v1.21. fixes for -hmac, openssl hash support, -sha384 added

Author: Colum Paget

CHANGELOG

@@ -1,3 +1,9 @@
+v1.21 (2024-06-20)
+  * fix -hmac option that's been broken by changes in libUseful
+  * add '-list-hashes' option to list available has types
+  * add -sha384 option
+  * openssl-provided hashes now supported
+
 v1.20 (2024-06-18)
   * Bring "make check" (check.sh) up to date with latest functioning of hashrat
   * Compile if openssl not available (update to latest libUseful)

Makefile

@@ -1,5 +1,5 @@
 CC = gcc
-CFLAGS = -g -O2 -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -fstack-protector-strong
+CFLAGS = -g -O2
 LIBS = libUseful-5/libUseful.a -lssl -lcrypto -lz  
 INSTALL=/usr/bin/install -c
 prefix=/usr/local

README.md

@@ -50,9 +50,12 @@ OPTIONS
   -?              Print this help
   --version       Print program version
   -version        Print program version
+  -list-hashes    List available hash functions, including those supported by openssl
+  -type <hash>    Hash using supplied type. This supports chaining hashes like so: '-type sha512,md5'
   -md5            Use md5 hash algorithmn
   -sha1           Use sha1 hash algorithmn
   -sha256         Use sha256 hash algorithmn
+  -sha384         Use sha256 hash algorithmn
   -sha512         Use sha512 hash algorithmn
   -whirl          Use whirlpool hash algorithmn
   -whirlpool      Use whirlpool hash algorithmn
@@ -159,6 +162,7 @@ Hashrat can also detect if it's being run under any of the following names (e.g.
   shasum          run with '-trad -sha1'
   sha1sum         run with '-trad -sha1'
   sha256sum       run with '-trad -sha256'
+  sha384sum       run with '-trad -sha256'
   sha512sum       run with '-trad -sha512'
   jh224sum        run with '-trad -jh224'
   jh256sum        run with '-trad -jh256'
@@ -250,6 +254,31 @@ USE EXAMPLES
 		Search for duplicate files under /home. Update hashes stored in filesystem attributes as you go
 ```
 
+
+OPENSSL HASHES
+==============
+
+From v1.21 hashrat supports using hash functions supplied by openssl (provided it's been compiled with --enable-openssl). A list of available hashes can be viewed with `hashrat -list-hashes` and then any listed hash function can be used via the type option.
+
+e.g.
+
+`hashrat -type openssl:shake128`
+
+
+
+CHAINING HASHES
+===============
+
+Hashes can be 'chained' (fed into each other) using the '-type' option and a comma-separated list of hash names. 
+
+e.g.
+
+`hashrat -type sha512,sha512,whirl,md5`
+
+this would pipe any input into sha512, then the output of that goes into another sha512 round, then into whirlpool, and finally md5
+
+
+
 USES FOR HASHRAT
 ================
 

check.sh

@@ -46,6 +46,7 @@ do
 	if [ "$HR_OUT" != "$3" ]
 	then
 		RESULT=FAIL
+		break
 	fi
 	I=`expr $I + 1`
 done
@@ -60,6 +61,37 @@ fi
 }
 
 
+TestHMAC()
+{
+RESULT=PASS
+
+if [ "$2" = "" ]
+then
+MSG="$1 HMAC"
+else
+MSG="$2"
+fi
+
+#this test is compatible with those on https://en.wikipedia.org/wiki/HMAC
+HR_OUT=`echo -n "The quick brown fox jumps over the lazy dog" | ./hashrat -$1 -hmac key`
+
+if [ "$HR_OUT" != "$3" ]
+then
+	RESULT=FAIL
+fi
+
+
+if [ "$RESULT" = "FAIL" ]
+then
+	FailMessage "$MSG BROKEN"
+else
+	OkayMessage "$MSG works"
+fi
+}
+
+
+
+
 TestLocate()
 {
 HR_OUT=`echo $1 | ./hashrat -m -md5 -r .`
@@ -136,6 +168,7 @@ Title "Testing Hash Types"
 TestHash md5 "" 68e88e7b46a0fbd8a54c8932d2a9710d
 TestHash sha1 "" d27f161a82d2834afccda6bfc1d10b2024fc6ec0
 TestHash sha256 "" c7fadad016311a935a56dcdfb585cf5a4781073f7da13afa22177796e566434f
+TestHash sha384 "" 74bad027d593889aecd64042cdad05d01792e8f36f2c65f19cbfce2e4a61ef72bccc1eea4188e59ed03d711daa1410f6
 TestHash sha512 "" 0b8ac7af4b8e2dc449781888287aa50e9501b68766254b0c1bc6e17e7e86288c0a83b03d34f9c4c32836ca00a026323d8bbafc39f0c50f0c6b19200a28095595
 TestHash whirlpool "" b690486285b18a9cbea3105a8f7e8ee439ef878530fe2e389e0b5ab17658df79ad6c83c1f836f81f51ce5c73a6899f0355fdad9f257526fc718ea04f7aa1b792
 TestHash jh224 "" af0d674cdaaa7ec27b9c80acc763c6d51301c4273cd929fe043f67ca
@@ -146,9 +179,18 @@ TestHash jh512 "" 05feebb3148d9b0d12025759e4e054fe851dc6ad5bf58d3f79afb7d61caf8c
 Title "Testing Repeated Iterations (may take some time)"
 TestHash md5 "1000 md5" 68e88e7b46a0fbd8a54c8932d2a9710d 1000
 TestHash sha1 "1000 sha1" d27f161a82d2834afccda6bfc1d10b2024fc6ec0 1000
+TestHash sha256 "1000 sha256" c7fadad016311a935a56dcdfb585cf5a4781073f7da13afa22177796e566434f 1000
+TestHash sha384 "1000 sha384" 74bad027d593889aecd64042cdad05d01792e8f36f2c65f19cbfce2e4a61ef72bccc1eea4188e59ed03d711daa1410f6 1000
 TestHash whirlpool "1000 whirlpool" b690486285b18a9cbea3105a8f7e8ee439ef878530fe2e389e0b5ab17658df79ad6c83c1f836f81f51ce5c73a6899f0355fdad9f257526fc718ea04f7aa1b792 1000
 TestHash jh384 "1000 jh384" 55c63e4c22303227495c076ba0b11cda09a77856b98ee7d285283509415ca47141b09136daaada9fa3f10522456484db 1000
 
+Title "Testing HMAC digests"
+TestHMAC md5 "" 80070713463e7749b90c2dc24911e275
+TestHMAC sha1 "" de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9
+TestHMAC sha256 "" f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8
+TestHMAC sha384 "" d7f4727e2c0b39ae0f1e40cc96f60242d5b7801841cea6fc592c5d3e1ae50700582a96cf35e1e554995fe4e03381c237
+TestHMAC sha512 "" b42af09057bac1e2d41708e48a902e09b5ff7f12ab428a4fe86653c73dd248fb82f948a549f7b791a5b41915ee4d1ec3935357e4e2317250d0372afa2ebeeb3a
+
 Title "Testing Encoding"
 TestHash 8 "base 8 (octal) encoding" 322177026032202322203112374315246277301321013040044374156300
 TestHash 10 "base 10 (decimal) encoding" 210127022026130210131074252205166191193209011032036252110192

command-line-args.c

@@ -167,6 +167,7 @@ HashratCtx *CommandLineParseArg0()
     )
         CommandLineHandleArg(Ctx,FLAG_TRAD_OUTPUT, "HashType", "sha1",Ctx->Vars);
     if (strcmp(ptr,"sha256sum")==0) CommandLineHandleArg(Ctx,FLAG_TRAD_OUTPUT, "HashType", "sha256",Ctx->Vars);
+    if (strcmp(ptr,"sha384sum")==0) CommandLineHandleArg(Ctx,FLAG_TRAD_OUTPUT, "HashType", "sha384",Ctx->Vars);
     if (strcmp(ptr,"sha512sum")==0) CommandLineHandleArg(Ctx,FLAG_TRAD_OUTPUT, "HashType", "sha512",Ctx->Vars);
     if (strcmp(ptr,"whirlpoolsum")==0) CommandLineHandleArg(Ctx,FLAG_TRAD_OUTPUT, "HashType", "whirlpool",Ctx->Vars);
     if (strcmp(ptr,"jh224sum")==0) CommandLineHandleArg(Ctx,FLAG_TRAD_OUTPUT, "HashType", "jh-224",Ctx->Vars);
@@ -241,10 +242,12 @@ HashratCtx *CommandLineParseArgs(int argc, char *argv[])
         else if (strcmp(arg,"-cB")==0) Ctx->Action = ACT_CHECKBACKUP;
         else if (strcmp(arg,"-cgi")==0) Ctx->Action = ACT_CGI;
         else if (strcmp(arg,"-xdialog")==0) Ctx->Action = ACT_XDIALOG;
+        else if (strcmp(arg,"-list-hashes")==0) Ctx->Action = ACT_LIST_TYPES;
         else if (strcmp(arg,"-md5")==0) CommandLineHandleArg(Ctx,0, "HashType", "md5",Ctx->Vars);
         else if (strcmp(arg,"-sha")==0) CommandLineHandleArg(Ctx,0, "HashType", "sha1",Ctx->Vars);
         else if (strcmp(arg,"-sha1")==0) CommandLineHandleArg(Ctx,0, "HashType", "sha1",Ctx->Vars);
         else if (strcmp(arg,"-sha256")==0) CommandLineHandleArg(Ctx,0, "HashType", "sha256",Ctx->Vars);
+        else if (strcmp(arg,"-sha384")==0) CommandLineHandleArg(Ctx,0, "HashType", "sha384",Ctx->Vars);
         else if (strcmp(arg,"-sha512")==0) CommandLineHandleArg(Ctx,0, "HashType", "sha512",Ctx->Vars);
         else if (strcmp(arg,"-whirl")==0) CommandLineHandleArg(Ctx,0, "HashType", "whirlpool",Ctx->Vars);
         else if (strcmp(arg,"-whirlpool")==0) CommandLineHandleArg(Ctx,0, "HashType", "whirlpool",Ctx->Vars);
@@ -444,9 +447,12 @@ void CommandLinePrintUsage()
     printf("  %-15s %s\n","-?", "Print this help");
     printf("  %-15s %s\n","--version", "Print program version");
     printf("  %-15s %s\n","-version", "Print program version");
+    printf("  %-15s %s\n","-list-hashes", "Print a list of hashes that can be used with the '-type' option");
+    printf("  %-15s %s\n","-type <hash>", "specify a hash type to use. This supports hashes coming from other subsystems, such as openssl. It also supports 'chaining' hash types like so: -type sha256,whirl");
     printf("  %-15s %s\n","-md5", "Use md5 hash algorithmn");
     printf("  %-15s %s\n","-sha1", "Use sha1 hash algorithmn");
     printf("  %-15s %s\n","-sha256", "Use sha256 hash algorithmn");
+    printf("  %-15s %s\n","-sha384", "Use sha384 hash algorithmn");
     printf("  %-15s %s\n","-sha512", "Use sha512 hash algorithmn");
     printf("  %-15s %s\n","-whirl", "Use whirlpool hash algorithmn");
     printf("  %-15s %s\n","-whirlpool", "Use whirlpool hash algorithmn");
@@ -547,6 +553,7 @@ void CommandLinePrintUsage()
     printf("  %-15s %s\n","shasum","run with '-trad -sha1'");
     printf("  %-15s %s\n","sha1sum","run with '-trad -sha1'");
     printf("  %-15s %s\n","sha256sum","run with '-trad -sha256'");
+    printf("  %-15s %s\n","sha384sum","run with '-trad -sha384'");
     printf("  %-15s %s\n","sha512sum","run with '-trad -sha512'");
     printf("  %-15s %s\n","jh224sum","run with '-trad -jh224'");
     printf("  %-15s %s\n","jh256sum","run with '-trad -jh256'");

common.c

@@ -11,7 +11,7 @@ int MatchCount=0, DiffCount=0;
 time_t Now;
 uint64_t HashStartTime;
 
-const char *HashratHashTypes[]= {"md5","sha1","sha256","sha512","whirl","whirlpool","jh-224","jh-256","jh-384","jh-512",NULL};
+const char *HashratHashTypes[]= {"md5","sha1","sha256","sha384","sha512","whirl","whirlpool","jh-224","jh-256","jh-384","jh-512",NULL};
 
 
 

common.h

@@ -5,7 +5,7 @@
 #include "libUseful-5/libUseful.h"
 #include "glob.h"
 
-#define VERSION "1.20"
+#define VERSION "1.21"
 
 #define ACT_NONE 0
 #define ACT_HASH 1
@@ -27,6 +27,7 @@
 #define ACT_BACKUP 24
 #define ACT_CHECKBACKUP 25
 #define ACT_OTP 26
+#define ACT_LIST_TYPES 27
 
 #define FLAG_NEXTARG 1
 //Two flags with the same values, but used in different contexts

files.c

@@ -283,7 +283,7 @@ void ProcessData(char **RetStr, HashratCtx *Ctx, const char *Data, int DataLen)
 
             ptr=GetVar(Ctx->Vars, "InputPrefix");
             if (StrValid(ptr)) Hash->Update(Hash,ptr, StrLen(ptr));
-            Hash->Update(Hash,Data, DataLen);
+            Hash->Update(Hash, Data, DataLen);
             HashratFinishHash(RetStr, Ctx, Hash);
         }
     }

find.c

@@ -266,11 +266,11 @@ void *MatchesLoad(HashratCtx *Ctx, int Flags)
         {
             StripTrailingWhitespace(Line);
             FP=TFingerprintParse(Line);
-	    if (FP)
-	    {
-            if (MatchAdd(FP, "", Flags)) count++;
-	    //native format can specify the type of hash that it is supplying
-	    if (StrValid(FP->HashType)) Ctx->HashType=CopyStr(Ctx->HashType, FP->HashType);
+            if (FP)
+            {
+                if (MatchAdd(FP, "", Flags)) count++;
+                //native format can specify the type of hash that it is supplying
+                if (StrValid(FP->HashType)) Ctx->HashType=CopyStr(Ctx->HashType, FP->HashType);
             }
             Line=STREAMReadLine(Line, S);
         }

libUseful-5/HMAC.c

@@ -99,10 +99,13 @@ void HMACPrepare(HASH *HMAC, const char *Data, int Len)
 HASH *HMACInit(const char *Type)
 {
     HASH *Hash;
+    const char *ptr;
 
     Hash=(HASH *) calloc(1, sizeof(HASH));
-    Hash->Ctx=(void *) HashInit(Type);
-    Hash->Type=MCopyStr(Hash->Type, "hmac-", Type, NULL);
+    if (strncasecmp(Type, "hmac-", 5)==0) ptr=Type+5;
+    else ptr=Type;
+    Hash->Ctx=(void *) HashInit(ptr);
+    Hash->Type=MCopyStr(Hash->Type, "hmac-", ptr, NULL);
     Hash->Update=HMACPrepare;
     Hash->Finish=HMACFinish;
 

libUseful-5/Hash.c

@@ -8,7 +8,7 @@
 #include "HashJH.h"
 #include "HashWhirlpool.h"
 #include "HashOpenSSL.h"
-
+#include "HMAC.h"
 
 static ListNode *HashTypes=NULL;
 
@@ -83,7 +83,10 @@ HASH *HashInit(const char *Type)
 
     if (! HashTypes) HashRegisterAll();
 
-    GetToken(Type, ",", &InitialType, 0);
+    GetToken(Type, ",", &InitialType, 0); 
+    if (strncmp(InitialType, "hmac-", 5) == 0) Hash=HMACInit(InitialType+5);
+    else
+    {
     Node=ListFindNamedItem(HashTypes, InitialType);
     if (Node)
     {
@@ -98,6 +101,7 @@ HASH *HashInit(const char *Type)
         }
     }
     else RaiseError(0, "HashInit", "Unsupported Hash Type: '%s'", InitialType);
+    }
 
     Destroy(InitialType);
 

libUseful-5/HashOpenSSL.c

@@ -4,21 +4,26 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
+static void OpenSSLFreeHashCTX(HASH *Hash)
+{
+#ifdef HAVE_EVP_MD_CTX_FREE
+    EVP_MD_CTX_free(Hash->Ctx);
+#else
+    EVP_MD_CTX_destroy(Hash->Ctx);
+#endif
+
+Hash->Ctx=NULL;
+}
+
 
 static int OpenSSLFinishHash(HASH *Hash, char **Digest)
 {
     int Len;
 
     *Digest=SetStrLen(*Digest, EVP_MAX_MD_SIZE);
     EVP_DigestFinal((EVP_MD_CTX *) Hash->Ctx, *Digest, &Len);
+    OpenSSLFreeHashCTX(Hash);
 
-#ifdef HAVE_EVP_MD_CTX_FREE
-    EVP_MD_CTX_free(Hash->Ctx);
-#else
-    EVP_MD_CTX_destroy(Hash->Ctx);
-#endif
-
-    Hash->Ctx=NULL;
     return(Len);
 }
 
@@ -44,22 +49,35 @@ static int OpenSSLInitHash(HASH *Hash, const char *Name, int Size)
         Hash->Ctx=(EVP_MD_CTX *) EVP_MD_CTX_create();
 #endif
 
-        EVP_DigestInit(Hash->Ctx, MD);
+        if (! EVP_DigestInit(Hash->Ctx, MD)) 
+	{
+	OpenSSLFreeHashCTX(Hash);
+	return(FALSE);
+	}
+
         Hash->Update=OpenSSLUpdateHash;
         Hash->Finish=OpenSSLFinishHash;
+
         return(TRUE);
     }
     return(FALSE);
 }
 
+//this function gets 'called back' by the call to 'OBJ_NAME_do_all' in HashRegisterOpenSSL
+//and is called for each algorithm name that openssl supports
 static void OpenSSLDigestCallback(const OBJ_NAME *obj, void *arg)
 {
     char *Tempstr=NULL;
+    HASH *Hash;
 
-
+    Hash=(HASH *) calloc(1, sizeof(HASH));
+    if (OpenSSLInitHash(Hash, obj->name, 0))
+    {
     HashRegister(obj->name, 0, OpenSSLInitHash);
     Tempstr=MCopyStr(Tempstr, "openssl:", obj->name, NULL);
     HashRegister(Tempstr, 0, OpenSSLInitHash);
+    }
+    OpenSSLFreeHashCTX(Hash);
 
     Destroy(Tempstr);
 }
@@ -69,6 +87,6 @@ void HashRegisterOpenSSL()
 {
 #ifdef HAVE_LIBSSL
     OpenSSL_add_all_digests(); //make sure they're loaded
-    OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, OpenSSLDigestCallback, NULL);
+    OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, OpenSSLDigestCallback, NULL);
 #endif
 }