US Secure Hash Algorithms (SHA and HMAC-SHA)
RFC 4634
Document | Type |
RFC - Informational
(August 2006; Errata)
Obsoleted by RFC 6234
Updates RFC 3174
Was draft-eastlake-sha2 (individual in sec area)
|
|
---|---|---|---|
Authors | Tony Hansen , Donald Eastlake | ||
Last updated | 2018-12-20 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4634 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group D. Eastlake 3rd Request for Comments: 4634 Motorola Labs Updates: 3174 T. Hansen Category: Informational AT&T Labs July 2006 US Secure Hash Algorithms (SHA and HMAC-SHA) Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract The United States of America has adopted a suite of Secure Hash Algorithms (SHAs), including four beyond SHA-1, as part of a Federal Information Processing Standard (FIPS), specifically SHA-224 (RFC 3874), SHA-256, SHA-384, and SHA-512. The purpose of this document is to make source code performing these hash functions conveniently available to the Internet community. The sample code supports input strings of arbitrary bit length. SHA-1's sample code from RFC 3174 has also been updated to handle input strings of arbitrary bit length. Most of the text herein was adapted by the authors from FIPS 180-2. Code to perform SHA-based HMACs, with arbitrary bit length text, is also included. Eastlake 3rd & Hansen Informational [Page 1] RFC 4634 SHAs and HMAC-SHAs July 2006 Table of Contents 1. Overview of Contents ............................................3 1.1. License ....................................................4 2. Notation for Bit Strings and Integers ...........................4 3. Operations on Words .............................................5 4. Message Padding and Parsing .....................................6 4.1. SHA-224 and SHA-256 ........................................7 4.2. SHA-384 and SHA-512 ........................................8 5. Functions and Constants Used ....................................9 5.1. SHA-224 and SHA-256 ........................................9 5.2. SHA-384 and SHA-512 .......................................10 6. Computing the Message Digest ...................................11 6.1. SHA-224 and SHA-256 Initialization ........................11 6.2. SHA-224 and SHA-256 Processing ............................11 6.3. SHA-384 and SHA-512 Initialization ........................13 6.4. SHA-384 and SHA-512 Processing ............................14 7. SHA-Based HMACs ................................................15 8. C Code for SHAs ................................................15 8.1. The .h File ...............................................18 8.2. The SHA Code ..............................................24 8.2.1. sha1.c .............................................24 8.2.2. sha224-256.c .......................................33 8.2.3. sha384-512.c .......................................45 8.2.4. usha.c .............................................67 8.2.5. sha-private.h ......................................72 8.3. The HMAC Code .............................................73 8.4. The Test Driver ...........................................78 9. Security Considerations .......................................106 10. Normative References .........................................106 11. Informative References .......................................106 Eastlake 3rd & Hansen Informational [Page 2] RFC 4634 SHAs and HMAC-SHAs July 2006 1. Overview of Contents NOTE: Much of the text below is taken from [FIPS180-2] and assertions therein of the security of the algorithms described are made by the US Government, the author of [FIPS180-2], and not by the authors of this document. The text below specifies Secure Hash Algorithms, SHA-224 [RFC3874], SHA-256, SHA-384, and SHA-512, for computing a condensed representation of a message or a data file. (SHA-1 is specified in [RFC3174].) When a message of any length < 2^64 bits (for SHA-224 and SHA-256) or < 2^128 bits (for SHA-384 and SHA-512) is input to one of these algorithms, the result is an output called a message digest. The message digests range in length from 224 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed hash authentication codes, or in the generation of random numbers [RFC4086]. The four algorithms specified in this document are called secure because it is computationally infeasible to (1) find a message thatShow full document text