HTML Data Port

© 2005 Goetz Heller

Table of Contents Description Source Code Copyright Note back

HMAC: Keyed-Hashing for Message Authentication - Examples

These examples calculate the results for test input as given in RFC 2104 for different hash algorithms. The algorithms used are MD4, MD5, and for demonstration purposes, base64, a non-existing algorithm 'Unknown', and another non-hash class, 'NoHash', created on the fly.

Example Script
      // initialize array of input strings
      var inp = [
        'Hi There',
        'what do ya want for nothing?',
        ''
      ];
      // make a copy to hold printable versions
      var si = inp.slice(0, inp.length);
      for (var j = 0; j < inp.length; j++) {
        si[j] = inp[j];
      }
      // create unprintable input string
      for (var i = 0; i < 50; i++) {
        inp[2] += String.fromCharCode(0xdd);
      }
      // create printable versions
      for (var j = 0; j < si.length; j++) {
        if (si[j] == '') {
          si[j] = '0x';
          for (var i = 0; i < inp[j].length; i++) {
            si[j] += ((inp[j].charCodeAt(i) < 16) ? '0' : '') + inp[j].charCodeAt(i).toString(16);
          }
        }
      }
      // initialize array of keys
      var key = [
        '',
        'Jefe',
        ''
      ];
      // make a copy to hold printable versions
      var sk = key.slice(0, key.length);
      for (var j = 0; j < key.length; j++) {
        sk[j] = key[j];
      }
      // create unprintable key strings
      for (var i = 0; i < 16; i++) {
        key[0] += String.fromCharCode(0x0b);
        key[2] += String.fromCharCode(0xaa);
      }
      // create printable versions
      for (var j = 0; j < key.length; j++) {
        if (sk[j] == '') {
          sk[j] = '0x';
          for (var i = 0; i < key[j].length; i++) {
            sk[j] += ((key[j].charCodeAt(i) < 16) ? '0' : '') + key[j].charCodeAt(i).toString(16);
          }
        }
      }
      // control line breaks
      var br = ' ';
      document.write('<' + 'h5>HMAC-MD4<' + '/h5>\n');
      // =========================================================================================
      // create an MD4 hash algorithm and instantiate a new HMAC algorithm with it
      // =========================================================================================
      try {
        var md4 = core.createInstance('system.security.encryption.hash.MD4');
        var hmacMD4 = core.createInstance('system.security.encryption.hash.HMAC', md4);
        // calculate hash
        var d = '';
        for (var j = 0; j < inp.length; j++) {
          d = hmacMD4.computeHash(key[j], inp[j]);
          s = '0x';
          for (var i = 0; i < d.length; i++) {
            s += ((d.charCodeAt(i) < 16) ? '0' : '') + d.charCodeAt(i).toString(16);
          }
          br = (si[j].length > 40) ? '\n\t' : ' ';
          document.write(hmacMD4 + '.computeHash(\''+si[j]+'\',' + br + '\''+sk[j]+'\') = \'' + s +'\'<' + 'br/>');
        }
      } catch (e) {
        document.write(e.message + '<' + 'br/>');
      }
      document.write('\n\n<' + 'h5>HMAC-MD5<' + '/h5>\n');
      // =========================================================================================
      // instantiate a new HMAC algorithm with the name of the MD5 algorithm
      // =========================================================================================
      try {
      var hmacMD5 = core.createInstance('system.security.encryption.hash.HMAC','MD5');
        // calculate hash
        for (var j = 0; j < inp.length; j++) {
          d = hmacMD5.computeHash(inp[j], key[j]);
          s = '';
          for (var i = 0; i < d.length; i++) {
            s += ((d.charCodeAt(i) < 16) ? '0' : '') + d.charCodeAt(i).toString(16);
          }
          br = (si[j].length > 40) ? '\n\t' : ' ';
          document.write(hmacMD5 + '.computeHash(\''+si[j]+'\',' + br + '\''+sk[j]+'\') = \'0x' + s +'\'<' + 'br/>');
        }
      } catch (e) {
        document.write(e.message + '<' + 'br/>');
      }
      document.write('\n\n<' + 'h5>HMAC-Unknown<' + '/h5>\n');
      // =========================================================================================
      // try to instantiate a new HMAC algorithm with the name of a non-exisiting class
      // =========================================================================================
      var alg = 'Unknown';
      var hmacUnknown = null;
      try {
        hmacUnknown = core.createInstance('system.security.encryption.hash.HMAC' ,alg);
        for (var j = 0; j < inp.length; j++) {
          d = hmacUnknown.computeHash(inp[j], key[j]);
          s = '';
          for (var i = 0; i < d.length; i++) {
            s += ((d.charCodeAt(i) < 16) ? '0' : '') + d.charCodeAt(i).toString(16);
          }
          br = (si[j].length > 40) ? '\n\t' : ' ';
          document.write(hmacUnknown + '.computeHash(\''+si[j]+'\',' + br + '\''+sk[j]+'\') = \'0x' + s +'\'<' + 'br/>');
        }
      } catch (e) {
        document.write(e.message + '<' + 'br/>');
      }
      document.write('\n\n<' + 'h5>HMAC-NoHash (1)<' + '/h5>\n');
      // =========================================================================================
      // try to instantiate a new HMAC algorithm with the name of a non-hash algorithm
      // =========================================================================================
      var alg = 'NoHash';

      var nh = function() {};
      nh.classID = function() { return 'system.security.encryption.hash.NoHash'; };
      core.installClass(nh);

      var hmacNoHash = null;
      try{
        hmacNoHash = core.createInstance('system.security.encryption.hash.HMAC', alg);
        for (var j = 0; j < inp.length; j++) {
          d = hmacNoHash.computeHash(inp[j], key[j]);
          s = '';
          for (var i = 0; i < d.length; i++) {
            s += ((d.charCodeAt(i) < 16) ? '0' : '') + d.charCodeAt(i).toString(16);
          }
          br = (si[j].length > 40) ? '\n\t' : ' ';
          document.write(hmacNoHash + '.computeHash(\''+si[j]+'\',' + br + '\''+sk[j]+'\') = \'0x' + s +'\'<' + 'br/>');
        }
      } catch (e) {
        document.write(e.message + '<' + 'br/>');
      }
      document.write('\n\n<' + 'h5>HMAC-NoHash (2)<' + '/h5>\n');
      // =========================================================================================
      // try to instantiate a new HMAC algorithm with a non-hash algorithm
      // =========================================================================================
      alg = core.createInstance('system.security.encryption.hash.NoHash');
      hmacNoHash = null;
      try{
        hmacNoHash = core.createInstance('system.security.encryption.hash.HMAC', alg);
        for (var j = 0; j < inp.length; j++) {
          d = hmacNoHash.computeHash(inp[j], key[j]);
          s = '';
          for (var i = 0; i < d.length; i++) {
            s += ((d.charCodeAt(i) < 16) ? '0' : '') + d.charCodeAt(i).toString(16);
          }
          br = (si[j].length > 40) ? '\n\t' : ' ';
          document.write(hmacNoHash + '.computeHash(\''+si[j]+'\',' + br + '\''+sk[j]+'\') = \'0x' + s +'\'<' + 'br/>');
        }
      } catch (e) {
        document.write(e.message + '<' + 'br/>');
      }
      document.write('\n\n<' + 'h5>HMAC-base64<' + '/h5>\n');
      // =========================================================================================
      // try to instantiate a new HMAC algorithm with base64 algorithm
      // =========================================================================================
      alg = core.createInstance('system.utility.base64');
      hmacBase64 = null;
      try{
        hmacBase64 = core.createInstance('system.security.encryption.hash.HMAC', alg);
        for (var j = 0; j < inp.length; j++) {
          d = hmacBase64.computeHash(inp[j], key[j]);
          s = '';
          for (var i = 0; i < d.length; i++) {
            s += ((d.charCodeAt(i) < 16) ? '0' : '') + d.charCodeAt(i).toString(16);
          }
          br = (si[j].length > 40) ? '\n\t' : ' ';
          document.write(hmacBase64 + '.computeHash(\''+si[j]+'\',' + br + '\''+sk[j]+'\') = \'0x' + s +'\'<' + 'br/>');
        }
      } catch (e) {
        document.write(e.message + '<' + 'br/>');
      }
    
Results