smfmod_hibp

@@ -0,0 +1,11 @@

+# Force our line endings to be LF, even for Windows

+* text=auto

+

+# Set certain files to be binary

+*.png binary

+*.jpg binary

+*.gif binary

+*.tgz binary

+*.zip binary

+*.tar.gz binary

+*.ttf binary

@@ -0,0 +1,211 @@

+<?php

+/**

+ * The Main file for Hibp

+ * @package Hibp

+ * @author SleePy <sleepy @ simplemachines (dot) org>

+ * @copyright 2021

+ * @license 3-Clause BSD https://opensource.org/licenses/BSD-3-Clause

+ * @version 1.0

+ */

+

+/**

+ * Checks the password against the Have-I-Been-Pwned database.

+ *

+ * @param string $password The password to check

+ * @param bool $hashed If the password is hashed already or not.

+ * @return bool The result if found or not.  If null, the check failed.

+ */

+function hibp_password(string $password, bool $hashed = false): ?bool

+{

+	global $smcFunc;

+

+	if (!$hashed)

+		$password = sha1($password);

+	

+	$passhash_prefix = $smcFunc['substr']($password, 0, 5);

+	$passhash_suffix = $smcFunc['substr']($password, 5);

+

+	$call_url = 'https://api.pwnedpasswords.com/range/' . $passhash_prefix;

+

+	/*

+	* SMF's fetch_web_data doesn't support sending headers, so we are limited in our API options

+	* and could build our own to do this, but this works fine.

+	*/

+	$results = fetch_web_data($call_url);

+

+	// Invalid results, just pass them through.

+	if (empty($results))

+		return null;

+

+	// Sure we could make an array of the data, but we just want to see if its found.

+	$found = preg_match(

+		'~\s+' . preg_quote($passhash_suffix) . ':\d+~i',

+		$results

+		);

+

+	// We found a result, its found.

+	if ($found === 1)

+		return true;

+	// No result, return false.

+	elseif ($found === 0)

+		return false;

+

+	// $found returned something invalid, also fail.

+	return null;

+}

+

+/**

+ * Checks the password against the HiBP database.

+ *

+ * @calledby call_integration_hook('integrate_validatePassword', array($password, $username, $restrict_in, &$reg_error));

+ * @param string $password The password to check

+ * @param string $username Currently ignored by this hook.

+ * @param array $restrict_in Currently ignored by this hook.

+ * @param string $pass_error A password error if any.  If this is set, we won't process our hook.

+ * @return void

+ */

+function hibp_validatePassword(string $password, string $username, array $restrict_in, string &$pass_error): void

+{

+	global $modSettings;

+

+	// If another hook has set this, leave it alone.

+	if (!empty($pass_error) || empty($modSettings['enableHibP']))

+		return;

+

+	// Send it to the backend.

+	$res = hibp_password($password);

+

+	// If the result is true, we want to present a error to the prefix of $txt['profile_error_password_*']

+	if ($res === true)

+	{

+		loadLanguage('Hibp');

+		$pass_error = 'hibp';

+	}

+}

+

+/**

+ * When the password field is setup on the registration, send in some javascript.

+ *

+ * @calledby call_integration_hook('integrate_load_custom_profile_fields', array($memID, $area));

+ * @param array $fields User profile fields we are loading.

+ * @return void

+ */

+function hibp_load_custom_profile_fields(int $memID, string $area): void

+{

+	global $modSettings;

+

+	if ($area !== 'register' || empty($modSettings['enableHibPjs']))

+		return;

+

+	// <input type="password" name="passwrd1" id="smf_autov_pwmain" size="50" tabindex="3" class=" invalid_input">

+	hibp_build_javascript('#smf_autov_pwmain', '#smf_autov_pwmain_div');

+}

+	

+

+/**

+ * When the password field is setup on the profile pages, send in some javascript.

+ *

+ * @calledby call_integration_hook('integrate_setup_profile_context', array(&$fields));

+ * @param array $fields User profile fields we are loading.

+ * @return void

+ */

+function hibp_setup_profile_context(array $fields): void

+{

+	global $modSettings;

+

+	// If we are not loading the password field, don't bother.

+	if (!in_array('passwrd1', $fields) || empty($modSettings['enableHibPjs']))

+		return;

+

+	// <input type="password" name="passwrd1" id="passwrd1" size="20" value="">

+	hibp_build_javascript('#passwrd1', '#passwrd1');

+}

+

+function hibp_build_javascript(string $selector, string $errorSelector): void

+{

+	global $txt;

+

+	loadLanguage('Hibp');

+

+	// Add the JS.  From: https://github.com/emn178/js-sha1

+	loadJavaScriptFile('sha1.js');

+

+	/*

+	 *	When the password is ok we use: <span class="main_icons valid"></span>

+	 *	When the password is bad we use: <span class="main_icons error"></span>

+	*/

+	addInlineJavaScript('

+		$(document).ready(function () {

+			$(' . JavaScriptEscape($selector) . ').on("change", function (e){

+				var $hibp_attachSelector = ' . JavaScriptEscape($errorSelector) . '

+				var $passhash = sha1($(this).val());

+				var $passhash_prefix = $passhash.substring(0, 5);

+				var $passhash_suffix = $passhash.substring(5);

+				var $passhash_regx = new RegExp("\\\\s+" + $passhash_suffix + ":\\\\d+", "i");

+				 

+				$.ajax({

+					url: "https://api.pwnedpasswords.com/range/" + $passhash_prefix,

+					type: "GET",

+					dataType: "html",

+					success: function (data, textStatus, xhr) {

+						var $res = $passhash_regx.test(data);

+						

+						// Build the box.

+						if (typeof $hibpBox === "undefined")

+							$hibpBox = $($hibp_attachSelector).parent().append(' . JavaScriptEscape('<div class="errorbox pagesection" style="width: 78%;">' . $txt['profile_error_password_hibp']. '</div>') . ');

+						

+						// It was found.

+						if ($res === true)

+							$($hibpBox).find("div.errorbox").show();

+						else if ($res === false)

+							$($hibpBox).find("div.errorbox").hide();

+					}				

+				});

+			});

+		});

+	');

+	

+	/*

+	<div class="errorbox pagesection" style="width: 78%;">test</div>

+	*/

+}

+

+/**

+ * Adds Hibp options to the mangage registration.

+ * General registration settings and Coppa compliance settings.

+ * Accessed by ?action=admin;area=regcenter;sa=settings.

+ * Requires the admin_forum permission.

+ *

+ * @param bool $return_config Whether or not to return the config_vars array (used for admin search)

+ * @return void|array Returns nothing or returns the $config_vars array if $return_config is true

+ */

+function hibp_general_security_settings(array &$config_vars): void

+{

+	global $txt;

+

+	loadLanguage('Hibp');

+

+	// Find the last password setting.

+	foreach ($config_vars as $id => $val)

+		if (is_array($val) && $val[1] == 'enable_password_conversion' && is_string($config_vars[$id + 1]) && $config_vars[$id + 1] == '')

+			break;

+

+	$varsA = array_slice($config_vars, 0, $id + 1);

+	$varsB = array_slice($config_vars, $id + 1);

+

+	$new_vars = array(

+		'',

+		array('check', 'enableHibP'),

+		array('check', 'enableHibPjs'),

+	);

+

+	$config_vars = array_merge($varsA, $new_vars, $varsB);

+

+	// Saving?

+	if (isset($_GET['save']))

+	{

+		// Can't have one without the other.

+		if (!empty($_POST['enableHibPjs']) && empty($_POST['enableHibP']))

+			$_POST['enableHibP'] = $_POST['enableHibPjs'];

+	}

+}

\ No newline at end of file

@@ -0,0 +1,29 @@

+BSD 3-Clause License

+

+Copyright (c) 2021, SleePy

+All rights reserved.

+

+Redistribution and use in source and binary forms, with or without

+modification, are permitted provided that the following conditions are met:

+

+1. Redistributions of source code must retain the above copyright notice, this

+   list of conditions and the following disclaimer.

+

+2. Redistributions in binary form must reproduce the above copyright notice,

+   this list of conditions and the following disclaimer in the documentation

+   and/or other materials provided with the distribution.

+

+3. Neither the name of the copyright holder nor the names of its

+   contributors may be used to endorse or promote products derived from

+   this software without specific prior written permission.

+

+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE

+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

@@ -0,0 +1,5 @@

+This enables checking passwords against the [Have-I-Been-Pwned](https://haveibeenpwned.com/Passwords) database.  Passwords are only checked on registration and when changed on the profile.

+

+Additionally this can attempt to check the password from the browser using the same API

+

+SMF 2.1.0 or higher only!

\ No newline at end of file

@@ -0,0 +1,6 @@

+<?php

+global $txt;

+

+$txt['profile_error_password_hibp'] = 'Your password has been found in <a href="https://haveibeenpwned.com/Passwords" target="_blank" rel="nofollow">the have i been pwned</a> database.';

+$txt['enableHibP'] = 'Enable Server based Have-I-Been-Pwned Checks';

+$txt['enableHibPjs'] = 'Enable Client based Have-I-Been-Pwned Checks';

@@ -0,0 +1,36 @@

+<?xml version="1.0"?>

+<!DOCTYPE package-info SYSTEM "http://www.simplemachines.org/xml/package-info">

+<package-info xmlns="http://www.simplemachines.org/xml/package-info" xmlns:smf="http://www.simplemachines.org/">

+	<id>SleePy:HibP</id>

+	<name>Have-I-Been-Pwned</name>

+	<version>1.0</version>

+	<type>modification</type>

+

+	<install for="2.1.*">

+		<require-file name="language/Hibp.english.php" destination="$themes_dir/default/languages" />

+		<require-file name="Hibp.php" destination="$sourcedir" />

+

+		<!-- All the hooks -->

+		<hook hook="integrate_validatePassword" function="hibp_validatePassword" file="$sourcedir/Hibp.php" />

+		<hook hook="integrate_setup_profile_context" function="hibp_setup_profile_context" file="$sourcedir/Hibp.php" />

+		<hook hook="integrate_load_custom_profile_fields" function="hibp_validatePassword" file="$sourcedir/Hibp.php" />

+		<hook hook="integrate_general_security_settings" function="hibp_general_security_settings" file="$sourcedir/Hibp.php" />

+

+		<redirect url="$scripturl?action=admin;area=serversettings;sa=security;$session_var=$session_id" />

+	</install>

+

+	<uninstall for="2.1.*">

+		<!-- All the hooks, removed -->

+		<hook reverse="true" hook="integrate_validatePassword" function="hibp_validatePassword" file="$sourcedir/Hibp.php" />

+		<hook reverse="true" hook="integrate_setup_profile_context" function="hibp_setup_profile_context" file="$sourcedir/Hibp.php" />

+		<hook reverse="true" hook="integrate_load_custom_profile_fields" function="hibp_validatePassword" file="$sourcedir/Hibp.php" />

+		<hook reverse="true" hook="integrate_general_security_settings" function="hibp_general_security_settings" file="$sourcedir/Hibp.php" />

+

+		<!-- language files, removed -->

+		<remove-file name="$themes_dir/default/languages/Hibp.english.php" />

+

+		<!-- source files, removed -->

+		<remove-file name="$sourcedir/Hibp.php" />

+	</uninstall>

+

+</package-info>

\ No newline at end of file

@@ -0,0 +1,371 @@

+/*

+ * [js-sha1]{@link https://github.com/emn178/js-sha1}

+ *

+ * @version 0.6.0

+ * @author Chen, Yi-Cyuan [emn178@gmail.com]

+ * @copyright Chen, Yi-Cyuan 2014-2017

+ * @license MIT

+ */

+/*jslint bitwise: true */

+(function() {

+  'use strict';

+

+  var root = typeof window === 'object' ? window : {};

+  var NODE_JS = !root.JS_SHA1_NO_NODE_JS && typeof process === 'object' && process.versions && process.versions.node;

+  if (NODE_JS) {

+    root = global;

+  }

+  var COMMON_JS = !root.JS_SHA1_NO_COMMON_JS && typeof module === 'object' && module.exports;

+  var AMD = typeof define === 'function' && define.amd;

+  var HEX_CHARS = '0123456789abcdef'.split('');

+  var EXTRA = [-2147483648, 8388608, 32768, 128];

+  var SHIFT = [24, 16, 8, 0];

+  var OUTPUT_TYPES = ['hex', 'array', 'digest', 'arrayBuffer'];

+

+  var blocks = [];

+

+  var createOutputMethod = function (outputType) {

+    return function (message) {

+      return new Sha1(true).update(message)[outputType]();

+    };

+  };

+

+  var createMethod = function () {

+    var method = createOutputMethod('hex');

+    if (NODE_JS) {

+      method = nodeWrap(method);

+    }

+    method.create = function () {

+      return new Sha1();

+    };

+    method.update = function (message) {

+      return method.create().update(message);

+    };

+    for (var i = 0; i < OUTPUT_TYPES.length; ++i) {

+      var type = OUTPUT_TYPES[i];

+      method[type] = createOutputMethod(type);

+    }

+    return method;

+  };

+

+  var nodeWrap = function (method) {

+    var crypto = eval("require('crypto')");

+    var Buffer = eval("require('buffer').Buffer");

+    var nodeMethod = function (message) {

+      if (typeof message === 'string') {

+        return crypto.createHash('sha1').update(message, 'utf8').digest('hex');

+      } else if (message.constructor === ArrayBuffer) {

+        message = new Uint8Array(message);

+      } else if (message.length === undefined) {

+        return method(message);

+      }

+      return crypto.createHash('sha1').update(new Buffer(message)).digest('hex');

+    };

+    return nodeMethod;

+  };

+

+  function Sha1(sharedMemory) {

+    if (sharedMemory) {

+      blocks[0] = blocks[16] = blocks[1] = blocks[2] = blocks[3] =

+      blocks[4] = blocks[5] = blocks[6] = blocks[7] =

+      blocks[8] = blocks[9] = blocks[10] = blocks[11] =

+      blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0;

+      this.blocks = blocks;

+    } else {

+      this.blocks = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];

+    }

+

+    this.h0 = 0x67452301;

+    this.h1 = 0xEFCDAB89;

+    this.h2 = 0x98BADCFE;

+    this.h3 = 0x10325476;

+    this.h4 = 0xC3D2E1F0;

+

+    this.block = this.start = this.bytes = this.hBytes = 0;

+    this.finalized = this.hashed = false;

+    this.first = true;

+  }

+

+  Sha1.prototype.update = function (message) {

+    if (this.finalized) {

+      return;

+    }

+    var notString = typeof(message) !== 'string';

+    if (notString && message.constructor === root.ArrayBuffer) {

+      message = new Uint8Array(message);

+    }

+    var code, index = 0, i, length = message.length || 0, blocks = this.blocks;

+

+    while (index < length) {

+      if (this.hashed) {

+        this.hashed = false;

+        blocks[0] = this.block;

+        blocks[16] = blocks[1] = blocks[2] = blocks[3] =

+        blocks[4] = blocks[5] = blocks[6] = blocks[7] =

+        blocks[8] = blocks[9] = blocks[10] = blocks[11] =

+        blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0;

+      }

+

+      if(notString) {

+        for (i = this.start; index < length && i < 64; ++index) {

+          blocks[i >> 2] |= message[index] << SHIFT[i++ & 3];

+        }

+      } else {

+        for (i = this.start; index < length && i < 64; ++index) {

+          code = message.charCodeAt(index);

+          if (code < 0x80) {

+            blocks[i >> 2] |= code << SHIFT[i++ & 3];

+          } else if (code < 0x800) {

+            blocks[i >> 2] |= (0xc0 | (code >> 6)) << SHIFT[i++ & 3];

+            blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3];

+          } else if (code < 0xd800 || code >= 0xe000) {

+            blocks[i >> 2] |= (0xe0 | (code >> 12)) << SHIFT[i++ & 3];

+            blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i++ & 3];

+            blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3];

+          } else {

+            code = 0x10000 + (((code & 0x3ff) << 10) | (message.charCodeAt(++index) & 0x3ff));

+            blocks[i >> 2] |= (0xf0 | (code >> 18)) << SHIFT[i++ & 3];

+            blocks[i >> 2] |= (0x80 | ((code >> 12) & 0x3f)) << SHIFT[i++ & 3];

+            blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i++ & 3];

+            blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3];

+          }

+        }

+      }

+

+      this.lastByteIndex = i;

+      this.bytes += i - this.start;

+      if (i >= 64) {

+        this.block = blocks[16];

+        this.start = i - 64;

+        this.hash();

+        this.hashed = true;

+      } else {

+        this.start = i;

+      }

+    }

+    if (this.bytes > 4294967295) {

+      this.hBytes += this.bytes / 4294967296 << 0;

+      this.bytes = this.bytes % 4294967296;

+    }

+    return this;

+  };

+

+  Sha1.prototype.finalize = function () {

+    if (this.finalized) {

+      return;

+    }

+    this.finalized = true;

+    var blocks = this.blocks, i = this.lastByteIndex;

+    blocks[16] = this.block;

+    blocks[i >> 2] |= EXTRA[i & 3];

+    this.block = blocks[16];

+    if (i >= 56) {

+      if (!this.hashed) {

+        this.hash();

+      }

+      blocks[0] = this.block;

+      blocks[16] = blocks[1] = blocks[2] = blocks[3] =

+      blocks[4] = blocks[5] = blocks[6] = blocks[7] =

+      blocks[8] = blocks[9] = blocks[10] = blocks[11] =

+      blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0;

+    }

+    blocks[14] = this.hBytes << 3 | this.bytes >>> 29;

+    blocks[15] = this.bytes << 3;

+    this.hash();

+  };

+

+  Sha1.prototype.hash = function () {

+    var a = this.h0, b = this.h1, c = this.h2, d = this.h3, e = this.h4;

+    var f, j, t, blocks = this.blocks;

+

+    for(j = 16; j < 80; ++j) {

+      t = blocks[j - 3] ^ blocks[j - 8] ^ blocks[j - 14] ^ blocks[j - 16];

+      blocks[j] =  (t << 1) | (t >>> 31);

+    }

+

+    for(j = 0; j < 20; j += 5) {

+      f = (b & c) | ((~b) & d);

+      t = (a << 5) | (a >>> 27);

+      e = t + f + e + 1518500249 + blocks[j] << 0;

+      b = (b << 30) | (b >>> 2);

+

+      f = (a & b) | ((~a) & c);

+      t = (e << 5) | (e >>> 27);

+      d = t + f + d + 1518500249 + blocks[j + 1] << 0;

+      a = (a << 30) | (a >>> 2);

+

+      f = (e & a) | ((~e) & b);

+      t = (d << 5) | (d >>> 27);

+      c = t + f + c + 1518500249 + blocks[j + 2] << 0;

+      e = (e << 30) | (e >>> 2);

+

+      f = (d & e) | ((~d) & a);

+      t = (c << 5) | (c >>> 27);

+      b = t + f + b + 1518500249 + blocks[j + 3] << 0;

+      d = (d << 30) | (d >>> 2);

+

+      f = (c & d) | ((~c) & e);

+      t = (b << 5) | (b >>> 27);

+      a = t + f + a + 1518500249 + blocks[j + 4] << 0;

+      c = (c << 30) | (c >>> 2);

+    }

+

+    for(; j < 40; j += 5) {

+      f = b ^ c ^ d;

+      t = (a << 5) | (a >>> 27);

+      e = t + f + e + 1859775393 + blocks[j] << 0;

+      b = (b << 30) | (b >>> 2);

+

+      f = a ^ b ^ c;

+      t = (e << 5) | (e >>> 27);

+      d = t + f + d + 1859775393 + blocks[j + 1] << 0;

+      a = (a << 30) | (a >>> 2);

+

+      f = e ^ a ^ b;

+      t = (d << 5) | (d >>> 27);

+      c = t + f + c + 1859775393 + blocks[j + 2] << 0;

+      e = (e << 30) | (e >>> 2);

+

+      f = d ^ e ^ a;

+      t = (c << 5) | (c >>> 27);

+      b = t + f + b + 1859775393 + blocks[j + 3] << 0;

+      d = (d << 30) | (d >>> 2);

+

+      f = c ^ d ^ e;

+      t = (b << 5) | (b >>> 27);

+      a = t + f + a + 1859775393 + blocks[j + 4] << 0;

+      c = (c << 30) | (c >>> 2);

+    }

+

+    for(; j < 60; j += 5) {

+      f = (b & c) | (b & d) | (c & d);

+      t = (a << 5) | (a >>> 27);

+      e = t + f + e - 1894007588 + blocks[j] << 0;

+      b = (b << 30) | (b >>> 2);

+

+      f = (a & b) | (a & c) | (b & c);

+      t = (e << 5) | (e >>> 27);

+      d = t + f + d - 1894007588 + blocks[j + 1] << 0;

+      a = (a << 30) | (a >>> 2);

+

+      f = (e & a) | (e & b) | (a & b);

+      t = (d << 5) | (d >>> 27);

+      c = t + f + c - 1894007588 + blocks[j + 2] << 0;

+      e = (e << 30) | (e >>> 2);

+

+      f = (d & e) | (d & a) | (e & a);

+      t = (c << 5) | (c >>> 27);

+      b = t + f + b - 1894007588 + blocks[j + 3] << 0;

+      d = (d << 30) | (d >>> 2);

+

+      f = (c & d) | (c & e) | (d & e);

+      t = (b << 5) | (b >>> 27);

+      a = t + f + a - 1894007588 + blocks[j + 4] << 0;

+      c = (c << 30) | (c >>> 2);

+    }

+

+    for(; j < 80; j += 5) {

+      f = b ^ c ^ d;

+      t = (a << 5) | (a >>> 27);

+      e = t + f + e - 899497514 + blocks[j] << 0;

+      b = (b << 30) | (b >>> 2);

+

+      f = a ^ b ^ c;

+      t = (e << 5) | (e >>> 27);

+      d = t + f + d - 899497514 + blocks[j + 1] << 0;

+      a = (a << 30) | (a >>> 2);

+

+      f = e ^ a ^ b;

+      t = (d << 5) | (d >>> 27);

+      c = t + f + c - 899497514 + blocks[j + 2] << 0;

+      e = (e << 30) | (e >>> 2);

+

+      f = d ^ e ^ a;

+      t = (c << 5) | (c >>> 27);

+      b = t + f + b - 899497514 + blocks[j + 3] << 0;

+      d = (d << 30) | (d >>> 2);

+

+      f = c ^ d ^ e;

+      t = (b << 5) | (b >>> 27);

+      a = t + f + a - 899497514 + blocks[j + 4] << 0;

+      c = (c << 30) | (c >>> 2);

+    }

+

+    this.h0 = this.h0 + a << 0;

+    this.h1 = this.h1 + b << 0;

+    this.h2 = this.h2 + c << 0;

+    this.h3 = this.h3 + d << 0;

+    this.h4 = this.h4 + e << 0;

+  };

+

+  Sha1.prototype.hex = function () {

+    this.finalize();

+

+    var h0 = this.h0, h1 = this.h1, h2 = this.h2, h3 = this.h3, h4 = this.h4;

+

+    return HEX_CHARS[(h0 >> 28) & 0x0F] + HEX_CHARS[(h0 >> 24) & 0x0F] +

+           HEX_CHARS[(h0 >> 20) & 0x0F] + HEX_CHARS[(h0 >> 16) & 0x0F] +

+           HEX_CHARS[(h0 >> 12) & 0x0F] + HEX_CHARS[(h0 >> 8) & 0x0F] +

+           HEX_CHARS[(h0 >> 4) & 0x0F] + HEX_CHARS[h0 & 0x0F] +

+           HEX_CHARS[(h1 >> 28) & 0x0F] + HEX_CHARS[(h1 >> 24) & 0x0F] +

+           HEX_CHARS[(h1 >> 20) & 0x0F] + HEX_CHARS[(h1 >> 16) & 0x0F] +

+           HEX_CHARS[(h1 >> 12) & 0x0F] + HEX_CHARS[(h1 >> 8) & 0x0F] +

+           HEX_CHARS[(h1 >> 4) & 0x0F] + HEX_CHARS[h1 & 0x0F] +

+           HEX_CHARS[(h2 >> 28) & 0x0F] + HEX_CHARS[(h2 >> 24) & 0x0F] +

+           HEX_CHARS[(h2 >> 20) & 0x0F] + HEX_CHARS[(h2 >> 16) & 0x0F] +

+           HEX_CHARS[(h2 >> 12) & 0x0F] + HEX_CHARS[(h2 >> 8) & 0x0F] +

+           HEX_CHARS[(h2 >> 4) & 0x0F] + HEX_CHARS[h2 & 0x0F] +

+           HEX_CHARS[(h3 >> 28) & 0x0F] + HEX_CHARS[(h3 >> 24) & 0x0F] +

+           HEX_CHARS[(h3 >> 20) & 0x0F] + HEX_CHARS[(h3 >> 16) & 0x0F] +

+           HEX_CHARS[(h3 >> 12) & 0x0F] + HEX_CHARS[(h3 >> 8) & 0x0F] +

+           HEX_CHARS[(h3 >> 4) & 0x0F] + HEX_CHARS[h3 & 0x0F] +

+           HEX_CHARS[(h4 >> 28) & 0x0F] + HEX_CHARS[(h4 >> 24) & 0x0F] +

+           HEX_CHARS[(h4 >> 20) & 0x0F] + HEX_CHARS[(h4 >> 16) & 0x0F] +

+           HEX_CHARS[(h4 >> 12) & 0x0F] + HEX_CHARS[(h4 >> 8) & 0x0F] +

+           HEX_CHARS[(h4 >> 4) & 0x0F] + HEX_CHARS[h4 & 0x0F];

+  };

+

+  Sha1.prototype.toString = Sha1.prototype.hex;

+

+  Sha1.prototype.digest = function () {

+    this.finalize();

+

+    var h0 = this.h0, h1 = this.h1, h2 = this.h2, h3 = this.h3, h4 = this.h4;

+

+    return [

+      (h0 >> 24) & 0xFF, (h0 >> 16) & 0xFF, (h0 >> 8) & 0xFF, h0 & 0xFF,

+      (h1 >> 24) & 0xFF, (h1 >> 16) & 0xFF, (h1 >> 8) & 0xFF, h1 & 0xFF,

+      (h2 >> 24) & 0xFF, (h2 >> 16) & 0xFF, (h2 >> 8) & 0xFF, h2 & 0xFF,

+      (h3 >> 24) & 0xFF, (h3 >> 16) & 0xFF, (h3 >> 8) & 0xFF, h3 & 0xFF,

+      (h4 >> 24) & 0xFF, (h4 >> 16) & 0xFF, (h4 >> 8) & 0xFF, h4 & 0xFF

+    ];

+  };

+

+  Sha1.prototype.array = Sha1.prototype.digest;

+

+  Sha1.prototype.arrayBuffer = function () {

+    this.finalize();

+

+    var buffer = new ArrayBuffer(20);

+    var dataView = new DataView(buffer);

+    dataView.setUint32(0, this.h0);

+    dataView.setUint32(4, this.h1);

+    dataView.setUint32(8, this.h2);

+    dataView.setUint32(12, this.h3);

+    dataView.setUint32(16, this.h4);

+    return buffer;

+  };

+

+  var exports = createMethod();

+

+  if (COMMON_JS) {

+    module.exports = exports;

+  } else {

+    root.sha1 = exports;

+    if (AMD) {

+      define(function () {

+        return exports;

+      });

+    }

+  }

+})();

\ No newline at end of file