1
mirror of https://github.com/hashcat/hashcat synced 2024-11-24 14:27:14 +01:00

Added hash-mode: PKCS#8 Private Keys

This commit is contained in:
Jens Steube 2020-10-09 10:35:27 +02:00
parent a8506e6691
commit fb219e0a69
7 changed files with 2376 additions and 0 deletions

600
OpenCL/m24410-pure.cl Normal file
View File

@ -0,0 +1,600 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define NEW_SIMD_CODE
#ifdef KERNEL_STATIC
#include "inc_vendor.h"
#include "inc_types.h"
#include "inc_platform.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_hash_sha1.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_des.cl"
#endif
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
typedef struct pkcs_sha1_tmp
{
u32 ipad[5];
u32 opad[5];
u32 dgst[32];
u32 out[32];
} pkcs_sha1_tmp_t;
typedef struct pkcs
{
int cipher;
u32 data_buf[16384];
int data_len;
u32 iv_buf[4];
} pkcs_t;
DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest)
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
sha1_transform_vector (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
sha1_transform_vector (w0, w1, w2, w3, digest);
}
KERNEL_FQ void m24410_init (KERN_ATTR_TMPS_ESALT (pkcs_sha1_tmp_t, pkcs_t))
{
/**
* base
*/
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
sha1_hmac_ctx_t sha1_hmac_ctx;
sha1_hmac_init_global_swap (&sha1_hmac_ctx, pws[gid].i, pws[gid].pw_len);
tmps[gid].ipad[0] = sha1_hmac_ctx.ipad.h[0];
tmps[gid].ipad[1] = sha1_hmac_ctx.ipad.h[1];
tmps[gid].ipad[2] = sha1_hmac_ctx.ipad.h[2];
tmps[gid].ipad[3] = sha1_hmac_ctx.ipad.h[3];
tmps[gid].ipad[4] = sha1_hmac_ctx.ipad.h[4];
tmps[gid].opad[0] = sha1_hmac_ctx.opad.h[0];
tmps[gid].opad[1] = sha1_hmac_ctx.opad.h[1];
tmps[gid].opad[2] = sha1_hmac_ctx.opad.h[2];
tmps[gid].opad[3] = sha1_hmac_ctx.opad.h[3];
tmps[gid].opad[4] = sha1_hmac_ctx.opad.h[4];
sha1_hmac_update_global_swap (&sha1_hmac_ctx, salt_bufs[SALT_POS].salt_buf, salt_bufs[SALT_POS].salt_len);
u32 key_elem = 0;
if (esalt_bufs[DIGESTS_OFFSET].cipher == 1) { key_elem = (192 / 8) / 4; }
else if (esalt_bufs[DIGESTS_OFFSET].cipher == 2) { key_elem = (128 / 8) / 4; }
else if (esalt_bufs[DIGESTS_OFFSET].cipher == 3) { key_elem = (192 / 8) / 4; }
else if (esalt_bufs[DIGESTS_OFFSET].cipher == 4) { key_elem = (256 / 8) / 4; }
for (u32 i = 0, j = 1; i < key_elem; i += 5, j += 1)
{
sha1_hmac_ctx_t sha1_hmac_ctx2 = sha1_hmac_ctx;
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = j;
w0[1] = 0;
w0[2] = 0;
w0[3] = 0;
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
sha1_hmac_update_64 (&sha1_hmac_ctx2, w0, w1, w2, w3, 4);
sha1_hmac_final (&sha1_hmac_ctx2);
tmps[gid].dgst[i + 0] = sha1_hmac_ctx2.opad.h[0];
tmps[gid].dgst[i + 1] = sha1_hmac_ctx2.opad.h[1];
tmps[gid].dgst[i + 2] = sha1_hmac_ctx2.opad.h[2];
tmps[gid].dgst[i + 3] = sha1_hmac_ctx2.opad.h[3];
tmps[gid].dgst[i + 4] = sha1_hmac_ctx2.opad.h[4];
tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0];
tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1];
tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2];
tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3];
tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4];
}
}
KERNEL_FQ void m24410_loop (KERN_ATTR_TMPS_ESALT (pkcs_sha1_tmp_t, pkcs_t))
{
const u64 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[5];
u32x opad[5];
ipad[0] = packv (tmps, ipad, gid, 0);
ipad[1] = packv (tmps, ipad, gid, 1);
ipad[2] = packv (tmps, ipad, gid, 2);
ipad[3] = packv (tmps, ipad, gid, 3);
ipad[4] = packv (tmps, ipad, gid, 4);
opad[0] = packv (tmps, opad, gid, 0);
opad[1] = packv (tmps, opad, gid, 1);
opad[2] = packv (tmps, opad, gid, 2);
opad[3] = packv (tmps, opad, gid, 3);
opad[4] = packv (tmps, opad, gid, 4);
u32 key_elem = 0;
if (esalt_bufs[DIGESTS_OFFSET].cipher == 1) { key_elem = (192 / 8) / 4; }
else if (esalt_bufs[DIGESTS_OFFSET].cipher == 2) { key_elem = (128 / 8) / 4; }
else if (esalt_bufs[DIGESTS_OFFSET].cipher == 3) { key_elem = (192 / 8) / 4; }
else if (esalt_bufs[DIGESTS_OFFSET].cipher == 4) { key_elem = (256 / 8) / 4; }
for (u32 i = 0; i < key_elem; i += 5)
{
u32x dgst[5];
u32x out[5];
dgst[0] = packv (tmps, dgst, gid, i + 0);
dgst[1] = packv (tmps, dgst, gid, i + 1);
dgst[2] = packv (tmps, dgst, gid, i + 2);
dgst[3] = packv (tmps, dgst, gid, i + 3);
dgst[4] = packv (tmps, dgst, gid, i + 4);
out[0] = packv (tmps, out, gid, i + 0);
out[1] = packv (tmps, out, gid, i + 1);
out[2] = packv (tmps, out, gid, i + 2);
out[3] = packv (tmps, out, gid, i + 3);
out[4] = packv (tmps, out, gid, i + 4);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
hmac_sha1_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
}
unpackv (tmps, dgst, gid, i + 0, dgst[0]);
unpackv (tmps, dgst, gid, i + 1, dgst[1]);
unpackv (tmps, dgst, gid, i + 2, dgst[2]);
unpackv (tmps, dgst, gid, i + 3, dgst[3]);
unpackv (tmps, dgst, gid, i + 4, dgst[4]);
unpackv (tmps, out, gid, i + 0, out[0]);
unpackv (tmps, out, gid, i + 1, out[1]);
unpackv (tmps, out, gid, i + 2, out[2]);
unpackv (tmps, out, gid, i + 3, out[3]);
unpackv (tmps, out, gid, i + 4, out[4]);
}
}
KERNEL_FQ void m24410_comp (KERN_ATTR_TMPS_ESALT (pkcs_sha1_tmp_t, pkcs_t))
{
const u64 gid = get_global_id (0);
const u64 lid = get_local_id (0);
const u64 lsz = get_local_size (0);
/**
* aes shared
*/
#ifdef REAL_SHM
LOCAL_VK u32 s_td0[256];
LOCAL_VK u32 s_td1[256];
LOCAL_VK u32 s_td2[256];
LOCAL_VK u32 s_td3[256];
LOCAL_VK u32 s_td4[256];
LOCAL_VK u32 s_te0[256];
LOCAL_VK u32 s_te1[256];
LOCAL_VK u32 s_te2[256];
LOCAL_VK u32 s_te3[256];
LOCAL_VK u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
LOCAL_VK u32 s_SPtrans[8][64];
LOCAL_VK u32 s_skb[8][64];
for (u32 i = lid; i < 64; i += lsz)
{
s_SPtrans[0][i] = c_SPtrans[0][i];
s_SPtrans[1][i] = c_SPtrans[1][i];
s_SPtrans[2][i] = c_SPtrans[2][i];
s_SPtrans[3][i] = c_SPtrans[3][i];
s_SPtrans[4][i] = c_SPtrans[4][i];
s_SPtrans[5][i] = c_SPtrans[5][i];
s_SPtrans[6][i] = c_SPtrans[6][i];
s_SPtrans[7][i] = c_SPtrans[7][i];
s_skb[0][i] = c_skb[0][i];
s_skb[1][i] = c_skb[1][i];
s_skb[2][i] = c_skb[2][i];
s_skb[3][i] = c_skb[3][i];
s_skb[4][i] = c_skb[4][i];
s_skb[5][i] = c_skb[5][i];
s_skb[6][i] = c_skb[6][i];
s_skb[7][i] = c_skb[7][i];
}
SYNC_THREADS ();
#else
CONSTANT_AS u32a *s_td0 = td0;
CONSTANT_AS u32a *s_td1 = td1;
CONSTANT_AS u32a *s_td2 = td2;
CONSTANT_AS u32a *s_td3 = td3;
CONSTANT_AS u32a *s_td4 = td4;
CONSTANT_AS u32a *s_te0 = te0;
CONSTANT_AS u32a *s_te1 = te1;
CONSTANT_AS u32a *s_te2 = te2;
CONSTANT_AS u32a *s_te3 = te3;
CONSTANT_AS u32a *s_te4 = te4;
CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans;
CONSTANT_AS u32a (*s_skb)[64] = c_skb;
#endif
if (gid >= gid_max) return;
u32 ukey[8];
ukey[0] = tmps[gid].out[0];
ukey[1] = tmps[gid].out[1];
ukey[2] = tmps[gid].out[2];
ukey[3] = tmps[gid].out[3];
ukey[4] = tmps[gid].out[4];
ukey[5] = tmps[gid].out[5];
ukey[6] = tmps[gid].out[6];
ukey[7] = tmps[gid].out[7];
const int data_len = esalt_bufs[DIGESTS_OFFSET].data_len;
const int last_pad_pos = data_len - 1;
const int last_pad_elem = last_pad_pos / 4;
const int cipher = esalt_bufs[DIGESTS_OFFSET].cipher;
u32 iv[4];
u32 enc[4];
u32 dec[4];
if (cipher == 1)
{
ukey[0] = hc_swap32_S (ukey[0]);
ukey[1] = hc_swap32_S (ukey[1]);
ukey[2] = hc_swap32_S (ukey[2]);
ukey[3] = hc_swap32_S (ukey[3]);
ukey[4] = hc_swap32_S (ukey[4]);
ukey[5] = hc_swap32_S (ukey[5]);
u32 K0[16];
u32 K1[16];
u32 K2[16];
u32 K3[16];
u32 K4[16];
u32 K5[16];
_des_crypt_keysetup (ukey[0], ukey[1], K0, K1, s_skb);
_des_crypt_keysetup (ukey[2], ukey[3], K2, K3, s_skb);
_des_crypt_keysetup (ukey[4], ukey[5], K4, K5, s_skb);
// first check the padding
iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3];
iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0];
u32 p1[2];
u32 p2[2];
_des_crypt_decrypt (p1, enc, K4, K5, s_SPtrans);
_des_crypt_encrypt (p2, p1, K2, K3, s_SPtrans);
_des_crypt_decrypt (dec, p2, K0, K1, s_SPtrans);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
const int paddingv = pkcs_padding_bs8 (dec, 8);
if (paddingv == -1) return;
// second check (naive code) ASN.1 structure
iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0];
iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1];
_des_crypt_decrypt (p1, enc, K4, K5, s_SPtrans);
_des_crypt_encrypt (p2, p1, K2, K3, s_SPtrans);
_des_crypt_decrypt (dec, p2, K0, K1, s_SPtrans);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
const int real_len = (data_len - 8) + paddingv;
const int asn1_ok = asn1_detect (dec, real_len);
if (asn1_ok == 0) return;
}
else if (cipher == 2)
{
u32 ks[44];
AES128_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3);
// first check the padding
iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7];
iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6];
iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5];
iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0];
aes128_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int paddingv = pkcs_padding_bs16 (dec, 16);
if (paddingv == -1) return;
// second check (naive code) ASN.1 structure
iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0];
iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1];
iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2];
iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3];
aes128_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int real_len = (data_len - 16) + paddingv;
const int asn1_ok = asn1_detect (dec, real_len);
if (asn1_ok == 0) return;
}
else if (cipher == 3)
{
u32 ks[52];
AES192_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3);
// first check the padding
iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7];
iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6];
iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5];
iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0];
aes192_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int paddingv = pkcs_padding_bs16 (dec, 16);
if (paddingv == -1) return;
// second check (naive code) ASN.1 structure
iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0];
iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1];
iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2];
iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3];
aes192_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int real_len = (data_len - 16) + paddingv;
const int asn1_ok = asn1_detect (dec, real_len);
if (asn1_ok == 0) return;
}
else if (cipher == 4)
{
u32 ks[60];
AES256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3);
// first check the padding
iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7];
iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6];
iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5];
iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0];
aes256_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int paddingv = pkcs_padding_bs16 (dec, 16);
if (paddingv == -1) return;
// second check (naive code) ASN.1 structure
iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0];
iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1];
iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2];
iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3];
aes256_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int real_len = (data_len - 16) + paddingv;
const int asn1_ok = asn1_detect (dec, real_len);
if (asn1_ok == 0) return;
}
else
{
return;
}
const u32 r0 = esalt_bufs[DIGESTS_OFFSET].data_buf[0];
const u32 r1 = esalt_bufs[DIGESTS_OFFSET].data_buf[1];
const u32 r2 = esalt_bufs[DIGESTS_OFFSET].data_buf[2];
const u32 r3 = esalt_bufs[DIGESTS_OFFSET].data_buf[3];
#define il_pos 0
#ifdef KERNEL_STATIC
#include COMPARE_M
#endif
}

625
OpenCL/m24420-pure.cl Normal file
View File

@ -0,0 +1,625 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define NEW_SIMD_CODE
#ifdef KERNEL_STATIC
#include "inc_vendor.h"
#include "inc_types.h"
#include "inc_platform.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_hash_sha256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_des.cl"
#endif
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
typedef struct pkcs_sha256_tmp
{
u32 ipad[8];
u32 opad[8];
u32 dgst[32];
u32 out[32];
} pkcs_sha256_tmp_t;
typedef struct pkcs
{
int cipher;
u32 data_buf[16384];
int data_len;
u32 iv_buf[4];
} pkcs_t;
DECLSPEC void hmac_sha256_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest)
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha256_transform_vector (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha256_transform_vector (w0, w1, w2, w3, digest);
}
KERNEL_FQ void m24420_init (KERN_ATTR_TMPS_ESALT (pkcs_sha256_tmp_t, pkcs_t))
{
/**
* base
*/
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
sha256_hmac_ctx_t sha256_hmac_ctx;
sha256_hmac_init_global_swap (&sha256_hmac_ctx, pws[gid].i, pws[gid].pw_len);
tmps[gid].ipad[0] = sha256_hmac_ctx.ipad.h[0];
tmps[gid].ipad[1] = sha256_hmac_ctx.ipad.h[1];
tmps[gid].ipad[2] = sha256_hmac_ctx.ipad.h[2];
tmps[gid].ipad[3] = sha256_hmac_ctx.ipad.h[3];
tmps[gid].ipad[4] = sha256_hmac_ctx.ipad.h[4];
tmps[gid].ipad[5] = sha256_hmac_ctx.ipad.h[5];
tmps[gid].ipad[6] = sha256_hmac_ctx.ipad.h[6];
tmps[gid].ipad[7] = sha256_hmac_ctx.ipad.h[7];
tmps[gid].opad[0] = sha256_hmac_ctx.opad.h[0];
tmps[gid].opad[1] = sha256_hmac_ctx.opad.h[1];
tmps[gid].opad[2] = sha256_hmac_ctx.opad.h[2];
tmps[gid].opad[3] = sha256_hmac_ctx.opad.h[3];
tmps[gid].opad[4] = sha256_hmac_ctx.opad.h[4];
tmps[gid].opad[5] = sha256_hmac_ctx.opad.h[5];
tmps[gid].opad[6] = sha256_hmac_ctx.opad.h[6];
tmps[gid].opad[7] = sha256_hmac_ctx.opad.h[7];
sha256_hmac_update_global_swap (&sha256_hmac_ctx, salt_bufs[SALT_POS].salt_buf, salt_bufs[SALT_POS].salt_len);
for (u32 i = 0, j = 1; i < 8; i += 8, j += 1)
{
sha256_hmac_ctx_t sha256_hmac_ctx2 = sha256_hmac_ctx;
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = j;
w0[1] = 0;
w0[2] = 0;
w0[3] = 0;
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4);
sha256_hmac_final (&sha256_hmac_ctx2);
tmps[gid].dgst[i + 0] = sha256_hmac_ctx2.opad.h[0];
tmps[gid].dgst[i + 1] = sha256_hmac_ctx2.opad.h[1];
tmps[gid].dgst[i + 2] = sha256_hmac_ctx2.opad.h[2];
tmps[gid].dgst[i + 3] = sha256_hmac_ctx2.opad.h[3];
tmps[gid].dgst[i + 4] = sha256_hmac_ctx2.opad.h[4];
tmps[gid].dgst[i + 5] = sha256_hmac_ctx2.opad.h[5];
tmps[gid].dgst[i + 6] = sha256_hmac_ctx2.opad.h[6];
tmps[gid].dgst[i + 7] = sha256_hmac_ctx2.opad.h[7];
tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0];
tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1];
tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2];
tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3];
tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4];
tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5];
tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6];
tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7];
}
}
KERNEL_FQ void m24420_loop (KERN_ATTR_TMPS_ESALT (pkcs_sha256_tmp_t, pkcs_t))
{
const u64 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[8];
u32x opad[8];
ipad[0] = packv (tmps, ipad, gid, 0);
ipad[1] = packv (tmps, ipad, gid, 1);
ipad[2] = packv (tmps, ipad, gid, 2);
ipad[3] = packv (tmps, ipad, gid, 3);
ipad[4] = packv (tmps, ipad, gid, 4);
ipad[5] = packv (tmps, ipad, gid, 5);
ipad[6] = packv (tmps, ipad, gid, 6);
ipad[7] = packv (tmps, ipad, gid, 7);
opad[0] = packv (tmps, opad, gid, 0);
opad[1] = packv (tmps, opad, gid, 1);
opad[2] = packv (tmps, opad, gid, 2);
opad[3] = packv (tmps, opad, gid, 3);
opad[4] = packv (tmps, opad, gid, 4);
opad[5] = packv (tmps, opad, gid, 5);
opad[6] = packv (tmps, opad, gid, 6);
opad[7] = packv (tmps, opad, gid, 7);
for (u32 i = 0; i < 8; i += 8)
{
u32x dgst[8];
u32x out[8];
dgst[0] = packv (tmps, dgst, gid, i + 0);
dgst[1] = packv (tmps, dgst, gid, i + 1);
dgst[2] = packv (tmps, dgst, gid, i + 2);
dgst[3] = packv (tmps, dgst, gid, i + 3);
dgst[4] = packv (tmps, dgst, gid, i + 4);
dgst[5] = packv (tmps, dgst, gid, i + 5);
dgst[6] = packv (tmps, dgst, gid, i + 6);
dgst[7] = packv (tmps, dgst, gid, i + 7);
out[0] = packv (tmps, out, gid, i + 0);
out[1] = packv (tmps, out, gid, i + 1);
out[2] = packv (tmps, out, gid, i + 2);
out[3] = packv (tmps, out, gid, i + 3);
out[4] = packv (tmps, out, gid, i + 4);
out[5] = packv (tmps, out, gid, i + 5);
out[6] = packv (tmps, out, gid, i + 6);
out[7] = packv (tmps, out, gid, i + 7);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = dgst[5];
w1[2] = dgst[6];
w1[3] = dgst[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
out[5] ^= dgst[5];
out[6] ^= dgst[6];
out[7] ^= dgst[7];
}
unpackv (tmps, dgst, gid, i + 0, dgst[0]);
unpackv (tmps, dgst, gid, i + 1, dgst[1]);
unpackv (tmps, dgst, gid, i + 2, dgst[2]);
unpackv (tmps, dgst, gid, i + 3, dgst[3]);
unpackv (tmps, dgst, gid, i + 4, dgst[4]);
unpackv (tmps, dgst, gid, i + 5, dgst[5]);
unpackv (tmps, dgst, gid, i + 6, dgst[6]);
unpackv (tmps, dgst, gid, i + 7, dgst[7]);
unpackv (tmps, out, gid, i + 0, out[0]);
unpackv (tmps, out, gid, i + 1, out[1]);
unpackv (tmps, out, gid, i + 2, out[2]);
unpackv (tmps, out, gid, i + 3, out[3]);
unpackv (tmps, out, gid, i + 4, out[4]);
unpackv (tmps, out, gid, i + 5, out[5]);
unpackv (tmps, out, gid, i + 6, out[6]);
unpackv (tmps, out, gid, i + 7, out[7]);
}
}
KERNEL_FQ void m24420_comp (KERN_ATTR_TMPS_ESALT (pkcs_sha256_tmp_t, pkcs_t))
{
const u64 gid = get_global_id (0);
const u64 lid = get_local_id (0);
const u64 lsz = get_local_size (0);
/**
* aes shared
*/
#ifdef REAL_SHM
LOCAL_VK u32 s_td0[256];
LOCAL_VK u32 s_td1[256];
LOCAL_VK u32 s_td2[256];
LOCAL_VK u32 s_td3[256];
LOCAL_VK u32 s_td4[256];
LOCAL_VK u32 s_te0[256];
LOCAL_VK u32 s_te1[256];
LOCAL_VK u32 s_te2[256];
LOCAL_VK u32 s_te3[256];
LOCAL_VK u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
LOCAL_VK u32 s_SPtrans[8][64];
LOCAL_VK u32 s_skb[8][64];
for (u32 i = lid; i < 64; i += lsz)
{
s_SPtrans[0][i] = c_SPtrans[0][i];
s_SPtrans[1][i] = c_SPtrans[1][i];
s_SPtrans[2][i] = c_SPtrans[2][i];
s_SPtrans[3][i] = c_SPtrans[3][i];
s_SPtrans[4][i] = c_SPtrans[4][i];
s_SPtrans[5][i] = c_SPtrans[5][i];
s_SPtrans[6][i] = c_SPtrans[6][i];
s_SPtrans[7][i] = c_SPtrans[7][i];
s_skb[0][i] = c_skb[0][i];
s_skb[1][i] = c_skb[1][i];
s_skb[2][i] = c_skb[2][i];
s_skb[3][i] = c_skb[3][i];
s_skb[4][i] = c_skb[4][i];
s_skb[5][i] = c_skb[5][i];
s_skb[6][i] = c_skb[6][i];
s_skb[7][i] = c_skb[7][i];
}
SYNC_THREADS ();
#else
CONSTANT_AS u32a *s_td0 = td0;
CONSTANT_AS u32a *s_td1 = td1;
CONSTANT_AS u32a *s_td2 = td2;
CONSTANT_AS u32a *s_td3 = td3;
CONSTANT_AS u32a *s_td4 = td4;
CONSTANT_AS u32a *s_te0 = te0;
CONSTANT_AS u32a *s_te1 = te1;
CONSTANT_AS u32a *s_te2 = te2;
CONSTANT_AS u32a *s_te3 = te3;
CONSTANT_AS u32a *s_te4 = te4;
CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans;
CONSTANT_AS u32a (*s_skb)[64] = c_skb;
#endif
if (gid >= gid_max) return;
u32 ukey[8];
ukey[0] = tmps[gid].out[0];
ukey[1] = tmps[gid].out[1];
ukey[2] = tmps[gid].out[2];
ukey[3] = tmps[gid].out[3];
ukey[4] = tmps[gid].out[4];
ukey[5] = tmps[gid].out[5];
ukey[6] = tmps[gid].out[6];
ukey[7] = tmps[gid].out[7];
const int data_len = esalt_bufs[DIGESTS_OFFSET].data_len;
const int last_pad_pos = data_len - 1;
const int last_pad_elem = last_pad_pos / 4;
const int cipher = esalt_bufs[DIGESTS_OFFSET].cipher;
u32 iv[4];
u32 enc[4];
u32 dec[4];
if (cipher == 1)
{
ukey[0] = hc_swap32_S (ukey[0]);
ukey[1] = hc_swap32_S (ukey[1]);
ukey[2] = hc_swap32_S (ukey[2]);
ukey[3] = hc_swap32_S (ukey[3]);
ukey[4] = hc_swap32_S (ukey[4]);
ukey[5] = hc_swap32_S (ukey[5]);
u32 K0[16];
u32 K1[16];
u32 K2[16];
u32 K3[16];
u32 K4[16];
u32 K5[16];
_des_crypt_keysetup (ukey[0], ukey[1], K0, K1, s_skb);
_des_crypt_keysetup (ukey[2], ukey[3], K2, K3, s_skb);
_des_crypt_keysetup (ukey[4], ukey[5], K4, K5, s_skb);
// first check the padding
iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3];
iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0];
u32 p1[2];
u32 p2[2];
_des_crypt_decrypt (p1, enc, K4, K5, s_SPtrans);
_des_crypt_encrypt (p2, p1, K2, K3, s_SPtrans);
_des_crypt_decrypt (dec, p2, K0, K1, s_SPtrans);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
const int paddingv = pkcs_padding_bs8 (dec, 8);
if (paddingv == -1) return;
// second check (naive code) ASN.1 structure
iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0];
iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1];
_des_crypt_decrypt (p1, enc, K4, K5, s_SPtrans);
_des_crypt_encrypt (p2, p1, K2, K3, s_SPtrans);
_des_crypt_decrypt (dec, p2, K0, K1, s_SPtrans);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
const int real_len = (data_len - 8) + paddingv;
const int asn1_ok = asn1_detect (dec, real_len);
if (asn1_ok == 0) return;
}
else if (cipher == 2)
{
u32 ks[44];
AES128_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3);
// first check the padding
iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7];
iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6];
iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5];
iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0];
aes128_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int paddingv = pkcs_padding_bs16 (dec, 16);
if (paddingv == -1) return;
// second check (naive code) ASN.1 structure
iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0];
iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1];
iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2];
iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3];
aes128_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int real_len = (data_len - 16) + paddingv;
const int asn1_ok = asn1_detect (dec, real_len);
if (asn1_ok == 0) return;
}
else if (cipher == 3)
{
u32 ks[52];
AES192_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3);
// first check the padding
iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7];
iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6];
iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5];
iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0];
aes192_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int paddingv = pkcs_padding_bs16 (dec, 16);
if (paddingv == -1) return;
// second check (naive code) ASN.1 structure
iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0];
iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1];
iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2];
iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3];
aes192_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int real_len = (data_len - 16) + paddingv;
const int asn1_ok = asn1_detect (dec, real_len);
if (asn1_ok == 0) return;
}
else if (cipher == 4)
{
u32 ks[60];
AES256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3);
// first check the padding
iv[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 7];
iv[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 6];
iv[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 5];
iv[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 4];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 3];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 2];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 1];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[last_pad_elem - 0];
aes256_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int paddingv = pkcs_padding_bs16 (dec, 16);
if (paddingv == -1) return;
// second check (naive code) ASN.1 structure
iv[0] = esalt_bufs[DIGESTS_OFFSET].iv_buf[0];
iv[1] = esalt_bufs[DIGESTS_OFFSET].iv_buf[1];
iv[2] = esalt_bufs[DIGESTS_OFFSET].iv_buf[2];
iv[3] = esalt_bufs[DIGESTS_OFFSET].iv_buf[3];
enc[0] = esalt_bufs[DIGESTS_OFFSET].data_buf[0];
enc[1] = esalt_bufs[DIGESTS_OFFSET].data_buf[1];
enc[2] = esalt_bufs[DIGESTS_OFFSET].data_buf[2];
enc[3] = esalt_bufs[DIGESTS_OFFSET].data_buf[3];
aes256_decrypt (ks, enc, dec, s_td0, s_td1, s_td2, s_td3, s_td4);
dec[0] ^= iv[0];
dec[1] ^= iv[1];
dec[2] ^= iv[2];
dec[3] ^= iv[3];
const int real_len = (data_len - 16) + paddingv;
const int asn1_ok = asn1_detect (dec, real_len);
if (asn1_ok == 0) return;
}
else
{
return;
}
const u32 r0 = esalt_bufs[DIGESTS_OFFSET].data_buf[0];
const u32 r1 = esalt_bufs[DIGESTS_OFFSET].data_buf[1];
const u32 r2 = esalt_bufs[DIGESTS_OFFSET].data_buf[2];
const u32 r3 = esalt_bufs[DIGESTS_OFFSET].data_buf[3];
#define il_pos 0
#ifdef KERNEL_STATIC
#include COMPARE_M
#endif
}

View File

@ -9,6 +9,7 @@
- Added hash-mode: Apple iWork - Added hash-mode: Apple iWork
- Added hash-mode: AxCrypt 2 AES-128 - Added hash-mode: AxCrypt 2 AES-128
- Added hash-mode: AxCrypt 2 AES-256 - Added hash-mode: AxCrypt 2 AES-256
- Added hash-mode: PKCS#8 Private Keys
- Added hash-mode: RAR3-p (Compressed) - Added hash-mode: RAR3-p (Compressed)
- Added hash-mode: RAR3-p (Uncompressed) - Added hash-mode: RAR3-p (Uncompressed)
- Added hash-mode: RSA/DSA/EC/OPENSSH Private Keys - Added hash-mode: RSA/DSA/EC/OPENSSH Private Keys

363
src/modules/module_24410.c Normal file
View File

@ -0,0 +1,363 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#include "common.h"
#include "types.h"
#include "modules.h"
#include "bitops.h"
#include "convert.h"
#include "shared.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
static const u32 DGST_POS1 = 1;
static const u32 DGST_POS2 = 2;
static const u32 DGST_POS3 = 3;
static const u32 DGST_SIZE = DGST_SIZE_4_4;
static const u32 HASH_CATEGORY = HASH_CATEGORY_PRIVATE_KEY;
static const char *HASH_NAME = "PKCS#8 Private Keys (PBKDF2-HMAC-SHA1 + 3DES/AES)";
static const u64 KERN_TYPE = 24410;
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_SUGGEST_KG;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "hashcat";
static const char *ST_HASH = "$PEM$1$4$f5662bd8383b4b40$2048$2993b585d3fb2e7b235ed13d90f637e2$1232$73984f2cba4d5e1d327a3f5a538a946099976ab865349091a452a838dc6855b6e539f920a078b14d949d8c739ea7ce26769dc0ba1619a9c0ee1864d1cfca9e61ddf6d9582439f2b65d00a3ff57c78d3176e9e88fc12da7acd421b624ba76f3d5f12926a3a9acd82f502d7638cfe2063fb2c773a56299ae1ec2c85641d33f5f8b3edfc6687fa9898325d384b3db7a7686704facb880c3898f69dd353a5d5d136b58a1e00e4711d3a01e0c632a5f3d5eff64c9e88166296b9b26f072a52bdc4893377e247b5cdb052f34e0b5d4de10a5dffe443a03b1a23f1edbcb00361334dbd6a6d31e16887b5290da2f865fbe1fef7b43c8f8f3432815ca860946560cb601ab83d417e6a4734aaf75692195566bde61e04610a9eff752c08f9ff85a48959daa7c65d03a0eca62e92bf10a55fb4834a49745a6c53d9c79d0591cb13cfa54f0d437d001b7924fd9dd69c98aa25e5d3f19649f79913bca827e7636ede04bf7c41ef54c42936b4eb93c75d941853dc7dda42b51ac5e4f5602fe2c3e62f252d28e02398943780598cf2bd41d183425daf34e86099c748eda2d5372029ebd089f619dab327ea728eb90342f2b48cd364e914a6078599afdb22a6fac6b55e1bf28b3284a0edc748b59c2eaa97e35d457d4c049f86fd3fc618c4c52f08776c0efb33011b96ef6f0b0e6ecf6d37dc20da8ab7d9b8154371c8e396d9b89ee02e6e6b013a0985b1f47c91f3b5a9e6c33736840e6044f46be1dbea4ec7730eccc6e993cb522bb220de4ed55156129f821d7df19439ab86990991cfd1992681716b5ff012ffa5519ad0baa01885f77f6a522469979f449232d408379558fcdfe5253371da835e0c77706dfa67ff28b1cd8d7fdf9e386899838532d8e57ec1ed3d31a96ae03f37b976fb6c503cc247113deaa070697728e3b36ce43de051ce13a4df91d22157c6281e8f9a16de007c6dddf03ffc79a9f4cfc3eaddd637a9a902fdba1c9e857a9ccd7c318db17cd40d8b588b5d97c7d03c0404473dd201aa5c6637e952c6299e35374127276b3eb4aeba754f3176fecea1731a0f917dd049fcdab34264a8c635ba90eec941aeb449a7eca263aaec9e46758bdf21caa896adb4652e9564d75c20e296fcdf28cbdeb702a1e7acf2374d24b51e6492b0bcc72a58748666a7278e2cb54fbdb68c6736ceb85dd92cd0465b19a65f7ad47e25658a34c3531db48c37ef279574e1892d80d80f3e9dee385ab65e6a4537f6e318817a785228160939d01632b8269858ce9092359048b09ae8b9c17ceb575216988bbeb91c1b5861c931f21e07d888ceb9b89d89d17608e2d5f0ae66b6e756f1eac9f80e13749f866ea6b741158296d3ced761999ad901a2121e233bf173865b6c0b32d68e6ef1d39bb411a1ee9d4d1cde870645b9922051b31cc0df640fb01d23c613091ba538999254b873fbb5996efdfbde5c933e1b6ef6d1c7d5e1a9bff6800c8625b07aba2c14143c1a33a0661c357e5db59a2f49aab35c13531774fb5b3795ed853d7f4e38910c7eeb3435353e2cfd0c94e61c16c8126928343f86222c5ef320b9e043d3cd357af4e065500f50e6bf9c260ca298bd5507c9498dbcea4ceec834449b7fb7249fdf199f66aa98d0a820b1057df1d67c43f49c6d18c3c902466b2b2b528075489261ef73bf711c7988fed65693798568bed43e4d70a800cd25b1773c455aaa153cea8f7013eae1e8f24c6793f590c8f6a112b46";
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
typedef struct pkcs_sha1_tmp
{
u32 ipad[5];
u32 opad[5];
u32 dgst[32];
u32 out[32];
} pkcs_sha1_tmp_t;
typedef struct pkcs
{
int cipher;
u32 data_buf[16384];
int data_len;
u32 iv_buf[4];
} pkcs_t;
static const char *SIGNATURE_PEM = "$PEM$";
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 esalt_size = (const u64) sizeof (pkcs_t);
return esalt_size;
}
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 tmp_size = (const u64) sizeof (pkcs_sha1_tmp_t);
return tmp_size;
}
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
// this overrides the reductions of PW_MAX in case optimized kernel is selected
// IOW, even in optimized kernel mode it support length 256
const u32 pw_max = PW_MAX;
return pw_max;
}
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
{
u32 *digest = (u32 *) digest_buf;
pkcs_t *pkcs = (pkcs_t *) esalt_buf;
token_t token;
token.token_cnt = 8;
token.signatures_cnt = 1;
token.signatures_buf[0] = SIGNATURE_PEM;
token.len[0] = 5;
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_SIGNATURE;
token.sep[1] = '$';
token.len_min[1] = 1;
token.len_max[1] = 1;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.sep[2] = '$';
token.len_min[2] = 1;
token.len_max[2] = 1;
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.sep[3] = '$';
token.len_min[3] = 16;
token.len_max[3] = 16;
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[4] = '$';
token.len_min[4] = 1;
token.len_max[4] = 8;
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.sep[5] = '$';
token.len_min[5] = 16; // can be either 16 or 32
token.len_max[5] = 32; // exact check deeper in decoder code
token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[6] = '$';
token.len_min[6] = 1;
token.len_max[6] = 8;
token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.sep[7] = '$';
token.len_min[7] = 64; // 64 = minimum size (32 byte) to avoid out of boundary read in kernel
token.len_max[7] = 65536; // 65536 = maximum asn.1 size fitting into 2 byte length integer
token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
// type
const u8 *type_pos = token.buf[1];
if (type_pos[0] != '1') return (PARSER_SIGNATURE_UNMATCHED);
// cipher
const u8 *cipher_pos = token.buf[2];
int cipher = hc_strtoul ((const char *) cipher_pos, NULL, 10);
if ((cipher != 1)
&& (cipher != 2)
&& (cipher != 3)
&& (cipher != 4)) return (PARSER_CIPHER);
pkcs->cipher = cipher;
// salt buffer
const u8 *salt_pos = token.buf[3];
salt->salt_buf[0] = hex_to_u32 (salt_pos + 0);
salt->salt_buf[1] = hex_to_u32 (salt_pos + 8);
salt->salt_len = 8;
// iter
const u8 *iter_pos = token.buf[4];
const u32 iter = hc_strtoul ((const char *) iter_pos, NULL, 10);
salt->salt_iter = iter - 1;
// IV buffer
const u8 *iv_pos = token.buf[5];
const int iv_len = token.len[5];
if (cipher == 1)
{
if (iv_len != 16) return (PARSER_SALT_LENGTH);
pkcs->iv_buf[0] = hex_to_u32 (iv_pos + 0);
pkcs->iv_buf[1] = hex_to_u32 (iv_pos + 8);
}
else
{
if (iv_len != 32) return (PARSER_SALT_LENGTH);
pkcs->iv_buf[0] = hex_to_u32 (iv_pos + 0);
pkcs->iv_buf[1] = hex_to_u32 (iv_pos + 8);
pkcs->iv_buf[2] = hex_to_u32 (iv_pos + 16);
pkcs->iv_buf[3] = hex_to_u32 (iv_pos + 24);
}
// data length
const u8 *data_len_verify_pos = token.buf[6];
const int data_len_verify = hc_strtoul ((const char *) data_len_verify_pos, NULL, 10);
// data
const u8 *data_pos = token.buf[7];
const int data_len = token.len[7];
pkcs->data_len = hex_decode (data_pos, data_len, (u8 *) pkcs->data_buf);
if (data_len_verify != pkcs->data_len) return (PARSER_HASH_LENGTH);
// data has to be a multiple of cipher block size
int cipher_bs = 0;
if (cipher == 1) { cipher_bs = 8; }
else if (cipher == 2) { cipher_bs = 16; }
else if (cipher == 3) { cipher_bs = 16; }
else if (cipher == 4) { cipher_bs = 16; }
if (pkcs->data_len % cipher_bs) return (PARSER_HASH_LENGTH);
// hash
digest[0] = pkcs->data_buf[0];
digest[1] = pkcs->data_buf[1];
digest[2] = pkcs->data_buf[2];
digest[3] = pkcs->data_buf[3];
return (PARSER_OK);
}
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
pkcs_t *pkcs = (pkcs_t *) esalt_buf;
u8 *out_buf = (u8 *) line_buf;
int out_len;
if (pkcs->cipher == 1)
{
out_len = snprintf ((char *) out_buf, line_size, "%s1$%d$%08x%08x$%d$%08x%08x$%d$",
SIGNATURE_PEM,
pkcs->cipher,
byte_swap_32 (salt->salt_buf[0]),
byte_swap_32 (salt->salt_buf[1]),
salt->salt_iter + 1,
byte_swap_32 (pkcs->iv_buf[0]),
byte_swap_32 (pkcs->iv_buf[1]),
pkcs->data_len);
}
else
{
out_len = snprintf ((char *) out_buf, line_size, "%s1$%d$%08x%08x$%d$%08x%08x%08x%08x$%d$",
SIGNATURE_PEM,
pkcs->cipher,
byte_swap_32 (salt->salt_buf[0]),
byte_swap_32 (salt->salt_buf[1]),
salt->salt_iter + 1,
byte_swap_32 (pkcs->iv_buf[0]),
byte_swap_32 (pkcs->iv_buf[1]),
byte_swap_32 (pkcs->iv_buf[2]),
byte_swap_32 (pkcs->iv_buf[3]),
pkcs->data_len);
}
out_len += hex_encode ((const u8 *) pkcs->data_buf, pkcs->data_len, (u8 *) out_buf + out_len);
return out_len;
}
void module_init (module_ctx_t *module_ctx)
{
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
module_ctx->module_attack_exec = module_attack_exec;
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
module_ctx->module_dgst_pos0 = module_dgst_pos0;
module_ctx->module_dgst_pos1 = module_dgst_pos1;
module_ctx->module_dgst_pos2 = module_dgst_pos2;
module_ctx->module_dgst_pos3 = module_dgst_pos3;
module_ctx->module_dgst_size = module_dgst_size;
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
module_ctx->module_esalt_size = module_esalt_size;
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
module_ctx->module_hash_binary_count = MODULE_DEFAULT;
module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
module_ctx->module_hash_binary_save = MODULE_DEFAULT;
module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
module_ctx->module_hash_decode = module_hash_decode;
module_ctx->module_hash_encode_status = MODULE_DEFAULT;
module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_encode = module_hash_encode;
module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
module_ctx->module_hash_mode = MODULE_DEFAULT;
module_ctx->module_hash_category = module_hash_category;
module_ctx->module_hash_name = module_hash_name;
module_ctx->module_hashes_count_min = MODULE_DEFAULT;
module_ctx->module_hashes_count_max = MODULE_DEFAULT;
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_size = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_init = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_term = MODULE_DEFAULT;
module_ctx->module_hook12 = MODULE_DEFAULT;
module_ctx->module_hook23 = MODULE_DEFAULT;
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
module_ctx->module_hook_size = MODULE_DEFAULT;
module_ctx->module_jit_build_options = MODULE_DEFAULT;
module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
module_ctx->module_kern_type = module_kern_type;
module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
module_ctx->module_opti_type = module_opti_type;
module_ctx->module_opts_type = module_opts_type;
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
module_ctx->module_potfile_disable = MODULE_DEFAULT;
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
module_ctx->module_pwdump_column = MODULE_DEFAULT;
module_ctx->module_pw_max = module_pw_max;
module_ctx->module_pw_min = MODULE_DEFAULT;
module_ctx->module_salt_max = MODULE_DEFAULT;
module_ctx->module_salt_min = MODULE_DEFAULT;
module_ctx->module_salt_type = module_salt_type;
module_ctx->module_separator = MODULE_DEFAULT;
module_ctx->module_st_hash = module_st_hash;
module_ctx->module_st_pass = module_st_pass;
module_ctx->module_tmp_size = module_tmp_size;
module_ctx->module_unstable_warning = MODULE_DEFAULT;
module_ctx->module_warmup_disable = MODULE_DEFAULT;
}

363
src/modules/module_24420.c Normal file
View File

@ -0,0 +1,363 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#include "common.h"
#include "types.h"
#include "modules.h"
#include "bitops.h"
#include "convert.h"
#include "shared.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
static const u32 DGST_POS1 = 1;
static const u32 DGST_POS2 = 2;
static const u32 DGST_POS3 = 3;
static const u32 DGST_SIZE = DGST_SIZE_4_4;
static const u32 HASH_CATEGORY = HASH_CATEGORY_PRIVATE_KEY;
static const char *HASH_NAME = "PKCS#8 Private Keys (PBKDF2-HMAC-SHA256 + 3DES/AES)";
static const u64 KERN_TYPE = 24420;
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_SUGGEST_KG;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "hashcat";
static const char *ST_HASH = "$PEM$2$4$ed02960b8a10b1f1$2048$a634c482a95f23bd8fada558e1bac2cf$1232$50b21db4aededb96417a9b88131e6bc3727739b4aa1413417338efaa6a756f27c32db5c339d9c3ba61c746bbe3d6c5e0a023f965e70fb617e78a00890b8c7fc7c9f5e0ab39f35bf58ab40f6ed15441338134d041ca59783437ef681a51132c085abb3830df95e9f94d11da54d61679ca6e40136da96ffe205ce191002458143f03cba3aeca6b22a3f0689d5582b3e6c01baee7a04d875ed44bb84fa0ed0a3aae1ed392645cced385498eef4ec25bf6d1399f1487f3625fad9fee25aabf18edb1ce5e640e834d31251b882601f23c2b2d77a45c84e0fc8a3a42e3ff9f75e7ac815c57a7e943ad803ab3672f85a37c6b92d0813590d47a31788643449dce67f135363a0c14f089629a1274b124539535df5f50df5d4402f7a109738f56467725a8aa3884562c8b4c42c068c3502be86e20ac9c52c0daec22e47dcbefebe902b1dc791ed3cd069c7f9211e43f5a3274450f4b0f0b7c6f59adeca8b39ed130b6cbda7cf98e15bbba21fa1758a28dc2edf2e2f17fc353853dc881458e59184f5a8f6e09456e4d71d90135a8ce67350f7bcb3d900e75585e3a87c0c8482f3917347fcfad4fdb8915991cffd20dae1502d0f69d385244e489e50cc9f24b15a5f9d0b00d62805026db5378b5408d7d719786eb043659a452096736e4a7501548655df83045dc4e86bd3319f2982e6db2bbb239019202cebf2ca68c05b578ba95cef82397b145c80208cd7ffd9b0cd5fc3d0d7ea26401c8e11c28ab8d1a524b884962e7fee597943a5e38137abb8b26a7772f0ad6dad074dcfd0b5794822aa7e43d10cab2c95e63b6459706dc21a1cbbd7ae4c96b40ee4d7039cf84c416cb879b2d30b7ac5e1860dcd2ab5479c39b748f5fd9336934c9c1e8064ffb0906c0c2898479209d1a9c97c3cd1782d7514e94d01b242a371a2df5592d620ebd6e18e63ff24ee8ba182f17e6c578431d738e955a957469e8069a919fd3a15532d460201d4e38ac04ac494b9cde1731d4511bf8faf8420a9de4f8c7d3d721fc30d8c3664683fd91ad3515e97092fb652205fb087890cb594947f5372c9b0b27f08b4b57bf610f777fcf040e6e7b8cedf85113dfd909cbac4b774c7580686f2e1f261898da4c6804d573fb22248005f5e0d3b256a0f3dcb71c47b3d674352bda82c22a513e381f990b6100328185511de9b3352126c5aedb9b0bde15743b42e231ef7227c0fe478044ce69474a740366058f07e56dde7d6089cb76e606482e7ba206355fc0fa180c4a41ae781e4723120e3d5a1dd40224db2c959ecbc9bce88bfeed64082d07b111e88a2d8a6a6fe097c9a298a6c3f76beb5b3b5aecedbbbcd404aac8fd25c069c747338ca0c81e6b63d87fc4f0bc18a86b721e3a16e9875741e0313057de8476ee84e36efe557dc33a7d23a9426f2e359781147607ad79235c9d7846320fe2d963fac79a5c92ff3067595273931174d2173f63cfceb9f62a873e7c240d3c260bcfb02b2697911321a72455cacc6929133d0af2cdf6d59a63293ac508786a4850267f90993fff3b6c07bbf3af0e3c08638148101ae1495da3360614866e238c4f60ca00f615877be80cc708da5ea1c30032acffd0e55429ba29dca409349d901a49831db44c1e58b7530b383d3f7e1cac79200cad9bdf87451783f2ffdab09b230aab52b41fa42fdd9f1f05a3dda0fa16b011c51e330d044adf394bbbb7fa25efc860f3082e42824be3b96943afbe641fe6bb";
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
typedef struct pkcs_sha256_tmp
{
u32 ipad[8];
u32 opad[8];
u32 dgst[32];
u32 out[32];
} pkcs_sha256_tmp_t;
typedef struct pkcs
{
int cipher;
u32 data_buf[16384];
int data_len;
u32 iv_buf[4];
} pkcs_t;
static const char *SIGNATURE_PEM = "$PEM$";
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 esalt_size = (const u64) sizeof (pkcs_t);
return esalt_size;
}
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 tmp_size = (const u64) sizeof (pkcs_sha256_tmp_t);
return tmp_size;
}
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
// this overrides the reductions of PW_MAX in case optimized kernel is selected
// IOW, even in optimized kernel mode it support length 256
const u32 pw_max = PW_MAX;
return pw_max;
}
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
{
u32 *digest = (u32 *) digest_buf;
pkcs_t *pkcs = (pkcs_t *) esalt_buf;
token_t token;
token.token_cnt = 8;
token.signatures_cnt = 1;
token.signatures_buf[0] = SIGNATURE_PEM;
token.len[0] = 5;
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_SIGNATURE;
token.sep[1] = '$';
token.len_min[1] = 1;
token.len_max[1] = 1;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.sep[2] = '$';
token.len_min[2] = 1;
token.len_max[2] = 1;
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.sep[3] = '$';
token.len_min[3] = 16;
token.len_max[3] = 16;
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[4] = '$';
token.len_min[4] = 1;
token.len_max[4] = 8;
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.sep[5] = '$';
token.len_min[5] = 16; // can be either 16 or 32
token.len_max[5] = 32; // exact check deeper in decoder code
token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[6] = '$';
token.len_min[6] = 1;
token.len_max[6] = 8;
token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.sep[7] = '$';
token.len_min[7] = 64; // 64 = minimum size (32 byte) to avoid out of boundary read in kernel
token.len_max[7] = 65536; // 65536 = maximum asn.1 size fitting into 2 byte length integer
token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
// type
const u8 *type_pos = token.buf[1];
if (type_pos[0] != '2') return (PARSER_SIGNATURE_UNMATCHED);
// cipher
const u8 *cipher_pos = token.buf[2];
int cipher = hc_strtoul ((const char *) cipher_pos, NULL, 10);
if ((cipher != 1)
&& (cipher != 2)
&& (cipher != 3)
&& (cipher != 4)) return (PARSER_CIPHER);
pkcs->cipher = cipher;
// salt buffer
const u8 *salt_pos = token.buf[3];
salt->salt_buf[0] = hex_to_u32 (salt_pos + 0);
salt->salt_buf[1] = hex_to_u32 (salt_pos + 8);
salt->salt_len = 8;
// iter
const u8 *iter_pos = token.buf[4];
const u32 iter = hc_strtoul ((const char *) iter_pos, NULL, 10);
salt->salt_iter = iter - 1;
// IV buffer
const u8 *iv_pos = token.buf[5];
const int iv_len = token.len[5];
if (cipher == 1)
{
if (iv_len != 16) return (PARSER_SALT_LENGTH);
pkcs->iv_buf[0] = hex_to_u32 (iv_pos + 0);
pkcs->iv_buf[1] = hex_to_u32 (iv_pos + 8);
}
else
{
if (iv_len != 32) return (PARSER_SALT_LENGTH);
pkcs->iv_buf[0] = hex_to_u32 (iv_pos + 0);
pkcs->iv_buf[1] = hex_to_u32 (iv_pos + 8);
pkcs->iv_buf[2] = hex_to_u32 (iv_pos + 16);
pkcs->iv_buf[3] = hex_to_u32 (iv_pos + 24);
}
// data length
const u8 *data_len_verify_pos = token.buf[6];
const int data_len_verify = hc_strtoul ((const char *) data_len_verify_pos, NULL, 10);
// data
const u8 *data_pos = token.buf[7];
const int data_len = token.len[7];
pkcs->data_len = hex_decode (data_pos, data_len, (u8 *) pkcs->data_buf);
if (data_len_verify != pkcs->data_len) return (PARSER_HASH_LENGTH);
// data has to be a multiple of cipher block size
int cipher_bs = 0;
if (cipher == 1) { cipher_bs = 8; }
else if (cipher == 2) { cipher_bs = 16; }
else if (cipher == 3) { cipher_bs = 16; }
else if (cipher == 4) { cipher_bs = 16; }
if (pkcs->data_len % cipher_bs) return (PARSER_HASH_LENGTH);
// hash
digest[0] = pkcs->data_buf[0];
digest[1] = pkcs->data_buf[1];
digest[2] = pkcs->data_buf[2];
digest[3] = pkcs->data_buf[3];
return (PARSER_OK);
}
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
pkcs_t *pkcs = (pkcs_t *) esalt_buf;
u8 *out_buf = (u8 *) line_buf;
int out_len;
if (pkcs->cipher == 1)
{
out_len = snprintf ((char *) out_buf, line_size, "%s2$%d$%08x%08x$%d$%08x%08x$%d$",
SIGNATURE_PEM,
pkcs->cipher,
byte_swap_32 (salt->salt_buf[0]),
byte_swap_32 (salt->salt_buf[1]),
salt->salt_iter + 1,
byte_swap_32 (pkcs->iv_buf[0]),
byte_swap_32 (pkcs->iv_buf[1]),
pkcs->data_len);
}
else
{
out_len = snprintf ((char *) out_buf, line_size, "%s2$%d$%08x%08x$%d$%08x%08x%08x%08x$%d$",
SIGNATURE_PEM,
pkcs->cipher,
byte_swap_32 (salt->salt_buf[0]),
byte_swap_32 (salt->salt_buf[1]),
salt->salt_iter + 1,
byte_swap_32 (pkcs->iv_buf[0]),
byte_swap_32 (pkcs->iv_buf[1]),
byte_swap_32 (pkcs->iv_buf[2]),
byte_swap_32 (pkcs->iv_buf[3]),
pkcs->data_len);
}
out_len += hex_encode ((const u8 *) pkcs->data_buf, pkcs->data_len, (u8 *) out_buf + out_len);
return out_len;
}
void module_init (module_ctx_t *module_ctx)
{
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
module_ctx->module_attack_exec = module_attack_exec;
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
module_ctx->module_dgst_pos0 = module_dgst_pos0;
module_ctx->module_dgst_pos1 = module_dgst_pos1;
module_ctx->module_dgst_pos2 = module_dgst_pos2;
module_ctx->module_dgst_pos3 = module_dgst_pos3;
module_ctx->module_dgst_size = module_dgst_size;
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
module_ctx->module_esalt_size = module_esalt_size;
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
module_ctx->module_hash_binary_count = MODULE_DEFAULT;
module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
module_ctx->module_hash_binary_save = MODULE_DEFAULT;
module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
module_ctx->module_hash_decode = module_hash_decode;
module_ctx->module_hash_encode_status = MODULE_DEFAULT;
module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_encode = module_hash_encode;
module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
module_ctx->module_hash_mode = MODULE_DEFAULT;
module_ctx->module_hash_category = module_hash_category;
module_ctx->module_hash_name = module_hash_name;
module_ctx->module_hashes_count_min = MODULE_DEFAULT;
module_ctx->module_hashes_count_max = MODULE_DEFAULT;
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_size = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_init = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_term = MODULE_DEFAULT;
module_ctx->module_hook12 = MODULE_DEFAULT;
module_ctx->module_hook23 = MODULE_DEFAULT;
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
module_ctx->module_hook_size = MODULE_DEFAULT;
module_ctx->module_jit_build_options = MODULE_DEFAULT;
module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
module_ctx->module_kern_type = module_kern_type;
module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
module_ctx->module_opti_type = module_opti_type;
module_ctx->module_opts_type = module_opts_type;
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
module_ctx->module_potfile_disable = MODULE_DEFAULT;
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
module_ctx->module_pwdump_column = MODULE_DEFAULT;
module_ctx->module_pw_max = module_pw_max;
module_ctx->module_pw_min = MODULE_DEFAULT;
module_ctx->module_salt_max = MODULE_DEFAULT;
module_ctx->module_salt_min = MODULE_DEFAULT;
module_ctx->module_salt_type = module_salt_type;
module_ctx->module_separator = MODULE_DEFAULT;
module_ctx->module_st_hash = module_st_hash;
module_ctx->module_st_pass = module_st_pass;
module_ctx->module_tmp_size = module_tmp_size;
module_ctx->module_unstable_warning = MODULE_DEFAULT;
module_ctx->module_warmup_disable = MODULE_DEFAULT;
}

View File

@ -0,0 +1,212 @@
#!/usr/bin/env perl
##
## Author......: See docs/credits.txt
## License.....: MIT
##
use strict;
use warnings;
use Crypt::CBC;
use Crypt::PBKDF2;
use Convert::ASN1 qw(:io);
sub module_constraints { [[0, 256], [16, 16], [-1, -1], [-1, -1], [-1, -1]] }
sub module_generate_hash
{
my $word = shift;
my $salt = shift;
my $cid = shift // random_number (1, 4);
my $iter = shift // 2048;
my $iv = shift;
my $data = shift;
my $key_len = 0;
if ($cid == 1) { $key_len = 24; }
elsif ($cid == 2) { $key_len = 16; }
elsif ($cid == 3) { $key_len = 24; }
elsif ($cid == 4) { $key_len = 32; }
my $kdf = Crypt::PBKDF2->new
(
hash_class => 'HMACSHA1',
iterations => $iter,
output_len => $key_len
);
my $salt_bin = pack ("H*", $salt);
my $iv_bin;
my $data_bin;
my $key = $kdf->PBKDF2 ($salt_bin, $word);
my $is_decrypt = defined ($data);
if ($is_decrypt == 1)
{
$iv_bin = pack ("H*", $iv);
$data_bin = pack ("H*", $data);
my $dec_bin;
if ($cid == 1)
{
my $aes = Crypt::CBC->new ({
cipher => "Crypt::DES_EDE3",
key => $key,
iv => $iv_bin,
keysize => $key_len,
literal_key => 1,
header => "none",
padding => "standard",
});
$dec_bin = $aes->decrypt ($data_bin);
}
else
{
my $aes = Crypt::CBC->new ({
cipher => "Crypt::Rijndael",
key => $key,
iv => $iv_bin,
keysize => $key_len,
literal_key => 1,
header => "none",
padding => "standard",
});
$dec_bin = $aes->decrypt ($data_bin);
}
## This is a ridiculous check of successfull decryption
## There are no useable asn1 parsers for perl available
## We have to rely on a combination of padding check and pattern matching
## The (minimum) 16 bit should be good enough for a unit test
if (length ($dec_bin) < length ($data_bin))
{
if (substr ($dec_bin, 0, 1) eq "\x30")
{
$data_bin = $dec_bin;
}
}
}
else
{
if ($cid == 1)
{
$iv_bin = random_bytes (8);
}
else
{
$iv_bin = random_bytes (16);
}
$data_bin = pack ("H*",
"308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100b7a2" .
"e4c254c8174219e60d9cce96737a906797b8edb86af8f055f60db7bd298b0d31d7ce97ebeae393d5" .
"0e6da5215b58dcd72f4d3cac9e79b6ccaed7da47d2bd04f6a767f5ab7dc0f58beb6298c1e2358ed6" .
"d3ef441f2326ac5db0027e08ae6c7724ff9a2a220a07e97319b6eff5cd653c7ab8b6ea9f9e89a40a" .
"b856f036acfd39b1e5926964a024de35052de6d3423fe763569f48869c834750b28f09cecdddb54a" .
"5526a2c5159d22d24606a2af6c6f47a5d9c04c454896192b8e7b82cf6f6934a23d3495059cb7e43b" .
"98a20bd5b5782e15d93c8b289838c0a1df82ee429f0708d97aa40d6e75ec57ff12a2714871f241a8" .
"6f6d8d3472b084aeb748da33e2d50203010001028201004afab8dadc1122e5fb7b225dbf4051005f" .
"4bdcf84620019589541ff633ea89b6dbf958fb62ae9226bfeac34c639b3e18077bd935792ba63d5e" .
"352ec2b5be93be57f37a21097f2f06857bceed601ff2041a417f2177b81afb246fd079040af96512" .
"34ca24a1456ac11641c7e319114cff23f59bcc1bfa769a0e9fcdeab98429973e10caf303f2bcb065" .
"f22c1cc259556de8377431237da7082cf03ce8da9530be398022f0171d468d92fcabbe776a5e9cf2" .
"045642868406fd03ab735a70bfec3a951bb3c7a1de0fb3ff63cef23897e4fc3f9c5edf62fd45d058" .
"fedc7d2fb22ec928984a061053a7138ce0417b5512579a92be0775104c0bc911f68a5e8ede298102" .
"818100e4e17e2c752dbf1ad1025a074dc5f9c3c5989d23c84594313373d3e4ed0c0ddd74429ab026" .
"535c5e77549d888835bc94f069ebc5e77fdbd2ddf4c8be6cf777799a6d8d18e2b8cecfc13ab26df8" .
"b71ca3d94c2193c294042fb1025fdab38ba7aaeafebd8dd1f9d78ee67100693e99255dad6b964ebf" .
"b7401a03b67d412fabb33502818100cd65067097e307643df1fc8214db1dd7d09342ef01417a2620" .
"adad87352a58b8fcf07521289da3851623d8d045935fab7ecccc52ba0b86adcb92da76255e00289b" .
"af9aacd936201861b0021249f4ab5e6020db823af7171aef0bbbd02dc94d2489fc0b68500bd1b7d2" .
"81ed69fe4a44384161fe906e49bc91e0362b446ec2c521028180497662d40c2c49b966ba758100a2" .
"799f2f8de369f7bef568b1560cfdde63cf13745c685fff7d2419a1fd83aeade1698cf87956d6a78e" .
"2f55482e683c4ea7432ec1b545e365e9e15f676ada98578b166334bcadce4a56cddd2cd85141d5fd" .
"0e2cdace36b30d613ea1bc2f2aed9cccf4e4536443d334cfb180680eabb73f80c1bd0281803f30fc" .
"b93951a4dd875d62e5968b0f746d7c51147d5b6abc3e4390e6cf4997005af993dfbec23923e1fae7" .
"62b47531f2ee510defc9c3700d1a5bb510b2506856160801db79fc78056850a16285145c80edac4e" .
"3c93ed9f532f067a2303633273b26c340a44ce4e1873107c3da6f9ac616e643ad0aecdcad14a9cff" .
"d4cf0ae76102818100b82528a3dfc595cf9c6a025998491e3b4849c71aa8d1222ddb14af7f82fbe5" .
"169ec3ba18ec28d5a9501e95bc9da72cea99e4cdfdf898f40bec6b28f838243d2f39d7226e0873ed" .
"ee752bcae07639a4bd0eb31be1718c456391630b83ad0e9bf3fa18a645007e64fe59af467ea021f9" .
"e9a0dd759b21cd0b93333a73116abcaa2a"
);
}
my $enc_bin;
if ($cid == 1)
{
my $aes = Crypt::CBC->new ({
cipher => "Crypt::DES_EDE3",
key => $key,
iv => $iv_bin,
keysize => $key_len,
literal_key => 1,
header => "none",
padding => "standard",
});
$enc_bin = $aes->encrypt ($data_bin);
}
else
{
my $aes = Crypt::CBC->new ({
cipher => "Crypt::Rijndael",
key => $key,
iv => $iv_bin,
keysize => $key_len,
literal_key => 1,
header => "none",
padding => "standard",
});
$enc_bin = $aes->encrypt ($data_bin);
}
my $hash = sprintf ('$PEM$1$%d$%s$%d$%s$%d$%s', $cid, unpack ("H*", $salt_bin), $iter, unpack ("H*", $iv_bin), length ($enc_bin), unpack ("H*", $enc_bin));
return $hash;
}
sub module_verify_hash
{
my $line = shift;
my $idx = index ($line, ':');
return unless $idx >= 0;
my $hash = substr ($line, 0, $idx);
my $word = substr ($line, $idx + 1);
return unless substr ($hash, 0, 6) eq '$PEM$1';
my (undef, $signature, $hid, $cid, $salt, $iter, $iv, undef, $data) = split '\$', $hash;
return unless defined $signature;
return unless defined $hid;
return unless defined $cid;
return unless defined $salt;
return unless defined $iter;
return unless defined $iv;
return unless defined $data;
return unless ($signature eq 'PEM');
return unless ($hid eq '1');
my $word_packed = pack_if_HEX_notation ($word);
my $new_hash = module_generate_hash ($word_packed, $salt, $cid, $iter, $iv, $data);
return ($new_hash, $word);
}
1;

View File

@ -0,0 +1,212 @@
#!/usr/bin/env perl
##
## Author......: See docs/credits.txt
## License.....: MIT
##
use strict;
use warnings;
use Crypt::CBC;
use Crypt::PBKDF2;
use Convert::ASN1 qw(:io);
sub module_constraints { [[0, 256], [16, 16], [-1, -1], [-1, -1], [-1, -1]] }
sub module_generate_hash
{
my $word = shift;
my $salt = shift;
my $cid = shift // random_number (1, 4);
my $iter = shift // 2048;
my $iv = shift;
my $data = shift;
my $key_len = 0;
if ($cid == 1) { $key_len = 24; }
elsif ($cid == 2) { $key_len = 16; }
elsif ($cid == 3) { $key_len = 24; }
elsif ($cid == 4) { $key_len = 32; }
my $kdf = Crypt::PBKDF2->new
(
hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
iterations => $iter,
output_len => $key_len
);
my $salt_bin = pack ("H*", $salt);
my $iv_bin;
my $data_bin;
my $key = $kdf->PBKDF2 ($salt_bin, $word);
my $is_decrypt = defined ($data);
if ($is_decrypt == 1)
{
$iv_bin = pack ("H*", $iv);
$data_bin = pack ("H*", $data);
my $dec_bin;
if ($cid == 1)
{
my $aes = Crypt::CBC->new ({
cipher => "Crypt::DES_EDE3",
key => $key,
iv => $iv_bin,
keysize => $key_len,
literal_key => 1,
header => "none",
padding => "standard",
});
$dec_bin = $aes->decrypt ($data_bin);
}
else
{
my $aes = Crypt::CBC->new ({
cipher => "Crypt::Rijndael",
key => $key,
iv => $iv_bin,
keysize => $key_len,
literal_key => 1,
header => "none",
padding => "standard",
});
$dec_bin = $aes->decrypt ($data_bin);
}
## This is a ridiculous check of successfull decryption
## There are no useable asn1 parsers for perl available
## We have to rely on a combination of padding check and pattern matching
## The (minimum) 16 bit should be good enough for a unit test
if (length ($dec_bin) < length ($data_bin))
{
if (substr ($dec_bin, 0, 1) eq "\x30")
{
$data_bin = $dec_bin;
}
}
}
else
{
if ($cid == 1)
{
$iv_bin = random_bytes (8);
}
else
{
$iv_bin = random_bytes (16);
}
$data_bin = pack ("H*",
"308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100b7a2" .
"e4c254c8174219e60d9cce96737a906797b8edb86af8f055f60db7bd298b0d31d7ce97ebeae393d5" .
"0e6da5215b58dcd72f4d3cac9e79b6ccaed7da47d2bd04f6a767f5ab7dc0f58beb6298c1e2358ed6" .
"d3ef441f2326ac5db0027e08ae6c7724ff9a2a220a07e97319b6eff5cd653c7ab8b6ea9f9e89a40a" .
"b856f036acfd39b1e5926964a024de35052de6d3423fe763569f48869c834750b28f09cecdddb54a" .
"5526a2c5159d22d24606a2af6c6f47a5d9c04c454896192b8e7b82cf6f6934a23d3495059cb7e43b" .
"98a20bd5b5782e15d93c8b289838c0a1df82ee429f0708d97aa40d6e75ec57ff12a2714871f241a8" .
"6f6d8d3472b084aeb748da33e2d50203010001028201004afab8dadc1122e5fb7b225dbf4051005f" .
"4bdcf84620019589541ff633ea89b6dbf958fb62ae9226bfeac34c639b3e18077bd935792ba63d5e" .
"352ec2b5be93be57f37a21097f2f06857bceed601ff2041a417f2177b81afb246fd079040af96512" .
"34ca24a1456ac11641c7e319114cff23f59bcc1bfa769a0e9fcdeab98429973e10caf303f2bcb065" .
"f22c1cc259556de8377431237da7082cf03ce8da9530be398022f0171d468d92fcabbe776a5e9cf2" .
"045642868406fd03ab735a70bfec3a951bb3c7a1de0fb3ff63cef23897e4fc3f9c5edf62fd45d058" .
"fedc7d2fb22ec928984a061053a7138ce0417b5512579a92be0775104c0bc911f68a5e8ede298102" .
"818100e4e17e2c752dbf1ad1025a074dc5f9c3c5989d23c84594313373d3e4ed0c0ddd74429ab026" .
"535c5e77549d888835bc94f069ebc5e77fdbd2ddf4c8be6cf777799a6d8d18e2b8cecfc13ab26df8" .
"b71ca3d94c2193c294042fb1025fdab38ba7aaeafebd8dd1f9d78ee67100693e99255dad6b964ebf" .
"b7401a03b67d412fabb33502818100cd65067097e307643df1fc8214db1dd7d09342ef01417a2620" .
"adad87352a58b8fcf07521289da3851623d8d045935fab7ecccc52ba0b86adcb92da76255e00289b" .
"af9aacd936201861b0021249f4ab5e6020db823af7171aef0bbbd02dc94d2489fc0b68500bd1b7d2" .
"81ed69fe4a44384161fe906e49bc91e0362b446ec2c521028180497662d40c2c49b966ba758100a2" .
"799f2f8de369f7bef568b1560cfdde63cf13745c685fff7d2419a1fd83aeade1698cf87956d6a78e" .
"2f55482e683c4ea7432ec1b545e365e9e15f676ada98578b166334bcadce4a56cddd2cd85141d5fd" .
"0e2cdace36b30d613ea1bc2f2aed9cccf4e4536443d334cfb180680eabb73f80c1bd0281803f30fc" .
"b93951a4dd875d62e5968b0f746d7c51147d5b6abc3e4390e6cf4997005af993dfbec23923e1fae7" .
"62b47531f2ee510defc9c3700d1a5bb510b2506856160801db79fc78056850a16285145c80edac4e" .
"3c93ed9f532f067a2303633273b26c340a44ce4e1873107c3da6f9ac616e643ad0aecdcad14a9cff" .
"d4cf0ae76102818100b82528a3dfc595cf9c6a025998491e3b4849c71aa8d1222ddb14af7f82fbe5" .
"169ec3ba18ec28d5a9501e95bc9da72cea99e4cdfdf898f40bec6b28f838243d2f39d7226e0873ed" .
"ee752bcae07639a4bd0eb31be1718c456391630b83ad0e9bf3fa18a645007e64fe59af467ea021f9" .
"e9a0dd759b21cd0b93333a73116abcaa2a"
);
}
my $enc_bin;
if ($cid == 1)
{
my $aes = Crypt::CBC->new ({
cipher => "Crypt::DES_EDE3",
key => $key,
iv => $iv_bin,
keysize => $key_len,
literal_key => 1,
header => "none",
padding => "standard",
});
$enc_bin = $aes->encrypt ($data_bin);
}
else
{
my $aes = Crypt::CBC->new ({
cipher => "Crypt::Rijndael",
key => $key,
iv => $iv_bin,
keysize => $key_len,
literal_key => 1,
header => "none",
padding => "standard",
});
$enc_bin = $aes->encrypt ($data_bin);
}
my $hash = sprintf ('$PEM$2$%d$%s$%d$%s$%d$%s', $cid, unpack ("H*", $salt_bin), $iter, unpack ("H*", $iv_bin), length ($enc_bin), unpack ("H*", $enc_bin));
return $hash;
}
sub module_verify_hash
{
my $line = shift;
my $idx = index ($line, ':');
return unless $idx >= 0;
my $hash = substr ($line, 0, $idx);
my $word = substr ($line, $idx + 1);
return unless substr ($hash, 0, 6) eq '$PEM$2';
my (undef, $signature, $hid, $cid, $salt, $iter, $iv, undef, $data) = split '\$', $hash;
return unless defined $signature;
return unless defined $hid;
return unless defined $cid;
return unless defined $salt;
return unless defined $iter;
return unless defined $iv;
return unless defined $data;
return unless ($signature eq 'PEM');
return unless ($hid eq '2');
my $word_packed = pack_if_HEX_notation ($word);
my $new_hash = module_generate_hash ($word_packed, $salt, $cid, $iter, $iv, $data);
return ($new_hash, $word);
}
1;