1 /*
2 * This file is part of John the Ripper password cracker,
3 * Copyright (c) 1996-2001,2006,2008,2010-2013,2015 by Solar Designer
4 */
5
6 #include <stdint.h>
7 #include <stdio.h>
8 #include <string.h>
9
10 #include "params.h"
11 #include "memory.h"
12 #include "formats.h"
13 #include "dyna_salt.h"
14 #include "misc.h"
15 #include "unicode.h"
16 #include "base64_convert.h"
17 #ifndef BENCH_BUILD
18 #include "options.h"
19 #include "loader.h"
20 #endif
21 #include "john.h"
22
23 /* this is just for advance_cursor() */
24 #include "opencl_common.h"
25 #include "jumbo.h"
26 #include "bench.h"
27 #include "omp_autotune.h"
28
29 char fmt_null_key[PLAINTEXT_BUFFER_SIZE];
30
31 struct fmt_main *fmt_list = NULL;
32 static struct fmt_main **fmt_tail = &fmt_list;
33 static char *buf_key;
34
35 int fmt_raw_len;
36
37 int self_test_running;
38 int benchmark_running;
39
40 #ifndef BENCH_BUILD
41 static int orig_min, orig_max, orig_len;
42
43 static void test_fmt_split_unifies_case_4(struct fmt_main *format, char *ciphertext, int *is_split_unifies_case, int call_cnt);
44 static void test_fmt_split_unifies_case_3(struct fmt_main *format,
45 char *ciphertext, int *has_change_case, int *is_need_unify_case);
46 static void test_fmt_split_unifies_case(struct fmt_main *format, char *ciphertext, int *is_split_unifies_case, int call_cnt);
47 static void get_longest_common_string(char *fstr, char *sstr, int *first_index,
48 int *second_index, int *size);
49 static void test_fmt_8_bit(struct fmt_main *format, void *binary,
50 char *ciphertext, char *plaintext, int *is_ignore_8th_bit,
51 int *plaintext_is_blank, struct db_salt *dbsalt);
52 static void test_fmt_case(struct fmt_main *format, void *binary,
53 char *ciphertext, char* plaintext, int *is_case_sensitive,
54 int *plaintext_has_alpha, struct db_salt *dbsalt);
55 #endif
56
fmt_register(struct fmt_main * format)57 void fmt_register(struct fmt_main *format)
58 {
59 format->private.initialized = 0;
60 format->next = NULL;
61 *fmt_tail = format;
62 fmt_tail = &format->next;
63 }
64
fmt_init(struct fmt_main * format)65 void fmt_init(struct fmt_main *format)
66 {
67 if (!buf_key)
68 buf_key = mem_alloc_tiny(PLAINTEXT_BUFFER_SIZE, MEM_ALIGN_SIMD);
69
70 if (!format->private.initialized) {
71 #ifndef BENCH_BUILD
72 if (options.flags & FLG_LOOPTEST) {
73 orig_min = format->params.min_keys_per_crypt;
74 orig_max = format->params.max_keys_per_crypt;
75 orig_len = format->params.plaintext_length;
76 }
77 #endif
78 if (!fmt_raw_len)
79 fmt_raw_len = format->params.plaintext_length;
80 format->methods.init(format);
81 #ifndef BENCH_BUILD
82 /* NOTE, we have to grab these values (the first time), from after
83 the format has been initialized for thin dynamic formats */
84 if (options.flags & FLG_LOOPTEST && orig_len == 0 && format->params.plaintext_length) {
85 orig_min = format->params.min_keys_per_crypt;
86 orig_max = format->params.max_keys_per_crypt;
87 orig_len = format->params.plaintext_length;
88 }
89 #endif
90 if (john_main_process && !bench_or_test_running &&
91 #ifndef BENCH_BUILD
92 !options.listconf && options.target_enc != UTF_8 &&
93 #endif
94 format->params.flags & FMT_UTF8)
95 fprintf(stderr, "Warning: %s format should always be "
96 "UTF-8. Use --target-encoding=utf8\n",
97 format->params.label);
98
99 format->private.initialized = 1;
100 }
101 #ifndef BENCH_BUILD
102 if (options.flags & FLG_KEEP_GUESSING)
103 format->params.flags |= FMT_NOT_EXACT;
104
105 if (options.force_maxkeys) {
106 if (options.force_maxkeys > format->params.max_keys_per_crypt) {
107 fprintf(stderr,
108 "Can't set mkpc larger than %u for %s format\n",
109 format->params.max_keys_per_crypt,
110 format->params.label);
111 error();
112 }
113 if (options.force_maxkeys < format->params.min_keys_per_crypt)
114 format->params.min_keys_per_crypt =
115 options.force_maxkeys;
116 }
117 if (!(options.flags & FLG_LOOPBACK_CHK) &&
118 options.req_maxlength > format->params.plaintext_length) {
119 fprintf(stderr, "Can't set max length larger than %u "
120 "for %s format\n",
121 format->params.plaintext_length,
122 format->params.label);
123 error();
124 }
125 #endif
126 }
127
fmt_done(struct fmt_main * format)128 void fmt_done(struct fmt_main *format)
129 {
130 if (format->private.initialized) {
131 format->methods.done();
132 format->private.initialized = 0;
133 #ifdef HAVE_OPENCL
134 opencl_done();
135 #endif
136 #ifndef BENCH_BUILD
137 if (options.flags & FLG_LOOPTEST) {
138 format->params.min_keys_per_crypt = orig_min;
139 format->params.max_keys_per_crypt = orig_max;
140 format->params.plaintext_length = orig_len;
141 }
142 #endif
143
144 }
145 fmt_raw_len = 0;
146 }
147
fmt_all_done(void)148 void fmt_all_done(void)
149 {
150 struct fmt_main *format = fmt_list;
151
152 while (format) {
153 if (format->private.initialized) {
154 format->methods.done();
155 format->private.initialized = 0;
156 }
157 format = format->next;
158 }
159 #ifdef HAVE_OPENCL
160 opencl_done();
161 #endif
162 }
163
is_poweroftwo(size_t align)164 static int is_poweroftwo(size_t align)
165 {
166 return align != 0 && (align & (align - 1)) == 0;
167 }
168
169 #undef is_aligned /* clash with common.h */
is_aligned(void * p,size_t align)170 static int is_aligned(void *p, size_t align)
171 {
172 return ((size_t)p & (align - 1)) == 0;
173 }
174
175 /* Mutes ASan problems. We pass a buffer long enough for any use */
176 #define fmt_set_key(key, index) \
177 { \
178 char *s = key, *d = buf_key; \
179 while ((*d++ = *s++)); \
180 format->methods.set_key(buf_key, index); \
181 }
182
183 #define MAXLABEL "3133731337" /* must be non-letter ASCII chars only */
184 #define MAXLABEL_SIMD "80808080\x80" /* Catch a common bug */
longcand(struct fmt_main * format,int index,int ml)185 static char *longcand(struct fmt_main *format, int index, int ml)
186 {
187 static char out[PLAINTEXT_BUFFER_SIZE];
188 int i;
189
190 for (i = 0; i < ml; ++i)
191 out[i] = '0' + (i+index)%10;
192
193 if (!(format->params.flags & FMT_8_BIT) ||
194 #ifndef BENCH_BUILD
195 !(format->params.flags & FMT_CASE) || options.target_enc == UTF_8
196 #else
197 !(format->params.flags & FMT_CASE)
198 #endif
199 )
200 memcpy(out, MAXLABEL, strlen(MAXLABEL));
201 else
202 memcpy(out, MAXLABEL_SIMD, strlen(MAXLABEL_SIMD));
203 out[ml] = 0;
204
205 return out;
206 }
207
208 #ifndef BENCH_BUILD
is_key_right(struct fmt_main * format,int index,void * binary,char * ciphertext,char * plaintext,int is_test_fmt_case,struct db_salt * dbsalt)209 static char* is_key_right(struct fmt_main *format, int index,
210 void *binary, char *ciphertext, char *plaintext,
211 int is_test_fmt_case, struct db_salt *dbsalt)
212 {
213 static char err_buf[200];
214 int i, size, count, match, len;
215 char *key;
216
217 if (is_test_fmt_case && index != 0)
218 return "index should be 0 when test_fmt_case";
219
220 count = index + 1;
221 match = format->methods.crypt_all(&count, dbsalt);
222
223 if ((match && !format->methods.cmp_all(binary, match)) ||
224 (!match && format->methods.cmp_all(binary, match))) {
225 if (options.verbosity > VERB_LEGACY)
226 snprintf(err_buf, sizeof(err_buf), "cmp_all(%d) %s", match, ciphertext);
227 else
228 sprintf(err_buf, "cmp_all(%d)", match);
229 return err_buf;
230 }
231
232 for (i = match - 1; i >= 0; i--) {
233 if (format->methods.cmp_one(binary, i))
234 break;
235 }
236
237 if (i == -1) {
238 if (options.verbosity > VERB_LEGACY)
239 snprintf(err_buf, sizeof(err_buf), "cmp_one(%d) %s", match, ciphertext);
240 else
241 sprintf(err_buf, "cmp_one(%d)", match);
242 return err_buf;
243 }
244
245 for (size = 0; size < PASSWORD_HASH_SIZES; size++)
246 if (format->methods.binary_hash[size] &&
247 format->methods.get_hash[size](i) !=
248 format->methods.binary_hash[size](binary)) {
249 if (options.verbosity > VERB_LEGACY) {
250 // Dump out as much as possible (up to 3 full bytes). This can
251 // help in trying to track down problems, like needing to SWAP
252 // the binary or other issues, when doing BE ports. Here
253 // PASSWORD_HASH_SIZES is assumed to be 7. This loop will max
254 // out at 6, in that case (i.e. 3 full bytes).
255 int maxi=size;
256 while (maxi+2 < PASSWORD_HASH_SIZES && format->methods.binary_hash[maxi]) {
257 if (format->methods.binary_hash[++maxi] == NULL) {
258 --maxi;
259 break;
260 }
261 }
262 if (format->methods.get_hash[maxi] && format->methods.binary_hash[maxi])
263 sprintf(err_buf, "get_hash[%d](%d) %x!=%x %s", size, index,
264 format->methods.get_hash[maxi](index),
265 format->methods.binary_hash[maxi](binary),
266 ciphertext);
267 else
268 sprintf(err_buf, "get_hash[%d](%d) %x!=%x %s", size,
269 index, format->methods.get_hash[size](index),
270 format->methods.binary_hash[size](binary),
271 ciphertext);
272 } else
273 {
274 sprintf(err_buf, "get_hash[%d](%d) %x!=%x", size,
275 index, format->methods.get_hash[size](index),
276 format->methods.binary_hash[size](binary));
277 }
278 return err_buf;
279 }
280
281 if (!format->methods.cmp_exact(ciphertext, i)) {
282 if (options.verbosity > VERB_LEGACY)
283 snprintf(err_buf, sizeof(err_buf), "cmp_exact(%d) %s", match, ciphertext);
284 else
285 sprintf(err_buf, "cmp_exact(%d)", i);
286 return err_buf;
287 }
288
289 key = format->methods.get_key(i);
290 len = strlen(key);
291
292 if (len < format->params.plaintext_min_length ||
293 len > format->params.plaintext_length) {
294 if (options.verbosity > VERB_LEGACY)
295 snprintf(err_buf, sizeof(err_buf), "The length of string returned by get_key() is %d "
296 "but should be between plaintext_min_length=%d and plaintext_length=%d %s",
297 len, format->params.plaintext_min_length,
298 format->params.plaintext_length, key);
299 else
300 sprintf(err_buf, "The length of string returned by get_key() is %d "
301 "but should be between plaintext_min_length=%d and plaintext_length=%d",
302 len, format->params.plaintext_min_length,
303 format->params.plaintext_length);
304 return err_buf;
305 }
306
307 if (is_test_fmt_case)
308 return NULL;
309
310 if (format->params.flags & FMT_CASE) {
311 // Case-sensitive passwords
312 if (strncmp(key, plaintext, format->params.plaintext_length)) {
313 if (options.verbosity > VERB_LEGACY)
314 snprintf(err_buf, sizeof(err_buf), "get_key(%d) (case) %s %s", i, key, plaintext);
315 else
316 sprintf(err_buf, "get_key(%d)", i);
317 return err_buf;
318 }
319 } else {
320 // Case-insensitive passwords
321 if (strncasecmp(key, plaintext,
322 format->params.plaintext_length)) {
323 if (options.verbosity > VERB_LEGACY)
324 snprintf(err_buf, sizeof(err_buf), "get_key(%d) (no case) %s %s", i, key, plaintext);
325 else
326 sprintf(err_buf, "get_key(%d)", i);
327 return err_buf;
328 }
329 }
330
331 return NULL;
332 }
333 #endif
334
fmt_self_test_body(struct fmt_main * format,void * binary_copy,void * salt_copy,struct db_main * db,int full_lvl)335 static char *fmt_self_test_body(struct fmt_main *format,
336 void *binary_copy, void *salt_copy, struct db_main *db, int full_lvl)
337 {
338 static char s_size[200];
339 #ifndef BENCH_BUILD
340 char *ret;
341 #endif
342 struct fmt_tests *current;
343 char *ciphertext, *plaintext;
344 int ntests, done, index, max, size;
345 void *binary, *salt;
346 int binary_align_warned = 0, salt_align_warned = 0;
347 int salt_cleaned_warned = 0, binary_cleaned_warned = 0;
348 int salt_dupe_warned = 0, i;
349 #ifndef BENCH_BUILD
350 int cnt_split_unifies_case = 0;// just in case only the last test case unifies.
351 int dhirutest = 0;
352 int maxlength = 0;
353 int extra_tests = options.flags & FLG_TEST_CHK;
354 #else
355 int extra_tests = 0;
356 #endif
357 int ml, sl = 0;
358 int plaintext_has_alpha = 0; // Does plaintext has alphabet: a-z A-Z
359 int is_case_sensitive = 0; // Is password case sensitive, FMT_CASE
360 int plaintext_is_blank = 1; // Is plaintext blank ""
361 int is_ignore_8th_bit = 1; // Is ignore 8th bit, FMT_8_BIT
362 int is_split_unifies_case = 0; // Is split() unifies case
363 int is_split_unifies_case_4 = 0;
364 int is_change_case = 0; // Is change cases of ciphertext and it is valid
365 int is_need_unify_case = 1; // Is need to unify cases in split()
366 int fmt_split_case = ((format->params.flags & FMT_SPLIT_UNIFIES_CASE)==FMT_SPLIT_UNIFIES_CASE);
367 int while_condition; // since -test and -test-full use very do{}while(cond) so we use a var.
368 #ifndef BENCH_BUILD
369 struct db_salt *dbsalt;
370 #endif
371
372 // validate that there are no NULL function pointers
373 if (format->methods.prepare == NULL) return "method prepare NULL";
374 if (format->methods.valid == NULL) return "method valid NULL";
375 if (format->methods.split == NULL) return "method split NULL";
376 if (format->methods.init == NULL) return "method init NULL";
377
378 (void)size; // quiet stupid warning.
379
380 /*
381 * Test each format just once unless we're debugging.
382 */
383 #ifndef DEBUG
384 if (format->private.initialized == 2)
385 return NULL;
386 #endif
387 #if defined(HAVE_OPENCL)
388 if (strcasestr(format->params.label, "-opencl") &&
389 !strstr(format->params.label, "-opencl")) {
390 return "-opencl suffix must be lower case";
391 }
392 #endif
393 #ifndef BENCH_BUILD
394 if (options.flags & FLG_NOTESTS) {
395 self_test_running = 0;
396 fmt_init(format);
397 dyna_salt_init(format);
398 if (db->real) {
399 omp_autotune_run(db->real);
400 format->methods.reset(db->real);
401 } else {
402 omp_autotune_run(db);
403 format->methods.reset(db);
404 }
405 format->private.initialized = 2;
406 format->methods.clear_keys();
407 return NULL;
408 }
409 #endif
410
411 if (!(current = format->params.tests)) return NULL;
412 ntests = 0;
413 while ((current++)->ciphertext)
414 ntests++;
415 current = format->params.tests;
416 #if defined (_MSC_VER) && !defined (BENCH_BUILD)
417 if (current->ciphertext[0] == 0 &&
418 !strcasecmp(format->params.label, "LUKS")) {
419 // luks has a string that is longer than the 64k max string length of
420 // VC. So to get it to work, we post load the the test value.
421 void LUKS_test_fixup();
422 LUKS_test_fixup();
423 current = format->params.tests;
424 }
425 #endif
426
427 if (ntests == 0)
428 return NULL;
429
430 /* Check prepare, valid, split before init */
431 if (!current->fields[1])
432 current->fields[1] = current->ciphertext;
433 ciphertext = format->methods.prepare(current->fields, format);
434 if (!ciphertext || strlen(ciphertext) < 7)
435 return "prepare (before init)";
436 if (format->methods.valid(ciphertext, format) != 1)
437 return "valid (before init)";
438 if (!format->methods.split(ciphertext, 0, format))
439 return "split() returned NULL (before init)";
440 fmt_init(format);
441
442 // validate that there are no NULL function pointers after init()
443 if (format->methods.done == NULL) return "method done NULL";
444 if (format->methods.reset == NULL) return "method reset NULL";
445 if (format->methods.binary == NULL) return "method binary NULL";
446 if (format->methods.salt == NULL) return "method salt NULL";
447 if (format->methods.source == NULL) return "method source NULL";
448 if (!format->methods.binary_hash[0]) return "method binary_hash[0] NULL";
449 if (format->methods.salt_hash == NULL) return "method salt_hash NULL";
450 if (format->methods.set_salt == NULL) return "method set_salt NULL";
451 if (format->methods.set_key == NULL) return "method set_key NULL";
452 if (format->methods.get_key == NULL) return "method get_key NULL";
453 if (format->methods.clear_keys == NULL) return "method clear_keys NULL";
454 if (format->methods.crypt_all == NULL) return "method crypt_all NULL";
455 if (format->methods.get_hash[0]==NULL) return "method get_hash[0] NULL";
456 if (format->methods.cmp_all == NULL) return "method cmp_all NULL";
457 if (format->methods.cmp_one == NULL) return "method cmp_one NULL";
458 if (format->methods.cmp_exact == NULL) return "method cmp_exact NULL";
459
460 if (format->params.plaintext_length < 1 ||
461 format->params.plaintext_length > PLAINTEXT_BUFFER_SIZE - 3)
462 return "plaintext_length";
463
464 if (format->params.benchmark_length < 0 ||
465 (format->params.benchmark_length & 0xff) <
466 format->params.plaintext_min_length ||
467 (format->params.benchmark_length & 0xff) >
468 format->params.plaintext_length)
469 return "benchmark_length";
470
471 if (!is_poweroftwo(format->params.binary_align))
472 return "binary_align";
473
474 if (!is_poweroftwo(format->params.salt_align))
475 return "salt_align";
476
477 if (format->methods.valid("*", format))
478 return "valid";
479
480 if (format->methods.source != fmt_default_source &&
481 format->params.salt_size != 0)
482 return "source method only allowed for unsalted formats";
483
484 if (format->params.flags & FMT_HUGE_INPUT) {
485 for (size = 0; size < PASSWORD_HASH_SIZES; size++) {
486 if (format->methods.binary_hash[size] &&
487 format->methods.binary_hash[size] !=
488 fmt_default_binary_hash)
489 return "binary_hash method not allowed for FMT_HUGE_INPUT";
490 if (format->methods.get_hash[size] &&
491 format->methods.get_hash[size] !=
492 fmt_default_get_hash)
493 return "get_hash method not allowed for FMT_HUGE_INPUT";
494 }
495 }
496
497 ml = format->params.plaintext_length;
498 #ifndef BENCH_BUILD
499 /* UTF-8 bodge in reverse. Otherwise we will get truncated keys back
500 from the max-length self-test */
501 if ((options.target_enc == UTF_8) &&
502 (format->params.flags & FMT_ENC) &&
503 (format->params.flags & FMT_UNICODE))
504 ml /= 3;
505
506 omp_autotune_run(db);
507 #endif
508
509 format->methods.reset(db);
510 dyna_salt_init(format);
511
512 if ((format->methods.split == fmt_default_split) &&
513 (format->params.flags & FMT_SPLIT_UNIFIES_CASE))
514 return "FMT_SPLIT_UNIFIES_CASE";
515
516 if ((format->params.flags & FMT_OMP_BAD) &&
517 !(format->params.flags & FMT_OMP))
518 return "FMT_OMP_BAD";
519
520 if ((format->params.flags & FMT_ENC) &&
521 !(format->params.flags & FMT_UNICODE))
522 return "FMT_ENC without FMT_UNICODE";
523
524 if ((format->params.flags & FMT_ENC) &&
525 !(format->params.flags & FMT_8_BIT))
526 return "FMT_ENC without FMT_8_BIT";
527
528 if ((format->params.flags & FMT_UTF8) &&
529 !(format->params.flags & FMT_8_BIT))
530 return "FMT_UTF8 without FMT_8_BIT";
531
532 if ((format->params.flags & FMT_UNICODE) &&
533 !(format->params.flags & FMT_8_BIT))
534 return "FMT_UNICODE without FMT_8_BIT";
535
536 if ((format->methods.binary == fmt_default_binary) &&
537 (format->params.binary_size > 0))
538 puts("Warning: Using default binary() with a "
539 "non-zero BINARY_SIZE");
540
541 if ((format->methods.salt == fmt_default_salt) &&
542 (format->params.salt_size > 0))
543 puts("Warning: Using default salt() with a non-zero SALT_SIZE");
544
545 if (format->params.min_keys_per_crypt < 1)
546 return "min keys per crypt";
547
548 if (format->params.max_keys_per_crypt < 1)
549 return "max keys per crypt";
550
551 if (format->params.max_keys_per_crypt <
552 format->params.min_keys_per_crypt)
553 return "max < min keys per crypt";
554
555 done = 0;
556 index = 0; max = format->params.max_keys_per_crypt;
557
558 do {
559 if (strnlen(current->ciphertext, LINE_BUFFER_SIZE) >
560 MAX_CIPHERTEXT_SIZE &&
561 !(format->params.flags & FMT_HUGE_INPUT))
562 return "Long test vector but not FMT_HUGE_INPUT";
563
564 if (!current->fields[1])
565 current->fields[1] = current->ciphertext;
566 ciphertext = format->methods.prepare(current->fields, format);
567 if (!ciphertext || (strcmp(format->params.label, "plaintext") &&
568 strlen(ciphertext) < 7))
569 return "prepare";
570 if (format->methods.valid(ciphertext, format) != 1) {
571 snprintf(s_size, sizeof(s_size), "valid (%s)", ciphertext);
572 return s_size;
573 }
574
575 #if !defined(BENCH_BUILD)
576 if (extra_tests && !dhirutest++ &&
577 strcmp(format->params.label, "plaintext") &&
578 strcmp(format->params.label, "dummy") &&
579 strcmp(format->params.label, "crypt")) {
580 if (*ciphertext == '$') {
581 char *p, *k = strdup(ciphertext);
582
583 p = k + 1;
584 while (*p) {
585 if (*p++ == '$') {
586 *p = 0;
587 // $tag$ only
588 if (format->methods.valid(k, format)) {
589 snprintf(s_size, sizeof(s_size), "promiscuous valid (%s)", k);
590 return s_size;
591 }
592 *p = '$';
593 while (*p)
594 *p++ = '$';
595 // $tag$$$$$$$$$$$$$$$$$$
596 if (format->methods.valid(k, format)) {
597 sprintf(s_size, "promiscuous valid");
598 return s_size;
599 }
600 break;
601 }
602 }
603 MEM_FREE(k);
604 }
605 }
606 if (full_lvl >= 0) {
607 // numerous tests. We need to 'merge' into 1, probably.
608 if (format->methods.split != fmt_default_split) {
609 if (!fmt_split_case && format->params.binary_size && is_need_unify_case)
610 test_fmt_split_unifies_case_3(format, ciphertext, &is_change_case, &is_need_unify_case);
611 test_fmt_split_unifies_case(format, ciphertext, &is_split_unifies_case, cnt_split_unifies_case);
612 test_fmt_split_unifies_case_4(format, ciphertext, &is_split_unifies_case_4, cnt_split_unifies_case);
613 ++cnt_split_unifies_case;
614 }
615 }
616 #endif
617
618 ciphertext = format->methods.split(ciphertext, 0, format);
619 if (!ciphertext)
620 return "split() returned NULL";
621
622 if (format->params.signature[0]) {
623 int i, error = 1;
624 for (i = 0; i < FMT_SIGNATURES && format->params.signature[i] && error; i++) {
625 error = strncmp(ciphertext, format->params.signature[i], strlen(format->params.signature[i]));
626 }
627 if (error) {
628 #if DEBUG
629 fprintf(stderr, "ciphertext:%s\n", ciphertext);
630 #endif
631 if (format->methods.split == fmt_default_split)
632 return "fmt_default_split() doesn't convert raw hashes";
633 else
634 return "split() doesn't add expected format tag";
635 }
636 }
637
638 plaintext = current->plaintext;
639
640 if (!sl)
641 sl = strlen(plaintext);
642 /*
643 * Make sure the declared binary_size and salt_size are sufficient to actually
644 * hold the binary ciphertexts and salts. We do this by copying the values
645 * returned by binary() and salt() only to the declared sizes.
646 */
647 if (!(binary = format->methods.binary(ciphertext)))
648 return "binary() returned NULL";
649 #if ARCH_ALLOWS_UNALIGNED
650 if (mem_saving_level <= 2 || format->params.binary_align >= MEM_ALIGN_SIMD)
651 #endif
652 if (!binary_align_warned &&
653 !is_aligned(binary, format->params.binary_align) &&
654 format->params.binary_size > 0) {
655 puts("Warning: binary() returned misaligned pointer");
656 binary_align_warned = 1;
657 }
658
659 /* validate that binary() returns cleaned buffer */
660 if (extra_tests && !binary_cleaned_warned && format->params.binary_size) {
661 memset(binary, 0xAF, format->params.binary_size);
662 binary = format->methods.binary(ciphertext);
663 if (((unsigned char*)binary)[format->params.binary_size-1] == 0xAF)
664 {
665 memset(binary, 0xCC, format->params.binary_size);
666 binary = format->methods.binary(ciphertext);
667 if (((unsigned char*)binary)[format->params.binary_size-1] == 0xCC)
668 {
669 /* possibly did not clean the binary. */
670 puts("Warning: binary() not pre-cleaning buffer");
671 binary_cleaned_warned = 1;
672 }
673 }
674 /* Clean up the mess we might have caused */
675 memset(binary, 0, format->params.binary_size);
676 binary = format->methods.binary(ciphertext);
677 }
678 *((char*)binary_copy) = 0;
679 if (format->params.binary_size)
680 memcpy(binary_copy, binary, format->params.binary_size);
681 binary = binary_copy;
682
683 salt = format->methods.salt(ciphertext);
684 if (!salt)
685 return "salt() returned NULL";
686 dyna_salt_create(salt);
687 #if ARCH_ALLOWS_UNALIGNED
688 if (mem_saving_level <= 2 || format->params.salt_align >= MEM_ALIGN_SIMD)
689 #endif
690 if (!salt_align_warned &&
691 !is_aligned(salt, format->params.salt_align) &&
692 format->params.salt_size > 0) {
693 puts("Warning: salt() returned misaligned pointer");
694 salt_align_warned = 1;
695 }
696
697 /* validate that salt dupe checks will work */
698 if (!salt_dupe_warned && format->params.salt_size) {
699 char *copy = mem_alloc(format->params.salt_size);
700
701 memcpy(copy, salt, format->params.salt_size);
702 salt = format->methods.salt(ciphertext);
703 dyna_salt_create(salt);
704 if (dyna_salt_cmp(copy, salt, format->params.salt_size))
705 {
706 puts("Warning: No dupe-salt detection");
707 salt_dupe_warned = 1;
708 // These can be useful in tracking down salt
709 // dupe problems.
710 //fprintf(stderr, "%s\n", ciphertext);
711 //dump_stuff(copy, format->params.salt_size);
712 //dump_stuff(salt, format->params.salt_size);
713 }
714 dyna_salt_remove(copy);
715 MEM_FREE(copy);
716 }
717
718 /* validate that salt() returns cleaned buffer */
719 if (extra_tests && !salt_cleaned_warned && format->params.salt_size) {
720 if ((format->params.flags & FMT_DYNA_SALT) == FMT_DYNA_SALT) {
721 dyna_salt *p1, *p2=0, *p3=0;
722 p1 = *((dyna_salt**)salt);
723 dyna_salt_smash(salt, 0xAF);
724 salt = format->methods.salt(ciphertext);
725 dyna_salt_create(salt);
726 p2 = *((dyna_salt**)salt);
727 if (dyna_salt_smash_check(salt, 0xAF))
728 {
729 dyna_salt_smash(salt, 0xC3);
730 salt = format->methods.salt(ciphertext);
731 dyna_salt_create(salt);
732 p3 = *((dyna_salt**)salt);
733 if (dyna_salt_smash_check(salt, 0xC3)) {
734 /* possibly did not clean the salt. */
735 puts("Warning: salt() not pre-cleaning buffer");
736 salt_cleaned_warned = 1;
737 }
738 }
739 /* Clean up the mess we might have caused */
740 dyna_salt_remove(&p1);
741 dyna_salt_remove(&p2);
742 dyna_salt_remove(&p3);
743 } else {
744 memset(salt, 0xAF, format->params.salt_size);
745 salt = format->methods.salt(ciphertext);
746 if (((unsigned char*)salt)[format->params.salt_size-1] == 0xAF)
747 {
748 memset(salt, 0xC3, format->params.salt_size);
749 salt = format->methods.salt(ciphertext);
750 if (((unsigned char*)salt)[format->params.salt_size-1] == 0xC3) {
751 /* possibly did not clean the salt. */
752 puts("Warning: salt() not pre-cleaning buffer");
753 salt_cleaned_warned = 1;
754 }
755 }
756 /* Clean up the mess we might have caused */
757 memset(salt, 0, format->params.salt_size);
758 }
759 salt = format->methods.salt(ciphertext);
760 dyna_salt_create(salt);
761 }
762
763 *((char*)salt_copy) = 0;
764 if (format->params.salt_size)
765 memcpy(salt_copy, salt, format->params.salt_size);
766 salt = salt_copy;
767
768 if (strcmp(ciphertext,
769 format->methods.source(ciphertext, binary)))
770 return "source";
771
772 if (format->params.salt_size == 0 &&
773 format->methods.salt_hash(salt))
774 return "salt_hash non-zero with salt_size of 0";
775
776 if ((unsigned int)format->methods.salt_hash(salt) >=
777 SALT_HASH_SIZE)
778 return "salt_hash";
779
780 format->methods.set_salt(salt);
781 #ifndef BENCH_BUILD
782 if ((format->methods.get_hash[0] != fmt_default_get_hash) &&
783 strlen(ciphertext) > MAX_CIPHERTEXT_SIZE)
784 return "Huge ciphertext format can't use get_hash()";
785
786 if ((dbsalt = db->salts))
787 do {
788 if (!dyna_salt_cmp(salt, dbsalt->salt,
789 format->params.salt_size))
790 break;
791 } while ((dbsalt = dbsalt->next));
792 if (db->salts && !dbsalt) {
793 return "Could not find salt in db - salt() return inconsistent?";
794 }
795 #endif
796 #ifndef BENCH_BUILD
797 if (extra_tests && maxlength == 0) {
798 //int min = format->params.min_keys_per_crypt;
799 maxlength = 1;
800
801 /* Check that claimed max. length is actually supported:
802 1. Fill the buffer with maximum length keys */
803 format->methods.clear_keys();
804 for (i = 0; i < max; i++) {
805 char *pCand = longcand(format, i, ml);
806 fmt_set_key(pCand, i);
807 }
808
809 #if 0
810 #if defined(HAVE_OPENCL)
811 advance_cursor();
812 #endif
813 /* 2. Perform a limited crypt (in case it matters) */
814 if (format->methods.crypt_all(&min, db->salts) != min)
815 return "crypt_all";
816 #endif
817 #if defined(HAVE_OPENCL)
818 advance_cursor();
819 #endif
820 /* 3. Now read them back and verify they are intact */
821 for (i = 0; i < max; i++) {
822 char *getkey = format->methods.get_key(i);
823 char *setkey = longcand(format, i, ml);
824
825 if (!getkey)
826 return "get_key() returned NULL";
827
828 if (strncmp(getkey, setkey, ml + 1)) {
829 if (strnlen(getkey, ml + 1) > ml)
830 sprintf(s_size, "max. length in index "
831 "%d: wrote %d, got longer back",
832 i, ml);
833 else
834 sprintf(s_size, "max. length in index "
835 "%d: wrote %d, got %d back", i,
836 ml, (int)strlen(getkey));
837 fprintf(stderr, "\ngetkey = %s\nsetkey = %s\n", getkey, setkey);
838
839 return s_size;
840 }
841 }
842 }
843
844 #endif
845 if (full_lvl >= 0) {
846 #ifndef BENCH_BUILD
847 // Test FMT_CASE
848 format->methods.clear_keys();
849 test_fmt_case(format, binary, ciphertext, plaintext,
850 &is_case_sensitive, &plaintext_has_alpha, dbsalt);
851
852 // Test FMT_8_BIT
853 format->methods.clear_keys();
854 format->methods.set_salt(salt);
855 test_fmt_8_bit(format, binary, ciphertext, plaintext,
856 &is_ignore_8th_bit, &plaintext_is_blank, dbsalt);
857 #endif
858 format->methods.clear_keys();
859 format->methods.set_salt(salt);
860 for (i = 0; i < max - 1; i++) {
861 char *pCand = longcand(format, i, ml);
862 fmt_set_key(pCand, i);
863 }
864 fmt_set_key(current->plaintext, max - 1);
865 } else {
866 if (index == 0)
867 format->methods.clear_keys();
868 fmt_set_key(current->plaintext, index);
869 }
870 #if !defined(BENCH_BUILD) && defined(HAVE_OPENCL)
871 advance_cursor();
872 #endif
873 if (full_lvl >= 0) {
874 #ifndef BENCH_BUILD
875 ret = is_key_right(format, max - 1, binary, ciphertext, plaintext, 0, dbsalt);
876 if (ret)
877 return ret;
878 #endif
879 format->methods.clear_keys();
880 dyna_salt_remove(salt);
881 while_condition = (++current)->ciphertext != NULL;
882 } else {
883 #ifndef BENCH_BUILD
884 ret = is_key_right(format, index, binary, ciphertext, plaintext, 0, dbsalt);
885 if (ret)
886 return ret;
887 #endif
888 /* Remove some old keys to better test cmp_all() */
889 if (index & 1) {
890 format->methods.clear_keys();
891 for (i = 0; i <= index; i++)
892 fmt_set_key(fmt_null_key, i);
893 }
894
895 /* 0 1 2 3 4 6 9 13 19 28 42 63 94 141 211 316 474 711 1066 ... */
896 if (index >= 2 && max > ntests) {
897 /* Always call set_key() even if skipping. Some formats depend on it. */
898 for (i = index + 1;
899 i < max && i < (index + (index >> 1)); i++)
900 fmt_set_key(longcand(format, i, sl), i);
901 index = i;
902 } else
903 index++;
904
905 if (index >= max) {
906 format->methods.clear_keys();
907 index = (max > 5 && max > ntests && done != 1) ? 5 : 0;
908 /* Always call set_key() even if skipping. Some formats depend on it. */
909 for (i = 0; i < index; i++)
910 fmt_set_key(longcand(format, i, sl), i);
911 done |= 1;
912 }
913
914 if (!(++current)->ciphertext) {
915 #if defined(HAVE_OPENCL)
916 /* Jump straight to last index for GPU formats but always call set_key() */
917 if (strstr(format->params.label, "-opencl")) {
918 for (i = index + 1; i < max - 1; i++)
919 fmt_set_key(longcand(format, i, sl), i);
920 index = max - 1;
921 }
922 #endif
923 current = format->params.tests;
924 done |= 2;
925 }
926 dyna_salt_remove(salt);
927 while_condition = done != 3;
928 }
929 } while (while_condition);
930
931 if (full_lvl >= 0) {
932 if (plaintext_has_alpha) {
933 if (is_case_sensitive && !(format->params.flags & FMT_CASE)) {
934 snprintf(s_size, sizeof(s_size),
935 "%s doesn't set FMT_CASE but at least one test-vector is case-sensitive",
936 format->params.label);
937 return s_size;
938 } else if (!is_case_sensitive && (format->params.flags & FMT_CASE)) {
939 snprintf(s_size, sizeof(s_size),
940 "%s sets FMT_CASE but all test-vectors are case-insensitive",
941 format->params.label);
942 return s_size;
943 }
944 }
945
946 if (!plaintext_is_blank) {
947 if (!strcmp(format->params.label, "crypt")) {
948 /*
949 * We "can't" reliably know if the underlying system's crypt() is 8-bit or not,
950 * and in fact this will vary by actual hash type, of which multiple ones may
951 * be loaded at once (with that one format). crypt SHOULD set FMT_8_BIT
952 */
953 if (!(format->params.flags & FMT_8_BIT)) {
954 snprintf(s_size, sizeof(s_size),
955 "crypt should set FMT_8_BIT");
956 return s_size;
957 }
958 } else if (!strncasecmp(format->params.label, "wpapsk-pmk", 10)) {
959 /* WPAPSK-PMK is 64 hex digits */
960 if (format->params.flags & FMT_8_BIT) {
961 snprintf(s_size, sizeof(s_size),
962 "%s should not set FMT_8_BIT",
963 format->params.label);
964 return s_size;
965 }
966 } else if (!strncasecmp(format->params.label, "sl3", 3)) {
967 /*
968 * The SL3 format technically handles 8-bit but the "passwords" are all digits.
969 */
970 if (format->params.flags & FMT_8_BIT) {
971 snprintf(s_size, sizeof(s_size),
972 "%s should not set FMT_8_BIT",
973 format->params.label);
974 return s_size;
975 }
976 } else if (!is_ignore_8th_bit &&
977 !(format->params.flags & FMT_8_BIT)) {
978 snprintf(s_size, sizeof(s_size),
979 "%s doesn't set FMT_8_BIT but at least one test-vector does not ignore the 8th bit",
980 format->params.label);
981 return s_size;
982 } else if (is_ignore_8th_bit &&
983 (format->params.flags & FMT_8_BIT)) {
984 snprintf(s_size, sizeof(s_size),
985 "%s sets FMT_8_BIT but all test-vectors ignore the 8th bit",
986 format->params.label);
987 return s_size;
988 }
989 }
990
991 switch (is_split_unifies_case) {
992 case 1:
993 snprintf(s_size, sizeof(s_size), "should set FMT_SPLIT_UNIFIES_CASE");
994 return s_size;
995 case 2:
996 snprintf(s_size, sizeof(s_size), "should not set FMT_SPLIT_UNIFIES_CASE");
997 return s_size;
998 case 3:
999 snprintf(s_size, sizeof(s_size), "split() is only casing sometimes");
1000 return s_size;
1001 case 4:
1002 snprintf(s_size, sizeof(s_size), "split() case, or valid() should fail");
1003 return s_size;
1004 case 0:
1005 case -1:
1006 default:
1007 break;
1008 }
1009 switch (is_split_unifies_case_4) {
1010 case 1:
1011 snprintf(s_size, sizeof(s_size), "should set FMT_SPLIT_UNIFIES_CASE (#4)");
1012 return s_size;
1013 case 2:
1014 snprintf(s_size, sizeof(s_size), "should not set FMT_SPLIT_UNIFIES_CASE (#4)");
1015 return s_size;
1016 case 3:
1017 snprintf(s_size, sizeof(s_size), "split() is only casing sometimes (#4)");
1018 return s_size;
1019 case 4:
1020 snprintf(s_size, sizeof(s_size), "split() case, or valid() should fail (#4)");
1021 return s_size;
1022 case 0:
1023 case -1:
1024 default:
1025 break;
1026 }
1027
1028 // Currently this code only has false positive failures, so for now, it is comment out.
1029 // @loverszhaokai needs to look at a re-do of the function. The 'blind' casing fails
1030 // when there are constant strings, or things like user names embedded in the hash,
1031 // or other non-hex strings.
1032 // Fixed the function, Dec 13, 2017. Jfoug. Changed to function with --test-full=0
1033 if (full_lvl >= 0)
1034 if (!fmt_split_case && format->params.binary_size != 0 && is_change_case && is_need_unify_case) {
1035 snprintf(s_size, sizeof(s_size),
1036 "should unify cases in split() and set FMT_SPLIT_UNIFIES_CASE (#3)");
1037 return s_size;
1038 }
1039 }
1040
1041 format->methods.clear_keys();
1042 format->private.initialized = 2;
1043
1044 return NULL;
1045 }
1046
1047 #ifndef BENCH_BUILD
test_fmt_case(struct fmt_main * format,void * binary,char * ciphertext,char * plaintext,int * is_case_sensitive,int * plaintext_has_alpha,struct db_salt * dbsalt)1048 static void test_fmt_case(struct fmt_main *format, void *binary,
1049 char *ciphertext, char* plaintext, int *is_case_sensitive,
1050 int *plaintext_has_alpha, struct db_salt *dbsalt)
1051 {
1052 char *plain_copy, *pk;
1053
1054 if (*plaintext == 0)
1055 return;
1056
1057 plain_copy = strdup(plaintext);
1058 pk = plain_copy;
1059
1060 while (*pk) {
1061 if (*pk >= 'a' && *pk <= 'z') {
1062 *pk += 'A' - 'a';
1063 break;
1064 } else if (*pk >= 'A' && *pk <= 'Z') {
1065 *pk += 'a' - 'A';
1066 break;
1067 }
1068 pk++;
1069 }
1070 if (*pk == 0)
1071 goto out;
1072
1073 *plaintext_has_alpha = 1;
1074 fmt_set_key(plain_copy, 0);
1075
1076 if (is_key_right(format, 0, binary, ciphertext, plain_copy, 1, dbsalt))
1077 *is_case_sensitive = 1;
1078
1079 out:
1080 MEM_FREE(plain_copy);
1081 }
1082
test_fmt_8_bit(struct fmt_main * format,void * binary,char * ciphertext,char * plaintext,int * is_ignore_8th_bit,int * plaintext_is_blank,struct db_salt * dbsalt)1083 static void test_fmt_8_bit(struct fmt_main *format, void *binary,
1084 char *ciphertext, char *plaintext, int *is_ignore_8th_bit,
1085 int *plaintext_is_blank, struct db_salt *dbsalt)
1086 {
1087 char *plain_copy, *pk, *ret_all_set, *ret_none_set;
1088
1089 if (*plaintext == 0)
1090 return;
1091
1092 *plaintext_is_blank = 0;
1093 plain_copy = strdup(plaintext);
1094
1095 // All OR '\x80'
1096 pk = plain_copy;
1097 while (*pk) {
1098 *pk |= '\x80';
1099 pk++;
1100 }
1101
1102 fmt_set_key(plain_copy, 0);
1103 ret_all_set = is_key_right(format, 0, binary, ciphertext,
1104 plain_copy, 0, dbsalt);
1105
1106 format->methods.clear_keys();
1107
1108 // All AND '\x7F'
1109 pk = plain_copy;
1110 while (*pk) {
1111 *pk &= '\x7F';
1112 pk++;
1113 }
1114
1115 fmt_set_key(plain_copy, 0);
1116 ret_none_set = is_key_right(format, 0, binary, ciphertext,
1117 plain_copy, 0, dbsalt);
1118
1119 if (ret_all_set != ret_none_set)
1120 *is_ignore_8th_bit = 0;
1121
1122 MEM_FREE(plain_copy);
1123 }
1124
chrcasecmp(char lc,char rc)1125 static int chrcasecmp(char lc, char rc)
1126 {
1127 if (lc >= 'a' && lc <= 'z')
1128 lc += 'A' - 'a';
1129 if (rc >= 'a' && rc <= 'z')
1130 rc += 'A' - 'a';
1131 return lc - rc;
1132 }
1133
1134 /*
1135 * Since the split() may add prefix or suffix to the original ciphertext, and
1136 * the split() may truncate the original ciphertext, so we would better get
1137 * the longest common strings for the ciphertext and the string returned by
1138 * split(), and check the cases
1139 */
get_longest_common_string(char * fstr,char * sstr,int * first_index,int * second_index,int * size)1140 static void get_longest_common_string(char *fstr, char *sstr, int *first_index,
1141 int *second_index, int *size)
1142 {
1143 int fi, si, max, fp, sp, cnt_len, fj, sj;
1144
1145 fi = si = max = 0;
1146 fp = sp = 0;
1147
1148 while (fstr[fi]) {
1149
1150 si = max;
1151 while (sstr[si]) {
1152
1153 if (!chrcasecmp(fstr[fi], sstr[si])) {
1154
1155 fj = fi - 1;
1156 sj = si - 1;
1157 cnt_len = 1;
1158
1159 while (fj >= 0 && sj >= 0) {
1160 if (chrcasecmp(fstr[fj], sstr[sj]))
1161 break;
1162 cnt_len++;
1163 fj--;
1164 sj--;
1165 }
1166 if (cnt_len > max) {
1167 max = cnt_len;
1168 fp = fi;
1169 sp = si;
1170 }
1171 }
1172 si++;
1173 }
1174 fi++;
1175 }
1176
1177 *size = max;
1178 *first_index = fp - max + 1;
1179 *second_index = sp - max + 1;
1180 }
1181
1182 /* settings for is_split_unifies_case
1183 * case -1: casing happening, but every hash has been correct.
1184 * case 0: no error found (or casing not being used)
1185 * case 1: "should set FMT_SPLIT_UNIFIES_CASE"
1186 * case 2: "should not set FMT_SPLIT_UNIFIES_CASE"
1187 * case 3: "split() is only casing sometimes"
1188 * case 4: "split() case, or valid() should fail"
1189 */
test_fmt_split_unifies_case(struct fmt_main * format,char * ciphertext,int * is_split_unifies_case,int call_cnt)1190 static void test_fmt_split_unifies_case(struct fmt_main *format, char *ciphertext, int *is_split_unifies_case, int call_cnt)
1191 {
1192 char *cipher_copy, *ret, *bin_hex=0, *ret_copy=0;
1193 void *bin;
1194 int first_index, second_index, size, index;
1195 int change_count = 0;
1196 char fake_user[5] = "john";
1197 char *flds[10] = {0,0,0,0,0,0,0,0,0,0};
1198
1199 if (*is_split_unifies_case>2) return; /* already know all we need to know. */
1200
1201 cipher_copy = strdup(ciphertext);
1202
1203 /*
1204 * check for common case problem. hash is HEX, so find it, change it,
1205 * and is there is no split, or split() does not fix it, then check
1206 * valid(). If valid allows the hash, THEN we have a #4 problem.
1207 */
1208 flds[0] = fake_user;
1209 flds[1] = cipher_copy;
1210 ret = format->methods.prepare(flds, format);
1211 if (format->methods.valid(ret, format)) {
1212 char *cp;
1213 int do_test=0;
1214 ret = format->methods.split(ret, 0, format);
1215 ret_copy = strdup(ret);
1216 bin = format->methods.binary(ret_copy);
1217 if (format->params.binary_size>4) {
1218 bin_hex = mem_alloc(format->params.binary_size*2+1);
1219 base64_convert(bin, e_b64_raw, format->params.binary_size, bin_hex, e_b64_hex, format->params.binary_size*2+1, 0, 0);
1220 cp = strstr(ret_copy, bin_hex);
1221 strupr(bin_hex);
1222 if (cp) {
1223 do_test |= 1;
1224 memcpy(cp, bin_hex, strlen(bin_hex));
1225 /* NOTE, there can be cases where hashes are PURE digits. Thus, this test can not be used to validate case */
1226 if (!strcmp(ret, ret_copy))
1227 do_test &= ~1;
1228 } else {
1229 cp = strstr(ret_copy, bin_hex);
1230 if (cp) {
1231 do_test |= 1;
1232 strlwr(bin_hex);
1233 memcpy(cp, bin_hex, strlen(bin_hex));
1234 /* NOTE, there can be cases where hashes are PURE digits. Thus, this test can not be used to validate case */
1235 if (!strcmp(ret, ret_copy))
1236 do_test &= ~1;
1237 }
1238 }
1239 MEM_FREE(bin_hex);
1240 }
1241 if (format->params.salt_size>4 && format->params.salt_size < strlen(ret_copy)-10) {
1242 bin_hex = mem_alloc(format->params.salt_size*2+1);
1243 bin = format->methods.salt(ret_copy);
1244 dyna_salt_create(bin);
1245 base64_convert(bin, e_b64_raw, format->params.salt_size, bin_hex, e_b64_hex, format->params.salt_size*2+1, 0, 0);
1246 dyna_salt_remove(bin);
1247 cp = strstr(ret_copy, bin_hex);
1248 strupr(bin_hex);
1249 if (cp) {
1250 do_test |= 2;
1251 memcpy(cp, bin_hex, strlen(bin_hex));
1252 /* NOTE, there can be cases where hashes are PURE digits. Thus, this test can not be used to validate case */
1253 if (!strcmp(ret, ret_copy))
1254 do_test &= ~2;
1255 } else {
1256 cp = strstr(ret_copy, bin_hex);
1257 if (cp) {
1258 do_test |= 2;
1259 strlwr(bin_hex);
1260 memcpy(cp, bin_hex, strlen(bin_hex));
1261 /* NOTE, there can be cases where hashes are PURE digits. Thus, this test can not be used to validate case */
1262 if (!strcmp(ret, ret_copy))
1263 do_test &= ~2;
1264 }
1265 }
1266 MEM_FREE(bin_hex);
1267 }
1268 if (!do_test) {
1269 MEM_FREE(cipher_copy);
1270 MEM_FREE(ret_copy);
1271 return;
1272 }
1273 ret = format->methods.split(ret_copy, 0, format);
1274 if (!strcmp(ret_copy, ret)) {
1275 if (format->methods.valid(ret_copy, format)) {
1276 /* we have the bug! */
1277 MEM_FREE(bin_hex);
1278 MEM_FREE(ret_copy);
1279 MEM_FREE(cipher_copy);
1280 if (!strncmp(format->params.label, "@dynamic=", 9)) // white list this one.
1281 *is_split_unifies_case = 4;
1282 return;
1283 }
1284 }
1285 }
1286
1287
1288 ret = format->methods.split(cipher_copy, 0, format);
1289 if (strcmp(cipher_copy, ret)) {
1290 get_longest_common_string(cipher_copy, ret, &first_index,
1291 &second_index, &size);
1292 if (strncmp(cipher_copy + first_index, ret + second_index, size))
1293 goto change_case;
1294 }
1295 /*
1296 * Find the second '$' if the ciphertext begins with '$'. We shoud not change the
1297 * cases between the first and the second '$', since the string is format label
1298 * and split() may check it
1299 */
1300 index = 0;
1301 if (cipher_copy[0] == '$') {
1302 index = 1;
1303 while (cipher_copy[index] && cipher_copy[index] != '$')
1304 index++;
1305 }
1306 if (!index && !strncmp(cipher_copy, "@dynamic=", 9)) {
1307 index = 1;
1308 while (cipher_copy[index] && cipher_copy[index] != '@')
1309 index++;
1310 }
1311
1312 /* Lower case */
1313 strlwr(cipher_copy + index);
1314 if (strcmp(cipher_copy + index, ciphertext + index))
1315 ++change_count;
1316 ret = format->methods.split(cipher_copy, 0, format);
1317 if (strcmp(cipher_copy, ret)) {
1318 get_longest_common_string(cipher_copy, ret, &first_index,
1319 &second_index, &size);
1320 if (strncmp(cipher_copy + first_index, ret + second_index, size))
1321 goto change_case;
1322 }
1323
1324 /* Upper case */
1325 strupr(cipher_copy + index);
1326 if (strcmp(cipher_copy + index, ciphertext + index))
1327 ++change_count;
1328 ret = format->methods.split(cipher_copy, 0, format);
1329 if (strcmp(cipher_copy, ret)) {
1330 get_longest_common_string(cipher_copy, ret, &first_index,
1331 &second_index, &size);
1332 if (strncmp(cipher_copy + first_index, ret + second_index, size))
1333 goto change_case;
1334 }
1335
1336 MEM_FREE(ret_copy);
1337 MEM_FREE(cipher_copy);
1338 if (!change_count && strncmp(format->params.label, "@dynamic=", 9)) // white list this one.
1339 *is_split_unifies_case = 2;
1340 else
1341 *is_split_unifies_case = 0;
1342 return;
1343
1344 change_case:
1345 MEM_FREE(ret_copy);
1346 MEM_FREE(cipher_copy);
1347 if (strncmp(format->params.label, "@dynamic=", 9)) // white list this one.
1348 return;
1349 if (call_cnt == 0)
1350 *is_split_unifies_case = -1;
1351 else if (*is_split_unifies_case != -1)
1352 *is_split_unifies_case = 3;
1353 return;
1354 }
1355
1356 /*
1357 * This function is to detect whether the format need to unify cases in split()
1358 * and add FMT_SPLIT_UNIFIES_CASE
1359 *
1360 * NOTE, I think this test is NOT valid! The 'results' of this function are
1361 * currently not being listed to screen. Right now, there is a handful
1362 * of failures, and every one of them is a false-positive.
1363 */
test_fmt_split_unifies_case_3(struct fmt_main * format,char * ciphertext,int * has_change_case,int * is_need_unify_case)1364 static void test_fmt_split_unifies_case_3(struct fmt_main *format,
1365 char *ciphertext, int *has_change_case, int *is_need_unify_case)
1366 {
1367 char *cipher_copy, *split_ret;
1368 int index;
1369 void *orig_binary, *orig_salt;
1370 void *binary, *salt;
1371
1372 cipher_copy = strdup(ciphertext);
1373 split_ret = format->methods.split(cipher_copy, 0, format);
1374
1375 orig_binary = NULL;
1376 orig_salt = NULL;
1377
1378 binary = format->methods.binary(split_ret);
1379 if (binary != NULL) {
1380
1381 orig_binary = mem_alloc(format->params.binary_size);
1382 memcpy(orig_binary, binary, format->params.binary_size);
1383
1384 salt = format->methods.salt(split_ret);
1385 dyna_salt_create(salt);
1386 if (salt != NULL && format->params.salt_size) {
1387 orig_salt = mem_alloc(format->params.salt_size);
1388 memcpy(orig_salt, salt, format->params.salt_size);
1389 }
1390 dyna_salt_remove(salt);
1391 }
1392
1393 /*
1394 * Find the second '$' if the ciphertext begins with '$'. We shoud not change the
1395 * cases between the first and the second '$', since the string is format label
1396 * and split() may check it
1397 */
1398 index = 0;
1399 if (cipher_copy[0] == '$') {
1400 index = 1;
1401 while (cipher_copy[index] && cipher_copy[index] != '$')
1402 index++;
1403 }
1404 if (!index && !strncmp(cipher_copy, "@dynamic=", 9)) {
1405 index = 1;
1406 while (cipher_copy[index] && cipher_copy[index] != '@')
1407 index++;
1408 }
1409
1410 // Lower case
1411 strlwr(cipher_copy + index);
1412
1413 if (strcmp(cipher_copy, ciphertext)) {
1414 if (format->methods.valid(cipher_copy, format)) {
1415
1416 *has_change_case = 1;
1417 split_ret = format->methods.split(cipher_copy, 0, format);
1418 if (!strcmp(split_ret, ciphertext))
1419 *is_need_unify_case = 0;
1420 binary = format->methods.binary(split_ret);
1421
1422 if (binary != NULL)
1423 if (memcmp(orig_binary, binary, format->params.binary_size) != 0) {
1424 // Do not need to unify cases in split() and add
1425 // FMT_SPLIT_UNIFIES_CASE
1426 *is_need_unify_case = 0;
1427 }
1428 } else
1429 *is_need_unify_case = 0;
1430 }
1431
1432 // Upper case
1433 strupr(cipher_copy + index);
1434
1435 if (strcmp(cipher_copy, ciphertext)) {
1436 if (format->methods.valid(cipher_copy, format)) {
1437
1438 *has_change_case = 1;
1439 split_ret = format->methods.split(cipher_copy, 0, format);
1440 if (!strcmp(split_ret, ciphertext))
1441 *is_need_unify_case = 0;
1442 binary = format->methods.binary(split_ret);
1443
1444 if (binary != NULL)
1445 if (memcmp(orig_binary, binary, format->params.binary_size) != 0) {
1446 // Do not need to unify cases in split() and add
1447 // FMT_SPLIT_UNIFIES_CASE
1448 *is_need_unify_case = 0;
1449 }
1450 } else
1451 *is_need_unify_case = 0;
1452 }
1453
1454 MEM_FREE(orig_salt);
1455 MEM_FREE(orig_binary);
1456 MEM_FREE(cipher_copy);
1457 }
1458
is_known_len(int len)1459 static int is_known_len(int len) {
1460 switch (len) {
1461 case 16: case 24: case 28: case 32:
1462 case 40: case 48: case 56: case 64:
1463 case 72: case 84: case 96: case 112: case 128:
1464 return 1;
1465 default:
1466 if (len&1)
1467 return 0;
1468 if (len > 128)
1469 return 1;
1470 }
1471 return 0;
1472 }
1473
test_fmt_split_unifies_case_4(struct fmt_main * format,char * ciphertext,int * is_split_unifies_case,int call_cnt)1474 static void test_fmt_split_unifies_case_4(struct fmt_main *format, char *ciphertext, int *is_split_unifies_case, int call_cnt)
1475 {
1476 char *cipher_copy, *ret, *ret_copy=0, *ret_fix;
1477 int change_count = 0, i;
1478 char fake_user[5] = "john";
1479 char *flds[10] = {0,0,0,0,0,0,0,0,0,0};
1480 static unsigned char case_hex_chars[256], case_hex_init=0;
1481
1482 if (!case_hex_init) {
1483 case_hex_init = 1;
1484 memset(case_hex_chars, 0, sizeof(case_hex_chars));
1485 for (i = '0'; i <= '9'; ++i) case_hex_chars[i] = 1; // 'bits'
1486 for (i = 'a'; i <= 'f'; ++i) case_hex_chars[i] = 2;
1487 for (i = 'A'; i <= 'F'; ++i) case_hex_chars[i] = 4;
1488 }
1489
1490 if (*is_split_unifies_case>2) return; /* already know all we need to know. */
1491
1492 cipher_copy = strdup(ciphertext);
1493
1494 /*
1495 * check for common case problem, but in a 'generic' manner. Here, we find sets of
1496 * data that are 'hex-like'. All one case, not pure digits, AND of a 'known' expected length. The
1497 * lengths we care about are: 16, 24, 28, 32, 40, 48, 56, 64, 72, 80, 96, 112, 128
1498 * and even length strings > 128 bytes (which are likely data blobs). When we find strings
1499 * this length, we mangle them, and see if the format fixes them, or rejects them. If the format
1500 * neither fixes and does not reject the hash, then we return 'error'
1501 */
1502 flds[0] = fake_user;
1503 flds[1] = cipher_copy;
1504 ret = format->methods.prepare(flds, format);
1505 if (format->methods.valid(ret, format)) {
1506 char *cp;
1507 ret = format->methods.split(ret, 0, format);
1508 ret_copy = strdup(ret);
1509 // Ok, now walk the string, LOOKING for hex string or known lengths which are all 1 case, and NOT pure numeric
1510 cp = ret_copy;
1511 while (strlen(cp) > 16) {
1512 if (case_hex_chars[ARCH_INDEX(*cp)]) {
1513 unsigned cnt = 1, vals=case_hex_chars[ARCH_INDEX(*cp)];
1514 char *cp2 = cp+1;
1515 while (case_hex_chars[ARCH_INDEX(*cp2)]) {
1516 ++cnt;
1517 vals |= case_hex_chars[ARCH_INDEX(*cp2)];
1518 ++cp2;
1519 }
1520 if ( ((vals&6) == 2 || (vals&6) == 4) && is_known_len(cnt)) {
1521 // Ok, we have 'found' a hex block of a 'known' length.
1522 // Flip the case, and see if split() returns it to cannonical
1523 // or if valid says not valid. If either of those happen, then
1524 // we do not have the bug. If both fail, then we flag this format
1525 // as HAVING the bug (possibly having the bug, but we report it).
1526 int good = 0;
1527 while (cp < cp2) {
1528 if (*cp < '0' || *cp > '9')
1529 *cp ^= 0x20;
1530 ++cp;
1531 }
1532 ret_fix = format->methods.split(ret_copy, 0, format);
1533 if (!strcmp(ret_fix, ret))
1534 good = 1;
1535 else if (!format->methods.valid(ret_fix, format))
1536 good = 1;
1537 if (!good) {
1538 // white list.
1539 if (!strncmp(ret, "@dynamic=", 9) ||
1540 (ret[0]=='$'&&ret[1]=='2'&&ret[3]=='$'&& (ret[2]=='a'||ret[2]=='b'||ret[2]=='x'||ret[2]=='y') ) )
1541 {
1542 } else
1543 goto change_case;
1544 }
1545 }
1546 cp = cp2;
1547 }
1548 else
1549 ++cp;
1550 }
1551 }
1552
1553 MEM_FREE(cipher_copy);
1554 MEM_FREE(ret_copy);
1555 if (call_cnt == 0)
1556 *is_split_unifies_case = -1;
1557 else if (*is_split_unifies_case != -1)
1558 *is_split_unifies_case = 3;
1559 return;
1560
1561 change_case:
1562 MEM_FREE(ret_copy);
1563 MEM_FREE(cipher_copy);
1564 if (!change_count)
1565 *is_split_unifies_case = 2;
1566 else
1567 *is_split_unifies_case = 0;
1568 return;
1569 }
1570 #endif
1571
1572 /*
1573 * Allocate memory for a copy of a binary ciphertext or salt with only the
1574 * minimum guaranteed alignment. We do this to test that binary_hash*(),
1575 * cmp_*(), and salt_hash() do accept such pointers.
1576 */
alloc_binary(void ** alloc,size_t size,size_t align)1577 static void *alloc_binary(void **alloc, size_t size, size_t align)
1578 {
1579 size_t mask = align - 1;
1580 char *p;
1581
1582 /* Ensure minimum required alignment and leave room for "align" bytes more */
1583 p = *alloc = mem_alloc(size + mask + align);
1584 p += mask;
1585 p -= (size_t)p & mask;
1586
1587 /* If the alignment is too great, reduce it to the minimum */
1588 if (!((size_t)p & align))
1589 p += align;
1590
1591 return p;
1592 }
1593
fmt_self_test(struct fmt_main * format,struct db_main * db)1594 char *fmt_self_test(struct fmt_main *format, struct db_main *db)
1595 {
1596 char *retval;
1597 void *binary_alloc, *salt_alloc;
1598 void *binary_copy, *salt_copy;
1599
1600 binary_copy = alloc_binary(&binary_alloc,
1601 format->params.binary_size?format->params.binary_size:1, format->params.binary_align);
1602 salt_copy = alloc_binary(&salt_alloc,
1603 format->params.salt_size?format->params.salt_size:1, format->params.salt_align);
1604
1605 self_test_running = 1;
1606
1607 retval = fmt_self_test_body(format, binary_copy, salt_copy, db, benchmark_level);
1608
1609 self_test_running = 0;
1610
1611 MEM_FREE(salt_alloc);
1612 MEM_FREE(binary_alloc);
1613
1614 return retval;
1615 }
1616
fmt_default_init(struct fmt_main * self)1617 void fmt_default_init(struct fmt_main *self)
1618 {
1619 }
1620
fmt_default_done(void)1621 void fmt_default_done(void)
1622 {
1623 }
1624
fmt_default_reset(struct db_main * db)1625 void fmt_default_reset(struct db_main *db)
1626 {
1627 }
1628
fmt_default_prepare(char * fields[10],struct fmt_main * self)1629 char *fmt_default_prepare(char *fields[10], struct fmt_main *self)
1630 {
1631 return fields[1];
1632 }
1633
fmt_default_split(char * ciphertext,int index,struct fmt_main * self)1634 char *fmt_default_split(char *ciphertext, int index, struct fmt_main *self)
1635 {
1636 return ciphertext;
1637 }
1638
fmt_default_binary(char * ciphertext)1639 void *fmt_default_binary(char *ciphertext)
1640 {
1641 return ciphertext;
1642 }
1643
fmt_default_salt(char * ciphertext)1644 void *fmt_default_salt(char *ciphertext)
1645 {
1646 return ciphertext;
1647 }
1648
fmt_default_source(char * source,void * binary)1649 char *fmt_default_source(char *source, void *binary)
1650 {
1651 return source;
1652 }
1653
fmt_default_binary_hash(void * binary)1654 int fmt_default_binary_hash(void *binary)
1655 {
1656 return 0;
1657 }
1658
fmt_default_binary_hash_0(void * binary)1659 int fmt_default_binary_hash_0(void * binary)
1660 {
1661 return *(uint32_t *) binary & PH_MASK_0;
1662 }
1663
fmt_default_binary_hash_1(void * binary)1664 int fmt_default_binary_hash_1(void * binary)
1665 {
1666 return *(uint32_t *) binary & PH_MASK_1;
1667 }
1668
fmt_default_binary_hash_2(void * binary)1669 int fmt_default_binary_hash_2(void * binary)
1670 {
1671 return *(uint32_t *) binary & PH_MASK_2;
1672 }
1673
fmt_default_binary_hash_3(void * binary)1674 int fmt_default_binary_hash_3(void * binary)
1675 {
1676 return *(uint32_t *) binary & PH_MASK_3;
1677 }
1678
fmt_default_binary_hash_4(void * binary)1679 int fmt_default_binary_hash_4(void * binary)
1680 {
1681 return *(uint32_t *) binary & PH_MASK_4;
1682 }
1683
fmt_default_binary_hash_5(void * binary)1684 int fmt_default_binary_hash_5(void * binary)
1685 {
1686 return *(uint32_t *) binary & PH_MASK_5;
1687 }
1688
fmt_default_binary_hash_6(void * binary)1689 int fmt_default_binary_hash_6(void * binary)
1690 {
1691 return *(uint32_t *) binary & PH_MASK_6;
1692 }
1693
fmt_default_salt_hash(void * salt)1694 int fmt_default_salt_hash(void *salt)
1695 {
1696 return 0;
1697 }
1698
fmt_default_dyna_salt_hash(void * salt)1699 int fmt_default_dyna_salt_hash(void *salt)
1700 {
1701 /* if the hash is a dyna_salt type hash, it can simply use this function */
1702 dyna_salt_john_core *mysalt = *(dyna_salt_john_core **)salt;
1703 unsigned v;
1704 int i;
1705 unsigned char *p;
1706
1707 p = (unsigned char*)mysalt;
1708 p += mysalt->dyna_salt.salt_cmp_offset;
1709 #ifdef DYNA_SALT_DEBUG
1710 dump_stuff_msg((void*)__FUNCTION__, p, mysalt->dyna_salt.salt_cmp_size>48?48:mysalt->dyna_salt.salt_cmp_size);
1711 fprintf(stderr, "fmt_default_dyna_salt_hash(): cmp size %u\n", (unsigned)mysalt->dyna_salt.salt_cmp_size);
1712 #endif
1713 v = 0;
1714 for (i = 0; i < mysalt->dyna_salt.salt_cmp_size; ++i) {
1715 v *= 11;
1716 v += *p++;
1717 }
1718 #ifdef DYNA_SALT_DEBUG
1719 fprintf(stderr, "fmt_default_dyna_salt_hash(): return %d\n", v & (SALT_HASH_SIZE - 1));
1720 #endif
1721 return v & (SALT_HASH_SIZE - 1);
1722 }
1723
fmt_default_set_salt(void * salt)1724 void fmt_default_set_salt(void *salt)
1725 {
1726 }
1727
fmt_default_clear_keys(void)1728 void fmt_default_clear_keys(void)
1729 {
1730 }
1731
fmt_default_get_hash(int index)1732 int fmt_default_get_hash(int index)
1733 {
1734 return 0;
1735 }
1736