1 /*
2  * This file is part of John the Ripper password cracker,
3  * Copyright (c) 1996-2019 by Solar Designer
4  *
5  * ...with changes in the jumbo patch, by various authors
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted.
9  *
10  * There's ABSOLUTELY NO WARRANTY, express or implied.
11  */
12 
13 /*
14  * Some global parameters.
15  */
16 
17 #ifndef _JOHN_PARAMS_H
18 #define _JOHN_PARAMS_H
19 
20 #if !AC_BUILT || HAVE_LIMITS_H
21 #include <limits.h>
22 #endif
23 
24 #include "arch.h"
25 
26 /*
27  * John's version number.
28  */
29 #define JOHN_VERSION			"1.9.0"
30 
31 /*
32  * Define this for release tarballs. It affects the version reporting (will
33  * be the string above and below and never a Git hash) as well as some other
34  * details. Eg. it mutes output of OpenCL run-time build log unless the build
35  * failed.
36  */
37 #define JTR_RELEASE_BUILD 1
38 
39 /*
40  * Jumbo's version number. Note that we must uncomment JTR_RELEASE_BUILD
41  * above, in any release tar-balls (and only then, never ever in Git).
42  */
43 #define JUMBO_POSTFIX			"-jumbo-1"
44 
45 #if JTR_RELEASE_BUILD
46 #define JUMBO_VERSION			JOHN_VERSION JUMBO_POSTFIX
47 #else
48 #define JUMBO_VERSION			JOHN_VERSION JUMBO_POSTFIX "-bleeding"
49 #endif
50 
51 /*
52  * Notes to packagers of John for *BSD "ports", Linux distributions, etc.:
53  *
54  * You do need to set JOHN_SYSTEMWIDE to 1, but you do not need to patch this
55  * file for that.  Instead, you can pass -DJOHN_SYSTEMWIDE in CFLAGS.  You
56  * also do not need to patch the Makefile for that since you can pass the
57  * CFLAGS via "make" command line.  Similarly, you do not need to patch
58  * anything to change JOHN_SYSTEMWIDE_EXEC and JOHN_SYSTEMWIDE_HOME (although
59  * the defaults for these should be fine).
60  *
61  * JOHN_SYSTEMWIDE_EXEC should be set to the _directory_ where John will look
62  * for its "CPU fallback" program binary (which should be another build of John
63  * itself).  This is activated when John is compiled with -DCPU_FALLBACK.
64  * The fallback program binary name is defined with CPU_FALLBACK_BINARY in
65  * architecture-specific header files such as x86-64.h (and the default should
66  * be fine - no need to patch it).  On x86-64, this may be used to
67  * transparently fallback from a -64-xop build to -64-avx, then to plain -64
68  * (which implies SSE2).  On 32-bit x86, this may be used to fallback from -xop
69  * to -avx, then to -sse2, then to -mmx, and finally to -any.  Please do make
70  * use of this functionality in your package if it is built for x86-64 or
71  * 32-bit x86 (yes, you may need to make five builds of John for a single
72  * 32-bit x86 binary package).
73  *
74  * Similarly, -DOMP_FALLBACK activates fallback to OMP_FALLBACK_BINARY in the
75  * JOHN_SYSTEMWIDE_EXEC directory when an OpenMP-enabled build of John
76  * determines that it would otherwise run only one thread, which would often
77  * be less optimal than running a non-OpenMP build.
78  *
79  * CPU_FALLBACK and OMP_FALLBACK may be used together, but in that case you
80  * need to override some of the default fallback binary filenames such that you
81  * can have both OpenMP-enabled and non-OpenMP fallback binaries that use the
82  * same CPU instruction set extensions.  You can do these overrides with
83  * options like -DOMP_FALLBACK_BINARY='"john-non-omp-non-avx"' (leaving
84  * CPU_FALLBACK_BINARY at its default of "john-non-avx") or
85  * -DOMP_FALLBACK_BINARY='"john-sse2"' and
86  * -DCPU_FALLBACK_BINARY='"john-omp-sse2"' as fallbacks from an OpenMP-enabled
87  * -avx build.  Please note that you do not need to patch any John files for
88  * this, not even the Makefile.  For an example of passing these settings from
89  * an RPM spec file, please refer to john.spec used in Owl.
90  *
91  * "$JOHN" is supposed to be expanded at runtime.  Please do not replace
92  * it with a specific path, neither in this file nor in the default
93  * john.conf, if at all possible.
94  *
95  * Please also note that there is a make target for bash-completion.
96  */
97 
98 /*
99  * Is this a system-wide installation?  *BSD "ports" and Linux distributions
100  * will want to set this to 1 for their builds of John - please refer to the
101  * notes above.
102  */
103 #ifndef JOHN_SYSTEMWIDE
104 #define JOHN_SYSTEMWIDE			0
105 #endif
106 
107 #if JOHN_SYSTEMWIDE
108 #ifndef JOHN_SYSTEMWIDE_EXEC /* please refer to the notes above */
109 #define JOHN_SYSTEMWIDE_EXEC		"/usr/local/libexec/john"
110 #endif
111 #ifndef JOHN_SYSTEMWIDE_HOME
112 #define JOHN_SYSTEMWIDE_HOME		"/usr/local/share/john"
113 #endif
114 #define JOHN_PRIVATE_HOME		"~/.john"
115 #endif
116 
117 #ifndef OMP_FALLBACK
118 #define OMP_FALLBACK			0
119 #endif
120 
121 #if OMP_FALLBACK && !defined(OMP_FALLBACK_BINARY)
122 #define OMP_FALLBACK_BINARY		"john-non-omp"
123 #endif
124 
125 /*
126  * Crash recovery file format version strings.
127  */
128 #define RECOVERY_V0			"REC0"
129 #define RECOVERY_V1			"REC1"
130 #define RECOVERY_V2			"REC2"
131 #define RECOVERY_V3			"REC3"
132 #define RECOVERY_V4			"REC4"
133 #define RECOVERY_V			RECOVERY_V4
134 
135 /*
136  * Charset file format version string.
137  */
138 #define CHARSET_V3			"CHR3"
139 #define CHARSET_V			CHARSET_V3
140 
141 /*
142  * Timer interval in seconds.
143  */
144 #define TIMER_INTERVAL			1
145 
146 /*
147  * Default crash recovery file saving delay in timer intervals.
148  */
149 #define TIMER_SAVE_DELAY		(600 / TIMER_INTERVAL)
150 
151 /*
152  * Default benchmark time in seconds (per cracking algorithm).
153  */
154 #define BENCHMARK_TIME			1
155 
156 /*
157  * Number of salts to assume when benchmarking.
158  */
159 #define BENCHMARK_MANY			0x100
160 
161 /*
162  * File names.
163  */
164 #ifdef __DJGPP__
165 #define CFG_FULL_NAME			"$JOHN/john.ini"
166 #else
167 #define CFG_FULL_NAME			"$JOHN/john.conf"
168 #endif
169 #if JOHN_SYSTEMWIDE
170 #ifdef __DJGPP__
171 #define CFG_PRIVATE_FULL_NAME		JOHN_PRIVATE_HOME "/john.ini"
172 #else
173 #define CFG_PRIVATE_FULL_NAME		JOHN_PRIVATE_HOME "/john.conf"
174 #endif
175 #define POT_NAME			JOHN_PRIVATE_HOME "/john.pot"
176 #define SEC_POT_NAME			JOHN_PRIVATE_HOME "/secure.pot"
177 #define LOG_NAME			JOHN_PRIVATE_HOME "/john.log"
178 #define RECOVERY_NAME			JOHN_PRIVATE_HOME "/john"
179 #else
180 #define POT_NAME			"$JOHN/john.pot"
181 #define SEC_POT_NAME			"$JOHN/secure.pot"
182 #define LOG_NAME			"$JOHN/john.log"
183 #define RECOVERY_NAME			"$JOHN/john"
184 #endif
185 #define LOG_SUFFIX			".log"
186 #define RECOVERY_SUFFIX			".rec"
187 #define WORDLIST_NAME			"$JOHN/password.lst"
188 
189 /*
190  * Configuration file section names.
191  */
192 #define SECTION_OPTIONS			"Options"
193 #define SUBSECTION_MPI			":MPI"
194 #define SECTION_RULES			"List.Rules:"
195 #define SUBSECTION_SINGLE		"Single"
196 #define SUBSECTION_WORDLIST		"Wordlist"
197 #define SECTION_INC			"Incremental:"
198 #define SECTION_EXT			"List.External:"
199 #define SECTION_DEBUG			"Debug"
200 #define SECTION_MARKOV			"Markov:"
201 #define SECTION_PRINCE			"PRINCE"
202 #define SECTION_DISABLED		"Disabled:"
203 #define SUBSECTION_FORMATS		"Formats"
204 #define SECTION_FORMATS			"Formats:"
205 
206 /*
207  * Number of different password hash table sizes.
208  * This is not really configurable, but we define it here in order to have
209  * the number hard-coded in fewer places.
210  */
211 #define PASSWORD_HASH_SIZES		7
212 
213 /*
214  * Which hash table size (out of those listed below) the loader should use for
215  * its own purposes.  This does not affect password cracking speed after the
216  * loading is complete.
217  */
218 #define PASSWORD_HASH_SIZE_FOR_LDR	4
219 
220 /*
221  * Hash table sizes.  These may also be hardcoded into the hash functions.
222  */
223 #define SALT_HASH_LOG			20
224 #define SALT_HASH_SIZE			(1 << SALT_HASH_LOG)
225 #define PASSWORD_HASH_SIZE_0		0x100
226 #define PASSWORD_HASH_SIZE_1		0x1000
227 #define PASSWORD_HASH_SIZE_2		0x10000
228 #define PASSWORD_HASH_SIZE_3		0x100000
229 #define PASSWORD_HASH_SIZE_4		0x1000000
230 #define PASSWORD_HASH_SIZE_5		0x8000000
231 #define PASSWORD_HASH_SIZE_6		0x40000000
232 
233 #define PH_MASK_0			(PASSWORD_HASH_SIZE_0 - 1)
234 #define PH_MASK_1			(PASSWORD_HASH_SIZE_1 - 1)
235 #define PH_MASK_2			(PASSWORD_HASH_SIZE_2 - 1)
236 #define PH_MASK_3			(PASSWORD_HASH_SIZE_3 - 1)
237 #define PH_MASK_4			(PASSWORD_HASH_SIZE_4 - 1)
238 #define PH_MASK_5			(PASSWORD_HASH_SIZE_5 - 1)
239 #define PH_MASK_6			(PASSWORD_HASH_SIZE_6 - 1)
240 
241 /*
242  * Password hash table thresholds.  These are the counts of entries required
243  * to enable the corresponding bitmap size.  The corresponding hash table size
244  * may be smaller as determined by PASSWORD_HASH_SHR.
245  */
246 #define PASSWORD_HASH_THRESHOLD_0	3
247 #define PASSWORD_HASH_THRESHOLD_1	(PASSWORD_HASH_SIZE_0 / 25)
248 #define PASSWORD_HASH_THRESHOLD_2	(PASSWORD_HASH_SIZE_1 / 20)
249 #define PASSWORD_HASH_THRESHOLD_3	(PASSWORD_HASH_SIZE_2 / 10)
250 #define PASSWORD_HASH_THRESHOLD_4	(PASSWORD_HASH_SIZE_3 / 10)
251 #define PASSWORD_HASH_THRESHOLD_5	(PASSWORD_HASH_SIZE_4 / 10)
252 #define PASSWORD_HASH_THRESHOLD_6	(PASSWORD_HASH_SIZE_5 / 35)
253 
254 /*
255  * Tables of the above values.
256  */
257 extern unsigned int password_hash_sizes[PASSWORD_HASH_SIZES];
258 extern unsigned int password_hash_thresholds[PASSWORD_HASH_SIZES];
259 
260 /*
261  * How much smaller should the hash tables be than bitmaps in terms of entry
262  * count.  Setting this to 0 will result in them having the same number of
263  * entries, 1 will make the hash tables twice smaller than bitmaps, etc.
264  * 5 or 6 will make them the same size in bytes on systems with 32-bit or
265  * 64-bit pointers, respectively.
266  */
267 #if ARCH_BITS >= 64
268 /* Up to 128 MiB bitmap, 2 GiB hash table assuming 64-bit pointers */
269 #define PASSWORD_HASH_SHR		2
270 #else
271 /* Up to 128 MiB bitmap, 512 MiB hash table assuming 32-bit pointers */
272 #define PASSWORD_HASH_SHR		3
273 #endif
274 
275 /*
276  * Cracked password hash size, used while loading.
277  */
278 #define CRACKED_HASH_LOG		25
279 #define CRACKED_HASH_SIZE		(1 << CRACKED_HASH_LOG)
280 
281 /*
282  * Type to use for single keys buffer. This and max_length affect how large
283  * a single mode batch can be, i.e. (SINGLE_BUF_MAX / max_length + 1).
284  * So using 16-bit integer and length 16, we can't use a larger KPC than
285  * 4096. This is typically too small for OpenCL formats and even some multi-
286  * core CPU platforms.
287  *
288  * Using 32-bit types, the real limit will be amount of available RAM and
289  * the setting of SingleMaxBufferSize in john.conf (default 4 GB).
290  *
291  * Current code tries to decrease max_length (but no more than to 16) before
292  * limiting KPC for number of salts vs. SINGLE_MAX_WORD_BUFFER (and both are
293  * capped if needed).
294  */
295 #if HAVE_OPENCL
296 /* Max. 2 GB memory buffer per salt. */
297 #define SINGLE_KEYS_TYPE		int32_t
298 #define SINGLE_KEYS_UTYPE		uint32_t
299 #define SINGLE_IDX_MAX			(INT32_MAX + 1U)
300 #define SINGLE_BUF_MAX			UINT32_MAX
301 #elif _OPENMP || HAVE_ZTEX
302 /* Max. 32K KPC. Roughly half the memory footprint compared to the above. */
303 #define SINGLE_KEYS_TYPE		int16_t
304 #define SINGLE_KEYS_UTYPE		uint32_t
305 #define SINGLE_IDX_MAX			0x8000
306 #define SINGLE_BUF_MAX			UINT32_MAX
307 #else
308 /* Original John proper settings: Max. 32K KPC and max. 64 KB memory buffer. */
309 #define SINGLE_KEYS_TYPE		int16_t
310 #define SINGLE_KEYS_UTYPE		uint16_t
311 #define SINGLE_IDX_MAX			0x8000
312 #define SINGLE_BUF_MAX			0xffff
313 #endif
314 
315 /*
316  * Buffered keys hash size, used for "single crack" mode.
317  */
318 #if HAVE_OPENCL
319 #define SINGLE_HASH_LOG			15
320 #elif _OPENMP && DES_BS && !DES_BS_ASM
321 #define SINGLE_HASH_LOG			10
322 #else
323 #define SINGLE_HASH_LOG			7
324 #endif
325 #define SINGLE_HASH_SIZE		(1 << SINGLE_HASH_LOG)
326 
327 /*
328  * Minimum buffered keys hash size, used if min_keys_per_crypt is even less.
329  */
330 #define SINGLE_HASH_MIN			8
331 
332 /*
333  * Shadow file entry hash table size, used by unshadow.
334  */
335 #define SHADOW_HASH_LOG			18
336 #define SHADOW_HASH_SIZE		(1 << SHADOW_HASH_LOG)
337 
338 /*
339  * Hash and buffer sizes for unique.
340  */
341 #if ARCH_BITS >= 64
342 #define UNIQUE_HASH_LOG			25
343 #define UNIQUE_BUFFER_SIZE		0x80000000U
344 #else
345 #define UNIQUE_HASH_LOG			24
346 #define UNIQUE_BUFFER_SIZE		0x40000000
347 #endif
348 #define UNIQUE_HASH_SIZE		(1 << UNIQUE_HASH_LOG)
349 #define UNIQUE_AVG_LEN			64
350 
351 /*
352  * Maximum number of GECOS words per password to load.
353  */
354 #define LDR_WORDS_MAX			60
355 
356 /*
357  * Maximum number of partial hash collisions in a db->password_hash[] bucket.
358  * If this limit is hit, we print a warning and disable detection of duplicate
359  * hashes (since it could be too slow).
360  */
361 #define LDR_HASH_COLLISIONS_MAX		1000
362 
363 /*
364  * How many bitmap entries should the cracker prefetch at once.  Set this to 0
365  * to disable prefetching.
366  */
367 #ifdef __SSE__
368 #define CRK_PREFETCH			64
369 #else
370 #define CRK_PREFETCH			0
371 #endif
372 
373 /*
374  * How many warnings about suboptimal batch size to emit before suppressing
375  * further ones. (You can override this figure with MaxKPCWarnings in
376  * john.conf, or use -v to decrease verbosity).
377  */
378 #define CRK_KPC_WARN			10
379 
380 /*
381  * Maximum number of GECOS words to try in pairs. This is automagically
382  * increased when using global seed words, and/or when running accelerated
383  * formats (OpenCL, ZTEX) or OpenMP with many threads.
384  */
385 #define SINGLE_WORDS_PAIR_MAX		6
386 
387 /*
388  * Maximum buffer size used for words, in GB. This can be increased in
389  * john.conf.
390  * If running fork this is the total used by this session (size is divided by
391  * number of forks). If running MPI, we try to determine the number of
392  * local processes on each node and divide it accordingly.
393  */
394 #define SINGLE_MAX_WORD_BUFFER		4
395 
396 /*
397  * Charset parameters.
398  *
399  * Please note that changes to these parameters make your build of John
400  * incompatible with charset files generated with other builds.
401  */
402 #define CHARSET_MIN			0x01
403 #define CHARSET_MAX			0xff
404 #define CHARSET_LENGTH			24
405 
406 /*
407  * Compiler parameters.
408  */
409 #define C_TOKEN_SIZE			0x100
410 #define C_UNGET_SIZE			(C_TOKEN_SIZE + 4)
411 #define C_EXPR_SIZE			0x100
412 #define C_STACK_SIZE			((C_EXPR_SIZE + 4) * 4)
413 #define C_ARRAY_SIZE			0x1000000
414 #define C_DATA_SIZE			0x8000000
415 
416 /*
417  * Buffer size for rules. This is 4x in jumbo, for \xhh notation.
418  */
419 #define RULE_BUFFER_SIZE		0x400
420 
421 /*
422  * Maximum number of character ranges for rules.
423  */
424 #define RULE_RANGES_MAX			30
425 
426 /*
427  * Buffer size for words while applying rules, should be at least as large
428  * as PLAINTEXT_BUFFER_SIZE.
429  */
430 #define RULE_WORD_SIZE			0x80
431 
432 /*
433  * By default we mute some rules logging in pipe mode, if number of rules
434  * (after PP and dupe rule suppression) is larger than this threshold.
435  */
436 #define RULES_MUTE_THR			1000
437 
438 /*
439  * Buffer size for plaintext passwords.
440  */
441 #define PLAINTEXT_BUFFER_SIZE		0x80
442 
443 /*
444  * Buffer size for fgets().
445  */
446 #define LINE_BUFFER_SIZE		0x400
447 
448 /*
449  * Max. ciphertext size that's sure to fit a line when cleartext field
450  * is added.
451  */
452 #define MAX_CIPHERTEXT_SIZE	(LINE_BUFFER_SIZE - PLAINTEXT_BUFFER_SIZE)
453 
454 /*
455  * We trim ciphertext being stored into the .pot file for all CTs >
456  * MAX_CIPHERTEXT_SIZE.  We truncate, and then append a hash of the
457  * full ciphertext. 13 is length of tag, 32 is length of MD5 hex hash.
458  */
459 #define POT_BUFFER_CT_TRIM_SIZE		(MAX_CIPHERTEXT_SIZE - 13 - 32)
460 
461 /*
462  * john.pot and log file buffer sizes, can be zero.
463  */
464 #define POT_BUFFER_SIZE			0x100000
465 #define LOG_BUFFER_SIZE			0x100000
466 
467 /*
468  * Buffer size for path names.
469  */
470 #ifdef PATH_MAX
471 #define PATH_BUFFER_SIZE		PATH_MAX
472 #else
473 #define PATH_BUFFER_SIZE		0x400
474 #endif
475 
476 /* Markov mode stuff */
477 #define MAX_MKV_LVL 400
478 #define MAX_MKV_LEN 30
479 
480 /* Default maximum size of wordlist memory buffer. */
481 #if ARCH_BITS > 32
482 #define WORDLIST_BUFFER_DEFAULT		0x80000000U
483 #else
484 #define WORDLIST_BUFFER_DEFAULT		0x40000000
485 #endif
486 
487 /* Number of custom Mask placeholders */
488 #define MAX_NUM_CUST_PLHDR		9
489 
490 /* Verbosity level. Higher is more chatty. */
491 #define VERB_DEBUG			6
492 #define VERB_MAX			5
493 #define VERB_LEGACY			4
494 #define VERB_DEFAULT			3
495 
496 #endif
497