From ac2eff18a56f7aa5a1a729a72d7fe5e24449cd63 Mon Sep 17 00:00:00 2001 From: David Llewellyn-Jones Date: Sun, 14 Aug 2016 21:12:24 +0100 Subject: [PATCH] Add mangling code This adds code to mangle the password before it's hashed. This allows test for password pre-hashing. Currently this code is inaccessible and the C code needs updating to support it. --- OpenCL/m00000_a0_m.cl | 9 +- OpenCL/m00000_a1_m.cl | 53 +++-- OpenCL/m00000_a3_m.cl | 135 ++++++++++- OpenCL/m00060_a0_m.cl | 9 +- OpenCL/mangle.cl | 537 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 724 insertions(+), 19 deletions(-) create mode 100644 OpenCL/mangle.cl diff --git a/OpenCL/m00000_a0_m.cl b/OpenCL/m00000_a0_m.cl index 773d230..17ee25f 100644 --- a/OpenCL/m00000_a0_m.cl +++ b/OpenCL/m00000_a0_m.cl @@ -15,6 +15,7 @@ #include "inc_rp.h" #include "inc_rp.cl" #include "inc_simd.cl" +#include "mangle.cl" __kernel void m00000_m04 (__global pw_t *pws, __global kernel_rule_t *rules_buf, __global comb_t *combs_buf, __global bf_t *bfs_buf, __global void *tmps, __global void *hooks, __global u32 *bitmaps_buf_s1_a, __global u32 *bitmaps_buf_s1_b, __global u32 *bitmaps_buf_s1_c, __global u32 *bitmaps_buf_s1_d, __global u32 *bitmaps_buf_s2_a, __global u32 *bitmaps_buf_s2_b, __global u32 *bitmaps_buf_s2_c, __global u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global digest_t *digests_buf, __global u32 *hashes_shown, __global salt_t *salt_bufs, __global void *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) { @@ -57,7 +58,9 @@ __kernel void m00000_m04 (__global pw_t *pws, __global kernel_rule_t *rules_buf, u32x w2[4] = { 0 }; u32x w3[4] = { 0 }; - const u32x out_len = apply_rules_vect (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + u32x out_len = apply_rules_vect (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + + out_len = mangle(w0, w1, out_len); append_0x80_2x4_VV (w0, w1, out_len); @@ -202,7 +205,9 @@ __kernel void m00000_s04 (__global pw_t *pws, __global kernel_rule_t *rules_buf, u32x w2[4] = { 0 }; u32x w3[4] = { 0 }; - const u32x out_len = apply_rules_vect (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + u32x out_len = apply_rules_vect (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + + out_len = mangle(w0, w1, out_len); append_0x80_2x4_VV (w0, w1, out_len); diff --git a/OpenCL/m00000_a1_m.cl b/OpenCL/m00000_a1_m.cl index f3d420f..0647a03 100644 --- a/OpenCL/m00000_a1_m.cl +++ b/OpenCL/m00000_a1_m.cl @@ -13,6 +13,7 @@ #include "inc_types.cl" #include "inc_common.cl" #include "inc_simd.cl" +#include "mangle.cl" __kernel void m00000_m04 (__global pw_t *pws, __global kernel_rule_t *rules_buf, __global comb_t *combs_buf, __global bf_t *bfs_buf, __global void *tmps, __global void *hooks, __global u32 *bitmaps_buf_s1_a, __global u32 *bitmaps_buf_s1_b, __global u32 *bitmaps_buf_s1_c, __global u32 *bitmaps_buf_s1_d, __global u32 *bitmaps_buf_s2_a, __global u32 *bitmaps_buf_s2_b, __global u32 *bitmaps_buf_s2_c, __global u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global digest_t *digests_buf, __global u32 *hashes_shown, __global salt_t *salt_bufs, __global void *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max) { @@ -52,7 +53,7 @@ __kernel void m00000_m04 (__global pw_t *pws, __global kernel_rule_t *rules_buf, { const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos); - const u32x pw_len = pw_l_len + pw_r_len; + u32x pw_len = pw_l_len + pw_r_len; /** * concat password candidate @@ -108,12 +109,24 @@ __kernel void m00000_m04 (__global pw_t *pws, __global kernel_rule_t *rules_buf, w1[1] = wordl1[1] | wordr1[1]; w1[2] = wordl1[2] | wordr1[2]; w1[3] = wordl1[3] | wordr1[3]; - w2[0] = wordl2[0] | wordr2[0]; - w2[1] = wordl2[1] | wordr2[1]; - w2[2] = wordl2[2] | wordr2[2]; - w2[3] = wordl2[3] | wordr2[3]; - w3[0] = wordl3[0] | wordr3[0]; - w3[1] = wordl3[1] | wordr3[1]; + + pw_len = mangle(w0, w1, pw_len); + append_0x80_2x4_VV (w0, w1, pw_len); + + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + + //w2[0] = wordl2[0] | wordr2[0]; + //w2[1] = wordl2[1] | wordr2[1]; + //w2[2] = wordl2[2] | wordr2[2]; + //w2[3] = wordl2[3] | wordr2[3]; + //w3[0] = wordl3[0] | wordr3[0]; + //w3[1] = wordl3[1] | wordr3[1]; + w3[2] = pw_len * 8; w3[3] = 0; @@ -256,7 +269,7 @@ __kernel void m00000_s04 (__global pw_t *pws, __global kernel_rule_t *rules_buf, { const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos); - const u32x pw_len = pw_l_len + pw_r_len; + u32x pw_len = pw_l_len + pw_r_len; /** * concat password candidate @@ -312,12 +325,24 @@ __kernel void m00000_s04 (__global pw_t *pws, __global kernel_rule_t *rules_buf, w1[1] = wordl1[1] | wordr1[1]; w1[2] = wordl1[2] | wordr1[2]; w1[3] = wordl1[3] | wordr1[3]; - w2[0] = wordl2[0] | wordr2[0]; - w2[1] = wordl2[1] | wordr2[1]; - w2[2] = wordl2[2] | wordr2[2]; - w2[3] = wordl2[3] | wordr2[3]; - w3[0] = wordl3[0] | wordr3[0]; - w3[1] = wordl3[1] | wordr3[1]; + + pw_len = mangle(w0, w1, pw_len); + append_0x80_2x4_VV (w0, w1, pw_len); + + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + + //w2[0] = wordl2[0] | wordr2[0]; + //w2[1] = wordl2[1] | wordr2[1]; + //w2[2] = wordl2[2] | wordr2[2]; + //w2[3] = wordl2[3] | wordr2[3]; + //w3[0] = wordl3[0] | wordr3[0]; + //w3[1] = wordl3[1] | wordr3[1]; + w3[2] = pw_len * 8; w3[3] = 0; diff --git a/OpenCL/m00000_a3_m.cl b/OpenCL/m00000_a3_m.cl index 2dfcafb..06e5d3c 100644 --- a/OpenCL/m00000_a3_m.cl +++ b/OpenCL/m00000_a3_m.cl @@ -13,6 +13,7 @@ #include "inc_types.cl" #include "inc_common.cl" #include "inc_simd.cl" +#include "mangle.cl" #define MD5_STEP_REV(f,a,b,c,d,x,t,s) \ { \ @@ -40,6 +41,136 @@ void m00000m (u32 w[16], const u32 pw_len, __global pw_t *pws, __global kernel_r const u32 gid = get_global_id (0); const u32 lid = get_local_id (0); + /** + * loop + */ + + u32 w0l = w[0]; + + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE) + { + const u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + //const u32x w0 = w0l | w0r; + + w0[0] = w0l | w0r; + w0[1] = w[1]; + w0[2] = w[2]; + w0[3] = w[3]; + w1[0] = w[4]; + w1[1] = w[5]; + w1[2] = w[6]; + w1[3] = w[7]; + w2[0] = w[8]; + w2[1] = w[9]; + w2[2] = w[10]; + w2[3] = w[11]; + w3[0] = w[12]; + w3[1] = w[13]; + w3[2] = w[14]; + w3[3] = w[15]; + + const u32 out_len = mangle(w0, w1, pw_len); + append_0x80_2x4_VV (w0, w1, out_len); + + w3[2] = out_len * 8; + + u32x a = MD5M_A; + u32x b = MD5M_B; + u32x c = MD5M_C; + u32x d = MD5M_D; + + MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13); + + MD5_STEP (MD5_H , a, b, c, d, w1[1], MD5C20, MD5S20); + MD5_STEP (MD5_H , d, a, b, c, w2[0], MD5C21, MD5S21); + MD5_STEP (MD5_H , c, d, a, b, w2[3], MD5C22, MD5S22); + MD5_STEP (MD5_H , b, c, d, a, w3[2], MD5C23, MD5S23); + MD5_STEP (MD5_H , a, b, c, d, w0[1], MD5C24, MD5S20); + MD5_STEP (MD5_H , d, a, b, c, w1[0], MD5C25, MD5S21); + MD5_STEP (MD5_H , c, d, a, b, w1[3], MD5C26, MD5S22); + MD5_STEP (MD5_H , b, c, d, a, w2[2], MD5C27, MD5S23); + MD5_STEP (MD5_H , a, b, c, d, w3[1], MD5C28, MD5S20); + MD5_STEP (MD5_H , d, a, b, c, w0[0], MD5C29, MD5S21); + MD5_STEP (MD5_H , c, d, a, b, w0[3], MD5C2a, MD5S22); + MD5_STEP (MD5_H , b, c, d, a, w1[2], MD5C2b, MD5S23); + MD5_STEP (MD5_H , a, b, c, d, w2[1], MD5C2c, MD5S20); + MD5_STEP (MD5_H , d, a, b, c, w3[0], MD5C2d, MD5S21); + MD5_STEP (MD5_H , c, d, a, b, w3[3], MD5C2e, MD5S22); + MD5_STEP (MD5_H , b, c, d, a, w0[2], MD5C2f, MD5S23); + + MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33); + MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30); + MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31); + MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32); + MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33); + + COMPARE_M_SIMD (a, d, c, b); + } +} + + + + + + +void m00000m_orig (u32 w[16], const u32 pw_len, __global pw_t *pws, __global kernel_rule_t *rules_buf, __global comb_t *combs_buf, __constant u32x * words_buf_r, __global void *tmps, __global void *hooks, __global u32 *bitmaps_buf_s1_a, __global u32 *bitmaps_buf_s1_b, __global u32 *bitmaps_buf_s1_c, __global u32 *bitmaps_buf_s1_d, __global u32 *bitmaps_buf_s2_a, __global u32 *bitmaps_buf_s2_b, __global u32 *bitmaps_buf_s2_c, __global u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global digest_t *digests_buf, __global u32 *hashes_shown, __global salt_t *salt_bufs, __global void *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset) +{ + /** + * modifier + */ + + const u32 gid = get_global_id (0); + const u32 lid = get_local_id (0); + /** * base */ @@ -122,7 +253,9 @@ void m00000m (u32 w[16], const u32 pw_len, __global pw_t *pws, __global kernel_r { const u32x w0r = words_buf_r[il_pos / VECT_SIZE]; - const u32x w0 = w0l | w0r; + u32x w0 = w0l | w0r; + + w0 = ('o' << 24) + ('e' << 16) + ('h' << 8) + ('t'); u32x a = MD5M_A; u32x b = MD5M_B; diff --git a/OpenCL/m00060_a0_m.cl b/OpenCL/m00060_a0_m.cl index b992cd6..ff47ed1 100644 --- a/OpenCL/m00060_a0_m.cl +++ b/OpenCL/m00060_a0_m.cl @@ -15,6 +15,7 @@ #include "inc_rp.h" #include "inc_rp.cl" #include "inc_simd.cl" +#include "mangle.cl" void md5_transform (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[4]) { @@ -299,7 +300,9 @@ __kernel void m00060_m04 (__global pw_t *pws, __global kernel_rule_t * rules_bu u32x w2[4] = { 0 }; u32x w3[4] = { 0 }; - const u32x out_len = apply_rules_vect (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + u32x out_len = apply_rules_vect (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + + out_len = mangle(w0, w1, out_len); append_0x80_2x4_VV (w0, w1, out_len); @@ -448,7 +451,9 @@ __kernel void m00060_s04 (__global pw_t *pws, __global kernel_rule_t * rules_bu u32x w2[4] = { 0 }; u32x w3[4] = { 0 }; - const u32x out_len = apply_rules_vect (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + u32x out_len = apply_rules_vect (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1); + + out_len = mangle(w0, w1, out_len); append_0x80_2x4_VV (w0, w1, out_len); diff --git a/OpenCL/mangle.cl b/OpenCL/mangle.cl new file mode 100644 index 0000000..f672e69 --- /dev/null +++ b/OpenCL/mangle.cl @@ -0,0 +1,537 @@ +// Domain to use for mangling +__constant u8 domain[] = "flypig.co.uk"; +__constant u32x domain_len = 12; + +// Characters used for base64 encoding +__constant char b64_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +// Perform an MD5 transform step +// Should be called through hmac_md5_pad_mangle and hmac_md5_run_mangle +void md5_transform_mangle (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[4]) +{ + u32x a = digest[0]; + u32x b = digest[1]; + u32x c = digest[2]; + u32x d = digest[3]; + + u32x w0_t = w0[0]; + u32x w1_t = w0[1]; + u32x w2_t = w0[2]; + u32x w3_t = w0[3]; + u32x w4_t = w1[0]; + u32x w5_t = w1[1]; + u32x w6_t = w1[2]; + u32x w7_t = w1[3]; + u32x w8_t = w2[0]; + u32x w9_t = w2[1]; + u32x wa_t = w2[2]; + u32x wb_t = w2[3]; + u32x wc_t = w3[0]; + u32x wd_t = w3[1]; + u32x we_t = w3[2]; + u32x wf_t = w3[3]; + + MD5_STEP (MD5_Fo, a, b, c, d, w0_t, MD5C00, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w1_t, MD5C01, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w2_t, MD5C02, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w3_t, MD5C03, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w4_t, MD5C04, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w5_t, MD5C05, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, w6_t, MD5C06, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, w7_t, MD5C07, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, w8_t, MD5C08, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, w9_t, MD5C09, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, wa_t, MD5C0a, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, wb_t, MD5C0b, MD5S03); + MD5_STEP (MD5_Fo, a, b, c, d, wc_t, MD5C0c, MD5S00); + MD5_STEP (MD5_Fo, d, a, b, c, wd_t, MD5C0d, MD5S01); + MD5_STEP (MD5_Fo, c, d, a, b, we_t, MD5C0e, MD5S02); + MD5_STEP (MD5_Fo, b, c, d, a, wf_t, MD5C0f, MD5S03); + + MD5_STEP (MD5_Go, a, b, c, d, w1_t, MD5C10, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w6_t, MD5C11, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, wb_t, MD5C12, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w0_t, MD5C13, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w5_t, MD5C14, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, wa_t, MD5C15, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, wf_t, MD5C16, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w4_t, MD5C17, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, w9_t, MD5C18, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, we_t, MD5C19, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w3_t, MD5C1a, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, w8_t, MD5C1b, MD5S13); + MD5_STEP (MD5_Go, a, b, c, d, wd_t, MD5C1c, MD5S10); + MD5_STEP (MD5_Go, d, a, b, c, w2_t, MD5C1d, MD5S11); + MD5_STEP (MD5_Go, c, d, a, b, w7_t, MD5C1e, MD5S12); + MD5_STEP (MD5_Go, b, c, d, a, wc_t, MD5C1f, MD5S13); + + MD5_STEP (MD5_H, a, b, c, d, w5_t, MD5C20, MD5S20); + MD5_STEP (MD5_H, d, a, b, c, w8_t, MD5C21, MD5S21); + MD5_STEP (MD5_H, c, d, a, b, wb_t, MD5C22, MD5S22); + MD5_STEP (MD5_H, b, c, d, a, we_t, MD5C23, MD5S23); + MD5_STEP (MD5_H, a, b, c, d, w1_t, MD5C24, MD5S20); + MD5_STEP (MD5_H, d, a, b, c, w4_t, MD5C25, MD5S21); + MD5_STEP (MD5_H, c, d, a, b, w7_t, MD5C26, MD5S22); + MD5_STEP (MD5_H, b, c, d, a, wa_t, MD5C27, MD5S23); + MD5_STEP (MD5_H, a, b, c, d, wd_t, MD5C28, MD5S20); + MD5_STEP (MD5_H, d, a, b, c, w0_t, MD5C29, MD5S21); + MD5_STEP (MD5_H, c, d, a, b, w3_t, MD5C2a, MD5S22); + MD5_STEP (MD5_H, b, c, d, a, w6_t, MD5C2b, MD5S23); + MD5_STEP (MD5_H, a, b, c, d, w9_t, MD5C2c, MD5S20); + MD5_STEP (MD5_H, d, a, b, c, wc_t, MD5C2d, MD5S21); + MD5_STEP (MD5_H, c, d, a, b, wf_t, MD5C2e, MD5S22); + MD5_STEP (MD5_H, b, c, d, a, w2_t, MD5C2f, MD5S23); + + MD5_STEP (MD5_I, a, b, c, d, w0_t, MD5C30, MD5S30); + MD5_STEP (MD5_I, d, a, b, c, w7_t, MD5C31, MD5S31); + MD5_STEP (MD5_I, c, d, a, b, we_t, MD5C32, MD5S32); + MD5_STEP (MD5_I, b, c, d, a, w5_t, MD5C33, MD5S33); + MD5_STEP (MD5_I, a, b, c, d, wc_t, MD5C34, MD5S30); + MD5_STEP (MD5_I, d, a, b, c, w3_t, MD5C35, MD5S31); + MD5_STEP (MD5_I, c, d, a, b, wa_t, MD5C36, MD5S32); + MD5_STEP (MD5_I, b, c, d, a, w1_t, MD5C37, MD5S33); + MD5_STEP (MD5_I, a, b, c, d, w8_t, MD5C38, MD5S30); + MD5_STEP (MD5_I, d, a, b, c, wf_t, MD5C39, MD5S31); + MD5_STEP (MD5_I, c, d, a, b, w6_t, MD5C3a, MD5S32); + MD5_STEP (MD5_I, b, c, d, a, wd_t, MD5C3b, MD5S33); + MD5_STEP (MD5_I, a, b, c, d, w4_t, MD5C3c, MD5S30); + MD5_STEP (MD5_I, d, a, b, c, wb_t, MD5C3d, MD5S31); + MD5_STEP (MD5_I, c, d, a, b, w2_t, MD5C3e, MD5S32); + MD5_STEP (MD5_I, b, c, d, a, w9_t, MD5C3f, MD5S33); + + digest[0] += a; + digest[1] += b; + digest[2] += c; + digest[3] += d; +} + +// Set up the HMAC-MD5 process +// The ipad and opad arrays can be retained to run multiple HMAC-MD5 processes +// without having to recalculate +// w0, w1, w2, w3 - contain up to 64 bytes of the HMAC key +// ipad, opad - contain the returned data to pass into the next call +void hmac_md5_pad_mangle (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4]) +{ + w0[0] = w0[0] ^ 0x36363636; + w0[1] = w0[1] ^ 0x36363636; + w0[2] = w0[2] ^ 0x36363636; + w0[3] = w0[3] ^ 0x36363636; + w1[0] = w1[0] ^ 0x36363636; + w1[1] = w1[1] ^ 0x36363636; + w1[2] = w1[2] ^ 0x36363636; + w1[3] = w1[3] ^ 0x36363636; + w2[0] = w2[0] ^ 0x36363636; + w2[1] = w2[1] ^ 0x36363636; + w2[2] = w2[2] ^ 0x36363636; + w2[3] = w2[3] ^ 0x36363636; + w3[0] = w3[0] ^ 0x36363636; + w3[1] = w3[1] ^ 0x36363636; + w3[2] = w3[2] ^ 0x36363636; + w3[3] = w3[3] ^ 0x36363636; + + ipad[0] = MD5M_A; + ipad[1] = MD5M_B; + ipad[2] = MD5M_C; + ipad[3] = MD5M_D; + + md5_transform_mangle (w0, w1, w2, w3, ipad); + + w0[0] = w0[0] ^ 0x6a6a6a6a; + w0[1] = w0[1] ^ 0x6a6a6a6a; + w0[2] = w0[2] ^ 0x6a6a6a6a; + w0[3] = w0[3] ^ 0x6a6a6a6a; + w1[0] = w1[0] ^ 0x6a6a6a6a; + w1[1] = w1[1] ^ 0x6a6a6a6a; + w1[2] = w1[2] ^ 0x6a6a6a6a; + w1[3] = w1[3] ^ 0x6a6a6a6a; + w2[0] = w2[0] ^ 0x6a6a6a6a; + w2[1] = w2[1] ^ 0x6a6a6a6a; + w2[2] = w2[2] ^ 0x6a6a6a6a; + w2[3] = w2[3] ^ 0x6a6a6a6a; + w3[0] = w3[0] ^ 0x6a6a6a6a; + w3[1] = w3[1] ^ 0x6a6a6a6a; + w3[2] = w3[2] ^ 0x6a6a6a6a; + w3[3] = w3[3] ^ 0x6a6a6a6a; + + opad[0] = MD5M_A; + opad[1] = MD5M_B; + opad[2] = MD5M_C; + opad[3] = MD5M_D; + + md5_transform_mangle (w0, w1, w2, w3, opad); +} + +// Continue the HMAC-MD5 process +// It's up to the caller to add the final length and padding terminators +// hmac_md5_pad_mangle call, which can be used across multiple HMACs +// w0, w1, w2, w3 - contain up to 64 bytes of data to HMAC +// ipad, opad - should contain the output from the +// digest - the 16-byte result of the HMAC +void hmac_md5_run_mangle (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4], u32x digest[4]) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + + md5_transform_mangle (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = 0x80; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = (64 + 16) * 8; + w3[3] = 0; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + + md5_transform_mangle (w0, w1, w2, w3, digest); +} + +// Perfrom an HMAC-MD5 with the given key and using the domain constant as the +// data to HMAC +// in_key - the key to use (the user's password) +// key-len - the length of the key in bytes +// out_digest - returns the 16 byte result +void md5hmac_domain_mangle (u8 const *const in_key, const u32x key_len, u8 out_digest[16]) +{ + u32 pos; + + // Data + u32x data_buf[16]; + + for (pos = 0; pos < domain_len; pos++) + { + ((u8 *) data_buf)[pos] = domain[pos]; + } + for (pos = domain_len; pos < 64; pos++) + { + ((u8 *) data_buf)[pos] = 0; + } + + // Key + u32x key_buf[16]; + + for (pos = 0; pos < key_len; pos++) + { + ((u8 *) key_buf)[pos] = in_key[pos]; + } + for (pos = key_len; pos < 64; pos++) + { + ((u8 *) key_buf)[pos] = 0; + } + + // Pads + u32x ipad[4]; + u32x opad[4]; + + hmac_md5_pad_mangle (key_buf, key_buf + 4, key_buf + 8, key_buf + 12, ipad, opad); + + // Loop (except this time we don't actually loop) + append_0x80_2x4_VV (data_buf, data_buf + 4, domain_len); + + data_buf[14] = (64 + domain_len) * 8; + + hmac_md5_run_mangle (data_buf, data_buf + 4, data_buf + 8, data_buf + 12, ipad, opad, (u32x *) out_digest); +} + +// Base64 encode a string +// base64_hash - the returned hahs +// len - the length of the input string +// base64_plain - the string to encode +// returns the length of the final encoding +u32 b64_encode_mangle (u8 * base64_hash, const u32 len, const u8 * base64_plain) +{ + u8 *out_ptr = (u8 *) base64_hash; + u8 *in_ptr = (u8 *) base64_plain; + u32 out_len; + + u32 i; + + // Encode the easy iniitial characters + out_len = 0; + for (i = 0; i < (len - 2); i += 3) + { + char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)]; + char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30) | ((in_ptr[1] >> 4) & 0x0f)]; + char out_val2 = b64_table[((in_ptr[1] << 2) & 0x3c) | ((in_ptr[2] >> 6) & 0x03)]; + char out_val3 = b64_table[((in_ptr[2] >> 0) & 0x3f)]; + + out_ptr[0] = out_val0 & 0x7f; + out_ptr[1] = out_val1 & 0x7f; + out_ptr[2] = out_val2 & 0x7f; + out_ptr[3] = out_val3 & 0x7f; + + in_ptr += 3; + out_ptr += 4; + out_len += 4; + } + // Deal with the awkward terminating characters if there are any + if (i == (len - 1)) + { + // Input string has one hanging character + char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)]; + char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30)]; + + out_ptr[0] = out_val0 & 0x7f; + out_ptr[1] = out_val1 & 0x7f; + out_ptr[2] = '='; + out_ptr[3] = '='; + + in_ptr += 3; + out_ptr += 4; + out_len += 4; + } + if (i == (len - 2)) + { + // Input string has two hanging characters + char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)]; + char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30) | ((in_ptr[1] >> 4) & 0x0f)]; + char out_val2 = b64_table[((in_ptr[1] << 2) & 0x3c)]; + + out_ptr[0] = out_val0 & 0x7f; + out_ptr[1] = out_val1 & 0x7f; + out_ptr[2] = out_val2 & 0x7f; + out_ptr[3] = '='; + + in_ptr += 3; + out_ptr += 4; + out_len += 4; + } + + return out_len; +} + +// Determine whether a given string contains non-alphanumeric values +// A non-alphanumeric is anything except a-z, A-Z, 0-9 +// data - the string to check +// length - the length of the string +// returns true if there's a non-alphanumeric value, false o/w +bool containsnonalphanumeric_mangle (u8 * data, u32 length) +{ + bool nonalphanumeric; + u32 pos; + char check; + u32 startingSize; + + nonalphanumeric = false; + // Check each character individually + for (pos = 0; (pos < length) && !nonalphanumeric; pos++) + { + check = data[pos]; + if (!((check >= 'a') && (check <= 'z')) && !((check >= 'A') && (check <= 'Z')) && !((check >= '0') && (check <= '9')) && !(check == '_')) + { + nonalphanumeric = true; + } + } + + return nonalphanumeric; +} + +// Determine whether a string contains any value between a given range +// password - the string to check +// length - the length of the string to check +// start - the inclusive lower bound of the range to check between +// end - the inclusive upper bound of the range to check between +// returns true if the string contains a value that falls in the range +// returns false o/w +bool contains_mangle (u8 const *password, u32 length, u8 start, u8 end) +{ + bool doescontain = false; + u32 pos; + + // Check each character individually + for (pos = 0; (pos < length) && (doescontain == false); pos++) + { + if ((password[pos] >= start) && (password[pos] <= end)) + { + doescontain = true; + } + } + + return doescontain; +} + +// Rotate the characters in a string to the left by the given number of +// characters +// torotate - the string to rotate +// length - the length of the string to rotate +// steps - the number of steps to rotate to the left by +void rotate_string_mangle (u8 * torotate, u32 length, u32 steps) +{ + u8 scratch[64]; + u32 pos; + + // Create a rotated copy in a temporary buffer + for (pos = 0; pos < length; pos++) + { + scratch[pos] = torotate[(pos + steps) % length]; + } + + // Copy the result back into the original buffer + for (pos = 0; pos < length; pos++) + { + torotate[pos] = scratch[pos]; + } +} + +// Perform the mangle operation on the string to be hashed +// w0, w1 - the string to be mangled +// in_len - the length of the string to be mangled +u32x mangle (u32x w0[4], u32x w1[4], const u32x in_len) +{ + u32x out_len = in_len; + + u32 digest[4]; + u32 data[8]; + u32 hash[8]; + u32 i; + u32 size; + u32 extrasize; + u32 startingsize; + bool nonalphanumeric; + u32 extrapos; + u8 next; + + hash[0] = w0[0]; + hash[1] = w0[1]; + hash[2] = w0[2]; + hash[3] = w0[3]; + hash[4] = w1[0]; + hash[5] = w1[1]; + hash[6] = w1[2]; + hash[7] = w1[3]; + + // HMAC-MD5 the domain name using the password as the key + md5hmac_domain_mangle ((u8 *) hash, in_len, (u8 *) digest); + + // Check whether the original password contains non-alphanumeric values + nonalphanumeric = containsnonalphanumeric_mangle ((u8 *) hash, in_len); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + + // Base64 encode the HMAC; this will be what we use to generate the password + out_len = b64_encode_mangle ((u8 *) hash, 16, (u8 *) w0); + + out_len = 22; // b64 encoding will produce 24 bytes output, but last two will be "==" + extrasize = 22; + size = in_len + 2; + + // for (i = out_len; i < 32; i++) { + // ((u8 *)hash)[i] = 0; + // } + + startingsize = size - 4; + startingsize = (startingsize < extrasize) ? startingsize : extrasize; + + // Transfer the intial portion for output + for (i = 0; i < startingsize; i++) + { + ((u8 *) data)[i] = ((u8 *) hash)[i]; + } + for (i = startingsize; i < 32; i++) + { + ((u8 *) data)[i] = 0; + } + + extrapos = startingsize; + + // Add the extras + // Capital letter + next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0; + extrapos++; + if (!contains_mangle ((u8 *) data, startingsize, 'A', 'Z')) + { + next = 'A' + (next % ('Z' - 'A' + 1)); + } + ((u8 *) data)[startingsize] = next; + startingsize++; + + // Lower case letter + next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0; + extrapos++; + if (!contains_mangle ((u8 *) data, startingsize, 'a', 'z')) + { + next = 'a' + (next % ('z' - 'a' + 1)); + } + ((u8 *) data)[startingsize] = next; + startingsize++; + + // Number + next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0; + extrapos++; + if (!contains_mangle ((u8 *) data, startingsize, '0', '9')) + { + next = '0' + (next % ('9' - '0' + 1)); + } + ((u8 *) data)[startingsize] = next; + startingsize++; + + // Non alphanumeric + if (containsnonalphanumeric_mangle ((u8 *) data, startingsize) && nonalphanumeric) + { + next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0; + extrapos++; + } + else + { + next = '+'; + } + ((u8 *) data)[startingsize] = next; + startingsize++; + + // If there's no alphanumeric values in the original password + // remove them from the result + if (!nonalphanumeric) + { + for (i = 0; i < startingsize; i++) + { + if (containsnonalphanumeric_mangle (((u8 *) data) + i, 1)) + { + next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0; + extrapos++; + next = 'A' + (next % ('Z' - 'A' + 1)); + ((u8 *) data)[i] = next; + } + } + } + + // Rotate the result to ranomise where the non-alphanumerics are + next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0; + rotate_string_mangle ((u8 *) data, startingsize, next); + ((u8 *) data)[startingsize] = 0; + + out_len = startingsize; + + // Copy th result into the output buffer + w0[0] = data[0]; + w0[1] = data[1]; + w0[2] = data[2]; + w0[3] = data[3]; + w1[0] = data[4]; + w1[1] = data[5]; + w1[2] = data[6]; + w1[3] = data[7]; + + return (out_len); +} -- 2.25.1