US Secure Hash Algorithms (SHA and HMAC-SHA)
RFC 4634
| Document | Type |
RFC - Informational
(August 2006; Errata)
Obsoleted by RFC 6234
Updates RFC 3174
Was draft-eastlake-sha2 (individual in sec area)
|
|
|---|---|---|---|
| Last updated | 2018-12-20 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4634 (Informational) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Russ Housley | ||
| Send notices to | (None) | ||
Network Working Group D. Eastlake 3rd
Request for Comments: 4634 Motorola Labs
Updates: 3174 T. Hansen
Category: Informational AT&T Labs
July 2006
US Secure Hash Algorithms (SHA and HMAC-SHA)
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
The United States of America has adopted a suite of Secure Hash
Algorithms (SHAs), including four beyond SHA-1, as part of a Federal
Information Processing Standard (FIPS), specifically SHA-224 (RFC
3874), SHA-256, SHA-384, and SHA-512. The purpose of this document
is to make source code performing these hash functions conveniently
available to the Internet community. The sample code supports input
strings of arbitrary bit length. SHA-1's sample code from RFC 3174
has also been updated to handle input strings of arbitrary bit
length. Most of the text herein was adapted by the authors from FIPS
180-2.
Code to perform SHA-based HMACs, with arbitrary bit length text, is
also included.
Eastlake 3rd & Hansen Informational [Page 1]
RFC 4634 SHAs and HMAC-SHAs July 2006
Table of Contents
1. Overview of Contents ............................................3
1.1. License ....................................................4
2. Notation for Bit Strings and Integers ...........................4
3. Operations on Words .............................................5
4. Message Padding and Parsing .....................................6
4.1. SHA-224 and SHA-256 ........................................7
4.2. SHA-384 and SHA-512 ........................................8
5. Functions and Constants Used ....................................9
5.1. SHA-224 and SHA-256 ........................................9
5.2. SHA-384 and SHA-512 .......................................10
6. Computing the Message Digest ...................................11
6.1. SHA-224 and SHA-256 Initialization ........................11
6.2. SHA-224 and SHA-256 Processing ............................11
6.3. SHA-384 and SHA-512 Initialization ........................13
6.4. SHA-384 and SHA-512 Processing ............................14
7. SHA-Based HMACs ................................................15
8. C Code for SHAs ................................................15
8.1. The .h File ...............................................18
8.2. The SHA Code ..............................................24
8.2.1. sha1.c .............................................24
8.2.2. sha224-256.c .......................................33
8.2.3. sha384-512.c .......................................45
8.2.4. usha.c .............................................67
8.2.5. sha-private.h ......................................72
8.3. The HMAC Code .............................................73
8.4. The Test Driver ...........................................78
9. Security Considerations .......................................106
10. Normative References .........................................106
11. Informative References .......................................106
Eastlake 3rd & Hansen Informational [Page 2]
RFC 4634 SHAs and HMAC-SHAs July 2006
1. Overview of Contents
NOTE: Much of the text below is taken from [FIPS180-2] and assertions
therein of the security of the algorithms described are made by the
US Government, the author of [FIPS180-2], and not by the authors of
this document.
The text below specifies Secure Hash Algorithms, SHA-224 [RFC3874],
SHA-256, SHA-384, and SHA-512, for computing a condensed
representation of a message or a data file. (SHA-1 is specified in
[RFC3174].) When a message of any length < 2^64 bits (for SHA-224
and SHA-256) or < 2^128 bits (for SHA-384 and SHA-512) is input to
one of these algorithms, the result is an output called a message
digest. The message digests range in length from 224 to 512 bits,
depending on the algorithm. Secure hash algorithms are typically
used with other cryptographic algorithms, such as digital signature
algorithms and keyed hash authentication codes, or in the generation
of random numbers [RFC4086].
The four algorithms specified in this document are called secure
because it is computationally infeasible to (1) find a message that
Show full document text