© 2005 Goetz Heller
Table of Contents Description Examples Copyright Note back/// JavaScript MD5 message digest algorithm /// /// This software is derived from intellectual property of RSA Data /// Security Inc. and therefore underlies the following copyright: /// /// Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All /// rights reserved. /// /// License to copy and use this software is granted provided that it /// is identified as the "RSA Data Security, Inc. MD5 Message-Digest /// Algorithm" in all material mentioning or referencing this software /// or this function. /// /// License is also granted to make and use derivative works provided /// that such works are identified as "derived from the RSA Data /// Security, Inc. MD5 Message-Digest Algorithm" in all material /// mentioning or referencing the derived work. /// /// RSA Data Security, Inc. makes no representations concerning either /// the merchantability of this software or the suitability of this /// software for any particular purpose. It is provided "as is" /// without express or implied warranty of any kind. /// /// These notices must be retained in any copies of any part of this /// documentation and/or software. /// /// This implementation is based on RFC 1321. The functions and their prototypes follow /// the microsoft patterns for encryption service providers. Since JavaScript makes it /// difficult to execute bit operations in a consistent way (these are done with signed /// 32-bit integers, but mostly numbers are represented internally in a different manner) /// we have tried to avoid them largely. Since it is not expected that this implementation /// will handle large amounts of data efficiency was not considered a primary goal. /// /// Goetz Heller /// Dr.Heller Information Management /// 08.02.2005 /// Dependencies /// genhash.js // class system.security.encryption.hash.MD5 try { if (system.security.encryption.hash.MD5 == null) { throw new Error(''); } } catch(e) { // don't install twice // dependencies try { eval('core'); } catch(e) { throw new Error('MD5: class \'core\' not installed'); } // get base class var baseClass = core.getClassByID('system.security.encryption.hash.hashAlgorithm'); // constructor var MD5 = function() {}; // provide for class information MD5.classID = function() { return 'system.security.encryption.hash.MD5'; }; //disallow subclassing MD5.isFinal = function() { return true; }; // define class constants MD5.iInputBlockSize = 64; MD5.iOutputBlockSize = 16; MD5.hashSize = 128; // constants for the MD5 transform routine MD5.S11 = 7; MD5.S12 = 12; MD5.S13 = 17; MD5.S14 = 22; MD5.S21 = 5; MD5.S22 = 9; MD5.S23 = 14; MD5.S24 = 20; MD5.S31 = 4; MD5.S32 = 11; MD5.S33 = 16; MD5.S34 = 23; MD5.S41 = 6; MD5.S42 = 10; MD5.S43 = 15; MD5.S44 = 21; MD5.PADDING = [ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ]; // make it a subclass of hashAlgorithm core.derive(MD5, baseClass); // setup data structure of instance MD5.prototype.initialize = function() { this.state = [0x0000, 0x0000, 0x0000, 0x0000]; // state (ABCD) (uint) this.bcount = [0x00,0x00]; // number of bits, modulo 2^64 (2 * uint, lsb first) core.getClassByID('system.security.encryption.hash.hashAlgorithm').prototype.initialize.call(this); this.reset(); }; // reset data structures: begins an MD5 operation, writing a new context. MD5.prototype.reset = function() { // reset baseclass core.getClassByID('system.security.encryption.hash.hashAlgorithm').prototype.reset.call(this); // reset bit counter for (var i = 0; i < this.bcount.length; i++) { this.bcount[i] = 0x00; } // set magic initialization constants. this.state[0] = 0x67452301; this.state[1] = 0xefcdab89; this.state[2] = 0x98badcfe; this.state[3] = 0x10325476; }; // F, G, and H are basic MD5 functions MD5.prototype.F = function(x, y, z) { return ((x & y) | (~x & z)); }; MD5.prototype.G = function(x, y, z) { return ((x & z) | (y & ~z)); }; MD5.prototype.H = function(x, y, z) { return (x ^ y ^ z); }; MD5.prototype.I = function(x, y, z) { return (y ^ (x | ~z)); }; // ROTATE_LEFT rotates x left n bits. MD5.prototype.ROTATE_LEFT = function(x, n) { // has been adapted to deal correctly with the javascript switching // between 32-bit signed ints and standard representation correctly if (n==0) return x; var s = (x&0x80000000) ? 0x80000000 : 0; x -= s; var l = (((x << n) & 0x80000000) ? 0x80000000 : 0) + ((x << n) & 0x7fffffff); var r = (((x >> (32 - n)) >> 31) ? 0x8000000 : 0) + ((x >> (32 - n)) & 0x7fffffff); if (s > 0) s = (0x40000000 >> (31 - n)); return (s + l + r); } // FF, GG, and HH are transformations for rounds 1, 2, and 3. // Rotation is separate from addition to prevent recomputation. MD5.prototype.FF = function(a, b, c, d, x, s, ac) { // argument a must be passed as an array!! var t = this.F(b, c, d); t = ((t&0x80000000) ? 0x80000000 : 0) + (t&0x7fffffff); // get value as unsigned a[0] += t + x + ac; a[0] %= 0x100000000; a[0] = this.ROTATE_LEFT(a[0], s); a[0] += b; a[0] %= 0x100000000; } MD5.prototype.GG = function(a, b, c, d, x, s, ac) { // argument a must be passed as an array!! var t = this.G(b, c, d); t = ((t&0x80000000) ? 0x80000000 : 0) + (t&0x7fffffff); // get value as unsigned a[0] += t + x + ac; a[0] %= 0x100000000; a[0] = this.ROTATE_LEFT(a[0], s); a[0] += b; a[0] %= 0x100000000; } MD5.prototype.HH = function(a, b, c, d, x, s, ac) { // argument a must be passed as an array!! var t = this.H(b, c, d); t = ((t&0x80000000) ? 0x80000000 : 0) + (t&0x7fffffff); // get value as unsigned a[0] += t + x + ac; a[0] %= 0x100000000; a[0] = this.ROTATE_LEFT(a[0], s); a[0] += b; a[0] %= 0x100000000; } MD5.prototype.II = function(a, b, c, d, x, s, ac) { // argument a must be passed as an array!! var t = this.I(b, c, d); t = ((t&0x80000000) ? 0x80000000 : 0) + (t&0x7fffffff); // get value as unsigned a[0] += t + x + ac; a[0] %= 0x100000000; a[0] = this.ROTATE_LEFT(a[0], s); a[0] += b; a[0] %= 0x100000000; } /// Encodes input (UINT4) into output (unsigned char). Assumes len is /// a multiple of 4. MD5.prototype.Encode = function(out, inp, len) { var i = 0; for (var j = 0; j < len; i++, j += 4) { var t = inp[i]; for (var k = 0; k < 4; k++) { out[j + k] = t & 0xff; t /= 0x100; } } } /// Decodes input (unsigned char) into output (UINT4). Assumes len is /// a multiple of 4. MD5.prototype.Decode = function(out, inp, start, len) { var i = 0; if (typeof inp == 'string') { for (var j = 0; j < len; i++, j += 4) { out[i] = inp.charCodeAt(start + j) * 1 + inp.charCodeAt(start + j + 1) * 0x100 + inp.charCodeAt(start + j + 2) * 0x10000 + inp.charCodeAt(start + j + 3) * 0x1000000; } } else { for (var j = 0; j < len; i++, j += 4) { out[i] = inp[start + j] * 1 + inp[start + j + 1] * 0x100 + inp[start + j + 2] * 0x10000 + inp[start + j + 3] * 0x1000000; } } } /// MD5 basic transformation. Transforms state based on block. MD5.prototype.Transform = function(block, start) { var a = new Array(1); var b = new Array(1); var c = new Array(1); var d = new Array(1); a[0] = ((this.state[0]&0x80000000) ? 0x80000000 : 0) + (this.state[0]&0x7fffffff); b[0] = ((this.state[1]&0x80000000) ? 0x80000000 : 0) + (this.state[1]&0x7fffffff); c[0] = ((this.state[2]&0x80000000) ? 0x80000000 : 0) + (this.state[2]&0x7fffffff); d[0] = ((this.state[3]&0x80000000) ? 0x80000000 : 0) + (this.state[3]&0x7fffffff); var x = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; this.Decode (x, block, start, this.iInputBlockSize); // Round 1 this.FF (a, b[0], c[0], d[0], x[ 0], this.S11, 0xd76aa478); // 1 this.FF (d, a[0], b[0], c[0], x[ 1], this.S12, 0xe8c7b756); // 2 this.FF (c, d[0], a[0], b[0], x[ 2], this.S13, 0x242070db); // 3 this.FF (b, c[0], d[0], a[0], x[ 3], this.S14, 0xc1bdceee); // 4 this.FF (a, b[0], c[0], d[0], x[ 4], this.S11, 0xf57c0faf); // 5 this.FF (d, a[0], b[0], c[0], x[ 5], this.S12, 0x4787c62a); // 6 this.FF (c, d[0], a[0], b[0], x[ 6], this.S13, 0xa8304613); // 7 this.FF (b, c[0], d[0], a[0], x[ 7], this.S14, 0xfd469501); // 8 this.FF (a, b[0], c[0], d[0], x[ 8], this.S11, 0x698098d8); // 9 this.FF (d, a[0], b[0], c[0], x[ 9], this.S12, 0x8b44f7af); // 10 this.FF (c, d[0], a[0], b[0], x[10], this.S13, 0xffff5bb1); // 11 this.FF (b, c[0], d[0], a[0], x[11], this.S14, 0x895cd7be); // 12 this.FF (a, b[0], c[0], d[0], x[12], this.S11, 0x6b901122); // 13 this.FF (d, a[0], b[0], c[0], x[13], this.S12, 0xfd987193); // 14 this.FF (c, d[0], a[0], b[0], x[14], this.S13, 0xa679438e); // 15 this.FF (b, c[0], d[0], a[0], x[15], this.S14, 0x49b40821); // 16 // Round 2 this.GG (a, b[0], c[0], d[0], x[ 1], this.S21, 0xf61e2562); // 17 this.GG (d, a[0], b[0], c[0], x[ 6], this.S22, 0xc040b340); // 18 this.GG (c, d[0], a[0], b[0], x[11], this.S23, 0x265e5a51); // 19 this.GG (b, c[0], d[0], a[0], x[ 0], this.S24, 0xe9b6c7aa); // 20 this.GG (a, b[0], c[0], d[0], x[ 5], this.S21, 0xd62f105d); // 21 this.GG (d, a[0], b[0], c[0], x[10], this.S22, 0x02441453); // 22 this.GG (c, d[0], a[0], b[0], x[15], this.S23, 0xd8a1e681); // 23 this.GG (b, c[0], d[0], a[0], x[ 4], this.S24, 0xe7d3fbc8); // 24 this.GG (a, b[0], c[0], d[0], x[ 9], this.S21, 0x21e1cde6); // 25 this.GG (d, a[0], b[0], c[0], x[14], this.S22, 0xc33707d6); // 26 this.GG (c, d[0], a[0], b[0], x[ 3], this.S23, 0xf4d50d87); // 27 this.GG (b, c[0], d[0], a[0], x[ 8], this.S24, 0x455a14ed); // 28 this.GG (a, b[0], c[0], d[0], x[13], this.S21, 0xa9e3e905); // 29 this.GG (d, a[0], b[0], c[0], x[ 2], this.S22, 0xfcefa3f8); // 30 this.GG (c, d[0], a[0], b[0], x[ 7], this.S23, 0x676f02d9); // 31 this.GG (b, c[0], d[0], a[0], x[12], this.S24, 0x8d2a4c8a); // 32 // Round 3 this.HH (a, b[0], c[0], d[0], x[ 5], this.S31, 0xfffa3942); // 33 this.HH (d, a[0], b[0], c[0], x[ 8], this.S32, 0x8771f681); // 34 this.HH (c, d[0], a[0], b[0], x[11], this.S33, 0x6d9d6122); // 35 this.HH (b, c[0], d[0], a[0], x[14], this.S34, 0xfde5380c); // 36 this.HH (a, b[0], c[0], d[0], x[ 1], this.S31, 0xa4beea44); // 37 this.HH (d, a[0], b[0], c[0], x[ 4], this.S32, 0x4bdecfa9); // 38 this.HH (c, d[0], a[0], b[0], x[ 7], this.S33, 0xf6bb4b60); // 39 this.HH (b, c[0], d[0], a[0], x[10], this.S34, 0xbebfbc70); // 40 this.HH (a, b[0], c[0], d[0], x[13], this.S31, 0x289b7ec6); // 41 this.HH (d, a[0], b[0], c[0], x[ 0], this.S32, 0xeaa127fa); // 42 this.HH (c, d[0], a[0], b[0], x[ 3], this.S33, 0xd4ef3085); // 43 this.HH (b, c[0], d[0], a[0], x[ 6], this.S34, 0x04881d05); // 44 this.HH (a, b[0], c[0], d[0], x[ 9], this.S31, 0xd9d4d039); // 45 this.HH (d, a[0], b[0], c[0], x[12], this.S32, 0xe6db99e5); // 46 this.HH (c, d[0], a[0], b[0], x[15], this.S33, 0x1fa27cf8); // 47 this.HH (b, c[0], d[0], a[0], x[ 2], this.S34, 0xc4ac5665); // 48 // Round 4 this.II (a, b[0], c[0], d[0], x[ 0], this.S41, 0xf4292244); // 49 this.II (d, a[0], b[0], c[0], x[ 7], this.S42, 0x432aff97); // 50 this.II (c, d[0], a[0], b[0], x[14], this.S43, 0xab9423a7); // 51 this.II (b, c[0], d[0], a[0], x[ 5], this.S44, 0xfc93a039); // 52 this.II (a, b[0], c[0], d[0], x[12], this.S41, 0x655b59c3); // 53 this.II (d, a[0], b[0], c[0], x[ 3], this.S42, 0x8f0ccc92); // 54 this.II (c, d[0], a[0], b[0], x[10], this.S43, 0xffeff47d); // 55 this.II (b, c[0], d[0], a[0], x[ 1], this.S44, 0x85845dd1); // 56 this.II (a, b[0], c[0], d[0], x[ 8], this.S41, 0x6fa87e4f); // 57 this.II (d, a[0], b[0], c[0], x[15], this.S42, 0xfe2ce6e0); // 58 this.II (c, d[0], a[0], b[0], x[ 6], this.S43, 0xa3014314); // 59 this.II (b, c[0], d[0], a[0], x[13], this.S44, 0x4e0811a1); // 60 this.II (a, b[0], c[0], d[0], x[ 4], this.S41, 0xf7537e82); // 61 this.II (d, a[0], b[0], c[0], x[11], this.S42, 0xbd3af235); // 62 this.II (c, d[0], a[0], b[0], x[ 2], this.S43, 0x2ad7d2bb); // 63 this.II (b, c[0], d[0], a[0], x[ 9], this.S44, 0xeb86d391); // 64 this.state[0] += ((a[0]&0x80000000) ? 0x80000000 : 0) + (a[0] & 0x7fffffff); this.state[1] += ((b[0]&0x80000000) ? 0x80000000 : 0) + (b[0] & 0x7fffffff); this.state[2] += ((c[0]&0x80000000) ? 0x80000000 : 0) + (c[0] & 0x7fffffff); this.state[3] += ((d[0]&0x80000000) ? 0x80000000 : 0) + (d[0] & 0x7fffffff); for (var j = 0; j < this.state.length; j++) { this.state[j] %= 0x100000000; } // Zeroize sensitive information for (var i = 0; i < x.length; i++) { x[i] = 0x00; } return; } // MD5 finalization. Ends an MD5 message-digest operation, writing // the message digest and zeroizing the context. Returns digest as string. MD5.prototype.hashFinal = function() { try { var bits = [0, 0, 0, 0, 0, 0, 0, 0]; // Save number of bits this.Encode (bits, this.bcount, bits.length); // Pad out to 56 mod 64. var index = (this.bcount[0] >> 3) & 0x3f; var padLen = (index < 56) ? (56 - index) : (120 - index); this.hashCore(this.PADDING, 0, padLen); // Append length (before padding) this.hashCore(bits, 0, bits.length); // Store state in digest this.Encode (this.hashValue, this.state, this.hashValue.length); // Zeroize sensitive information. for (var i = 0; i < this.bcount.length; i++) { this.bcount[i] = 0x00; } for (var i = 0; i < this.state.length; i++) { this.state[i] = 0x0000; } } catch(e) {} this.buildHash(); return this.hash; } // MD5 block update operation. Continues an MD5 message-digest operation, // processing another message block, and updating the context. MD5.prototype.hashCore = function(inp, ibStart, cbSize) { var i = 0; // Compute number of bytes mod 64 var index = ((this.bcount[0] - this.bcount[0]%8)/8)%0x40; // Update number of bits if ((this.bcount[0] += (cbSize * 8))%0x10000 < (cbSize * 8)%0x100000000) { this.bcount[1]++; } this.bcount[1] += (cbSize - cbSize%0x20000000)/0x20000000; this.bcount[1] %= 0x100000000; var partLen = this.iInputBlockSize - index; // Transform as many times as possible. if (cbSize >= partLen) { if (typeof inp == 'string') { for (var j = 0; j < partLen; j++) { this.buffer[index + j] = inp.charCodeAt(ibStart + j); } } else { for (var j = 0; j < partLen; j++) { this.buffer[index + j] = inp[ibStart + j]; } } this.Transform(this.buffer, 0); for (i = partLen; i + this.iInputBlockSize <= cbSize; i += this.iInputBlockSize) { this.Transform(inp, i); } index = 0; } // Buffer remaining input if (typeof inp == 'string') { for (var j = 0; j < cbSize - i; j++) { this.buffer[index + j] = inp.charCodeAt(i+j); } } else { for (var j = 0; j < cbSize - i; j++) { this.buffer[index + j] = inp[i+j]; } } } // install class core.installClass(MD5); } // end catch