mirror of
https://github.com/wneessen/go-hibp.git
synced 2024-11-09 15:32:52 +01:00
Winni Neessen
179cd36d7f
This PR implements support for NTLM hashes as announced by Troy Hunt: https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768 For this we needed to be able to calculate MD4 hashes, as NTLM basically is calculated like this: `MD4(UTF-16LE(pw))`. For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that "only depends on Go stdlib" A new Client option has been introduced: `WithPwnedNTLMHash`. If the client is initalized with this option, all generic methods (`ListHashesPassword` and `CheckPassword`) will operate on NTLM hashes. Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: `CheckNTLM` and `ListHashesNTLM`
95 lines
2 KiB
Go
95 lines
2 KiB
Go
// Copyright 2009 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// MD4 block step.
|
|
// In its own file so that a faster assembly or C version
|
|
// can be substituted easily.
|
|
|
|
package md4
|
|
|
|
import "math/bits"
|
|
|
|
var (
|
|
shift1 = []int{3, 7, 11, 19}
|
|
shift2 = []int{3, 5, 9, 13}
|
|
shift3 = []int{3, 9, 11, 15}
|
|
)
|
|
|
|
var (
|
|
xIndex2 = []uint{0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15}
|
|
xIndex3 = []uint{0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15}
|
|
)
|
|
|
|
func _Block(dig *digest, p []byte) int {
|
|
a := dig.s[0]
|
|
b := dig.s[1]
|
|
c := dig.s[2]
|
|
d := dig.s[3]
|
|
n := 0
|
|
var X [16]uint32
|
|
for len(p) >= _Chunk {
|
|
aa, bb, cc, dd := a, b, c, d
|
|
|
|
j := 0
|
|
for i := 0; i < 16; i++ {
|
|
X[i] = uint32(p[j]) | uint32(p[j+1])<<8 | uint32(p[j+2])<<16 | uint32(p[j+3])<<24
|
|
j += 4
|
|
}
|
|
|
|
// If this needs to be made faster in the future,
|
|
// the usual trick is to unroll each of these
|
|
// loops by a factor of 4; that lets you replace
|
|
// the shift[] lookups with constants and,
|
|
// with suitable variable renaming in each
|
|
// unrolled body, delete the a, b, c, d = d, a, b, c
|
|
// (or you can let the optimizer do the renaming).
|
|
//
|
|
// The index variables are uint so that % by a power
|
|
// of two can be optimized easily by a compiler.
|
|
|
|
// Round 1.
|
|
for i := uint(0); i < 16; i++ {
|
|
x := i
|
|
s := shift1[i%4]
|
|
f := ((c ^ d) & b) ^ d
|
|
a += f + X[x]
|
|
a = bits.RotateLeft32(a, s)
|
|
a, b, c, d = d, a, b, c
|
|
}
|
|
|
|
// Round 2.
|
|
for i := uint(0); i < 16; i++ {
|
|
x := xIndex2[i]
|
|
s := shift2[i%4]
|
|
g := (b & c) | (b & d) | (c & d)
|
|
a += g + X[x] + 0x5a827999
|
|
a = bits.RotateLeft32(a, s)
|
|
a, b, c, d = d, a, b, c
|
|
}
|
|
|
|
// Round 3.
|
|
for i := uint(0); i < 16; i++ {
|
|
x := xIndex3[i]
|
|
s := shift3[i%4]
|
|
h := b ^ c ^ d
|
|
a += h + X[x] + 0x6ed9eba1
|
|
a = bits.RotateLeft32(a, s)
|
|
a, b, c, d = d, a, b, c
|
|
}
|
|
|
|
a += aa
|
|
b += bb
|
|
c += cc
|
|
d += dd
|
|
|
|
p = p[_Chunk:]
|
|
n += _Chunk
|
|
}
|
|
|
|
dig.s[0] = a
|
|
dig.s[1] = b
|
|
dig.s[2] = c
|
|
dig.s[3] = d
|
|
return n
|
|
}
|