Date: Thu, 7 Mar 2019 13:46:10 +0000 (UTC) From: Alexey Dokuchaev <danfe@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r494946 - head/security/john/files Message-ID: <201903071346.x27DkAGD030255@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: danfe Date: Thu Mar 7 13:46:10 2019 New Revision: 494946 URL: https://svnweb.freebsd.org/changeset/ports/494946 Log: - Replace OpenSSL HMAC-SHA1 code with JtR own code - Remove use of EVP in favor of the low-level API - Add generic check_pkcs_pad() function in jumbo.c Obtained from: https://github.com/magnumripper/JohnTheRipper/commit/f837171 https://github.com/magnumripper/JohnTheRipper/commit/04d2b35 Added: head/security/john/files/patch-dmg__fmt__plug.c (contents, props changed) head/security/john/files/patch-jumbo.c (contents, props changed) head/security/john/files/patch-jumbo.h (contents, props changed) Added: head/security/john/files/patch-dmg__fmt__plug.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/john/files/patch-dmg__fmt__plug.c Thu Mar 7 13:46:10 2019 (r494946) @@ -0,0 +1,156 @@ +--- dmg_fmt_plug.c.orig 2014-12-18 07:59:02 UTC ++++ dmg_fmt_plug.c +@@ -56,7 +56,7 @@ john_register_one(&fmt_dmg); + #include <stdlib.h> + #include "stdint.h" + #include <sys/types.h> +-#include <openssl/evp.h> ++#include <openssl/des.h> + #include <openssl/aes.h> + #include <openssl/hmac.h> + #include "filevault.h" +@@ -413,42 +413,36 @@ static void *get_salt(char *ciphertext) + return (void *)&cs; + } + +-static int apple_des3_ede_unwrap_key1(unsigned char *wrapped_key, int wrapped_key_len, unsigned char *decryptKey) ++static int apple_des3_ede_unwrap_key1(const unsigned char *wrapped_key, const int wrapped_key_len, const unsigned char *decryptKey) + { +- EVP_CIPHER_CTX ctx; ++ DES_key_schedule ks1, ks2, ks3; + unsigned char TEMP1[sizeof(cur_salt->wrapped_hmac_sha1_key)]; + unsigned char TEMP2[sizeof(cur_salt->wrapped_hmac_sha1_key)]; +- unsigned char CEKICV[sizeof(cur_salt->wrapped_hmac_sha1_key)]; + unsigned char IV[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; +- int outlen, tmplen, i; ++ int outlen, i; + +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, decryptKey, IV); +- if (!EVP_DecryptUpdate(&ctx, TEMP1, &outlen, wrapped_key, wrapped_key_len)) { +- goto err; +- } +- if (!EVP_DecryptFinal_ex(&ctx, TEMP1 + outlen, &tmplen)) { +- goto err; +- } +- outlen += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); +- for (i = 0; i < outlen; i++) { ++ DES_set_key((DES_cblock*)(decryptKey + 0), &ks1); ++ DES_set_key((DES_cblock*)(decryptKey + 8), &ks2); ++ DES_set_key((DES_cblock*)(decryptKey + 16), &ks3); ++ DES_ede3_cbc_encrypt(wrapped_key, TEMP1, wrapped_key_len, &ks1, &ks2, &ks3, ++ (DES_cblock*)IV, DES_DECRYPT); ++ ++ outlen = check_pkcs_pad(TEMP1, wrapped_key_len, 8); ++ if (outlen < 0) ++ return 0; ++ ++ for (i = 0; i < outlen; i++) + TEMP2[i] = TEMP1[outlen - i - 1]; +- } +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, decryptKey, TEMP2); +- if (!EVP_DecryptUpdate(&ctx, CEKICV, &outlen, TEMP2 + 8, outlen - 8)) { +- goto err; +- } +- if (!EVP_DecryptFinal_ex(&ctx, CEKICV + outlen, &tmplen)) { +- goto err; +- } +- outlen += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); +- return 0; +-err: +- EVP_CIPHER_CTX_cleanup(&ctx); +- return -1; ++ ++ outlen -= 8; ++ DES_ede3_cbc_encrypt(TEMP2 + 8, TEMP1, outlen, &ks1, &ks2, &ks3, ++ (DES_cblock*)TEMP2, DES_DECRYPT); ++ ++ outlen = check_pkcs_pad(TEMP1, outlen, 8); ++ if (outlen < 0) ++ return 0; ++ ++ return 1; + } + + static void hash_plugin_check_hash(int index) +@@ -492,22 +486,20 @@ static void hash_plugin_check_hash(int index) + for(j = 0; j < SSE_GROUP_SZ_SHA1; ++j) { + derived_key = Derived_key[j]; + #endif +- if ((apple_des3_ede_unwrap_key1(cur_salt->wrapped_aes_key, cur_salt->len_wrapped_aes_key, derived_key) == 0) && (apple_des3_ede_unwrap_key1(cur_salt->wrapped_hmac_sha1_key, cur_salt->len_hmac_sha1_key, derived_key) == 0)) { ++ if (apple_des3_ede_unwrap_key1(cur_salt->wrapped_aes_key, cur_salt->len_wrapped_aes_key, derived_key) && ++ apple_des3_ede_unwrap_key1(cur_salt->wrapped_hmac_sha1_key, cur_salt->len_hmac_sha1_key, derived_key)) { + cracked[index+j] = 1; + } + #ifdef MMX_COEF + } + #endif + } else { +- EVP_CIPHER_CTX ctx; ++ DES_key_schedule ks1, ks2, ks3; + unsigned char TEMP1[sizeof(cur_salt->wrapped_hmac_sha1_key)]; +- int outlen, tmplen; + AES_KEY aes_decrypt_key; + unsigned char outbuf[8192 + 1]; + unsigned char outbuf2[4096 + 1]; + unsigned char iv[20]; +- HMAC_CTX hmacsha1_ctx; +- int mdlen; + #ifdef DMG_DEBUG + unsigned char *r; + #endif +@@ -547,27 +539,18 @@ static void hash_plugin_check_hash(int index) + for(j = 0; j < SSE_GROUP_SZ_SHA1; ++j) { + derived_key = Derived_key[j]; + #endif +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, derived_key, cur_salt->iv); +- if (!EVP_DecryptUpdate(&ctx, TEMP1, &outlen, +- cur_salt->encrypted_keyblob, cur_salt->encrypted_keyblob_size)) { +- EVP_CIPHER_CTX_cleanup(&ctx); +-#ifdef MMX_COEF +- continue; +-#else +- return; +-#endif +- } +- EVP_DecryptFinal_ex(&ctx, TEMP1 + outlen, &tmplen); +- EVP_CIPHER_CTX_cleanup(&ctx); +- outlen += tmplen; ++ ++ DES_set_key((DES_cblock*)(derived_key + 0), &ks1); ++ DES_set_key((DES_cblock*)(derived_key + 8), &ks2); ++ DES_set_key((DES_cblock*)(derived_key + 16), &ks3); ++ memcpy(iv, cur_salt->iv, 8); ++ DES_ede3_cbc_encrypt(cur_salt->encrypted_keyblob, TEMP1, ++ cur_salt->encrypted_keyblob_size, &ks1, &ks2, &ks3, ++ (DES_cblock*)iv, DES_DECRYPT); ++ + memcpy(aes_key_, TEMP1, 32); + memcpy(hmacsha1_key_, TEMP1, 20); +- HMAC_CTX_init(&hmacsha1_ctx); +- HMAC_Init_ex(&hmacsha1_ctx, hmacsha1_key_, 20, EVP_sha1(), NULL); +- HMAC_Update(&hmacsha1_ctx, (void *) &cur_salt->cno, 4); +- HMAC_Final(&hmacsha1_ctx, iv, (unsigned int *) &mdlen); +- HMAC_CTX_cleanup(&hmacsha1_ctx); ++ hmac_sha1(hmacsha1_key_, 20, (unsigned char*)&cur_salt->cno, 4, iv, 20); + if (cur_salt->encrypted_keyblob_size == 48) + AES_set_decrypt_key(aes_key_, 128, &aes_decrypt_key); + else +@@ -631,12 +614,7 @@ static void hash_plugin_check_hash(int index) + /* Second buffer test. If present, *this* is the very first block of the DMG */ + if (!cracked[index+j] && cur_salt->scp == 1) { + int cno = 0; +- +- HMAC_CTX_init(&hmacsha1_ctx); +- HMAC_Init_ex(&hmacsha1_ctx, hmacsha1_key_, 20, EVP_sha1(), NULL); +- HMAC_Update(&hmacsha1_ctx, (void *) &cno, 4); +- HMAC_Final(&hmacsha1_ctx, iv, (unsigned int *) &mdlen); +- HMAC_CTX_cleanup(&hmacsha1_ctx); ++ hmac_sha1(hmacsha1_key_, 20, (unsigned char*)&cno, 4, iv, 20); + if (cur_salt->encrypted_keyblob_size == 48) + AES_set_decrypt_key(aes_key_, 128, &aes_decrypt_key); + else Added: head/security/john/files/patch-jumbo.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/john/files/patch-jumbo.c Thu Mar 7 13:46:10 2019 (r494946) @@ -0,0 +1,26 @@ +--- jumbo.c.orig 2014-12-18 07:59:02 UTC ++++ jumbo.c +@@ -334,3 +334,23 @@ int setenv(const char *name, const char *val, int over + return 0; + } + #endif ++ ++int check_pkcs_pad(const unsigned char* data, size_t len, int blocksize) ++{ ++ int pad_len = data[len - 1]; ++ int padding = pad_len; ++ int real_len = len - pad_len; ++ const unsigned char *p = data + real_len; ++ ++ if (pad_len > blocksize || pad_len < 1) ++ return -1; ++ ++ if (len < blocksize) ++ return -1; ++ ++ while (pad_len--) ++ if (*p++ != padding) ++ return -1; ++ ++ return real_len; ++} Added: head/security/john/files/patch-jumbo.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/john/files/patch-jumbo.h Thu Mar 7 13:46:10 2019 (r494946) @@ -0,0 +1,13 @@ +--- jumbo.h.orig 2014-12-18 07:59:02 UTC ++++ jumbo.h +@@ -388,4 +388,10 @@ extern int setenv(const char *name, const char *val, i + //HAVE_STRTOL + //HAVE_STRTOUL + ++/* ++ * Standard PKCS padding check. On success, returns net length. ++ * On failure, returns -1. ++ */ ++extern int check_pkcs_pad(const unsigned char* data, size_t len, int blocksize); ++ + #endif /* _JTR_JUMBO_H */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903071346.x27DkAGD030255>