mirror of
https://github.com/hashcat/hashcat.git
synced 2025-07-23 23:18:21 +00:00

Updated kernel declarations from "KERNEL_FQ void HC_ATTR_SEQ" to "KERNEL_FQ KERNEL_FA void". Please update your custom plugin kernels accordingly. Added spilling size as a factor in calculating usable memory per device. This is based on undocumented variables and may not be 100% accurate, but it works well in practice. Added a compiler hint to scrypt-based kernels indicating the guaranteed maximum thread count per kernel invocation. Removed redundant kernel code 29800, as it is identical to 27700, and updated the plugin.
443 lines
11 KiB
Common Lisp
443 lines
11 KiB
Common Lisp
/**
|
|
* Author......: See docs/credits.txt
|
|
* License.....: MIT
|
|
*/
|
|
|
|
#define NEW_SIMD_CODE
|
|
|
|
#ifdef KERNEL_STATIC
|
|
#include M2S(INCLUDE_PATH/inc_vendor.h)
|
|
#include M2S(INCLUDE_PATH/inc_types.h)
|
|
#include M2S(INCLUDE_PATH/inc_platform.cl)
|
|
#include M2S(INCLUDE_PATH/inc_common.cl)
|
|
#include M2S(INCLUDE_PATH/inc_simd.cl)
|
|
#include M2S(INCLUDE_PATH/inc_hash_sha256.cl)
|
|
#include M2S(INCLUDE_PATH/inc_hash_sha512.cl)
|
|
#include M2S(INCLUDE_PATH/inc_ecc_secp256k1.cl)
|
|
#endif
|
|
|
|
#define COMPARE_M M2S(INCLUDE_PATH/inc_comp_multi.cl)
|
|
|
|
typedef struct electrum
|
|
{
|
|
secp256k1_t coords;
|
|
|
|
u32 data_buf[4096];
|
|
u32 data_len;
|
|
|
|
} electrum_t;
|
|
|
|
typedef struct electrum_tmp
|
|
{
|
|
u64 ipad[8];
|
|
u64 opad[8];
|
|
|
|
u64 dgst[8];
|
|
u64 out[8];
|
|
|
|
} electrum_tmp_t;
|
|
|
|
DECLSPEC void hmac_sha512_run_V (PRIVATE_AS u32x *w0, PRIVATE_AS u32x *w1, PRIVATE_AS u32x *w2, PRIVATE_AS u32x *w3, PRIVATE_AS u32x *w4, PRIVATE_AS u32x *w5, PRIVATE_AS u32x *w6, PRIVATE_AS u32x *w7, PRIVATE_AS u64x *ipad, PRIVATE_AS u64x *opad, PRIVATE_AS u64x *digest)
|
|
{
|
|
digest[0] = ipad[0];
|
|
digest[1] = ipad[1];
|
|
digest[2] = ipad[2];
|
|
digest[3] = ipad[3];
|
|
digest[4] = ipad[4];
|
|
digest[5] = ipad[5];
|
|
digest[6] = ipad[6];
|
|
digest[7] = ipad[7];
|
|
|
|
sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest);
|
|
|
|
w0[0] = h32_from_64 (digest[0]);
|
|
w0[1] = l32_from_64 (digest[0]);
|
|
w0[2] = h32_from_64 (digest[1]);
|
|
w0[3] = l32_from_64 (digest[1]);
|
|
w1[0] = h32_from_64 (digest[2]);
|
|
w1[1] = l32_from_64 (digest[2]);
|
|
w1[2] = h32_from_64 (digest[3]);
|
|
w1[3] = l32_from_64 (digest[3]);
|
|
w2[0] = h32_from_64 (digest[4]);
|
|
w2[1] = l32_from_64 (digest[4]);
|
|
w2[2] = h32_from_64 (digest[5]);
|
|
w2[3] = l32_from_64 (digest[5]);
|
|
w3[0] = h32_from_64 (digest[6]);
|
|
w3[1] = l32_from_64 (digest[6]);
|
|
w3[2] = h32_from_64 (digest[7]);
|
|
w3[3] = l32_from_64 (digest[7]);
|
|
w4[0] = 0x80000000;
|
|
w4[1] = 0;
|
|
w4[2] = 0;
|
|
w4[3] = 0;
|
|
w5[0] = 0;
|
|
w5[1] = 0;
|
|
w5[2] = 0;
|
|
w5[3] = 0;
|
|
w6[0] = 0;
|
|
w6[1] = 0;
|
|
w6[2] = 0;
|
|
w6[3] = 0;
|
|
w7[0] = 0;
|
|
w7[1] = 0;
|
|
w7[2] = 0;
|
|
w7[3] = (128 + 64) * 8;
|
|
|
|
digest[0] = opad[0];
|
|
digest[1] = opad[1];
|
|
digest[2] = opad[2];
|
|
digest[3] = opad[3];
|
|
digest[4] = opad[4];
|
|
digest[5] = opad[5];
|
|
digest[6] = opad[6];
|
|
digest[7] = opad[7];
|
|
|
|
sha512_transform_vector (w0, w1, w2, w3, w4, w5, w6, w7, digest);
|
|
}
|
|
|
|
KERNEL_FQ KERNEL_FA void m21700_init (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t))
|
|
{
|
|
/**
|
|
* base
|
|
*/
|
|
|
|
const u64 gid = get_global_id (0);
|
|
|
|
if (gid >= GID_CNT) return;
|
|
|
|
sha512_hmac_ctx_t sha512_hmac_ctx;
|
|
|
|
sha512_hmac_init_global_swap (&sha512_hmac_ctx, pws[gid].i, pws[gid].pw_len);
|
|
|
|
tmps[gid].ipad[0] = sha512_hmac_ctx.ipad.h[0];
|
|
tmps[gid].ipad[1] = sha512_hmac_ctx.ipad.h[1];
|
|
tmps[gid].ipad[2] = sha512_hmac_ctx.ipad.h[2];
|
|
tmps[gid].ipad[3] = sha512_hmac_ctx.ipad.h[3];
|
|
tmps[gid].ipad[4] = sha512_hmac_ctx.ipad.h[4];
|
|
tmps[gid].ipad[5] = sha512_hmac_ctx.ipad.h[5];
|
|
tmps[gid].ipad[6] = sha512_hmac_ctx.ipad.h[6];
|
|
tmps[gid].ipad[7] = sha512_hmac_ctx.ipad.h[7];
|
|
|
|
tmps[gid].opad[0] = sha512_hmac_ctx.opad.h[0];
|
|
tmps[gid].opad[1] = sha512_hmac_ctx.opad.h[1];
|
|
tmps[gid].opad[2] = sha512_hmac_ctx.opad.h[2];
|
|
tmps[gid].opad[3] = sha512_hmac_ctx.opad.h[3];
|
|
tmps[gid].opad[4] = sha512_hmac_ctx.opad.h[4];
|
|
tmps[gid].opad[5] = sha512_hmac_ctx.opad.h[5];
|
|
tmps[gid].opad[6] = sha512_hmac_ctx.opad.h[6];
|
|
tmps[gid].opad[7] = sha512_hmac_ctx.opad.h[7];
|
|
|
|
u32 w0[4];
|
|
u32 w1[4];
|
|
u32 w2[4];
|
|
u32 w3[4];
|
|
u32 w4[4];
|
|
u32 w5[4];
|
|
u32 w6[4];
|
|
u32 w7[4];
|
|
|
|
w0[0] = 1;
|
|
w0[1] = 0;
|
|
w0[2] = 0;
|
|
w0[3] = 0;
|
|
w1[0] = 0;
|
|
w1[1] = 0;
|
|
w1[2] = 0;
|
|
w1[3] = 0;
|
|
w2[0] = 0;
|
|
w2[1] = 0;
|
|
w2[2] = 0;
|
|
w2[3] = 0;
|
|
w3[0] = 0;
|
|
w3[1] = 0;
|
|
w3[2] = 0;
|
|
w3[3] = 0;
|
|
w4[0] = 0;
|
|
w4[1] = 0;
|
|
w4[2] = 0;
|
|
w4[3] = 0;
|
|
w5[0] = 0;
|
|
w5[1] = 0;
|
|
w5[2] = 0;
|
|
w5[3] = 0;
|
|
w6[0] = 0;
|
|
w6[1] = 0;
|
|
w6[2] = 0;
|
|
w6[3] = 0;
|
|
w7[0] = 0;
|
|
w7[1] = 0;
|
|
w7[2] = 0;
|
|
w7[3] = 0;
|
|
|
|
sha512_hmac_update_128 (&sha512_hmac_ctx, w0, w1, w2, w3, w4, w5, w6, w7, 4);
|
|
|
|
sha512_hmac_final (&sha512_hmac_ctx);
|
|
|
|
tmps[gid].dgst[0] = sha512_hmac_ctx.opad.h[0];
|
|
tmps[gid].dgst[1] = sha512_hmac_ctx.opad.h[1];
|
|
tmps[gid].dgst[2] = sha512_hmac_ctx.opad.h[2];
|
|
tmps[gid].dgst[3] = sha512_hmac_ctx.opad.h[3];
|
|
tmps[gid].dgst[4] = sha512_hmac_ctx.opad.h[4];
|
|
tmps[gid].dgst[5] = sha512_hmac_ctx.opad.h[5];
|
|
tmps[gid].dgst[6] = sha512_hmac_ctx.opad.h[6];
|
|
tmps[gid].dgst[7] = sha512_hmac_ctx.opad.h[7];
|
|
|
|
tmps[gid].out[0] = tmps[gid].dgst[0];
|
|
tmps[gid].out[1] = tmps[gid].dgst[1];
|
|
tmps[gid].out[2] = tmps[gid].dgst[2];
|
|
tmps[gid].out[3] = tmps[gid].dgst[3];
|
|
tmps[gid].out[4] = tmps[gid].dgst[4];
|
|
tmps[gid].out[5] = tmps[gid].dgst[5];
|
|
tmps[gid].out[6] = tmps[gid].dgst[6];
|
|
tmps[gid].out[7] = tmps[gid].dgst[7];
|
|
}
|
|
|
|
KERNEL_FQ KERNEL_FA void m21700_loop (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t))
|
|
{
|
|
const u64 gid = get_global_id (0);
|
|
|
|
if ((gid * VECT_SIZE) >= GID_CNT) return;
|
|
|
|
u64x ipad[8];
|
|
u64x opad[8];
|
|
|
|
ipad[0] = pack64v (tmps, ipad, gid, 0);
|
|
ipad[1] = pack64v (tmps, ipad, gid, 1);
|
|
ipad[2] = pack64v (tmps, ipad, gid, 2);
|
|
ipad[3] = pack64v (tmps, ipad, gid, 3);
|
|
ipad[4] = pack64v (tmps, ipad, gid, 4);
|
|
ipad[5] = pack64v (tmps, ipad, gid, 5);
|
|
ipad[6] = pack64v (tmps, ipad, gid, 6);
|
|
ipad[7] = pack64v (tmps, ipad, gid, 7);
|
|
|
|
opad[0] = pack64v (tmps, opad, gid, 0);
|
|
opad[1] = pack64v (tmps, opad, gid, 1);
|
|
opad[2] = pack64v (tmps, opad, gid, 2);
|
|
opad[3] = pack64v (tmps, opad, gid, 3);
|
|
opad[4] = pack64v (tmps, opad, gid, 4);
|
|
opad[5] = pack64v (tmps, opad, gid, 5);
|
|
opad[6] = pack64v (tmps, opad, gid, 6);
|
|
opad[7] = pack64v (tmps, opad, gid, 7);
|
|
|
|
u64x dgst[8];
|
|
u64x out[8];
|
|
|
|
dgst[0] = pack64v (tmps, dgst, gid, 0);
|
|
dgst[1] = pack64v (tmps, dgst, gid, 1);
|
|
dgst[2] = pack64v (tmps, dgst, gid, 2);
|
|
dgst[3] = pack64v (tmps, dgst, gid, 3);
|
|
dgst[4] = pack64v (tmps, dgst, gid, 4);
|
|
dgst[5] = pack64v (tmps, dgst, gid, 5);
|
|
dgst[6] = pack64v (tmps, dgst, gid, 6);
|
|
dgst[7] = pack64v (tmps, dgst, gid, 7);
|
|
|
|
out[0] = pack64v (tmps, out, gid, 0);
|
|
out[1] = pack64v (tmps, out, gid, 1);
|
|
out[2] = pack64v (tmps, out, gid, 2);
|
|
out[3] = pack64v (tmps, out, gid, 3);
|
|
out[4] = pack64v (tmps, out, gid, 4);
|
|
out[5] = pack64v (tmps, out, gid, 5);
|
|
out[6] = pack64v (tmps, out, gid, 6);
|
|
out[7] = pack64v (tmps, out, gid, 7);
|
|
|
|
for (u32 j = 0; j < LOOP_CNT; j++)
|
|
{
|
|
u32x w0[4];
|
|
u32x w1[4];
|
|
u32x w2[4];
|
|
u32x w3[4];
|
|
u32x w4[4];
|
|
u32x w5[4];
|
|
u32x w6[4];
|
|
u32x w7[4];
|
|
|
|
w0[0] = h32_from_64 (dgst[0]);
|
|
w0[1] = l32_from_64 (dgst[0]);
|
|
w0[2] = h32_from_64 (dgst[1]);
|
|
w0[3] = l32_from_64 (dgst[1]);
|
|
w1[0] = h32_from_64 (dgst[2]);
|
|
w1[1] = l32_from_64 (dgst[2]);
|
|
w1[2] = h32_from_64 (dgst[3]);
|
|
w1[3] = l32_from_64 (dgst[3]);
|
|
w2[0] = h32_from_64 (dgst[4]);
|
|
w2[1] = l32_from_64 (dgst[4]);
|
|
w2[2] = h32_from_64 (dgst[5]);
|
|
w2[3] = l32_from_64 (dgst[5]);
|
|
w3[0] = h32_from_64 (dgst[6]);
|
|
w3[1] = l32_from_64 (dgst[6]);
|
|
w3[2] = h32_from_64 (dgst[7]);
|
|
w3[3] = l32_from_64 (dgst[7]);
|
|
w4[0] = 0x80000000;
|
|
w4[1] = 0;
|
|
w4[2] = 0;
|
|
w4[3] = 0;
|
|
w5[0] = 0;
|
|
w5[1] = 0;
|
|
w5[2] = 0;
|
|
w5[3] = 0;
|
|
w6[0] = 0;
|
|
w6[1] = 0;
|
|
w6[2] = 0;
|
|
w6[3] = 0;
|
|
w7[0] = 0;
|
|
w7[1] = 0;
|
|
w7[2] = 0;
|
|
w7[3] = (128 + 64) * 8;
|
|
|
|
hmac_sha512_run_V (w0, w1, w2, w3, w4, w5, w6, w7, ipad, opad, dgst);
|
|
|
|
out[0] ^= dgst[0];
|
|
out[1] ^= dgst[1];
|
|
out[2] ^= dgst[2];
|
|
out[3] ^= dgst[3];
|
|
out[4] ^= dgst[4];
|
|
out[5] ^= dgst[5];
|
|
out[6] ^= dgst[6];
|
|
out[7] ^= dgst[7];
|
|
}
|
|
|
|
unpack64v (tmps, dgst, gid, 0, dgst[0]);
|
|
unpack64v (tmps, dgst, gid, 1, dgst[1]);
|
|
unpack64v (tmps, dgst, gid, 2, dgst[2]);
|
|
unpack64v (tmps, dgst, gid, 3, dgst[3]);
|
|
unpack64v (tmps, dgst, gid, 4, dgst[4]);
|
|
unpack64v (tmps, dgst, gid, 5, dgst[5]);
|
|
unpack64v (tmps, dgst, gid, 6, dgst[6]);
|
|
unpack64v (tmps, dgst, gid, 7, dgst[7]);
|
|
|
|
unpack64v (tmps, out, gid, 0, out[0]);
|
|
unpack64v (tmps, out, gid, 1, out[1]);
|
|
unpack64v (tmps, out, gid, 2, out[2]);
|
|
unpack64v (tmps, out, gid, 3, out[3]);
|
|
unpack64v (tmps, out, gid, 4, out[4]);
|
|
unpack64v (tmps, out, gid, 5, out[5]);
|
|
unpack64v (tmps, out, gid, 6, out[6]);
|
|
unpack64v (tmps, out, gid, 7, out[7]);
|
|
}
|
|
|
|
KERNEL_FQ KERNEL_FA void m21700_comp (KERN_ATTR_TMPS_ESALT (electrum_tmp_t, electrum_t))
|
|
{
|
|
/**
|
|
* base
|
|
*/
|
|
|
|
const u64 gid = get_global_id (0);
|
|
|
|
if (gid >= GID_CNT) return;
|
|
|
|
const u32 digest_pos = LOOP_POS;
|
|
|
|
const u32 digest_cur = DIGESTS_OFFSET_HOST + digest_pos;
|
|
|
|
GLOBAL_AS const electrum_t *electrum = &esalt_bufs[digest_cur];
|
|
|
|
u64 out[8];
|
|
|
|
out[0] = tmps[gid].out[0];
|
|
out[1] = tmps[gid].out[1];
|
|
out[2] = tmps[gid].out[2];
|
|
out[3] = tmps[gid].out[3];
|
|
out[4] = tmps[gid].out[4];
|
|
out[5] = tmps[gid].out[5];
|
|
out[6] = tmps[gid].out[6];
|
|
out[7] = tmps[gid].out[7];
|
|
|
|
/*
|
|
* First calculate the modulo of the pbkdf2 hash with SECP256K1_N:
|
|
*/
|
|
|
|
u32 a[16];
|
|
|
|
a[ 0] = h32_from_64_S (out[0]);
|
|
a[ 1] = l32_from_64_S (out[0]);
|
|
a[ 2] = h32_from_64_S (out[1]);
|
|
a[ 3] = l32_from_64_S (out[1]);
|
|
a[ 4] = h32_from_64_S (out[2]);
|
|
a[ 5] = l32_from_64_S (out[2]);
|
|
a[ 6] = h32_from_64_S (out[3]);
|
|
a[ 7] = l32_from_64_S (out[3]);
|
|
a[ 8] = h32_from_64_S (out[4]);
|
|
a[ 9] = l32_from_64_S (out[4]);
|
|
a[10] = h32_from_64_S (out[5]);
|
|
a[11] = l32_from_64_S (out[5]);
|
|
a[12] = h32_from_64_S (out[6]);
|
|
a[13] = l32_from_64_S (out[6]);
|
|
a[14] = h32_from_64_S (out[7]);
|
|
a[15] = l32_from_64_S (out[7]);
|
|
|
|
mod_512 (a);
|
|
|
|
// copy the last 256 bit (32 bytes) of modulo (a):
|
|
|
|
u32 tweak[8];
|
|
|
|
tweak[0] = a[15];
|
|
tweak[1] = a[14];
|
|
tweak[2] = a[13];
|
|
tweak[3] = a[12];
|
|
tweak[4] = a[11];
|
|
tweak[5] = a[10];
|
|
tweak[6] = a[ 9];
|
|
tweak[7] = a[ 8];
|
|
|
|
|
|
/*
|
|
* the main secp256k1 point multiplication by a scalar/tweak:
|
|
*/
|
|
|
|
GLOBAL_AS const secp256k1_t *coords = (GLOBAL_AS const secp256k1_t *) &electrum->coords;
|
|
|
|
u32 pubkey[64] = { 0 }; // for point_mul () we need: 1 + 32 bytes (for sha512 () we need more)
|
|
|
|
point_mul (pubkey, tweak, coords);
|
|
|
|
/*
|
|
* sha512 () of the pubkey:
|
|
*/
|
|
|
|
sha512_ctx_t sha512_ctx;
|
|
|
|
sha512_init (&sha512_ctx);
|
|
sha512_update (&sha512_ctx, pubkey, 33); // 33 because of 32 byte curve point + sign
|
|
sha512_final (&sha512_ctx);
|
|
|
|
/*
|
|
* sha256-hmac () of the data_buf
|
|
*/
|
|
|
|
GLOBAL_AS const u32 *data_buf = (GLOBAL_AS const u32 *) electrum->data_buf;
|
|
|
|
u32 data_len = electrum->data_len;
|
|
|
|
u32 key[16] = { 0 };
|
|
|
|
key[0] = h32_from_64_S (sha512_ctx.h[4]);
|
|
key[1] = l32_from_64_S (sha512_ctx.h[4]);
|
|
key[2] = h32_from_64_S (sha512_ctx.h[5]);
|
|
key[3] = l32_from_64_S (sha512_ctx.h[5]);
|
|
|
|
key[4] = h32_from_64_S (sha512_ctx.h[6]);
|
|
key[5] = l32_from_64_S (sha512_ctx.h[6]);
|
|
key[6] = h32_from_64_S (sha512_ctx.h[7]);
|
|
key[7] = l32_from_64_S (sha512_ctx.h[7]);
|
|
|
|
sha256_hmac_ctx_t sha256_ctx;
|
|
|
|
sha256_hmac_init (&sha256_ctx, key, 32);
|
|
|
|
sha256_hmac_update_global_swap (&sha256_ctx, data_buf, data_len);
|
|
|
|
sha256_hmac_final (&sha256_ctx);
|
|
|
|
const u32 r0 = sha256_ctx.opad.h[0];
|
|
const u32 r1 = sha256_ctx.opad.h[1];
|
|
const u32 r2 = sha256_ctx.opad.h[2];
|
|
const u32 r3 = sha256_ctx.opad.h[3];
|
|
|
|
#define il_pos 0
|
|
|
|
#ifdef KERNEL_STATIC
|
|
#include COMPARE_M
|
|
#endif
|
|
}
|