } + else if (cipher == 2) + { + u32 ks[44]; + + AES128_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + // first check the padding + + iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0]; + + aes128_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int paddingv = pkcs_padding_bs16 (dec, 16); + + if (paddingv == -1) return; + + // second check (naive code) ASN.1 structure + + iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3]; + + aes128_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int real_len = (data_len - 16) + paddingv; + + const int asn1_ok = asn1_detect (dec, real_len); + + if (asn1_ok == 0) return; + } + else if (cipher == 3) + { + u32 ks[52]; + + AES192_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + // first check the padding + + iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0]; + + aes192_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int paddingv = pkcs_padding_bs16 (dec, 16); + + if (paddingv == -1) return; + + // second check (naive code) ASN.1 structure + + iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3]; + + aes192_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int real_len = (data_len - 16) + paddingv; + + const int asn1_ok = asn1_detect (dec, real_len); + + if (asn1_ok == 0) return; + } + else if (cipher == 4) + { + u32 ks[60]; + + AES256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + // first check the padding + + iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0]; + + aes256_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int paddingv = pkcs_padding_bs16 (dec, 16); + + if (paddingv == -1) return; + + // second check (naive code) ASN.1 structure + + iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3]; + + aes256_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int real_len = (data_len - 16) + paddingv; + + const int asn1_ok = asn1_detect (dec, real_len); + + if (asn1_ok == 0) return; + } + else + { + return; + } + + const u32 r0 = esalt_bufs[DIGESTS_OFFSET].data_buf[0]; + const u32 r1 = esalt_bufs[DIGESTS_OFFSET].data_buf[1]; + const u32 r2 = esalt_bufs[DIGESTS_OFFSET].data_buf[2]; + const u32 r3 = esalt_bufs[DIGESTS_OFFSET].data_buf[3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} diff --git a/OpenCL/m24420-pure.cl b/OpenCL/m24420-pure.cl new file mode 100644 index 000000000..2e2569428 --- /dev/null +++ b/OpenCL/m24420-pure.cl @@ -0,0 +1,625 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_sha256.cl" +#include "inc_cipher_aes.cl" +#include "inc_cipher_des.cl" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +typedef struct pkcs_sha256_tmp +{ + u32 ipad[8]; + u32 opad[8]; + + u32 dgst[32]; + u32 out[32]; + +} pkcs_sha256_tmp_t; + +typedef struct pkcs +{ + int cipher; + + u32 data_buf[16384]; + int data_len; + + u32 iv_buf[4]; + +} pkcs_t; + +DECLSPEC void hmac_sha256_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + digest[5] = ipad[5]; + digest[6] = ipad[6]; + digest[7] = ipad[7]; + + sha256_transform_vector (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = digest[5]; + w1[2] = digest[6]; + w1[3] = digest[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + digest[5] = opad[5]; + digest[6] = opad[6]; + digest[7] = opad[7]; + + sha256_transform_vector (w0, w1, w2, w3, digest); +} + +KERNEL_FQ void m24420_init (KERN_ATTR_TMPS_ESALT (pkcs_sha256_tmp_t, pkcs_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + sha256_hmac_ctx_t sha256_hmac_ctx; + + sha256_hmac_init_global_swap (&sha256_hmac_ctx, pws[gid].i, pws[gid].pw_len); + + tmps[gid].ipad[0] = sha256_hmac_ctx.ipad.h[0]; + tmps[gid].ipad[1] = sha256_hmac_ctx.ipad.h[1]; + tmps[gid].ipad[2] = sha256_hmac_ctx.ipad.h[2]; + tmps[gid].ipad[3] = sha256_hmac_ctx.ipad.h[3]; + tmps[gid].ipad[4] = sha256_hmac_ctx.ipad.h[4]; + tmps[gid].ipad[5] = sha256_hmac_ctx.ipad.h[5]; + tmps[gid].ipad[6] = sha256_hmac_ctx.ipad.h[6]; + tmps[gid].ipad[7] = sha256_hmac_ctx.ipad.h[7]; + + tmps[gid].opad[0] = sha256_hmac_ctx.opad.h[0]; + tmps[gid].opad[1] = sha256_hmac_ctx.opad.h[1]; + tmps[gid].opad[2] = sha256_hmac_ctx.opad.h[2]; + tmps[gid].opad[3] = sha256_hmac_ctx.opad.h[3]; + tmps[gid].opad[4] = sha256_hmac_ctx.opad.h[4]; + tmps[gid].opad[5] = sha256_hmac_ctx.opad.h[5]; + tmps[gid].opad[6] = sha256_hmac_ctx.opad.h[6]; + tmps[gid].opad[7] = sha256_hmac_ctx.opad.h[7]; + + sha256_hmac_update_global_swap (&sha256_hmac_ctx, salt_bufs[SALT_POS].salt_buf, salt_bufs[SALT_POS].salt_len); + + for (u32 i = 0, j = 1; i < 8; i += 8, j += 1) + { + sha256_hmac_ctx_t sha256_hmac_ctx2 = sha256_hmac_ctx; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = j; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4); + + sha256_hmac_final (&sha256_hmac_ctx2); + + tmps[gid].dgst[i + 0] = sha256_hmac_ctx2.opad.h[0]; + tmps[gid].dgst[i + 1] = sha256_hmac_ctx2.opad.h[1]; + tmps[gid].dgst[i + 2] = sha256_hmac_ctx2.opad.h[2]; + tmps[gid].dgst[i + 3] = sha256_hmac_ctx2.opad.h[3]; + tmps[gid].dgst[i + 4] = sha256_hmac_ctx2.opad.h[4]; + tmps[gid].dgst[i + 5] = sha256_hmac_ctx2.opad.h[5]; + tmps[gid].dgst[i + 6] = sha256_hmac_ctx2.opad.h[6]; + tmps[gid].dgst[i + 7] = sha256_hmac_ctx2.opad.h[7]; + + tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; + tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; + tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; + tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; + tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; + tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5]; + tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6]; + tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7]; + } +} + +KERNEL_FQ void m24420_loop (KERN_ATTR_TMPS_ESALT (pkcs_sha256_tmp_t, pkcs_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= gid_max) return; + + u32x ipad[8]; + u32x opad[8]; + + ipad[0] = packv (tmps, ipad, gid, 0); + ipad[1] = packv (tmps, ipad, gid, 1); + ipad[2] = packv (tmps, ipad, gid, 2); + ipad[3] = packv (tmps, ipad, gid, 3); + ipad[4] = packv (tmps, ipad, gid, 4); + ipad[5] = packv (tmps, ipad, gid, 5); + ipad[6] = packv (tmps, ipad, gid, 6); + ipad[7] = packv (tmps, ipad, gid, 7); + + opad[0] = packv (tmps, opad, gid, 0); + opad[1] = packv (tmps, opad, gid, 1); + opad[2] = packv (tmps, opad, gid, 2); + opad[3] = packv (tmps, opad, gid, 3); + opad[4] = packv (tmps, opad, gid, 4); + opad[5] = packv (tmps, opad, gid, 5); + opad[6] = packv (tmps, opad, gid, 6); + opad[7] = packv (tmps, opad, gid, 7); + + for (u32 i = 0; i < 8; i += 8) + { + u32x dgst[8]; + u32x out[8]; + + dgst[0] = packv (tmps, dgst, gid, i + 0); + dgst[1] = packv (tmps, dgst, gid, i + 1); + dgst[2] = packv (tmps, dgst, gid, i + 2); + dgst[3] = packv (tmps, dgst, gid, i + 3); + dgst[4] = packv (tmps, dgst, gid, i + 4); + dgst[5] = packv (tmps, dgst, gid, i + 5); + dgst[6] = packv (tmps, dgst, gid, i + 6); + dgst[7] = packv (tmps, dgst, gid, i + 7); + + out[0] = packv (tmps, out, gid, i + 0); + out[1] = packv (tmps, out, gid, i + 1); + out[2] = packv (tmps, out, gid, i + 2); + out[3] = packv (tmps, out, gid, i + 3); + out[4] = packv (tmps, out, gid, i + 4); + out[5] = packv (tmps, out, gid, i + 5); + out[6] = packv (tmps, out, gid, i + 6); + out[7] = packv (tmps, out, gid, i + 7); + + for (u32 j = 0; j < loop_cnt; j++) + { + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = dgst[0]; + w0[1] = dgst[1]; + w0[2] = dgst[2]; + w0[3] = dgst[3]; + w1[0] = dgst[4]; + w1[1] = dgst[5]; + w1[2] = dgst[6]; + w1[3] = dgst[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; + + hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst); + + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + out[5] ^= dgst[5]; + out[6] ^= dgst[6]; + out[7] ^= dgst[7]; + } + + unpackv (tmps, dgst, gid, i + 0, dgst[0]); + unpackv (tmps, dgst, gid, i + 1, dgst[1]); + unpackv (tmps, dgst, gid, i + 2, dgst[2]); + unpackv (tmps, dgst, gid, i + 3, dgst[3]); + unpackv (tmps, dgst, gid, i + 4, dgst[4]); + unpackv (tmps, dgst, gid, i + 5, dgst[5]); + unpackv (tmps, dgst, gid, i + 6, dgst[6]); + unpackv (tmps, dgst, gid, i + 7, dgst[7]); + + unpackv (tmps, out, gid, i + 0, out[0]); + unpackv (tmps, out, gid, i + 1, out[1]); + unpackv (tmps, out, gid, i + 2, out[2]); + unpackv (tmps, out, gid, i + 3, out[3]); + unpackv (tmps, out, gid, i + 4, out[4]); + unpackv (tmps, out, gid, i + 5, out[5]); + unpackv (tmps, out, gid, i + 6, out[6]); + unpackv (tmps, out, gid, i + 7, out[7]); + } +} + +KERNEL_FQ void m24420_comp (KERN_ATTR_TMPS_ESALT (pkcs_sha256_tmp_t, pkcs_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + LOCAL_VK u32 s_SPtrans[8][64]; + LOCAL_VK u32 s_skb[8][64]; + + for (u32 i = lid; i < 64; i += lsz) + { + s_SPtrans[0][i] = c_SPtrans[0][i]; + s_SPtrans[1][i] = c_SPtrans[1][i]; + s_SPtrans[2][i] = c_SPtrans[2][i]; + s_SPtrans[3][i] = c_SPtrans[3][i]; + s_SPtrans[4][i] = c_SPtrans[4][i]; + s_SPtrans[5][i] = c_SPtrans[5][i]; + s_SPtrans[6][i] = c_SPtrans[6][i]; + s_SPtrans[7][i] = c_SPtrans[7][i]; + + s_skb[0][i] = c_skb[0][i]; + s_skb[1][i] = c_skb[1][i]; + s_skb[2][i] = c_skb[2][i]; + s_skb[3][i] = c_skb[3][i]; + s_skb[4][i] = c_skb[4][i]; + s_skb[5][i] = c_skb[5][i]; + s_skb[6][i] = c_skb[6][i]; + s_skb[7][i] = c_skb[7][i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans; + CONSTANT_AS u32a (*s_skb)[64] = c_skb; + + #endif + + if (gid >= gid_max) return; + + u32 ukey[8]; + + ukey[0] = tmps[gid].out[0]; + ukey[1] = tmps[gid].out[1]; + ukey[2] = tmps[gid].out[2]; + ukey[3] = tmps[gid].out[3]; + ukey[4] = tmps[gid].out[4]; + ukey[5] = tmps[gid].out[5]; + ukey[6] = tmps[gid].out[6]; + ukey[7] = tmps[gid].out[7]; + + const int data_len = esalt_bufs[DIGESTS_OFFSET].data_len; + + const int last_pad_pos = data_len - 1; + + const int last_pad_elem = last_pad_pos / 4; + + const int cipher = esalt_bufs[DIGESTS_OFFSET].cipher; + + u32 iv[4]; + + u32 enc[4]; + u32 dec[4]; + + if (cipher == 1) + { + ukey[0] = hc_swap32_S (ukey[0]); + ukey[1] = hc_swap32_S (ukey[1]); + ukey[2] = hc_swap32_S (ukey[2]); + ukey[3] = hc_swap32_S (ukey[3]); + ukey[4] = hc_swap32_S (ukey[4]); + ukey[5] = hc_swap32_S (ukey[5]); + + u32 K0[16]; + u32 K1[16]; + u32 K2[16]; + u32 K3[16]; + u32 K4[16]; + u32 K5[16]; + + _des_crypt_keysetup (ukey[0], ukey[1], K0, K1, s_skb); + _des_crypt_keysetup (ukey[2], ukey[3], K2, K3, s_skb); + _des_crypt_keysetup (ukey[4], ukey[5], K4, K5, s_skb); + + // first check the padding + + iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0]; + + u32 p1[2]; + u32 p2[2]; + + _des_crypt_decrypt (p1, enc, K4, K5, s_SPtrans); + _des_crypt_encrypt (p2, p1, K2, K3, s_SPtrans); + _des_crypt_decrypt (dec, p2, K0, K1, s_SPtrans); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + + const int paddingv = pkcs_padding_bs8 (dec, 8); + + if (paddingv == -1) return; + + // second check (naive code) ASN.1 structure + + iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1]; + + _des_crypt_decrypt (p1, enc, K4, K5, s_SPtrans); + _des_crypt_encrypt (p2, p1, K2, K3, s_SPtrans); + _des_crypt_decrypt (dec, p2, K0, K1, s_SPtrans); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + + const int real_len = (data_len - 8) + paddingv; + + const int asn1_ok = asn1_detect (dec, real_len); + + if (asn1_ok == 0) return; + } + else if (cipher == 2) + { + u32 ks[44]; + + AES128_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + // first check the padding + + iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0]; + + aes128_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int paddingv = pkcs_padding_bs16 (dec, 16); + + if (paddingv == -1) return; + + // second check (naive code) ASN.1 structure + + iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3]; + + aes128_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int real_len = (data_len - 16) + paddingv; + + const int asn1_ok = asn1_detect (dec, real_len); + + if (asn1_ok == 0) return; + } + else if (cipher == 3) + { + u32 ks[52]; + + AES192_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + // first check the padding + + iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0]; + + aes192_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int paddingv = pkcs_padding_bs16 (dec, 16); + + if (paddingv == -1) return; + + // second check (naive code) ASN.1 structure + + iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3]; + + aes192_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int real_len = (data_len - 16) + paddingv; + + const int asn1_ok = asn1_detect (dec, real_len); + + if (asn1_ok == 0) return; + } + else if (cipher == 4) + { + u32 ks[60]; + + AES256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + // first check the padding + + iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0]; + + aes256_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int paddingv = pkcs_padding_bs16 (dec, 16); + + if (paddingv == -1) return; + + // second check (naive code) ASN.1 structure + + iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0]; + iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1]; + iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2]; + iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3]; + + enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0]; + enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1]; + enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2]; + enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3]; + + aes256_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4); + + dec[0] ^= iv[0]; + dec[1] ^= iv[1]; + dec[2] ^= iv[2]; + dec[3] ^= iv[3]; + + const int real_len = (data_len - 16) + paddingv; + + const int asn1_ok = asn1_detect (dec, real_len); + + if (asn1_ok == 0) return; + } + else + { + return; + } + + const u32 r0 = esalt_bufs[DIGESTS_OFFSET].data_buf[0]; + const u32 r1 = esalt_bufs[DIGESTS_OFFSET].data_buf[1]; + const u32 r2 = esalt_bufs[DIGESTS_OFFSET].data_buf[2]; + const u32 r3 = esalt_bufs[DIGESTS_OFFSET].data_buf[3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} diff --git a/docs/changes.txt b/docs/changes.txt index 6e177057b..387941f96 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -9,6 +9,7 @@ - Added hash-mode: Apple iWork - Added hash-mode: AxCrypt 2 AES-128 - Added hash-mode: AxCrypt 2 AES-256 +- Added hash-mode: PKCS#8 Private Keys - Added hash-mode: RAR3-p (Compressed) - Added hash-mode: RAR3-p (Uncompressed) - Added hash-mode: RSA/DSA/EC/OPENSSH Private Keys diff --git a/src/modules/module_24410.c b/src/modules/module_24410.c new file mode 100644 index 000000000..1a6b4274c --- /dev/null +++ b/src/modules/module_24410.c @@ -0,0 +1,363 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PRIVATE_KEY; +static const char *HASH_NAME = "PKCS#8 Private Keys (PBKDF2-HMAC-SHA1 + 3DES/AES)"; +static const u64 KERN_TYPE = 24410; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_SUGGEST_KG; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$PEM$1$4$f5662bd8383b4b40$2048$2993b585d3fb2e7b235ed13d90f637e2$1232$73984f2cba4d5e1d327a3f5a538a946099976ab865349091a452a838dc6855b6e539f920a078b14d949d8c739ea7ce26769dc0ba1619a9c0ee1864d1cfca9e61ddf6d9582439f2b65d00a3ff57c78d3176e9e88fc12da7acd421b624ba76f3d5f12926a3a9acd82f502d7638cfe2063fb2c773a56299ae1ec2c85641d33f5f8b3edfc6687fa9898325d384b3db7a7686704facb880c3898f69dd353a5d5d136b58a1e00e4711d3a01e0c632a5f3d5eff64c9e88166296b9b26f072a52bdc4893377e247b5cdb052f34e0b5d4de10a5dffe443a03b1a23f1edbcb00361334dbd6a6d31e16887b5290da2f865fbe1fef7b43c8f8f3432815ca860946560cb601ab83d417e6a4734aaf75692195566bde61e04610a9eff752c08f9ff85a48959daa7c65d03a0eca62e92bf10a55fb4834a49745a6c53d9c79d0591cb13cfa54f0d437d001b7924fd9dd69c98aa25e5d3f19649f79913bca827e7636ede04bf7c41ef54c42936b4eb93c75d941853dc7dda42b51ac5e4f5602fe2c3e62f252d28e02398943780598cf2bd41d183425daf34e86099c748eda2d5372029ebd089f619dab327ea728eb90342f2b48cd364e914a6078599afdb22a6fac6b55e1bf28b3284a0edc748b59c2eaa97e35d457d4c049f86fd3fc618c4c52f08776c0efb33011b96ef6f0b0e6ecf6d37dc20da8ab7d9b8154371c8e396d9b89ee02e6e6b013a0985b1f47c91f3b5a9e6c33736840e6044f46be1dbea4ec7730eccc6e993cb522bb220de4ed55156129f821d7df19439ab86990991cfd1992681716b5ff012ffa5519ad0baa01885f77f6a522469979f449232d408379558fcdfe5253371da835e0c77706dfa67ff28b1cd8d7fdf9e386899838532d8e57ec1ed3d31a96ae03f37b976fb6c503cc247113deaa070697728e3b36ce43de051ce13a4df91d22157c6281e8f9a16de007c6dddf03ffc79a9f4cfc3eaddd637a9a902fdba1c9e857a9ccd7c318db17cd40d8b588b5d97c7d03c0404473dd201aa5c6637e952c6299e35374127276b3eb4aeba754f3176fecea1731a0f917dd049fcdab34264a8c635ba90eec941aeb449a7eca263aaec9e46758bdf21caa896adb4652e9564d75c20e296fcdf28cbdeb702a1e7acf2374d24b51e6492b0bcc72a58748666a7278e2cb54fbdb68c6736ceb85dd92cd0465b19a65f7ad47e25658a34c3531db48c37ef279574e1892d80d80f3e9dee385ab65e6a4537f6e318817a785228160939d01632b8269858ce9092359048b09ae8b9c17ceb575216988bbeb91c1b5861c931f21e07d888ceb9b89d89d17608e2d5f0ae66b6e756f1eac9f80e13749f866ea6b741158296d3ced761999ad901a2121e233bf173865b6c0b32d68e6ef1d39bb411a1ee9d4d1cde870645b9922051b31cc0df640fb01d23c613091ba538999254b873fbb5996efdfbde5c933e1b6ef6d1c7d5e1a9bff6800c8625b07aba2c14143c1a33a0661c357e5db59a2f49aab35c13531774fb5b3795ed853d7f4e38910c7eeb3435353e2cfd0c94e61c16c8126928343f86222c5ef320b9e043d3cd357af4e065500f50e6bf9c260ca298bd5507c9498dbcea4ceec834449b7fb7249fdf199f66aa98d0a820b1057df1d67c43f49c6d18c3c902466b2b2b528075489261ef73bf711c7988fed65693798568bed43e4d70a800cd25b1773c455aaa153cea8f7013eae1e8f24c6793f590c8f6a112b46"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pkcs_sha1_tmp +{ + u32 ipad[5]; + u32 opad[5]; + + u32 dgst[32]; + u32 out[32]; + +} pkcs_sha1_tmp_t; + +typedef struct pkcs +{ + int cipher; + + u32 data_buf[16384]; + int data_len; + + u32 iv_buf[4]; + +} pkcs_t; + +static const char *SIGNATURE_PEM = "$PEM$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pkcs_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pkcs_sha1_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pkcs_t *pkcs = (pkcs_t *) esalt_buf; + + token_t token; + + token.token_cnt = 8; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_PEM; + + token.len[0] = 5; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '$'; + token.len_min[1] = 1; + token.len_max[1] = 1; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '$'; + token.len_min[2] = 1; + token.len_max[2] = 1; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[3] = '$'; + token.len_min[3] = 16; + token.len_max[3] = 16; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[4] = '$'; + token.len_min[4] = 1; + token.len_max[4] = 8; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[5] = '$'; + token.len_min[5] = 16; // can be either 16 or 32 + token.len_max[5] = 32; // exact check deeper in decoder code + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = '$'; + token.len_min[6] = 1; + token.len_max[6] = 8; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[7] = '$'; + token.len_min[7] = 64; // 64 = minimum size (32 byte) to avoid out of boundary read in kernel + token.len_max[7] = 65536; // 65536 = maximum asn.1 size fitting into 2 byte length integer + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // type + + const u8 *type_pos = token.buf[1]; + + if (type_pos[0] != '1') return (PARSER_SIGNATURE_UNMATCHED); + + // cipher + + const u8 *cipher_pos = token.buf[2]; + + int cipher = hc_strtoul ((const char *) cipher_pos, NULL, 10); + + if ((cipher != 1) + && (cipher != 2) + && (cipher != 3) + && (cipher != 4)) return (PARSER_CIPHER); + + pkcs->cipher = cipher; + + // salt buffer + + const u8 *salt_pos = token.buf[3]; + + salt->salt_buf[0] = hex_to_u32 (salt_pos + 0); + salt->salt_buf[1] = hex_to_u32 (salt_pos + 8); + + salt->salt_len = 8; + + // iter + + const u8 *iter_pos = token.buf[4]; + + const u32 iter = hc_strtoul ((const char *) iter_pos, NULL, 10); + + salt->salt_iter = iter - 1; + + // IV buffer + + const u8 *iv_pos = token.buf[5]; + const int iv_len = token.len[5]; + + if (cipher == 1) + { + if (iv_len != 16) return (PARSER_SALT_LENGTH); + + pkcs->iv_buf[0] = hex_to_u32 (iv_pos + 0); + pkcs->iv_buf[1] = hex_to_u32 (iv_pos + 8); + } + else + { + if (iv_len != 32) return (PARSER_SALT_LENGTH); + + pkcs->iv_buf[0] = hex_to_u32 (iv_pos + 0); + pkcs->iv_buf[1] = hex_to_u32 (iv_pos + 8); + pkcs->iv_buf[2] = hex_to_u32 (iv_pos + 16); + pkcs->iv_buf[3] = hex_to_u32 (iv_pos + 24); + } + + // data length + + const u8 *data_len_verify_pos = token.buf[6]; + + const int data_len_verify = hc_strtoul ((const char *) data_len_verify_pos, NULL, 10); + + // data + + const u8 *data_pos = token.buf[7]; + const int data_len = token.len[7]; + + pkcs->data_len = hex_decode (data_pos, data_len, (u8 *) pkcs->data_buf); + + if (data_len_verify != pkcs->data_len) return (PARSER_HASH_LENGTH); + + // data has to be a multiple of cipher block size + + int cipher_bs = 0; + + if (cipher == 1) { cipher_bs = 8; } + else if (cipher == 2) { cipher_bs = 16; } + else if (cipher == 3) { cipher_bs = 16; } + else if (cipher == 4) { cipher_bs = 16; } + + if (pkcs->data_len % cipher_bs) return (PARSER_HASH_LENGTH); + + // hash + + digest[0] = pkcs->data_buf[0]; + digest[1] = pkcs->data_buf[1]; + digest[2] = pkcs->data_buf[2]; + digest[3] = pkcs->data_buf[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + pkcs_t *pkcs = (pkcs_t *) esalt_buf; + + u8 *out_buf = (u8 *) line_buf; + + int out_len; + + if (pkcs->cipher == 1) + { + out_len = snprintf ((char *) out_buf, line_size, "%s1$%d$%08x%08x$%d$%08x%08x$%d$", + SIGNATURE_PEM, + pkcs->cipher, + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1]), + salt->salt_iter + 1, + byte_swap_32 (pkcs->iv_buf[0]), + byte_swap_32 (pkcs->iv_buf[1]), + pkcs->data_len); + } + else + { + out_len = snprintf ((char *) out_buf, line_size, "%s1$%d$%08x%08x$%d$%08x%08x%08x%08x$%d$", + SIGNATURE_PEM, + pkcs->cipher, + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1]), + salt->salt_iter + 1, + byte_swap_32 (pkcs->iv_buf[0]), + byte_swap_32 (pkcs->iv_buf[1]), + byte_swap_32 (pkcs->iv_buf[2]), + byte_swap_32 (pkcs->iv_buf[3]), + pkcs->data_len); + } + + out_len += hex_encode ((const u8 *) pkcs->data_buf, pkcs->data_len, (u8 *) out_buf + out_len); + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_24420.c b/src/modules/module_24420.c new file mode 100644 index 000000000..c45de065e --- /dev/null +++ b/src/modules/module_24420.c @@ -0,0 +1,363 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PRIVATE_KEY; +static const char *HASH_NAME = "PKCS#8 Private Keys (PBKDF2-HMAC-SHA256 + 3DES/AES)"; +static const u64 KERN_TYPE = 24420; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_SUGGEST_KG; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$PEM$2$4$ed02960b8a10b1f1$2048$a634c482a95f23bd8fada558e1bac2cf$1232$50b21db4aededb96417a9b88131e6bc3727739b4aa1413417338efaa6a756f27c32db5c339d9c3ba61c746bbe3d6c5e0a023f965e70fb617e78a00890b8c7fc7c9f5e0ab39f35bf58ab40f6ed15441338134d041ca59783437ef681a51132c085abb3830df95e9f94d11da54d61679ca6e40136da96ffe205ce191002458143f03cba3aeca6b22a3f0689d5582b3e6c01baee7a04d875ed44bb84fa0ed0a3aae1ed392645cced385498eef4ec25bf6d1399f1487f3625fad9fee25aabf18edb1ce5e640e834d31251b882601f23c2b2d77a45c84e0fc8a3a42e3ff9f75e7ac815c57a7e943ad803ab3672f85a37c6b92d0813590d47a31788643449dce67f135363a0c14f089629a1274b124539535df5f50df5d4402f7a109738f56467725a8aa3884562c8b4c42c068c3502be86e20ac9c52c0daec22e47dcbefebe902b1dc791ed3cd069c7f9211e43f5a3274450f4b0f0b7c6f59adeca8b39ed130b6cbda7cf98e15bbba21fa1758a28dc2edf2e2f17fc353853dc881458e59184f5a8f6e09456e4d71d90135a8ce67350f7bcb3d900e75585e3a87c0c8482f3917347fcfad4fdb8915991cffd20dae1502d0f69d385244e489e50cc9f24b15a5f9d0b00d62805026db5378b5408d7d719786eb043659a452096736e4a7501548655df83045dc4e86bd3319f2982e6db2bbb239019202cebf2ca68c05b578ba95cef82397b145c80208cd7ffd9b0cd5fc3d0d7ea26401c8e11c28ab8d1a524b884962e7fee597943a5e38137abb8b26a7772f0ad6dad074dcfd0b5794822aa7e43d10cab2c95e63b6459706dc21a1cbbd7ae4c96b40ee4d7039cf84c416cb879b2d30b7ac5e1860dcd2ab5479c39b748f5fd9336934c9c1e8064ffb0906c0c2898479209d1a9c97c3cd1782d7514e94d01b242a371a2df5592d620ebd6e18e63ff24ee8ba182f17e6c578431d738e955a957469e8069a919fd3a15532d460201d4e38ac04ac494b9cde1731d4511bf8faf8420a9de4f8c7d3d721fc30d8c3664683fd91ad3515e97092fb652205fb087890cb594947f5372c9b0b27f08b4b57bf610f777fcf040e6e7b8cedf85113dfd909cbac4b774c7580686f2e1f261898da4c6804d573fb22248005f5e0d3b256a0f3dcb71c47b3d674352bda82c22a513e381f990b6100328185511de9b3352126c5aedb9b0bde15743b42e231ef7227c0fe478044ce69474a740366058f07e56dde7d6089cb76e606482e7ba206355fc0fa180c4a41ae781e4723120e3d5a1dd40224db2c959ecbc9bce88bfeed64082d07b111e88a2d8a6a6fe097c9a298a6c3f76beb5b3b5aecedbbbcd404aac8fd25c069c747338ca0c81e6b63d87fc4f0bc18a86b721e3a16e9875741e0313057de8476ee84e36efe557dc33a7d23a9426f2e359781147607ad79235c9d7846320fe2d963fac79a5c92ff3067595273931174d2173f63cfceb9f62a873e7c240d3c260bcfb02b2697911321a72455cacc6929133d0af2cdf6d59a63293ac508786a4850267f90993fff3b6c07bbf3af0e3c08638148101ae1495da3360614866e238c4f60ca00f615877be80cc708da5ea1c30032acffd0e55429ba29dca409349d901a49831db44c1e58b7530b383d3f7e1cac79200cad9bdf87451783f2ffdab09b230aab52b41fa42fdd9f1f05a3dda0fa16b011c51e330d044adf394bbbb7fa25efc860f3082e42824be3b96943afbe641fe6bb"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pkcs_sha256_tmp +{ + u32 ipad[8]; + u32 opad[8]; + + u32 dgst[32]; + u32 out[32]; + +} pkcs_sha256_tmp_t; + +typedef struct pkcs +{ + int cipher; + + u32 data_buf[16384]; + int data_len; + + u32 iv_buf[4]; + +} pkcs_t; + +static const char *SIGNATURE_PEM = "$PEM$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pkcs_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pkcs_sha256_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pkcs_t *pkcs = (pkcs_t *) esalt_buf; + + token_t token; + + token.token_cnt = 8; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_PEM; + + token.len[0] = 5; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '$'; + token.len_min[1] = 1; + token.len_max[1] = 1; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '$'; + token.len_min[2] = 1; + token.len_max[2] = 1; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[3] = '$'; + token.len_min[3] = 16; + token.len_max[3] = 16; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[4] = '$'; + token.len_min[4] = 1; + token.len_max[4] = 8; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[5] = '$'; + token.len_min[5] = 16; // can be either 16 or 32 + token.len_max[5] = 32; // exact check deeper in decoder code + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = '$'; + token.len_min[6] = 1; + token.len_max[6] = 8; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[7] = '$'; + token.len_min[7] = 64; // 64 = minimum size (32 byte) to avoid out of boundary read in kernel + token.len_max[7] = 65536; // 65536 = maximum asn.1 size fitting into 2 byte length integer + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // type + + const u8 *type_pos = token.buf[1]; + + if (type_pos[0] != '2') return (PARSER_SIGNATURE_UNMATCHED); + + // cipher + + const u8 *cipher_pos = token.buf[2]; + + int cipher = hc_strtoul ((const char *) cipher_pos, NULL, 10); + + if ((cipher != 1) + && (cipher != 2) + && (cipher != 3) + && (cipher != 4)) return (PARSER_CIPHER); + + pkcs->cipher = cipher; + + // salt buffer + + const u8 *salt_pos = token.buf[3]; + + salt->salt_buf[0] = hex_to_u32 (salt_pos + 0); + salt->salt_buf[1] = hex_to_u32 (salt_pos + 8); + + salt->salt_len = 8; + + // iter + + const u8 *iter_pos = token.buf[4]; + + const u32 iter = hc_strtoul ((const char *) iter_pos, NULL, 10); + + salt->salt_iter = iter - 1; + + // IV buffer + + const u8 *iv_pos = token.buf[5]; + const int iv_len = token.len[5]; + + if (cipher == 1) + { + if (iv_len != 16) return (PARSER_SALT_LENGTH); + + pkcs->iv_buf[0] = hex_to_u32 (iv_pos + 0); + pkcs->iv_buf[1] = hex_to_u32 (iv_pos + 8); + } + else + { + if (iv_len != 32) return (PARSER_SALT_LENGTH); + + pkcs->iv_buf[0] = hex_to_u32 (iv_pos + 0); + pkcs->iv_buf[1] = hex_to_u32 (iv_pos + 8); + pkcs->iv_buf[2] = hex_to_u32 (iv_pos + 16); + pkcs->iv_buf[3] = hex_to_u32 (iv_pos + 24); + } + + // data length + + const u8 *data_len_verify_pos = token.buf[6]; + + const int data_len_verify = hc_strtoul ((const char *) data_len_verify_pos, NULL, 10); + + // data + + const u8 *data_pos = token.buf[7]; + const int data_len = token.len[7]; + + pkcs->data_len = hex_decode (data_pos, data_len, (u8 *) pkcs->data_buf); + + if (data_len_verify != pkcs->data_len) return (PARSER_HASH_LENGTH); + + // data has to be a multiple of cipher block size + + int cipher_bs = 0; + + if (cipher == 1) { cipher_bs = 8; } + else if (cipher == 2) { cipher_bs = 16; } + else if (cipher == 3) { cipher_bs = 16; } + else if (cipher == 4) { cipher_bs = 16; } + + if (pkcs->data_len % cipher_bs) return (PARSER_HASH_LENGTH); + + // hash + + digest[0] = pkcs->data_buf[0]; + digest[1] = pkcs->data_buf[1]; + digest[2] = pkcs->data_buf[2]; + digest[3] = pkcs->data_buf[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + pkcs_t *pkcs = (pkcs_t *) esalt_buf; + + u8 *out_buf = (u8 *) line_buf; + + int out_len; + + if (pkcs->cipher == 1) + { + out_len = snprintf ((char *) out_buf, line_size, "%s2$%d$%08x%08x$%d$%08x%08x$%d$", + SIGNATURE_PEM, + pkcs->cipher, + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1]), + salt->salt_iter + 1, + byte_swap_32 (pkcs->iv_buf[0]), + byte_swap_32 (pkcs->iv_buf[1]), + pkcs->data_len); + } + else + { + out_len = snprintf ((char *) out_buf, line_size, "%s2$%d$%08x%08x$%d$%08x%08x%08x%08x$%d$", + SIGNATURE_PEM, + pkcs->cipher, + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1]), + salt->salt_iter + 1, + byte_swap_32 (pkcs->iv_buf[0]), + byte_swap_32 (pkcs->iv_buf[1]), + byte_swap_32 (pkcs->iv_buf[2]), + byte_swap_32 (pkcs->iv_buf[3]), + pkcs->data_len); + } + + out_len += hex_encode ((const u8 *) pkcs->data_buf, pkcs->data_len, (u8 *) out_buf + out_len); + + return out_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m24410.pm b/tools/test_modules/m24410.pm new file mode 100644 index 000000000..ccb5d3eb1 --- /dev/null +++ b/tools/test_modules/m24410.pm @@ -0,0 +1,212 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::CBC; +use Crypt::PBKDF2; +use Convert::ASN1 qw(:io); + +sub module_constraints { [[0, 256], [16, 16], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $cid = shift // random_number (1, 4); + my $iter = shift // 2048; + my $iv = shift; + my $data = shift; + + my $key_len = 0; + + if ($cid == 1) { $key_len = 24; } + elsif ($cid == 2) { $key_len = 16; } + elsif ($cid == 3) { $key_len = 24; } + elsif ($cid == 4) { $key_len = 32; } + + my $kdf = Crypt::PBKDF2->new + ( + hash_class => 'HMACSHA1', + iterations => $iter, + output_len => $key_len + ); + + my $salt_bin = pack ("H*", $salt); + my $iv_bin; + my $data_bin; + + my $key = $kdf->PBKDF2 ($salt_bin, $word); + + my $is_decrypt = defined ($data); + + if ($is_decrypt == 1) + { + $iv_bin = pack ("H*", $iv); + $data_bin = pack ("H*", $data); + + my $dec_bin; + + if ($cid == 1) + { + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::DES_EDE3", + key => $key, + iv => $iv_bin, + keysize => $key_len, + literal_key => 1, + header => "none", + padding => "standard", + }); + + $dec_bin = $aes->decrypt ($data_bin); + } + else + { + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::Rijndael", + key => $key, + iv => $iv_bin, + keysize => $key_len, + literal_key => 1, + header => "none", + padding => "standard", + }); + + $dec_bin = $aes->decrypt ($data_bin); + } + + ## This is a ridiculous check of successfull decryption + ## There are no useable asn1 parsers for perl available + ## We have to rely on a combination of padding check and pattern matching + ## The (minimum) 16 bit should be good enough for a unit test + + if (length ($dec_bin) < length ($data_bin)) + { + if (substr ($dec_bin, 0, 1) eq "\x30") + { + $data_bin = $dec_bin; + } + } + } + else + { + if ($cid == 1) + { + $iv_bin = random_bytes (8); + } + else + { + $iv_bin = random_bytes (16); + } + + $data_bin = pack ("H*", + "308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100b7a2" . + "e4c254c8174219e60d9cce96737a906797b8edb86af8f055f60db7bd298b0d31d7ce97ebeae393d5" . + "0e6da5215b58dcd72f4d3cac9e79b6ccaed7da47d2bd04f6a767f5ab7dc0f58beb6298c1e2358ed6" . + "d3ef441f2326ac5db0027e08ae6c7724ff9a2a220a07e97319b6eff5cd653c7ab8b6ea9f9e89a40a" . + "b856f036acfd39b1e5926964a024de35052de6d3423fe763569f48869c834750b28f09cecdddb54a" . + "5526a2c5159d22d24606a2af6c6f47a5d9c04c454896192b8e7b82cf6f6934a23d3495059cb7e43b" . + "98a20bd5b5782e15d93c8b289838c0a1df82ee429f0708d97aa40d6e75ec57ff12a2714871f241a8" . + "6f6d8d3472b084aeb748da33e2d50203010001028201004afab8dadc1122e5fb7b225dbf4051005f" . + "4bdcf84620019589541ff633ea89b6dbf958fb62ae9226bfeac34c639b3e18077bd935792ba63d5e" . + "352ec2b5be93be57f37a21097f2f06857bceed601ff2041a417f2177b81afb246fd079040af96512" . + "34ca24a1456ac11641c7e319114cff23f59bcc1bfa769a0e9fcdeab98429973e10caf303f2bcb065" . + "f22c1cc259556de8377431237da7082cf03ce8da9530be398022f0171d468d92fcabbe776a5e9cf2" . + "045642868406fd03ab735a70bfec3a951bb3c7a1de0fb3ff63cef23897e4fc3f9c5edf62fd45d058" . + "fedc7d2fb22ec928984a061053a7138ce0417b5512579a92be0775104c0bc911f68a5e8ede298102" . + "818100e4e17e2c752dbf1ad1025a074dc5f9c3c5989d23c84594313373d3e4ed0c0ddd74429ab026" . + "535c5e77549d888835bc94f069ebc5e77fdbd2ddf4c8be6cf777799a6d8d18e2b8cecfc13ab26df8" . + "b71ca3d94c2193c294042fb1025fdab38ba7aaeafebd8dd1f9d78ee67100693e99255dad6b964ebf" . + "b7401a03b67d412fabb33502818100cd65067097e307643df1fc8214db1dd7d09342ef01417a2620" . + "adad87352a58b8fcf07521289da3851623d8d045935fab7ecccc52ba0b86adcb92da76255e00289b" . + "af9aacd936201861b0021249f4ab5e6020db823af7171aef0bbbd02dc94d2489fc0b68500bd1b7d2" . + "81ed69fe4a44384161fe906e49bc91e0362b446ec2c521028180497662d40c2c49b966ba758100a2" . + "799f2f8de369f7bef568b1560cfdde63cf13745c685fff7d2419a1fd83aeade1698cf87956d6a78e" . + "2f55482e683c4ea7432ec1b545e365e9e15f676ada98578b166334bcadce4a56cddd2cd85141d5fd" . + "0e2cdace36b30d613ea1bc2f2aed9cccf4e4536443d334cfb180680eabb73f80c1bd0281803f30fc" . + "b93951a4dd875d62e5968b0f746d7c51147d5b6abc3e4390e6cf4997005af993dfbec23923e1fae7" . + "62b47531f2ee510defc9c3700d1a5bb510b2506856160801db79fc78056850a16285145c80edac4e" . + "3c93ed9f532f067a2303633273b26c340a44ce4e1873107c3da6f9ac616e643ad0aecdcad14a9cff" . + "d4cf0ae76102818100b82528a3dfc595cf9c6a025998491e3b4849c71aa8d1222ddb14af7f82fbe5" . + "169ec3ba18ec28d5a9501e95bc9da72cea99e4cdfdf898f40bec6b28f838243d2f39d7226e0873ed" . + "ee752bcae07639a4bd0eb31be1718c456391630b83ad0e9bf3fa18a645007e64fe59af467ea021f9" . + "e9a0dd759b21cd0b93333a73116abcaa2a" + ); + } + + my $enc_bin; + + if ($cid == 1) + { + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::DES_EDE3", + key => $key, + iv => $iv_bin, + keysize => $key_len, + literal_key => 1, + header => "none", + padding => "standard", + }); + + $enc_bin = $aes->encrypt ($data_bin); + } + else + { + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::Rijndael", + key => $key, + iv => $iv_bin, + keysize => $key_len, + literal_key => 1, + header => "none", + padding => "standard", + }); + + $enc_bin = $aes->encrypt ($data_bin); + } + + my $hash = sprintf ('$PEM$1$%d$%s$%d$%s$%d$%s', $cid, unpack ("H*", $salt_bin), $iter, unpack ("H*", $iv_bin), length ($enc_bin), unpack ("H*", $enc_bin)); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $idx = index ($line, ':'); + + return unless $idx >= 0; + + my $hash = substr ($line, 0, $idx); + my $word = substr ($line, $idx + 1); + + return unless substr ($hash, 0, 6) eq '$PEM$1'; + + my (undef, $signature, $hid, $cid, $salt, $iter, $iv, undef, $data) = split '\$', $hash; + + return unless defined $signature; + return unless defined $hid; + return unless defined $cid; + return unless defined $salt; + return unless defined $iter; + return unless defined $iv; + return unless defined $data; + + return unless ($signature eq 'PEM'); + return unless ($hid eq '1'); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt, $cid, $iter, $iv, $data); + + return ($new_hash, $word); +} + +1; diff --git a/tools/test_modules/m24420.pm b/tools/test_modules/m24420.pm new file mode 100644 index 000000000..c06b0478f --- /dev/null +++ b/tools/test_modules/m24420.pm @@ -0,0 +1,212 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::CBC; +use Crypt::PBKDF2; +use Convert::ASN1 qw(:io); + +sub module_constraints { [[0, 256], [16, 16], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $cid = shift // random_number (1, 4); + my $iter = shift // 2048; + my $iv = shift; + my $data = shift; + + my $key_len = 0; + + if ($cid == 1) { $key_len = 24; } + elsif ($cid == 2) { $key_len = 16; } + elsif ($cid == 3) { $key_len = 24; } + elsif ($cid == 4) { $key_len = 32; } + + my $kdf = Crypt::PBKDF2->new + ( + hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256), + iterations => $iter, + output_len => $key_len + ); + + my $salt_bin = pack ("H*", $salt); + my $iv_bin; + my $data_bin; + + my $key = $kdf->PBKDF2 ($salt_bin, $word); + + my $is_decrypt = defined ($data); + + if ($is_decrypt == 1) + { + $iv_bin = pack ("H*", $iv); + $data_bin = pack ("H*", $data); + + my $dec_bin; + + if ($cid == 1) + { + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::DES_EDE3", + key => $key, + iv => $iv_bin, + keysize => $key_len, + literal_key => 1, + header => "none", + padding => "standard", + }); + + $dec_bin = $aes->decrypt ($data_bin); + } + else + { + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::Rijndael", + key => $key, + iv => $iv_bin, + keysize => $key_len, + literal_key => 1, + header => "none", + padding => "standard", + }); + + $dec_bin = $aes->decrypt ($data_bin); + } + + ## This is a ridiculous check of successfull decryption + ## There are no useable asn1 parsers for perl available + ## We have to rely on a combination of padding check and pattern matching + ## The (minimum) 16 bit should be good enough for a unit test + + if (length ($dec_bin) < length ($data_bin)) + { + if (substr ($dec_bin, 0, 1) eq "\x30") + { + $data_bin = $dec_bin; + } + } + } + else + { + if ($cid == 1) + { + $iv_bin = random_bytes (8); + } + else + { + $iv_bin = random_bytes (16); + } + + $data_bin = pack ("H*", + "308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100b7a2" . + "e4c254c8174219e60d9cce96737a906797b8edb86af8f055f60db7bd298b0d31d7ce97ebeae393d5" . + "0e6da5215b58dcd72f4d3cac9e79b6ccaed7da47d2bd04f6a767f5ab7dc0f58beb6298c1e2358ed6" . + "d3ef441f2326ac5db0027e08ae6c7724ff9a2a220a07e97319b6eff5cd653c7ab8b6ea9f9e89a40a" . + "b856f036acfd39b1e5926964a024de35052de6d3423fe763569f48869c834750b28f09cecdddb54a" . + "5526a2c5159d22d24606a2af6c6f47a5d9c04c454896192b8e7b82cf6f6934a23d3495059cb7e43b" . + "98a20bd5b5782e15d93c8b289838c0a1df82ee429f0708d97aa40d6e75ec57ff12a2714871f241a8" . + "6f6d8d3472b084aeb748da33e2d50203010001028201004afab8dadc1122e5fb7b225dbf4051005f" . + "4bdcf84620019589541ff633ea89b6dbf958fb62ae9226bfeac34c639b3e18077bd935792ba63d5e" . + "352ec2b5be93be57f37a21097f2f06857bceed601ff2041a417f2177b81afb246fd079040af96512" . + "34ca24a1456ac11641c7e319114cff23f59bcc1bfa769a0e9fcdeab98429973e10caf303f2bcb065" . + "f22c1cc259556de8377431237da7082cf03ce8da9530be398022f0171d468d92fcabbe776a5e9cf2" . + "045642868406fd03ab735a70bfec3a951bb3c7a1de0fb3ff63cef23897e4fc3f9c5edf62fd45d058" . + "fedc7d2fb22ec928984a061053a7138ce0417b5512579a92be0775104c0bc911f68a5e8ede298102" . + "818100e4e17e2c752dbf1ad1025a074dc5f9c3c5989d23c84594313373d3e4ed0c0ddd74429ab026" . + "535c5e77549d888835bc94f069ebc5e77fdbd2ddf4c8be6cf777799a6d8d18e2b8cecfc13ab26df8" . + "b71ca3d94c2193c294042fb1025fdab38ba7aaeafebd8dd1f9d78ee67100693e99255dad6b964ebf" . + "b7401a03b67d412fabb33502818100cd65067097e307643df1fc8214db1dd7d09342ef01417a2620" . + "adad87352a58b8fcf07521289da3851623d8d045935fab7ecccc52ba0b86adcb92da76255e00289b" . + "af9aacd936201861b0021249f4ab5e6020db823af7171aef0bbbd02dc94d2489fc0b68500bd1b7d2" . + "81ed69fe4a44384161fe906e49bc91e0362b446ec2c521028180497662d40c2c49b966ba758100a2" . + "799f2f8de369f7bef568b1560cfdde63cf13745c685fff7d2419a1fd83aeade1698cf87956d6a78e" . + "2f55482e683c4ea7432ec1b545e365e9e15f676ada98578b166334bcadce4a56cddd2cd85141d5fd" . + "0e2cdace36b30d613ea1bc2f2aed9cccf4e4536443d334cfb180680eabb73f80c1bd0281803f30fc" . + "b93951a4dd875d62e5968b0f746d7c51147d5b6abc3e4390e6cf4997005af993dfbec23923e1fae7" . + "62b47531f2ee510defc9c3700d1a5bb510b2506856160801db79fc78056850a16285145c80edac4e" . + "3c93ed9f532f067a2303633273b26c340a44ce4e1873107c3da6f9ac616e643ad0aecdcad14a9cff" . + "d4cf0ae76102818100b82528a3dfc595cf9c6a025998491e3b4849c71aa8d1222ddb14af7f82fbe5" . + "169ec3ba18ec28d5a9501e95bc9da72cea99e4cdfdf898f40bec6b28f838243d2f39d7226e0873ed" . + "ee752bcae07639a4bd0eb31be1718c456391630b83ad0e9bf3fa18a645007e64fe59af467ea021f9" . + "e9a0dd759b21cd0b93333a73116abcaa2a" + ); + } + + my $enc_bin; + + if ($cid == 1) + { + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::DES_EDE3", + key => $key, + iv => $iv_bin, + keysize => $key_len, + literal_key => 1, + header => "none", + padding => "standard", + }); + + $enc_bin = $aes->encrypt ($data_bin); + } + else + { + my $aes = Crypt::CBC->new ({ + cipher => "Crypt::Rijndael", + key => $key, + iv => $iv_bin, + keysize => $key_len, + literal_key => 1, + header => "none", + padding => "standard", + }); + + $enc_bin = $aes->encrypt ($data_bin); + } + + my $hash = sprintf ('$PEM$2$%d$%s$%d$%s$%d$%s', $cid, unpack ("H*", $salt_bin), $iter, unpack ("H*", $iv_bin), length ($enc_bin), unpack ("H*", $enc_bin)); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $idx = index ($line, ':'); + + return unless $idx >= 0; + + my $hash = substr ($line, 0, $idx); + my $word = substr ($line, $idx + 1); + + return unless substr ($hash, 0, 6) eq '$PEM$2'; + + my (undef, $signature, $hid, $cid, $salt, $iter, $iv, undef, $data) = split '\$', $hash; + + return unless defined $signature; + return unless defined $hid; + return unless defined $cid; + return unless defined $salt; + return unless defined $iter; + return unless defined $iv; + return unless defined $data; + + return unless ($signature eq 'PEM'); + return unless ($hid eq '2'); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt, $cid, $iter, $iv, $data); + + return ($new_hash, $word); +} + +1;