HTML Data Port

© 2005 Goetz Heller

Table of Contents Description Examples Copyright Note back

The MD4 Hash Algorithm - JavaScript Source Code

  /// JavaScript MD4 message digest algorithm
  ///
  /// This software is derived from intellectual property of RSA Data
  /// Security Inc. and therefore underlies the following copyright:
  /// 
  /// Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
  /// rights reserved.
  /// 
  /// License to copy and use this software is granted provided that it
  /// is identified as the "RSA Data Security, Inc. MD4 Message-Digest
  /// Algorithm" in all material mentioning or referencing this software
  /// or this function.
  /// 
  /// License is also granted to make and use derivative works provided
  /// that such works are identified as "derived from the RSA Data
  /// Security, Inc. MD4 Message-Digest Algorithm" in all material
  /// mentioning or referencing the derived work.
  /// 
  /// RSA Data Security, Inc. makes no representations concerning either
  /// the merchantability of this software or the suitability of this
  /// software for any particular purpose. It is provided "as is"
  /// without express or implied warranty of any kind.
  /// 
  /// These notices must be retained in any copies of any part of this
  /// documentation and/or software.
  /// 

  /// This implementation is based on RFC 1320. The functions and their prototypes follow
  /// the microsoft patterns for encryption service providers. Since JavaScript makes it 
  /// difficult to execute bit operations in a consistent way (these are done with signed
  /// 32-bit integers, but mostly numbers are represented internally in a different manner)
  /// we have tried to avoid them largely. Since it is not expected that this implementation
  /// will handle large amounts of data efficiency was not considered a primary goal.
  ///
  /// Goetz Heller
  /// Dr.Heller Information Management
  /// 08.02.2005
  
  /// Dependencies
  ///   genhash.js

// class system.security.encryption.hash.MD4

try {
  if (system.security.encryption.hash.MD4 == null) {
    throw new Error('');
  }
} catch(e) { // don't install twice

  // dependencies
  try {
    eval('core');
  } catch(e) {
    throw new Error('MD4: class \'core\' not installed');
  }

// get base class
var baseClass = core.getClassByID('system.security.encryption.hash.hashAlgorithm');

// constructor
var MD4 = function() {};

// provide for class information
MD4.classID = function() {
  return 'system.security.encryption.hash.MD4';
};

//disallow subclassing
MD4.isFinal = function() {
  return true;
};

// define class constants
MD4.iInputBlockSize = 64;
MD4.iOutputBlockSize = 16;
MD4.hashSize = 128;

// constants for the MD4 transform routine
MD4.S11 =  3;
MD4.S12 =  7;
MD4.S13 = 11;
MD4.S14 = 19;
MD4.S21 =  3;
MD4.S22 =  5;
MD4.S23 =  9;
MD4.S24 = 13;
MD4.S31 =  3;
MD4.S32 =  9;
MD4.S33 = 11;
MD4.S34 = 15;
MD4.PADDING = [
  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
];

// make it a subclass of hashAlgorithm
core.derive(MD4, baseClass);

// setup data structure of instance
MD4.prototype.initialize = function() {
  this.state = [0x0000, 0x0000, 0x0000, 0x0000];   // state (ABCD) (uint)
  this.bcount = [0x00,0x00];                       // number of bits, modulo 2^64 (2 * uint, lsb first)
  core.getClassByID('system.security.encryption.hash.hashAlgorithm').prototype.initialize.call(this);
  this.reset();
};

// reset data structures: begins an MD4 operation, writing a new context.
MD4.prototype.reset = function() {
  // reset baseclass
  core.getClassByID('system.security.encryption.hash.hashAlgorithm').prototype.reset.call(this);
  // reset bit counter
  for (var i = 0; i < this.bcount.length; i++) {
    this.bcount[i] = 0x00;
  }
  // set magic initialization constants.
  this.state[0] = 0x67452301;
  this.state[1] = 0xefcdab89;
  this.state[2] = 0x98badcfe;
  this.state[3] = 0x10325476;
};

// F, G, and H are basic MD4 functions
MD4.prototype.F = function(x, y, z) 
{
  return ((x & y) | (~x & z));
}

MD4.prototype.G = function(x, y, z) 
{
  return ((x & y) | (x & z) | (y & z));
}

MD4.prototype.H = function(x, y, z) 
{
  return (x ^ y ^ z);
}

// ROTATE_LEFT rotates x left n bits.
MD4.prototype.ROTATE_LEFT = function(x, n) 
{
  // has been adapted to deal correctly with the javascript switching
  // between 32-bit signed ints and standard representation correctly
  if (n==0) return x;
  var s = (x&0x80000000) ? 0x80000000 : 0;
  x -= s;
  var l = (((x << n) & 0x80000000) ? 0x80000000 : 0) + ((x << n) & 0x7fffffff);
  var r = (((x >> (32 - n)) >> 31) ? 0x8000000 : 0) + ((x >> (32 - n)) & 0x7fffffff);
  if (s > 0) s = (0x40000000 >> (31 - n));
  return (s + l + r);
}

// FF, GG, and HH are transformations for rounds 1, 2, and 3.
// Rotation is separate from addition to prevent recomputation.
MD4.prototype.FF = function(a, b, c, d, x, s)
{
  // argument a must be passed as an array!!
  var t = this.F(b, c, d);
  t = ((t&0x80000000) ? 0x80000000 : 0) + (t&0x7fffffff); // get value as unsigned
  a[0] += t + x;
  a[0] %= 0x100000000;
  a[0] = this.ROTATE_LEFT(a[0], s);
}

MD4.prototype.GG = function(a, b, c, d, x, s) {
  // argument a must be passed as an array!!
  var t = this.G(b, c, d);
  t = ((t&0x80000000) ? 0x80000000 : 0) + (t&0x7fffffff); // get value as unsigned
  a[0] += t + x + 0x5a827999;
  a[0] %= 0x100000000;
  a[0] = this.ROTATE_LEFT(a[0], s);
}

MD4.prototype.HH = function(a, b, c, d, x, s) 
{
  // argument a must be passed as an array!!
  var t = this.H(b, c, d);
  t = ((t&0x80000000) ? 0x80000000 : 0) + (t&0x7fffffff); // get value as unsigned
  a[0] += t + x + 0x6ed9eba1;
  a[0] %= 0x100000000;
  a[0] = this.ROTATE_LEFT(a[0], s);
}

/// Encodes input (UINT4) into output (unsigned char). Assumes len is
/// a multiple of 4.
MD4.prototype.Encode = function(out, inp, len) {
  var i = 0;
  for (var j = 0; j < len; i++, j += 4) 
  {
    var t = inp[i];
    for (var k = 0; k < 4; k++) {
      out[j + k] = t & 0xff; t /= 0x100;
    }
  }
}

/// Decodes input (unsigned char) into output (UINT4). Assumes len is
/// a multiple of 4.
MD4.prototype.Decode = function(out, inp, start, len)
{
  var i = 0;
  if (typeof inp == 'string') {
    for (var j = 0; j < len; i++, j += 4) {
      out[i] = inp.charCodeAt(start + j) * 1
        + inp.charCodeAt(start + j + 1) * 0x100
        + inp.charCodeAt(start + j + 2) * 0x10000
        + inp.charCodeAt(start + j + 3) * 0x1000000;
    }
  } else {
    for (var j = 0; j < len; i++, j += 4) {
      out[i] = inp[start + j] * 1
        + inp[start + j + 1] * 0x100
        + inp[start + j + 2] * 0x10000
        + inp[start + j + 3] * 0x1000000;
    }
  }
}

/// MD4 basic transformation. Transforms state based on block.
MD4.prototype.Transform = function(block, start) {

  var a = new Array(1);
  var b = new Array(1);
  var c = new Array(1);
  var d = new Array(1);
  a[0] = ((this.state[0]&0x80000000) ? 0x80000000 : 0) + (this.state[0]&0x7fffffff);
  b[0] = ((this.state[1]&0x80000000) ? 0x80000000 : 0) + (this.state[1]&0x7fffffff);
  c[0] = ((this.state[2]&0x80000000) ? 0x80000000 : 0) + (this.state[2]&0x7fffffff);
  d[0] = ((this.state[3]&0x80000000) ? 0x80000000 : 0) + (this.state[3]&0x7fffffff);
  var x = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];

  this.Decode (x, block, start, this.iInputBlockSize);

  // Round 1 
  this.FF (a, b[0], c[0], d[0], x[ 0], this.S11); // 1
  this.FF (d, a[0], b[0], c[0], x[ 1], this.S12); // 2
  this.FF (c, d[0], a[0], b[0], x[ 2], this.S13); // 3
  this.FF (b, c[0], d[0], a[0], x[ 3], this.S14); // 4
  this.FF (a, b[0], c[0], d[0], x[ 4], this.S11); // 5
  this.FF (d, a[0], b[0], c[0], x[ 5], this.S12); // 6
  this.FF (c, d[0], a[0], b[0], x[ 6], this.S13); // 7
  this.FF (b, c[0], d[0], a[0], x[ 7], this.S14); // 8
  this.FF (a, b[0], c[0], d[0], x[ 8], this.S11); // 9
  this.FF (d, a[0], b[0], c[0], x[ 9], this.S12); // 10
  this.FF (c, d[0], a[0], b[0], x[10], this.S13); // 11
  this.FF (b, c[0], d[0], a[0], x[11], this.S14); // 12
  this.FF (a, b[0], c[0], d[0], x[12], this.S11); // 13
  this.FF (d, a[0], b[0], c[0], x[13], this.S12); // 14
  this.FF (c, d[0], a[0], b[0], x[14], this.S13); // 15
  this.FF (b, c[0], d[0], a[0], x[15], this.S14); // 16

  // Round 2
  this.GG (a, b[0], c[0], d[0], x[ 0], this.S21); // 17
  this.GG (d, a[0], b[0], c[0], x[ 4], this.S22); // 18
  this.GG (c, d[0], a[0], b[0], x[ 8], this.S23); // 19
  this.GG (b, c[0], d[0], a[0], x[12], this.S24); // 20
  this.GG (a, b[0], c[0], d[0], x[ 1], this.S21); // 21
  this.GG (d, a[0], b[0], c[0], x[ 5], this.S22); // 22
  this.GG (c, d[0], a[0], b[0], x[ 9], this.S23); // 23
  this.GG (b, c[0], d[0], a[0], x[13], this.S24); // 24
  this.GG (a, b[0], c[0], d[0], x[ 2], this.S21); // 25
  this.GG (d, a[0], b[0], c[0], x[ 6], this.S22); // 26
  this.GG (c, d[0], a[0], b[0], x[10], this.S23); // 27
  this.GG (b, c[0], d[0], a[0], x[14], this.S24); // 28
  this.GG (a, b[0], c[0], d[0], x[ 3], this.S21); // 29
  this.GG (d, a[0], b[0], c[0], x[ 7], this.S22); // 30
  this.GG (c, d[0], a[0], b[0], x[11], this.S23); // 31
  this.GG (b, c[0], d[0], a[0], x[15], this.S24); // 32

  // Round 3
  this.HH (a, b[0], c[0], d[0], x[ 0], this.S31); // 33
  this.HH (d, a[0], b[0], c[0], x[ 8], this.S32); // 34
  this.HH (c, d[0], a[0], b[0], x[ 4], this.S33); // 35
  this.HH (b, c[0], d[0], a[0], x[12], this.S34); // 36
  this.HH (a, b[0], c[0], d[0], x[ 2], this.S31); // 37
  this.HH (d, a[0], b[0], c[0], x[10], this.S32); // 38
  this.HH (c, d[0], a[0], b[0], x[ 6], this.S33); // 39
  this.HH (b, c[0], d[0], a[0], x[14], this.S34); // 40
  this.HH (a, b[0], c[0], d[0], x[ 1], this.S31); // 41
  this.HH (d, a[0], b[0], c[0], x[ 9], this.S32); // 42
  this.HH (c, d[0], a[0], b[0], x[ 5], this.S33); // 43
  this.HH (b, c[0], d[0], a[0], x[13], this.S34); // 44
  this.HH (a, b[0], c[0], d[0], x[ 3], this.S31); // 45
  this.HH (d, a[0], b[0], c[0], x[11], this.S32); // 46
  this.HH (c, d[0], a[0], b[0], x[ 7], this.S33); // 47
  this.HH (b, c[0], d[0], a[0], x[15], this.S34); // 48

  this.state[0] += ((a[0]&0x80000000) ? 0x80000000 : 0) + (a[0] & 0x7fffffff);
  this.state[1] += ((b[0]&0x80000000) ? 0x80000000 : 0) + (b[0] & 0x7fffffff);
  this.state[2] += ((c[0]&0x80000000) ? 0x80000000 : 0) + (c[0] & 0x7fffffff);
  this.state[3] += ((d[0]&0x80000000) ? 0x80000000 : 0) + (d[0] & 0x7fffffff);
  for (var j = 0; j < this.state.length; j++) {
    this.state[j] %= 0x100000000;
  }

  // Zeroize sensitive information
  for (var i = 0; i < x.length; i++) {
    x[i] = 0x00;
  }
  
  return;

}

// MD4 finalization. Ends an MD4 message-digest operation, writing
// the message digest and zeroizing the context. Returns digest as string.
MD4.prototype.hashFinal = function() {
  try 
  {
    var bits = [0, 0, 0, 0, 0, 0, 0, 0];
    // Save number of bits
    this.Encode (bits, this.bcount, bits.length);
    // Pad out to 56 mod 64.
    var index = (this.bcount[0] >> 3) & 0x3f;
    var padLen = (index < 56) ? (56 - index) : (120 - index);
    this.hashCore(this.PADDING, 0, padLen);
    // Append length (before padding)
    this.hashCore(bits, 0, bits.length);
    // Store state in digest
    this.Encode (this.hashValue, this.state, this.hashValue.length);
    // Zeroize sensitive information.
    for (var i = 0; i < this.bcount.length; i++) {
      this.bcount[i] = 0x00;
    }
    for (var i = 0; i < this.state.length; i++) {
      this.state[i] = 0x0000;
     }
  } 
  catch(e) {}
  this.buildHash();
  return this.hash;
}

// MD4 block update operation. Continues an MD4 message-digest operation,
// processing another message block, and updating the context.
MD4.prototype.hashCore = function(inp, ibStart, cbSize) 
{
  var i = 0;
  // Compute number of bytes mod 64
  var index = ((this.bcount[0] - this.bcount[0]%8)/8)%0x40;
  // Update number of bits 
  if ((this.bcount[0] += (cbSize * 8))%0x10000 < (cbSize * 8)%0x100000000) {
    this.bcount[1]++;
  }
  this.bcount[1] += (cbSize - cbSize%0x20000000)/0x20000000;
  this.bcount[1] %= 0x100000000;
  var partLen = this.iInputBlockSize - index;
  // Transform as many times as possible.
  if (cbSize >= partLen) 
  {
    if (typeof inp == 'string') {
      for (var j = 0; j < partLen; j++) {
        this.buffer[index + j] = inp.charCodeAt(ibStart + j);
      }
    } else {
      for (var j = 0; j < partLen; j++) {
        this.buffer[index + j] = inp[ibStart + j];
      }
    }
    this.Transform(this.buffer, 0);

    for (i = partLen; i + this.iInputBlockSize <= cbSize; i += this.iInputBlockSize) 
    {
      this.Transform(inp, i);
    }
    index = 0;
  }
  // Buffer remaining input
  if (typeof inp == 'string') {
    for (var j = 0; j < cbSize - i; j++) {
      this.buffer[index + j] = inp.charCodeAt(i+j);
    }
  } else {
    for (var j = 0; j < cbSize - i; j++) {
      this.buffer[index + j] = inp[i+j];
    }
  }
}

// install class
core.installClass(MD4);

} // end catch