1 /* 2 * This file is part of John the Ripper password cracker, 3 * Copyright (c) 1996-2001,2005,2010-2013,2015 by Solar Designer 4 * 5 * ...with a change in the jumbo patch, by JimF 6 */ 7 8 /* 9 * Supported ciphertext formats management. 10 */ 11 12 #ifndef _JOHN_FORMATS_H 13 #define _JOHN_FORMATS_H 14 15 #include "params.h" 16 #include "misc.h" 17 18 /* 19 * For now, you can just revert FMT_MAIN_VERSION to 11 20 * in case of any problem with the new additions 21 * (tunable cost parameters) 22 * (format signatures, #14) 23 */ 24 #define FMT_MAIN_VERSION 14 /* change if structure fmt_main changes */ 25 26 /* 27 * fmt_main is declared for real further down this file, but we refer to it in 28 * function prototypes in fmt_methods. 29 */ 30 struct fmt_main; 31 32 /* 33 * Maximum number of different tunable cost parameters 34 * that can be reported for a single format 35 */ 36 #define FMT_TUNABLE_COSTS 4 37 38 /* 39 * Maximum number of different signatures 40 * that can be reported for a single format 41 */ 42 #define FMT_SIGNATURES 4 43 44 /* 45 * Some format methods accept pointers to these, yet we can't just include 46 * loader.h here because that would be a circular dependency. 47 */ 48 struct db_main; 49 struct db_salt; 50 51 /* 52 * Format property flags. 53 */ 54 /* Uses case-sensitive passwords */ 55 #define FMT_CASE 0x00000001 56 /* Supports 8-bit characters in passwords (does not ignore the 8th bit) */ 57 #define FMT_8_BIT 0x00000002 58 /* 59 * This flag must be set for formats that do UCS-2, UTF-16 or some other wide 60 * encoding internally (eg. most Microsoft formats). The most common problem 61 * with formats not fully Unicode-aware is when a format like this is hard-coded 62 * to convert from ISO-8859-1 (ie. by just inserting 0x00, effectively just 63 * casting every char to a short). Such formats MUST set FMT_UNICODE and MUST 64 * NOT set FMT_ENC, or users will get false negatives when using UTF-8 or 65 * codepages. 66 */ 67 #define FMT_UNICODE 0x00000004 68 /* 69 * Honors the --encoding=NAME option. This means it can handle codepages (like 70 * cp1251) as well as UTF-8. 71 */ 72 #define FMT_ENC 0x00000008 73 /* 74 * This hash type is known to actually use UTF-8 encoding of password, so 75 * trying legacy target encodings should be pointless. 76 */ 77 #define FMT_UTF8 0x00000010 78 /* 79 * Mark password->binary = NULL immediately after a hash is cracked. Must be 80 * set for formats that read salt->list in crypt_all for the purpose of 81 * identification of uncracked hashes for this salt. 82 */ 83 #define FMT_REMOVE 0x00000020 84 /* 85 * Format has false positive matches. Thus, do not remove hashes when 86 * a likely PW is found. This should only be set for formats where a 87 * false positive will actually not work IRL (eg. 7z), as opposed to 88 * ones that has actual collisions (eg. oldoffice). The latter group 89 * of formats may instead be run with --keep-guessing if/when wanted. 90 */ 91 #define FMT_NOT_EXACT 0x00000100 92 /* 93 * This format uses a dynamic sized salt, and its salt structure 94 * 'derives' from the dyna_salt type defined in dyna_salt.h 95 */ 96 #define FMT_DYNA_SALT 0x00000200 97 /* 98 * This format supports huge ciphertexts (larger than LINE_BUFFER_SIZE) 99 * and may/will consequently truncate its pot lines with $SOURCE_HASH$ 100 */ 101 #define FMT_HUGE_INPUT 0x00000400 102 /* Uses a bitslice implementation */ 103 #define FMT_BS 0x00010000 104 /* The split() method unifies the case of characters in hash encodings */ 105 #define FMT_SPLIT_UNIFIES_CASE 0x00020000 106 /* A dynamic_x format (or a 'thin' format using dynamic code) */ 107 #define FMT_DYNAMIC 0x00100000 108 /* This format originally truncates at our max. length (eg. descrypt) */ 109 #define FMT_TRUNC 0x00200000 110 /* Format can do "internal mask" (eg. GPU-side mask)? */ 111 #define FMT_MASK 0x00400000 112 #ifdef _OPENMP 113 /* Parallelized with OpenMP */ 114 #define FMT_OMP 0x01000000 115 /* Poor OpenMP scalability */ 116 #define FMT_OMP_BAD 0x02000000 117 #else 118 #define FMT_OMP 0 119 #define FMT_OMP_BAD 0 120 #endif 121 /* We've already warned the user about hashes of this type being present */ 122 #define FMT_WARNED 0x80000000 123 124 /* Format's length before calling init() */ 125 extern int fmt_raw_len; 126 127 /* 128 * A password to test the methods for correct operation. 129 */ 130 struct fmt_tests { 131 char *ciphertext, *plaintext; 132 char *fields[10]; 133 }; 134 135 /* 136 * Parameters of a hash function and its cracking algorithm. 137 */ 138 struct fmt_params { 139 /* Label to refer to this format (any alphabetical characters in it must be 140 * lowercase). */ 141 const char *label; 142 143 /* Ciphertext format name */ 144 const char *format_name; 145 146 /* Cracking algorithm name */ 147 const char *algorithm_name; 148 149 /* Comment about the benchmark (can be empty) */ 150 const char *benchmark_comment; 151 152 /* Benchmark for this password length. Can also add one of: 153 * + 0x100 Force "Raw" benchmark even for a salted format 154 * + 0x200 Benchmark for short/long passwords instead of for one/many salts 155 * + 0x500 Make "Raw" behave like "Only one salt", not "Many salts" */ 156 int benchmark_length; 157 158 /* Minimum length of a plaintext password */ 159 int plaintext_min_length; 160 161 /* Maximum length of a plaintext password */ 162 int plaintext_length; 163 164 /* Size and alignment of binary ciphertext, in bytes */ 165 int binary_size; 166 int binary_align; 167 168 /* Size and alignment of internal salt representation, in bytes */ 169 int salt_size; 170 int salt_align; 171 172 /* Number of plaintexts hashed by a single crypt_all() method call */ 173 int min_keys_per_crypt; 174 int max_keys_per_crypt; 175 176 /* Properties of this format */ 177 unsigned int flags; 178 179 /* 180 * Descriptions (names) of tunable cost parameters for this format 181 * 182 * These names shouldn't contain ',', because ", " is used 183 * as a separator when listing tunable cost parameters 184 * in --list=format-details and --list=format-all-details. 185 * The sequence of names should match the sequence of functions 186 * returning tunable cost values. 187 */ 188 char *tunable_cost_name[FMT_TUNABLE_COSTS]; 189 190 /* 191 * format signatures (such as $NT$, etc). 192 * 193 * This is used in loader to see if a line read from a .pot file is a 194 * 'chopped' line, that was shortened before being written to .pot. 195 */ 196 char *signature[FMT_SIGNATURES]; 197 198 /* 199 * Some passwords to test the methods for correct operation (or NULL for no 200 * self test, and no benchmark), terminated with a NULL ciphertext. 201 */ 202 struct fmt_tests *tests; 203 }; 204 205 /* 206 * Functions to implement a cracking algorithm. 207 */ 208 struct fmt_methods { 209 /* Initializes the algorithm's internal structures. 210 * prepare(), valid(), and split() are the only methods that are allowed to be 211 * called before a call to init(). 212 * Note that initializing an algorithm might de-initialize some others (if a 213 * shared underlying resource is used). */ 214 void (*init)(struct fmt_main *self); 215 216 /* De-initializes this format, which must have been previously initialized */ 217 void (*done)(void); 218 219 /* Called whenever the set of password hashes being cracked changes, such as 220 * after self-test, but before actual cracking starts. When called before a 221 * self-test or benchmark rather than before actual cracking, db may be made 222 * out of test vectors. 223 * Normally, this is a no-op since a format implementation shouldn't mess with 224 * the database unnecessarily. However, when there is a good reason to do so 225 * this may e.g. transfer the salts and hashes onto a GPU card. */ 226 void (*reset)(struct db_main *db); 227 228 /* Extracts the ciphertext string out of the input file fields. Normally, this 229 * will simply return field[1], but in some special cases it may use another 230 * field (e.g., when the hash type is commonly used with PWDUMP rather than 231 * /etc/passwd format files) or/and it may also extract and include the 232 * username, etc. */ 233 char *(*prepare)(char *fields[10], struct fmt_main *self); 234 235 /* Checks if an ASCII ciphertext is valid for this format. Returns zero for 236 * invalid ciphertexts, or the number of parts the ciphertext should be split 237 * into (up to 9, will usually be 1). */ 238 int (*valid)(char *ciphertext, struct fmt_main *self); 239 240 /* Splits a ciphertext into several pieces and returns the piece with given 241 * index, starting from 0 (will usually return the ciphertext unchanged). 242 * For hex-encoded hashes which are compared by the target system/application 243 * irrespective of the case of characters (upper/lower/mixed) used in their 244 * encoding, split() must unify the case (e.g., convert to all-lowercase) 245 * and FMT_SPLIT_UNIFIES_CASE must be set. */ 246 char *(*split)(char *ciphertext, int index, struct fmt_main *self); 247 248 /* Converts an ASCII ciphertext to binary, possibly using the salt */ 249 void *(*binary)(char *ciphertext); 250 251 /* Converts an ASCII salt to its internal representation */ 252 void *(*salt)(char *ciphertext); 253 254 /* 255 * These functions return the value of a tunable cost parameter 256 * for a given salt. 257 * The sequence of of functions returning the vaules of tunable costs 258 * parameters has to match the sequence of their descriptions in 259 * tunable_cost_name[FMT_TUNABLE_COSTS]. 260 * The format implementation has to decide which tunable cost parameters 261 * are most significant for CPU time and/or memory requirements. 262 * If possible, the reported values should be linear to the real cost, 263 * even if in the format the parameter is the dual logarithm of the real cost, 264 * e.g., the real iteration count is 2^(t_cost) for parameter t_cost. 265 */ 266 unsigned int (*tunable_cost_value[FMT_TUNABLE_COSTS])(void *salt); 267 268 /* Reconstructs the ASCII ciphertext from its binary (saltless only). 269 * Alternatively, in the simplest case simply returns "source" as-is. */ 270 char *(*source)(char *source, void *binary); 271 272 /* These functions calculate a hash out of a binary ciphertext. To be used 273 * for hash table initialization. One of them should be selected depending 274 * on the hash table size. */ 275 int (*binary_hash[PASSWORD_HASH_SIZES])(void *binary); 276 277 /* Calculates a hash out of a salt (given in internal representation). To be 278 * used by the password file loader. */ 279 int (*salt_hash)(void *salt); 280 281 /* Compare function used for sorting salts */ 282 int (*salt_compare)(const void *x, const void *y); 283 284 /* Sets a salt for the crypt_all() method */ 285 void (*set_salt)(void *salt); 286 287 /* Sets a plaintext, with index from 0 to fmt_params.max_keys_per_crypt - 1. 288 * The string is NUL-terminated, but set_key() may over-read it until up to 289 * PLAINTEXT_BUFFER_SIZE total read (thus, the caller's buffer must be at least 290 * this large). Empty string may be passed as fmt_null_key. */ 291 void (*set_key)(char *key, int index); 292 293 /* Returns a plaintext previously set with and potentially altered by 294 * set_key() (e.g., converted to all-uppercase and truncated at 7 for LM 295 * hashes). The plaintext may also have been generated or altered by 296 * crypt_all(). Depending on crypt_all() implementation, the index used here 297 * does not have to match an index previously used with set_key(), although 298 * for most formats it does. See the description of crypt_all() below. */ 299 char *(*get_key)(int index); 300 301 /* Allow the previously set keys to be dropped if that would help improve 302 * performance and/or reduce the impact of certain hardware faults. After 303 * a call to clear_keys() the keys are undefined. */ 304 void (*clear_keys)(void); 305 306 /* Computes the ciphertexts for given salt and plaintexts. 307 * For implementation reasons, this may happen to always compute at least 308 * min_keys_per_crypt ciphertexts even if the requested count is lower, 309 * although it is preferable for implementations to obey the count whenever 310 * practical and also for callers not to call crypt_all() with fewer than 311 * min_keys_per_crypt keys whenever practical. 312 * Returns the last output index for which there might be a match (against the 313 * supplied salt's hashes) plus 1. A return value of zero indicates no match. 314 * Note that output indices don't have to match input indices (although they 315 * may and usually do). The indices passed to get_key(), get_hash[](), 316 * cmp_one(), and cmp_exact() must be in the 0 to crypt_all() return value 317 * minus 1 range, although for infrequent status reporting get_key() may also 318 * be called on indices previously supplied to set_key() as well as on indices 319 * up to the updated *count minus 1 even if they're beyond this range. 320 * The count passed to cmp_all() must be equal to crypt_all()'s return value. 321 * If an implementation does not use the salt parameter or if salt is NULL 322 * (as it may be during self-test and benchmark), the return value must always 323 * match *count the way it is after the crypt_all() call. 324 * The count is passed by reference and must be updated by crypt_all() if it 325 * computes other than the requested count (such as if it generates additional 326 * candidate passwords on its own). The updated count is used for c/s rate 327 * calculation. The return value is thus in the 0 to updated *count range. */ 328 int (*crypt_all)(int *count, struct db_salt *salt); 329 330 /* These functions calculate a hash out of a ciphertext that has just been 331 * generated with the crypt_all() method. To be used while cracking. */ 332 int (*get_hash[PASSWORD_HASH_SIZES])(int index); 333 334 /* Compares a given ciphertext against all the crypt_all() method outputs and 335 * returns zero if no matches detected. A non-zero return value means that 336 * there might be matches, and more checks are needed. */ 337 int (*cmp_all)(void *binary, int count); 338 339 /* Same as the above, except the comparison is done against only one of the 340 * crypt_all() method outputs. */ 341 int (*cmp_one)(void *binary, int index); 342 343 /* Compares an ASCII ciphertext against a particular crypt_all() output */ 344 int (*cmp_exact)(char *source, int index); 345 }; 346 347 /* 348 * Private fields for formats management. 349 */ 350 struct fmt_private { 351 int initialized; 352 void *data; 353 }; 354 355 /* 356 * A structure to keep a list of supported ciphertext formats. 357 */ 358 struct fmt_main { 359 struct fmt_params params; 360 struct fmt_methods methods; 361 struct fmt_private private; 362 struct fmt_main *next; 363 }; 364 365 /* 366 * Empty key that is safe to pass to the set_key() method, given that it may 367 * over-read the empty string for up to PLAINTEXT_BUFFER_SIZE. 368 */ 369 extern char fmt_null_key[PLAINTEXT_BUFFER_SIZE]; 370 371 /* Self-test is running */ 372 extern int self_test_running; 373 374 /* Benchmark is running */ 375 extern int benchmark_running; 376 377 /* Self-test or benchmark is running */ 378 #define bench_or_test_running (self_test_running || benchmark_running) 379 380 /* 381 * Linked list of registered formats. 382 */ 383 extern struct fmt_main *fmt_list; 384 385 /* 386 * Format registration function. 387 */ 388 extern void fmt_register(struct fmt_main *format); 389 390 /* 391 * Initializes the format's internal structures unless already initialized. 392 */ 393 extern void fmt_init(struct fmt_main *format); 394 395 /* 396 * De-initializes this format if it was previously initialized. 397 */ 398 extern void fmt_done(struct fmt_main *format); 399 400 /* 401 * De-initializes all initialized formats. 402 */ 403 extern void fmt_all_done(void); 404 405 /* 406 * Tests the format's methods for correct operation. Returns NULL on 407 * success, method name on error. 408 */ 409 extern char *fmt_self_test(struct fmt_main *format, struct db_main *db); 410 411 /* 412 * Default methods. 413 */ 414 extern void fmt_default_init(struct fmt_main *self); 415 extern void fmt_default_done(void); 416 extern void fmt_default_reset(struct db_main *db); 417 extern char *fmt_default_prepare(char *fields[10], struct fmt_main *self); 418 extern char *fmt_default_split(char *ciphertext, int index, 419 struct fmt_main *self); 420 extern void *fmt_default_binary(char *ciphertext); 421 extern void *fmt_default_salt(char *ciphertext); 422 extern char *fmt_default_source(char *source, void *binary); 423 extern int fmt_default_binary_hash(void *binary); 424 extern int fmt_default_salt_hash(void *salt); 425 extern void fmt_default_set_salt(void *salt); 426 extern void fmt_default_clear_keys(void); 427 extern int fmt_default_get_hash(int index); 428 /* this is a salt_hash default specifically for dyna_salt type formats */ 429 extern int fmt_default_dyna_salt_hash(void *salt); 430 431 /* 432 * Default binary_hash_N methods 433 */ 434 extern int fmt_default_binary_hash_0(void * binary); 435 extern int fmt_default_binary_hash_1(void * binary); 436 extern int fmt_default_binary_hash_2(void * binary); 437 extern int fmt_default_binary_hash_3(void * binary); 438 extern int fmt_default_binary_hash_4(void * binary); 439 extern int fmt_default_binary_hash_5(void * binary); 440 extern int fmt_default_binary_hash_6(void * binary); 441 442 /* 443 * Dummy hash function to use for salts with no hash table. 444 */ 445 #define fmt_dummy_hash fmt_default_get_hash 446 447 /* 448 * This is for all formats that want to use omp_autotune() 449 */ 450 #include "omp_autotune.h" 451 452 #endif 453