1 /*
2 * Drupal 7 phpass variant using SHA-512 and hashes cut at 258 bits.
3 *
4 * This software is Copyright (c) 2012 magnum, and it is hereby released to the
5 * general public under the following terms: Redistribution and use in source
6 * and binary forms, with or without modification, are permitted.
7 *
8 * These are 8 byte salted hashes with a loop count that defines the number
9 * of loops to compute. Drupal uses 258 bits of the hash, this is a multiple of
10 * 6 but not 8. I presume this is for getting unpadded base64. Anyway we store
11 * an extra byte but for now we will only compare 256 bits. I doubt that will
12 * pose any problems. Actually I'm not quite sure the last bits end up correct
13 * from the current version of get_binary().
14 *
15 * Based on [old thick] phpass-md5.
16 */
17
18 #if FMT_EXTERNS_H
19 extern struct fmt_main fmt_drupal7;
20 #elif FMT_REGISTERS_H
21 john_register_one(&fmt_drupal7);
22 #else
23
24 #ifdef _OPENMP
25 #include <omp.h>
26 #endif
27
28 #include "sha2.h"
29 #include "arch.h"
30 #include "misc.h"
31 #include "common.h"
32 #include "formats.h"
33 #include "johnswap.h"
34 #include "simd-intrinsics.h"
35 #include "drupal7_common.h"
36
37 #define FORMAT_LABEL "Drupal7"
38 #define ALGORITHM_NAME "SHA512 " SHA512_ALGORITHM_NAME
39
40 #define PLAINTEXT_LENGTH 47
41
42 #define DIGEST_SIZE (512/8)
43
44 #define BINARY_SIZE (258/8) // ((258+7)/8)
45 #define BINARY_ALIGN 4
46
47 #ifndef OMP_SCALE
48 #define OMP_SCALE 1
49 #endif
50
51 #ifdef SIMD_COEF_64
52 #define MIN_KEYS_PER_CRYPT (SIMD_COEF_64*SIMD_PARA_SHA512)
53 #define MAX_KEYS_PER_CRYPT (SIMD_COEF_64*SIMD_PARA_SHA512)
54 #if ARCH_LITTLE_ENDIAN
55 #define GETPOS(i, index) ( (index&(SIMD_COEF_64-1))*8 + ((i)&(0xffffffff-7))*SIMD_COEF_64 + (7-((i)&7)) + (unsigned int)index/SIMD_COEF_64*SHA_BUF_SIZ*SIMD_COEF_64*8 )
56 #else
57 #define GETPOS(i, index) ( (index&(SIMD_COEF_64-1))*8 + ((i)&(0xffffffff-7))*SIMD_COEF_64 + ((i)&7) + (unsigned int)index/SIMD_COEF_64*SHA_BUF_SIZ*SIMD_COEF_64*8 )
58 #endif
59 #else
60 #define MIN_KEYS_PER_CRYPT 1
61 #define MAX_KEYS_PER_CRYPT 2
62 #endif
63
64 /*
65 * NOTE, due to the 0x4000 iteration count, I am not wasting time pre-loading
66 * keys/salts. We will simply add SIMD code to the crypt_all. We could only
67 * gain < .1% worrying about all the extra stuff from set_key, get_key, the
68 * hashes, etc needed to split out SIMD. We just keep all input data in 'flat'
69 * format, switch to SIMD, do the 0x4000 loops, and put output back into 'flat'
70 * layout again. So we have no 'static' SIMD objects.
71 */
72 static unsigned char *cursalt;
73 static unsigned loopCnt;
74 static unsigned char (*EncKey)[PLAINTEXT_LENGTH + 1];
75 static unsigned int *EncKeyLen;
76 static char (*crypt_key)[DIGEST_SIZE];
77
init(struct fmt_main * self)78 static void init(struct fmt_main *self)
79 {
80 omp_autotune(self, OMP_SCALE);
81
82 EncKey = mem_calloc(self->params.max_keys_per_crypt,
83 sizeof(*EncKey));
84 EncKeyLen = mem_calloc(self->params.max_keys_per_crypt,
85 sizeof(*EncKeyLen));
86 crypt_key = mem_calloc(self->params.max_keys_per_crypt,
87 sizeof(*crypt_key));
88 }
89
done(void)90 static void done(void)
91 {
92 MEM_FREE(crypt_key);
93 MEM_FREE(EncKeyLen);
94 MEM_FREE(EncKey);
95 }
96
set_salt(void * salt)97 static void set_salt(void *salt)
98 {
99 loopCnt = (1 << (atoi64[ARCH_INDEX(((char*)salt)[8])]));
100 cursalt = salt;
101 }
102
set_key(char * key,int index)103 static void set_key(char *key, int index)
104 {
105 EncKeyLen[index] = strnzcpyn((char*)EncKey[index], key, sizeof(*EncKey));
106 }
107
get_key(int index)108 static char *get_key(int index)
109 {
110 return (char*)EncKey[index];
111 }
112
cmp_all(void * binary,int count)113 static int cmp_all(void *binary, int count)
114 {
115 int index;
116
117 for (index = 0; index < count; index++)
118 if (!memcmp(binary, crypt_key[index], ARCH_SIZE))
119 return 1;
120 return 0;
121 }
122
cmp_one(void * binary,int index)123 static int cmp_one(void *binary, int index)
124 {
125 return !memcmp(binary, crypt_key[index], BINARY_SIZE);
126 }
127
cmp_exact(char * source,int index)128 static int cmp_exact(char *source, int index)
129 {
130 return 1;
131 }
132
crypt_all(int * pcount,struct db_salt * salt)133 static int crypt_all(int *pcount, struct db_salt *salt)
134 {
135 const int count = *pcount;
136 int index;
137
138 #ifdef _OPENMP
139 #pragma omp parallel for
140 #endif
141 for (index = 0; index < count; index+=MIN_KEYS_PER_CRYPT) {
142 #ifdef SIMD_COEF_64
143 unsigned char _IBuf[128*MIN_KEYS_PER_CRYPT+MEM_ALIGN_CACHE], *keys;
144 uint64_t *keys64;
145 unsigned i, j, len, Lcount = loopCnt;
146
147 keys = (unsigned char*)mem_align(_IBuf, MEM_ALIGN_CACHE);
148 keys64 = (uint64_t*)keys;
149 memset(keys, 0, 128*MIN_KEYS_PER_CRYPT);
150 for (i = 0; i < MIN_KEYS_PER_CRYPT; ++i) {
151 len = EncKeyLen[index+i];
152 for (j = 0; j < 8; ++j)
153 keys[GETPOS(j, i)] = cursalt[j];
154 for (j = 0; j < len; ++j)
155 keys[GETPOS(j+8, i)] = EncKey[index+i][j];
156 keys[GETPOS(j+8, i)] = 0x80;
157 keys64[15*SIMD_COEF_64+(i&(SIMD_COEF_64-1))+i/SIMD_COEF_64*SHA_BUF_SIZ*SIMD_COEF_64] = (len+8) << 3;
158 }
159 SIMDSHA512body(keys, keys64, NULL, SSEi_MIXED_IN|SSEi_OUTPUT_AS_INP_FMT);
160 for (i = 0; i < MIN_KEYS_PER_CRYPT; ++i) {
161 len = EncKeyLen[index+i];
162 for (j = 0; j < len; ++j)
163 keys[GETPOS(j+64, i)] = EncKey[index+i][j];
164 keys[GETPOS(j+64, i)] = 0x80;
165 keys64[15*SIMD_COEF_64+(i&(SIMD_COEF_64-1))+i/SIMD_COEF_64*SHA_BUF_SIZ*SIMD_COEF_64] = (len+64) << 3;
166 }
167 while (--Lcount)
168 SIMDSHA512body(keys, keys64, NULL, SSEi_MIXED_IN|SSEi_OUTPUT_AS_INP_FMT);
169
170 // Last one with FLAT_OUT
171 SIMDSHA512body(keys, (uint64_t*)crypt_key[index], NULL, SSEi_MIXED_IN|SSEi_OUTPUT_AS_INP_FMT|SSEi_FLAT_OUT);
172 #else
173 SHA512_CTX ctx;
174 unsigned char tmp[DIGEST_SIZE + PLAINTEXT_LENGTH];
175 int len = EncKeyLen[index];
176 unsigned Lcount = loopCnt - 1;
177
178 SHA512_Init( &ctx );
179 SHA512_Update( &ctx, cursalt, 8 );
180 SHA512_Update( &ctx, EncKey[index], len );
181 memcpy(&tmp[DIGEST_SIZE], (char *)EncKey[index], len);
182 SHA512_Final( tmp, &ctx);
183 len += DIGEST_SIZE;
184
185 do {
186 SHA512_Init( &ctx );
187 SHA512_Update( &ctx, tmp, len);
188 SHA512_Final( tmp, &ctx);
189 } while (--Lcount);
190 SHA512_Init( &ctx );
191 SHA512_Update( &ctx, tmp, len);
192 SHA512_Final( (unsigned char *) crypt_key[index], &ctx);
193 #endif
194 }
195 return count;
196 }
197
198 #define COMMON_GET_HASH_VAR crypt_key
199 #include "common-get-hash.h"
200
201 struct fmt_main fmt_drupal7 = {
202 {
203 FORMAT_LABEL,
204 FORMAT_NAME,
205 ALGORITHM_NAME,
206 BENCHMARK_COMMENT,
207 BENCHMARK_LENGTH,
208 0,
209 PLAINTEXT_LENGTH,
210 BINARY_SIZE,
211 BINARY_ALIGN,
212 // true salt is SALT_SIZE but we add the loop count
213 SALT_SIZE + 1,
214 SALT_ALIGN,
215 MIN_KEYS_PER_CRYPT,
216 MAX_KEYS_PER_CRYPT,
217 FMT_CASE | FMT_8_BIT | FMT_OMP,
218 {
219 "iteration count",
220 },
221 { FORMAT_TAG },
222 tests
223 }, {
224 init,
225 done,
226 fmt_default_reset,
227 fmt_default_prepare,
228 valid,
229 fmt_default_split,
230 get_binary,
231 get_salt,
232 {
233 iteration_count,
234 },
235 fmt_default_source,
236 {
237 fmt_default_binary_hash_0,
238 fmt_default_binary_hash_1,
239 fmt_default_binary_hash_2,
240 fmt_default_binary_hash_3,
241 fmt_default_binary_hash_4,
242 fmt_default_binary_hash_5,
243 fmt_default_binary_hash_6
244 },
245 salt_hash,
246 NULL,
247 set_salt,
248 set_key,
249 get_key,
250 fmt_default_clear_keys,
251 crypt_all,
252 {
253 #define COMMON_GET_HASH_LINK
254 #include "common-get-hash.h"
255 },
256 cmp_all,
257 cmp_one,
258 cmp_exact
259 }
260 };
261
262 #endif /* plugin stanza */
263