4 * An ActionScript 3 implementation of the RSA Data Security, Inc MD2 Message
\r
5 * Digest Algorithm, as defined in RFC 1319
\r
6 * Copyright (c) 2007 Henri Torgemane
\r
8 * See LICENSE.txt for full license information.
\r
10 * Excerpt from http://en.wikipedia.org/wiki/MD2:
\r
12 * > Rogier and Chauvaud (1997) described collisions of MD2's compression function,
\r
13 * > although they were unable to extend the attack to the full MD2.
\r
15 * > In 2004, MD2 was shown to be vulnerable to a preimage attack with time
\r
16 * > complexity equivalent to 2104 applications of the compression function
\r
17 * > (Muller, 2004).
\r
18 * > The author concludes, "MD2 can no longer be considered a secure one-way
\r
21 * also, this implementaton is quite slow.
\r
24 package com.hurlant.crypto.hash
\r
26 import flash.utils.ByteArray;
\r
28 public class MD2 implements IHash
\r
30 public static const HASH_SIZE:int = 16;
\r
31 public var pad_size:int = 48; // probably will never get used, only here for SSL 3.0 support
\r
33 private static const S:Array = [ // PI Digits
\r
34 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, 19,
\r
35 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, 76, 130, 202,
\r
36 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, 138, 23, 229, 18,
\r
37 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, 245, 142, 187, 47, 238, 122,
\r
38 169, 104, 121, 145, 21, 178, 7, 63, 148, 194, 16, 137, 11, 34, 95, 33,
\r
39 128, 127, 93, 154, 90, 144, 50, 39, 53, 62, 204, 231, 191, 247, 151, 3,
\r
40 255, 25, 48, 179, 72, 165, 181, 209, 215, 94, 146, 42, 172, 86, 170, 198,
\r
41 79, 184, 56, 210, 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241,
\r
42 69, 157, 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2,
\r
43 27, 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
\r
44 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, 234, 38,
\r
45 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, 129, 77, 82,
\r
46 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, 8, 12, 189, 177, 74,
\r
47 120, 136, 149, 139, 227, 99, 232, 109, 233, 203, 213, 254, 59, 0, 29, 57,
\r
48 242, 239, 183, 14, 102, 88, 208, 228, 166, 119, 114, 248, 235, 117, 75, 10,
\r
49 49, 68, 80, 180, 143, 237, 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 ];
\r
52 public function MD2() { }
\r
54 public function getInputSize():uint
\r
59 public function getPadSize():int {
\r
63 public function getHashSize():uint
\r
68 public function hash(src:ByteArray):ByteArray
\r
70 var savedLength:uint = src.length;
\r
72 // 3.1 Step 1. Padding
\r
73 var i:uint = (16-src.length%16) || 16;
\r
76 } while (src.length%16!=0);
\r
78 // 3.2 Step 2. Checksum
\r
79 var len:uint = src.length;
\r
80 var checksum:ByteArray = new ByteArray;
\r
82 for (i = 0;i<len;i+=16) {
\r
83 for (var j:uint=0;j<16;j++) {
\r
84 L = checksum[j] ^= S[src[i+j] ^ L];
\r
87 src.position = src.length;
\r
88 src.writeBytes(checksum);
\r
91 // 3.3 Step 3. MD Buffer
\r
92 var X:ByteArray = new ByteArray;
\r
94 // 3.4 Process Message
\r
95 for (i=0;i<len;i+=16) {
\r
97 /* Copy block i into X */
\r
98 for (j=0;j<16;j++) {
\r
99 X[32+j] = (X[16+j] = src[i+j])^X[j];
\r
103 for (j=0;j<18;j++) {
\r
105 for (var k:uint=0;k<48;k++) {
\r
106 X[k] = t = X[k]^S[t];
\r
111 // 3.5 Step 5. Output
\r
113 // restore original length;
\r
114 src.length = savedLength;
\r
118 public function toString():String
\r