当前位置: 文江博客话题详情

SHA1 哈希值的微小差异

发布于 2024-11-29 11:26:34 字数 1752 浏览 3 评论 0原文

我正在从事的一个项目使用 Apache Shiro 作为安全框架。密码经过 SHA1 哈希处理(无盐,无迭代)。登录受 SSL 保护。但是,应用程序的其余部分不受 SSL 保护。在这种情况下(无 SSL),应该有一个用户可以更改密码的表单。 由于直接传输它不是一个好主意,因此应该在客户端上对其进行哈希处理,然后传输到服务器。由于客户端是基于 GWT (2.3) 的,我正在尝试这个库 http://code.google。 com/p/gwt-crypto,它使用来自 bouncycastle 的代码。 然而,在许多情况下(不是全部),两个框架生成的哈希值相差 1-4(?) 个字符。 例如,

"fe7f3cffd8a5f0512a5f1120f1369f48cd6f47c2"

两个实现都对“happa3”进行哈希处理,而

"fb3c3a741b4e07a87d9cb68f3db020d6fbfed00a"

Shiro 实现和

"fb3c3a741b4e07a87d9cb63f3db020d6fbfed00a"

gwt-crypto 实现则仅对“happa”进行哈希处理(第 23 个字符不同)。 我想知道是否存在“正确”/标准 SHA1 哈希,以及其中一个库是否存在错误,或者我对它们的使用是否存在缺陷。 我的第一个想法是由于不同的传输机制(RPC 与 Post)导致的不同编码或奇怪的转换有关。但据我所知(这也是我最困惑的地方),如果只有一位的差异,SHA1 哈希值很可能会完全不同。所以不同的编码不应该是这里的问题。 我在客户端(GWT)上使用此代码进行散列:

String hashed = toHex(createSHA1Hash("password"));
...
private String createSHA1Hash(String passwordString){
    SHA1Digest sha1 = new SHA1Digest();
    byte[] bytes;
    byte[] result = new byte[sha1.getDigestSize()];
    try {
        bytes = passwordString.getBytes();
        sha1.update(bytes, 0, bytes.length);
        int val = sha1.doFinal(result, 0);
    } catch (UnsupportedEncodingException e) {}
    return new String(result);
}

public String toHex(String arg) {
    return new BigInteger(1, arg.getBytes()).toString(16);
}

在服务器(Shiro)上使用此代码:

 String hashed = new Sha1Hash("password").toHex()

afaics 在幕后执行非常相似的操作(快速查看源代码)。 我在这里错过了一些明显的事情吗?

编辑:似乎 GWT 代码由于某种原因无法本机运行(即仅在开发模式下)并且默默地失败(尽管它确实可以编译)。必须找出原因......

编辑(2):“int val = sha1.doFinal(结果,0);”是造成麻烦的行,即如果存在,整个代码不会在本机(JS)中运行,而只能在开发模式下运行(结果错误)

原文

A project I am working on uses Apache Shiro as a security framework. Passwords are SHA1 hashed (no salt, no iterations). Login is SSL secured. However, the remaining part of the application is not SSL secured. In this context (no SSL) there should be a form where a user can change the password.
Since it wouldn't be a good idea to transmit it plainly it should be hashed on the client and then transmitted to the server. As the client is GWT (2.3) based, I am trying this library http://code.google.com/p/gwt-crypto, which uses code from bouncycastle.
However, in many cases (not all) the hashes generated by both frameworks differ in 1-4(?) characters.
For instance "happa3" is hashed to

"fe7f3cffd8a5f0512a5f1120f1369f48cd6f47c2"

by both implementations, whereas just "happa" is hashed to

"fb3c3a741b4e07a87d9cb68f3db020d6fbfed00a"

by the Shiro implementation and to

"fb3c3a741b4e07a87d9cb63f3db020d6fbfed00a"

by the gwt-crypto implementation (23rd character differs).
I wonder whether there is a "correct"/standard SHA1 hashing and whether there is a bug in one of the libraries or maybe my usage of them is flawed.
One of my first thoughts was related to different encodings or strange conversions due to different transport mechanisms (RPC vs. Post). To my knowledge though (and what puzzles me most), SHA1 hashes should differ completely with a high probability if there is just a difference of a single bit. So different encodings shouldn't be the issue here.
I am using this code on the client (GWT) for hashing:

String hashed = toHex(createSHA1Hash("password"));
...
private String createSHA1Hash(String passwordString){
    SHA1Digest sha1 = new SHA1Digest();
    byte[] bytes;
    byte[] result = new byte[sha1.getDigestSize()];
    try {
        bytes = passwordString.getBytes();
        sha1.update(bytes, 0, bytes.length);
        int val = sha1.doFinal(result, 0);
    } catch (UnsupportedEncodingException e) {}
    return new String(result);
}

public String toHex(String arg) {
    return new BigInteger(1, arg.getBytes()).toString(16);
}

And this on the server (Shiro):

 String hashed = new Sha1Hash("password").toHex()

which afaics does something very similar behind the scenes (had a quick view on the source code).
Did I miss something obvious here?

EDIT: Seems like the GWT code does not run natively for some reason (i.e. just in development mode) and silently fails (it does compile, though). Have to find out why...

Edit(2): "int val = sha1.doFinal(result, 0);" is the line that makes trouble, i.e. if present, the whole code does not run natively (JS) but only in dev-mode (with wrong results)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

挽清梦 2024-12-06 11:26:34

您可以测试这个版本:

public class SHA1 {

    public static native String calcSHA1(String s) /*-{
        //
        // A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
        // in FIPS 180-1
        // Version 2.2 Copyright Paul Johnston 2000 - 2009.
        // Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
        // Distributed under the BSD License
        // See http://pajhome.org.uk/crypt/md5 for details.
        //

        //
        // Configurable variables. You may need to tweak these to be compatible with
        // the server-side, but the defaults work in most cases.
        //
        var hexcase = 0;  // hex output format. 0 - lowercase; 1 - uppercase        
        var b64pad  = ""; // base-64 pad character. "=" for strict RFC compliance   

        //
        // These are the functions you'll usually want to call
        // They take string arguments and return either hex or base-64 encoded strings
        //

        function b64_sha1(s)    { return rstr2b64(rstr_sha1(str2rstr_utf8(s))); }
        function any_sha1(s, e) { return rstr2any(rstr_sha1(str2rstr_utf8(s)), e); }
        function hex_hmac_sha1(k, d)
          { return rstr2hex(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d))); }
        function b64_hmac_sha1(k, d)
          { return rstr2b64(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d))); }
        function any_hmac_sha1(k, d, e)
          { return rstr2any(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d)), e); }

        //
        // Perform a simple self-test to see if the VM is working
        //
        function sha1_vm_test()
        {
          return hex_sha1("abc").toLowerCase() == "a9993e364706816aba3e25717850c26c9cd0d89d";
        }

        //
        // Calculate the SHA1 of a raw string
        //
        function rstr_sha1(s)
        {
          return binb2rstr(binb_sha1(rstr2binb(s), s.length * 8));
        }

        //
        // Calculate the HMAC-SHA1 of a key and some data (raw strings)
        //
        function rstr_hmac_sha1(key, data)
        {
          var bkey = rstr2binb(key);
          if(bkey.length > 16) bkey = binb_sha1(bkey, key.length * 8);

          var ipad = Array(16), opad = Array(16);
          for(var i = 0; i < 16; i++)
          {
            ipad[i] = bkey[i] ^ 0x36363636;
            opad[i] = bkey[i] ^ 0x5C5C5C5C;
          }

          var hash = binb_sha1(ipad.concat(rstr2binb(data)), 512 + data.length * 8);
          return binb2rstr(binb_sha1(opad.concat(hash), 512 + 160));
        }

        //
        // Convert a raw string to a hex string
        //
        function rstr2hex(input)
        {
          try { hexcase } catch(e) { hexcase=0; }
          var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
          var output = "";
          var x;
          for(var i = 0; i < input.length; i++)
          {
            x = input.charCodeAt(i);
            output += hex_tab.charAt((x >>> 4) & 0x0F)
                   +  hex_tab.charAt( x        & 0x0F);
          }
          return output;
        }

        //
        // Convert a raw string to a base-64 string
        //
        function rstr2b64(input)
        {
          try { b64pad } catch(e) { b64pad=''; }
          var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
          var output = "";
          var len = input.length;
          for(var i = 0; i < len; i += 3)
          {
            var triplet = (input.charCodeAt(i) << 16)
                        | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0)
                        | (i + 2 < len ? input.charCodeAt(i+2)      : 0);
            for(var j = 0; j < 4; j++)
            {
              if(i * 8 + j * 6 > input.length * 8) output += b64pad;
              else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F);
            }
          }
          return output;
        }

        //
        // Convert a raw string to an arbitrary string encoding
        //
        function rstr2any(input, encoding)
        {
          var divisor = encoding.length;
          var remainders = Array();
          var i, q, x, quotient;

          // Convert to an array of 16-bit big-endian values, forming the dividend 
          var dividend = Array(Math.ceil(input.length / 2));
          for(i = 0; i < dividend.length; i++)
          {
            dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1);
          }

          //
          // Repeatedly perform a long division. The binary array forms the dividend,
          // the length of the encoding is the divisor. Once computed, the quotient
          // forms the dividend for the next step. We stop when the dividend is zero.
          // All remainders are stored for later use.
          //
          while(dividend.length > 0)
          {
            quotient = Array();
            x = 0;
            for(i = 0; i < dividend.length; i++)
            {
              x = (x << 16) + dividend[i];
              q = Math.floor(x / divisor);
              x -= q * divisor;
              if(quotient.length > 0 || q > 0)
                quotient[quotient.length] = q;
            }
            remainders[remainders.length] = x;
            dividend = quotient;
          }

          // Convert the remainders to the output string 
          var output = "";
          for(i = remainders.length - 1; i >= 0; i--)
            output += encoding.charAt(remainders[i]);

          // Append leading zero equivalents 
          var full_length = Math.ceil(input.length * 8 /
                                            (Math.log(encoding.length) / Math.log(2)))
          for(i = output.length; i < full_length; i++)
            output = encoding[0] + output;

          return output;
        }

        //
        // Encode a string as utf-8.
        // For efficiency, this assumes the input is valid utf-16.
        //
        function str2rstr_utf8(input)
        {
          var output = "";
          var i = -1;
          var x, y;

          while(++i < input.length)
          {
              // Decode utf-16 surrogate pairs 
            x = input.charCodeAt(i);
            y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0;
            if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF)
            {
              x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF);
              i++;
            }

            // Encode output as utf-8 
            if(x <= 0x7F)
              output += String.fromCharCode(x);
            else if(x <= 0x7FF)
              output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F),
                                            0x80 | ( x         & 0x3F));
            else if(x <= 0xFFFF)
              output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F),
                                            0x80 | ((x >>> 6 ) & 0x3F),
                                            0x80 | ( x         & 0x3F));
            else if(x <= 0x1FFFFF)
              output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07),
                                            0x80 | ((x >>> 12) & 0x3F),
                                            0x80 | ((x >>> 6 ) & 0x3F),
                                            0x80 | ( x         & 0x3F));
          }
          return output;
        }

        //
        // Encode a string as utf-16
        //
        function str2rstr_utf16le(input)
        {
          var output = "";
          for(var i = 0; i < input.length; i++)
            output += String.fromCharCode( input.charCodeAt(i)        & 0xFF,
                                          (input.charCodeAt(i) >>> 8) & 0xFF);
          return output;
        }

        function str2rstr_utf16be(input)
        {
          var output = "";
          for(var i = 0; i < input.length; i++)
            output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF,
                                           input.charCodeAt(i)        & 0xFF);
          return output;
        }

        //
        // Convert a raw string to an array of big-endian words
        // Characters >255 have their high-byte silently ignored.
        //
        function rstr2binb(input)
        {
          var output = Array(input.length >> 2);
          for(var i = 0; i < output.length; i++)
            output[i] = 0;
          for(var i = 0; i < input.length * 8; i += 8)
            output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (24 - i % 32);
          return output;
        }

        //
        // Convert an array of big-endian words to a string
        //
        function binb2rstr(input)
        {
          var output = "";
          for(var i = 0; i < input.length * 32; i += 8)
            output += String.fromCharCode((input[i>>5] >>> (24 - i % 32)) & 0xFF);
          return output;
        }

        //
        // Calculate the SHA-1 of an array of big-endian words, and a bit length
        //
        function binb_sha1(x, len)
        {
            // append padding 
          x[len >> 5] |= 0x80 << (24 - len % 32);
          x[((len + 64 >> 9) << 4) + 15] = len;

          var w = Array(80);
          var a =  1732584193;
          var b = -271733879;
          var c = -1732584194;
          var d =  271733878;
          var e = -1009589776;

          for(var i = 0; i < x.length; i += 16)
          {
            var olda = a;
            var oldb = b;
            var oldc = c;
            var oldd = d;
            var olde = e;

            for(var j = 0; j < 80; j++)
            {
              if(j < 16) w[j] = x[i + j];
              else w[j] = bit_rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
              var t = safe_add(safe_add(bit_rol(a, 5), sha1_ft(j, b, c, d)),
                               safe_add(safe_add(e, w[j]), sha1_kt(j)));
              e = d;
              d = c;
              c = bit_rol(b, 30);
              b = a;
              a = t;
            }

            a = safe_add(a, olda);
            b = safe_add(b, oldb);
            c = safe_add(c, oldc);
            d = safe_add(d, oldd);
            e = safe_add(e, olde);
          }
          return Array(a, b, c, d, e);

        }

        //
        // Perform the appropriate triplet combination function for the current
        // iteration
        //
        function sha1_ft(t, b, c, d)
        {
          if(t < 20) return (b & c) | ((~b) & d);
          if(t < 40) return b ^ c ^ d;
          if(t < 60) return (b & c) | (b & d) | (c & d);
          return b ^ c ^ d;
        }

        //
        // Determine the appropriate additive constant for the current iteration
        //
        function sha1_kt(t)
        {
          return (t < 20) ?  1518500249 : (t < 40) ?  1859775393 :
                 (t < 60) ? -1894007588 : -899497514;
        }

        //
        // Add integers, wrapping at 2^32. This uses 16-bit operations internally
        // to work around bugs in some JS interpreters.
        //
        function safe_add(x, y)
        {
          var lsw = (x & 0xFFFF) + (y & 0xFFFF);
          var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
          return (msw << 16) | (lsw & 0xFFFF);
        }

        //
        // Bitwise rotate a 32-bit number to the left.
        //
        function bit_rol(num, cnt)
        {
          return (num << cnt) | (num >>> (32 - cnt));
        }

        return rstr2hex(rstr_sha1(str2rstr_utf8(s))); 
    }-*/;
}

我在客户端 sha 生成中使用它,并且运行良好。

You could test this version:

public class SHA1 {

    public static native String calcSHA1(String s) /*-{
        //
        // A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
        // in FIPS 180-1
        // Version 2.2 Copyright Paul Johnston 2000 - 2009.
        // Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
        // Distributed under the BSD License
        // See http://pajhome.org.uk/crypt/md5 for details.
        //

        //
        // Configurable variables. You may need to tweak these to be compatible with
        // the server-side, but the defaults work in most cases.
        //
        var hexcase = 0;  // hex output format. 0 - lowercase; 1 - uppercase        
        var b64pad  = ""; // base-64 pad character. "=" for strict RFC compliance   

        //
        // These are the functions you'll usually want to call
        // They take string arguments and return either hex or base-64 encoded strings
        //

        function b64_sha1(s)    { return rstr2b64(rstr_sha1(str2rstr_utf8(s))); }
        function any_sha1(s, e) { return rstr2any(rstr_sha1(str2rstr_utf8(s)), e); }
        function hex_hmac_sha1(k, d)
          { return rstr2hex(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d))); }
        function b64_hmac_sha1(k, d)
          { return rstr2b64(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d))); }
        function any_hmac_sha1(k, d, e)
          { return rstr2any(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d)), e); }

        //
        // Perform a simple self-test to see if the VM is working
        //
        function sha1_vm_test()
        {
          return hex_sha1("abc").toLowerCase() == "a9993e364706816aba3e25717850c26c9cd0d89d";
        }

        //
        // Calculate the SHA1 of a raw string
        //
        function rstr_sha1(s)
        {
          return binb2rstr(binb_sha1(rstr2binb(s), s.length * 8));
        }

        //
        // Calculate the HMAC-SHA1 of a key and some data (raw strings)
        //
        function rstr_hmac_sha1(key, data)
        {
          var bkey = rstr2binb(key);
          if(bkey.length > 16) bkey = binb_sha1(bkey, key.length * 8);

          var ipad = Array(16), opad = Array(16);
          for(var i = 0; i < 16; i++)
          {
            ipad[i] = bkey[i] ^ 0x36363636;
            opad[i] = bkey[i] ^ 0x5C5C5C5C;
          }

          var hash = binb_sha1(ipad.concat(rstr2binb(data)), 512 + data.length * 8);
          return binb2rstr(binb_sha1(opad.concat(hash), 512 + 160));
        }

        //
        // Convert a raw string to a hex string
        //
        function rstr2hex(input)
        {
          try { hexcase } catch(e) { hexcase=0; }
          var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
          var output = "";
          var x;
          for(var i = 0; i < input.length; i++)
          {
            x = input.charCodeAt(i);
            output += hex_tab.charAt((x >>> 4) & 0x0F)
                   +  hex_tab.charAt( x        & 0x0F);
          }
          return output;
        }

        //
        // Convert a raw string to a base-64 string
        //
        function rstr2b64(input)
        {
          try { b64pad } catch(e) { b64pad=''; }
          var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
          var output = "";
          var len = input.length;
          for(var i = 0; i < len; i += 3)
          {
            var triplet = (input.charCodeAt(i) << 16)
                        | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0)
                        | (i + 2 < len ? input.charCodeAt(i+2)      : 0);
            for(var j = 0; j < 4; j++)
            {
              if(i * 8 + j * 6 > input.length * 8) output += b64pad;
              else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F);
            }
          }
          return output;
        }

        //
        // Convert a raw string to an arbitrary string encoding
        //
        function rstr2any(input, encoding)
        {
          var divisor = encoding.length;
          var remainders = Array();
          var i, q, x, quotient;

          // Convert to an array of 16-bit big-endian values, forming the dividend 
          var dividend = Array(Math.ceil(input.length / 2));
          for(i = 0; i < dividend.length; i++)
          {
            dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1);
          }

          //
          // Repeatedly perform a long division. The binary array forms the dividend,
          // the length of the encoding is the divisor. Once computed, the quotient
          // forms the dividend for the next step. We stop when the dividend is zero.
          // All remainders are stored for later use.
          //
          while(dividend.length > 0)
          {
            quotient = Array();
            x = 0;
            for(i = 0; i < dividend.length; i++)
            {
              x = (x << 16) + dividend[i];
              q = Math.floor(x / divisor);
              x -= q * divisor;
              if(quotient.length > 0 || q > 0)
                quotient[quotient.length] = q;
            }
            remainders[remainders.length] = x;
            dividend = quotient;
          }

          // Convert the remainders to the output string 
          var output = "";
          for(i = remainders.length - 1; i >= 0; i--)
            output += encoding.charAt(remainders[i]);

          // Append leading zero equivalents 
          var full_length = Math.ceil(input.length * 8 /
                                            (Math.log(encoding.length) / Math.log(2)))
          for(i = output.length; i < full_length; i++)
            output = encoding[0] + output;

          return output;
        }

        //
        // Encode a string as utf-8.
        // For efficiency, this assumes the input is valid utf-16.
        //
        function str2rstr_utf8(input)
        {
          var output = "";
          var i = -1;
          var x, y;

          while(++i < input.length)
          {
              // Decode utf-16 surrogate pairs 
            x = input.charCodeAt(i);
            y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0;
            if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF)
            {
              x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF);
              i++;
            }

            // Encode output as utf-8 
            if(x <= 0x7F)
              output += String.fromCharCode(x);
            else if(x <= 0x7FF)
              output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F),
                                            0x80 | ( x         & 0x3F));
            else if(x <= 0xFFFF)
              output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F),
                                            0x80 | ((x >>> 6 ) & 0x3F),
                                            0x80 | ( x         & 0x3F));
            else if(x <= 0x1FFFFF)
              output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07),
                                            0x80 | ((x >>> 12) & 0x3F),
                                            0x80 | ((x >>> 6 ) & 0x3F),
                                            0x80 | ( x         & 0x3F));
          }
          return output;
        }

        //
        // Encode a string as utf-16
        //
        function str2rstr_utf16le(input)
        {
          var output = "";
          for(var i = 0; i < input.length; i++)
            output += String.fromCharCode( input.charCodeAt(i)        & 0xFF,
                                          (input.charCodeAt(i) >>> 8) & 0xFF);
          return output;
        }

        function str2rstr_utf16be(input)
        {
          var output = "";
          for(var i = 0; i < input.length; i++)
            output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF,
                                           input.charCodeAt(i)        & 0xFF);
          return output;
        }

        //
        // Convert a raw string to an array of big-endian words
        // Characters >255 have their high-byte silently ignored.
        //
        function rstr2binb(input)
        {
          var output = Array(input.length >> 2);
          for(var i = 0; i < output.length; i++)
            output[i] = 0;
          for(var i = 0; i < input.length * 8; i += 8)
            output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (24 - i % 32);
          return output;
        }

        //
        // Convert an array of big-endian words to a string
        //
        function binb2rstr(input)
        {
          var output = "";
          for(var i = 0; i < input.length * 32; i += 8)
            output += String.fromCharCode((input[i>>5] >>> (24 - i % 32)) & 0xFF);
          return output;
        }

        //
        // Calculate the SHA-1 of an array of big-endian words, and a bit length
        //
        function binb_sha1(x, len)
        {
            // append padding 
          x[len >> 5] |= 0x80 << (24 - len % 32);
          x[((len + 64 >> 9) << 4) + 15] = len;

          var w = Array(80);
          var a =  1732584193;
          var b = -271733879;
          var c = -1732584194;
          var d =  271733878;
          var e = -1009589776;

          for(var i = 0; i < x.length; i += 16)
          {
            var olda = a;
            var oldb = b;
            var oldc = c;
            var oldd = d;
            var olde = e;

            for(var j = 0; j < 80; j++)
            {
              if(j < 16) w[j] = x[i + j];
              else w[j] = bit_rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
              var t = safe_add(safe_add(bit_rol(a, 5), sha1_ft(j, b, c, d)),
                               safe_add(safe_add(e, w[j]), sha1_kt(j)));
              e = d;
              d = c;
              c = bit_rol(b, 30);
              b = a;
              a = t;
            }

            a = safe_add(a, olda);
            b = safe_add(b, oldb);
            c = safe_add(c, oldc);
            d = safe_add(d, oldd);
            e = safe_add(e, olde);
          }
          return Array(a, b, c, d, e);

        }

        //
        // Perform the appropriate triplet combination function for the current
        // iteration
        //
        function sha1_ft(t, b, c, d)
        {
          if(t < 20) return (b & c) | ((~b) & d);
          if(t < 40) return b ^ c ^ d;
          if(t < 60) return (b & c) | (b & d) | (c & d);
          return b ^ c ^ d;
        }

        //
        // Determine the appropriate additive constant for the current iteration
        //
        function sha1_kt(t)
        {
          return (t < 20) ?  1518500249 : (t < 40) ?  1859775393 :
                 (t < 60) ? -1894007588 : -899497514;
        }

        //
        // Add integers, wrapping at 2^32. This uses 16-bit operations internally
        // to work around bugs in some JS interpreters.
        //
        function safe_add(x, y)
        {
          var lsw = (x & 0xFFFF) + (y & 0xFFFF);
          var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
          return (msw << 16) | (lsw & 0xFFFF);
        }

        //
        // Bitwise rotate a 32-bit number to the left.
        //
        function bit_rol(num, cnt)
        {
          return (num << cnt) | (num >>> (32 - cnt));
        }

        return rstr2hex(rstr_sha1(str2rstr_utf8(s))); 
    }-*/;
}

I'm using it in my client side sha generation and it worked well.

回复 原文
~没有更多了~

关于作者

西瑶

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

離殇

文章 0 评论 0

小姐丶请自重

文章 0 评论 0

Aik

文章 0 评论 0

国产ˉ祖宗

文章 0 评论 0

猥琐帝

文章 0 评论 0

半仙

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文