1563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
2563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
3563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * in FIPS PUB 180-1
4563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Version 2.1a Copyright Paul Johnston 2000 - 2002.
5563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
6563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Distributed under the BSD License
7563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * See http://pajhome.org.uk/crypt/md5 for details.
8563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
9563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
10563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
11563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Configurable variables. You may need to tweak these to be compatible with
12563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * the server-side, but the defaults work in most cases.
13563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
14563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkvar hexcase = 0;  /* hex output format. 0 - lowercase; 1 - uppercase        */
15563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkvar b64pad  = ""; /* base-64 pad character. "=" for strict RFC compliance   */
16563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkvar chrsz   = 8;  /* bits per input character. 8 - ASCII; 16 - Unicode      */
17563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
18563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
19563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * These are the functions you'll usually want to call
20563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * They take string arguments and return either hex or base-64 encoded strings
21563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
22563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));}
23563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction b64_sha1(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz));}
24563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));}
25563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));}
26563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));}
27563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));}
28563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
29563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
30563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Perform a simple self-test to see if the VM is working
31563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
32563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction sha1_vm_test()
33563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
34563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d";
35563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
36563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
37563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
38563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Calculate the SHA-1 of an array of big-endian words, and a bit length
39563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
40563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction core_sha1(x, len)
41563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
42563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  /* append padding */
43563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  x[len >> 5] |= 0x80 << (24 - len % 32);
44563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  x[((len + 64 >> 9) << 4) + 15] = len;
45563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
46563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var w = Array(80);
47563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var a =  1732584193;
48563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var b = -271733879;
49563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var c = -1732584194;
50563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var d =  271733878;
51563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var e = -1009589776;
52563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
53563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  for(var i = 0; i < x.length; i += 16)
54563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  {
55563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    var olda = a;
56563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    var oldb = b;
57563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    var oldc = c;
58563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    var oldd = d;
59563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    var olde = e;
60563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
61563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    for(var j = 0; j < 80; j++)
62563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    {
63563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark      if(j < 16) w[j] = x[i + j];
64563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark      else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
65563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark      var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)),
66563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark                       safe_add(safe_add(e, w[j]), sha1_kt(j)));
67563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark      e = d;
68563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark      d = c;
69563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark      c = rol(b, 30);
70563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark      b = a;
71563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark      a = t;
72563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    }
73563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
74563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    a = safe_add(a, olda);
75563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    b = safe_add(b, oldb);
76563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    c = safe_add(c, oldc);
77563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    d = safe_add(d, oldd);
78563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    e = safe_add(e, olde);
79563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  }
80563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return Array(a, b, c, d, e);
81563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
82563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
83563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
84563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
85563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Perform the appropriate triplet combination function for the current
86563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * iteration
87563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
88563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction sha1_ft(t, b, c, d)
89563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
90563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  if(t < 20) return (b & c) | ((~b) & d);
91563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  if(t < 40) return b ^ c ^ d;
92563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  if(t < 60) return (b & c) | (b & d) | (c & d);
93563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return b ^ c ^ d;
94563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
95563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
96563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
97563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Determine the appropriate additive constant for the current iteration
98563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
99563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction sha1_kt(t)
100563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
101563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return (t < 20) ?  1518500249 : (t < 40) ?  1859775393 :
102563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark         (t < 60) ? -1894007588 : -899497514;
103563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
104563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
105563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
106563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Calculate the HMAC-SHA1 of a key and some data
107563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
108563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction core_hmac_sha1(key, data)
109563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
110563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var bkey = str2binb(key);
111563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz);
112563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
113563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var ipad = Array(16), opad = Array(16);
114563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  for(var i = 0; i < 16; i++)
115563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  {
116563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    ipad[i] = bkey[i] ^ 0x36363636;
117563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    opad[i] = bkey[i] ^ 0x5C5C5C5C;
118563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  }
119563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
120563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz);
121563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return core_sha1(opad.concat(hash), 512 + 160);
122563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
123563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
124563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
125563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Add integers, wrapping at 2^32. This uses 16-bit operations internally
126563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * to work around bugs in some JS interpreters.
127563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
128563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction safe_add(x, y)
129563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
130563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var lsw = (x & 0xFFFF) + (y & 0xFFFF);
131563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
132563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return (msw << 16) | (lsw & 0xFFFF);
133563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
134563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
135563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
136563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Bitwise rotate a 32-bit number to the left.
137563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
138563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction rol(num, cnt)
139563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
140563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return (num << cnt) | (num >>> (32 - cnt));
141563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
142563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
143563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
144563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Convert an 8-bit or 16-bit string to an array of big-endian words
145563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * In 8-bit function, characters >255 have their hi-byte silently ignored.
146563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
147563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction str2binb(str)
148563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
149563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var bin = Array();
150563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var mask = (1 << chrsz) - 1;
151563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  for(var i = 0; i < str.length * chrsz; i += chrsz)
152563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32);
153563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return bin;
154563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
155563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
156563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
157563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Convert an array of big-endian words to a string
158563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
159563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction binb2str(bin)
160563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
161563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var str = "";
162563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var mask = (1 << chrsz) - 1;
163563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  for(var i = 0; i < bin.length * 32; i += chrsz)
164563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask);
165563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return str;
166563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
167563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
168563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
169563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Convert an array of big-endian words to a hex string.
170563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
171563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction binb2hex(binarray)
172563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
173563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
174563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var str = "";
175563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  for(var i = 0; i < binarray.length * 4; i++)
176563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  {
177563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +
178563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark           hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8  )) & 0xF);
179563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  }
180563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return str;
181563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
182563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
183563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark/*
184563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark * Convert an array of big-endian words to a base-64 string
185563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark */
186563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfunction binb2b64(binarray)
187563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark{
188563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
189563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  var str = "";
190563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  for(var i = 0; i < binarray.length * 4; i += 3)
191563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  {
192563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    var triplet = (((binarray[i   >> 2] >> 8 * (3 -  i   %4)) & 0xFF) << 16)
193563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark                | (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 )
194563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark                |  ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF);
195563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    for(var j = 0; j < 4; j++)
196563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    {
197563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark      if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
198563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark      else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
199563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    }
200563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  }
201563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark  return str;
202563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
203563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
204563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
205563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkvar plainText = "Two households, both alike in dignity,\n\
206563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkIn fair Verona, where we lay our scene,\n\
207563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkFrom ancient grudge break to new mutiny,\n\
208563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkWhere civil blood makes civil hands unclean.\n\
209563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkFrom forth the fatal loins of these two foes\n\
210563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkA pair of star-cross'd lovers take their life;\n\
211563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkWhole misadventured piteous overthrows\n\
212563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkDo with their death bury their parents' strife.\n\
213563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkThe fearful passage of their death-mark'd love,\n\
214563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkAnd the continuance of their parents' rage,\n\
215563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkWhich, but their children's end, nought could remove,\n\
216563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkIs now the two hours' traffic of our stage;\n\
217563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkThe which if you with patient ears attend,\n\
218563af33bc48281d19dce701398dbb88cb54fd7ecCary ClarkWhat here shall miss, our toil shall strive to mend.";
219563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
220563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkfor (var i = 0; i <4; i++) {
221563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark    plainText += plainText;
222563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark}
223563af33bc48281d19dce701398dbb88cb54fd7ecCary Clark
224563af33bc48281d19dce701398dbb88cb54fd7ecCary Clarkvar sha1Output = hex_sha1(plainText);
225