From 21b6d0988272457439704d733b3da0986c161534 Mon Sep 17 00:00:00 2001 From: dsk Date: Sat, 24 Mar 2012 18:48:57 +0530 Subject: [PATCH] [V2] Fast cracker for Mozilla Firefox, Thunderbird and SeaMonkey master passwords. --- src/KeyDBCracker.c | 252 ++++++++++++++++ src/KeyDBCracker.h | 91 ++++++ src/Makefile | 28 ++- src/alghmac.h | 89 ++++++ src/john.c | 16 + src/lowpbe.c | 399 ++++++++++++++++++++++++ src/lowpbe.h | 104 +++++++ src/mozilla2john.c | 61 ++++ src/mozilla_des.c | 847 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/mozilla_des.h | 100 ++++++ src/mozilla_fmt.c | 184 ++++++++++++ 11 files changed, 2165 insertions(+), 6 deletions(-) create mode 100644 src/KeyDBCracker.c create mode 100644 src/KeyDBCracker.h create mode 100644 src/alghmac.h create mode 100644 src/lowpbe.c create mode 100644 src/lowpbe.h create mode 100644 src/mozilla2john.c create mode 100644 src/mozilla_des.c create mode 100644 src/mozilla_des.h create mode 100644 src/mozilla_fmt.c diff --git a/src/KeyDBCracker.c b/src/KeyDBCracker.c new file mode 100644 index 0000000..67fa52c --- /dev/null +++ b/src/KeyDBCracker.c @@ -0,0 +1,252 @@ +/************************************************************************************** + + FireMaster : Firefox Master Password Recovery Tool + Copyright (C) 2006 Nagareshwar Y Talekar ( tnagareshwar@gmail.com ) + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +**************************************************************************************/ + +#ifdef HAVE_NSS +#include "KeyDBCracker.h" + +/* + What may go wrong ???? +========================================= + *) Instead of NSS_init ..more optimized secoid_init is used. + If something goes wrong..use NSS_INIT and comment out section below it. + *) Softoken optimized library is used. If you suspect just specify softoken.lib + instead of softoken_opt lib without any hesitation + *) Some of the sizes in KeyCrackData structure are assumed based on observation. + In future this sizes may vary depending upon algo used. +*/ + + +FILE *keyFile = NULL; + + +bool OpenKeyDBFile(char *profilePath) +{ +char *keydbFileName = (char*) malloc( strlen(profilePath) + strlen(KEYDB_FILENAME) + 5); + + if( keydbFileName == NULL ) + { + printf("\n OpenKeyDBFile : Insufficient memory "); + return FALSE; + } + + strcpy(keydbFileName, profilePath); + strcat(keydbFileName, ""); + strcat(keydbFileName, KEYDB_FILENAME); + + keyFile = fopen(keydbFileName, "rb"); + + if( keyFile == NULL ) + { + printf("\n Failed to open file %s \n\n", keydbFileName); + return FALSE; + } + + return TRUE; +} + + + +bool CrackKeyData(char *profilePath, struct KeyCrackData *keyCrackData) +{ + unsigned char buffer[KEYDB_MAX_BLOCK_SIZE]; + int index = 0; + int globalSaltOffset; + int mainOffset; + struct KeyCrackOffset offData; + int KEYDB_MAGIC_OFFSET; + char off[2] = {0, 0}; + + if( OpenKeyDBFile( profilePath ) == FALSE){ + printf("Couldn't open file"); + return FALSE; + } + + // First read the magic offset + // This offset is present at offset 0x000f from the file.. + fseek(keyFile, 0x000e, SEEK_SET); + + if( fread(&off, 2, 1, keyFile) < 1) + { + printf("\n Error in reading magic data from %s file",KEYDB_FILENAME); + return FALSE; + } + + //printf("\n The magic offset part1 is : 0x%.8x ", off[0]); + //printf("\n The magic offset part2 is : 0x%.8x ", off[1]); + + KEYDB_MAGIC_OFFSET = ( (off[0] << 8) + off[1] ) & 0xffff; + + //printf("\n The magic offset is : 0x%.8x ", KEYDB_MAGIC_OFFSET); + + // Go to magic offset and read the offset information block + fseek(keyFile, KEYDB_MAGIC_OFFSET, SEEK_SET); + + if( fread(&offData, sizeof(struct KeyCrackOffset), 1, keyFile) < 1) + { + printf("\n Error in reading actual data from %s file",KEYDB_FILENAME); + return FALSE; + } + + //printf("\n read the offset data..succesfully .."); + + //Read and find the global salt offset and main offset + + globalSaltOffset = (offData.glbSaltOff[0] << 8) + offData.glbSaltOff[1] + KEYDB_MAGIC_OFFSET; + + //printf("\n final offset for global salt is : 0x%.8x ", globalSaltOffset); + + fseek(keyFile, globalSaltOffset, SEEK_SET); + + keyCrackData->globalSaltLen = 20; + if( fread(&keyCrackData->globalSalt, keyCrackData->globalSaltLen, 1, keyFile) < 1) + { + printf("\n Error in reading salt data from %s file",KEYDB_FILENAME); + return FALSE; + } + + keyCrackData->globalSalt[keyCrackData->globalSaltLen]=0; + + //For Firefox version 3 onwards the globalSaltOffset and mainOffset are interchanged, + //One way to verify is to check if the globalSaltOffset data begins with pattern + //03 ** 01 which implies it is mainOffset rather than globalSaltOffset + + if( ( keyCrackData->globalSalt[0] == 0x03 ) && ( keyCrackData->globalSalt[2] == 0x01 ) ) + { + //So this is mainOffset not the global offset + //Let us interchange the offsets + mainOffset = globalSaltOffset; + globalSaltOffset = (offData.mainOff[0] << 8) + offData.mainOff[1] + KEYDB_MAGIC_OFFSET; + + //Read the global salt again... + fseek(keyFile, globalSaltOffset, SEEK_SET); + + keyCrackData->globalSaltLen = 24; + if( fread(&keyCrackData->globalSalt, keyCrackData->globalSaltLen, 1, keyFile) < 1) + { + printf("\n Error in reading salt data from %s file",KEYDB_FILENAME); + return FALSE; + } + + //For version 3.5 onwards global salt length is changed to 20 from 16 + //One simple way to check this is to verify where the global-salt string + //begins which follows immediately after the global salt data.... + if( keyCrackData->globalSalt[20] == 'g' && keyCrackData->globalSalt[21] == 'l' ) + keyCrackData->globalSaltLen = 20; + else + keyCrackData->globalSaltLen = 16; + + //printf("\n Global salt length after adjustment %d", keyCrackData->globalSaltLen); + + keyCrackData->globalSalt[keyCrackData->globalSaltLen]=0; + } + else + { + mainOffset = (offData.mainOff[0] << 8) + offData.mainOff[1] + KEYDB_MAGIC_OFFSET; + } + + //Now read the main block of information... + fseek(keyFile, mainOffset, SEEK_SET); + + //printf("\n final offset for main block is : 0x%.8x ", mainOffset); + + if( fread(buffer, KEYDB_MAX_BLOCK_SIZE, 1, keyFile) < 1) + { + printf("\n Error in reading main block data from %s file",KEYDB_FILENAME); + return FALSE; + } + + // Now extract the data and fill up the structure... + + // Read the version, salt length, nn length + keyCrackData->version = buffer[index++]; + keyCrackData->saltLen = buffer[index++]; + keyCrackData->nnLen = buffer[index++]; + + // Copy the salt + unsigned char *salt = (unsigned char*)malloc(keyCrackData->saltLen+1); + memcpy(salt, &buffer[index], keyCrackData->saltLen); + salt[keyCrackData->saltLen] =0; + keyCrackData->salt = salt; + + index += keyCrackData->saltLen; + + // copy nick name + unsigned char *nickName = (unsigned char*) malloc(keyCrackData->nnLen+1); + memcpy(nickName, &buffer[index], keyCrackData->nnLen); + nickName[keyCrackData->nnLen] =0; + keyCrackData->nickName = nickName; + + index +=keyCrackData->nnLen; + + // Copy OID stuff + keyCrackData->oidLen = buffer[index++]; + unsigned char *oidData = (unsigned char*) malloc(keyCrackData->oidLen+1); + memcpy(oidData, &buffer[index], keyCrackData->oidLen); + oidData[keyCrackData->oidLen] =0; + keyCrackData->oidData = oidData; + + index +=keyCrackData->oidLen; + + // Copy encrypted string + memcpy(keyCrackData->encData, &buffer[index], 16 ); + keyCrackData->encData[16] = 0; + keyCrackData->encDataLen = 16; + index += 16; + + // copy password check string .. currently not used + unsigned char *pwCheckStr = (unsigned char*) malloc( strlen(KEYDB_PW_CHECK_STR) + 1); + memcpy(pwCheckStr, KEYDB_PW_CHECK_STR, strlen(KEYDB_PW_CHECK_STR)); + pwCheckStr[strlen(KEYDB_PW_CHECK_STR)] =0; + keyCrackData->pwCheckStr = pwCheckStr; + + index += strlen(KEYDB_PW_CHECK_STR); + + + + //=== Just print here what he have got ....==== + /* + int i; + printf("\n Magic offset = 0x%x ", KEYDB_MAGIC_OFFSET); + printf("\n Version : %d ", keyCrackData->version); + + printf("\n Global salt is \n"); + for(i=0; i < 16 ; i++) + printf("%.2x ",keyCrackData->globalSalt[i]); + + printf("\n Salt is \n"); + for(i=0; i < 16 ; i++) + printf("%.2x ",keyCrackData->salt[i]); + + + printf("\n Encrypted data is \n"); + for(i=0; i < 16 ; i++) + printf("%.2x ",keyCrackData->encData[i]); + + printf("\n Algorithm is : \n "); + for(i=0; i < keyCrackData->oidLen ; i++) + printf("%.2x ",keyCrackData->oidData[i]); + + */ + fclose(keyFile); + + return TRUE; +} +#endif diff --git a/src/KeyDBCracker.h b/src/KeyDBCracker.h new file mode 100644 index 0000000..78fc879 --- /dev/null +++ b/src/KeyDBCracker.h @@ -0,0 +1,91 @@ +/************************************************************************************** + + FireMaster : Firefox Master Password Recovery Tool + Copyright (C) 2006 Nagareshwar Y Talekar ( tnagareshwar@gmail.com ) + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +**************************************************************************************/ + + + +#ifndef __KEYDBCRACKER_H__ +#define __KEYDBCRACKER_H__ + +#include +#include +#include +#include +#include +#include +#include "lowpbe.h" + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#define HEADER_VERSION "#2c" +#define CRYPT_PREFIX "~" +#define MAX_PASSWORD_LENGTH 128 + +#include + +#define KEYDB_FILENAME "key3.db" +//#define KEYDB_MAGIC_OFFSET 0x1000 +#define KEYDB_MAX_BLOCK_SIZE 512 +#define KEYDB_PW_CHECK_STR "password-check" +#define KEYDB_PW_CHECK_LEN 14 + + +// This represents offset information block from key3.db file +struct KeyCrackOffset +{ + unsigned char invalid[3]; // Just junk data + unsigned char verOff[2]; // Offset to Version information + unsigned char glbSaltStrOff[2]; // Offset of global salt string + unsigned char glbSaltOff[2]; // Offset of global salt data + unsigned char invalid2[2]; // Another junk data + unsigned char mainOff[2]; // Offset to main information + unsigned char invalid3[4]; // Non important data +}; + + +struct KeyCrackData +{ + unsigned char version; // Version information + unsigned char saltLen; // Salt length + unsigned char nnLen; // Nick name length + unsigned char *salt; // Salt data + unsigned char *nickName; // Nick name + unsigned char oidLen; // OID Length + unsigned char *oidData; // OID Data + unsigned char encDataLen; // Encrypted data length ...extra field + unsigned char encData[17]; // Encrypted data 16 + 1 + unsigned char *pwCheckStr; // Password check string "password-check" + unsigned char globalSaltLen; // Global Salt Length ...extra field + unsigned char globalSalt[17];// Global Salt 16 + 1 +}; + + +// ** brosideon mod ** // +bool OpenKeyDBFile(char *profilePath); +bool CrackKeyData(char *profilePath, struct KeyCrackData *keyCrackData); +// ** brosideon mod ** // + +#endif diff --git a/src/Makefile b/src/Makefile index 0cbf68b..895a7cb 100644 --- a/src/Makefile +++ b/src/Makefile @@ -37,12 +37,16 @@ OMPFLAGS = # icc with OpenMP (for make target linux-x86-64-icc) #ICCOMPFLAGS = -openmp -CFLAGS = -c -Wall -O2 -fomit-frame-pointer -I/usr/local/include $(OMPFLAGS) $(JOHN_CFLAGS) +# NSS (and NSPR) flag +HAVE_NSS = +#HAVE_NSS = -DHAVE_NSS + +CFLAGS = -c -Wall -O2 -fomit-frame-pointer -I/usr/local/include $(HAVE_NSS) $(OMPFLAGS) $(JOHN_CFLAGS) `pkg-config --cflags nss` # -DHAVE_SKEY # CFLAGS for use on the main john.c file only CFLAGS_MAIN = $(CFLAGS) ASFLAGS = -c $(JOHN_CFLAGS) $(OMPFLAGS) -LDFLAGS = -s -L/usr/local/lib -L/usr/local/ssl/lib -lssl -lcrypto -lm -lz $(JOHN_CFLAGS) $(OMPFLAGS) +LDFLAGS = -s -L/usr/local/lib -L/usr/local/ssl/lib -lssl -lcrypto -lm -lz $(JOHN_CFLAGS) $(OMPFLAGS) `pkg-config --libs nss` # -lskey LDFLAGS_SOLARIS = -lrt -lnsl -lsocket -lm -lz -lcrypto -lssl LDFLAGS_MKV = -s -lm @@ -103,6 +107,7 @@ JOHN_OBJS = \ rar_fmt.o rar2john.o \ zip_fmt.o zip2john.o gladman_hmac.o gladman_pwd2key.o \ racf2john.o \ + mozilla_fmt.o KeyDBCracker.o mozilla_des.o lowpbe.o mozilla2john.o \ $(PLUGFORMATS_OBJS) \ plugin.o \ dummy.o \ @@ -176,24 +181,24 @@ GENMKVPWD_OBJS = \ PROJ = ../run/john ../run/unshadow ../run/unafs ../run/unique ../run/undrop \ ../run/ssh2john ../run/pdf2john ../run/rar2john ../run/zip2john \ ../run/genmkvpwd ../run/mkvcalcproba ../run/calc_stat \ - ../run/tgtsnarf ../run/racf2john + ../run/tgtsnarf ../run/racf2john ../run/mozilla2john PROJ_DOS = ../run/john.bin ../run/john.com \ ../run/unshadow.com ../run/unafs.com ../run/unique.com \ ../run/undrop.com \ ../run/ssh2john.com ../run/pdf2john.com ../run/rar2john.com ../run/zip2john \ - ../run/racf2john.com + ../run/racf2john.com ../run/mozilla2john.com PROJ_WIN32 = ../run/john.exe \ ../run/unshadow.exe ../run/unafs.exe ../run/unique.exe \ ../run/undrop.exe \ ../run/ssh2john.exe ../run/pdf2john.exe ../run/rar2john.exe ../run/zip2john.exe \ ../run/genmkvpwd.exe ../run/mkvcalcproba.exe ../run/calc_stat.exe \ - ../run/racf2john.exe + ../run/racf2john.exe ../run/mozilla2john.exe PROJ_WIN32_MINGW = ../run/john-mingw.exe \ ../run/unshadow.exe ../run/unafs.exe ../run/unique.exe \ ../run/undrop.exe \ ../run/ssh2john.exe ../run/pdf2john.exe ../run/rar2john.exe ../run/zip2john.exe \ ../run/genmkvpwd.exe ../run/mkvcalcproba.exe ../run/calc_stat.exe \ - ../run/racf2john.exe + ../run/racf2john.exe ../run/mozilla2john.exe default: @echo "To build John the Ripper, type:" @@ -1399,6 +1404,10 @@ cuda_rawsha224_fmt.o: cuda_rawsha224.o cuda_rawsha256_fmt.c cuda_rawsha256.h $(RM) ../run/rar2john ln -s john ../run/rar2john +../run/mozilla2john: ../run/john + $(RM) ../run/mozilla2john + ln -s john ../run/mozilla2john + ../run/racf2john: ../run/john $(RM) ../run/racf2john ln -s john ../run/racf2john @@ -1433,6 +1442,9 @@ cuda_rawsha224_fmt.o: cuda_rawsha224.o cuda_rawsha256_fmt.c cuda_rawsha256.h ../run/rar2john.com: john.com copy john.com ..\run\rar2john.com +../run/mozilla2john.com: john.com + copy john.com ..\run\mozilla2john.com + ../run/racf2john.com: john.com copy john.com ..\run\racf2john.com @@ -1489,6 +1501,10 @@ john.com: john.asm $(CC) symlink.c -o ../run/rar2john.exe strip ../run/rar2john.exe +../run/mozilla2john.exe: symlink.c + $(CC) symlink.c -o ../run/mozilla2john.exe + strip ../run/mozilla2john.exe + ../run/racf2john.exe: symlink.c $(CC) symlink.c -o ../run/racf2john.exe strip ../run/racf2john.exe diff --git a/src/alghmac.h b/src/alghmac.h new file mode 100644 index 0000000..b162d11 --- /dev/null +++ b/src/alghmac.h @@ -0,0 +1,89 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifndef _ALGHMAC_H_ +#define _ALGHMAC_H_ + +#include "seccomon.h" +#include +#include +#include "alghmac.h" + + +#define HMAC_PAD_SIZE 64 + +struct HMACContext +{ + SHA_CTX *hash; + const SECHashObject *hashobj; + unsigned char ipad[HMAC_PAD_SIZE]; + unsigned char opad[HMAC_PAD_SIZE]; +}; + + +//SEC_BEGIN_PROTOS + +/* destroy HMAC context */ +extern void HMAC_Destroy(struct HMACContext *cx); + +/* create HMAC context + * hashObj hash object from SECRawHashObjects[] + * secret the secret with which the HMAC is performed. + * secret_len the length of the secret. + * isFIPS true if conforming to FIPS 198. + * + * NULL is returned if an error occurs. + */ +extern struct HMACContext *HMAC_Create(const unsigned char *secret, unsigned int secret_len); + +/* reset HMAC for a fresh round */ +extern void HMAC_Begin(struct HMACContext *cx); + +/* update HMAC + * cx HMAC Context + * data the data to perform HMAC on + * data_len the length of the data to process + */ +extern void HMAC_Update(struct HMACContext *cx, const unsigned char *data, unsigned int data_len); + +/* Finish HMAC -- place the results within result + * cx HMAC context + * result buffer for resulting hmac'd data + * result_len where the resultant hmac length is stored + * max_result_len maximum possible length that can be stored in result + */ +extern void HMAC_Finish(struct HMACContext *cx, unsigned char *result, unsigned int *result_len, + unsigned int max_result_len); + + +#endif diff --git a/src/john.c b/src/john.c index bd44a35..80c4714 100644 --- a/src/john.c +++ b/src/john.c @@ -102,6 +102,11 @@ extern struct fmt_main fmt_cryptsha512; extern struct fmt_main fmt_SKEY; #endif +#ifdef HAVE_NSS +extern struct fmt_main mozilla_fmt; +extern int mozilla2john(int argc, char **argv); +#endif + #ifdef CL_VERSION_1_0 extern struct fmt_main fmt_opencl_NSLDAPS; extern struct fmt_main fmt_opencl_rawMD5; @@ -203,6 +208,10 @@ static void john_register_all(void) john_register_one(&fmt_cryptsha512); #endif +#ifdef HAVE_NSS + john_register_one(&mozilla_fmt); +#endif + #ifdef HAVE_CRYPT john_register_one(&fmt_crypt); #endif @@ -740,6 +749,13 @@ int main(int argc, char **argv) } #endif +#ifdef HAVE_NSS + if (!strcmp(name, "mozilla2john")) { + CPU_detect_or_fallback(argv, 0); + return mozilla2john(argc, argv); + } +#endif + if (!strcmp(name, "zip2john")) { CPU_detect_or_fallback(argv, 0); return zip2john(argc, argv); diff --git a/src/lowpbe.c b/src/lowpbe.c new file mode 100644 index 0000000..e82ff15 --- /dev/null +++ b/src/lowpbe.c @@ -0,0 +1,399 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef HAVE_NSS +#include +#include "lowpbe.h" +#include +#include +#include +#include +#include +#include +#include "mozilla_des.h" +#include "alghmac.h" + + + +// Added by FireMaster + +SECItem secPreHash; +SECItem pkcs5_pfxpbe; +SHA_CTX ctx; + +/* generate bits using any hash + */ +/* +SECItem *nsspkcs5_PBKDF1( const unsigned char *pwdHash) +{ + SECItem *preHash = &secPreHash; + // copy password hash ..... + memcpy(preHash->data, pwdHash, SHA1_LENGTH); + + SHA_CTX *lctx = ctx; + SHA1_Init(lctx); + SHA1_Update(lctx, preHash->data, preHash->len); + SHA1_Final(lctx, secHash.data); + + return &secHash; +} + + */ +/* this bit generation routine is described in PKCS 12 and the proposed + * extensions to PKCS 5. an initial hash is generated following the + * instructions laid out in PKCS 5. If the number of bits generated is + * insufficient, then the method discussed in the proposed extensions to + * PKCS 5 in PKCS 12 are used. This extension makes use of the HMAC + * function. And the P_Hash function from the TLS standard. + */ + + + +unsigned char *computeKey(struct NSSPKCS5PBEParameter * pbe_param, const unsigned char *pwdHash) //SECItem *init_hash); +{ + SECItem *ret_bits = &pkcs5_pfxpbe; + + unsigned char state[256]; + unsigned int state_len; + + unsigned char *saltData = pbe_param->salt.data; + unsigned int saltLen = pbe_param->salt.len; + + + // First compute pkcs5 hash + unsigned char firstHash[SHA1_LENGTH]; + SECItem *preHash = &secPreHash; + // copy password hash ..... + memcpy(preHash->data, pwdHash, SHA1_LENGTH); + + SHA_CTX *fctx = &ctx; + SHA1_Init(fctx); + SHA1_Update(fctx, preHash->data, preHash->len); + SHA1_Final(firstHash, fctx); + + + // Next compute pkcs5 extended hash + + + ret_bits->len = SHA1_LENGTH << 1; // (hash_iter * hash_size); + state_len = SHA1_LENGTH; + + // this is important...you have to zero the contents before using it + memset(state, 0, state_len); + memcpy(state, saltData, saltLen); + + + struct HMACContext cx; + SHA_CTX lctx; + + memset(cx.ipad, 0x36, HMAC_PAD_SIZE); + memset(cx.opad, 0x5c, HMAC_PAD_SIZE); + + /* fold secret into padding */ + int k; + for (k = 0; k < SHA1_LENGTH; k++) { + cx.ipad[k] ^= firstHash[k]; + cx.opad[k] ^= firstHash[k]; + } + + + + + // Unrolled looop...........twice + SHA_CTX ctx1, ctx2, ctx3; + + SHA1_Init(&lctx); + SHA1_Update(&lctx, cx.ipad, HMAC_PAD_SIZE); + + // Stage1 : Store the current context for future use + memcpy(&ctx1, &lctx, sizeof(SHA_CTX)); + + + SHA1_Update(&lctx, state, state_len); + + // Stage2 : Store this calculated data to avoid repeated copy.... + memcpy(&ctx2, &lctx, sizeof(SHA_CTX)); + + SHA1_Update(&lctx, saltData, saltLen); + unsigned char *ret_data = ret_bits->data; + SHA1_Final(ret_data, &lctx); + + SHA1_Init(&lctx); + SHA1_Update(&lctx, cx.opad, HMAC_PAD_SIZE); + + // Stage3 : Store this calculated data to avoid repeated copy.... + memcpy(&ctx3, &lctx, sizeof(SHA_CTX)); + + + SHA1_Update(&lctx, ret_data, SHA1_LENGTH); + SHA1_Final(ret_data, &lctx); + + // generate new state + // Just restore previous context from already calculated data.. + memcpy(&lctx, &ctx2, sizeof(SHA_CTX)); + + SHA1_Final(state, &lctx); + + // Just restore previous context from already calculated data.. + memcpy(&lctx, &ctx3, sizeof(SHA_CTX)); + + SHA1_Update(&lctx, state, state_len); + SHA1_Final(state, &lctx); + + + // Second loop.... + + // Copy the previously stored data... + memcpy(&lctx, &ctx1, sizeof(SHA_CTX)); + SHA1_Update(&lctx, state, state_len); + SHA1_Update(&lctx, saltData, saltLen); + + SHA1_Final(ret_data + SHA1_LENGTH, &lctx); + + // Just restore previous context from already calculated data.. + memcpy(&lctx, &ctx3, sizeof(SHA_CTX)); + + SHA1_Update(&lctx, ret_data + SHA1_LENGTH, SHA1_LENGTH); + SHA1_Final(ret_data + SHA1_LENGTH, &lctx); + + + return ret_bits->data; +} + +/* generate bits for the key and iv determination. if enough bits + * are not generated using PKCS 5, then we need to generate more bits + * based on the extension proposed in PKCS 12 + */ +/* +SECItem *nsspkcs5_PBKDF1Extended(struct NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem) +{ + SECItem * hash; + int bytes_needed; + + bytes_needed = pbe_param->ivLen + pbe_param->keyLen; + hash = nsspkcs5_PBKDF1(&pbe_param->salt, pwitem); + + return nsspkcs5_PFXPBE(pbe_param, hash, bytes_needed); + +} +*/ + +#define HMAC_BUFFER 64 +#define NSSPBE_ROUNDUP(x,y) ((((x)+((y)-1))/(y))*(y)) +#define NSSPBE_MIN(x,y) ((x) < (y) ? (x) : (y)) + + +static SECStatus nsspkcs5_FillInParam(int algorithm, struct NSSPKCS5PBEParameter *pbe_param) +{ + + pbe_param->hashType = 0; //HASH_AlgSHA1; + pbe_param->pbeType = NSSPKCS5_PBKDF1; + pbe_param->is2KeyDES = PR_FALSE; + + pbe_param->ivLen = 8; + pbe_param->keyLen = 24; + pbe_param->encAlg = SEC_OID_DES_EDE3_CBC; + + /* + switch(algorithm) + { + // DES3 Algorithms + case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC: + pbe_param->is2KeyDES = PR_TRUE; + // fall through + case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC: + pbe_param->pbeType = NSSPKCS5_PKCS12_V2; + // fall through + case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC: + pbe_param->keyLen = 24; + pbe_param->encAlg = SEC_OID_DES_EDE3_CBC; + break; + + // DES Algorithms + case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC: + pbe_param->hashType = HASH_AlgMD2; + goto finish_des; + case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC: + pbe_param->hashType = HASH_AlgMD5; + // fall through + case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC: + finish_des: + pbe_param->keyLen = 8; + pbe_param->encAlg = SEC_OID_DES_CBC; + break; + + // RC2 Algorithms + case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC: + pbe_param->keyLen = 16; + // fall through + case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC: + pbe_param->pbeType = NSSPKCS5_PKCS12_V2; + break; + case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC: + pbe_param->keyLen = 16; + // fall through + case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC: + break; + + // RC4 algorithms + case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4: + skipType = PR_TRUE; + // fall through + case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4: + pbe_param->keyLen = 16; + // fall through + case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4: + if (!skipType) { + pbe_param->pbeType = NSSPKCS5_PKCS12_V2; + } + // fall through + case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4: + pbe_param->ivLen = 0; + pbe_param->encAlg = SEC_OID_RC4; + break; + default: + return SECFailure; + } + + */ + + // Allocate here itself... + // Added by FireMaster +// secKey.data = (unsigned char*)malloc(pbe_param->keyLen); +// secKey.len = pbe_param->keyLen; + +// secIV.data = (unsigned char*)malloc(pbe_param->ivLen); +// secIV.len = pbe_param->ivLen; + secPreHash.data = (unsigned char *) malloc(256); + pkcs5_pfxpbe.data = (unsigned char *) malloc(512); + + + if (!secPreHash.data || !pkcs5_pfxpbe.data) + return SECFailure; + + + + + return SECSuccess; +} + + + +/* decode the algid and generate a PKCS 5 parameter from it + */ +struct NSSPKCS5PBEParameter *nsspkcs5_NewParam(int alg, SECItem * salt, int iterator) +{ + struct NSSPKCS5PBEParameter *pbe_param = NULL; + SECStatus rv = SECFailure; + + pbe_param = (struct NSSPKCS5PBEParameter *) malloc(sizeof(struct NSSPKCS5PBEParameter)); + + if (pbe_param == NULL) + return NULL; + + pbe_param->poolp = NULL; + + rv = nsspkcs5_FillInParam(alg, pbe_param); + + if (rv != SECSuccess) + return NULL; + + pbe_param->iter = iterator; + + pbe_param->salt.data = (unsigned char *) malloc(salt->len); + + if (pbe_param->salt.data) { + memcpy(pbe_param->salt.data, salt->data, salt->len); + pbe_param->salt.len = salt->len; + } else + return NULL; + + // Initialize certain variables...... + pbe_param->keyID = pbeBitGenCipherKey; + + //ctx = SHA1_GetContext(); + + // Initialize hash values.... + memcpy(secPreHash.data + SHA1_LENGTH, salt->data, salt->len); + secPreHash.len = salt->len + SHA1_LENGTH; + + // Setup initial state value + // Its important to initialize this to zero + //memset(initialState, 0, 128); + //memcpy(initialState, salt->data, salt->len); + + + return pbe_param; +} + + + +int sec_pkcs5_des(const unsigned char *hash, const unsigned char *encString) +{ + + struct DESContext *dctx; + + //dctx = DES_CreateContext(key->data, iv->data, NSS_DES_EDE3_CBC); + dctx = DES_CreateContext(hash, hash + 32); //, NSS_DES_EDE3_CBC); + + return DES_EDE3CBCDe(dctx, encString); + +} + + + + +/* function pointer template for crypto functions */ +typedef SECItem *(*pkcs5_crypto_func) (SECItem * key, SECItem * iv, SECItem * src, PRBool op1, PRBool op2); + +/* performs the cipher operation on the src and returns the result. + * if an error occurs, NULL is returned. + * + * a null length password is allowed. this corresponds to encrypting + * the data with ust the salt. + */ +/* change this to use PKCS 11? */ +// Optimized for FireMaster.... +int nsspkcs5_CipherData(struct NSSPKCS5PBEParameter * pbe_param, const unsigned char *pwhash, const unsigned char *encString) +{ + + unsigned char *hashKey = computeKey(pbe_param, pwhash); + + struct DESContext *dctx; + dctx = DES_CreateContext(hashKey, hashKey + 32); //, NSS_DES_EDE3_CBC); + + return DES_EDE3CBCDe(dctx, encString); + +} + +#endif diff --git a/src/lowpbe.h b/src/lowpbe.h new file mode 100644 index 0000000..5093a95 --- /dev/null +++ b/src/lowpbe.h @@ -0,0 +1,104 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifndef _SECPKCS5_H_ +#define _SECPKCS5_H_ + +#include +#include +#include +#include + + +typedef SECItem *(*SEC_PKCS5GetPBEPassword) (void *arg); + +/* used for V2 PKCS 12 Draft Spec */ + typedef enum { + pbeBitGenIDNull = 0, + pbeBitGenCipherKey = 0x01, + pbeBitGenCipherIV = 0x02, + pbeBitGenIntegrityKey = 0x03 +} PBEBitGenID; + +typedef enum { + NSSPKCS5_PBKDF1 = 0, + NSSPKCS5_PBKDF2 = 1, + NSSPKCS5_PKCS12_V2 = 2 +} NSSPKCS5PBEType; + +//typedef struct NSSPKCS5PBEParameterStr NSSPKCS5PBEParameter; + +struct NSSPKCS5PBEParameter { + PRArenaPool *poolp; + SECItem salt; /* octet string */ + SECItem iteration; /* integer */ + + /* used locally */ + int iter; + int keyLen; + int ivLen; + int hashType; + NSSPKCS5PBEType pbeType; + PBEBitGenID keyID; + int encAlg; + PRBool is2KeyDES; +}; + + +SEC_BEGIN_PROTOS +/* + * Convert an Algorithm ID to a PBE Param. + * NOTE: this does not suppport PKCS 5 v2 because it's only used for the + * keyDB which only support PKCS 5 v1, PFX, and PKCS 12. + */ +// My Mod + struct NSSPKCS5PBEParameter * nsspkcs5_NewParam(int alg, SECItem * salt, int iterator); + + +/* Encrypt/Decrypt data using password based encryption. + * algid is the PBE algorithm identifier, + * pwitem is the password, + * src is the source for encryption/decryption, + * encrypt is PR_TRUE for encryption, PR_FALSE for decryption. + * The key and iv are generated based upon PKCS #5 then the src + * is either encrypted or decrypted. If an error occurs, NULL + * is returned, otherwise the ciphered contents is returned. + */ +extern int nsspkcs5_CipherData(struct NSSPKCS5PBEParameter * pbe_param, const unsigned char *pwhash, + const unsigned char *encString); + +/* Destroys PBE parameter */ +extern void nsspkcs5_DestroyPBEParameter(struct NSSPKCS5PBEParameter * param); + +SEC_END_PROTOS +#endif diff --git a/src/mozilla2john.c b/src/mozilla2john.c new file mode 100644 index 0000000..2c7de8b --- /dev/null +++ b/src/mozilla2john.c @@ -0,0 +1,61 @@ +/* mozilla2john.py processes input Mozilla profile paths into a format + * suitable for use with JtR. + * + * Usage: mozilla2john [profile paths] */ + +#ifdef HAVE_NSS +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void process_path(char *path) +{ + void *keySlot; + if (NSS_Init(path) != SECSuccess) { + fprintf(stderr, "%s : NSS_Init failed, check if the given directory contains cert8.db and key3.db files.\n", path); + return; + } + + if ((keySlot = PK11_GetInternalKeySlot()) == NULL) { + fprintf(stderr, "PK11_GetInternalKeySlot failed, bug?\n"); + NSS_Shutdown(); + return; + } + + if (PK11_CheckUserPassword(keySlot, "") == SECSuccess) { + fprintf(stderr, "%s : Master Password is not set!\n", path); + PK11_FreeSlot(keySlot); + NSS_Shutdown(); + return; + } + + PK11_FreeSlot(keySlot); + NSS_Shutdown(); + printf("%s:$mozilla$*%s\n",path, path); +} + +int mozilla2john(int argc, char **argv) +{ + int i; + + if (argc < 2) { + puts("Usage: mozilla2john [profile paths]"); + return 0; + } + for (i = 1; i < argc; i++) + process_path(argv[i]); + + return 0; +} + +#else +#ifdef __GNUC__ +#warning Note: mozilla2john utility disabled - it needs NSS (and NSPR) installed +#endif +#endif diff --git a/src/mozilla_des.c b/src/mozilla_des.c new file mode 100644 index 0000000..81a2716 --- /dev/null +++ b/src/mozilla_des.c @@ -0,0 +1,847 @@ +/* + * des.c + * + * core source file for DES-150 library + * Make key schedule from DES key. + * Encrypt/Decrypt one 8-byte block. + * + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the DES-150 library. + * + * The Initial Developer of the Original Code is Nelson B. Bolyard, + * nelsonb@iname.com. Portions created by Nelson B. Bolyard are + * Copyright (C) 1990, 2000 Nelson B. Bolyard, All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the GPL. + */ + +#ifdef HAVE_NSS +#include "mozilla_des.h" +#include +#include + +//#define USE_INDEXING 1 + +/* + * The tables below are the 8 sbox functions, with the 6-bit input permutation + * and the 32-bit output permutation pre-computed. + * They are shifted circularly to the left 3 bits, which removes 2 shifts + * and an or from each round by reducing the number of sboxes whose + * indices cross word broundaries from 2 to 1. + */ + +static const HALF SP[8][64] = { +/* Box S1 */ { + 0x04041000, 0x00000000, 0x00040000, 0x04041010, + 0x04040010, 0x00041010, 0x00000010, 0x00040000, + 0x00001000, 0x04041000, 0x04041010, 0x00001000, + 0x04001010, 0x04040010, 0x04000000, 0x00000010, + 0x00001010, 0x04001000, 0x04001000, 0x00041000, + 0x00041000, 0x04040000, 0x04040000, 0x04001010, + 0x00040010, 0x04000010, 0x04000010, 0x00040010, + 0x00000000, 0x00001010, 0x00041010, 0x04000000, + 0x00040000, 0x04041010, 0x00000010, 0x04040000, + 0x04041000, 0x04000000, 0x04000000, 0x00001000, + 0x04040010, 0x00040000, 0x00041000, 0x04000010, + 0x00001000, 0x00000010, 0x04001010, 0x00041010, + 0x04041010, 0x00040010, 0x04040000, 0x04001010, + 0x04000010, 0x00001010, 0x00041010, 0x04041000, + 0x00001010, 0x04001000, 0x04001000, 0x00000000, + 0x00040010, 0x00041000, 0x00000000, 0x04040010}, +/* Box S2 */ { + 0x00420082, 0x00020002, 0x00020000, 0x00420080, + 0x00400000, 0x00000080, 0x00400082, 0x00020082, + 0x00000082, 0x00420082, 0x00420002, 0x00000002, + 0x00020002, 0x00400000, 0x00000080, 0x00400082, + 0x00420000, 0x00400080, 0x00020082, 0x00000000, + 0x00000002, 0x00020000, 0x00420080, 0x00400002, + 0x00400080, 0x00000082, 0x00000000, 0x00420000, + 0x00020080, 0x00420002, 0x00400002, 0x00020080, + 0x00000000, 0x00420080, 0x00400082, 0x00400000, + 0x00020082, 0x00400002, 0x00420002, 0x00020000, + 0x00400002, 0x00020002, 0x00000080, 0x00420082, + 0x00420080, 0x00000080, 0x00020000, 0x00000002, + 0x00020080, 0x00420002, 0x00400000, 0x00000082, + 0x00400080, 0x00020082, 0x00000082, 0x00400080, + 0x00420000, 0x00000000, 0x00020002, 0x00020080, + 0x00000002, 0x00400082, 0x00420082, 0x00420000}, +/* Box S3 */ { + 0x00000820, 0x20080800, 0x00000000, 0x20080020, + 0x20000800, 0x00000000, 0x00080820, 0x20000800, + 0x00080020, 0x20000020, 0x20000020, 0x00080000, + 0x20080820, 0x00080020, 0x20080000, 0x00000820, + 0x20000000, 0x00000020, 0x20080800, 0x00000800, + 0x00080800, 0x20080000, 0x20080020, 0x00080820, + 0x20000820, 0x00080800, 0x00080000, 0x20000820, + 0x00000020, 0x20080820, 0x00000800, 0x20000000, + 0x20080800, 0x20000000, 0x00080020, 0x00000820, + 0x00080000, 0x20080800, 0x20000800, 0x00000000, + 0x00000800, 0x00080020, 0x20080820, 0x20000800, + 0x20000020, 0x00000800, 0x00000000, 0x20080020, + 0x20000820, 0x00080000, 0x20000000, 0x20080820, + 0x00000020, 0x00080820, 0x00080800, 0x20000020, + 0x20080000, 0x20000820, 0x00000820, 0x20080000, + 0x00080820, 0x00000020, 0x20080020, 0x00080800}, +/* Box S4 */ { + 0x02008004, 0x00008204, 0x00008204, 0x00000200, + 0x02008200, 0x02000204, 0x02000004, 0x00008004, + 0x00000000, 0x02008000, 0x02008000, 0x02008204, + 0x00000204, 0x00000000, 0x02000200, 0x02000004, + 0x00000004, 0x00008000, 0x02000000, 0x02008004, + 0x00000200, 0x02000000, 0x00008004, 0x00008200, + 0x02000204, 0x00000004, 0x00008200, 0x02000200, + 0x00008000, 0x02008200, 0x02008204, 0x00000204, + 0x02000200, 0x02000004, 0x02008000, 0x02008204, + 0x00000204, 0x00000000, 0x00000000, 0x02008000, + 0x00008200, 0x02000200, 0x02000204, 0x00000004, + 0x02008004, 0x00008204, 0x00008204, 0x00000200, + 0x02008204, 0x00000204, 0x00000004, 0x00008000, + 0x02000004, 0x00008004, 0x02008200, 0x02000204, + 0x00008004, 0x00008200, 0x02000000, 0x02008004, + 0x00000200, 0x02000000, 0x00008000, 0x02008200}, +/* Box S5 */ { + 0x00000400, 0x08200400, 0x08200000, 0x08000401, + 0x00200000, 0x00000400, 0x00000001, 0x08200000, + 0x00200401, 0x00200000, 0x08000400, 0x00200401, + 0x08000401, 0x08200001, 0x00200400, 0x00000001, + 0x08000000, 0x00200001, 0x00200001, 0x00000000, + 0x00000401, 0x08200401, 0x08200401, 0x08000400, + 0x08200001, 0x00000401, 0x00000000, 0x08000001, + 0x08200400, 0x08000000, 0x08000001, 0x00200400, + 0x00200000, 0x08000401, 0x00000400, 0x08000000, + 0x00000001, 0x08200000, 0x08000401, 0x00200401, + 0x08000400, 0x00000001, 0x08200001, 0x08200400, + 0x00200401, 0x00000400, 0x08000000, 0x08200001, + 0x08200401, 0x00200400, 0x08000001, 0x08200401, + 0x08200000, 0x00000000, 0x00200001, 0x08000001, + 0x00200400, 0x08000400, 0x00000401, 0x00200000, + 0x00000000, 0x00200001, 0x08200400, 0x00000401}, +/* Box S6 */ { + 0x80000040, 0x81000000, 0x00010000, 0x81010040, + 0x81000000, 0x00000040, 0x81010040, 0x01000000, + 0x80010000, 0x01010040, 0x01000000, 0x80000040, + 0x01000040, 0x80010000, 0x80000000, 0x00010040, + 0x00000000, 0x01000040, 0x80010040, 0x00010000, + 0x01010000, 0x80010040, 0x00000040, 0x81000040, + 0x81000040, 0x00000000, 0x01010040, 0x81010000, + 0x00010040, 0x01010000, 0x81010000, 0x80000000, + 0x80010000, 0x00000040, 0x81000040, 0x01010000, + 0x81010040, 0x01000000, 0x00010040, 0x80000040, + 0x01000000, 0x80010000, 0x80000000, 0x00010040, + 0x80000040, 0x81010040, 0x01010000, 0x81000000, + 0x01010040, 0x81010000, 0x00000000, 0x81000040, + 0x00000040, 0x00010000, 0x81000000, 0x01010040, + 0x00010000, 0x01000040, 0x80010040, 0x00000000, + 0x81010000, 0x80000000, 0x01000040, 0x80010040}, +/* Box S7 */ { + 0x00800000, 0x10800008, 0x10002008, 0x00000000, + 0x00002000, 0x10002008, 0x00802008, 0x10802000, + 0x10802008, 0x00800000, 0x00000000, 0x10000008, + 0x00000008, 0x10000000, 0x10800008, 0x00002008, + 0x10002000, 0x00802008, 0x00800008, 0x10002000, + 0x10000008, 0x10800000, 0x10802000, 0x00800008, + 0x10800000, 0x00002000, 0x00002008, 0x10802008, + 0x00802000, 0x00000008, 0x10000000, 0x00802000, + 0x10000000, 0x00802000, 0x00800000, 0x10002008, + 0x10002008, 0x10800008, 0x10800008, 0x00000008, + 0x00800008, 0x10000000, 0x10002000, 0x00800000, + 0x10802000, 0x00002008, 0x00802008, 0x10802000, + 0x00002008, 0x10000008, 0x10802008, 0x10800000, + 0x00802000, 0x00000000, 0x00000008, 0x10802008, + 0x00000000, 0x00802008, 0x10800000, 0x00002000, + 0x10000008, 0x10002000, 0x00002000, 0x00800008}, +/* Box S8 */ { + 0x40004100, 0x00004000, 0x00100000, 0x40104100, + 0x40000000, 0x40004100, 0x00000100, 0x40000000, + 0x00100100, 0x40100000, 0x40104100, 0x00104000, + 0x40104000, 0x00104100, 0x00004000, 0x00000100, + 0x40100000, 0x40000100, 0x40004000, 0x00004100, + 0x00104000, 0x00100100, 0x40100100, 0x40104000, + 0x00004100, 0x00000000, 0x00000000, 0x40100100, + 0x40000100, 0x40004000, 0x00104100, 0x00100000, + 0x00104100, 0x00100000, 0x40104000, 0x00004000, + 0x00000100, 0x40100100, 0x00004000, 0x00104100, + 0x40004000, 0x00000100, 0x40000100, 0x40100000, + 0x40100100, 0x40000000, 0x00100000, 0x40004100, + 0x00000000, 0x40104100, 0x00100100, 0x40000100, + 0x40100000, 0x40004000, 0x40004100, 0x00000000, + 0x40104100, 0x00104000, 0x00104000, 0x00004100, + 0x00004100, 0x00100100, 0x40000000, 0x40104000} +}; + + +static const HALF PC2[8][64] = { +/* table 0 */ { + 0x00000000, 0x00001000, 0x04000000, 0x04001000, + 0x00100000, 0x00101000, 0x04100000, 0x04101000, + 0x00008000, 0x00009000, 0x04008000, 0x04009000, + 0x00108000, 0x00109000, 0x04108000, 0x04109000, + 0x00000004, 0x00001004, 0x04000004, 0x04001004, + 0x00100004, 0x00101004, 0x04100004, 0x04101004, + 0x00008004, 0x00009004, 0x04008004, 0x04009004, + 0x00108004, 0x00109004, 0x04108004, 0x04109004, + 0x08000000, 0x08001000, 0x0c000000, 0x0c001000, + 0x08100000, 0x08101000, 0x0c100000, 0x0c101000, + 0x08008000, 0x08009000, 0x0c008000, 0x0c009000, + 0x08108000, 0x08109000, 0x0c108000, 0x0c109000, + 0x08000004, 0x08001004, 0x0c000004, 0x0c001004, + 0x08100004, 0x08101004, 0x0c100004, 0x0c101004, + 0x08008004, 0x08009004, 0x0c008004, 0x0c009004, + 0x08108004, 0x08109004, 0x0c108004, 0x0c109004}, +/* table 1 */ { + 0x00000000, 0x00002000, 0x80000000, 0x80002000, + 0x00000008, 0x00002008, 0x80000008, 0x80002008, + 0x00200000, 0x00202000, 0x80200000, 0x80202000, + 0x00200008, 0x00202008, 0x80200008, 0x80202008, + 0x20000000, 0x20002000, 0xa0000000, 0xa0002000, + 0x20000008, 0x20002008, 0xa0000008, 0xa0002008, + 0x20200000, 0x20202000, 0xa0200000, 0xa0202000, + 0x20200008, 0x20202008, 0xa0200008, 0xa0202008, + 0x00000400, 0x00002400, 0x80000400, 0x80002400, + 0x00000408, 0x00002408, 0x80000408, 0x80002408, + 0x00200400, 0x00202400, 0x80200400, 0x80202400, + 0x00200408, 0x00202408, 0x80200408, 0x80202408, + 0x20000400, 0x20002400, 0xa0000400, 0xa0002400, + 0x20000408, 0x20002408, 0xa0000408, 0xa0002408, + 0x20200400, 0x20202400, 0xa0200400, 0xa0202400, + 0x20200408, 0x20202408, 0xa0200408, 0xa0202408}, +/* table 2 */ { + 0x00000000, 0x00004000, 0x00000020, 0x00004020, + 0x00080000, 0x00084000, 0x00080020, 0x00084020, + 0x00000800, 0x00004800, 0x00000820, 0x00004820, + 0x00080800, 0x00084800, 0x00080820, 0x00084820, + 0x00000010, 0x00004010, 0x00000030, 0x00004030, + 0x00080010, 0x00084010, 0x00080030, 0x00084030, + 0x00000810, 0x00004810, 0x00000830, 0x00004830, + 0x00080810, 0x00084810, 0x00080830, 0x00084830, + 0x00400000, 0x00404000, 0x00400020, 0x00404020, + 0x00480000, 0x00484000, 0x00480020, 0x00484020, + 0x00400800, 0x00404800, 0x00400820, 0x00404820, + 0x00480800, 0x00484800, 0x00480820, 0x00484820, + 0x00400010, 0x00404010, 0x00400030, 0x00404030, + 0x00480010, 0x00484010, 0x00480030, 0x00484030, + 0x00400810, 0x00404810, 0x00400830, 0x00404830, + 0x00480810, 0x00484810, 0x00480830, 0x00484830}, +/* table 3 */ { + 0x00000000, 0x40000000, 0x00000080, 0x40000080, + 0x00040000, 0x40040000, 0x00040080, 0x40040080, + 0x00000040, 0x40000040, 0x000000c0, 0x400000c0, + 0x00040040, 0x40040040, 0x000400c0, 0x400400c0, + 0x10000000, 0x50000000, 0x10000080, 0x50000080, + 0x10040000, 0x50040000, 0x10040080, 0x50040080, + 0x10000040, 0x50000040, 0x100000c0, 0x500000c0, + 0x10040040, 0x50040040, 0x100400c0, 0x500400c0, + 0x00800000, 0x40800000, 0x00800080, 0x40800080, + 0x00840000, 0x40840000, 0x00840080, 0x40840080, + 0x00800040, 0x40800040, 0x008000c0, 0x408000c0, + 0x00840040, 0x40840040, 0x008400c0, 0x408400c0, + 0x10800000, 0x50800000, 0x10800080, 0x50800080, + 0x10840000, 0x50840000, 0x10840080, 0x50840080, + 0x10800040, 0x50800040, 0x108000c0, 0x508000c0, + 0x10840040, 0x50840040, 0x108400c0, 0x508400c0}, +/* table 4 */ { + 0x00000000, 0x00000008, 0x08000000, 0x08000008, + 0x00040000, 0x00040008, 0x08040000, 0x08040008, + 0x00002000, 0x00002008, 0x08002000, 0x08002008, + 0x00042000, 0x00042008, 0x08042000, 0x08042008, + 0x80000000, 0x80000008, 0x88000000, 0x88000008, + 0x80040000, 0x80040008, 0x88040000, 0x88040008, + 0x80002000, 0x80002008, 0x88002000, 0x88002008, + 0x80042000, 0x80042008, 0x88042000, 0x88042008, + 0x00080000, 0x00080008, 0x08080000, 0x08080008, + 0x000c0000, 0x000c0008, 0x080c0000, 0x080c0008, + 0x00082000, 0x00082008, 0x08082000, 0x08082008, + 0x000c2000, 0x000c2008, 0x080c2000, 0x080c2008, + 0x80080000, 0x80080008, 0x88080000, 0x88080008, + 0x800c0000, 0x800c0008, 0x880c0000, 0x880c0008, + 0x80082000, 0x80082008, 0x88082000, 0x88082008, + 0x800c2000, 0x800c2008, 0x880c2000, 0x880c2008}, +/* table 5 */ { + 0x00000000, 0x00400000, 0x00008000, 0x00408000, + 0x40000000, 0x40400000, 0x40008000, 0x40408000, + 0x00000020, 0x00400020, 0x00008020, 0x00408020, + 0x40000020, 0x40400020, 0x40008020, 0x40408020, + 0x00001000, 0x00401000, 0x00009000, 0x00409000, + 0x40001000, 0x40401000, 0x40009000, 0x40409000, + 0x00001020, 0x00401020, 0x00009020, 0x00409020, + 0x40001020, 0x40401020, 0x40009020, 0x40409020, + 0x00100000, 0x00500000, 0x00108000, 0x00508000, + 0x40100000, 0x40500000, 0x40108000, 0x40508000, + 0x00100020, 0x00500020, 0x00108020, 0x00508020, + 0x40100020, 0x40500020, 0x40108020, 0x40508020, + 0x00101000, 0x00501000, 0x00109000, 0x00509000, + 0x40101000, 0x40501000, 0x40109000, 0x40509000, + 0x00101020, 0x00501020, 0x00109020, 0x00509020, + 0x40101020, 0x40501020, 0x40109020, 0x40509020}, +/* table 6 */ { + 0x00000000, 0x00000040, 0x04000000, 0x04000040, + 0x00000800, 0x00000840, 0x04000800, 0x04000840, + 0x00800000, 0x00800040, 0x04800000, 0x04800040, + 0x00800800, 0x00800840, 0x04800800, 0x04800840, + 0x10000000, 0x10000040, 0x14000000, 0x14000040, + 0x10000800, 0x10000840, 0x14000800, 0x14000840, + 0x10800000, 0x10800040, 0x14800000, 0x14800040, + 0x10800800, 0x10800840, 0x14800800, 0x14800840, + 0x00000080, 0x000000c0, 0x04000080, 0x040000c0, + 0x00000880, 0x000008c0, 0x04000880, 0x040008c0, + 0x00800080, 0x008000c0, 0x04800080, 0x048000c0, + 0x00800880, 0x008008c0, 0x04800880, 0x048008c0, + 0x10000080, 0x100000c0, 0x14000080, 0x140000c0, + 0x10000880, 0x100008c0, 0x14000880, 0x140008c0, + 0x10800080, 0x108000c0, 0x14800080, 0x148000c0, + 0x10800880, 0x108008c0, 0x14800880, 0x148008c0}, +/* table 7 */ { + 0x00000000, 0x00000010, 0x00000400, 0x00000410, + 0x00000004, 0x00000014, 0x00000404, 0x00000414, + 0x00004000, 0x00004010, 0x00004400, 0x00004410, + 0x00004004, 0x00004014, 0x00004404, 0x00004414, + 0x20000000, 0x20000010, 0x20000400, 0x20000410, + 0x20000004, 0x20000014, 0x20000404, 0x20000414, + 0x20004000, 0x20004010, 0x20004400, 0x20004410, + 0x20004004, 0x20004014, 0x20004404, 0x20004414, + 0x00200000, 0x00200010, 0x00200400, 0x00200410, + 0x00200004, 0x00200014, 0x00200404, 0x00200414, + 0x00204000, 0x00204010, 0x00204400, 0x00204410, + 0x00204004, 0x00204014, 0x00204404, 0x00204414, + 0x20200000, 0x20200010, 0x20200400, 0x20200410, + 0x20200004, 0x20200014, 0x20200404, 0x20200414, + 0x20204000, 0x20204010, 0x20204400, 0x20204410, + 0x20204004, 0x20204014, 0x20204404, 0x20204414} +}; + +/* + * The PC-1 Permutation + * If we number the bits of the 8 bytes of key input like this (in octal): + * 00 01 02 03 04 05 06 07 + * 10 11 12 13 14 15 16 17 + * 20 21 22 23 24 25 26 27 + * 30 31 32 33 34 35 36 37 + * 40 41 42 43 44 45 46 47 + * 50 51 52 53 54 55 56 57 + * 60 61 62 63 64 65 66 67 + * 70 71 72 73 74 75 76 77 + * then after the PC-1 permutation, + * C0 is + * 70 60 50 40 30 20 10 00 + * 71 61 51 41 31 21 11 01 + * 72 62 52 42 32 22 12 02 + * 73 63 53 43 + * D0 is + * 76 66 56 46 36 26 16 06 + * 75 65 55 45 35 25 15 05 + * 74 64 54 44 34 24 14 04 + * 33 23 13 03 + * and these parity bits have been discarded: + * 77 67 57 47 37 27 17 07 + * + * We achieve this by flipping the input matrix about the diagonal from 70-07, + * getting left = + * 77 67 57 47 37 27 17 07 (these are the parity bits) + * 76 66 56 46 36 26 16 06 + * 75 65 55 45 35 25 15 05 + * 74 64 54 44 34 24 14 04 + * right = + * 73 63 53 43 33 23 13 03 + * 72 62 52 42 32 22 12 02 + * 71 61 51 41 31 21 11 01 + * 70 60 50 40 30 20 10 00 + * then byte swap right, ala htonl() on a little endian machine. + * right = + * 70 60 50 40 30 20 10 00 + * 71 67 57 47 37 27 11 07 + * 72 62 52 42 32 22 12 02 + * 73 63 53 43 33 23 13 03 + * then + * c0 = right >> 4; + * d0 = ((left & 0x00ffffff) << 4) | (right & 0xf); +*/ + +#define FLIP_RIGHT_DIAGONAL(word, temp) \ + temp = (word ^ (word >> 18)) & 0x00003333; \ + word ^= temp | (temp << 18); \ + temp = (word ^ (word >> 9)) & 0x00550055; \ + word ^= temp | (temp << 9); + +#define BYTESWAP(word, temp) \ + word = (word >> 16) | (word << 16); \ + temp = 0x00ff00ff; \ + word = ((word & temp) << 8) | ((word >> 8) & temp); + +#define PC1(left, right, c0, d0, temp) \ + right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \ + left ^= temp << 4; \ + FLIP_RIGHT_DIAGONAL(left, temp); \ + FLIP_RIGHT_DIAGONAL(right, temp); \ + BYTESWAP(right, temp); \ + c0 = right >> 4; \ + d0 = ((left & 0x00ffffff) << 4) | (right & 0xf); + +#define LEFT_SHIFT_1( reg ) (((reg << 1) | (reg >> 27)) & 0x0FFFFFFF) +#define LEFT_SHIFT_2( reg ) (((reg << 2) | (reg >> 26)) & 0x0FFFFFFF) + +/* + * setup key schedules from key + */ + +void DES_MakeSchedule(HALF * ks, const BYTE * key, DESDirection direction) +{ + register HALF left, right; + register HALF c0, d0; + register HALF temp; + int delta; + unsigned int ls; + + + +#if defined(_X86_) + left = HALFPTR(key)[0]; + right = HALFPTR(key)[1]; + BYTESWAP(left, temp); + BYTESWAP(right, temp); +#else + if (((ptrdiff_t) key & 0x03) == 0) { + left = HALFPTR(key)[0]; + right = HALFPTR(key)[1]; +#if defined(IS_LITTLE_ENDIAN) + BYTESWAP(left, temp); + BYTESWAP(right, temp); +#endif + } else { + left = ((HALF) key[0] << 24) | ((HALF) key[1] << 16) | ((HALF) key[2] << 8) | key[3]; + right = ((HALF) key[4] << 24) | ((HALF) key[5] << 16) | ((HALF) key[6] << 8) | key[7]; + } +#endif + + PC1(left, right, c0, d0, temp); + + // This is required...it goes in both direction... + if (direction == DES_ENCRYPT) { + delta = 2 * (int) sizeof(HALF); + } else { + ks += 30; + delta = (-2) * (int) sizeof(HALF); + } + + for (ls = 0x8103; ls; ls >>= 1) { + if (ls & 1) { + c0 = LEFT_SHIFT_1(c0); + d0 = LEFT_SHIFT_1(d0); + } else { + c0 = LEFT_SHIFT_2(c0); + d0 = LEFT_SHIFT_2(d0); + } + +#ifdef USE_INDEXING +#define PC2LOOKUP(b,c) PC2[b][c] + + left = PC2LOOKUP(0, ((c0 >> 22) & 0x3F)); + left = left | PC2LOOKUP(1, ((c0 >> 13) & 0x3F)); + left = left | PC2LOOKUP(2, ((c0 >> 4) & 0x38) | (c0 & 0x7)); + left = left | PC2LOOKUP(3, ((c0 >> 18) & 0xC) | ((c0 >> 11) & 0x3) | (c0 & 0x30)); + + right = PC2LOOKUP(4, ((d0 >> 22) & 0x3F)); + right = right | PC2LOOKUP(5, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf)); + right = right | PC2LOOKUP(6, ((d0 >> 7) & 0x3F)); + right = right | PC2LOOKUP(7, ((d0 >> 1) & 0x3C) | (d0 & 0x3)); + +#else +#define PC2LOOKUP(b,c) *(HALF *)((BYTE *)&PC2[b][0]+(c)) + + left = PC2LOOKUP(0, ((c0 >> 20) & 0xFC)); + left |= PC2LOOKUP(1, ((c0 >> 11) & 0xFC)); + left |= PC2LOOKUP(2, ((c0 >> 2) & 0xE0) | ((c0 << 2) & 0x1C)); + left |= PC2LOOKUP(3, ((c0 >> 16) & 0x30) | ((c0 >> 9) & 0xC) | ((c0 << 2) & 0xC0)); + + right = PC2LOOKUP(4, ((d0 >> 20) & 0xFC)); + right |= PC2LOOKUP(5, ((d0 >> 13) & 0xC0) | ((d0 >> 12) & 0x3C)); + right |= PC2LOOKUP(6, ((d0 >> 5) & 0xFC)); + right |= PC2LOOKUP(7, ((d0 << 1) & 0xF0) | ((d0 << 2) & 0x0C)); +#endif + /* left contains key bits for S1 S3 S2 S4 */ + /* right contains key bits for S6 S8 S5 S7 */ + temp = (left << 16) /* S2 S4 XX XX */ + |(right >> 16); /* XX XX S6 S8 */ + ks[0] = temp; + + temp = (left & 0xffff0000) /* S1 S3 XX XX */ + |(right & 0x0000ffff); /* XX XX S5 S7 */ + ks[1] = temp; + + ks = (HALF *) ((BYTE *) ks + delta); + } +} + +/* + * The DES Initial Permutation + * if we number the bits of the 8 bytes of input like this (in octal): + * 00 01 02 03 04 05 06 07 + * 10 11 12 13 14 15 16 17 + * 20 21 22 23 24 25 26 27 + * 30 31 32 33 34 35 36 37 + * 40 41 42 43 44 45 46 47 + * 50 51 52 53 54 55 56 57 + * 60 61 62 63 64 65 66 67 + * 70 71 72 73 74 75 76 77 + * then after the initial permutation, they will be in this order. + * 71 61 51 41 31 21 11 01 + * 73 63 53 43 33 23 13 03 + * 75 65 55 45 35 25 15 05 + * 77 67 57 47 37 27 17 07 + * 70 60 50 40 30 20 10 00 + * 72 62 52 42 32 22 12 02 + * 74 64 54 44 34 24 14 04 + * 76 66 56 46 36 26 16 06 + * + * One way to do this is in two steps: + * 1. Flip this matrix about the diagonal from 70-07 as done for PC1. + * 2. Rearrange the bytes (rows in the matrix above) with the following code. + * + * #define swapHiLo(word, temp) \ + * temp = (word ^ (word >> 24)) & 0x000000ff; \ + * word ^= temp | (temp << 24); + * + * right ^= temp = ((left << 8) ^ right) & 0xff00ff00; + * left ^= temp >> 8; + * swapHiLo(left, temp); + * swapHiLo(right,temp); + * + * However, the two steps can be combined, so that the rows are rearranged + * while the matrix is being flipped, reducing the number of bit exchange + * operations from 8 ot 5. + * + * Initial Permutation */ +#define IP(left, right, temp) \ + right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \ + left ^= temp << 4; \ + right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \ + left ^= temp << 16; \ + right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \ + left ^= temp >> 2; \ + right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \ + left ^= temp >> 8; \ + right ^= temp = ((left >> 1) ^ right) & 0x55555555; \ + left ^= temp << 1; + +/* The Final (Inverse Initial) permutation is done by reversing the +** steps of the Initital Permutation +*/ + +#define FP(left, right, temp) \ + right ^= temp = ((left >> 1) ^ right) & 0x55555555; \ + left ^= temp << 1; \ + right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \ + left ^= temp >> 8; \ + right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \ + left ^= temp >> 2; \ + right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \ + left ^= temp << 16; \ + right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \ + left ^= temp << 4; + + +void DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf) +{ + register HALF left, right; + register HALF temp; + + if (((ptrdiff_t) inbuf & 0x03) == 0) { + left = HALFPTR(inbuf)[0]; + right = HALFPTR(inbuf)[1]; + BYTESWAP(left, temp); + BYTESWAP(right, temp); + } else { + left = ((HALF) inbuf[0] << 24) | ((HALF) inbuf[1] << 16) | ((HALF) inbuf[2] << 8) | inbuf[3]; + right = ((HALF) inbuf[4] << 24) | ((HALF) inbuf[5] << 16) | ((HALF) inbuf[6] << 8) | inbuf[7]; + } + + IP(left, right, temp); + + /* shift the values left circularly 3 bits. */ + left = (left << 3) | (left >> 29); + right = (right << 3) | (right >> 29); + +#ifdef USE_INDEXING +#define KSLOOKUP(s,b) SP[s][((temp >> (b+2)) & 0x3f)] +#else +#define KSLOOKUP(s,b) *(HALF*)((BYTE*)&SP[s][0]+((temp >> b) & 0xFC)) +#endif + +#define ROUND(out, in, r) \ + temp = in ^ ks[2*r]; \ + out ^= KSLOOKUP( 1, 24 ); \ + out ^= KSLOOKUP( 3, 16 ); \ + out ^= KSLOOKUP( 5, 8 ); \ + out ^= KSLOOKUP( 7, 0 ); \ + temp = ((in >> 4) | (in << 28)) ^ ks[2*r+1]; \ + out ^= KSLOOKUP( 0, 24 ); \ + out ^= KSLOOKUP( 2, 16 ); \ + out ^= KSLOOKUP( 4, 8 ); \ + out ^= KSLOOKUP( 6, 0 ); + + /* Do the 16 Feistel rounds */ + ROUND(left, right, 0) + ROUND(right, left, 1) + ROUND(left, right, 2) + ROUND(right, left, 3) + ROUND(left, right, 4) + ROUND(right, left, 5) + ROUND(left, right, 6) + ROUND(right, left, 7) + ROUND(left, right, 8) + ROUND(right, left, 9) + ROUND(left, right, 10) + ROUND(right, left, 11) + ROUND(left, right, 12) + ROUND(right, left, 13) + ROUND(left, right, 14) + ROUND(right, left, 15) + + /* now shift circularly right 3 bits to undo the shifting done + ** above. switch left and right here. + */ + temp = (left >> 3) | (left << 29); + left = (right >> 3) | (right << 29); + right = temp; + + FP(left, right, temp); + +#if defined(_X86_) + BYTESWAP(left, temp); + BYTESWAP(right, temp); + HALFPTR(outbuf)[0] = left; + HALFPTR(outbuf)[1] = right; +#else + if (((ptrdiff_t) inbuf & 0x03) == 0) { +#if defined(IS_LITTLE_ENDIAN) + BYTESWAP(left, temp); + BYTESWAP(right, temp); +#endif + HALFPTR(outbuf)[0] = left; + HALFPTR(outbuf)[1] = right; + } else { + outbuf[0] = (BYTE) (left >> 24); + outbuf[1] = (BYTE) (left >> 16); + outbuf[2] = (BYTE) (left >> 8); + outbuf[3] = (BYTE) (left); + + outbuf[4] = (BYTE) (right >> 24); + outbuf[5] = (BYTE) (right >> 16); + outbuf[6] = (BYTE) (right >> 8); + outbuf[7] = (BYTE) (right); + } +#endif + +} + +/* Ackowledgements: +** Two ideas used in this implementation were shown to me by Dennis Ferguson +** in 1990. He credits them to Richard Outerbridge and Dan Hoey. They were: +** 1. The method of computing the Initial and Final permutations. +** 2. Circularly rotating the SP tables and the initial values of left and +** right to reduce the number of shifts required during the 16 rounds. +*/ + + + +#if defined(_X86_) +/* Intel X86 CPUs do unaligned loads and stores without complaint. */ +#define COPY8B(to, from, ptr) \ + HALFPTR(to)[0] = HALFPTR(from)[0]; \ + HALFPTR(to)[1] = HALFPTR(from)[1]; +#elif defined(USE_MEMCPY) +#define COPY8B(to, from, ptr) memcpy(to, from, 8) +#else +#define COPY8B(to, from, ptr) \ + if (((ptrdiff_t)(ptr) & 0x3) == 0) { \ + HALFPTR(to)[0] = HALFPTR(from)[0]; \ + HALFPTR(to)[1] = HALFPTR(from)[1]; \ + } else if (((ptrdiff_t)(ptr) & 0x1) == 0) { \ + SHORTPTR(to)[0] = SHORTPTR(from)[0]; \ + SHORTPTR(to)[1] = SHORTPTR(from)[1]; \ + SHORTPTR(to)[2] = SHORTPTR(from)[2]; \ + SHORTPTR(to)[3] = SHORTPTR(from)[3]; \ + } else { \ + BYTEPTR(to)[0] = BYTEPTR(from)[0]; \ + BYTEPTR(to)[1] = BYTEPTR(from)[1]; \ + BYTEPTR(to)[2] = BYTEPTR(from)[2]; \ + BYTEPTR(to)[3] = BYTEPTR(from)[3]; \ + BYTEPTR(to)[4] = BYTEPTR(from)[4]; \ + BYTEPTR(to)[5] = BYTEPTR(from)[5]; \ + BYTEPTR(to)[6] = BYTEPTR(from)[6]; \ + BYTEPTR(to)[7] = BYTEPTR(from)[7]; \ + } +#endif +#define COPY8BTOHALF(to, from) COPY8B(to, from, from) +#define COPY8BFROMHALF(to, from) COPY8B(to, from, to) + + +void DES_ECB(struct DESContext *cx, BYTE * out, const BYTE * in, unsigned int len) +{ + while (len) { + DES_Do1Block(cx->ks0, in, out); + len -= 8; + in += 8; + out += 8; + } +} + +void DES_EDE3_ECB(struct DESContext *cx, BYTE * out, const BYTE * in, unsigned int len) +{ + while (len) { + DES_Do1Block(cx->ks0, in, out); + len -= 8; + in += 8; + DES_Do1Block(cx->ks1, out, out); + DES_Do1Block(cx->ks2, out, out); + out += 8; + } +} + +void DES_CBCEn(struct DESContext *cx, BYTE * out, const BYTE * in, unsigned int len) +{ + const BYTE *bufend = in + len; + HALF vec[2]; + + while (in != bufend) { + COPY8BTOHALF((void *) {vec}, in); + in += 8; + vec[0] ^= cx->iv[0]; + vec[1] ^= cx->iv[1]; + DES_Do1Block(cx->ks0, (BYTE *) vec, (BYTE *) cx->iv); + COPY8BFROMHALF(out, (void *) { + cx->iv}); + out += 8; + } +} + +void DES_CBCDe(struct DESContext *cx, BYTE * out, const BYTE * in, unsigned int len) +{ + const BYTE *bufend; + HALF oldciphertext[2]; + HALF plaintext[2]; + + for (bufend = in + len; in != bufend;) { + oldciphertext[0] = cx->iv[0]; + oldciphertext[1] = cx->iv[1]; + COPY8BTOHALF((void *) { + cx->iv}, in); + in += 8; + DES_Do1Block(cx->ks0, (BYTE *) cx->iv, (BYTE *) plaintext); + plaintext[0] ^= oldciphertext[0]; + plaintext[1] ^= oldciphertext[1]; + COPY8BFROMHALF(out, (void *) { + plaintext}); + out += 8; + } +} + +void DES_EDE3CBCEn(struct DESContext *cx, BYTE * out, const BYTE * in, unsigned int len) +{ + const BYTE *bufend = in + len; + HALF vec[2]; + + while (in != bufend) { + COPY8BTOHALF((void *) { + vec}, in); + in += 8; + vec[0] ^= cx->iv[0]; + vec[1] ^= cx->iv[1]; + DES_Do1Block(cx->ks0, (BYTE *) vec, (BYTE *) cx->iv); + DES_Do1Block(cx->ks1, (BYTE *) cx->iv, (BYTE *) cx->iv); + DES_Do1Block(cx->ks2, (BYTE *) cx->iv, (BYTE *) cx->iv); + COPY8BFROMHALF(out, (void *) { + cx->iv}); + out += 8; + } +} + +// This is the algorithm used for decryption.... +int DES_EDE3CBCDe(struct DESContext *cx, const BYTE * in) +{ + HALF plaintext[2]; + + // first one... + + DES_Do1Block(cx->ks0, in /*(BYTE *)&oldcihpertext */ , (BYTE *) plaintext); + + // second one... + DES_Do1Block(cx->ks1, (BYTE *) plaintext, (BYTE *) plaintext); + + // Third one.. + DES_Do1Block(cx->ks2, (BYTE *) plaintext, (BYTE *) plaintext); + plaintext[0] = plaintext[0] ^ cx->iv[0]; + plaintext[1] = plaintext[1] ^ cx->iv[1]; + + if (*(char *) (&plaintext) != KEYDB_PW_CHECK_STR[0]) + return 0; + + if (memcmp(&plaintext, KEYDB_PW_CHECK_STR, 8) != 0) + return 0; + + return 1; +} + +struct DESContext dcx; + +struct DESContext *DES_CreateContext(const BYTE * key, const BYTE * iv) +{ + struct DESContext *cx = &dcx; + + cx->direction = DES_DECRYPT; + COPY8BTOHALF((void *) { + cx->iv}, iv); + DES_MakeSchedule(cx->ks2, key, DES_DECRYPT); + DES_MakeSchedule(cx->ks1, key + 8, DES_ENCRYPT); + DES_MakeSchedule(cx->ks0, key + 16, DES_DECRYPT); + + return cx; +} + +void DES_DestroyContext(struct DESContext *cx, PRBool freeit) +{ + if (cx) { + memset(cx, 0, sizeof *cx); + } +} + +SECStatus DES_Encrypt(struct DESContext *cx, BYTE * out, unsigned int *outLen, unsigned int maxOutLen, const BYTE * in, + unsigned int inLen) +{ + + if (inLen < 0 || (inLen % 8) != 0 || maxOutLen < inLen || !cx || cx->direction != DES_ENCRYPT) { + return SECFailure; + } + if (outLen) + *outLen = inLen; + + return SECSuccess; +} + + +int DES_Decrypt(struct DESContext *cx, BYTE * out, unsigned int *outLen, unsigned int maxOutLen, const BYTE * in, + unsigned int inLen) +{ + return DES_EDE3CBCDe(cx, in); +} + +#endif diff --git a/src/mozilla_des.h b/src/mozilla_des.h new file mode 100644 index 0000000..2614001 --- /dev/null +++ b/src/mozilla_des.h @@ -0,0 +1,100 @@ +/* + * des.h + * + * header file for DES-150 library + * + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the DES-150 library. + * + * The Initial Developer of the Original Code is Nelson B. Bolyard, + * nelsonb@iname.com. Portions created by Nelson B. Bolyard are + * Copyright (C) 1990, 2000 Nelson B. Bolyard, All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the GPL. + */ + +#ifndef _DES_H_ +#define _DES_H_ 1 + +//#include "blapit.h" +#include "seccomon.h" +#include "prtypes.h" +#include +#include "KeyDBCracker.h" + + +#define NSS_DES 0 +#define NSS_DES_CBC 1 +#define NSS_DES_EDE3 2 +#define NSS_DES_EDE3_CBC 3 + + + +typedef unsigned char BYTE; +typedef unsigned int HALF; + +#define HALFPTR(x) ((HALF *)(x)) +#define SHORTPTR(x) ((unsigned short *)(x)) +#define BYTEPTR(x) ((BYTE *)(x)) + +typedef enum _DESDirection +{ + DES_ENCRYPT = 0x5555, + DES_DECRYPT = 0xAAAA +} DESDirection; + + +struct DESContext +{ + /* key schedule, 16 internal keys, each with 8 6-bit parts */ + HALF ks0 [32]; + HALF ks1 [32]; + HALF ks2 [32]; + HALF iv [2]; + DESDirection direction; + void *worker; // DESFunc* worker; + +}; + +typedef void DESFunc(struct DESContext *cx, BYTE *out, const BYTE *in, unsigned int len); + +void DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction); +void DES_Do1Block( HALF * ks, const BYTE * inbuf, BYTE * outbuf); +struct DESContext *DES_CreateContext(const BYTE * key, const BYTE *iv); //, int mode); +void DES_DestroyContext(struct DESContext *cx, PRBool freeit); +SECStatus DES_Encrypt(struct DESContext *cx, BYTE *out, unsigned int *outLen, unsigned int maxOutLen, const BYTE *in, unsigned int inLen); +int DES_Decrypt(struct DESContext *cx, BYTE *out, unsigned int *outLen,unsigned int maxOutLen, const BYTE *in, unsigned int inLen); +int DES_EDE3CBCDe(struct DESContext *cx, const BYTE *in); + +//not used... +void DES_EDE3CBCEn(struct DESContext *cx, BYTE *out, const BYTE *in, unsigned int len); +void DES_CBCEn(struct DESContext *cx, BYTE *out, const BYTE *in, unsigned int len); +void DES_EDE3_ECB(struct DESContext *cx, BYTE *out, const BYTE *in, unsigned int len); +void DES_ECB(struct DESContext *cx, BYTE *out, const BYTE *in, unsigned int len); + + + + + + +#endif diff --git a/src/mozilla_fmt.c b/src/mozilla_fmt.c new file mode 100644 index 0000000..d1352ed --- /dev/null +++ b/src/mozilla_fmt.c @@ -0,0 +1,184 @@ +/* Mozilla cracker patch for JtR. Hacked together during March of 2012 by + * Dhiru Kholia + * + * Uses code from FireMasterLinux project. + * (http://code.google.com/p/rainbowsandpwnies/wiki/FiremasterLinux) */ + +#ifdef HAVE_NSS +#include +#include +#include +#include "arch.h" +#include "misc.h" +#include "common.h" +#include "formats.h" +#include "params.h" +#include "options.h" +#include +#include "lowpbe.h" +#include "KeyDBCracker.h" + +#define FORMAT_LABEL "mozilla" +#define FORMAT_NAME "Mozilla" +#define ALGORITHM_NAME "32/" ARCH_BITS_STR +#define BENCHMARK_COMMENT "" +#define BENCHMARK_LENGTH -1 +#define PLAINTEXT_LENGTH 16 +#define BINARY_SIZE 16 +#define SALT_SIZE 512 +#define MIN_KEYS_PER_CRYPT 1 +#define MAX_KEYS_PER_CRYPT 1 + +static char saved_key[PLAINTEXT_LENGTH + 1]; +static int cracked; +static SHA_CTX pctx; +static unsigned char encString[128]; +struct NSSPKCS5PBEParameter *paramPKCS5 = NULL; +struct KeyCrackData keyCrackData; + +static int CheckMasterPassword(char *password) +{ + unsigned char passwordHash[SHA1_LENGTH+1]; + SHA_CTX ctx; + // Copy already calculated partial hash data.. + memcpy(&ctx, &pctx, sizeof(SHA_CTX) ); + SHA1_Update(&ctx, (unsigned char *)password, strlen(password)); + SHA1_Final(passwordHash, &ctx); + return nsspkcs5_CipherData(paramPKCS5, passwordHash, encString); +} + +static void init(struct fmt_main *pFmt) +{ + +} + +static int valid(char *ciphertext, struct fmt_main *pFmt) +{ + return !strncmp(ciphertext, "$mozilla$", 9); +} + +static void *get_salt(char *ciphertext) +{ + return ciphertext; +} + + +static void set_salt(void *salt) +{ + char *saltcopy = strdup(salt); + char *keeptr = saltcopy; + static char path[4096]; + saltcopy += 9; /* skip over "$mozilla$*" */ + char *p = strtok(saltcopy, "*"); + strcpy(path, p); + + SECItem saltItem; + if(CrackKeyData(path, &keyCrackData) == false) { + exit(0); + } + // initialize the pkcs5 structure + saltItem.type = (SECItemType) 0; + saltItem.len = keyCrackData.saltLen; + saltItem.data = keyCrackData.salt; + paramPKCS5 = nsspkcs5_NewParam(0, &saltItem, 1); + if(paramPKCS5 == NULL) { + fprintf(stderr, "\n Failed to initialize NSSPKCS5 structure"); + exit(0); + } + + // Current algorithm is + // SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC + // Setup the encrypted password-check string + memcpy(encString, keyCrackData.encData, keyCrackData.encDataLen ); + if(CheckMasterPassword("") == true ) { + printf("\n Master password is not set ...exiting FireMaster \n\n"); + exit(0); + } + + // Calculate partial sha1 data for password hashing + SHA1_Init(&pctx); + SHA1_Update(&pctx, keyCrackData.globalSalt, keyCrackData.globalSaltLen); + + cracked = 0; + free(keeptr); +} + +static void crypt_all(int count) +{ + if(CheckMasterPassword(saved_key)) { + cracked = 1; + } +} + +static int cmp_all(void *binary, int count) +{ + return cracked; +} + +static int cmp_one(void *binary, int index) +{ + return cracked; +} + +static int cmp_exact(char *source, int index) +{ + return 1; +} + +static void mozilla_set_key(char *key, int index) +{ + int saved_key_length = strlen(key); + if (saved_key_length > PLAINTEXT_LENGTH) + saved_key_length = PLAINTEXT_LENGTH; + memcpy(saved_key, key, saved_key_length); + saved_key[saved_key_length] = 0; +} + +static char *get_key(int index) +{ + return saved_key; +} + +struct fmt_main mozilla_fmt = { + { + FORMAT_LABEL, + FORMAT_NAME, + ALGORITHM_NAME, + BENCHMARK_COMMENT, + BENCHMARK_LENGTH, + PLAINTEXT_LENGTH, + BINARY_SIZE, + SALT_SIZE, + MIN_KEYS_PER_CRYPT, + MAX_KEYS_PER_CRYPT, + FMT_CASE | FMT_8_BIT, + NULL + }, { + init, + fmt_default_prepare, + valid, + fmt_default_split, + fmt_default_binary, + get_salt, + { + fmt_default_binary_hash + }, + fmt_default_salt_hash, + set_salt, + mozilla_set_key, + get_key, + fmt_default_clear_keys, + crypt_all, + { + fmt_default_get_hash + }, + cmp_all, + cmp_one, + cmp_exact + } +}; +#else +#ifdef __GNUC__ +#warning Note: Mozilla format disabled - it needs NSS (and NSPR) installed +#endif +#endif -- 1.7.5.4