Prepare for DPAPI masterkey Context 3

2 years ago · fe96e26eff
parent 233cd56f16
commit fe96e26eff
5 changed files with 27 additions and 21 deletions
--- a/OpenCL/m15300-pure.cl
+++ b/OpenCL/m15300-pure.cl
@ -19,6 +19,17 @@
 #define COMPARE_S M2S(INCLUDE_PATH/inc_comp_single.cl)
 #define COMPARE_M M2S(INCLUDE_PATH/inc_comp_multi.cl)

+typedef struct dpapimk_tmp_v1
+{
+  u32 ipad[5];
+  u32 opad[5];
+  u32 dgst[10];
+  u32 out[10];
+
+  u32 userKey[5];
+
+} dpapimk_tmp_v1_t;
+
 typedef struct dpapimk
 {
  u32 context;
@ -39,17 +50,6 @@ typedef struct dpapimk

 } dpapimk_t;

-typedef struct dpapimk_tmp_v1
-{
-  u32 ipad[5];
-  u32 opad[5];
-  u32 dgst[10];
-  u32 out[10];
-
-  u32 userKey[5];
-
-} dpapimk_tmp_v1_t;
-
 DECLSPEC void hmac_sha1_run_V (PRIVATE_AS u32x *w0, PRIVATE_AS u32x *w1, PRIVATE_AS u32x *w2, PRIVATE_AS u32x *w3, PRIVATE_AS u32x *ipad, PRIVATE_AS u32x *opad, PRIVATE_AS u32x *digest)
 {
  digest[0] = ipad[0];
--- a/src/modules/module_15300.c
+++ b/src/modules/module_15300.c
@ -18,7 +18,7 @@ static const u32   DGST_POS2      = 2;
 static const u32   DGST_POS3      = 3;
 static const u32   DGST_SIZE      = DGST_SIZE_4_4;
 static const u32   HASH_CATEGORY  = HASH_CATEGORY_OS;
-static const char *HASH_NAME      = "DPAPI masterkey file v1";
+static const char *HASH_NAME      = "DPAPI masterkey file v1 (context 1 and 2)";
 static const u64   KERN_TYPE      = 15300;
 static const u32   OPTI_TYPE      = OPTI_TYPE_ZERO_BYTE
                                  | OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
@ -224,6 +224,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE

  dpapimk->context = hc_strtoul ((const char *) context_pos, NULL, 10);

+  if (dpapimk->context != 1 && dpapimk->context != 2) return (PARSER_SALT_LENGTH);
+
  for (u32 i = 0; i < dpapimk->contents_len / 8; i++)
  {
    dpapimk->contents[i] = hex_to_u32 ((const u8 *) &contents_pos[i * 8]);
--- a/src/modules/module_15900.c
+++ b/src/modules/module_15900.c
@ -18,7 +18,7 @@ static const u32   DGST_POS2      = 2;
 static const u32   DGST_POS3      = 3;
 static const u32   DGST_SIZE      = DGST_SIZE_4_4;
 static const u32   HASH_CATEGORY  = HASH_CATEGORY_OS;
-static const char *HASH_NAME      = "DPAPI masterkey file v2";
+static const char *HASH_NAME      = "DPAPI masterkey file v2 (context 1 and 2)";
 static const u64   KERN_TYPE      = 15900;
 static const u32   OPTI_TYPE      = OPTI_TYPE_ZERO_BYTE
                                  | OPTI_TYPE_USES_BITS_64
@ -212,6 +212,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE

  dpapimk->context = hc_strtoul ((const char *) context_pos, NULL, 10);

+  if (dpapimk->context != 1 && dpapimk->context != 2) return (PARSER_SALT_LENGTH);
+
  for (u32 i = 0; i < dpapimk->contents_len / 8; i++)
  {
    dpapimk->contents[i] = hex_to_u32 ((const u8 *) &contents_pos[i * 8]);
--- a/tools/test_modules/m15300.pm
+++ b/tools/test_modules/m15300.pm
@ -130,11 +130,11 @@ sub module_generate_hash

  if ($context == 1)
  {
-     $user_hash = sha1 (encode ("UTF-16LE", $word_buf));
+    $user_hash = sha1 (encode ("UTF-16LE", $word_buf));
  }
  elsif ($context == 2)
  {
-     $user_hash = md4 (encode ("UTF-16LE", $word_buf));
+    $user_hash = md4 (encode ("UTF-16LE", $word_buf));
  }

  $user_derivationKey = hmac_sha1 (encode ("UTF-16LE", $SID . "\x00"), $user_hash);
@ -375,15 +375,15 @@ sub module_verify_hash

  my $signature = $tmp_data[1];

-  next unless ($signature eq 'DPAPImk');
+  return unless ($signature eq 'DPAPImk');

  my @data = split ('\*', $tmp_data[2]);

-  next unless (scalar @data == 9);
+  return unless (scalar @data == 9);

  my $version = shift @data;

-  next unless ($version == 1 || $version == 2);
+  return unless ($version == 1 || $version == 2);

  my $context          = shift @data;
  my $SID              = shift @data;
@ -394,7 +394,8 @@ sub module_verify_hash
  my $cipher_len       = shift @data;
  my $cipher           = shift @data;

-  next unless (length ($cipher) == $cipher_len);
+  return unless ($context == 1 || $context == 2);
+  return unless (length ($cipher) == $cipher_len);

  if ($version == 1)
  {
--- a/tools/test_modules/m15900.pm
+++ b/tools/test_modules/m15900.pm
@ -132,11 +132,11 @@ sub module_generate_hash

  if ($context == 1)
  {
-     $user_hash = sha1 (encode ("UTF-16LE", $word_buf));
+    $user_hash = sha1 (encode ("UTF-16LE", $word_buf));
  }
  elsif ($context == 2)
  {
-     $user_hash = md4 (encode ("UTF-16LE", $word_buf));
+    $user_hash = md4 (encode ("UTF-16LE", $word_buf));
  }

  $user_derivationKey = hmac_sha1 (encode ("UTF-16LE", $SID . "\x00"), $user_hash);
@ -396,6 +396,7 @@ sub module_verify_hash
  my $cipher_len       = shift @data;
  my $cipher           = shift @data;

+  return unless ($context == 1 || $context == 2);
  return unless (length ($cipher) == $cipher_len);

  if ($version == 1)